1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2025 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct cfg80211_registered_device * rdev,struct net * netns,struct nlattr ** attrs)67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69 {
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 for_each_rdev(rdev) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137 }
138
139 static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net * netns,struct nlattr ** attrs)140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141 {
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163 /* make sure wdev exists */
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191 /* not wireless device -- return error */
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195 /* mismatch -- return error */
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210 }
211
212 /*
213 * This function returns a pointer to the driver
214 * that the genl_info item that is passed refers to.
215 *
216 * The result of this can be a PTR_ERR and hence must
217 * be checked with IS_ERR() for errors.
218 */
219 static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net * netns,struct genl_info * info)220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221 {
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223 }
224
validate_beacon_head(const struct nlattr * attr,struct netlink_ext_ack * extack)225 static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227 {
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 const struct ieee80211_ext *ext;
233 unsigned int fixedlen, hdrlen;
234 bool s1g_bcn;
235
236 if (len < offsetofend(typeof(*mgmt), frame_control))
237 goto err;
238
239 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
240 if (s1g_bcn) {
241 ext = (struct ieee80211_ext *)mgmt;
242 fixedlen =
243 offsetof(struct ieee80211_ext, u.s1g_beacon.variable) +
244 ieee80211_s1g_optional_len(ext->frame_control);
245 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
246 } else {
247 fixedlen = offsetof(struct ieee80211_mgmt,
248 u.beacon.variable);
249 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
250 }
251
252 if (len < fixedlen)
253 goto err;
254
255 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
256 goto err;
257
258 data += fixedlen;
259 len -= fixedlen;
260
261 for_each_element(elem, data, len) {
262 /* nothing */
263 }
264
265 if (for_each_element_completed(elem, data, len))
266 return 0;
267
268 err:
269 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
270 return -EINVAL;
271 }
272
validate_ie_attr(const struct nlattr * attr,struct netlink_ext_ack * extack)273 static int validate_ie_attr(const struct nlattr *attr,
274 struct netlink_ext_ack *extack)
275 {
276 const u8 *data = nla_data(attr);
277 unsigned int len = nla_len(attr);
278 const struct element *elem;
279
280 for_each_element(elem, data, len) {
281 /* nothing */
282 }
283
284 if (for_each_element_completed(elem, data, len))
285 return 0;
286
287 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
288 return -EINVAL;
289 }
290
validate_he_capa(const struct nlattr * attr,struct netlink_ext_ack * extack)291 static int validate_he_capa(const struct nlattr *attr,
292 struct netlink_ext_ack *extack)
293 {
294 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
295 return -EINVAL;
296
297 return 0;
298 }
299
validate_supported_selectors(const struct nlattr * attr,struct netlink_ext_ack * extack)300 static int validate_supported_selectors(const struct nlattr *attr,
301 struct netlink_ext_ack *extack)
302 {
303 const u8 *supported_selectors = nla_data(attr);
304 u8 supported_selectors_len = nla_len(attr);
305
306 /* The top bit must not be set as it is not part of the selector */
307 for (int i = 0; i < supported_selectors_len; i++) {
308 if (supported_selectors[i] & 0x80)
309 return -EINVAL;
310 }
311
312 return 0;
313 }
314
315 /* policy for the attributes */
316 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
317
318 static const struct nla_policy
319 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
320 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
321 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
322 .len = U8_MAX },
323 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
324 .len = U8_MAX },
325 };
326
327 static const struct nla_policy
328 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
329 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
330 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
331 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
332 NLA_POLICY_MAX(NLA_U8, 15),
333 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
334 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
335 NLA_POLICY_MAX(NLA_U8, 15),
336 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 },
337 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
338 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
339 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
340 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
341 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
342 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
343 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
344 };
345
346 static const struct nla_policy
347 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
348 [NL80211_PMSR_TYPE_FTM] =
349 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
350 };
351
352 static const struct nla_policy
353 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
354 [NL80211_PMSR_REQ_ATTR_DATA] =
355 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
356 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
357 };
358
359 static const struct nla_policy
360 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
361 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
362 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
363 [NL80211_PMSR_PEER_ATTR_REQ] =
364 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
365 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
366 };
367
368 static const struct nla_policy
369 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
370 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
371 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
372 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
373 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
374 [NL80211_PMSR_ATTR_PEERS] =
375 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
376 };
377
378 static const struct nla_policy
379 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
380 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
381 NLA_POLICY_RANGE(NLA_U8, 1, 20),
382 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
383 NLA_POLICY_RANGE(NLA_U8, 1, 20),
384 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
385 NLA_POLICY_RANGE(NLA_U8, 1, 20),
386 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
387 NLA_POLICY_EXACT_LEN(8),
388 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
389 NLA_POLICY_EXACT_LEN(8),
390 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
391 };
392
393 static const struct nla_policy
394 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
395 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
396 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
397 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
398 };
399
400 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
401 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
402 .len = NL80211_MAX_SUPP_RATES },
403 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
404 .len = NL80211_MAX_SUPP_HT_RATES },
405 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
406 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
407 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
408 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
409 NL80211_RATE_INFO_HE_GI_0_8,
410 NL80211_RATE_INFO_HE_GI_3_2),
411 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
412 NL80211_RATE_INFO_HE_1XLTF,
413 NL80211_RATE_INFO_HE_4XLTF),
414 };
415
416 static const struct nla_policy
417 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
418 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
419 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
420 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
421 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
422 [NL80211_TID_CONFIG_ATTR_NOACK] =
423 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
424 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
425 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
426 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
427 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
428 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
429 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
430 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
431 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
432 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
433 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
434 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
435 NLA_POLICY_NESTED(nl80211_txattr_policy),
436 };
437
438 static const struct nla_policy
439 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
440 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
441 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
442 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
443 NLA_POLICY_RANGE(NLA_BINARY,
444 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
445 IEEE80211_MAX_DATA_LEN),
446 };
447
448 static const struct nla_policy
449 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
450 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
451 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
452 .len = IEEE80211_MAX_DATA_LEN }
453 };
454
455 static const struct nla_policy
456 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
457 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
458 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
459 };
460
461 static const struct nla_policy
462 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
463 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
464 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
465 };
466
467 static const struct nla_policy
468 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
469 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
470 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
471 NLA_POLICY_MIN(NLA_U8, 1),
472 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
473 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
474 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
475 [NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID] =
476 NLA_POLICY_MAX(NLA_U8, IEEE80211_MLD_MAX_NUM_LINKS),
477 };
478
479 static const struct nla_policy
480 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
481 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
482 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
483 };
484
485 static const struct nla_policy
486 nl80211_s1g_short_beacon[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1] = {
487 [NL80211_S1G_SHORT_BEACON_ATTR_HEAD] =
488 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
489 IEEE80211_MAX_DATA_LEN),
490 [NL80211_S1G_SHORT_BEACON_ATTR_TAIL] =
491 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
492 IEEE80211_MAX_DATA_LEN),
493 };
494
495 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
496 .min = 0,
497 .max = 0xffff,
498 };
499
500 static const struct netlink_range_validation q_range = {
501 .max = INT_MAX,
502 };
503
504 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
505 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
506 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
507 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
508 .len = 20-1 },
509 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
510
511 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
512 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
513 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
514 NL80211_EDMG_CHANNELS_MIN,
515 NL80211_EDMG_CHANNELS_MAX),
516 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
517 NL80211_EDMG_BW_CONFIG_MIN,
518 NL80211_EDMG_BW_CONFIG_MAX),
519
520 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
521 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
522 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
523 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
524
525 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
526 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
527 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
528 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
529 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
530 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
531
532 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
533 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
534 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
535
536 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
537 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
538
539 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
540 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
541 .len = WLAN_MAX_KEY_LEN },
542 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
543 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
544 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
545 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
546 [NL80211_ATTR_KEY_TYPE] =
547 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
548
549 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
550 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
551 [NL80211_ATTR_BEACON_HEAD] =
552 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
553 IEEE80211_MAX_DATA_LEN),
554 [NL80211_ATTR_BEACON_TAIL] =
555 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
556 IEEE80211_MAX_DATA_LEN),
557 [NL80211_ATTR_STA_AID] =
558 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
559 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
560 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
561 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
562 .len = NL80211_MAX_SUPP_RATES },
563 [NL80211_ATTR_STA_PLINK_ACTION] =
564 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
565 [NL80211_ATTR_STA_TX_POWER_SETTING] =
566 NLA_POLICY_RANGE(NLA_U8,
567 NL80211_TX_POWER_AUTOMATIC,
568 NL80211_TX_POWER_FIXED),
569 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
570 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
571 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
572 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
573 .len = IEEE80211_MAX_MESH_ID_LEN },
574 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
575
576 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
577 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
578 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
579
580 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
581 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
582 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
583 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
584 .len = NL80211_MAX_SUPP_RATES },
585 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
586
587 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
588 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
589
590 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
591
592 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
593 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
594 validate_ie_attr,
595 IEEE80211_MAX_DATA_LEN),
596 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
597 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
598
599 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
600 .len = IEEE80211_MAX_SSID_LEN },
601 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
602 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
603 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
604 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
605 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
606 NL80211_MFP_NO,
607 NL80211_MFP_OPTIONAL),
608 [NL80211_ATTR_STA_FLAGS2] =
609 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
610 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
611 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
612 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
613 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
614 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
615 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
616 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
617 [NL80211_ATTR_WPA_VERSIONS] =
618 NLA_POLICY_RANGE(NLA_U32, 0,
619 NL80211_WPA_VERSION_1 |
620 NL80211_WPA_VERSION_2 |
621 NL80211_WPA_VERSION_3),
622 [NL80211_ATTR_PID] = { .type = NLA_U32 },
623 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
624 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
625 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
626 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
627 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
628 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
629 .len = IEEE80211_MAX_DATA_LEN },
630 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
631 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
632 NL80211_PS_DISABLED,
633 NL80211_PS_ENABLED),
634 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
635 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
636 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
637 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
638 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
639 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
640 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
641 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
642 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
643 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
644 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
645 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
646 [NL80211_ATTR_STA_PLINK_STATE] =
647 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
648 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
649 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
650 [NL80211_ATTR_MESH_PEER_AID] =
651 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
652 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
653 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
654 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
655 [NL80211_ATTR_HIDDEN_SSID] =
656 NLA_POLICY_RANGE(NLA_U32,
657 NL80211_HIDDEN_SSID_NOT_IN_USE,
658 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
659 [NL80211_ATTR_IE_PROBE_RESP] =
660 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
661 IEEE80211_MAX_DATA_LEN),
662 [NL80211_ATTR_IE_ASSOC_RESP] =
663 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
664 IEEE80211_MAX_DATA_LEN),
665 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
666 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
667 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
668 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
669 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
670 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
671 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
672 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
673 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
674 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
675 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
676 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
677 .len = IEEE80211_MAX_DATA_LEN },
678 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
679 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
680 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
681 .len = NL80211_HT_CAPABILITY_LEN
682 },
683 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
684 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
685 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
686 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
687 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
688
689 /* need to include at least Auth Transaction and Status Code */
690 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
691
692 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
693 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
694 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
695 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
696 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
697 NLA_POLICY_RANGE(NLA_U32,
698 NL80211_MESH_POWER_UNKNOWN + 1,
699 NL80211_MESH_POWER_MAX),
700 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
701 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
702 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
703 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
704 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
705 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
706 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
707 .len = NL80211_VHT_CAPABILITY_LEN,
708 },
709 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
710 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
711 .len = IEEE80211_MAX_DATA_LEN },
712 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
713 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
714 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
715 [NL80211_ATTR_PEER_AID] =
716 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
717 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
718 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
719 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
720 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
721 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
722 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
723 /*
724 * The value of the Length field of the Supported Operating
725 * Classes element is between 2 and 253.
726 */
727 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
728 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
729 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
730 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
731 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
732 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
733 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
734 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
735 IEEE80211_QOS_MAP_LEN_MIN,
736 IEEE80211_QOS_MAP_LEN_MAX),
737 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
738 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
739 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
740 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
741 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
742 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
743 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
744 [NL80211_ATTR_USER_PRIO] =
745 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
746 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
747 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
748 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
749 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
750 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
751 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
752 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
753 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
754 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
755 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
756 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
757 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
758 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
759 .len = VHT_MUMIMO_GROUPS_DATA_LEN
760 },
761 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
762 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
763 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
764 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
765 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
766 .len = FILS_MAX_KEK_LEN },
767 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
768 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
769 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
770 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
771 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
772 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
773 },
774 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
775 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
776 .len = FILS_ERP_MAX_USERNAME_LEN },
777 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
778 .len = FILS_ERP_MAX_REALM_LEN },
779 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
780 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
781 .len = FILS_ERP_MAX_RRK_LEN },
782 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
783 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
784 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
785 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
786 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
787
788 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
789 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
790 [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
791 [NL80211_ATTR_HE_CAPABILITY] =
792 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
793 NL80211_HE_MAX_CAPABILITY_LEN),
794 [NL80211_ATTR_FTM_RESPONDER] =
795 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
796 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
797 [NL80211_ATTR_PEER_MEASUREMENTS] =
798 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
799 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
800 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
801 .len = SAE_PASSWORD_MAX_LEN },
802 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
803 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
804 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
805 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
806 [NL80211_ATTR_TID_CONFIG] =
807 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
808 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
809 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
810 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
811 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
812 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
813 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
814 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
815 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
816 [NL80211_ATTR_FILS_DISCOVERY] =
817 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
818 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
819 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
820 [NL80211_ATTR_S1G_CAPABILITY] =
821 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
822 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
823 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
824 [NL80211_ATTR_SAE_PWE] =
825 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
826 NL80211_SAE_PWE_BOTH),
827 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
828 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
829 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
830 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
831 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
832 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
833 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
834 [NL80211_ATTR_MBSSID_CONFIG] =
835 NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
836 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
837 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
838 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
839 [NL80211_ATTR_EHT_CAPABILITY] =
840 NLA_POLICY_RANGE(NLA_BINARY,
841 NL80211_EHT_MIN_CAPABILITY_LEN,
842 NL80211_EHT_MAX_CAPABILITY_LEN),
843 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
844 [NL80211_ATTR_MLO_LINKS] =
845 NLA_POLICY_NESTED_ARRAY(nl80211_policy),
846 [NL80211_ATTR_MLO_LINK_ID] =
847 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS - 1),
848 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
849 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
850 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
851 [NL80211_ATTR_EML_CAPABILITY] = { .type = NLA_U16 },
852 [NL80211_ATTR_PUNCT_BITMAP] =
853 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
854
855 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
856 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
857 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
858 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
859 [NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
860 [NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
861 [NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
862 [NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
863 [NL80211_ATTR_VIF_RADIO_MASK] = { .type = NLA_U32 },
864 [NL80211_ATTR_SUPPORTED_SELECTORS] =
865 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_supported_selectors,
866 NL80211_MAX_SUPP_SELECTORS),
867 [NL80211_ATTR_MLO_RECONF_REM_LINKS] = { .type = NLA_U16 },
868 [NL80211_ATTR_EPCS] = { .type = NLA_FLAG },
869 [NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS] = { .type = NLA_U16 },
870 [NL80211_ATTR_WIPHY_RADIO_INDEX] = { .type = NLA_U8 },
871 [NL80211_ATTR_S1G_LONG_BEACON_PERIOD] = NLA_POLICY_MIN(NLA_U8, 2),
872 [NL80211_ATTR_S1G_SHORT_BEACON] =
873 NLA_POLICY_NESTED(nl80211_s1g_short_beacon),
874 };
875
876 /* policy for the key attributes */
877 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
878 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
879 [NL80211_KEY_IDX] = { .type = NLA_U8 },
880 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
881 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
882 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
883 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
884 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
885 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
886 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
887 };
888
889 /* policy for the key default flags */
890 static const struct nla_policy
891 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
892 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
893 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
894 };
895
896 #ifdef CONFIG_PM
897 /* policy for WoWLAN attributes */
898 static const struct nla_policy
899 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
900 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
901 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
902 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
903 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
904 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
905 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
906 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
907 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
908 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
909 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
910 };
911
912 static const struct nla_policy
913 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
914 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
915 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
916 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
917 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
918 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
919 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
920 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
921 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
922 },
923 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
924 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
925 },
926 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
927 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
928 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
929 };
930 #endif /* CONFIG_PM */
931
932 /* policy for coalesce rule attributes */
933 static const struct nla_policy
934 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
935 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
936 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
937 NLA_POLICY_RANGE(NLA_U32,
938 NL80211_COALESCE_CONDITION_MATCH,
939 NL80211_COALESCE_CONDITION_NO_MATCH),
940 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
941 };
942
943 /* policy for GTK rekey offload attributes */
944 static const struct nla_policy
945 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
946 [NL80211_REKEY_DATA_KEK] = {
947 .type = NLA_BINARY,
948 .len = NL80211_KEK_EXT_LEN
949 },
950 [NL80211_REKEY_DATA_KCK] = {
951 .type = NLA_BINARY,
952 .len = NL80211_KCK_EXT_LEN_32
953 },
954 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
955 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
956 };
957
958 static const struct nla_policy
959 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
960 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
961 .len = IEEE80211_MAX_SSID_LEN },
962 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
963 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
964 };
965
966 static const struct nla_policy
967 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
968 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
969 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
970 };
971
972 static const struct nla_policy
973 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
974 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
975 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
976 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
977 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
978 },
979 };
980
981 /* policy for NAN function attributes */
982 static const struct nla_policy
983 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
984 [NL80211_NAN_FUNC_TYPE] =
985 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
986 [NL80211_NAN_FUNC_SERVICE_ID] = {
987 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
988 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
989 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
990 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
991 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
992 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
993 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
994 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
995 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
996 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
997 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
998 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
999 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
1000 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
1001 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
1002 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
1003 };
1004
1005 /* policy for Service Response Filter attributes */
1006 static const struct nla_policy
1007 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
1008 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
1009 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
1010 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
1011 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
1012 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
1013 };
1014
1015 /* policy for packet pattern attributes */
1016 static const struct nla_policy
1017 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
1018 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
1019 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
1020 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
1021 };
1022
nl80211_prepare_wdev_dump(struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev,struct nlattr ** attrbuf)1023 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
1024 struct cfg80211_registered_device **rdev,
1025 struct wireless_dev **wdev,
1026 struct nlattr **attrbuf)
1027 {
1028 int err;
1029
1030 if (!cb->args[0]) {
1031 struct nlattr **attrbuf_free = NULL;
1032
1033 if (!attrbuf) {
1034 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
1035 GFP_KERNEL);
1036 if (!attrbuf)
1037 return -ENOMEM;
1038 attrbuf_free = attrbuf;
1039 }
1040
1041 err = nlmsg_parse_deprecated(cb->nlh,
1042 GENL_HDRLEN + nl80211_fam.hdrsize,
1043 attrbuf, nl80211_fam.maxattr,
1044 nl80211_policy, NULL);
1045 if (err) {
1046 kfree(attrbuf_free);
1047 return err;
1048 }
1049
1050 rtnl_lock();
1051 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1052 attrbuf);
1053 kfree(attrbuf_free);
1054 if (IS_ERR(*wdev)) {
1055 rtnl_unlock();
1056 return PTR_ERR(*wdev);
1057 }
1058 *rdev = wiphy_to_rdev((*wdev)->wiphy);
1059 mutex_lock(&(*rdev)->wiphy.mtx);
1060 rtnl_unlock();
1061 /* 0 is the first index - add 1 to parse only once */
1062 cb->args[0] = (*rdev)->wiphy_idx + 1;
1063 cb->args[1] = (*wdev)->identifier;
1064 } else {
1065 /* subtract the 1 again here */
1066 struct wiphy *wiphy;
1067 struct wireless_dev *tmp;
1068
1069 rtnl_lock();
1070 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1071 if (!wiphy) {
1072 rtnl_unlock();
1073 return -ENODEV;
1074 }
1075 *rdev = wiphy_to_rdev(wiphy);
1076 *wdev = NULL;
1077
1078 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1079 if (tmp->identifier == cb->args[1]) {
1080 *wdev = tmp;
1081 break;
1082 }
1083 }
1084
1085 if (!*wdev) {
1086 rtnl_unlock();
1087 return -ENODEV;
1088 }
1089 mutex_lock(&(*rdev)->wiphy.mtx);
1090 rtnl_unlock();
1091 }
1092
1093 return 0;
1094 }
1095
1096 /* message building helper */
nl80211hdr_put(struct sk_buff * skb,u32 portid,u32 seq,int flags,u8 cmd)1097 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1098 int flags, u8 cmd)
1099 {
1100 /* since there is no private header just add the generic one */
1101 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1102 }
1103
nl80211_msg_put_wmm_rules(struct sk_buff * msg,const struct ieee80211_reg_rule * rule)1104 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1105 const struct ieee80211_reg_rule *rule)
1106 {
1107 int j;
1108 struct nlattr *nl_wmm_rules =
1109 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1110
1111 if (!nl_wmm_rules)
1112 goto nla_put_failure;
1113
1114 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1115 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1116
1117 if (!nl_wmm_rule)
1118 goto nla_put_failure;
1119
1120 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1121 rule->wmm_rule.client[j].cw_min) ||
1122 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1123 rule->wmm_rule.client[j].cw_max) ||
1124 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1125 rule->wmm_rule.client[j].aifsn) ||
1126 nla_put_u16(msg, NL80211_WMMR_TXOP,
1127 rule->wmm_rule.client[j].cot))
1128 goto nla_put_failure;
1129
1130 nla_nest_end(msg, nl_wmm_rule);
1131 }
1132 nla_nest_end(msg, nl_wmm_rules);
1133
1134 return 0;
1135
1136 nla_put_failure:
1137 return -ENOBUFS;
1138 }
1139
nl80211_msg_put_channel(struct sk_buff * msg,struct wiphy * wiphy,struct ieee80211_channel * chan,bool large)1140 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1141 struct ieee80211_channel *chan,
1142 bool large)
1143 {
1144 /* Some channels must be completely excluded from the
1145 * list to protect old user-space tools from breaking
1146 */
1147 if (!large && chan->flags &
1148 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1149 return 0;
1150 if (!large && chan->freq_offset)
1151 return 0;
1152
1153 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1154 chan->center_freq))
1155 goto nla_put_failure;
1156
1157 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1158 goto nla_put_failure;
1159
1160 if ((chan->flags & IEEE80211_CHAN_PSD) &&
1161 nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1162 goto nla_put_failure;
1163
1164 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1165 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1166 goto nla_put_failure;
1167 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1168 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1169 goto nla_put_failure;
1170 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1171 goto nla_put_failure;
1172 }
1173 if (chan->flags & IEEE80211_CHAN_RADAR) {
1174 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1175 goto nla_put_failure;
1176 if (large) {
1177 u32 time;
1178
1179 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1180
1181 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1182 chan->dfs_state))
1183 goto nla_put_failure;
1184 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1185 time))
1186 goto nla_put_failure;
1187 if (nla_put_u32(msg,
1188 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1189 chan->dfs_cac_ms))
1190 goto nla_put_failure;
1191 }
1192 }
1193
1194 if (large) {
1195 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1196 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1197 goto nla_put_failure;
1198 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1199 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1200 goto nla_put_failure;
1201 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1202 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1203 goto nla_put_failure;
1204 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1205 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1206 goto nla_put_failure;
1207 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1208 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1209 goto nla_put_failure;
1210 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1211 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1212 goto nla_put_failure;
1213 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1214 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1215 goto nla_put_failure;
1216 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1217 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1218 goto nla_put_failure;
1219 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1220 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1221 goto nla_put_failure;
1222 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1223 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1224 goto nla_put_failure;
1225 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1226 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1227 goto nla_put_failure;
1228 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1229 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1230 goto nla_put_failure;
1231 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1232 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1233 goto nla_put_failure;
1234 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1235 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1236 goto nla_put_failure;
1237 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1238 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1239 goto nla_put_failure;
1240 if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1241 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1242 goto nla_put_failure;
1243 if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1244 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1245 goto nla_put_failure;
1246 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1247 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1248 goto nla_put_failure;
1249 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1250 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1251 goto nla_put_failure;
1252 if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) &&
1253 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR))
1254 goto nla_put_failure;
1255 if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) &&
1256 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP))
1257 goto nla_put_failure;
1258 if ((chan->flags & IEEE80211_CHAN_ALLOW_20MHZ_ACTIVITY) &&
1259 nla_put_flag(msg,
1260 NL80211_FREQUENCY_ATTR_ALLOW_20MHZ_ACTIVITY))
1261 goto nla_put_failure;
1262 }
1263
1264 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1265 DBM_TO_MBM(chan->max_power)))
1266 goto nla_put_failure;
1267
1268 if (large) {
1269 const struct ieee80211_reg_rule *rule =
1270 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1271
1272 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1273 if (nl80211_msg_put_wmm_rules(msg, rule))
1274 goto nla_put_failure;
1275 }
1276 }
1277
1278 return 0;
1279
1280 nla_put_failure:
1281 return -ENOBUFS;
1282 }
1283
nl80211_put_txq_stats(struct sk_buff * msg,struct cfg80211_txq_stats * txqstats,int attrtype)1284 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1285 struct cfg80211_txq_stats *txqstats,
1286 int attrtype)
1287 {
1288 struct nlattr *txqattr;
1289
1290 #define PUT_TXQVAL_U32(attr, memb) do { \
1291 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1292 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1293 return false; \
1294 } while (0)
1295
1296 txqattr = nla_nest_start_noflag(msg, attrtype);
1297 if (!txqattr)
1298 return false;
1299
1300 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1301 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1302 PUT_TXQVAL_U32(FLOWS, flows);
1303 PUT_TXQVAL_U32(DROPS, drops);
1304 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1305 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1306 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1307 PUT_TXQVAL_U32(COLLISIONS, collisions);
1308 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1309 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1310 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1311 nla_nest_end(msg, txqattr);
1312
1313 #undef PUT_TXQVAL_U32
1314 return true;
1315 }
1316
1317 /* netlink command implementations */
1318
1319 /**
1320 * nl80211_link_id - return link ID
1321 * @attrs: attributes to look at
1322 *
1323 * Returns: the link ID or 0 if not given
1324 *
1325 * Note this function doesn't do any validation of the link
1326 * ID validity wrt. links that were actually added, so it must
1327 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1328 * or if additional validation is done.
1329 */
nl80211_link_id(struct nlattr ** attrs)1330 static unsigned int nl80211_link_id(struct nlattr **attrs)
1331 {
1332 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1333
1334 return nla_get_u8_default(linkid, 0);
1335 }
1336
nl80211_link_id_or_invalid(struct nlattr ** attrs)1337 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1338 {
1339 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1340
1341 if (!linkid)
1342 return -1;
1343
1344 return nla_get_u8(linkid);
1345 }
1346
1347 struct key_parse {
1348 struct key_params p;
1349 int idx;
1350 int type;
1351 bool def, defmgmt, defbeacon;
1352 bool def_uni, def_multi;
1353 };
1354
nl80211_parse_key_new(struct genl_info * info,struct nlattr * key,struct key_parse * k)1355 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1356 struct key_parse *k)
1357 {
1358 struct nlattr *tb[NL80211_KEY_MAX + 1];
1359 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1360 nl80211_key_policy,
1361 info->extack);
1362 if (err)
1363 return err;
1364
1365 k->def = !!tb[NL80211_KEY_DEFAULT];
1366 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1367 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1368
1369 if (k->def) {
1370 k->def_uni = true;
1371 k->def_multi = true;
1372 }
1373 if (k->defmgmt || k->defbeacon)
1374 k->def_multi = true;
1375
1376 if (tb[NL80211_KEY_IDX])
1377 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1378
1379 if (tb[NL80211_KEY_DATA]) {
1380 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1381 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1382 }
1383
1384 if (tb[NL80211_KEY_SEQ]) {
1385 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1386 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1387 }
1388
1389 if (tb[NL80211_KEY_CIPHER])
1390 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1391
1392 if (tb[NL80211_KEY_TYPE])
1393 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1394
1395 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1396 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1397
1398 err = nla_parse_nested_deprecated(kdt,
1399 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1400 tb[NL80211_KEY_DEFAULT_TYPES],
1401 nl80211_key_default_policy,
1402 info->extack);
1403 if (err)
1404 return err;
1405
1406 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1407 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1408 }
1409
1410 if (tb[NL80211_KEY_MODE])
1411 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1412
1413 return 0;
1414 }
1415
nl80211_parse_key_old(struct genl_info * info,struct key_parse * k)1416 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1417 {
1418 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1419 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1420 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1421 }
1422
1423 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1424 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1425 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1426 }
1427
1428 if (info->attrs[NL80211_ATTR_KEY_IDX])
1429 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1430
1431 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1432 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1433
1434 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1435 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1436
1437 if (k->def) {
1438 k->def_uni = true;
1439 k->def_multi = true;
1440 }
1441 if (k->defmgmt)
1442 k->def_multi = true;
1443
1444 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1445 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1446
1447 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1448 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1449 int err = nla_parse_nested_deprecated(kdt,
1450 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1451 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1452 nl80211_key_default_policy,
1453 info->extack);
1454 if (err)
1455 return err;
1456
1457 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1458 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1459 }
1460
1461 return 0;
1462 }
1463
nl80211_parse_key(struct genl_info * info,struct key_parse * k)1464 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1465 {
1466 int err;
1467
1468 memset(k, 0, sizeof(*k));
1469 k->idx = -1;
1470 k->type = -1;
1471
1472 if (info->attrs[NL80211_ATTR_KEY])
1473 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1474 else
1475 err = nl80211_parse_key_old(info, k);
1476
1477 if (err)
1478 return err;
1479
1480 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1481 (k->defbeacon ? 1 : 0) > 1) {
1482 GENL_SET_ERR_MSG(info,
1483 "key with multiple default flags is invalid");
1484 return -EINVAL;
1485 }
1486
1487 if (k->defmgmt || k->defbeacon) {
1488 if (k->def_uni || !k->def_multi) {
1489 GENL_SET_ERR_MSG(info,
1490 "defmgmt/defbeacon key must be mcast");
1491 return -EINVAL;
1492 }
1493 }
1494
1495 if (k->idx != -1) {
1496 if (k->defmgmt) {
1497 if (k->idx < 4 || k->idx > 5) {
1498 GENL_SET_ERR_MSG(info,
1499 "defmgmt key idx not 4 or 5");
1500 return -EINVAL;
1501 }
1502 } else if (k->defbeacon) {
1503 if (k->idx < 6 || k->idx > 7) {
1504 GENL_SET_ERR_MSG(info,
1505 "defbeacon key idx not 6 or 7");
1506 return -EINVAL;
1507 }
1508 } else if (k->def) {
1509 if (k->idx < 0 || k->idx > 3) {
1510 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1511 return -EINVAL;
1512 }
1513 } else {
1514 if (k->idx < 0 || k->idx > 7) {
1515 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1516 return -EINVAL;
1517 }
1518 }
1519 }
1520
1521 return 0;
1522 }
1523
1524 static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device * rdev,struct genl_info * info,bool * no_ht)1525 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1526 struct genl_info *info, bool *no_ht)
1527 {
1528 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1529 struct key_parse parse;
1530 struct nlattr *key;
1531 struct cfg80211_cached_keys *result;
1532 int rem, err, def = 0;
1533 bool have_key = false;
1534
1535 nla_for_each_nested(key, keys, rem) {
1536 have_key = true;
1537 break;
1538 }
1539
1540 if (!have_key)
1541 return NULL;
1542
1543 result = kzalloc(sizeof(*result), GFP_KERNEL);
1544 if (!result)
1545 return ERR_PTR(-ENOMEM);
1546
1547 result->def = -1;
1548
1549 nla_for_each_nested(key, keys, rem) {
1550 memset(&parse, 0, sizeof(parse));
1551 parse.idx = -1;
1552
1553 err = nl80211_parse_key_new(info, key, &parse);
1554 if (err)
1555 goto error;
1556 err = -EINVAL;
1557 if (!parse.p.key)
1558 goto error;
1559 if (parse.idx < 0 || parse.idx > 3) {
1560 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1561 goto error;
1562 }
1563 if (parse.def) {
1564 if (def) {
1565 GENL_SET_ERR_MSG(info,
1566 "only one key can be default");
1567 goto error;
1568 }
1569 def = 1;
1570 result->def = parse.idx;
1571 if (!parse.def_uni || !parse.def_multi)
1572 goto error;
1573 } else if (parse.defmgmt)
1574 goto error;
1575 err = cfg80211_validate_key_settings(rdev, &parse.p,
1576 parse.idx, false, NULL);
1577 if (err)
1578 goto error;
1579 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1580 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1581 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1582 err = -EINVAL;
1583 goto error;
1584 }
1585 result->params[parse.idx].cipher = parse.p.cipher;
1586 result->params[parse.idx].key_len = parse.p.key_len;
1587 result->params[parse.idx].key = result->data[parse.idx];
1588 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1589
1590 /* must be WEP key if we got here */
1591 if (no_ht)
1592 *no_ht = true;
1593 }
1594
1595 if (result->def < 0) {
1596 err = -EINVAL;
1597 GENL_SET_ERR_MSG(info, "need a default/TX key");
1598 goto error;
1599 }
1600
1601 return result;
1602 error:
1603 kfree_sensitive(result);
1604 return ERR_PTR(err);
1605 }
1606
nl80211_key_allowed(struct wireless_dev * wdev)1607 static int nl80211_key_allowed(struct wireless_dev *wdev)
1608 {
1609 lockdep_assert_wiphy(wdev->wiphy);
1610
1611 switch (wdev->iftype) {
1612 case NL80211_IFTYPE_AP:
1613 case NL80211_IFTYPE_AP_VLAN:
1614 case NL80211_IFTYPE_P2P_GO:
1615 case NL80211_IFTYPE_MESH_POINT:
1616 break;
1617 case NL80211_IFTYPE_ADHOC:
1618 if (wdev->u.ibss.current_bss)
1619 return 0;
1620 return -ENOLINK;
1621 case NL80211_IFTYPE_STATION:
1622 case NL80211_IFTYPE_P2P_CLIENT:
1623 if (wdev->connected)
1624 return 0;
1625 return -ENOLINK;
1626 case NL80211_IFTYPE_NAN:
1627 if (wiphy_ext_feature_isset(wdev->wiphy,
1628 NL80211_EXT_FEATURE_SECURE_NAN))
1629 return 0;
1630 return -EINVAL;
1631 case NL80211_IFTYPE_UNSPECIFIED:
1632 case NL80211_IFTYPE_OCB:
1633 case NL80211_IFTYPE_MONITOR:
1634 case NL80211_IFTYPE_P2P_DEVICE:
1635 case NL80211_IFTYPE_WDS:
1636 case NUM_NL80211_IFTYPES:
1637 return -EINVAL;
1638 }
1639
1640 return 0;
1641 }
1642
nl80211_get_valid_chan(struct wiphy * wiphy,u32 freq)1643 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1644 u32 freq)
1645 {
1646 struct ieee80211_channel *chan;
1647
1648 chan = ieee80211_get_channel_khz(wiphy, freq);
1649 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1650 return NULL;
1651 return chan;
1652 }
1653
nl80211_put_iftypes(struct sk_buff * msg,u32 attr,u16 ifmodes)1654 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1655 {
1656 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1657 int i;
1658
1659 if (!nl_modes)
1660 goto nla_put_failure;
1661
1662 i = 0;
1663 while (ifmodes) {
1664 if ((ifmodes & 1) && nla_put_flag(msg, i))
1665 goto nla_put_failure;
1666 ifmodes >>= 1;
1667 i++;
1668 }
1669
1670 nla_nest_end(msg, nl_modes);
1671 return 0;
1672
1673 nla_put_failure:
1674 return -ENOBUFS;
1675 }
1676
nl80211_put_ifcomb_data(struct sk_buff * msg,bool large,int idx,const struct ieee80211_iface_combination * c,u16 nested)1677 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx,
1678 const struct ieee80211_iface_combination *c,
1679 u16 nested)
1680 {
1681 struct nlattr *nl_combi, *nl_limits;
1682 int i;
1683
1684 nl_combi = nla_nest_start_noflag(msg, idx | nested);
1685 if (!nl_combi)
1686 goto nla_put_failure;
1687
1688 nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS |
1689 nested);
1690 if (!nl_limits)
1691 goto nla_put_failure;
1692
1693 for (i = 0; i < c->n_limits; i++) {
1694 struct nlattr *nl_limit;
1695
1696 nl_limit = nla_nest_start_noflag(msg, i + 1);
1697 if (!nl_limit)
1698 goto nla_put_failure;
1699 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max))
1700 goto nla_put_failure;
1701 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1702 c->limits[i].types))
1703 goto nla_put_failure;
1704 nla_nest_end(msg, nl_limit);
1705 }
1706
1707 nla_nest_end(msg, nl_limits);
1708
1709 if (c->beacon_int_infra_match &&
1710 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1711 goto nla_put_failure;
1712 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1713 c->num_different_channels) ||
1714 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1715 c->max_interfaces))
1716 goto nla_put_failure;
1717 if (large &&
1718 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1719 c->radar_detect_widths) ||
1720 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1721 c->radar_detect_regions)))
1722 goto nla_put_failure;
1723 if (c->beacon_int_min_gcd &&
1724 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1725 c->beacon_int_min_gcd))
1726 goto nla_put_failure;
1727
1728 nla_nest_end(msg, nl_combi);
1729
1730 return 0;
1731 nla_put_failure:
1732 return -ENOBUFS;
1733 }
1734
nl80211_put_iface_combinations(struct wiphy * wiphy,struct sk_buff * msg,int attr,int radio,bool large,u16 nested)1735 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1736 struct sk_buff *msg,
1737 int attr, int radio,
1738 bool large, u16 nested)
1739 {
1740 const struct ieee80211_iface_combination *c;
1741 struct nlattr *nl_combis;
1742 int i, n;
1743
1744 nl_combis = nla_nest_start_noflag(msg, attr | nested);
1745 if (!nl_combis)
1746 goto nla_put_failure;
1747
1748 if (radio >= 0) {
1749 c = wiphy->radio[0].iface_combinations;
1750 n = wiphy->radio[0].n_iface_combinations;
1751 } else {
1752 c = wiphy->iface_combinations;
1753 n = wiphy->n_iface_combinations;
1754 }
1755 for (i = 0; i < n; i++)
1756 if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested))
1757 goto nla_put_failure;
1758
1759 nla_nest_end(msg, nl_combis);
1760
1761 return 0;
1762 nla_put_failure:
1763 return -ENOBUFS;
1764 }
1765
1766 #ifdef CONFIG_PM
nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1767 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1768 struct sk_buff *msg)
1769 {
1770 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1771 struct nlattr *nl_tcp;
1772
1773 if (!tcp)
1774 return 0;
1775
1776 nl_tcp = nla_nest_start_noflag(msg,
1777 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1778 if (!nl_tcp)
1779 return -ENOBUFS;
1780
1781 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1782 tcp->data_payload_max))
1783 return -ENOBUFS;
1784
1785 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1786 tcp->data_payload_max))
1787 return -ENOBUFS;
1788
1789 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1790 return -ENOBUFS;
1791
1792 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1793 sizeof(*tcp->tok), tcp->tok))
1794 return -ENOBUFS;
1795
1796 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1797 tcp->data_interval_max))
1798 return -ENOBUFS;
1799
1800 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1801 tcp->wake_payload_max))
1802 return -ENOBUFS;
1803
1804 nla_nest_end(msg, nl_tcp);
1805 return 0;
1806 }
1807
nl80211_send_wowlan(struct sk_buff * msg,struct cfg80211_registered_device * rdev,bool large)1808 static int nl80211_send_wowlan(struct sk_buff *msg,
1809 struct cfg80211_registered_device *rdev,
1810 bool large)
1811 {
1812 struct nlattr *nl_wowlan;
1813
1814 if (!rdev->wiphy.wowlan)
1815 return 0;
1816
1817 nl_wowlan = nla_nest_start_noflag(msg,
1818 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1819 if (!nl_wowlan)
1820 return -ENOBUFS;
1821
1822 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1823 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1824 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1825 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1826 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1827 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1828 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1829 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1830 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1831 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1832 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1833 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1834 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1835 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1836 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1837 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1838 return -ENOBUFS;
1839
1840 if (rdev->wiphy.wowlan->n_patterns) {
1841 struct nl80211_pattern_support pat = {
1842 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1843 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1844 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1845 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1846 };
1847
1848 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1849 sizeof(pat), &pat))
1850 return -ENOBUFS;
1851 }
1852
1853 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1854 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1855 rdev->wiphy.wowlan->max_nd_match_sets))
1856 return -ENOBUFS;
1857
1858 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1859 return -ENOBUFS;
1860
1861 nla_nest_end(msg, nl_wowlan);
1862
1863 return 0;
1864 }
1865 #endif
1866
nl80211_send_coalesce(struct sk_buff * msg,struct cfg80211_registered_device * rdev)1867 static int nl80211_send_coalesce(struct sk_buff *msg,
1868 struct cfg80211_registered_device *rdev)
1869 {
1870 struct nl80211_coalesce_rule_support rule;
1871
1872 if (!rdev->wiphy.coalesce)
1873 return 0;
1874
1875 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1876 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1877 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1878 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1879 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1880 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1881
1882 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1883 return -ENOBUFS;
1884
1885 return 0;
1886 }
1887
1888 static int
nl80211_send_iftype_data(struct sk_buff * msg,const struct ieee80211_supported_band * sband,const struct ieee80211_sband_iftype_data * iftdata)1889 nl80211_send_iftype_data(struct sk_buff *msg,
1890 const struct ieee80211_supported_band *sband,
1891 const struct ieee80211_sband_iftype_data *iftdata)
1892 {
1893 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1894 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
1895
1896 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1897 iftdata->types_mask))
1898 return -ENOBUFS;
1899
1900 if (he_cap->has_he) {
1901 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1902 sizeof(he_cap->he_cap_elem.mac_cap_info),
1903 he_cap->he_cap_elem.mac_cap_info) ||
1904 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1905 sizeof(he_cap->he_cap_elem.phy_cap_info),
1906 he_cap->he_cap_elem.phy_cap_info) ||
1907 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1908 sizeof(he_cap->he_mcs_nss_supp),
1909 &he_cap->he_mcs_nss_supp) ||
1910 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1911 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1912 return -ENOBUFS;
1913 }
1914
1915 if (eht_cap->has_eht && he_cap->has_he) {
1916 u8 mcs_nss_size, ppe_thresh_size;
1917 u16 ppe_thres_hdr;
1918 bool is_ap;
1919
1920 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
1921 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
1922
1923 mcs_nss_size =
1924 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
1925 &eht_cap->eht_cap_elem,
1926 is_ap);
1927
1928 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
1929 ppe_thresh_size =
1930 ieee80211_eht_ppe_size(ppe_thres_hdr,
1931 eht_cap->eht_cap_elem.phy_cap_info);
1932
1933 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
1934 sizeof(eht_cap->eht_cap_elem.mac_cap_info),
1935 eht_cap->eht_cap_elem.mac_cap_info) ||
1936 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
1937 sizeof(eht_cap->eht_cap_elem.phy_cap_info),
1938 eht_cap->eht_cap_elem.phy_cap_info) ||
1939 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
1940 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
1941 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
1942 ppe_thresh_size, eht_cap->eht_ppe_thres))
1943 return -ENOBUFS;
1944 }
1945
1946 if (sband->band == NL80211_BAND_6GHZ &&
1947 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1948 sizeof(iftdata->he_6ghz_capa),
1949 &iftdata->he_6ghz_capa))
1950 return -ENOBUFS;
1951
1952 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
1953 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
1954 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
1955 return -ENOBUFS;
1956
1957 return 0;
1958 }
1959
nl80211_send_band_rateinfo(struct sk_buff * msg,struct ieee80211_supported_band * sband,bool large)1960 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1961 struct ieee80211_supported_band *sband,
1962 bool large)
1963 {
1964 struct nlattr *nl_rates, *nl_rate;
1965 struct ieee80211_rate *rate;
1966 int i;
1967
1968 /* add HT info */
1969 if (sband->ht_cap.ht_supported &&
1970 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1971 sizeof(sband->ht_cap.mcs),
1972 &sband->ht_cap.mcs) ||
1973 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1974 sband->ht_cap.cap) ||
1975 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1976 sband->ht_cap.ampdu_factor) ||
1977 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1978 sband->ht_cap.ampdu_density)))
1979 return -ENOBUFS;
1980
1981 /* add VHT info */
1982 if (sband->vht_cap.vht_supported &&
1983 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1984 sizeof(sband->vht_cap.vht_mcs),
1985 &sband->vht_cap.vht_mcs) ||
1986 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1987 sband->vht_cap.cap)))
1988 return -ENOBUFS;
1989
1990 if (large && sband->n_iftype_data) {
1991 struct nlattr *nl_iftype_data =
1992 nla_nest_start_noflag(msg,
1993 NL80211_BAND_ATTR_IFTYPE_DATA);
1994 const struct ieee80211_sband_iftype_data *iftd;
1995 int err;
1996
1997 if (!nl_iftype_data)
1998 return -ENOBUFS;
1999
2000 for_each_sband_iftype_data(sband, i, iftd) {
2001 struct nlattr *iftdata;
2002
2003 iftdata = nla_nest_start_noflag(msg, i + 1);
2004 if (!iftdata)
2005 return -ENOBUFS;
2006
2007 err = nl80211_send_iftype_data(msg, sband, iftd);
2008 if (err)
2009 return err;
2010
2011 nla_nest_end(msg, iftdata);
2012 }
2013
2014 nla_nest_end(msg, nl_iftype_data);
2015 }
2016
2017 /* add EDMG info */
2018 if (large && sband->edmg_cap.channels &&
2019 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
2020 sband->edmg_cap.channels) ||
2021 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
2022 sband->edmg_cap.bw_config)))
2023
2024 return -ENOBUFS;
2025
2026 /* add bitrates */
2027 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
2028 if (!nl_rates)
2029 return -ENOBUFS;
2030
2031 for (i = 0; i < sband->n_bitrates; i++) {
2032 nl_rate = nla_nest_start_noflag(msg, i);
2033 if (!nl_rate)
2034 return -ENOBUFS;
2035
2036 rate = &sband->bitrates[i];
2037 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
2038 rate->bitrate))
2039 return -ENOBUFS;
2040 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
2041 nla_put_flag(msg,
2042 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
2043 return -ENOBUFS;
2044
2045 nla_nest_end(msg, nl_rate);
2046 }
2047
2048 nla_nest_end(msg, nl_rates);
2049
2050 /* S1G capabilities */
2051 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
2052 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
2053 sizeof(sband->s1g_cap.cap),
2054 sband->s1g_cap.cap) ||
2055 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
2056 sizeof(sband->s1g_cap.nss_mcs),
2057 sband->s1g_cap.nss_mcs)))
2058 return -ENOBUFS;
2059
2060 return 0;
2061 }
2062
2063 static int
nl80211_send_mgmt_stypes(struct sk_buff * msg,const struct ieee80211_txrx_stypes * mgmt_stypes)2064 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2065 const struct ieee80211_txrx_stypes *mgmt_stypes)
2066 {
2067 u16 stypes;
2068 struct nlattr *nl_ftypes, *nl_ifs;
2069 enum nl80211_iftype ift;
2070 int i;
2071
2072 if (!mgmt_stypes)
2073 return 0;
2074
2075 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2076 if (!nl_ifs)
2077 return -ENOBUFS;
2078
2079 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2080 nl_ftypes = nla_nest_start_noflag(msg, ift);
2081 if (!nl_ftypes)
2082 return -ENOBUFS;
2083 i = 0;
2084 stypes = mgmt_stypes[ift].tx;
2085 while (stypes) {
2086 if ((stypes & 1) &&
2087 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2088 (i << 4) | IEEE80211_FTYPE_MGMT))
2089 return -ENOBUFS;
2090 stypes >>= 1;
2091 i++;
2092 }
2093 nla_nest_end(msg, nl_ftypes);
2094 }
2095
2096 nla_nest_end(msg, nl_ifs);
2097
2098 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2099 if (!nl_ifs)
2100 return -ENOBUFS;
2101
2102 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2103 nl_ftypes = nla_nest_start_noflag(msg, ift);
2104 if (!nl_ftypes)
2105 return -ENOBUFS;
2106 i = 0;
2107 stypes = mgmt_stypes[ift].rx;
2108 while (stypes) {
2109 if ((stypes & 1) &&
2110 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2111 (i << 4) | IEEE80211_FTYPE_MGMT))
2112 return -ENOBUFS;
2113 stypes >>= 1;
2114 i++;
2115 }
2116 nla_nest_end(msg, nl_ftypes);
2117 }
2118 nla_nest_end(msg, nl_ifs);
2119
2120 return 0;
2121 }
2122
2123 #define CMD(op, n) \
2124 do { \
2125 if (rdev->ops->op) { \
2126 i++; \
2127 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
2128 goto nla_put_failure; \
2129 } \
2130 } while (0)
2131
nl80211_add_commands_unsplit(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2132 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2133 struct sk_buff *msg)
2134 {
2135 int i = 0;
2136
2137 /*
2138 * do *NOT* add anything into this function, new things need to be
2139 * advertised only to new versions of userspace that can deal with
2140 * the split (and they can't possibly care about new features...
2141 */
2142 CMD(add_virtual_intf, NEW_INTERFACE);
2143 CMD(change_virtual_intf, SET_INTERFACE);
2144 CMD(add_key, NEW_KEY);
2145 CMD(start_ap, START_AP);
2146 CMD(add_station, NEW_STATION);
2147 CMD(add_mpath, NEW_MPATH);
2148 CMD(update_mesh_config, SET_MESH_CONFIG);
2149 CMD(change_bss, SET_BSS);
2150 CMD(auth, AUTHENTICATE);
2151 CMD(assoc, ASSOCIATE);
2152 CMD(deauth, DEAUTHENTICATE);
2153 CMD(disassoc, DISASSOCIATE);
2154 CMD(join_ibss, JOIN_IBSS);
2155 CMD(join_mesh, JOIN_MESH);
2156 CMD(set_pmksa, SET_PMKSA);
2157 CMD(del_pmksa, DEL_PMKSA);
2158 CMD(flush_pmksa, FLUSH_PMKSA);
2159 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2160 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2161 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2162 CMD(mgmt_tx, FRAME);
2163 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2164 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2165 i++;
2166 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2167 goto nla_put_failure;
2168 }
2169 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2170 rdev->ops->join_mesh) {
2171 i++;
2172 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2173 goto nla_put_failure;
2174 }
2175 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2176 CMD(tdls_mgmt, TDLS_MGMT);
2177 CMD(tdls_oper, TDLS_OPER);
2178 }
2179 if (rdev->wiphy.max_sched_scan_reqs)
2180 CMD(sched_scan_start, START_SCHED_SCAN);
2181 CMD(probe_client, PROBE_CLIENT);
2182 CMD(set_noack_map, SET_NOACK_MAP);
2183 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2184 i++;
2185 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2186 goto nla_put_failure;
2187 }
2188 CMD(start_p2p_device, START_P2P_DEVICE);
2189 CMD(set_mcast_rate, SET_MCAST_RATE);
2190 #ifdef CONFIG_NL80211_TESTMODE
2191 CMD(testmode_cmd, TESTMODE);
2192 #endif
2193
2194 if (rdev->ops->connect || rdev->ops->auth) {
2195 i++;
2196 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2197 goto nla_put_failure;
2198 }
2199
2200 if (rdev->ops->disconnect || rdev->ops->deauth) {
2201 i++;
2202 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2203 goto nla_put_failure;
2204 }
2205
2206 return i;
2207 nla_put_failure:
2208 return -ENOBUFS;
2209 }
2210
2211 static int
nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities * cap,struct sk_buff * msg)2212 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2213 struct sk_buff *msg)
2214 {
2215 struct nlattr *ftm;
2216
2217 if (!cap->ftm.supported)
2218 return 0;
2219
2220 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2221 if (!ftm)
2222 return -ENOBUFS;
2223
2224 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2225 return -ENOBUFS;
2226 if (cap->ftm.non_asap &&
2227 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2228 return -ENOBUFS;
2229 if (cap->ftm.request_lci &&
2230 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2231 return -ENOBUFS;
2232 if (cap->ftm.request_civicloc &&
2233 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2234 return -ENOBUFS;
2235 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2236 cap->ftm.preambles))
2237 return -ENOBUFS;
2238 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2239 cap->ftm.bandwidths))
2240 return -ENOBUFS;
2241 if (cap->ftm.max_bursts_exponent >= 0 &&
2242 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2243 cap->ftm.max_bursts_exponent))
2244 return -ENOBUFS;
2245 if (cap->ftm.max_ftms_per_burst &&
2246 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2247 cap->ftm.max_ftms_per_burst))
2248 return -ENOBUFS;
2249 if (cap->ftm.trigger_based &&
2250 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2251 return -ENOBUFS;
2252 if (cap->ftm.non_trigger_based &&
2253 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2254 return -ENOBUFS;
2255
2256 nla_nest_end(msg, ftm);
2257 return 0;
2258 }
2259
nl80211_send_pmsr_capa(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2260 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2261 struct sk_buff *msg)
2262 {
2263 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2264 struct nlattr *pmsr, *caps;
2265
2266 if (!cap)
2267 return 0;
2268
2269 /*
2270 * we don't need to clean up anything here since the caller
2271 * will genlmsg_cancel() if we fail
2272 */
2273
2274 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2275 if (!pmsr)
2276 return -ENOBUFS;
2277
2278 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2279 return -ENOBUFS;
2280
2281 if (cap->report_ap_tsf &&
2282 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2283 return -ENOBUFS;
2284
2285 if (cap->randomize_mac_addr &&
2286 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2287 return -ENOBUFS;
2288
2289 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2290 if (!caps)
2291 return -ENOBUFS;
2292
2293 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2294 return -ENOBUFS;
2295
2296 nla_nest_end(msg, caps);
2297 nla_nest_end(msg, pmsr);
2298
2299 return 0;
2300 }
2301
2302 static int
nl80211_put_iftype_akm_suites(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2303 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2304 struct sk_buff *msg)
2305 {
2306 int i;
2307 struct nlattr *nested, *nested_akms;
2308 const struct wiphy_iftype_akm_suites *iftype_akms;
2309
2310 if (!rdev->wiphy.num_iftype_akm_suites ||
2311 !rdev->wiphy.iftype_akm_suites)
2312 return 0;
2313
2314 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2315 if (!nested)
2316 return -ENOBUFS;
2317
2318 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2319 nested_akms = nla_nest_start(msg, i + 1);
2320 if (!nested_akms)
2321 return -ENOBUFS;
2322
2323 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2324
2325 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2326 iftype_akms->iftypes_mask))
2327 return -ENOBUFS;
2328
2329 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2330 sizeof(u32) * iftype_akms->n_akm_suites,
2331 iftype_akms->akm_suites)) {
2332 return -ENOBUFS;
2333 }
2334 nla_nest_end(msg, nested_akms);
2335 }
2336
2337 nla_nest_end(msg, nested);
2338
2339 return 0;
2340 }
2341
2342 static int
nl80211_put_tid_config_support(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2343 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2344 struct sk_buff *msg)
2345 {
2346 struct nlattr *supp;
2347
2348 if (!rdev->wiphy.tid_config_support.vif &&
2349 !rdev->wiphy.tid_config_support.peer)
2350 return 0;
2351
2352 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2353 if (!supp)
2354 return -ENOSPC;
2355
2356 if (rdev->wiphy.tid_config_support.vif &&
2357 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2358 rdev->wiphy.tid_config_support.vif,
2359 NL80211_TID_CONFIG_ATTR_PAD))
2360 goto fail;
2361
2362 if (rdev->wiphy.tid_config_support.peer &&
2363 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2364 rdev->wiphy.tid_config_support.peer,
2365 NL80211_TID_CONFIG_ATTR_PAD))
2366 goto fail;
2367
2368 /* for now we just use the same value ... makes more sense */
2369 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2370 rdev->wiphy.tid_config_support.max_retry))
2371 goto fail;
2372 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2373 rdev->wiphy.tid_config_support.max_retry))
2374 goto fail;
2375
2376 nla_nest_end(msg, supp);
2377
2378 return 0;
2379 fail:
2380 nla_nest_cancel(msg, supp);
2381 return -ENOBUFS;
2382 }
2383
2384 static int
nl80211_put_sar_specs(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2385 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2386 struct sk_buff *msg)
2387 {
2388 struct nlattr *sar_capa, *specs, *sub_freq_range;
2389 u8 num_freq_ranges;
2390 int i;
2391
2392 if (!rdev->wiphy.sar_capa)
2393 return 0;
2394
2395 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2396
2397 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2398 if (!sar_capa)
2399 return -ENOSPC;
2400
2401 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2402 goto fail;
2403
2404 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2405 if (!specs)
2406 goto fail;
2407
2408 /* report supported freq_ranges */
2409 for (i = 0; i < num_freq_ranges; i++) {
2410 sub_freq_range = nla_nest_start(msg, i + 1);
2411 if (!sub_freq_range)
2412 goto fail;
2413
2414 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2415 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2416 goto fail;
2417
2418 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2419 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2420 goto fail;
2421
2422 nla_nest_end(msg, sub_freq_range);
2423 }
2424
2425 nla_nest_end(msg, specs);
2426 nla_nest_end(msg, sar_capa);
2427
2428 return 0;
2429 fail:
2430 nla_nest_cancel(msg, sar_capa);
2431 return -ENOBUFS;
2432 }
2433
nl80211_put_mbssid_support(struct wiphy * wiphy,struct sk_buff * msg)2434 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2435 {
2436 struct nlattr *config;
2437
2438 if (!wiphy->mbssid_max_interfaces)
2439 return 0;
2440
2441 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2442 if (!config)
2443 return -ENOBUFS;
2444
2445 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2446 wiphy->mbssid_max_interfaces))
2447 goto fail;
2448
2449 if (wiphy->ema_max_profile_periodicity &&
2450 nla_put_u8(msg,
2451 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2452 wiphy->ema_max_profile_periodicity))
2453 goto fail;
2454
2455 nla_nest_end(msg, config);
2456 return 0;
2457
2458 fail:
2459 nla_nest_cancel(msg, config);
2460 return -ENOBUFS;
2461 }
2462
nl80211_put_radio(struct wiphy * wiphy,struct sk_buff * msg,int idx)2463 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx)
2464 {
2465 const struct wiphy_radio *r = &wiphy->radio[idx];
2466 const struct wiphy_radio_cfg *rcfg = &wiphy->radio_cfg[idx];
2467 struct nlattr *radio, *freq;
2468 int i;
2469
2470 radio = nla_nest_start(msg, idx);
2471 if (!radio)
2472 return -ENOBUFS;
2473
2474 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx))
2475 goto nla_put_failure;
2476
2477 if (rcfg->rts_threshold &&
2478 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_RTS_THRESHOLD,
2479 rcfg->rts_threshold))
2480 goto nla_put_failure;
2481
2482 if (r->antenna_mask &&
2483 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_ANTENNA_MASK,
2484 r->antenna_mask))
2485 goto nla_put_failure;
2486
2487 for (i = 0; i < r->n_freq_range; i++) {
2488 const struct wiphy_radio_freq_range *range = &r->freq_range[i];
2489
2490 freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE);
2491 if (!freq)
2492 goto nla_put_failure;
2493
2494 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START,
2495 range->start_freq) ||
2496 nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END,
2497 range->end_freq))
2498 goto nla_put_failure;
2499
2500 nla_nest_end(msg, freq);
2501 }
2502
2503 for (i = 0; i < r->n_iface_combinations; i++)
2504 if (nl80211_put_ifcomb_data(msg, true,
2505 NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION,
2506 &r->iface_combinations[i],
2507 NLA_F_NESTED))
2508 goto nla_put_failure;
2509
2510 nla_nest_end(msg, radio);
2511
2512 return 0;
2513
2514 nla_put_failure:
2515 return -ENOBUFS;
2516 }
2517
nl80211_put_radios(struct wiphy * wiphy,struct sk_buff * msg)2518 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg)
2519 {
2520 struct nlattr *radios;
2521 int i;
2522
2523 if (!wiphy->n_radio)
2524 return 0;
2525
2526 radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS);
2527 if (!radios)
2528 return -ENOBUFS;
2529
2530 for (i = 0; i < wiphy->n_radio; i++)
2531 if (nl80211_put_radio(wiphy, msg, i))
2532 goto fail;
2533
2534 nla_nest_end(msg, radios);
2535
2536 if (nl80211_put_iface_combinations(wiphy, msg,
2537 NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS,
2538 -1, true, NLA_F_NESTED))
2539 return -ENOBUFS;
2540
2541 return 0;
2542
2543 fail:
2544 nla_nest_cancel(msg, radios);
2545 return -ENOBUFS;
2546 }
2547
2548 struct nl80211_dump_wiphy_state {
2549 s64 filter_wiphy;
2550 long start;
2551 long split_start, band_start, chan_start, capa_start;
2552 bool split;
2553 };
2554
nl80211_send_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd,struct sk_buff * msg,u32 portid,u32 seq,int flags,struct nl80211_dump_wiphy_state * state)2555 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2556 enum nl80211_commands cmd,
2557 struct sk_buff *msg, u32 portid, u32 seq,
2558 int flags, struct nl80211_dump_wiphy_state *state)
2559 {
2560 void *hdr;
2561 struct nlattr *nl_bands, *nl_band;
2562 struct nlattr *nl_freqs, *nl_freq;
2563 struct nlattr *nl_cmds;
2564 enum nl80211_band band;
2565 struct ieee80211_channel *chan;
2566 int i;
2567 const struct ieee80211_txrx_stypes *mgmt_stypes =
2568 rdev->wiphy.mgmt_stypes;
2569 u32 features;
2570
2571 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2572 if (!hdr)
2573 return -ENOBUFS;
2574
2575 if (WARN_ON(!state))
2576 return -EINVAL;
2577
2578 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2579 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2580 wiphy_name(&rdev->wiphy)) ||
2581 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2582 cfg80211_rdev_list_generation))
2583 goto nla_put_failure;
2584
2585 if (cmd != NL80211_CMD_NEW_WIPHY)
2586 goto finish;
2587
2588 switch (state->split_start) {
2589 case 0:
2590 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2591 rdev->wiphy.retry_short) ||
2592 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2593 rdev->wiphy.retry_long) ||
2594 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2595 rdev->wiphy.frag_threshold) ||
2596 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2597 rdev->wiphy.rts_threshold) ||
2598 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2599 rdev->wiphy.coverage_class) ||
2600 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2601 rdev->wiphy.max_scan_ssids) ||
2602 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2603 rdev->wiphy.max_sched_scan_ssids) ||
2604 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2605 rdev->wiphy.max_scan_ie_len) ||
2606 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2607 rdev->wiphy.max_sched_scan_ie_len) ||
2608 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2609 rdev->wiphy.max_match_sets))
2610 goto nla_put_failure;
2611
2612 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2613 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2614 goto nla_put_failure;
2615 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2616 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2617 goto nla_put_failure;
2618 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2619 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2620 goto nla_put_failure;
2621 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2622 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2623 goto nla_put_failure;
2624 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2625 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2626 goto nla_put_failure;
2627 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2628 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2629 goto nla_put_failure;
2630 state->split_start++;
2631 if (state->split)
2632 break;
2633 fallthrough;
2634 case 1:
2635 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2636 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2637 rdev->wiphy.cipher_suites))
2638 goto nla_put_failure;
2639
2640 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2641 rdev->wiphy.max_num_pmkids))
2642 goto nla_put_failure;
2643
2644 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2645 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2646 goto nla_put_failure;
2647
2648 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2649 rdev->wiphy.available_antennas_tx) ||
2650 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2651 rdev->wiphy.available_antennas_rx))
2652 goto nla_put_failure;
2653
2654 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2655 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2656 rdev->wiphy.probe_resp_offload))
2657 goto nla_put_failure;
2658
2659 if ((rdev->wiphy.available_antennas_tx ||
2660 rdev->wiphy.available_antennas_rx) &&
2661 rdev->ops->get_antenna) {
2662 u32 tx_ant = 0, rx_ant = 0;
2663 int res;
2664
2665 res = rdev_get_antenna(rdev, -1, &tx_ant, &rx_ant);
2666 if (!res) {
2667 if (nla_put_u32(msg,
2668 NL80211_ATTR_WIPHY_ANTENNA_TX,
2669 tx_ant) ||
2670 nla_put_u32(msg,
2671 NL80211_ATTR_WIPHY_ANTENNA_RX,
2672 rx_ant))
2673 goto nla_put_failure;
2674 }
2675 }
2676
2677 state->split_start++;
2678 if (state->split)
2679 break;
2680 fallthrough;
2681 case 2:
2682 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2683 rdev->wiphy.interface_modes))
2684 goto nla_put_failure;
2685 state->split_start++;
2686 if (state->split)
2687 break;
2688 fallthrough;
2689 case 3:
2690 nl_bands = nla_nest_start_noflag(msg,
2691 NL80211_ATTR_WIPHY_BANDS);
2692 if (!nl_bands)
2693 goto nla_put_failure;
2694
2695 for (band = state->band_start;
2696 band < (state->split ?
2697 NUM_NL80211_BANDS :
2698 NL80211_BAND_60GHZ + 1);
2699 band++) {
2700 struct ieee80211_supported_band *sband;
2701
2702 /* omit higher bands for ancient software */
2703 if (band > NL80211_BAND_5GHZ && !state->split)
2704 break;
2705
2706 sband = rdev->wiphy.bands[band];
2707
2708 if (!sband)
2709 continue;
2710
2711 nl_band = nla_nest_start_noflag(msg, band);
2712 if (!nl_band)
2713 goto nla_put_failure;
2714
2715 switch (state->chan_start) {
2716 case 0:
2717 if (nl80211_send_band_rateinfo(msg, sband,
2718 state->split))
2719 goto nla_put_failure;
2720 state->chan_start++;
2721 if (state->split)
2722 break;
2723 fallthrough;
2724 default:
2725 /* add frequencies */
2726 nl_freqs = nla_nest_start_noflag(msg,
2727 NL80211_BAND_ATTR_FREQS);
2728 if (!nl_freqs)
2729 goto nla_put_failure;
2730
2731 for (i = state->chan_start - 1;
2732 i < sband->n_channels;
2733 i++) {
2734 nl_freq = nla_nest_start_noflag(msg,
2735 i);
2736 if (!nl_freq)
2737 goto nla_put_failure;
2738
2739 chan = &sband->channels[i];
2740
2741 if (nl80211_msg_put_channel(
2742 msg, &rdev->wiphy, chan,
2743 state->split))
2744 goto nla_put_failure;
2745
2746 nla_nest_end(msg, nl_freq);
2747 if (state->split)
2748 break;
2749 }
2750 if (i < sband->n_channels)
2751 state->chan_start = i + 2;
2752 else
2753 state->chan_start = 0;
2754 nla_nest_end(msg, nl_freqs);
2755 }
2756
2757 nla_nest_end(msg, nl_band);
2758
2759 if (state->split) {
2760 /* start again here */
2761 if (state->chan_start)
2762 band--;
2763 break;
2764 }
2765 }
2766 nla_nest_end(msg, nl_bands);
2767
2768 if (band < NUM_NL80211_BANDS)
2769 state->band_start = band + 1;
2770 else
2771 state->band_start = 0;
2772
2773 /* if bands & channels are done, continue outside */
2774 if (state->band_start == 0 && state->chan_start == 0)
2775 state->split_start++;
2776 if (state->split)
2777 break;
2778 fallthrough;
2779 case 4:
2780 nl_cmds = nla_nest_start_noflag(msg,
2781 NL80211_ATTR_SUPPORTED_COMMANDS);
2782 if (!nl_cmds)
2783 goto nla_put_failure;
2784
2785 i = nl80211_add_commands_unsplit(rdev, msg);
2786 if (i < 0)
2787 goto nla_put_failure;
2788 if (state->split) {
2789 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2790 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2791 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2792 CMD(channel_switch, CHANNEL_SWITCH);
2793 CMD(set_qos_map, SET_QOS_MAP);
2794 if (rdev->wiphy.features &
2795 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2796 CMD(add_tx_ts, ADD_TX_TS);
2797 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2798 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2799 CMD(update_ft_ies, UPDATE_FT_IES);
2800 if (rdev->wiphy.sar_capa)
2801 CMD(set_sar_specs, SET_SAR_SPECS);
2802 CMD(assoc_ml_reconf, ASSOC_MLO_RECONF);
2803 }
2804 #undef CMD
2805
2806 nla_nest_end(msg, nl_cmds);
2807 state->split_start++;
2808 if (state->split)
2809 break;
2810 fallthrough;
2811 case 5:
2812 if (rdev->ops->remain_on_channel &&
2813 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2814 nla_put_u32(msg,
2815 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2816 rdev->wiphy.max_remain_on_channel_duration))
2817 goto nla_put_failure;
2818
2819 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2820 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2821 goto nla_put_failure;
2822
2823 state->split_start++;
2824 if (state->split)
2825 break;
2826 fallthrough;
2827 case 6:
2828 #ifdef CONFIG_PM
2829 if (nl80211_send_wowlan(msg, rdev, state->split))
2830 goto nla_put_failure;
2831 state->split_start++;
2832 if (state->split)
2833 break;
2834 #else
2835 state->split_start++;
2836 #endif
2837 fallthrough;
2838 case 7:
2839 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2840 rdev->wiphy.software_iftypes))
2841 goto nla_put_failure;
2842
2843 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2844 NL80211_ATTR_INTERFACE_COMBINATIONS,
2845 rdev->wiphy.n_radio ? 0 : -1,
2846 state->split, 0))
2847 goto nla_put_failure;
2848
2849 state->split_start++;
2850 if (state->split)
2851 break;
2852 fallthrough;
2853 case 8:
2854 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2855 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2856 rdev->wiphy.ap_sme_capa))
2857 goto nla_put_failure;
2858
2859 features = rdev->wiphy.features;
2860 /*
2861 * We can only add the per-channel limit information if the
2862 * dump is split, otherwise it makes it too big. Therefore
2863 * only advertise it in that case.
2864 */
2865 if (state->split)
2866 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2867 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2868 goto nla_put_failure;
2869
2870 if (rdev->wiphy.ht_capa_mod_mask &&
2871 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2872 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2873 rdev->wiphy.ht_capa_mod_mask))
2874 goto nla_put_failure;
2875
2876 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2877 rdev->wiphy.max_acl_mac_addrs &&
2878 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2879 rdev->wiphy.max_acl_mac_addrs))
2880 goto nla_put_failure;
2881
2882 /*
2883 * Any information below this point is only available to
2884 * applications that can deal with it being split. This
2885 * helps ensure that newly added capabilities don't break
2886 * older tools by overrunning their buffers.
2887 *
2888 * We still increment split_start so that in the split
2889 * case we'll continue with more data in the next round,
2890 * but break unconditionally so unsplit data stops here.
2891 */
2892 if (state->split)
2893 state->split_start++;
2894 else
2895 state->split_start = 0;
2896 break;
2897 case 9:
2898 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2899 goto nla_put_failure;
2900
2901 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2902 rdev->wiphy.max_sched_scan_plans) ||
2903 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2904 rdev->wiphy.max_sched_scan_plan_interval) ||
2905 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2906 rdev->wiphy.max_sched_scan_plan_iterations))
2907 goto nla_put_failure;
2908
2909 if (rdev->wiphy.extended_capabilities &&
2910 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2911 rdev->wiphy.extended_capabilities_len,
2912 rdev->wiphy.extended_capabilities) ||
2913 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2914 rdev->wiphy.extended_capabilities_len,
2915 rdev->wiphy.extended_capabilities_mask)))
2916 goto nla_put_failure;
2917
2918 if (rdev->wiphy.vht_capa_mod_mask &&
2919 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2920 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2921 rdev->wiphy.vht_capa_mod_mask))
2922 goto nla_put_failure;
2923
2924 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2925 rdev->wiphy.perm_addr))
2926 goto nla_put_failure;
2927
2928 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2929 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2930 rdev->wiphy.addr_mask))
2931 goto nla_put_failure;
2932
2933 if (rdev->wiphy.n_addresses > 1) {
2934 void *attr;
2935
2936 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2937 if (!attr)
2938 goto nla_put_failure;
2939
2940 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2941 if (nla_put(msg, i + 1, ETH_ALEN,
2942 rdev->wiphy.addresses[i].addr))
2943 goto nla_put_failure;
2944
2945 nla_nest_end(msg, attr);
2946 }
2947
2948 state->split_start++;
2949 break;
2950 case 10:
2951 if (nl80211_send_coalesce(msg, rdev))
2952 goto nla_put_failure;
2953
2954 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2955 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2956 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2957 goto nla_put_failure;
2958
2959 if (rdev->wiphy.max_ap_assoc_sta &&
2960 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2961 rdev->wiphy.max_ap_assoc_sta))
2962 goto nla_put_failure;
2963
2964 state->split_start++;
2965 break;
2966 case 11:
2967 if (rdev->wiphy.n_vendor_commands) {
2968 const struct nl80211_vendor_cmd_info *info;
2969 struct nlattr *nested;
2970
2971 nested = nla_nest_start_noflag(msg,
2972 NL80211_ATTR_VENDOR_DATA);
2973 if (!nested)
2974 goto nla_put_failure;
2975
2976 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2977 info = &rdev->wiphy.vendor_commands[i].info;
2978 if (nla_put(msg, i + 1, sizeof(*info), info))
2979 goto nla_put_failure;
2980 }
2981 nla_nest_end(msg, nested);
2982 }
2983
2984 if (rdev->wiphy.n_vendor_events) {
2985 const struct nl80211_vendor_cmd_info *info;
2986 struct nlattr *nested;
2987
2988 nested = nla_nest_start_noflag(msg,
2989 NL80211_ATTR_VENDOR_EVENTS);
2990 if (!nested)
2991 goto nla_put_failure;
2992
2993 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2994 info = &rdev->wiphy.vendor_events[i];
2995 if (nla_put(msg, i + 1, sizeof(*info), info))
2996 goto nla_put_failure;
2997 }
2998 nla_nest_end(msg, nested);
2999 }
3000 state->split_start++;
3001 break;
3002 case 12:
3003 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
3004 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
3005 rdev->wiphy.max_num_csa_counters))
3006 goto nla_put_failure;
3007
3008 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
3009 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
3010 goto nla_put_failure;
3011
3012 if (rdev->wiphy.max_sched_scan_reqs &&
3013 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
3014 rdev->wiphy.max_sched_scan_reqs))
3015 goto nla_put_failure;
3016
3017 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
3018 sizeof(rdev->wiphy.ext_features),
3019 rdev->wiphy.ext_features))
3020 goto nla_put_failure;
3021
3022 if (rdev->wiphy.bss_select_support) {
3023 struct nlattr *nested;
3024 u32 bss_select_support = rdev->wiphy.bss_select_support;
3025
3026 nested = nla_nest_start_noflag(msg,
3027 NL80211_ATTR_BSS_SELECT);
3028 if (!nested)
3029 goto nla_put_failure;
3030
3031 i = 0;
3032 while (bss_select_support) {
3033 if ((bss_select_support & 1) &&
3034 nla_put_flag(msg, i))
3035 goto nla_put_failure;
3036 i++;
3037 bss_select_support >>= 1;
3038 }
3039 nla_nest_end(msg, nested);
3040 }
3041
3042 state->split_start++;
3043 break;
3044 case 13:
3045 if (rdev->wiphy.num_iftype_ext_capab &&
3046 rdev->wiphy.iftype_ext_capab) {
3047 struct nlattr *nested_ext_capab, *nested;
3048
3049 nested = nla_nest_start_noflag(msg,
3050 NL80211_ATTR_IFTYPE_EXT_CAPA);
3051 if (!nested)
3052 goto nla_put_failure;
3053
3054 for (i = state->capa_start;
3055 i < rdev->wiphy.num_iftype_ext_capab; i++) {
3056 const struct wiphy_iftype_ext_capab *capab;
3057
3058 capab = &rdev->wiphy.iftype_ext_capab[i];
3059
3060 nested_ext_capab = nla_nest_start_noflag(msg,
3061 i);
3062 if (!nested_ext_capab ||
3063 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
3064 capab->iftype) ||
3065 nla_put(msg, NL80211_ATTR_EXT_CAPA,
3066 capab->extended_capabilities_len,
3067 capab->extended_capabilities) ||
3068 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3069 capab->extended_capabilities_len,
3070 capab->extended_capabilities_mask))
3071 goto nla_put_failure;
3072
3073 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3074 (nla_put_u16(msg,
3075 NL80211_ATTR_EML_CAPABILITY,
3076 capab->eml_capabilities) ||
3077 nla_put_u16(msg,
3078 NL80211_ATTR_MLD_CAPA_AND_OPS,
3079 capab->mld_capa_and_ops)))
3080 goto nla_put_failure;
3081
3082 nla_nest_end(msg, nested_ext_capab);
3083 if (state->split)
3084 break;
3085 }
3086 nla_nest_end(msg, nested);
3087 if (i < rdev->wiphy.num_iftype_ext_capab) {
3088 state->capa_start = i + 1;
3089 break;
3090 }
3091 }
3092
3093 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
3094 rdev->wiphy.nan_supported_bands))
3095 goto nla_put_failure;
3096
3097 if (wiphy_ext_feature_isset(&rdev->wiphy,
3098 NL80211_EXT_FEATURE_TXQS)) {
3099 struct cfg80211_txq_stats txqstats = {};
3100 int res;
3101
3102 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
3103 if (!res &&
3104 !nl80211_put_txq_stats(msg, &txqstats,
3105 NL80211_ATTR_TXQ_STATS))
3106 goto nla_put_failure;
3107
3108 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
3109 rdev->wiphy.txq_limit))
3110 goto nla_put_failure;
3111 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
3112 rdev->wiphy.txq_memory_limit))
3113 goto nla_put_failure;
3114 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
3115 rdev->wiphy.txq_quantum))
3116 goto nla_put_failure;
3117 }
3118
3119 state->split_start++;
3120 break;
3121 case 14:
3122 if (nl80211_send_pmsr_capa(rdev, msg))
3123 goto nla_put_failure;
3124
3125 state->split_start++;
3126 break;
3127 case 15:
3128 if (rdev->wiphy.akm_suites &&
3129 nla_put(msg, NL80211_ATTR_AKM_SUITES,
3130 sizeof(u32) * rdev->wiphy.n_akm_suites,
3131 rdev->wiphy.akm_suites))
3132 goto nla_put_failure;
3133
3134 if (nl80211_put_iftype_akm_suites(rdev, msg))
3135 goto nla_put_failure;
3136
3137 if (nl80211_put_tid_config_support(rdev, msg))
3138 goto nla_put_failure;
3139 state->split_start++;
3140 break;
3141 case 16:
3142 if (nl80211_put_sar_specs(rdev, msg))
3143 goto nla_put_failure;
3144
3145 if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
3146 goto nla_put_failure;
3147
3148 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
3149 rdev->wiphy.max_num_akm_suites))
3150 goto nla_put_failure;
3151
3152 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3153 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3154
3155 if (rdev->wiphy.hw_timestamp_max_peers &&
3156 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3157 rdev->wiphy.hw_timestamp_max_peers))
3158 goto nla_put_failure;
3159
3160 state->split_start++;
3161 break;
3162 case 17:
3163 if (nl80211_put_radios(&rdev->wiphy, msg))
3164 goto nla_put_failure;
3165
3166 /* done */
3167 state->split_start = 0;
3168 break;
3169 }
3170 finish:
3171 genlmsg_end(msg, hdr);
3172 return 0;
3173
3174 nla_put_failure:
3175 genlmsg_cancel(msg, hdr);
3176 return -EMSGSIZE;
3177 }
3178
nl80211_dump_wiphy_parse(struct sk_buff * skb,struct netlink_callback * cb,struct nl80211_dump_wiphy_state * state)3179 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3180 struct netlink_callback *cb,
3181 struct nl80211_dump_wiphy_state *state)
3182 {
3183 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
3184 int ret;
3185
3186 if (!tb)
3187 return -ENOMEM;
3188
3189 ret = nlmsg_parse_deprecated(cb->nlh,
3190 GENL_HDRLEN + nl80211_fam.hdrsize,
3191 tb, nl80211_fam.maxattr,
3192 nl80211_policy, NULL);
3193 /* ignore parse errors for backward compatibility */
3194 if (ret) {
3195 ret = 0;
3196 goto out;
3197 }
3198
3199 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3200 if (tb[NL80211_ATTR_WIPHY])
3201 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3202 if (tb[NL80211_ATTR_WDEV])
3203 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3204 if (tb[NL80211_ATTR_IFINDEX]) {
3205 struct net_device *netdev;
3206 struct cfg80211_registered_device *rdev;
3207 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3208
3209 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3210 if (!netdev) {
3211 ret = -ENODEV;
3212 goto out;
3213 }
3214 if (netdev->ieee80211_ptr) {
3215 rdev = wiphy_to_rdev(
3216 netdev->ieee80211_ptr->wiphy);
3217 state->filter_wiphy = rdev->wiphy_idx;
3218 }
3219 }
3220
3221 ret = 0;
3222 out:
3223 kfree(tb);
3224 return ret;
3225 }
3226
nl80211_dump_wiphy(struct sk_buff * skb,struct netlink_callback * cb)3227 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3228 {
3229 int idx = 0, ret;
3230 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3231 struct cfg80211_registered_device *rdev;
3232
3233 rtnl_lock();
3234 if (!state) {
3235 state = kzalloc(sizeof(*state), GFP_KERNEL);
3236 if (!state) {
3237 rtnl_unlock();
3238 return -ENOMEM;
3239 }
3240 state->filter_wiphy = -1;
3241 ret = nl80211_dump_wiphy_parse(skb, cb, state);
3242 if (ret) {
3243 kfree(state);
3244 rtnl_unlock();
3245 return ret;
3246 }
3247 cb->args[0] = (long)state;
3248 }
3249
3250 for_each_rdev(rdev) {
3251 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3252 continue;
3253 if (++idx <= state->start)
3254 continue;
3255 if (state->filter_wiphy != -1 &&
3256 state->filter_wiphy != rdev->wiphy_idx)
3257 continue;
3258 wiphy_lock(&rdev->wiphy);
3259 /* attempt to fit multiple wiphy data chunks into the skb */
3260 do {
3261 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3262 skb,
3263 NETLINK_CB(cb->skb).portid,
3264 cb->nlh->nlmsg_seq,
3265 NLM_F_MULTI, state);
3266 if (ret < 0) {
3267 /*
3268 * If sending the wiphy data didn't fit (ENOBUFS
3269 * or EMSGSIZE returned), this SKB is still
3270 * empty (so it's not too big because another
3271 * wiphy dataset is already in the skb) and
3272 * we've not tried to adjust the dump allocation
3273 * yet ... then adjust the alloc size to be
3274 * bigger, and return 1 but with the empty skb.
3275 * This results in an empty message being RX'ed
3276 * in userspace, but that is ignored.
3277 *
3278 * We can then retry with the larger buffer.
3279 */
3280 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3281 !skb->len && !state->split &&
3282 cb->min_dump_alloc < 4096) {
3283 cb->min_dump_alloc = 4096;
3284 state->split_start = 0;
3285 wiphy_unlock(&rdev->wiphy);
3286 rtnl_unlock();
3287 return 1;
3288 }
3289 idx--;
3290 break;
3291 }
3292 } while (state->split_start > 0);
3293 wiphy_unlock(&rdev->wiphy);
3294 break;
3295 }
3296 rtnl_unlock();
3297
3298 state->start = idx;
3299
3300 return skb->len;
3301 }
3302
nl80211_dump_wiphy_done(struct netlink_callback * cb)3303 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3304 {
3305 kfree((void *)cb->args[0]);
3306 return 0;
3307 }
3308
nl80211_get_wiphy(struct sk_buff * skb,struct genl_info * info)3309 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3310 {
3311 struct sk_buff *msg;
3312 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3313 struct nl80211_dump_wiphy_state state = {};
3314
3315 msg = nlmsg_new(4096, GFP_KERNEL);
3316 if (!msg)
3317 return -ENOMEM;
3318
3319 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3320 info->snd_portid, info->snd_seq, 0,
3321 &state) < 0) {
3322 nlmsg_free(msg);
3323 return -ENOBUFS;
3324 }
3325
3326 return genlmsg_reply(msg, info);
3327 }
3328
3329 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3330 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
3331 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
3332 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
3333 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
3334 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
3335 };
3336
parse_txq_params(struct nlattr * tb[],struct ieee80211_txq_params * txq_params)3337 static int parse_txq_params(struct nlattr *tb[],
3338 struct ieee80211_txq_params *txq_params)
3339 {
3340 u8 ac;
3341
3342 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3343 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3344 !tb[NL80211_TXQ_ATTR_AIFS])
3345 return -EINVAL;
3346
3347 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3348 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3349 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3350 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3351 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3352
3353 if (ac >= NL80211_NUM_ACS)
3354 return -EINVAL;
3355 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3356 return 0;
3357 }
3358
nl80211_can_set_dev_channel(struct wireless_dev * wdev)3359 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3360 {
3361 /*
3362 * You can only set the channel explicitly for some interfaces,
3363 * most have their channel managed via their respective
3364 * "establish a connection" command (connect, join, ...)
3365 *
3366 * For AP/GO and mesh mode, the channel can be set with the
3367 * channel userspace API, but is only stored and passed to the
3368 * low-level driver when the AP starts or the mesh is joined.
3369 * This is for backward compatibility, userspace can also give
3370 * the channel in the start-ap or join-mesh commands instead.
3371 *
3372 * Monitors are special as they are normally slaved to
3373 * whatever else is going on, so they have their own special
3374 * operation to set the monitor channel if possible.
3375 */
3376 return !wdev ||
3377 wdev->iftype == NL80211_IFTYPE_AP ||
3378 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3379 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3380 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3381 }
3382
_nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,bool monitor,struct cfg80211_chan_def * chandef)3383 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3384 struct genl_info *info, bool monitor,
3385 struct cfg80211_chan_def *chandef)
3386 {
3387 struct netlink_ext_ack *extack = info->extack;
3388 struct nlattr **attrs = info->attrs;
3389 u32 control_freq;
3390
3391 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3392 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3393 "Frequency is missing");
3394 return -EINVAL;
3395 }
3396
3397 control_freq = MHZ_TO_KHZ(
3398 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3399 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3400 control_freq +=
3401 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3402
3403 memset(chandef, 0, sizeof(*chandef));
3404 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3405 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3406 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3407 chandef->freq1_offset = control_freq % 1000;
3408 chandef->center_freq2 = 0;
3409
3410 if (!chandef->chan) {
3411 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3412 "Unknown channel");
3413 return -EINVAL;
3414 }
3415
3416 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3417 enum nl80211_channel_type chantype;
3418
3419 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3420
3421 switch (chantype) {
3422 case NL80211_CHAN_NO_HT:
3423 case NL80211_CHAN_HT20:
3424 case NL80211_CHAN_HT40PLUS:
3425 case NL80211_CHAN_HT40MINUS:
3426 cfg80211_chandef_create(chandef, chandef->chan,
3427 chantype);
3428 /* user input for center_freq is incorrect */
3429 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3430 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3431 NL_SET_ERR_MSG_ATTR(extack,
3432 attrs[NL80211_ATTR_CENTER_FREQ1],
3433 "bad center frequency 1");
3434 return -EINVAL;
3435 }
3436 /* center_freq2 must be zero */
3437 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3438 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3439 NL_SET_ERR_MSG_ATTR(extack,
3440 attrs[NL80211_ATTR_CENTER_FREQ2],
3441 "center frequency 2 can't be used");
3442 return -EINVAL;
3443 }
3444 break;
3445 default:
3446 NL_SET_ERR_MSG_ATTR(extack,
3447 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3448 "invalid channel type");
3449 return -EINVAL;
3450 }
3451 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3452 chandef->width =
3453 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3454 if (chandef->chan->band == NL80211_BAND_S1GHZ) {
3455 /* User input error for channel width doesn't match channel */
3456 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
3457 NL_SET_ERR_MSG_ATTR(extack,
3458 attrs[NL80211_ATTR_CHANNEL_WIDTH],
3459 "bad channel width");
3460 return -EINVAL;
3461 }
3462 }
3463 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3464 chandef->center_freq1 =
3465 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3466 chandef->freq1_offset =
3467 nla_get_u32_default(attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET],
3468 0);
3469 }
3470 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3471 chandef->center_freq2 =
3472 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3473 }
3474
3475 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3476 chandef->edmg.channels =
3477 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3478
3479 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3480 chandef->edmg.bw_config =
3481 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3482 } else {
3483 chandef->edmg.bw_config = 0;
3484 chandef->edmg.channels = 0;
3485 }
3486
3487 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) {
3488 chandef->punctured =
3489 nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]);
3490
3491 if (chandef->punctured &&
3492 !wiphy_ext_feature_isset(&rdev->wiphy,
3493 NL80211_EXT_FEATURE_PUNCT)) {
3494 NL_SET_ERR_MSG(extack,
3495 "driver doesn't support puncturing");
3496 return -EINVAL;
3497 }
3498 }
3499
3500 if (!cfg80211_chandef_valid(chandef)) {
3501 NL_SET_ERR_MSG(extack, "invalid channel definition");
3502 return -EINVAL;
3503 }
3504
3505 if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
3506 IEEE80211_CHAN_DISABLED,
3507 monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) {
3508 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3509 return -EINVAL;
3510 }
3511
3512 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3513 chandef->width == NL80211_CHAN_WIDTH_10) &&
3514 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3515 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3516 return -EINVAL;
3517 }
3518
3519 return 0;
3520 }
3521
nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_chan_def * chandef)3522 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3523 struct genl_info *info,
3524 struct cfg80211_chan_def *chandef)
3525 {
3526 return _nl80211_parse_chandef(rdev, info, false, chandef);
3527 }
3528
__nl80211_set_channel(struct cfg80211_registered_device * rdev,struct net_device * dev,struct genl_info * info,int _link_id)3529 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3530 struct net_device *dev,
3531 struct genl_info *info,
3532 int _link_id)
3533 {
3534 struct cfg80211_chan_def chandef;
3535 int result;
3536 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3537 struct wireless_dev *wdev = NULL;
3538 int link_id = _link_id;
3539
3540 if (dev)
3541 wdev = dev->ieee80211_ptr;
3542 if (!nl80211_can_set_dev_channel(wdev))
3543 return -EOPNOTSUPP;
3544 if (wdev)
3545 iftype = wdev->iftype;
3546
3547 if (link_id < 0) {
3548 if (wdev && wdev->valid_links)
3549 return -EINVAL;
3550 link_id = 0;
3551 }
3552
3553 result = _nl80211_parse_chandef(rdev, info,
3554 iftype == NL80211_IFTYPE_MONITOR,
3555 &chandef);
3556 if (result)
3557 return result;
3558
3559 switch (iftype) {
3560 case NL80211_IFTYPE_AP:
3561 case NL80211_IFTYPE_P2P_GO:
3562 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3563 iftype))
3564 return -EINVAL;
3565 if (wdev->links[link_id].ap.beacon_interval) {
3566 struct ieee80211_channel *cur_chan;
3567
3568 if (!dev || !rdev->ops->set_ap_chanwidth ||
3569 !(rdev->wiphy.features &
3570 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
3571 return -EBUSY;
3572
3573 /* Only allow dynamic channel width changes */
3574 cur_chan = wdev->links[link_id].ap.chandef.chan;
3575 if (chandef.chan != cur_chan)
3576 return -EBUSY;
3577
3578 /* only allow this for regular channel widths */
3579 switch (wdev->links[link_id].ap.chandef.width) {
3580 case NL80211_CHAN_WIDTH_20_NOHT:
3581 case NL80211_CHAN_WIDTH_20:
3582 case NL80211_CHAN_WIDTH_40:
3583 case NL80211_CHAN_WIDTH_80:
3584 case NL80211_CHAN_WIDTH_80P80:
3585 case NL80211_CHAN_WIDTH_160:
3586 case NL80211_CHAN_WIDTH_320:
3587 break;
3588 default:
3589 return -EINVAL;
3590 }
3591
3592 switch (chandef.width) {
3593 case NL80211_CHAN_WIDTH_20_NOHT:
3594 case NL80211_CHAN_WIDTH_20:
3595 case NL80211_CHAN_WIDTH_40:
3596 case NL80211_CHAN_WIDTH_80:
3597 case NL80211_CHAN_WIDTH_80P80:
3598 case NL80211_CHAN_WIDTH_160:
3599 case NL80211_CHAN_WIDTH_320:
3600 break;
3601 default:
3602 return -EINVAL;
3603 }
3604
3605 result = rdev_set_ap_chanwidth(rdev, dev, link_id,
3606 &chandef);
3607 if (result)
3608 return result;
3609 wdev->links[link_id].ap.chandef = chandef;
3610 } else {
3611 wdev->u.ap.preset_chandef = chandef;
3612 }
3613 return 0;
3614 case NL80211_IFTYPE_MESH_POINT:
3615 return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3616 case NL80211_IFTYPE_MONITOR:
3617 return cfg80211_set_monitor_channel(rdev, dev, &chandef);
3618 default:
3619 break;
3620 }
3621
3622 return -EINVAL;
3623 }
3624
nl80211_set_channel(struct sk_buff * skb,struct genl_info * info)3625 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3626 {
3627 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3628 int link_id = nl80211_link_id_or_invalid(info->attrs);
3629 struct net_device *netdev = info->user_ptr[1];
3630
3631 return __nl80211_set_channel(rdev, netdev, info, link_id);
3632 }
3633
nl80211_set_wiphy_radio(struct genl_info * info,struct cfg80211_registered_device * rdev,int radio_idx)3634 static int nl80211_set_wiphy_radio(struct genl_info *info,
3635 struct cfg80211_registered_device *rdev,
3636 int radio_idx)
3637 {
3638 u32 rts_threshold = 0, old_rts, changed = 0;
3639 int result;
3640
3641 if (!rdev->ops->set_wiphy_params)
3642 return -EOPNOTSUPP;
3643
3644 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3645 rts_threshold = nla_get_u32(
3646 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3647 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3648 }
3649
3650 old_rts = rdev->wiphy.radio_cfg[radio_idx].rts_threshold;
3651
3652 rdev->wiphy.radio_cfg[radio_idx].rts_threshold = rts_threshold;
3653
3654 result = rdev_set_wiphy_params(rdev, radio_idx, changed);
3655 if (result)
3656 rdev->wiphy.radio_cfg[radio_idx].rts_threshold = old_rts;
3657
3658 return 0;
3659 }
3660
nl80211_set_wiphy(struct sk_buff * skb,struct genl_info * info)3661 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3662 {
3663 struct cfg80211_registered_device *rdev = NULL;
3664 struct net_device *netdev = NULL;
3665 struct wireless_dev *wdev;
3666 int result = 0, rem_txq_params = 0;
3667 struct nlattr *nl_txq_params;
3668 u32 changed;
3669 u8 retry_short = 0, retry_long = 0;
3670 u32 frag_threshold = 0, rts_threshold = 0;
3671 u8 coverage_class = 0;
3672 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3673 int radio_idx = -1;
3674
3675 rtnl_lock();
3676 /*
3677 * Try to find the wiphy and netdev. Normally this
3678 * function shouldn't need the netdev, but this is
3679 * done for backward compatibility -- previously
3680 * setting the channel was done per wiphy, but now
3681 * it is per netdev. Previous userland like hostapd
3682 * also passed a netdev to set_wiphy, so that it is
3683 * possible to let that go to the right netdev!
3684 */
3685
3686 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3687 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3688
3689 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3690 if (netdev && netdev->ieee80211_ptr)
3691 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3692 else
3693 netdev = NULL;
3694 }
3695
3696 if (!netdev) {
3697 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3698 info->attrs);
3699 if (IS_ERR(rdev)) {
3700 rtnl_unlock();
3701 return PTR_ERR(rdev);
3702 }
3703 wdev = NULL;
3704 netdev = NULL;
3705 result = 0;
3706 } else
3707 wdev = netdev->ieee80211_ptr;
3708
3709 guard(wiphy)(&rdev->wiphy);
3710
3711 /*
3712 * end workaround code, by now the rdev is available
3713 * and locked, and wdev may or may not be NULL.
3714 */
3715
3716 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3717 result = cfg80211_dev_rename(
3718 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3719 rtnl_unlock();
3720
3721 if (result)
3722 return result;
3723
3724 if (info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]) {
3725 /* Radio idx is not expected for non-multi radio wiphy */
3726 if (rdev->wiphy.n_radio <= 0)
3727 return -EINVAL;
3728
3729 radio_idx = nla_get_u8(
3730 info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]);
3731 if (radio_idx >= rdev->wiphy.n_radio)
3732 return -EINVAL;
3733
3734 return nl80211_set_wiphy_radio(info, rdev, radio_idx);
3735 }
3736
3737 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3738 struct ieee80211_txq_params txq_params;
3739 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3740
3741 if (!rdev->ops->set_txq_params)
3742 return -EOPNOTSUPP;
3743
3744 if (!netdev)
3745 return -EINVAL;
3746
3747 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3748 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3749 return -EINVAL;
3750
3751 if (!netif_running(netdev))
3752 return -ENETDOWN;
3753
3754 nla_for_each_nested(nl_txq_params,
3755 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3756 rem_txq_params) {
3757 result = nla_parse_nested_deprecated(tb,
3758 NL80211_TXQ_ATTR_MAX,
3759 nl_txq_params,
3760 txq_params_policy,
3761 info->extack);
3762 if (result)
3763 return result;
3764
3765 result = parse_txq_params(tb, &txq_params);
3766 if (result)
3767 return result;
3768
3769 txq_params.link_id =
3770 nl80211_link_id_or_invalid(info->attrs);
3771
3772 if (txq_params.link_id >= 0 &&
3773 !(netdev->ieee80211_ptr->valid_links &
3774 BIT(txq_params.link_id)))
3775 result = -ENOLINK;
3776 else if (txq_params.link_id >= 0 &&
3777 !netdev->ieee80211_ptr->valid_links)
3778 result = -EINVAL;
3779 else
3780 result = rdev_set_txq_params(rdev, netdev,
3781 &txq_params);
3782 if (result)
3783 return result;
3784 }
3785 }
3786
3787 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3788 int link_id = nl80211_link_id_or_invalid(info->attrs);
3789
3790 if (wdev) {
3791 result = __nl80211_set_channel(
3792 rdev,
3793 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3794 info, link_id);
3795 } else {
3796 result = __nl80211_set_channel(rdev, netdev, info, link_id);
3797 }
3798
3799 if (result)
3800 return result;
3801 }
3802
3803 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3804 struct wireless_dev *txp_wdev = wdev;
3805 enum nl80211_tx_power_setting type;
3806 int idx, mbm = 0;
3807
3808 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3809 txp_wdev = NULL;
3810
3811 if (!rdev->ops->set_tx_power)
3812 return -EOPNOTSUPP;
3813
3814 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3815 type = nla_get_u32(info->attrs[idx]);
3816
3817 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3818 (type != NL80211_TX_POWER_AUTOMATIC))
3819 return -EINVAL;
3820
3821 if (type != NL80211_TX_POWER_AUTOMATIC) {
3822 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3823 mbm = nla_get_u32(info->attrs[idx]);
3824 }
3825
3826 result = rdev_set_tx_power(rdev, txp_wdev, radio_idx, type,
3827 mbm);
3828 if (result)
3829 return result;
3830 }
3831
3832 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3833 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3834 u32 tx_ant, rx_ant;
3835
3836 if ((!rdev->wiphy.available_antennas_tx &&
3837 !rdev->wiphy.available_antennas_rx) ||
3838 !rdev->ops->set_antenna)
3839 return -EOPNOTSUPP;
3840
3841 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3842 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3843
3844 /* reject antenna configurations which don't match the
3845 * available antenna masks, except for the "all" mask */
3846 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3847 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3848 return -EINVAL;
3849
3850 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3851 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3852
3853 result = rdev_set_antenna(rdev, radio_idx, tx_ant, rx_ant);
3854 if (result)
3855 return result;
3856 }
3857
3858 changed = 0;
3859
3860 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3861 retry_short = nla_get_u8(
3862 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3863
3864 changed |= WIPHY_PARAM_RETRY_SHORT;
3865 }
3866
3867 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3868 retry_long = nla_get_u8(
3869 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3870
3871 changed |= WIPHY_PARAM_RETRY_LONG;
3872 }
3873
3874 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3875 frag_threshold = nla_get_u32(
3876 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3877 if (frag_threshold < 256)
3878 return -EINVAL;
3879
3880 if (frag_threshold != (u32) -1) {
3881 /*
3882 * Fragments (apart from the last one) are required to
3883 * have even length. Make the fragmentation code
3884 * simpler by stripping LSB should someone try to use
3885 * odd threshold value.
3886 */
3887 frag_threshold &= ~0x1;
3888 }
3889 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3890 }
3891
3892 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3893 rts_threshold = nla_get_u32(
3894 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3895 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3896 }
3897
3898 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3899 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3900 return -EINVAL;
3901
3902 coverage_class = nla_get_u8(
3903 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3904 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3905 }
3906
3907 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3908 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3909 return -EOPNOTSUPP;
3910
3911 changed |= WIPHY_PARAM_DYN_ACK;
3912 }
3913
3914 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3915 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3916 NL80211_EXT_FEATURE_TXQS))
3917 return -EOPNOTSUPP;
3918
3919 txq_limit = nla_get_u32(
3920 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3921 changed |= WIPHY_PARAM_TXQ_LIMIT;
3922 }
3923
3924 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3925 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3926 NL80211_EXT_FEATURE_TXQS))
3927 return -EOPNOTSUPP;
3928
3929 txq_memory_limit = nla_get_u32(
3930 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3931 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3932 }
3933
3934 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3935 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3936 NL80211_EXT_FEATURE_TXQS))
3937 return -EOPNOTSUPP;
3938
3939 txq_quantum = nla_get_u32(
3940 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3941 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3942 }
3943
3944 if (changed) {
3945 u8 old_retry_short, old_retry_long;
3946 u32 old_frag_threshold, old_rts_threshold;
3947 u8 old_coverage_class, i;
3948 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3949 u32 *old_radio_rts_threshold = NULL;
3950
3951 if (!rdev->ops->set_wiphy_params)
3952 return -EOPNOTSUPP;
3953
3954 if (rdev->wiphy.n_radio) {
3955 old_radio_rts_threshold = kcalloc(rdev->wiphy.n_radio,
3956 sizeof(u32),
3957 GFP_KERNEL);
3958 if (!old_radio_rts_threshold)
3959 return -ENOMEM;
3960 }
3961
3962 old_retry_short = rdev->wiphy.retry_short;
3963 old_retry_long = rdev->wiphy.retry_long;
3964 old_frag_threshold = rdev->wiphy.frag_threshold;
3965 old_rts_threshold = rdev->wiphy.rts_threshold;
3966 if (old_radio_rts_threshold) {
3967 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
3968 old_radio_rts_threshold[i] =
3969 rdev->wiphy.radio_cfg[i].rts_threshold;
3970 }
3971 old_coverage_class = rdev->wiphy.coverage_class;
3972 old_txq_limit = rdev->wiphy.txq_limit;
3973 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3974 old_txq_quantum = rdev->wiphy.txq_quantum;
3975
3976 if (changed & WIPHY_PARAM_RETRY_SHORT)
3977 rdev->wiphy.retry_short = retry_short;
3978 if (changed & WIPHY_PARAM_RETRY_LONG)
3979 rdev->wiphy.retry_long = retry_long;
3980 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3981 rdev->wiphy.frag_threshold = frag_threshold;
3982 if ((changed & WIPHY_PARAM_RTS_THRESHOLD) &&
3983 old_radio_rts_threshold) {
3984 rdev->wiphy.rts_threshold = rts_threshold;
3985 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
3986 rdev->wiphy.radio_cfg[i].rts_threshold =
3987 rdev->wiphy.rts_threshold;
3988 }
3989 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3990 rdev->wiphy.coverage_class = coverage_class;
3991 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3992 rdev->wiphy.txq_limit = txq_limit;
3993 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3994 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3995 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3996 rdev->wiphy.txq_quantum = txq_quantum;
3997
3998 result = rdev_set_wiphy_params(rdev, radio_idx, changed);
3999 if (result) {
4000 rdev->wiphy.retry_short = old_retry_short;
4001 rdev->wiphy.retry_long = old_retry_long;
4002 rdev->wiphy.frag_threshold = old_frag_threshold;
4003 rdev->wiphy.rts_threshold = old_rts_threshold;
4004 if (old_radio_rts_threshold) {
4005 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4006 rdev->wiphy.radio_cfg[i].rts_threshold =
4007 old_radio_rts_threshold[i];
4008 }
4009 rdev->wiphy.coverage_class = old_coverage_class;
4010 rdev->wiphy.txq_limit = old_txq_limit;
4011 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
4012 rdev->wiphy.txq_quantum = old_txq_quantum;
4013 }
4014
4015 if (old_rts_threshold)
4016 kfree(old_radio_rts_threshold);
4017 return result;
4018 }
4019
4020 return 0;
4021 }
4022
nl80211_send_chandef(struct sk_buff * msg,const struct cfg80211_chan_def * chandef)4023 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
4024 {
4025 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
4026 return -EINVAL;
4027
4028 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
4029 chandef->chan->center_freq))
4030 return -ENOBUFS;
4031 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
4032 chandef->chan->freq_offset))
4033 return -ENOBUFS;
4034 switch (chandef->width) {
4035 case NL80211_CHAN_WIDTH_20_NOHT:
4036 case NL80211_CHAN_WIDTH_20:
4037 case NL80211_CHAN_WIDTH_40:
4038 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4039 cfg80211_get_chandef_type(chandef)))
4040 return -ENOBUFS;
4041 break;
4042 default:
4043 break;
4044 }
4045 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
4046 return -ENOBUFS;
4047 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
4048 return -ENOBUFS;
4049 if (chandef->center_freq2 &&
4050 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
4051 return -ENOBUFS;
4052 if (chandef->punctured &&
4053 nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
4054 return -ENOBUFS;
4055
4056 return 0;
4057 }
4058 EXPORT_SYMBOL(nl80211_send_chandef);
4059
nl80211_send_iface(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)4060 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
4061 struct cfg80211_registered_device *rdev,
4062 struct wireless_dev *wdev,
4063 enum nl80211_commands cmd)
4064 {
4065 struct net_device *dev = wdev->netdev;
4066 void *hdr;
4067
4068 lockdep_assert_wiphy(&rdev->wiphy);
4069
4070 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
4071 cmd != NL80211_CMD_DEL_INTERFACE &&
4072 cmd != NL80211_CMD_SET_INTERFACE);
4073
4074 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4075 if (!hdr)
4076 return -1;
4077
4078 if (dev &&
4079 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4080 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
4081 goto nla_put_failure;
4082
4083 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
4084 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
4085 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
4086 NL80211_ATTR_PAD) ||
4087 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
4088 nla_put_u32(msg, NL80211_ATTR_GENERATION,
4089 rdev->devlist_generation ^
4090 (cfg80211_rdev_list_generation << 2)) ||
4091 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr) ||
4092 nla_put_u32(msg, NL80211_ATTR_VIF_RADIO_MASK, wdev->radio_mask))
4093 goto nla_put_failure;
4094
4095 if (rdev->ops->get_channel && !wdev->valid_links) {
4096 struct cfg80211_chan_def chandef = {};
4097 int ret;
4098
4099 ret = rdev_get_channel(rdev, wdev, 0, &chandef);
4100 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4101 goto nla_put_failure;
4102 }
4103
4104 if (rdev->ops->get_tx_power && !wdev->valid_links) {
4105 int dbm, ret;
4106
4107 ret = rdev_get_tx_power(rdev, wdev, -1, 0, &dbm);
4108 if (ret == 0 &&
4109 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4110 DBM_TO_MBM(dbm)))
4111 goto nla_put_failure;
4112 }
4113
4114 switch (wdev->iftype) {
4115 case NL80211_IFTYPE_AP:
4116 case NL80211_IFTYPE_P2P_GO:
4117 if (wdev->u.ap.ssid_len &&
4118 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
4119 wdev->u.ap.ssid))
4120 goto nla_put_failure;
4121 break;
4122 case NL80211_IFTYPE_STATION:
4123 case NL80211_IFTYPE_P2P_CLIENT:
4124 if (wdev->u.client.ssid_len &&
4125 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
4126 wdev->u.client.ssid))
4127 goto nla_put_failure;
4128 break;
4129 case NL80211_IFTYPE_ADHOC:
4130 if (wdev->u.ibss.ssid_len &&
4131 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
4132 wdev->u.ibss.ssid))
4133 goto nla_put_failure;
4134 break;
4135 default:
4136 /* nothing */
4137 break;
4138 }
4139
4140 if (rdev->ops->get_txq_stats) {
4141 struct cfg80211_txq_stats txqstats = {};
4142 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
4143
4144 if (ret == 0 &&
4145 !nl80211_put_txq_stats(msg, &txqstats,
4146 NL80211_ATTR_TXQ_STATS))
4147 goto nla_put_failure;
4148 }
4149
4150 if (wdev->valid_links) {
4151 unsigned int link_id;
4152 struct nlattr *links = nla_nest_start(msg,
4153 NL80211_ATTR_MLO_LINKS);
4154
4155 if (!links)
4156 goto nla_put_failure;
4157
4158 for_each_valid_link(wdev, link_id) {
4159 struct nlattr *link = nla_nest_start(msg, link_id + 1);
4160 struct cfg80211_chan_def chandef = {};
4161 int ret;
4162
4163 if (!link)
4164 goto nla_put_failure;
4165
4166 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
4167 goto nla_put_failure;
4168 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
4169 wdev->links[link_id].addr))
4170 goto nla_put_failure;
4171
4172 ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
4173 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4174 goto nla_put_failure;
4175
4176 if (rdev->ops->get_tx_power) {
4177 int dbm, ret;
4178
4179 ret = rdev_get_tx_power(rdev, wdev, -1, link_id, &dbm);
4180 if (ret == 0 &&
4181 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4182 DBM_TO_MBM(dbm)))
4183 goto nla_put_failure;
4184 }
4185 nla_nest_end(msg, link);
4186 }
4187
4188 nla_nest_end(msg, links);
4189 }
4190
4191 genlmsg_end(msg, hdr);
4192 return 0;
4193
4194 nla_put_failure:
4195 genlmsg_cancel(msg, hdr);
4196 return -EMSGSIZE;
4197 }
4198
nl80211_dump_interface(struct sk_buff * skb,struct netlink_callback * cb)4199 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
4200 {
4201 int wp_idx = 0;
4202 int if_idx = 0;
4203 int wp_start = cb->args[0];
4204 int if_start = cb->args[1];
4205 int filter_wiphy = -1;
4206 struct cfg80211_registered_device *rdev;
4207 struct wireless_dev *wdev;
4208 int ret;
4209
4210 rtnl_lock();
4211 if (!cb->args[2]) {
4212 struct nl80211_dump_wiphy_state state = {
4213 .filter_wiphy = -1,
4214 };
4215
4216 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
4217 if (ret)
4218 goto out_unlock;
4219
4220 filter_wiphy = state.filter_wiphy;
4221
4222 /*
4223 * if filtering, set cb->args[2] to +1 since 0 is the default
4224 * value needed to determine that parsing is necessary.
4225 */
4226 if (filter_wiphy >= 0)
4227 cb->args[2] = filter_wiphy + 1;
4228 else
4229 cb->args[2] = -1;
4230 } else if (cb->args[2] > 0) {
4231 filter_wiphy = cb->args[2] - 1;
4232 }
4233
4234 for_each_rdev(rdev) {
4235 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4236 continue;
4237 if (wp_idx < wp_start) {
4238 wp_idx++;
4239 continue;
4240 }
4241
4242 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4243 continue;
4244
4245 if_idx = 0;
4246
4247 guard(wiphy)(&rdev->wiphy);
4248
4249 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4250 if (if_idx < if_start) {
4251 if_idx++;
4252 continue;
4253 }
4254
4255 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4256 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4257 rdev, wdev,
4258 NL80211_CMD_NEW_INTERFACE) < 0)
4259 goto out;
4260
4261 if_idx++;
4262 }
4263
4264 if_start = 0;
4265 wp_idx++;
4266 }
4267 out:
4268 cb->args[0] = wp_idx;
4269 cb->args[1] = if_idx;
4270
4271 ret = skb->len;
4272 out_unlock:
4273 rtnl_unlock();
4274
4275 return ret;
4276 }
4277
nl80211_get_interface(struct sk_buff * skb,struct genl_info * info)4278 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4279 {
4280 struct sk_buff *msg;
4281 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4282 struct wireless_dev *wdev = info->user_ptr[1];
4283
4284 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4285 if (!msg)
4286 return -ENOMEM;
4287
4288 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4289 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4290 nlmsg_free(msg);
4291 return -ENOBUFS;
4292 }
4293
4294 return genlmsg_reply(msg, info);
4295 }
4296
4297 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4298 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4299 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4300 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4301 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4302 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4303 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4304 [NL80211_MNTR_FLAG_SKIP_TX] = { .type = NLA_FLAG },
4305 };
4306
parse_monitor_flags(struct nlattr * nla,u32 * mntrflags)4307 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4308 {
4309 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4310 int flag;
4311
4312 *mntrflags = 0;
4313
4314 if (!nla)
4315 return -EINVAL;
4316
4317 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4318 return -EINVAL;
4319
4320 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4321 if (flags[flag])
4322 *mntrflags |= (1<<flag);
4323
4324 /* cooked monitor mode is incompatible with other modes */
4325 if (*mntrflags & MONITOR_FLAG_COOK_FRAMES &&
4326 *mntrflags != MONITOR_FLAG_COOK_FRAMES)
4327 return -EOPNOTSUPP;
4328
4329 *mntrflags |= MONITOR_FLAG_CHANGED;
4330
4331 return 0;
4332 }
4333
nl80211_parse_mon_options(struct cfg80211_registered_device * rdev,enum nl80211_iftype type,struct genl_info * info,struct vif_params * params)4334 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4335 enum nl80211_iftype type,
4336 struct genl_info *info,
4337 struct vif_params *params)
4338 {
4339 bool change = false;
4340 int err;
4341
4342 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4343 if (type != NL80211_IFTYPE_MONITOR)
4344 return -EINVAL;
4345
4346 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4347 ¶ms->flags);
4348 if (err)
4349 return err;
4350
4351 change = true;
4352 }
4353
4354 /* MONITOR_FLAG_COOK_FRAMES is deprecated, refuse cooperation */
4355 if (params->flags & MONITOR_FLAG_COOK_FRAMES)
4356 return -EOPNOTSUPP;
4357
4358 if (params->flags & MONITOR_FLAG_ACTIVE &&
4359 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4360 return -EOPNOTSUPP;
4361
4362 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4363 const u8 *mumimo_groups;
4364 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4365
4366 if (type != NL80211_IFTYPE_MONITOR)
4367 return -EINVAL;
4368
4369 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4370 return -EOPNOTSUPP;
4371
4372 mumimo_groups =
4373 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4374
4375 /* bits 0 and 63 are reserved and must be zero */
4376 if ((mumimo_groups[0] & BIT(0)) ||
4377 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4378 return -EINVAL;
4379
4380 params->vht_mumimo_groups = mumimo_groups;
4381 change = true;
4382 }
4383
4384 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4385 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4386
4387 if (type != NL80211_IFTYPE_MONITOR)
4388 return -EINVAL;
4389
4390 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4391 return -EOPNOTSUPP;
4392
4393 params->vht_mumimo_follow_addr =
4394 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4395 change = true;
4396 }
4397
4398 return change ? 1 : 0;
4399 }
4400
nl80211_valid_4addr(struct cfg80211_registered_device * rdev,struct net_device * netdev,u8 use_4addr,enum nl80211_iftype iftype)4401 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4402 struct net_device *netdev, u8 use_4addr,
4403 enum nl80211_iftype iftype)
4404 {
4405 if (!use_4addr) {
4406 if (netdev && netif_is_bridge_port(netdev))
4407 return -EBUSY;
4408 return 0;
4409 }
4410
4411 switch (iftype) {
4412 case NL80211_IFTYPE_AP_VLAN:
4413 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
4414 return 0;
4415 break;
4416 case NL80211_IFTYPE_STATION:
4417 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
4418 return 0;
4419 break;
4420 default:
4421 break;
4422 }
4423
4424 return -EOPNOTSUPP;
4425 }
4426
nl80211_parse_vif_radio_mask(struct genl_info * info,u32 * radio_mask)4427 static int nl80211_parse_vif_radio_mask(struct genl_info *info,
4428 u32 *radio_mask)
4429 {
4430 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4431 struct nlattr *attr = info->attrs[NL80211_ATTR_VIF_RADIO_MASK];
4432 u32 mask, allowed;
4433
4434 if (!attr) {
4435 *radio_mask = 0;
4436 return 0;
4437 }
4438
4439 allowed = BIT(rdev->wiphy.n_radio) - 1;
4440 mask = nla_get_u32(attr);
4441 if (mask & ~allowed)
4442 return -EINVAL;
4443 if (!mask)
4444 mask = allowed;
4445 *radio_mask = mask;
4446
4447 return 1;
4448 }
4449
nl80211_set_interface(struct sk_buff * skb,struct genl_info * info)4450 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
4451 {
4452 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4453 struct vif_params params;
4454 int err;
4455 enum nl80211_iftype otype, ntype;
4456 struct net_device *dev = info->user_ptr[1];
4457 struct wireless_dev *wdev = dev->ieee80211_ptr;
4458 u32 radio_mask = 0;
4459 bool change = false;
4460
4461 memset(¶ms, 0, sizeof(params));
4462
4463 otype = ntype = dev->ieee80211_ptr->iftype;
4464
4465 if (info->attrs[NL80211_ATTR_IFTYPE]) {
4466 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4467 if (otype != ntype)
4468 change = true;
4469 }
4470
4471 if (info->attrs[NL80211_ATTR_MESH_ID]) {
4472 if (ntype != NL80211_IFTYPE_MESH_POINT)
4473 return -EINVAL;
4474 if (otype != NL80211_IFTYPE_MESH_POINT)
4475 return -EINVAL;
4476 if (netif_running(dev))
4477 return -EBUSY;
4478
4479 wdev->u.mesh.id_up_len =
4480 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4481 memcpy(wdev->u.mesh.id,
4482 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4483 wdev->u.mesh.id_up_len);
4484 }
4485
4486 if (info->attrs[NL80211_ATTR_4ADDR]) {
4487 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4488 change = true;
4489 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
4490 if (err)
4491 return err;
4492 } else {
4493 params.use_4addr = -1;
4494 }
4495
4496 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
4497 if (err < 0)
4498 return err;
4499 if (err > 0)
4500 change = true;
4501
4502 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4503 if (err < 0)
4504 return err;
4505 if (err && netif_running(dev))
4506 return -EBUSY;
4507
4508 if (change)
4509 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
4510 else
4511 err = 0;
4512
4513 if (!err && params.use_4addr != -1)
4514 dev->ieee80211_ptr->use_4addr = params.use_4addr;
4515
4516 if (radio_mask)
4517 wdev->radio_mask = radio_mask;
4518
4519 if (change && !err)
4520 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
4521
4522 return err;
4523 }
4524
_nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4525 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4526 {
4527 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4528 struct vif_params params;
4529 struct wireless_dev *wdev;
4530 struct sk_buff *msg;
4531 u32 radio_mask;
4532 int err;
4533 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
4534
4535 memset(¶ms, 0, sizeof(params));
4536
4537 if (!info->attrs[NL80211_ATTR_IFNAME])
4538 return -EINVAL;
4539
4540 if (info->attrs[NL80211_ATTR_IFTYPE])
4541 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4542
4543 if (!rdev->ops->add_virtual_intf)
4544 return -EOPNOTSUPP;
4545
4546 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
4547 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
4548 info->attrs[NL80211_ATTR_MAC]) {
4549 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
4550 ETH_ALEN);
4551 if (!is_valid_ether_addr(params.macaddr))
4552 return -EADDRNOTAVAIL;
4553 }
4554
4555 if (info->attrs[NL80211_ATTR_4ADDR]) {
4556 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4557 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
4558 if (err)
4559 return err;
4560 }
4561
4562 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
4563 return -EOPNOTSUPP;
4564
4565 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
4566 if (err < 0)
4567 return err;
4568
4569 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4570 if (err < 0)
4571 return err;
4572
4573 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4574 if (!msg)
4575 return -ENOMEM;
4576
4577 wdev = rdev_add_virtual_intf(rdev,
4578 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
4579 NET_NAME_USER, type, ¶ms);
4580 if (WARN_ON(!wdev)) {
4581 nlmsg_free(msg);
4582 return -EPROTO;
4583 } else if (IS_ERR(wdev)) {
4584 nlmsg_free(msg);
4585 return PTR_ERR(wdev);
4586 }
4587
4588 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4589 wdev->owner_nlportid = info->snd_portid;
4590
4591 switch (type) {
4592 case NL80211_IFTYPE_MESH_POINT:
4593 if (!info->attrs[NL80211_ATTR_MESH_ID])
4594 break;
4595 wdev->u.mesh.id_up_len =
4596 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4597 memcpy(wdev->u.mesh.id,
4598 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4599 wdev->u.mesh.id_up_len);
4600 break;
4601 case NL80211_IFTYPE_NAN:
4602 case NL80211_IFTYPE_P2P_DEVICE:
4603 /*
4604 * P2P Device and NAN do not have a netdev, so don't go
4605 * through the netdev notifier and must be added here
4606 */
4607 cfg80211_init_wdev(wdev);
4608 cfg80211_register_wdev(rdev, wdev);
4609 break;
4610 default:
4611 break;
4612 }
4613
4614 if (radio_mask)
4615 wdev->radio_mask = radio_mask;
4616
4617 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4618 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4619 nlmsg_free(msg);
4620 return -ENOBUFS;
4621 }
4622
4623 return genlmsg_reply(msg, info);
4624 }
4625
nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4626 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4627 {
4628 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4629
4630 /* to avoid failing a new interface creation due to pending removal */
4631 cfg80211_destroy_ifaces(rdev);
4632
4633 guard(wiphy)(&rdev->wiphy);
4634
4635 return _nl80211_new_interface(skb, info);
4636 }
4637
nl80211_del_interface(struct sk_buff * skb,struct genl_info * info)4638 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4639 {
4640 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4641 struct wireless_dev *wdev = info->user_ptr[1];
4642
4643 if (!rdev->ops->del_virtual_intf)
4644 return -EOPNOTSUPP;
4645
4646 /*
4647 * We hold RTNL, so this is safe, without RTNL opencount cannot
4648 * reach 0, and thus the rdev cannot be deleted.
4649 *
4650 * We need to do it for the dev_close(), since that will call
4651 * the netdev notifiers, and we need to acquire the mutex there
4652 * but don't know if we get there from here or from some other
4653 * place (e.g. "ip link set ... down").
4654 */
4655 mutex_unlock(&rdev->wiphy.mtx);
4656
4657 /*
4658 * If we remove a wireless device without a netdev then clear
4659 * user_ptr[1] so that nl80211_post_doit won't dereference it
4660 * to check if it needs to do dev_put(). Otherwise it crashes
4661 * since the wdev has been freed, unlike with a netdev where
4662 * we need the dev_put() for the netdev to really be freed.
4663 */
4664 if (!wdev->netdev)
4665 info->user_ptr[1] = NULL;
4666 else
4667 dev_close(wdev->netdev);
4668
4669 mutex_lock(&rdev->wiphy.mtx);
4670
4671 return cfg80211_remove_virtual_intf(rdev, wdev);
4672 }
4673
nl80211_set_noack_map(struct sk_buff * skb,struct genl_info * info)4674 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4675 {
4676 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4677 struct net_device *dev = info->user_ptr[1];
4678 u16 noack_map;
4679
4680 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4681 return -EINVAL;
4682
4683 if (!rdev->ops->set_noack_map)
4684 return -EOPNOTSUPP;
4685
4686 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4687
4688 return rdev_set_noack_map(rdev, dev, noack_map);
4689 }
4690
nl80211_validate_key_link_id(struct genl_info * info,struct wireless_dev * wdev,int link_id,bool pairwise)4691 static int nl80211_validate_key_link_id(struct genl_info *info,
4692 struct wireless_dev *wdev,
4693 int link_id, bool pairwise)
4694 {
4695 if (pairwise) {
4696 if (link_id != -1) {
4697 GENL_SET_ERR_MSG(info,
4698 "link ID not allowed for pairwise key");
4699 return -EINVAL;
4700 }
4701
4702 return 0;
4703 }
4704
4705 if (wdev->valid_links) {
4706 if (link_id == -1) {
4707 GENL_SET_ERR_MSG(info,
4708 "link ID must for MLO group key");
4709 return -EINVAL;
4710 }
4711 if (!(wdev->valid_links & BIT(link_id))) {
4712 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
4713 return -EINVAL;
4714 }
4715 } else if (link_id != -1) {
4716 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
4717 return -EINVAL;
4718 }
4719
4720 return 0;
4721 }
4722
4723 struct get_key_cookie {
4724 struct sk_buff *msg;
4725 int error;
4726 int idx;
4727 };
4728
get_key_callback(void * c,struct key_params * params)4729 static void get_key_callback(void *c, struct key_params *params)
4730 {
4731 struct nlattr *key;
4732 struct get_key_cookie *cookie = c;
4733
4734 if ((params->seq &&
4735 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4736 params->seq_len, params->seq)) ||
4737 (params->cipher &&
4738 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4739 params->cipher)))
4740 goto nla_put_failure;
4741
4742 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4743 if (!key)
4744 goto nla_put_failure;
4745
4746 if ((params->seq &&
4747 nla_put(cookie->msg, NL80211_KEY_SEQ,
4748 params->seq_len, params->seq)) ||
4749 (params->cipher &&
4750 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4751 params->cipher)))
4752 goto nla_put_failure;
4753
4754 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4755 goto nla_put_failure;
4756
4757 nla_nest_end(cookie->msg, key);
4758
4759 return;
4760 nla_put_failure:
4761 cookie->error = 1;
4762 }
4763
nl80211_get_key(struct sk_buff * skb,struct genl_info * info)4764 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4765 {
4766 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4767 int err;
4768 struct net_device *dev = info->user_ptr[1];
4769 u8 key_idx = 0;
4770 const u8 *mac_addr = NULL;
4771 bool pairwise;
4772 struct get_key_cookie cookie = {
4773 .error = 0,
4774 };
4775 void *hdr;
4776 struct sk_buff *msg;
4777 bool bigtk_support = false;
4778 int link_id = nl80211_link_id_or_invalid(info->attrs);
4779 struct wireless_dev *wdev = dev->ieee80211_ptr;
4780
4781 if (wiphy_ext_feature_isset(&rdev->wiphy,
4782 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4783 bigtk_support = true;
4784
4785 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
4786 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4787 wiphy_ext_feature_isset(&rdev->wiphy,
4788 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4789 bigtk_support = true;
4790
4791 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4792 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4793
4794 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4795 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4796 return -EINVAL;
4797 }
4798 }
4799
4800 if (info->attrs[NL80211_ATTR_MAC])
4801 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4802
4803 pairwise = !!mac_addr;
4804 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4805 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4806
4807 if (kt != NL80211_KEYTYPE_GROUP &&
4808 kt != NL80211_KEYTYPE_PAIRWISE)
4809 return -EINVAL;
4810 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4811 }
4812
4813 if (!rdev->ops->get_key)
4814 return -EOPNOTSUPP;
4815
4816 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4817 return -ENOENT;
4818
4819 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4820 if (!msg)
4821 return -ENOMEM;
4822
4823 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4824 NL80211_CMD_NEW_KEY);
4825 if (!hdr)
4826 goto nla_put_failure;
4827
4828 cookie.msg = msg;
4829 cookie.idx = key_idx;
4830
4831 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4832 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4833 goto nla_put_failure;
4834 if (mac_addr &&
4835 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4836 goto nla_put_failure;
4837
4838 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
4839 if (err)
4840 goto free_msg;
4841
4842 err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr,
4843 &cookie, get_key_callback);
4844
4845 if (err)
4846 goto free_msg;
4847
4848 if (cookie.error)
4849 goto nla_put_failure;
4850
4851 genlmsg_end(msg, hdr);
4852 return genlmsg_reply(msg, info);
4853
4854 nla_put_failure:
4855 err = -ENOBUFS;
4856 free_msg:
4857 nlmsg_free(msg);
4858 return err;
4859 }
4860
nl80211_set_key(struct sk_buff * skb,struct genl_info * info)4861 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4862 {
4863 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4864 struct key_parse key;
4865 int err;
4866 struct net_device *dev = info->user_ptr[1];
4867 int link_id = nl80211_link_id_or_invalid(info->attrs);
4868 struct wireless_dev *wdev = dev->ieee80211_ptr;
4869
4870 err = nl80211_parse_key(info, &key);
4871 if (err)
4872 return err;
4873
4874 if (key.idx < 0)
4875 return -EINVAL;
4876
4877 /* Only support setting default key and
4878 * Extended Key ID action NL80211_KEY_SET_TX.
4879 */
4880 if (!key.def && !key.defmgmt && !key.defbeacon &&
4881 !(key.p.mode == NL80211_KEY_SET_TX))
4882 return -EINVAL;
4883
4884 if (key.def) {
4885 if (!rdev->ops->set_default_key)
4886 return -EOPNOTSUPP;
4887
4888 err = nl80211_key_allowed(wdev);
4889 if (err)
4890 return err;
4891
4892 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4893 if (err)
4894 return err;
4895
4896 err = rdev_set_default_key(rdev, dev, link_id, key.idx,
4897 key.def_uni, key.def_multi);
4898
4899 if (err)
4900 return err;
4901
4902 #ifdef CONFIG_CFG80211_WEXT
4903 wdev->wext.default_key = key.idx;
4904 #endif
4905 return 0;
4906 } else if (key.defmgmt) {
4907 if (key.def_uni || !key.def_multi)
4908 return -EINVAL;
4909
4910 if (!rdev->ops->set_default_mgmt_key)
4911 return -EOPNOTSUPP;
4912
4913 err = nl80211_key_allowed(wdev);
4914 if (err)
4915 return err;
4916
4917 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4918 if (err)
4919 return err;
4920
4921 err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx);
4922 if (err)
4923 return err;
4924
4925 #ifdef CONFIG_CFG80211_WEXT
4926 wdev->wext.default_mgmt_key = key.idx;
4927 #endif
4928 return 0;
4929 } else if (key.defbeacon) {
4930 if (key.def_uni || !key.def_multi)
4931 return -EINVAL;
4932
4933 if (!rdev->ops->set_default_beacon_key)
4934 return -EOPNOTSUPP;
4935
4936 err = nl80211_key_allowed(wdev);
4937 if (err)
4938 return err;
4939
4940 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4941 if (err)
4942 return err;
4943
4944 return rdev_set_default_beacon_key(rdev, dev, link_id, key.idx);
4945 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4946 wiphy_ext_feature_isset(&rdev->wiphy,
4947 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4948 u8 *mac_addr = NULL;
4949
4950 if (info->attrs[NL80211_ATTR_MAC])
4951 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4952
4953 if (!mac_addr || key.idx < 0 || key.idx > 1)
4954 return -EINVAL;
4955
4956 err = nl80211_validate_key_link_id(info, wdev, link_id, true);
4957 if (err)
4958 return err;
4959
4960 return rdev_add_key(rdev, dev, link_id, key.idx,
4961 NL80211_KEYTYPE_PAIRWISE,
4962 mac_addr, &key.p);
4963 }
4964
4965 return -EINVAL;
4966 }
4967
nl80211_new_key(struct sk_buff * skb,struct genl_info * info)4968 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4969 {
4970 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4971 int err;
4972 struct net_device *dev = info->user_ptr[1];
4973 struct key_parse key;
4974 const u8 *mac_addr = NULL;
4975 int link_id = nl80211_link_id_or_invalid(info->attrs);
4976 struct wireless_dev *wdev = dev->ieee80211_ptr;
4977
4978 err = nl80211_parse_key(info, &key);
4979 if (err)
4980 return err;
4981
4982 if (!key.p.key) {
4983 GENL_SET_ERR_MSG(info, "no key");
4984 return -EINVAL;
4985 }
4986
4987 if (info->attrs[NL80211_ATTR_MAC])
4988 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4989
4990 if (key.type == -1) {
4991 if (mac_addr)
4992 key.type = NL80211_KEYTYPE_PAIRWISE;
4993 else
4994 key.type = NL80211_KEYTYPE_GROUP;
4995 }
4996
4997 /* for now */
4998 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4999 key.type != NL80211_KEYTYPE_GROUP) {
5000 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
5001 return -EINVAL;
5002 }
5003
5004 if (key.type == NL80211_KEYTYPE_GROUP &&
5005 info->attrs[NL80211_ATTR_VLAN_ID])
5006 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5007
5008 if (!rdev->ops->add_key)
5009 return -EOPNOTSUPP;
5010
5011 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
5012 key.type == NL80211_KEYTYPE_PAIRWISE,
5013 mac_addr)) {
5014 GENL_SET_ERR_MSG(info, "key setting validation failed");
5015 return -EINVAL;
5016 }
5017
5018 err = nl80211_key_allowed(wdev);
5019 if (err)
5020 GENL_SET_ERR_MSG(info, "key not allowed");
5021
5022 if (!err)
5023 err = nl80211_validate_key_link_id(info, wdev, link_id,
5024 key.type == NL80211_KEYTYPE_PAIRWISE);
5025
5026 if (!err) {
5027 err = rdev_add_key(rdev, dev, link_id, key.idx,
5028 key.type == NL80211_KEYTYPE_PAIRWISE,
5029 mac_addr, &key.p);
5030 if (err)
5031 GENL_SET_ERR_MSG(info, "key addition failed");
5032 }
5033
5034 return err;
5035 }
5036
nl80211_del_key(struct sk_buff * skb,struct genl_info * info)5037 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
5038 {
5039 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5040 int err;
5041 struct net_device *dev = info->user_ptr[1];
5042 u8 *mac_addr = NULL;
5043 struct key_parse key;
5044 int link_id = nl80211_link_id_or_invalid(info->attrs);
5045 struct wireless_dev *wdev = dev->ieee80211_ptr;
5046
5047 err = nl80211_parse_key(info, &key);
5048 if (err)
5049 return err;
5050
5051 if (info->attrs[NL80211_ATTR_MAC])
5052 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5053
5054 if (key.type == -1) {
5055 if (mac_addr)
5056 key.type = NL80211_KEYTYPE_PAIRWISE;
5057 else
5058 key.type = NL80211_KEYTYPE_GROUP;
5059 }
5060
5061 /* for now */
5062 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
5063 key.type != NL80211_KEYTYPE_GROUP)
5064 return -EINVAL;
5065
5066 if (!cfg80211_valid_key_idx(rdev, key.idx,
5067 key.type == NL80211_KEYTYPE_PAIRWISE))
5068 return -EINVAL;
5069
5070 if (!rdev->ops->del_key)
5071 return -EOPNOTSUPP;
5072
5073 err = nl80211_key_allowed(wdev);
5074
5075 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
5076 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
5077 err = -ENOENT;
5078
5079 if (!err)
5080 err = nl80211_validate_key_link_id(info, wdev, link_id,
5081 key.type == NL80211_KEYTYPE_PAIRWISE);
5082
5083 if (!err)
5084 err = rdev_del_key(rdev, dev, link_id, key.idx,
5085 key.type == NL80211_KEYTYPE_PAIRWISE,
5086 mac_addr);
5087
5088 #ifdef CONFIG_CFG80211_WEXT
5089 if (!err) {
5090 if (key.idx == wdev->wext.default_key)
5091 wdev->wext.default_key = -1;
5092 else if (key.idx == wdev->wext.default_mgmt_key)
5093 wdev->wext.default_mgmt_key = -1;
5094 }
5095 #endif
5096
5097 return err;
5098 }
5099
5100 /* This function returns an error or the number of nested attributes */
validate_acl_mac_addrs(struct nlattr * nl_attr)5101 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
5102 {
5103 struct nlattr *attr;
5104 int n_entries = 0, tmp;
5105
5106 nla_for_each_nested(attr, nl_attr, tmp) {
5107 if (nla_len(attr) != ETH_ALEN)
5108 return -EINVAL;
5109
5110 n_entries++;
5111 }
5112
5113 return n_entries;
5114 }
5115
5116 /*
5117 * This function parses ACL information and allocates memory for ACL data.
5118 * On successful return, the calling function is responsible to free the
5119 * ACL buffer returned by this function.
5120 */
parse_acl_data(struct wiphy * wiphy,struct genl_info * info)5121 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
5122 struct genl_info *info)
5123 {
5124 enum nl80211_acl_policy acl_policy;
5125 struct nlattr *attr;
5126 struct cfg80211_acl_data *acl;
5127 int i = 0, n_entries, tmp;
5128
5129 if (!wiphy->max_acl_mac_addrs)
5130 return ERR_PTR(-EOPNOTSUPP);
5131
5132 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
5133 return ERR_PTR(-EINVAL);
5134
5135 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
5136 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
5137 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
5138 return ERR_PTR(-EINVAL);
5139
5140 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
5141 return ERR_PTR(-EINVAL);
5142
5143 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
5144 if (n_entries < 0)
5145 return ERR_PTR(n_entries);
5146
5147 if (n_entries > wiphy->max_acl_mac_addrs)
5148 return ERR_PTR(-EOPNOTSUPP);
5149
5150 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
5151 if (!acl)
5152 return ERR_PTR(-ENOMEM);
5153 acl->n_acl_entries = n_entries;
5154
5155 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
5156 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
5157 i++;
5158 }
5159 acl->acl_policy = acl_policy;
5160
5161 return acl;
5162 }
5163
nl80211_set_mac_acl(struct sk_buff * skb,struct genl_info * info)5164 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
5165 {
5166 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5167 struct net_device *dev = info->user_ptr[1];
5168 struct cfg80211_acl_data *acl;
5169 int err;
5170
5171 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5172 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5173 return -EOPNOTSUPP;
5174
5175 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
5176 return -EINVAL;
5177
5178 acl = parse_acl_data(&rdev->wiphy, info);
5179 if (IS_ERR(acl))
5180 return PTR_ERR(acl);
5181
5182 err = rdev_set_mac_acl(rdev, dev, acl);
5183
5184 kfree(acl);
5185
5186 return err;
5187 }
5188
rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len)5189 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5190 u8 *rates, u8 rates_len)
5191 {
5192 u8 i;
5193 u32 mask = 0;
5194
5195 for (i = 0; i < rates_len; i++) {
5196 int rate = (rates[i] & 0x7f) * 5;
5197 int ridx;
5198
5199 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5200 struct ieee80211_rate *srate =
5201 &sband->bitrates[ridx];
5202 if (rate == srate->bitrate) {
5203 mask |= 1 << ridx;
5204 break;
5205 }
5206 }
5207 if (ridx == sband->n_bitrates)
5208 return 0; /* rate not found */
5209 }
5210
5211 return mask;
5212 }
5213
ht_rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len,u8 mcs[IEEE80211_HT_MCS_MASK_LEN])5214 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5215 u8 *rates, u8 rates_len,
5216 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5217 {
5218 u8 i;
5219
5220 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5221
5222 for (i = 0; i < rates_len; i++) {
5223 int ridx, rbit;
5224
5225 ridx = rates[i] / 8;
5226 rbit = BIT(rates[i] % 8);
5227
5228 /* check validity */
5229 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5230 return false;
5231
5232 /* check availability */
5233 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
5234 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5235 mcs[ridx] |= rbit;
5236 else
5237 return false;
5238 }
5239
5240 return true;
5241 }
5242
vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)5243 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
5244 {
5245 u16 mcs_mask = 0;
5246
5247 switch (vht_mcs_map) {
5248 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
5249 break;
5250 case IEEE80211_VHT_MCS_SUPPORT_0_7:
5251 mcs_mask = 0x00FF;
5252 break;
5253 case IEEE80211_VHT_MCS_SUPPORT_0_8:
5254 mcs_mask = 0x01FF;
5255 break;
5256 case IEEE80211_VHT_MCS_SUPPORT_0_9:
5257 mcs_mask = 0x03FF;
5258 break;
5259 default:
5260 break;
5261 }
5262
5263 return mcs_mask;
5264 }
5265
vht_build_mcs_mask(u16 vht_mcs_map,u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])5266 static void vht_build_mcs_mask(u16 vht_mcs_map,
5267 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
5268 {
5269 u8 nss;
5270
5271 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5272 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5273 vht_mcs_map >>= 2;
5274 }
5275 }
5276
vht_set_mcs_mask(struct ieee80211_supported_band * sband,struct nl80211_txrate_vht * txrate,u16 mcs[NL80211_VHT_NSS_MAX])5277 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5278 struct nl80211_txrate_vht *txrate,
5279 u16 mcs[NL80211_VHT_NSS_MAX])
5280 {
5281 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5282 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5283 u8 i;
5284
5285 if (!sband->vht_cap.vht_supported)
5286 return false;
5287
5288 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5289
5290 /* Build vht_mcs_mask from VHT capabilities */
5291 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5292
5293 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5294 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5295 mcs[i] = txrate->mcs[i];
5296 else
5297 return false;
5298 }
5299
5300 return true;
5301 }
5302
he_mcs_map_to_mcs_mask(u8 he_mcs_map)5303 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5304 {
5305 switch (he_mcs_map) {
5306 case IEEE80211_HE_MCS_NOT_SUPPORTED:
5307 return 0;
5308 case IEEE80211_HE_MCS_SUPPORT_0_7:
5309 return 0x00FF;
5310 case IEEE80211_HE_MCS_SUPPORT_0_9:
5311 return 0x03FF;
5312 case IEEE80211_HE_MCS_SUPPORT_0_11:
5313 return 0xFFF;
5314 default:
5315 break;
5316 }
5317 return 0;
5318 }
5319
he_build_mcs_mask(u16 he_mcs_map,u16 he_mcs_mask[NL80211_HE_NSS_MAX])5320 static void he_build_mcs_mask(u16 he_mcs_map,
5321 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5322 {
5323 u8 nss;
5324
5325 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5326 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5327 he_mcs_map >>= 2;
5328 }
5329 }
5330
he_get_txmcsmap(struct genl_info * info,unsigned int link_id,const struct ieee80211_sta_he_cap * he_cap)5331 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5332 const struct ieee80211_sta_he_cap *he_cap)
5333 {
5334 struct net_device *dev = info->user_ptr[1];
5335 struct wireless_dev *wdev = dev->ieee80211_ptr;
5336 struct cfg80211_chan_def *chandef;
5337 __le16 tx_mcs;
5338
5339 chandef = wdev_chandef(wdev, link_id);
5340 if (!chandef) {
5341 /*
5342 * This is probably broken, but we never maintained
5343 * a chandef in these cases, so it always was.
5344 */
5345 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5346 }
5347
5348 switch (chandef->width) {
5349 case NL80211_CHAN_WIDTH_80P80:
5350 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5351 break;
5352 case NL80211_CHAN_WIDTH_160:
5353 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5354 break;
5355 default:
5356 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5357 break;
5358 }
5359
5360 return le16_to_cpu(tx_mcs);
5361 }
5362
he_set_mcs_mask(struct genl_info * info,struct wireless_dev * wdev,struct ieee80211_supported_band * sband,struct nl80211_txrate_he * txrate,u16 mcs[NL80211_HE_NSS_MAX],unsigned int link_id)5363 static bool he_set_mcs_mask(struct genl_info *info,
5364 struct wireless_dev *wdev,
5365 struct ieee80211_supported_band *sband,
5366 struct nl80211_txrate_he *txrate,
5367 u16 mcs[NL80211_HE_NSS_MAX],
5368 unsigned int link_id)
5369 {
5370 const struct ieee80211_sta_he_cap *he_cap;
5371 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5372 u16 tx_mcs_map = 0;
5373 u8 i;
5374
5375 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5376 if (!he_cap)
5377 return false;
5378
5379 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5380
5381 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5382
5383 /* Build he_mcs_mask from HE capabilities */
5384 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5385
5386 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5387 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5388 mcs[i] = txrate->mcs[i];
5389 else
5390 return false;
5391 }
5392
5393 return true;
5394 }
5395
nl80211_parse_tx_bitrate_mask(struct genl_info * info,struct nlattr * attrs[],enum nl80211_attrs attr,struct cfg80211_bitrate_mask * mask,struct net_device * dev,bool default_all_enabled,unsigned int link_id)5396 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
5397 struct nlattr *attrs[],
5398 enum nl80211_attrs attr,
5399 struct cfg80211_bitrate_mask *mask,
5400 struct net_device *dev,
5401 bool default_all_enabled,
5402 unsigned int link_id)
5403 {
5404 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5405 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5406 struct wireless_dev *wdev = dev->ieee80211_ptr;
5407 int rem, i;
5408 struct nlattr *tx_rates;
5409 struct ieee80211_supported_band *sband;
5410 u16 vht_tx_mcs_map, he_tx_mcs_map;
5411
5412 memset(mask, 0, sizeof(*mask));
5413 /* Default to all rates enabled */
5414 for (i = 0; i < NUM_NL80211_BANDS; i++) {
5415 const struct ieee80211_sta_he_cap *he_cap;
5416
5417 if (!default_all_enabled)
5418 break;
5419
5420 sband = rdev->wiphy.bands[i];
5421
5422 if (!sband)
5423 continue;
5424
5425 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
5426 memcpy(mask->control[i].ht_mcs,
5427 sband->ht_cap.mcs.rx_mask,
5428 sizeof(mask->control[i].ht_mcs));
5429
5430 if (sband->vht_cap.vht_supported) {
5431 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5432 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
5433 }
5434
5435 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5436 if (!he_cap)
5437 continue;
5438
5439 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5440 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
5441
5442 mask->control[i].he_gi = 0xFF;
5443 mask->control[i].he_ltf = 0xFF;
5444 }
5445
5446 /* if no rates are given set it back to the defaults */
5447 if (!attrs[attr])
5448 goto out;
5449
5450 /* The nested attribute uses enum nl80211_band as the index. This maps
5451 * directly to the enum nl80211_band values used in cfg80211.
5452 */
5453 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5454 nla_for_each_nested(tx_rates, attrs[attr], rem) {
5455 enum nl80211_band band = nla_type(tx_rates);
5456 int err;
5457
5458 if (band < 0 || band >= NUM_NL80211_BANDS)
5459 return -EINVAL;
5460 sband = rdev->wiphy.bands[band];
5461 if (sband == NULL)
5462 return -EINVAL;
5463 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
5464 tx_rates,
5465 nl80211_txattr_policy,
5466 info->extack);
5467 if (err)
5468 return err;
5469 if (tb[NL80211_TXRATE_LEGACY]) {
5470 mask->control[band].legacy = rateset_to_mask(
5471 sband,
5472 nla_data(tb[NL80211_TXRATE_LEGACY]),
5473 nla_len(tb[NL80211_TXRATE_LEGACY]));
5474 if ((mask->control[band].legacy == 0) &&
5475 nla_len(tb[NL80211_TXRATE_LEGACY]))
5476 return -EINVAL;
5477 }
5478 if (tb[NL80211_TXRATE_HT]) {
5479 if (!ht_rateset_to_mask(
5480 sband,
5481 nla_data(tb[NL80211_TXRATE_HT]),
5482 nla_len(tb[NL80211_TXRATE_HT]),
5483 mask->control[band].ht_mcs))
5484 return -EINVAL;
5485 }
5486
5487 if (tb[NL80211_TXRATE_VHT]) {
5488 if (!vht_set_mcs_mask(
5489 sband,
5490 nla_data(tb[NL80211_TXRATE_VHT]),
5491 mask->control[band].vht_mcs))
5492 return -EINVAL;
5493 }
5494
5495 if (tb[NL80211_TXRATE_GI]) {
5496 mask->control[band].gi =
5497 nla_get_u8(tb[NL80211_TXRATE_GI]);
5498 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
5499 return -EINVAL;
5500 }
5501 if (tb[NL80211_TXRATE_HE] &&
5502 !he_set_mcs_mask(info, wdev, sband,
5503 nla_data(tb[NL80211_TXRATE_HE]),
5504 mask->control[band].he_mcs,
5505 link_id))
5506 return -EINVAL;
5507
5508 if (tb[NL80211_TXRATE_HE_GI])
5509 mask->control[band].he_gi =
5510 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
5511 if (tb[NL80211_TXRATE_HE_LTF])
5512 mask->control[band].he_ltf =
5513 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
5514
5515 if (mask->control[band].legacy == 0) {
5516 /* don't allow empty legacy rates if HT, VHT or HE
5517 * are not even supported.
5518 */
5519 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
5520 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
5521 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
5522 return -EINVAL;
5523
5524 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5525 if (mask->control[band].ht_mcs[i])
5526 goto out;
5527
5528 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
5529 if (mask->control[band].vht_mcs[i])
5530 goto out;
5531
5532 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
5533 if (mask->control[band].he_mcs[i])
5534 goto out;
5535
5536 /* legacy and mcs rates may not be both empty */
5537 return -EINVAL;
5538 }
5539 }
5540
5541 out:
5542 return 0;
5543 }
5544
validate_beacon_tx_rate(struct cfg80211_registered_device * rdev,enum nl80211_band band,struct cfg80211_bitrate_mask * beacon_rate)5545 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
5546 enum nl80211_band band,
5547 struct cfg80211_bitrate_mask *beacon_rate)
5548 {
5549 u32 count_ht, count_vht, count_he, i;
5550 u32 rate = beacon_rate->control[band].legacy;
5551
5552 /* Allow only one rate */
5553 if (hweight32(rate) > 1)
5554 return -EINVAL;
5555
5556 count_ht = 0;
5557 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5558 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
5559 return -EINVAL;
5560 } else if (beacon_rate->control[band].ht_mcs[i]) {
5561 count_ht++;
5562 if (count_ht > 1)
5563 return -EINVAL;
5564 }
5565 if (count_ht && rate)
5566 return -EINVAL;
5567 }
5568
5569 count_vht = 0;
5570 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5571 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
5572 return -EINVAL;
5573 } else if (beacon_rate->control[band].vht_mcs[i]) {
5574 count_vht++;
5575 if (count_vht > 1)
5576 return -EINVAL;
5577 }
5578 if (count_vht && rate)
5579 return -EINVAL;
5580 }
5581
5582 count_he = 0;
5583 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5584 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
5585 return -EINVAL;
5586 } else if (beacon_rate->control[band].he_mcs[i]) {
5587 count_he++;
5588 if (count_he > 1)
5589 return -EINVAL;
5590 }
5591 if (count_he && rate)
5592 return -EINVAL;
5593 }
5594
5595 if ((count_ht && count_vht && count_he) ||
5596 (!rate && !count_ht && !count_vht && !count_he))
5597 return -EINVAL;
5598
5599 if (rate &&
5600 !wiphy_ext_feature_isset(&rdev->wiphy,
5601 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
5602 return -EINVAL;
5603 if (count_ht &&
5604 !wiphy_ext_feature_isset(&rdev->wiphy,
5605 NL80211_EXT_FEATURE_BEACON_RATE_HT))
5606 return -EINVAL;
5607 if (count_vht &&
5608 !wiphy_ext_feature_isset(&rdev->wiphy,
5609 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
5610 return -EINVAL;
5611 if (count_he &&
5612 !wiphy_ext_feature_isset(&rdev->wiphy,
5613 NL80211_EXT_FEATURE_BEACON_RATE_HE))
5614 return -EINVAL;
5615
5616 return 0;
5617 }
5618
nl80211_parse_mbssid_config(struct wiphy * wiphy,struct net_device * dev,unsigned int link_id,struct nlattr * attrs,struct cfg80211_mbssid_config * config,u8 num_elems)5619 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
5620 struct net_device *dev,
5621 unsigned int link_id,
5622 struct nlattr *attrs,
5623 struct cfg80211_mbssid_config *config,
5624 u8 num_elems)
5625 {
5626 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
5627 int tx_link_id = -1;
5628
5629 if (!wiphy->mbssid_max_interfaces)
5630 return -EOPNOTSUPP;
5631
5632 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
5633 NULL) ||
5634 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
5635 return -EINVAL;
5636
5637 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
5638 if (config->ema) {
5639 if (!wiphy->ema_max_profile_periodicity)
5640 return -EOPNOTSUPP;
5641
5642 if (num_elems > wiphy->ema_max_profile_periodicity)
5643 return -EINVAL;
5644 }
5645
5646 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
5647 if (config->index >= wiphy->mbssid_max_interfaces ||
5648 (!config->index && !num_elems))
5649 return -EINVAL;
5650
5651 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID])
5652 tx_link_id = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID]);
5653
5654 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
5655 u32 tx_ifindex =
5656 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
5657
5658 if ((!config->index && tx_ifindex != dev->ifindex) ||
5659 (config->index && tx_ifindex == dev->ifindex))
5660 return -EINVAL;
5661
5662 if (tx_ifindex != dev->ifindex) {
5663 struct net_device *tx_netdev =
5664 dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
5665
5666 if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
5667 tx_netdev->ieee80211_ptr->wiphy != wiphy ||
5668 tx_netdev->ieee80211_ptr->iftype !=
5669 NL80211_IFTYPE_AP) {
5670 dev_put(tx_netdev);
5671 return -EINVAL;
5672 }
5673
5674 config->tx_wdev = tx_netdev->ieee80211_ptr;
5675 /* Caller should call dev_put(config->tx_wdev) from this point */
5676
5677 if (config->tx_wdev->valid_links) {
5678 if (tx_link_id == -1 ||
5679 !(config->tx_wdev->valid_links & BIT(tx_link_id)))
5680 return -ENOLINK;
5681
5682 config->tx_link_id = tx_link_id;
5683 }
5684 } else {
5685 if (tx_link_id >= 0 && tx_link_id != link_id)
5686 return -EINVAL;
5687
5688 config->tx_wdev = dev->ieee80211_ptr;
5689 }
5690 } else if (!config->index) {
5691 if (tx_link_id >= 0 && tx_link_id != link_id)
5692 return -EINVAL;
5693
5694 config->tx_wdev = dev->ieee80211_ptr;
5695 } else {
5696 return -EINVAL;
5697 }
5698
5699 return 0;
5700 }
5701
5702 static struct cfg80211_mbssid_elems *
nl80211_parse_mbssid_elems(struct wiphy * wiphy,struct nlattr * attrs)5703 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
5704 {
5705 struct nlattr *nl_elems;
5706 struct cfg80211_mbssid_elems *elems;
5707 int rem_elems;
5708 u8 i = 0, num_elems = 0;
5709
5710 if (!wiphy->mbssid_max_interfaces)
5711 return ERR_PTR(-EINVAL);
5712
5713 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5714 if (num_elems >= 255)
5715 return ERR_PTR(-EINVAL);
5716 num_elems++;
5717 }
5718
5719 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5720 if (!elems)
5721 return ERR_PTR(-ENOMEM);
5722 elems->cnt = num_elems;
5723
5724 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5725 elems->elem[i].data = nla_data(nl_elems);
5726 elems->elem[i].len = nla_len(nl_elems);
5727 i++;
5728 }
5729 return elems;
5730 }
5731
5732 static struct cfg80211_rnr_elems *
nl80211_parse_rnr_elems(struct wiphy * wiphy,struct nlattr * attrs,struct netlink_ext_ack * extack)5733 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
5734 struct netlink_ext_ack *extack)
5735 {
5736 struct nlattr *nl_elems;
5737 struct cfg80211_rnr_elems *elems;
5738 int rem_elems;
5739 u8 i = 0, num_elems = 0;
5740
5741 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5742 int ret;
5743
5744 ret = validate_ie_attr(nl_elems, extack);
5745 if (ret)
5746 return ERR_PTR(ret);
5747
5748 num_elems++;
5749 }
5750
5751 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5752 if (!elems)
5753 return ERR_PTR(-ENOMEM);
5754 elems->cnt = num_elems;
5755
5756 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5757 elems->elem[i].data = nla_data(nl_elems);
5758 elems->elem[i].len = nla_len(nl_elems);
5759 i++;
5760 }
5761 return elems;
5762 }
5763
nl80211_parse_he_bss_color(struct nlattr * attrs,struct cfg80211_he_bss_color * he_bss_color)5764 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5765 struct cfg80211_he_bss_color *he_bss_color)
5766 {
5767 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5768 int err;
5769
5770 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5771 he_bss_color_policy, NULL);
5772 if (err)
5773 return err;
5774
5775 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5776 return -EINVAL;
5777
5778 he_bss_color->color =
5779 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5780 he_bss_color->enabled =
5781 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5782 he_bss_color->partial =
5783 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5784
5785 return 0;
5786 }
5787
nl80211_parse_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct cfg80211_beacon_data * bcn,struct netlink_ext_ack * extack)5788 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
5789 struct nlattr *attrs[],
5790 struct cfg80211_beacon_data *bcn,
5791 struct netlink_ext_ack *extack)
5792 {
5793 bool haveinfo = false;
5794 int err;
5795
5796 memset(bcn, 0, sizeof(*bcn));
5797
5798 bcn->link_id = nl80211_link_id(attrs);
5799
5800 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
5801 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
5802 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
5803 if (!bcn->head_len)
5804 return -EINVAL;
5805 haveinfo = true;
5806 }
5807
5808 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
5809 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
5810 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
5811 haveinfo = true;
5812 }
5813
5814 if (!haveinfo)
5815 return -EINVAL;
5816
5817 if (attrs[NL80211_ATTR_IE]) {
5818 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5819 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5820 }
5821
5822 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5823 bcn->proberesp_ies =
5824 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5825 bcn->proberesp_ies_len =
5826 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5827 }
5828
5829 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5830 bcn->assocresp_ies =
5831 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5832 bcn->assocresp_ies_len =
5833 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5834 }
5835
5836 if (attrs[NL80211_ATTR_PROBE_RESP]) {
5837 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5838 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5839 }
5840
5841 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5842 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5843
5844 err = nla_parse_nested_deprecated(tb,
5845 NL80211_FTM_RESP_ATTR_MAX,
5846 attrs[NL80211_ATTR_FTM_RESPONDER],
5847 NULL, NULL);
5848 if (err)
5849 return err;
5850
5851 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5852 wiphy_ext_feature_isset(&rdev->wiphy,
5853 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5854 bcn->ftm_responder = 1;
5855 else
5856 return -EOPNOTSUPP;
5857
5858 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5859 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5860 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5861 }
5862
5863 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5864 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5865 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5866 }
5867 } else {
5868 bcn->ftm_responder = -1;
5869 }
5870
5871 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5872 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
5873 &bcn->he_bss_color);
5874 if (err)
5875 return err;
5876 bcn->he_bss_color_valid = true;
5877 }
5878
5879 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
5880 struct cfg80211_mbssid_elems *mbssid =
5881 nl80211_parse_mbssid_elems(&rdev->wiphy,
5882 attrs[NL80211_ATTR_MBSSID_ELEMS]);
5883
5884 if (IS_ERR(mbssid))
5885 return PTR_ERR(mbssid);
5886
5887 bcn->mbssid_ies = mbssid;
5888
5889 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
5890 struct cfg80211_rnr_elems *rnr =
5891 nl80211_parse_rnr_elems(&rdev->wiphy,
5892 attrs[NL80211_ATTR_EMA_RNR_ELEMS],
5893 extack);
5894
5895 if (IS_ERR(rnr))
5896 return PTR_ERR(rnr);
5897
5898 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
5899 return -EINVAL;
5900
5901 bcn->rnr_ies = rnr;
5902 }
5903 }
5904
5905 return 0;
5906 }
5907
nl80211_parse_he_obss_pd(struct nlattr * attrs,struct ieee80211_he_obss_pd * he_obss_pd)5908 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5909 struct ieee80211_he_obss_pd *he_obss_pd)
5910 {
5911 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5912 int err;
5913
5914 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5915 he_obss_pd_policy, NULL);
5916 if (err)
5917 return err;
5918
5919 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5920 return -EINVAL;
5921
5922 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5923
5924 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5925 he_obss_pd->min_offset =
5926 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5927 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5928 he_obss_pd->max_offset =
5929 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5930 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5931 he_obss_pd->non_srg_max_offset =
5932 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5933
5934 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5935 return -EINVAL;
5936
5937 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5938 memcpy(he_obss_pd->bss_color_bitmap,
5939 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5940 sizeof(he_obss_pd->bss_color_bitmap));
5941
5942 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5943 memcpy(he_obss_pd->partial_bssid_bitmap,
5944 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5945 sizeof(he_obss_pd->partial_bssid_bitmap));
5946
5947 he_obss_pd->enable = true;
5948
5949 return 0;
5950 }
5951
nl80211_parse_fils_discovery(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_fils_discovery * fd)5952 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5953 struct nlattr *attrs,
5954 struct cfg80211_fils_discovery *fd)
5955 {
5956 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5957 int ret;
5958
5959 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5960 NL80211_EXT_FEATURE_FILS_DISCOVERY))
5961 return -EINVAL;
5962
5963 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5964 NULL, NULL);
5965 if (ret)
5966 return ret;
5967
5968 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
5969 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
5970 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
5971 fd->update = true;
5972 return 0;
5973 }
5974
5975 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5976 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5977 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5978 return -EINVAL;
5979
5980 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5981 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5982 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5983 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5984 fd->update = true;
5985 return 0;
5986 }
5987
5988 static int
nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_unsol_bcast_probe_resp * presp)5989 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5990 struct nlattr *attrs,
5991 struct cfg80211_unsol_bcast_probe_resp *presp)
5992 {
5993 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5994 int ret;
5995
5996 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5997 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5998 return -EINVAL;
5999
6000 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
6001 attrs, NULL, NULL);
6002 if (ret)
6003 return ret;
6004
6005 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
6006 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
6007 presp->update = true;
6008 return 0;
6009 }
6010
6011 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
6012 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
6013 return -EINVAL;
6014
6015 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6016 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6017 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
6018 presp->update = true;
6019 return 0;
6020 }
6021
nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings * params,const struct element * rates)6022 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
6023 const struct element *rates)
6024 {
6025 int i;
6026
6027 if (!rates)
6028 return;
6029
6030 for (i = 0; i < rates->datalen; i++) {
6031 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
6032 params->ht_required = true;
6033 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
6034 params->vht_required = true;
6035 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
6036 params->he_required = true;
6037 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
6038 params->sae_h2e_required = true;
6039 }
6040 }
6041
6042 /*
6043 * Since the nl80211 API didn't include, from the beginning, attributes about
6044 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
6045 * benefit of drivers that rebuild IEs in the firmware.
6046 */
nl80211_calculate_ap_params(struct cfg80211_ap_settings * params)6047 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
6048 {
6049 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
6050 size_t ies_len = bcn->tail_len;
6051 const u8 *ies = bcn->tail;
6052 const struct element *rates;
6053 const struct element *cap;
6054
6055 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
6056 nl80211_check_ap_rate_selectors(params, rates);
6057
6058 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
6059 nl80211_check_ap_rate_selectors(params, rates);
6060
6061 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
6062 if (cap && cap->datalen >= sizeof(*params->ht_cap))
6063 params->ht_cap = (void *)cap->data;
6064 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
6065 if (cap && cap->datalen >= sizeof(*params->vht_cap))
6066 params->vht_cap = (void *)cap->data;
6067 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
6068 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1)
6069 params->he_cap = (void *)(cap->data + 1);
6070 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
6071 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1)
6072 params->he_oper = (void *)(cap->data + 1);
6073 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
6074 if (cap) {
6075 if (!cap->datalen)
6076 return -EINVAL;
6077 params->eht_cap = (void *)(cap->data + 1);
6078 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
6079 (const u8 *)params->eht_cap,
6080 cap->datalen - 1, true))
6081 return -EINVAL;
6082 }
6083 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
6084 if (cap) {
6085 if (!cap->datalen)
6086 return -EINVAL;
6087 params->eht_oper = (void *)(cap->data + 1);
6088 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper,
6089 cap->datalen - 1))
6090 return -EINVAL;
6091 }
6092 return 0;
6093 }
6094
nl80211_get_ap_channel(struct cfg80211_registered_device * rdev,struct cfg80211_ap_settings * params)6095 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
6096 struct cfg80211_ap_settings *params)
6097 {
6098 struct wireless_dev *wdev;
6099
6100 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
6101 if (wdev->iftype != NL80211_IFTYPE_AP &&
6102 wdev->iftype != NL80211_IFTYPE_P2P_GO)
6103 continue;
6104
6105 if (!wdev->u.ap.preset_chandef.chan)
6106 continue;
6107
6108 params->chandef = wdev->u.ap.preset_chandef;
6109 return true;
6110 }
6111
6112 return false;
6113 }
6114
nl80211_valid_auth_type(struct cfg80211_registered_device * rdev,enum nl80211_auth_type auth_type,enum nl80211_commands cmd)6115 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
6116 enum nl80211_auth_type auth_type,
6117 enum nl80211_commands cmd)
6118 {
6119 if (auth_type > NL80211_AUTHTYPE_MAX)
6120 return false;
6121
6122 switch (cmd) {
6123 case NL80211_CMD_AUTHENTICATE:
6124 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6125 auth_type == NL80211_AUTHTYPE_SAE)
6126 return false;
6127 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6128 NL80211_EXT_FEATURE_FILS_STA) &&
6129 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6130 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6131 auth_type == NL80211_AUTHTYPE_FILS_PK))
6132 return false;
6133 return true;
6134 case NL80211_CMD_CONNECT:
6135 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6136 !wiphy_ext_feature_isset(&rdev->wiphy,
6137 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
6138 auth_type == NL80211_AUTHTYPE_SAE)
6139 return false;
6140
6141 /* FILS with SK PFS or PK not supported yet */
6142 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6143 auth_type == NL80211_AUTHTYPE_FILS_PK)
6144 return false;
6145 if (!wiphy_ext_feature_isset(
6146 &rdev->wiphy,
6147 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
6148 auth_type == NL80211_AUTHTYPE_FILS_SK)
6149 return false;
6150 return true;
6151 case NL80211_CMD_START_AP:
6152 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6153 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
6154 auth_type == NL80211_AUTHTYPE_SAE)
6155 return false;
6156 /* FILS not supported yet */
6157 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6158 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6159 auth_type == NL80211_AUTHTYPE_FILS_PK)
6160 return false;
6161 return true;
6162 default:
6163 return false;
6164 }
6165 }
6166
nl80211_send_ap_started(struct wireless_dev * wdev,unsigned int link_id)6167 static void nl80211_send_ap_started(struct wireless_dev *wdev,
6168 unsigned int link_id)
6169 {
6170 struct wiphy *wiphy = wdev->wiphy;
6171 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6172 struct sk_buff *msg;
6173 void *hdr;
6174
6175 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6176 if (!msg)
6177 return;
6178
6179 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
6180 if (!hdr)
6181 goto out;
6182
6183 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6184 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
6185 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
6186 NL80211_ATTR_PAD) ||
6187 (wdev->u.ap.ssid_len &&
6188 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
6189 wdev->u.ap.ssid)) ||
6190 (wdev->valid_links &&
6191 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
6192 goto out;
6193
6194 genlmsg_end(msg, hdr);
6195
6196 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
6197 NL80211_MCGRP_MLME, GFP_KERNEL);
6198 return;
6199 out:
6200 nlmsg_free(msg);
6201 }
6202
nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings * params)6203 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
6204 {
6205 struct ieee80211_channel *channel = params->chandef.chan;
6206
6207 if ((params->he_cap || params->he_oper) &&
6208 (channel->flags & IEEE80211_CHAN_NO_HE))
6209 return -EOPNOTSUPP;
6210
6211 if ((params->eht_cap || params->eht_oper) &&
6212 (channel->flags & IEEE80211_CHAN_NO_EHT))
6213 return -EOPNOTSUPP;
6214
6215 return 0;
6216 }
6217
6218 static int
nl80211_parse_s1g_short_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_s1g_short_beacon * sb)6219 nl80211_parse_s1g_short_beacon(struct cfg80211_registered_device *rdev,
6220 struct nlattr *attrs,
6221 struct cfg80211_s1g_short_beacon *sb)
6222 {
6223 struct nlattr *tb[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1];
6224 int ret;
6225
6226 if (!rdev->wiphy.bands[NL80211_BAND_S1GHZ])
6227 return -EINVAL;
6228
6229 ret = nla_parse_nested(tb, NL80211_S1G_SHORT_BEACON_ATTR_MAX, attrs,
6230 NULL, NULL);
6231 if (ret)
6232 return ret;
6233
6234 /* Short beacon tail is optional (i.e might only include the TIM) */
6235 if (!tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD])
6236 return -EINVAL;
6237
6238 sb->short_head = nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
6239 sb->short_head_len = nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
6240 sb->short_tail_len = 0;
6241
6242 if (tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]) {
6243 sb->short_tail =
6244 nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
6245 sb->short_tail_len =
6246 nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
6247 }
6248
6249 sb->update = true;
6250 return 0;
6251 }
6252
nl80211_start_ap(struct sk_buff * skb,struct genl_info * info)6253 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
6254 {
6255 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6256 struct cfg80211_beaconing_check_config beacon_check = {};
6257 unsigned int link_id = nl80211_link_id(info->attrs);
6258 struct net_device *dev = info->user_ptr[1];
6259 struct wireless_dev *wdev = dev->ieee80211_ptr;
6260 struct cfg80211_ap_settings *params;
6261 int err;
6262
6263 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6264 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6265 return -EOPNOTSUPP;
6266
6267 if (!rdev->ops->start_ap)
6268 return -EOPNOTSUPP;
6269
6270 if (wdev->links[link_id].cac_started)
6271 return -EBUSY;
6272
6273 if (wdev->links[link_id].ap.beacon_interval)
6274 return -EALREADY;
6275
6276 /* these are required for START_AP */
6277 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
6278 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
6279 !info->attrs[NL80211_ATTR_BEACON_HEAD])
6280 return -EINVAL;
6281
6282 if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
6283 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
6284 return -EOPNOTSUPP;
6285
6286 params = kzalloc(sizeof(*params), GFP_KERNEL);
6287 if (!params)
6288 return -ENOMEM;
6289
6290 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6291 info->extack);
6292 if (err)
6293 goto out;
6294
6295 params->beacon_interval =
6296 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6297 params->dtim_period =
6298 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
6299
6300 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
6301 params->beacon_interval);
6302 if (err)
6303 goto out;
6304
6305 /*
6306 * In theory, some of these attributes should be required here
6307 * but since they were not used when the command was originally
6308 * added, keep them optional for old user space programs to let
6309 * them continue to work with drivers that do not need the
6310 * additional information -- drivers must check!
6311 */
6312 if (info->attrs[NL80211_ATTR_SSID]) {
6313 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6314 params->ssid_len =
6315 nla_len(info->attrs[NL80211_ATTR_SSID]);
6316 if (params->ssid_len == 0) {
6317 err = -EINVAL;
6318 goto out;
6319 }
6320
6321 if (wdev->u.ap.ssid_len &&
6322 (wdev->u.ap.ssid_len != params->ssid_len ||
6323 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
6324 /* require identical SSID for MLO */
6325 err = -EINVAL;
6326 goto out;
6327 }
6328 } else if (wdev->valid_links) {
6329 /* require SSID for MLO */
6330 err = -EINVAL;
6331 goto out;
6332 }
6333
6334 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
6335 params->hidden_ssid = nla_get_u32(
6336 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
6337
6338 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6339
6340 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6341 params->auth_type = nla_get_u32(
6342 info->attrs[NL80211_ATTR_AUTH_TYPE]);
6343 if (!nl80211_valid_auth_type(rdev, params->auth_type,
6344 NL80211_CMD_START_AP)) {
6345 err = -EINVAL;
6346 goto out;
6347 }
6348 } else
6349 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6350
6351 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto,
6352 NL80211_MAX_NR_CIPHER_SUITES);
6353 if (err)
6354 goto out;
6355
6356 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
6357 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
6358 err = -EOPNOTSUPP;
6359 goto out;
6360 }
6361 params->inactivity_timeout = nla_get_u16(
6362 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
6363 }
6364
6365 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6366 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6367 err = -EINVAL;
6368 goto out;
6369 }
6370 params->p2p_ctwindow =
6371 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6372 if (params->p2p_ctwindow != 0 &&
6373 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
6374 err = -EINVAL;
6375 goto out;
6376 }
6377 }
6378
6379 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6380 u8 tmp;
6381
6382 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6383 err = -EINVAL;
6384 goto out;
6385 }
6386 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6387 params->p2p_opp_ps = tmp;
6388 if (params->p2p_opp_ps != 0 &&
6389 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
6390 err = -EINVAL;
6391 goto out;
6392 }
6393 }
6394
6395 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6396 err = nl80211_parse_chandef(rdev, info, ¶ms->chandef);
6397 if (err)
6398 goto out;
6399 } else if (wdev->valid_links) {
6400 /* with MLD need to specify the channel configuration */
6401 err = -EINVAL;
6402 goto out;
6403 } else if (wdev->u.ap.preset_chandef.chan) {
6404 params->chandef = wdev->u.ap.preset_chandef;
6405 } else if (!nl80211_get_ap_channel(rdev, params)) {
6406 err = -EINVAL;
6407 goto out;
6408 }
6409
6410 beacon_check.iftype = wdev->iftype;
6411 beacon_check.relax = true;
6412 beacon_check.reg_power =
6413 cfg80211_get_6ghz_power_type(params->beacon.tail,
6414 params->beacon.tail_len);
6415 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, ¶ms->chandef,
6416 &beacon_check)) {
6417 err = -EINVAL;
6418 goto out;
6419 }
6420
6421 if (info->attrs[NL80211_ATTR_TX_RATES]) {
6422 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
6423 NL80211_ATTR_TX_RATES,
6424 ¶ms->beacon_rate,
6425 dev, false, link_id);
6426 if (err)
6427 goto out;
6428
6429 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
6430 ¶ms->beacon_rate);
6431 if (err)
6432 goto out;
6433 }
6434
6435 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
6436 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
6437 err = -EOPNOTSUPP;
6438 goto out;
6439 }
6440
6441 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
6442 params->acl = parse_acl_data(&rdev->wiphy, info);
6443 if (IS_ERR(params->acl)) {
6444 err = PTR_ERR(params->acl);
6445 params->acl = NULL;
6446 goto out;
6447 }
6448 }
6449
6450 params->twt_responder =
6451 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
6452
6453 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
6454 err = nl80211_parse_he_obss_pd(
6455 info->attrs[NL80211_ATTR_HE_OBSS_PD],
6456 ¶ms->he_obss_pd);
6457 if (err)
6458 goto out;
6459 }
6460
6461 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
6462 err = nl80211_parse_fils_discovery(rdev,
6463 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
6464 ¶ms->fils_discovery);
6465 if (err)
6466 goto out;
6467 }
6468
6469 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
6470 err = nl80211_parse_unsol_bcast_probe_resp(
6471 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
6472 ¶ms->unsol_bcast_probe_resp);
6473 if (err)
6474 goto out;
6475 }
6476
6477 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
6478 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev, link_id,
6479 info->attrs[NL80211_ATTR_MBSSID_CONFIG],
6480 ¶ms->mbssid_config,
6481 params->beacon.mbssid_ies ?
6482 params->beacon.mbssid_ies->cnt :
6483 0);
6484 if (err)
6485 goto out;
6486 }
6487
6488 if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
6489 err = -EINVAL;
6490 goto out;
6491 }
6492
6493 if (info->attrs[NL80211_ATTR_S1G_SHORT_BEACON]) {
6494 if (!info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]) {
6495 err = -EINVAL;
6496 goto out;
6497 }
6498
6499 params->s1g_long_beacon_period = nla_get_u8(
6500 info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]);
6501
6502 err = nl80211_parse_s1g_short_beacon(
6503 rdev, info->attrs[NL80211_ATTR_S1G_SHORT_BEACON],
6504 ¶ms->s1g_short_beacon);
6505 if (err)
6506 goto out;
6507 }
6508
6509 err = nl80211_calculate_ap_params(params);
6510 if (err)
6511 goto out;
6512
6513 err = nl80211_validate_ap_phy_operation(params);
6514 if (err)
6515 goto out;
6516
6517 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
6518 params->flags = nla_get_u32(
6519 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
6520 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
6521 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
6522
6523 if (wdev->conn_owner_nlportid &&
6524 info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
6525 wdev->conn_owner_nlportid != info->snd_portid) {
6526 err = -EINVAL;
6527 goto out;
6528 }
6529
6530 /* FIXME: validate MLO/link-id against driver capabilities */
6531
6532 err = rdev_start_ap(rdev, dev, params);
6533 if (!err) {
6534 wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
6535 wdev->links[link_id].ap.chandef = params->chandef;
6536 wdev->u.ap.ssid_len = params->ssid_len;
6537 memcpy(wdev->u.ap.ssid, params->ssid,
6538 params->ssid_len);
6539
6540 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6541 wdev->conn_owner_nlportid = info->snd_portid;
6542
6543 nl80211_send_ap_started(wdev, link_id);
6544 }
6545 out:
6546 kfree(params->acl);
6547 kfree(params->beacon.mbssid_ies);
6548 if (params->mbssid_config.tx_wdev &&
6549 params->mbssid_config.tx_wdev->netdev &&
6550 params->mbssid_config.tx_wdev->netdev != dev)
6551 dev_put(params->mbssid_config.tx_wdev->netdev);
6552 kfree(params->beacon.rnr_ies);
6553 kfree(params);
6554
6555 return err;
6556 }
6557
nl80211_set_beacon(struct sk_buff * skb,struct genl_info * info)6558 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
6559 {
6560 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6561 struct cfg80211_beaconing_check_config beacon_check = {};
6562 unsigned int link_id = nl80211_link_id(info->attrs);
6563 struct net_device *dev = info->user_ptr[1];
6564 struct wireless_dev *wdev = dev->ieee80211_ptr;
6565 struct cfg80211_ap_update *params;
6566 struct nlattr *attr;
6567 int err;
6568
6569 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6570 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6571 return -EOPNOTSUPP;
6572
6573 if (!rdev->ops->change_beacon)
6574 return -EOPNOTSUPP;
6575
6576 if (!wdev->links[link_id].ap.beacon_interval)
6577 return -EINVAL;
6578
6579 params = kzalloc(sizeof(*params), GFP_KERNEL);
6580 if (!params)
6581 return -ENOMEM;
6582
6583 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6584 info->extack);
6585 if (err)
6586 goto out;
6587
6588 /* recheck beaconing is permitted with possibly changed power type */
6589 beacon_check.iftype = wdev->iftype;
6590 beacon_check.relax = true;
6591 beacon_check.reg_power =
6592 cfg80211_get_6ghz_power_type(params->beacon.tail,
6593 params->beacon.tail_len);
6594 if (!cfg80211_reg_check_beaconing(&rdev->wiphy,
6595 &wdev->links[link_id].ap.chandef,
6596 &beacon_check)) {
6597 err = -EINVAL;
6598 goto out;
6599 }
6600
6601 attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
6602 if (attr) {
6603 err = nl80211_parse_fils_discovery(rdev, attr,
6604 ¶ms->fils_discovery);
6605 if (err)
6606 goto out;
6607 }
6608
6609 attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
6610 if (attr) {
6611 err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
6612 ¶ms->unsol_bcast_probe_resp);
6613 if (err)
6614 goto out;
6615 }
6616
6617 attr = info->attrs[NL80211_ATTR_S1G_SHORT_BEACON];
6618 if (attr) {
6619 err = nl80211_parse_s1g_short_beacon(rdev, attr,
6620 ¶ms->s1g_short_beacon);
6621 if (err)
6622 goto out;
6623 }
6624
6625 err = rdev_change_beacon(rdev, dev, params);
6626
6627 out:
6628 kfree(params->beacon.mbssid_ies);
6629 kfree(params->beacon.rnr_ies);
6630 kfree(params);
6631 return err;
6632 }
6633
nl80211_stop_ap(struct sk_buff * skb,struct genl_info * info)6634 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
6635 {
6636 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6637 unsigned int link_id = nl80211_link_id(info->attrs);
6638 struct net_device *dev = info->user_ptr[1];
6639
6640 return cfg80211_stop_ap(rdev, dev, link_id, false);
6641 }
6642
6643 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
6644 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
6645 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
6646 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
6647 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
6648 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
6649 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
6650 };
6651
parse_station_flags(struct genl_info * info,enum nl80211_iftype iftype,struct station_parameters * params)6652 static int parse_station_flags(struct genl_info *info,
6653 enum nl80211_iftype iftype,
6654 struct station_parameters *params)
6655 {
6656 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
6657 struct nlattr *nla;
6658 int flag;
6659
6660 /*
6661 * Try parsing the new attribute first so userspace
6662 * can specify both for older kernels.
6663 */
6664 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
6665 if (nla) {
6666 struct nl80211_sta_flag_update *sta_flags;
6667
6668 sta_flags = nla_data(nla);
6669 params->sta_flags_mask = sta_flags->mask;
6670 params->sta_flags_set = sta_flags->set;
6671 params->sta_flags_set &= params->sta_flags_mask;
6672 if ((params->sta_flags_mask |
6673 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
6674 return -EINVAL;
6675 return 0;
6676 }
6677
6678 /* if present, parse the old attribute */
6679
6680 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
6681 if (!nla)
6682 return 0;
6683
6684 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
6685 return -EINVAL;
6686
6687 /*
6688 * Only allow certain flags for interface types so that
6689 * other attributes are silently ignored. Remember that
6690 * this is backward compatibility code with old userspace
6691 * and shouldn't be hit in other cases anyway.
6692 */
6693 switch (iftype) {
6694 case NL80211_IFTYPE_AP:
6695 case NL80211_IFTYPE_AP_VLAN:
6696 case NL80211_IFTYPE_P2P_GO:
6697 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6698 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6699 BIT(NL80211_STA_FLAG_WME) |
6700 BIT(NL80211_STA_FLAG_MFP);
6701 break;
6702 case NL80211_IFTYPE_P2P_CLIENT:
6703 case NL80211_IFTYPE_STATION:
6704 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6705 BIT(NL80211_STA_FLAG_TDLS_PEER);
6706 break;
6707 case NL80211_IFTYPE_MESH_POINT:
6708 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6709 BIT(NL80211_STA_FLAG_MFP) |
6710 BIT(NL80211_STA_FLAG_AUTHORIZED);
6711 break;
6712 default:
6713 return -EINVAL;
6714 }
6715
6716 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
6717 if (flags[flag]) {
6718 params->sta_flags_set |= (1<<flag);
6719
6720 /* no longer support new API additions in old API */
6721 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
6722 return -EINVAL;
6723 }
6724 }
6725
6726 return 0;
6727 }
6728
nl80211_put_sta_rate(struct sk_buff * msg,struct rate_info * info,int attr)6729 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
6730 {
6731 struct nlattr *rate;
6732 u32 bitrate;
6733 u16 bitrate_compat;
6734 enum nl80211_rate_info rate_flg;
6735
6736 rate = nla_nest_start_noflag(msg, attr);
6737 if (!rate)
6738 return false;
6739
6740 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
6741 bitrate = cfg80211_calculate_bitrate(info);
6742 /* report 16-bit bitrate only if we can */
6743 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
6744 if (bitrate > 0 &&
6745 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
6746 return false;
6747 if (bitrate_compat > 0 &&
6748 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
6749 return false;
6750
6751 switch (info->bw) {
6752 case RATE_INFO_BW_1:
6753 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
6754 break;
6755 case RATE_INFO_BW_2:
6756 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
6757 break;
6758 case RATE_INFO_BW_4:
6759 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
6760 break;
6761 case RATE_INFO_BW_5:
6762 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
6763 break;
6764 case RATE_INFO_BW_8:
6765 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
6766 break;
6767 case RATE_INFO_BW_10:
6768 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
6769 break;
6770 case RATE_INFO_BW_16:
6771 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
6772 break;
6773 default:
6774 WARN_ON(1);
6775 fallthrough;
6776 case RATE_INFO_BW_20:
6777 rate_flg = 0;
6778 break;
6779 case RATE_INFO_BW_40:
6780 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
6781 break;
6782 case RATE_INFO_BW_80:
6783 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
6784 break;
6785 case RATE_INFO_BW_160:
6786 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
6787 break;
6788 case RATE_INFO_BW_HE_RU:
6789 rate_flg = 0;
6790 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
6791 break;
6792 case RATE_INFO_BW_320:
6793 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
6794 break;
6795 case RATE_INFO_BW_EHT_RU:
6796 rate_flg = 0;
6797 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS));
6798 break;
6799 }
6800
6801 if (rate_flg && nla_put_flag(msg, rate_flg))
6802 return false;
6803
6804 if (info->flags & RATE_INFO_FLAGS_MCS) {
6805 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
6806 return false;
6807 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6808 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6809 return false;
6810 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
6811 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
6812 return false;
6813 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
6814 return false;
6815 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6816 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6817 return false;
6818 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
6819 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
6820 return false;
6821 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
6822 return false;
6823 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
6824 return false;
6825 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
6826 return false;
6827 if (info->bw == RATE_INFO_BW_HE_RU &&
6828 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
6829 info->he_ru_alloc))
6830 return false;
6831 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
6832 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
6833 return false;
6834 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
6835 return false;
6836 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6837 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6838 return false;
6839 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
6840 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
6841 return false;
6842 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
6843 return false;
6844 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
6845 return false;
6846 if (info->bw == RATE_INFO_BW_EHT_RU &&
6847 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
6848 info->eht_ru_alloc))
6849 return false;
6850 }
6851
6852 nla_nest_end(msg, rate);
6853 return true;
6854 }
6855
nl80211_put_signal(struct sk_buff * msg,u8 mask,s8 * signal,int id)6856 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
6857 int id)
6858 {
6859 void *attr;
6860 int i = 0;
6861
6862 if (!mask)
6863 return true;
6864
6865 attr = nla_nest_start_noflag(msg, id);
6866 if (!attr)
6867 return false;
6868
6869 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
6870 if (!(mask & BIT(i)))
6871 continue;
6872
6873 if (nla_put_u8(msg, i, signal[i]))
6874 return false;
6875 }
6876
6877 nla_nest_end(msg, attr);
6878
6879 return true;
6880 }
6881
nl80211_fill_link_station(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct link_station_info * link_sinfo)6882 static int nl80211_fill_link_station(struct sk_buff *msg,
6883 struct cfg80211_registered_device *rdev,
6884 struct link_station_info *link_sinfo)
6885 {
6886 struct nlattr *bss_param, *link_sinfoattr;
6887
6888 #define PUT_LINK_SINFO(attr, memb, type) do { \
6889 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
6890 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6891 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
6892 link_sinfo->memb)) \
6893 goto nla_put_failure; \
6894 } while (0)
6895 #define PUT_LINK_SINFO_U64(attr, memb) do { \
6896 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6897 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
6898 link_sinfo->memb, NL80211_STA_INFO_PAD)) \
6899 goto nla_put_failure; \
6900 } while (0)
6901
6902 link_sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
6903 if (!link_sinfoattr)
6904 goto nla_put_failure;
6905
6906 PUT_LINK_SINFO(INACTIVE_TIME, inactive_time, u32);
6907
6908 if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
6909 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
6910 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
6911 (u32)link_sinfo->rx_bytes))
6912 goto nla_put_failure;
6913
6914 if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
6915 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
6916 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
6917 (u32)link_sinfo->tx_bytes))
6918 goto nla_put_failure;
6919
6920 PUT_LINK_SINFO_U64(RX_BYTES64, rx_bytes);
6921 PUT_LINK_SINFO_U64(TX_BYTES64, tx_bytes);
6922 PUT_LINK_SINFO_U64(RX_DURATION, rx_duration);
6923 PUT_LINK_SINFO_U64(TX_DURATION, tx_duration);
6924
6925 if (wiphy_ext_feature_isset(&rdev->wiphy,
6926 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6927 PUT_LINK_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
6928
6929 switch (rdev->wiphy.signal_type) {
6930 case CFG80211_SIGNAL_TYPE_MBM:
6931 PUT_LINK_SINFO(SIGNAL, signal, u8);
6932 PUT_LINK_SINFO(SIGNAL_AVG, signal_avg, u8);
6933 break;
6934 default:
6935 break;
6936 }
6937 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
6938 if (!nl80211_put_signal(msg, link_sinfo->chains,
6939 link_sinfo->chain_signal,
6940 NL80211_STA_INFO_CHAIN_SIGNAL))
6941 goto nla_put_failure;
6942 }
6943 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
6944 if (!nl80211_put_signal(msg, link_sinfo->chains,
6945 link_sinfo->chain_signal_avg,
6946 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
6947 goto nla_put_failure;
6948 }
6949 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
6950 if (!nl80211_put_sta_rate(msg, &link_sinfo->txrate,
6951 NL80211_STA_INFO_TX_BITRATE))
6952 goto nla_put_failure;
6953 }
6954 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
6955 if (!nl80211_put_sta_rate(msg, &link_sinfo->rxrate,
6956 NL80211_STA_INFO_RX_BITRATE))
6957 goto nla_put_failure;
6958 }
6959
6960 PUT_LINK_SINFO(RX_PACKETS, rx_packets, u32);
6961 PUT_LINK_SINFO(TX_PACKETS, tx_packets, u32);
6962 PUT_LINK_SINFO(TX_RETRIES, tx_retries, u32);
6963 PUT_LINK_SINFO(TX_FAILED, tx_failed, u32);
6964 PUT_LINK_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
6965 PUT_LINK_SINFO(BEACON_LOSS, beacon_loss_count, u32);
6966
6967 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
6968 bss_param = nla_nest_start_noflag(msg,
6969 NL80211_STA_INFO_BSS_PARAM);
6970 if (!bss_param)
6971 goto nla_put_failure;
6972
6973 if (((link_sinfo->bss_param.flags &
6974 BSS_PARAM_FLAGS_CTS_PROT) &&
6975 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
6976 ((link_sinfo->bss_param.flags &
6977 BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
6978 nla_put_flag(msg,
6979 NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
6980 ((link_sinfo->bss_param.flags &
6981 BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
6982 nla_put_flag(msg,
6983 NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
6984 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
6985 link_sinfo->bss_param.dtim_period) ||
6986 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
6987 link_sinfo->bss_param.beacon_interval))
6988 goto nla_put_failure;
6989
6990 nla_nest_end(msg, bss_param);
6991 }
6992
6993 PUT_LINK_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
6994 PUT_LINK_SINFO_U64(BEACON_RX, rx_beacon);
6995 PUT_LINK_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
6996 PUT_LINK_SINFO(RX_MPDUS, rx_mpdu_count, u32);
6997 PUT_LINK_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
6998 if (wiphy_ext_feature_isset(&rdev->wiphy,
6999 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
7000 PUT_LINK_SINFO(ACK_SIGNAL, ack_signal, u8);
7001 PUT_LINK_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
7002 }
7003
7004 #undef PUT_LINK_SINFO
7005 #undef PUT_LINK_SINFO_U64
7006
7007 if (link_sinfo->pertid) {
7008 struct nlattr *tidsattr;
7009 int tid;
7010
7011 tidsattr = nla_nest_start_noflag(msg,
7012 NL80211_STA_INFO_TID_STATS);
7013 if (!tidsattr)
7014 goto nla_put_failure;
7015
7016 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
7017 struct cfg80211_tid_stats *tidstats;
7018 struct nlattr *tidattr;
7019
7020 tidstats = &link_sinfo->pertid[tid];
7021
7022 if (!tidstats->filled)
7023 continue;
7024
7025 tidattr = nla_nest_start_noflag(msg, tid + 1);
7026 if (!tidattr)
7027 goto nla_put_failure;
7028
7029 #define PUT_TIDVAL_U64(attr, memb) do { \
7030 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
7031 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
7032 tidstats->memb, NL80211_TID_STATS_PAD)) \
7033 goto nla_put_failure; \
7034 } while (0)
7035
7036 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
7037 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
7038 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
7039 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
7040
7041 #undef PUT_TIDVAL_U64
7042 if ((tidstats->filled &
7043 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
7044 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
7045 NL80211_TID_STATS_TXQ_STATS))
7046 goto nla_put_failure;
7047
7048 nla_nest_end(msg, tidattr);
7049 }
7050
7051 nla_nest_end(msg, tidsattr);
7052 }
7053
7054 nla_nest_end(msg, link_sinfoattr);
7055 return 0;
7056
7057 nla_put_failure:
7058 return -EMSGSIZE;
7059 }
7060
nl80211_send_station(struct sk_buff * msg,u32 cmd,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,bool link_stats)7061 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
7062 u32 seq, int flags,
7063 struct cfg80211_registered_device *rdev,
7064 struct net_device *dev,
7065 const u8 *mac_addr, struct station_info *sinfo,
7066 bool link_stats)
7067 {
7068 void *hdr;
7069 struct nlattr *sinfoattr, *bss_param;
7070 struct link_station_info *link_sinfo;
7071 struct nlattr *links, *link;
7072 int link_id;
7073
7074 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
7075 if (!hdr) {
7076 cfg80211_sinfo_release_content(sinfo);
7077 return -1;
7078 }
7079
7080 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7081 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
7082 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
7083 goto nla_put_failure;
7084
7085 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
7086 if (!sinfoattr)
7087 goto nla_put_failure;
7088
7089 #define PUT_SINFO(attr, memb, type) do { \
7090 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
7091 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7092 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
7093 sinfo->memb)) \
7094 goto nla_put_failure; \
7095 } while (0)
7096 #define PUT_SINFO_U64(attr, memb) do { \
7097 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7098 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
7099 sinfo->memb, NL80211_STA_INFO_PAD)) \
7100 goto nla_put_failure; \
7101 } while (0)
7102
7103 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
7104 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
7105 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
7106
7107 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7108 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
7109 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
7110 (u32)sinfo->rx_bytes))
7111 goto nla_put_failure;
7112
7113 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7114 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
7115 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
7116 (u32)sinfo->tx_bytes))
7117 goto nla_put_failure;
7118
7119 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
7120 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
7121 PUT_SINFO_U64(RX_DURATION, rx_duration);
7122 PUT_SINFO_U64(TX_DURATION, tx_duration);
7123
7124 if (wiphy_ext_feature_isset(&rdev->wiphy,
7125 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7126 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
7127
7128 switch (rdev->wiphy.signal_type) {
7129 case CFG80211_SIGNAL_TYPE_MBM:
7130 PUT_SINFO(SIGNAL, signal, u8);
7131 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
7132 break;
7133 default:
7134 break;
7135 }
7136 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
7137 if (!nl80211_put_signal(msg, sinfo->chains,
7138 sinfo->chain_signal,
7139 NL80211_STA_INFO_CHAIN_SIGNAL))
7140 goto nla_put_failure;
7141 }
7142 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
7143 if (!nl80211_put_signal(msg, sinfo->chains,
7144 sinfo->chain_signal_avg,
7145 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
7146 goto nla_put_failure;
7147 }
7148 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
7149 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
7150 NL80211_STA_INFO_TX_BITRATE))
7151 goto nla_put_failure;
7152 }
7153 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
7154 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
7155 NL80211_STA_INFO_RX_BITRATE))
7156 goto nla_put_failure;
7157 }
7158
7159 PUT_SINFO(RX_PACKETS, rx_packets, u32);
7160 PUT_SINFO(TX_PACKETS, tx_packets, u32);
7161 PUT_SINFO(TX_RETRIES, tx_retries, u32);
7162 PUT_SINFO(TX_FAILED, tx_failed, u32);
7163 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
7164 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
7165
7166 PUT_SINFO(LLID, llid, u16);
7167 PUT_SINFO(PLID, plid, u16);
7168 PUT_SINFO(PLINK_STATE, plink_state, u8);
7169 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
7170 PUT_SINFO(LOCAL_PM, local_pm, u32);
7171 PUT_SINFO(PEER_PM, peer_pm, u32);
7172 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
7173 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
7174 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
7175 PUT_SINFO_U64(T_OFFSET, t_offset);
7176
7177 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
7178 bss_param = nla_nest_start_noflag(msg,
7179 NL80211_STA_INFO_BSS_PARAM);
7180 if (!bss_param)
7181 goto nla_put_failure;
7182
7183 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
7184 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
7185 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
7186 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
7187 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
7188 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
7189 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
7190 sinfo->bss_param.dtim_period) ||
7191 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
7192 sinfo->bss_param.beacon_interval))
7193 goto nla_put_failure;
7194
7195 nla_nest_end(msg, bss_param);
7196 }
7197 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
7198 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
7199 sizeof(struct nl80211_sta_flag_update),
7200 &sinfo->sta_flags))
7201 goto nla_put_failure;
7202
7203 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
7204 PUT_SINFO_U64(BEACON_RX, rx_beacon);
7205 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
7206 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
7207 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
7208 if (wiphy_ext_feature_isset(&rdev->wiphy,
7209 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
7210 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
7211 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
7212 }
7213
7214 #undef PUT_SINFO
7215 #undef PUT_SINFO_U64
7216
7217 if (sinfo->pertid) {
7218 struct nlattr *tidsattr;
7219 int tid;
7220
7221 tidsattr = nla_nest_start_noflag(msg,
7222 NL80211_STA_INFO_TID_STATS);
7223 if (!tidsattr)
7224 goto nla_put_failure;
7225
7226 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
7227 struct cfg80211_tid_stats *tidstats;
7228 struct nlattr *tidattr;
7229
7230 tidstats = &sinfo->pertid[tid];
7231
7232 if (!tidstats->filled)
7233 continue;
7234
7235 tidattr = nla_nest_start_noflag(msg, tid + 1);
7236 if (!tidattr)
7237 goto nla_put_failure;
7238
7239 #define PUT_TIDVAL_U64(attr, memb) do { \
7240 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
7241 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
7242 tidstats->memb, NL80211_TID_STATS_PAD)) \
7243 goto nla_put_failure; \
7244 } while (0)
7245
7246 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
7247 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
7248 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
7249 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
7250
7251 #undef PUT_TIDVAL_U64
7252 if ((tidstats->filled &
7253 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
7254 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
7255 NL80211_TID_STATS_TXQ_STATS))
7256 goto nla_put_failure;
7257
7258 nla_nest_end(msg, tidattr);
7259 }
7260
7261 nla_nest_end(msg, tidsattr);
7262 }
7263
7264 nla_nest_end(msg, sinfoattr);
7265
7266 if (sinfo->assoc_req_ies_len &&
7267 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
7268 sinfo->assoc_req_ies))
7269 goto nla_put_failure;
7270
7271 if (sinfo->assoc_resp_ies_len &&
7272 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
7273 sinfo->assoc_resp_ies))
7274 goto nla_put_failure;
7275
7276 if (sinfo->mlo_params_valid) {
7277 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
7278 sinfo->assoc_link_id))
7279 goto nla_put_failure;
7280
7281 if (!is_zero_ether_addr(sinfo->mld_addr) &&
7282 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
7283 sinfo->mld_addr))
7284 goto nla_put_failure;
7285 }
7286
7287 if (link_stats && sinfo->valid_links) {
7288 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
7289 if (!links)
7290 goto nla_put_failure;
7291
7292 for_each_valid_link(sinfo, link_id) {
7293 link_sinfo = sinfo->links[link_id];
7294
7295 if (WARN_ON_ONCE(!link_sinfo))
7296 continue;
7297
7298 if (!is_valid_ether_addr(link_sinfo->addr))
7299 continue;
7300
7301 link = nla_nest_start(msg, link_id + 1);
7302 if (!link)
7303 goto nla_put_failure;
7304
7305 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
7306 link_id))
7307 goto nla_put_failure;
7308
7309 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
7310 link_sinfo->addr))
7311 goto nla_put_failure;
7312
7313 if (nl80211_fill_link_station(msg, rdev, link_sinfo))
7314 goto nla_put_failure;
7315
7316 nla_nest_end(msg, link);
7317 }
7318 nla_nest_end(msg, links);
7319 }
7320
7321 cfg80211_sinfo_release_content(sinfo);
7322 genlmsg_end(msg, hdr);
7323 return 0;
7324
7325 nla_put_failure:
7326 cfg80211_sinfo_release_content(sinfo);
7327 genlmsg_cancel(msg, hdr);
7328 return -EMSGSIZE;
7329 }
7330
cfg80211_sta_set_mld_sinfo(struct station_info * sinfo)7331 static void cfg80211_sta_set_mld_sinfo(struct station_info *sinfo)
7332 {
7333 struct link_station_info *link_sinfo;
7334 int link_id, init = 0;
7335 u32 link_inactive_time;
7336
7337 sinfo->signal = -99;
7338
7339 for_each_valid_link(sinfo, link_id) {
7340 link_sinfo = sinfo->links[link_id];
7341 if (!link_sinfo)
7342 continue;
7343
7344 if ((link_sinfo->filled &
7345 BIT_ULL(NL80211_STA_INFO_TX_PACKETS))) {
7346 sinfo->tx_packets += link_sinfo->tx_packets;
7347 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
7348 }
7349
7350 if ((link_sinfo->filled &
7351 BIT_ULL(NL80211_STA_INFO_RX_PACKETS))) {
7352 sinfo->rx_packets += link_sinfo->rx_packets;
7353 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
7354 }
7355
7356 if (link_sinfo->filled &
7357 (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7358 BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
7359 sinfo->tx_bytes += link_sinfo->tx_bytes;
7360 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
7361 }
7362
7363 if (link_sinfo->filled &
7364 (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7365 BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
7366 sinfo->rx_bytes += link_sinfo->rx_bytes;
7367 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
7368 }
7369
7370 if (link_sinfo->filled &
7371 BIT_ULL(NL80211_STA_INFO_TX_RETRIES)) {
7372 sinfo->tx_retries += link_sinfo->tx_retries;
7373 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
7374 }
7375
7376 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_FAILED)) {
7377 sinfo->tx_failed += link_sinfo->tx_failed;
7378 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
7379 }
7380
7381 if (link_sinfo->filled &
7382 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC)) {
7383 sinfo->rx_dropped_misc += link_sinfo->rx_dropped_misc;
7384 sinfo->filled |=
7385 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC);
7386 }
7387
7388 if (link_sinfo->filled &
7389 BIT_ULL(NL80211_STA_INFO_BEACON_LOSS)) {
7390 sinfo->beacon_loss_count +=
7391 link_sinfo->beacon_loss_count;
7392 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_LOSS);
7393 }
7394
7395 if (link_sinfo->filled &
7396 BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) {
7397 sinfo->expected_throughput +=
7398 link_sinfo->expected_throughput;
7399 sinfo->filled |=
7400 BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT);
7401 }
7402
7403 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_MPDUS)) {
7404 sinfo->rx_mpdu_count += link_sinfo->rx_mpdu_count;
7405 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_MPDUS);
7406 }
7407
7408 if (link_sinfo->filled &
7409 BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT)) {
7410 sinfo->fcs_err_count += link_sinfo->fcs_err_count;
7411 sinfo->filled |=
7412 BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT);
7413 }
7414
7415 if (link_sinfo->filled &
7416 BIT_ULL(NL80211_STA_INFO_BEACON_RX)) {
7417 sinfo->rx_beacon += link_sinfo->rx_beacon;
7418 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_RX);
7419 }
7420
7421 /* Update MLO signal, signal_avg as best among links */
7422 if ((link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_SIGNAL)) &&
7423 link_sinfo->signal > sinfo->signal) {
7424 sinfo->signal = link_sinfo->signal;
7425 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
7426 }
7427
7428 if ((link_sinfo->filled &
7429 BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG)) &&
7430 link_sinfo->signal_avg > sinfo->signal_avg) {
7431 sinfo->signal_avg = link_sinfo->signal_avg;
7432 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
7433 }
7434
7435 /* Update MLO inactive_time, bss_param based on least
7436 * value for corresponding field of link.
7437 */
7438 if ((link_sinfo->filled &
7439 BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME)) &&
7440 (!init ||
7441 link_inactive_time > link_sinfo->inactive_time)) {
7442 link_inactive_time = link_sinfo->inactive_time;
7443 sinfo->inactive_time = link_sinfo->inactive_time;
7444 sinfo->filled |= NL80211_STA_INFO_INACTIVE_TIME;
7445 }
7446
7447 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM) &&
7448 (!init ||
7449 sinfo->bss_param.dtim_period >
7450 link_sinfo->bss_param.dtim_period)) {
7451 sinfo->bss_param.dtim_period =
7452 link_sinfo->bss_param.dtim_period;
7453 sinfo->filled |= NL80211_STA_BSS_PARAM_DTIM_PERIOD;
7454 sinfo->bss_param.beacon_interval =
7455 link_sinfo->bss_param.beacon_interval;
7456 sinfo->filled |= NL80211_STA_BSS_PARAM_BEACON_INTERVAL;
7457 }
7458
7459 /* Update MLO rates as per last updated link rate */
7460 if ((link_sinfo->filled &
7461 BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) &&
7462 (!init ||
7463 link_inactive_time > link_sinfo->inactive_time)) {
7464 sinfo->txrate = link_sinfo->txrate;
7465 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
7466 }
7467 if ((link_sinfo->filled &
7468 BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) &&
7469 (!init ||
7470 link_inactive_time > link_sinfo->inactive_time)) {
7471 sinfo->rxrate = link_sinfo->rxrate;
7472 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
7473 }
7474
7475 if (link_sinfo->filled &
7476 BIT_ULL(NL80211_STA_INFO_TX_DURATION) &&
7477 (!init ||
7478 link_inactive_time > link_sinfo->inactive_time)) {
7479 sinfo->tx_duration += link_sinfo->tx_duration;
7480 sinfo->filled |=
7481 BIT_ULL(NL80211_STA_INFO_TX_DURATION);
7482 }
7483 if (link_sinfo->filled &
7484 BIT_ULL(NL80211_STA_INFO_RX_DURATION) &&
7485 (!init ||
7486 link_inactive_time > link_sinfo->inactive_time)) {
7487 sinfo->rx_duration += link_sinfo->rx_duration;
7488 sinfo->filled |=
7489 BIT_ULL(NL80211_STA_INFO_RX_DURATION);
7490 }
7491 init++;
7492
7493 /* pertid stats accumulate for rx/tx fields */
7494 if (sinfo->pertid) {
7495 sinfo->pertid->rx_msdu +=
7496 link_sinfo->pertid->rx_msdu;
7497 sinfo->pertid->tx_msdu +=
7498 link_sinfo->pertid->tx_msdu;
7499 sinfo->pertid->tx_msdu_retries +=
7500 link_sinfo->pertid->tx_msdu_retries;
7501 sinfo->pertid->tx_msdu_failed +=
7502 link_sinfo->pertid->tx_msdu_failed;
7503
7504 sinfo->pertid->filled |=
7505 BIT(NL80211_TID_STATS_RX_MSDU) |
7506 BIT(NL80211_TID_STATS_TX_MSDU) |
7507 BIT(NL80211_TID_STATS_TX_MSDU_RETRIES) |
7508 BIT(NL80211_TID_STATS_TX_MSDU_FAILED);
7509 }
7510 }
7511
7512 /* Reset sinfo->filled bits to exclude fields which don't make
7513 * much sense at the MLO level.
7514 */
7515 sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
7516 sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
7517 }
7518
nl80211_dump_station(struct sk_buff * skb,struct netlink_callback * cb)7519 static int nl80211_dump_station(struct sk_buff *skb,
7520 struct netlink_callback *cb)
7521 {
7522 struct station_info sinfo;
7523 struct cfg80211_registered_device *rdev;
7524 struct wireless_dev *wdev;
7525 u8 mac_addr[ETH_ALEN];
7526 int sta_idx = cb->args[2];
7527 bool sinfo_alloc = false;
7528 int err, i;
7529
7530 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
7531 if (err)
7532 return err;
7533 /* nl80211_prepare_wdev_dump acquired it in the successful case */
7534 __acquire(&rdev->wiphy.mtx);
7535
7536 if (!wdev->netdev) {
7537 err = -EINVAL;
7538 goto out_err;
7539 }
7540
7541 if (!rdev->ops->dump_station) {
7542 err = -EOPNOTSUPP;
7543 goto out_err;
7544 }
7545
7546 while (1) {
7547 memset(&sinfo, 0, sizeof(sinfo));
7548
7549 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
7550 sinfo.links[i] =
7551 kzalloc(sizeof(*sinfo.links[0]), GFP_KERNEL);
7552 if (!sinfo.links[i]) {
7553 err = -ENOMEM;
7554 goto out_err;
7555 }
7556 sinfo_alloc = true;
7557 }
7558
7559 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
7560 mac_addr, &sinfo);
7561 if (err == -ENOENT)
7562 break;
7563 if (err)
7564 goto out_err;
7565
7566 if (sinfo.valid_links)
7567 cfg80211_sta_set_mld_sinfo(&sinfo);
7568
7569 /* reset the sinfo_alloc flag as nl80211_send_station()
7570 * always releases sinfo
7571 */
7572 sinfo_alloc = false;
7573
7574 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
7575 NETLINK_CB(cb->skb).portid,
7576 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7577 rdev, wdev->netdev, mac_addr,
7578 &sinfo, false) < 0)
7579 goto out;
7580
7581 sta_idx++;
7582 }
7583
7584 out:
7585 cb->args[2] = sta_idx;
7586 err = skb->len;
7587 out_err:
7588 if (sinfo_alloc)
7589 cfg80211_sinfo_release_content(&sinfo);
7590 wiphy_unlock(&rdev->wiphy);
7591
7592 return err;
7593 }
7594
nl80211_get_station(struct sk_buff * skb,struct genl_info * info)7595 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
7596 {
7597 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7598 struct net_device *dev = info->user_ptr[1];
7599 struct station_info sinfo;
7600 struct sk_buff *msg;
7601 u8 *mac_addr = NULL;
7602 int err, i;
7603
7604 memset(&sinfo, 0, sizeof(sinfo));
7605
7606 if (!info->attrs[NL80211_ATTR_MAC])
7607 return -EINVAL;
7608
7609 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7610
7611 if (!rdev->ops->get_station)
7612 return -EOPNOTSUPP;
7613
7614 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
7615 sinfo.links[i] = kzalloc(sizeof(*sinfo.links[0]), GFP_KERNEL);
7616 if (!sinfo.links[i]) {
7617 cfg80211_sinfo_release_content(&sinfo);
7618 return -ENOMEM;
7619 }
7620 }
7621
7622 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
7623 if (err) {
7624 cfg80211_sinfo_release_content(&sinfo);
7625 return err;
7626 }
7627
7628 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7629 if (!msg) {
7630 cfg80211_sinfo_release_content(&sinfo);
7631 return -ENOMEM;
7632 }
7633
7634 if (sinfo.valid_links)
7635 cfg80211_sta_set_mld_sinfo(&sinfo);
7636
7637 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
7638 info->snd_portid, info->snd_seq, 0,
7639 rdev, dev, mac_addr, &sinfo, false) < 0) {
7640 nlmsg_free(msg);
7641 return -ENOBUFS;
7642 }
7643
7644 return genlmsg_reply(msg, info);
7645 }
7646
cfg80211_check_station_change(struct wiphy * wiphy,struct station_parameters * params,enum cfg80211_station_type statype)7647 int cfg80211_check_station_change(struct wiphy *wiphy,
7648 struct station_parameters *params,
7649 enum cfg80211_station_type statype)
7650 {
7651 if (params->listen_interval != -1 &&
7652 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7653 return -EINVAL;
7654
7655 if (params->support_p2p_ps != -1 &&
7656 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7657 return -EINVAL;
7658
7659 if (params->aid &&
7660 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
7661 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7662 return -EINVAL;
7663
7664 /* When you run into this, adjust the code below for the new flag */
7665 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7666
7667 switch (statype) {
7668 case CFG80211_STA_MESH_PEER_KERNEL:
7669 case CFG80211_STA_MESH_PEER_USER:
7670 /*
7671 * No ignoring the TDLS flag here -- the userspace mesh
7672 * code doesn't have the bug of including TDLS in the
7673 * mask everywhere.
7674 */
7675 if (params->sta_flags_mask &
7676 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7677 BIT(NL80211_STA_FLAG_MFP) |
7678 BIT(NL80211_STA_FLAG_AUTHORIZED)))
7679 return -EINVAL;
7680 break;
7681 case CFG80211_STA_TDLS_PEER_SETUP:
7682 case CFG80211_STA_TDLS_PEER_ACTIVE:
7683 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7684 return -EINVAL;
7685 /* ignore since it can't change */
7686 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7687 break;
7688 default:
7689 /* disallow mesh-specific things */
7690 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
7691 return -EINVAL;
7692 if (params->local_pm)
7693 return -EINVAL;
7694 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7695 return -EINVAL;
7696 }
7697
7698 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7699 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
7700 /* TDLS can't be set, ... */
7701 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
7702 return -EINVAL;
7703 /*
7704 * ... but don't bother the driver with it. This works around
7705 * a hostapd/wpa_supplicant issue -- it always includes the
7706 * TLDS_PEER flag in the mask even for AP mode.
7707 */
7708 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7709 }
7710
7711 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7712 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7713 /* reject other things that can't change */
7714 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
7715 return -EINVAL;
7716 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
7717 return -EINVAL;
7718 if (params->link_sta_params.supported_rates)
7719 return -EINVAL;
7720 if (params->ext_capab || params->link_sta_params.ht_capa ||
7721 params->link_sta_params.vht_capa ||
7722 params->link_sta_params.he_capa ||
7723 params->link_sta_params.eht_capa)
7724 return -EINVAL;
7725 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7726 return -EINVAL;
7727 }
7728
7729 if (statype != CFG80211_STA_AP_CLIENT &&
7730 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7731 if (params->vlan)
7732 return -EINVAL;
7733 }
7734
7735 /* Accept EMLSR capabilities only for AP client before association */
7736 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
7737 params->eml_cap_present)
7738 return -EINVAL;
7739
7740 switch (statype) {
7741 case CFG80211_STA_AP_MLME_CLIENT:
7742 /* Use this only for authorizing/unauthorizing a station */
7743 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
7744 return -EOPNOTSUPP;
7745 break;
7746 case CFG80211_STA_AP_CLIENT:
7747 case CFG80211_STA_AP_CLIENT_UNASSOC:
7748 /* accept only the listed bits */
7749 if (params->sta_flags_mask &
7750 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7751 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7752 BIT(NL80211_STA_FLAG_ASSOCIATED) |
7753 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
7754 BIT(NL80211_STA_FLAG_WME) |
7755 BIT(NL80211_STA_FLAG_MFP) |
7756 BIT(NL80211_STA_FLAG_SPP_AMSDU)))
7757 return -EINVAL;
7758
7759 /* but authenticated/associated only if driver handles it */
7760 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7761 params->sta_flags_mask &
7762 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7763 BIT(NL80211_STA_FLAG_ASSOCIATED)))
7764 return -EINVAL;
7765 break;
7766 case CFG80211_STA_IBSS:
7767 case CFG80211_STA_AP_STA:
7768 /* reject any changes other than AUTHORIZED */
7769 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
7770 return -EINVAL;
7771 break;
7772 case CFG80211_STA_TDLS_PEER_SETUP:
7773 /* reject any changes other than AUTHORIZED or WME */
7774 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7775 BIT(NL80211_STA_FLAG_WME)))
7776 return -EINVAL;
7777 /* force (at least) rates when authorizing */
7778 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
7779 !params->link_sta_params.supported_rates)
7780 return -EINVAL;
7781 break;
7782 case CFG80211_STA_TDLS_PEER_ACTIVE:
7783 /* reject any changes */
7784 return -EINVAL;
7785 case CFG80211_STA_MESH_PEER_KERNEL:
7786 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7787 return -EINVAL;
7788 break;
7789 case CFG80211_STA_MESH_PEER_USER:
7790 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
7791 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
7792 return -EINVAL;
7793 break;
7794 }
7795
7796 /*
7797 * Older kernel versions ignored this attribute entirely, so don't
7798 * reject attempts to update it but mark it as unused instead so the
7799 * driver won't look at the data.
7800 */
7801 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
7802 statype != CFG80211_STA_TDLS_PEER_SETUP)
7803 params->link_sta_params.opmode_notif_used = false;
7804
7805 return 0;
7806 }
7807 EXPORT_SYMBOL(cfg80211_check_station_change);
7808
7809 /*
7810 * Get vlan interface making sure it is running and on the right wiphy.
7811 */
get_vlan(struct genl_info * info,struct cfg80211_registered_device * rdev)7812 static struct net_device *get_vlan(struct genl_info *info,
7813 struct cfg80211_registered_device *rdev)
7814 {
7815 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
7816 struct net_device *v;
7817 int ret;
7818
7819 if (!vlanattr)
7820 return NULL;
7821
7822 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
7823 if (!v)
7824 return ERR_PTR(-ENODEV);
7825
7826 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
7827 ret = -EINVAL;
7828 goto error;
7829 }
7830
7831 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
7832 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7833 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7834 ret = -EINVAL;
7835 goto error;
7836 }
7837
7838 if (!netif_running(v)) {
7839 ret = -ENETDOWN;
7840 goto error;
7841 }
7842
7843 return v;
7844 error:
7845 dev_put(v);
7846 return ERR_PTR(ret);
7847 }
7848
nl80211_parse_sta_wme(struct genl_info * info,struct station_parameters * params)7849 static int nl80211_parse_sta_wme(struct genl_info *info,
7850 struct station_parameters *params)
7851 {
7852 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
7853 struct nlattr *nla;
7854 int err;
7855
7856 /* parse WME attributes if present */
7857 if (!info->attrs[NL80211_ATTR_STA_WME])
7858 return 0;
7859
7860 nla = info->attrs[NL80211_ATTR_STA_WME];
7861 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
7862 nl80211_sta_wme_policy,
7863 info->extack);
7864 if (err)
7865 return err;
7866
7867 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
7868 params->uapsd_queues = nla_get_u8(
7869 tb[NL80211_STA_WME_UAPSD_QUEUES]);
7870 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
7871 return -EINVAL;
7872
7873 if (tb[NL80211_STA_WME_MAX_SP])
7874 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
7875
7876 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
7877 return -EINVAL;
7878
7879 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
7880
7881 return 0;
7882 }
7883
nl80211_parse_sta_channel_info(struct genl_info * info,struct station_parameters * params)7884 static int nl80211_parse_sta_channel_info(struct genl_info *info,
7885 struct station_parameters *params)
7886 {
7887 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
7888 params->supported_channels =
7889 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7890 params->supported_channels_len =
7891 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7892 /*
7893 * Need to include at least one (first channel, number of
7894 * channels) tuple for each subband (checked in policy),
7895 * and must have proper tuples for the rest of the data as well.
7896 */
7897 if (params->supported_channels_len % 2)
7898 return -EINVAL;
7899 }
7900
7901 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
7902 params->supported_oper_classes =
7903 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7904 params->supported_oper_classes_len =
7905 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7906 }
7907 return 0;
7908 }
7909
nl80211_set_station_tdls(struct genl_info * info,struct station_parameters * params)7910 static int nl80211_set_station_tdls(struct genl_info *info,
7911 struct station_parameters *params)
7912 {
7913 int err;
7914 /* Dummy STA entry gets updated once the peer capabilities are known */
7915 if (info->attrs[NL80211_ATTR_PEER_AID])
7916 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7917 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7918 params->link_sta_params.ht_capa =
7919 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7920 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7921 params->link_sta_params.vht_capa =
7922 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7923 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7924 params->link_sta_params.he_capa =
7925 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7926 params->link_sta_params.he_capa_len =
7927 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7928
7929 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7930 params->link_sta_params.eht_capa =
7931 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7932 params->link_sta_params.eht_capa_len =
7933 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7934
7935 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
7936 (const u8 *)params->link_sta_params.eht_capa,
7937 params->link_sta_params.eht_capa_len,
7938 false))
7939 return -EINVAL;
7940 }
7941 }
7942
7943 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
7944 params->link_sta_params.s1g_capa =
7945 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
7946
7947 err = nl80211_parse_sta_channel_info(info, params);
7948 if (err)
7949 return err;
7950
7951 return nl80211_parse_sta_wme(info, params);
7952 }
7953
nl80211_parse_sta_txpower_setting(struct genl_info * info,struct sta_txpwr * txpwr,bool * txpwr_set)7954 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
7955 struct sta_txpwr *txpwr,
7956 bool *txpwr_set)
7957 {
7958 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7959 int idx;
7960
7961 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
7962 if (!rdev->ops->set_tx_power ||
7963 !wiphy_ext_feature_isset(&rdev->wiphy,
7964 NL80211_EXT_FEATURE_STA_TX_PWR))
7965 return -EOPNOTSUPP;
7966
7967 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
7968 txpwr->type = nla_get_u8(info->attrs[idx]);
7969
7970 if (txpwr->type == NL80211_TX_POWER_LIMITED) {
7971 idx = NL80211_ATTR_STA_TX_POWER;
7972
7973 if (info->attrs[idx])
7974 txpwr->power = nla_get_s16(info->attrs[idx]);
7975 else
7976 return -EINVAL;
7977 }
7978
7979 *txpwr_set = true;
7980 } else {
7981 *txpwr_set = false;
7982 }
7983
7984 return 0;
7985 }
7986
nl80211_set_station(struct sk_buff * skb,struct genl_info * info)7987 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
7988 {
7989 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7990 struct net_device *dev = info->user_ptr[1];
7991 struct station_parameters params;
7992 u8 *mac_addr;
7993 int err;
7994
7995 memset(¶ms, 0, sizeof(params));
7996
7997 if (!rdev->ops->change_station)
7998 return -EOPNOTSUPP;
7999
8000 /*
8001 * AID and listen_interval properties can be set only for unassociated
8002 * station. Include these parameters here and will check them in
8003 * cfg80211_check_station_change().
8004 */
8005 if (info->attrs[NL80211_ATTR_STA_AID])
8006 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
8007
8008 if (info->attrs[NL80211_ATTR_VLAN_ID])
8009 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
8010
8011 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
8012 params.listen_interval =
8013 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
8014 else
8015 params.listen_interval = -1;
8016
8017 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
8018 params.support_p2p_ps =
8019 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
8020 else
8021 params.support_p2p_ps = -1;
8022
8023 if (!info->attrs[NL80211_ATTR_MAC])
8024 return -EINVAL;
8025
8026 params.link_sta_params.link_id =
8027 nl80211_link_id_or_invalid(info->attrs);
8028
8029 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
8030 /* If MLD_ADDR attribute is set then this is an MLD station
8031 * and the MLD_ADDR attribute holds the MLD address and the
8032 * MAC attribute holds for the LINK address.
8033 * In that case, the link_id is also expected to be valid.
8034 */
8035 if (params.link_sta_params.link_id < 0)
8036 return -EINVAL;
8037
8038 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
8039 params.link_sta_params.mld_mac = mac_addr;
8040 params.link_sta_params.link_mac =
8041 nla_data(info->attrs[NL80211_ATTR_MAC]);
8042 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
8043 return -EINVAL;
8044 } else {
8045 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8046 }
8047
8048
8049 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
8050 params.link_sta_params.supported_rates =
8051 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8052 params.link_sta_params.supported_rates_len =
8053 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8054 }
8055
8056 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
8057 params.capability =
8058 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
8059 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
8060 }
8061
8062 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
8063 params.ext_capab =
8064 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8065 params.ext_capab_len =
8066 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8067 }
8068
8069 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
8070 return -EINVAL;
8071
8072 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
8073 params.plink_action =
8074 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
8075
8076 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
8077 params.plink_state =
8078 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
8079 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
8080 params.peer_aid = nla_get_u16(
8081 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
8082 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
8083 }
8084
8085 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
8086 params.local_pm = nla_get_u32(
8087 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
8088
8089 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
8090 params.link_sta_params.opmode_notif_used = true;
8091 params.link_sta_params.opmode_notif =
8092 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
8093 }
8094
8095 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
8096 params.link_sta_params.he_6ghz_capa =
8097 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
8098
8099 if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
8100 params.eml_cap_present = true;
8101 params.eml_cap =
8102 nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
8103 }
8104
8105 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
8106 params.airtime_weight =
8107 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
8108
8109 if (params.airtime_weight &&
8110 !wiphy_ext_feature_isset(&rdev->wiphy,
8111 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
8112 return -EOPNOTSUPP;
8113
8114 err = nl80211_parse_sta_txpower_setting(info,
8115 ¶ms.link_sta_params.txpwr,
8116 ¶ms.link_sta_params.txpwr_set);
8117 if (err)
8118 return err;
8119
8120 /* Include parameters for TDLS peer (will check later) */
8121 err = nl80211_set_station_tdls(info, ¶ms);
8122 if (err)
8123 return err;
8124
8125 params.vlan = get_vlan(info, rdev);
8126 if (IS_ERR(params.vlan))
8127 return PTR_ERR(params.vlan);
8128
8129 switch (dev->ieee80211_ptr->iftype) {
8130 case NL80211_IFTYPE_AP:
8131 case NL80211_IFTYPE_AP_VLAN:
8132 case NL80211_IFTYPE_P2P_GO:
8133 case NL80211_IFTYPE_P2P_CLIENT:
8134 case NL80211_IFTYPE_STATION:
8135 case NL80211_IFTYPE_ADHOC:
8136 case NL80211_IFTYPE_MESH_POINT:
8137 break;
8138 default:
8139 err = -EOPNOTSUPP;
8140 goto out_put_vlan;
8141 }
8142
8143 /* driver will call cfg80211_check_station_change() */
8144 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
8145
8146 out_put_vlan:
8147 dev_put(params.vlan);
8148
8149 return err;
8150 }
8151
nl80211_new_station(struct sk_buff * skb,struct genl_info * info)8152 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
8153 {
8154 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8155 int err;
8156 struct net_device *dev = info->user_ptr[1];
8157 struct wireless_dev *wdev = dev->ieee80211_ptr;
8158 struct station_parameters params;
8159 u8 *mac_addr = NULL;
8160 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8161 BIT(NL80211_STA_FLAG_ASSOCIATED);
8162
8163 memset(¶ms, 0, sizeof(params));
8164
8165 if (!rdev->ops->add_station)
8166 return -EOPNOTSUPP;
8167
8168 if (!info->attrs[NL80211_ATTR_MAC])
8169 return -EINVAL;
8170
8171 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
8172 return -EINVAL;
8173
8174 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
8175 return -EINVAL;
8176
8177 if (!info->attrs[NL80211_ATTR_STA_AID] &&
8178 !info->attrs[NL80211_ATTR_PEER_AID])
8179 return -EINVAL;
8180
8181 params.link_sta_params.link_id =
8182 nl80211_link_id_or_invalid(info->attrs);
8183
8184 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
8185 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
8186 params.link_sta_params.mld_mac = mac_addr;
8187 params.link_sta_params.link_mac =
8188 nla_data(info->attrs[NL80211_ATTR_MAC]);
8189 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
8190 return -EINVAL;
8191 } else {
8192 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8193 }
8194
8195 params.link_sta_params.supported_rates =
8196 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8197 params.link_sta_params.supported_rates_len =
8198 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8199 params.listen_interval =
8200 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
8201
8202 if (info->attrs[NL80211_ATTR_VLAN_ID])
8203 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
8204
8205 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
8206 params.support_p2p_ps =
8207 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
8208 } else {
8209 /*
8210 * if not specified, assume it's supported for P2P GO interface,
8211 * and is NOT supported for AP interface
8212 */
8213 params.support_p2p_ps =
8214 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
8215 }
8216
8217 if (info->attrs[NL80211_ATTR_PEER_AID])
8218 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
8219 else
8220 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
8221
8222 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
8223 params.capability =
8224 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
8225 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
8226 }
8227
8228 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
8229 params.ext_capab =
8230 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8231 params.ext_capab_len =
8232 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8233 }
8234
8235 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
8236 params.link_sta_params.ht_capa =
8237 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
8238
8239 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
8240 params.link_sta_params.vht_capa =
8241 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
8242
8243 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
8244 params.link_sta_params.he_capa =
8245 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8246 params.link_sta_params.he_capa_len =
8247 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8248
8249 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
8250 params.link_sta_params.eht_capa =
8251 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8252 params.link_sta_params.eht_capa_len =
8253 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8254
8255 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
8256 (const u8 *)params.link_sta_params.eht_capa,
8257 params.link_sta_params.eht_capa_len,
8258 false))
8259 return -EINVAL;
8260 }
8261 }
8262
8263 if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
8264 params.eml_cap_present = true;
8265 params.eml_cap =
8266 nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
8267 }
8268
8269 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
8270 params.link_sta_params.he_6ghz_capa =
8271 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
8272
8273 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
8274 params.link_sta_params.s1g_capa =
8275 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
8276
8277 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
8278 params.link_sta_params.opmode_notif_used = true;
8279 params.link_sta_params.opmode_notif =
8280 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
8281 }
8282
8283 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
8284 params.plink_action =
8285 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
8286
8287 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
8288 params.airtime_weight =
8289 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
8290
8291 if (params.airtime_weight &&
8292 !wiphy_ext_feature_isset(&rdev->wiphy,
8293 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
8294 return -EOPNOTSUPP;
8295
8296 err = nl80211_parse_sta_txpower_setting(info,
8297 ¶ms.link_sta_params.txpwr,
8298 ¶ms.link_sta_params.txpwr_set);
8299 if (err)
8300 return err;
8301
8302 err = nl80211_parse_sta_channel_info(info, ¶ms);
8303 if (err)
8304 return err;
8305
8306 err = nl80211_parse_sta_wme(info, ¶ms);
8307 if (err)
8308 return err;
8309
8310 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
8311 return -EINVAL;
8312
8313 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
8314 * as userspace might just pass through the capabilities from the IEs
8315 * directly, rather than enforcing this restriction and returning an
8316 * error in this case.
8317 */
8318 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
8319 params.link_sta_params.ht_capa = NULL;
8320 params.link_sta_params.vht_capa = NULL;
8321
8322 /* HE and EHT require WME */
8323 if (params.link_sta_params.he_capa_len ||
8324 params.link_sta_params.he_6ghz_capa ||
8325 params.link_sta_params.eht_capa_len)
8326 return -EINVAL;
8327 }
8328
8329 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
8330 if (params.link_sta_params.he_6ghz_capa &&
8331 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
8332 return -EINVAL;
8333
8334 /* When you run into this, adjust the code below for the new flag */
8335 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
8336
8337 switch (dev->ieee80211_ptr->iftype) {
8338 case NL80211_IFTYPE_AP:
8339 case NL80211_IFTYPE_AP_VLAN:
8340 case NL80211_IFTYPE_P2P_GO:
8341 /* ignore WME attributes if iface/sta is not capable */
8342 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
8343 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
8344 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
8345
8346 /* TDLS peers cannot be added */
8347 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
8348 info->attrs[NL80211_ATTR_PEER_AID])
8349 return -EINVAL;
8350 /* but don't bother the driver with it */
8351 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8352
8353 /* allow authenticated/associated only if driver handles it */
8354 if (!(rdev->wiphy.features &
8355 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
8356 params.sta_flags_mask & auth_assoc)
8357 return -EINVAL;
8358
8359 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8360 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
8361 params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
8362 return -EINVAL;
8363
8364 /* Older userspace, or userspace wanting to be compatible with
8365 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
8366 * and assoc flags in the mask, but assumes the station will be
8367 * added as associated anyway since this was the required driver
8368 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
8369 * introduced.
8370 * In order to not bother drivers with this quirk in the API
8371 * set the flags in both the mask and set for new stations in
8372 * this case.
8373 */
8374 if (!(params.sta_flags_mask & auth_assoc)) {
8375 params.sta_flags_mask |= auth_assoc;
8376 params.sta_flags_set |= auth_assoc;
8377 }
8378
8379 /* must be last in here for error handling */
8380 params.vlan = get_vlan(info, rdev);
8381 if (IS_ERR(params.vlan))
8382 return PTR_ERR(params.vlan);
8383 break;
8384 case NL80211_IFTYPE_MESH_POINT:
8385 /* ignore uAPSD data */
8386 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
8387
8388 /* associated is disallowed */
8389 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
8390 return -EINVAL;
8391 /* TDLS peers cannot be added */
8392 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
8393 info->attrs[NL80211_ATTR_PEER_AID])
8394 return -EINVAL;
8395 break;
8396 case NL80211_IFTYPE_STATION:
8397 case NL80211_IFTYPE_P2P_CLIENT:
8398 /* ignore uAPSD data */
8399 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
8400
8401 /* these are disallowed */
8402 if (params.sta_flags_mask &
8403 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
8404 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
8405 return -EINVAL;
8406 /* Only TDLS peers can be added */
8407 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
8408 return -EINVAL;
8409 /* Can only add if TDLS ... */
8410 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
8411 return -EOPNOTSUPP;
8412 /* ... with external setup is supported */
8413 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
8414 return -EOPNOTSUPP;
8415 /*
8416 * Older wpa_supplicant versions always mark the TDLS peer
8417 * as authorized, but it shouldn't yet be.
8418 */
8419 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
8420 break;
8421 default:
8422 return -EOPNOTSUPP;
8423 }
8424
8425 /* be aware of params.vlan when changing code here */
8426
8427 if (wdev->valid_links) {
8428 if (params.link_sta_params.link_id < 0) {
8429 err = -EINVAL;
8430 goto out;
8431 }
8432 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
8433 err = -ENOLINK;
8434 goto out;
8435 }
8436 } else {
8437 if (params.link_sta_params.link_id >= 0) {
8438 err = -EINVAL;
8439 goto out;
8440 }
8441 }
8442 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
8443 out:
8444 dev_put(params.vlan);
8445 return err;
8446 }
8447
nl80211_del_station(struct sk_buff * skb,struct genl_info * info)8448 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
8449 {
8450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8451 struct net_device *dev = info->user_ptr[1];
8452 struct wireless_dev *wdev = dev->ieee80211_ptr;
8453 struct station_del_parameters params;
8454 int link_id = nl80211_link_id_or_invalid(info->attrs);
8455
8456 memset(¶ms, 0, sizeof(params));
8457
8458 if (info->attrs[NL80211_ATTR_MAC])
8459 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
8460
8461 switch (wdev->iftype) {
8462 case NL80211_IFTYPE_AP:
8463 case NL80211_IFTYPE_AP_VLAN:
8464 case NL80211_IFTYPE_MESH_POINT:
8465 case NL80211_IFTYPE_P2P_GO:
8466 /* always accept these */
8467 break;
8468 case NL80211_IFTYPE_ADHOC:
8469 /* conditionally accept */
8470 if (wiphy_ext_feature_isset(&rdev->wiphy,
8471 NL80211_EXT_FEATURE_DEL_IBSS_STA))
8472 break;
8473 return -EINVAL;
8474 default:
8475 return -EINVAL;
8476 }
8477
8478 if (!rdev->ops->del_station)
8479 return -EOPNOTSUPP;
8480
8481 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
8482 params.subtype =
8483 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
8484 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
8485 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
8486 return -EINVAL;
8487 } else {
8488 /* Default to Deauthentication frame */
8489 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
8490 }
8491
8492 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
8493 params.reason_code =
8494 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8495 if (params.reason_code == 0)
8496 return -EINVAL; /* 0 is reserved */
8497 } else {
8498 /* Default to reason code 2 */
8499 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
8500 }
8501
8502 /* Link ID not expected in case of non-ML operation */
8503 if (!wdev->valid_links && link_id != -1)
8504 return -EINVAL;
8505
8506 /* If given, a valid link ID should be passed during MLO */
8507 if (wdev->valid_links && link_id >= 0 &&
8508 !(wdev->valid_links & BIT(link_id)))
8509 return -EINVAL;
8510
8511 params.link_id = link_id;
8512
8513 return rdev_del_station(rdev, dev, ¶ms);
8514 }
8515
nl80211_send_mpath(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,u8 * dst,u8 * next_hop,struct mpath_info * pinfo)8516 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
8517 int flags, struct net_device *dev,
8518 u8 *dst, u8 *next_hop,
8519 struct mpath_info *pinfo)
8520 {
8521 void *hdr;
8522 struct nlattr *pinfoattr;
8523
8524 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
8525 if (!hdr)
8526 return -1;
8527
8528 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8529 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
8530 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
8531 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
8532 goto nla_put_failure;
8533
8534 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
8535 if (!pinfoattr)
8536 goto nla_put_failure;
8537 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
8538 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
8539 pinfo->frame_qlen))
8540 goto nla_put_failure;
8541 if (((pinfo->filled & MPATH_INFO_SN) &&
8542 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
8543 ((pinfo->filled & MPATH_INFO_METRIC) &&
8544 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
8545 pinfo->metric)) ||
8546 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
8547 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
8548 pinfo->exptime)) ||
8549 ((pinfo->filled & MPATH_INFO_FLAGS) &&
8550 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
8551 pinfo->flags)) ||
8552 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
8553 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
8554 pinfo->discovery_timeout)) ||
8555 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
8556 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
8557 pinfo->discovery_retries)) ||
8558 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
8559 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
8560 pinfo->hop_count)) ||
8561 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
8562 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
8563 pinfo->path_change_count)))
8564 goto nla_put_failure;
8565
8566 nla_nest_end(msg, pinfoattr);
8567
8568 genlmsg_end(msg, hdr);
8569 return 0;
8570
8571 nla_put_failure:
8572 genlmsg_cancel(msg, hdr);
8573 return -EMSGSIZE;
8574 }
8575
nl80211_dump_mpath(struct sk_buff * skb,struct netlink_callback * cb)8576 static int nl80211_dump_mpath(struct sk_buff *skb,
8577 struct netlink_callback *cb)
8578 {
8579 struct mpath_info pinfo;
8580 struct cfg80211_registered_device *rdev;
8581 struct wireless_dev *wdev;
8582 u8 dst[ETH_ALEN];
8583 u8 next_hop[ETH_ALEN];
8584 int path_idx = cb->args[2];
8585 int err;
8586
8587 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
8588 if (err)
8589 return err;
8590 /* nl80211_prepare_wdev_dump acquired it in the successful case */
8591 __acquire(&rdev->wiphy.mtx);
8592
8593 if (!rdev->ops->dump_mpath) {
8594 err = -EOPNOTSUPP;
8595 goto out_err;
8596 }
8597
8598 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
8599 err = -EOPNOTSUPP;
8600 goto out_err;
8601 }
8602
8603 while (1) {
8604 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
8605 next_hop, &pinfo);
8606 if (err == -ENOENT)
8607 break;
8608 if (err)
8609 goto out_err;
8610
8611 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
8612 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8613 wdev->netdev, dst, next_hop,
8614 &pinfo) < 0)
8615 goto out;
8616
8617 path_idx++;
8618 }
8619
8620 out:
8621 cb->args[2] = path_idx;
8622 err = skb->len;
8623 out_err:
8624 wiphy_unlock(&rdev->wiphy);
8625 return err;
8626 }
8627
nl80211_get_mpath(struct sk_buff * skb,struct genl_info * info)8628 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
8629 {
8630 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8631 int err;
8632 struct net_device *dev = info->user_ptr[1];
8633 struct mpath_info pinfo;
8634 struct sk_buff *msg;
8635 u8 *dst = NULL;
8636 u8 next_hop[ETH_ALEN];
8637
8638 memset(&pinfo, 0, sizeof(pinfo));
8639
8640 if (!info->attrs[NL80211_ATTR_MAC])
8641 return -EINVAL;
8642
8643 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8644
8645 if (!rdev->ops->get_mpath)
8646 return -EOPNOTSUPP;
8647
8648 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8649 return -EOPNOTSUPP;
8650
8651 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
8652 if (err)
8653 return err;
8654
8655 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8656 if (!msg)
8657 return -ENOMEM;
8658
8659 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
8660 dev, dst, next_hop, &pinfo) < 0) {
8661 nlmsg_free(msg);
8662 return -ENOBUFS;
8663 }
8664
8665 return genlmsg_reply(msg, info);
8666 }
8667
nl80211_set_mpath(struct sk_buff * skb,struct genl_info * info)8668 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
8669 {
8670 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8671 struct net_device *dev = info->user_ptr[1];
8672 u8 *dst = NULL;
8673 u8 *next_hop = NULL;
8674
8675 if (!info->attrs[NL80211_ATTR_MAC])
8676 return -EINVAL;
8677
8678 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8679 return -EINVAL;
8680
8681 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8682 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8683
8684 if (!rdev->ops->change_mpath)
8685 return -EOPNOTSUPP;
8686
8687 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8688 return -EOPNOTSUPP;
8689
8690 return rdev_change_mpath(rdev, dev, dst, next_hop);
8691 }
8692
nl80211_new_mpath(struct sk_buff * skb,struct genl_info * info)8693 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
8694 {
8695 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8696 struct net_device *dev = info->user_ptr[1];
8697 u8 *dst = NULL;
8698 u8 *next_hop = NULL;
8699
8700 if (!info->attrs[NL80211_ATTR_MAC])
8701 return -EINVAL;
8702
8703 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8704 return -EINVAL;
8705
8706 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8707 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8708
8709 if (!rdev->ops->add_mpath)
8710 return -EOPNOTSUPP;
8711
8712 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8713 return -EOPNOTSUPP;
8714
8715 return rdev_add_mpath(rdev, dev, dst, next_hop);
8716 }
8717
nl80211_del_mpath(struct sk_buff * skb,struct genl_info * info)8718 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
8719 {
8720 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8721 struct net_device *dev = info->user_ptr[1];
8722 u8 *dst = NULL;
8723
8724 if (info->attrs[NL80211_ATTR_MAC])
8725 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8726
8727 if (!rdev->ops->del_mpath)
8728 return -EOPNOTSUPP;
8729
8730 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8731 return -EOPNOTSUPP;
8732
8733 return rdev_del_mpath(rdev, dev, dst);
8734 }
8735
nl80211_get_mpp(struct sk_buff * skb,struct genl_info * info)8736 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
8737 {
8738 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8739 int err;
8740 struct net_device *dev = info->user_ptr[1];
8741 struct mpath_info pinfo;
8742 struct sk_buff *msg;
8743 u8 *dst = NULL;
8744 u8 mpp[ETH_ALEN];
8745
8746 memset(&pinfo, 0, sizeof(pinfo));
8747
8748 if (!info->attrs[NL80211_ATTR_MAC])
8749 return -EINVAL;
8750
8751 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8752
8753 if (!rdev->ops->get_mpp)
8754 return -EOPNOTSUPP;
8755
8756 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8757 return -EOPNOTSUPP;
8758
8759 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
8760 if (err)
8761 return err;
8762
8763 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8764 if (!msg)
8765 return -ENOMEM;
8766
8767 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
8768 dev, dst, mpp, &pinfo) < 0) {
8769 nlmsg_free(msg);
8770 return -ENOBUFS;
8771 }
8772
8773 return genlmsg_reply(msg, info);
8774 }
8775
nl80211_dump_mpp(struct sk_buff * skb,struct netlink_callback * cb)8776 static int nl80211_dump_mpp(struct sk_buff *skb,
8777 struct netlink_callback *cb)
8778 {
8779 struct mpath_info pinfo;
8780 struct cfg80211_registered_device *rdev;
8781 struct wireless_dev *wdev;
8782 u8 dst[ETH_ALEN];
8783 u8 mpp[ETH_ALEN];
8784 int path_idx = cb->args[2];
8785 int err;
8786
8787 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
8788 if (err)
8789 return err;
8790 /* nl80211_prepare_wdev_dump acquired it in the successful case */
8791 __acquire(&rdev->wiphy.mtx);
8792
8793 if (!rdev->ops->dump_mpp) {
8794 err = -EOPNOTSUPP;
8795 goto out_err;
8796 }
8797
8798 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
8799 err = -EOPNOTSUPP;
8800 goto out_err;
8801 }
8802
8803 while (1) {
8804 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
8805 mpp, &pinfo);
8806 if (err == -ENOENT)
8807 break;
8808 if (err)
8809 goto out_err;
8810
8811 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
8812 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8813 wdev->netdev, dst, mpp,
8814 &pinfo) < 0)
8815 goto out;
8816
8817 path_idx++;
8818 }
8819
8820 out:
8821 cb->args[2] = path_idx;
8822 err = skb->len;
8823 out_err:
8824 wiphy_unlock(&rdev->wiphy);
8825 return err;
8826 }
8827
nl80211_set_bss(struct sk_buff * skb,struct genl_info * info)8828 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
8829 {
8830 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8831 struct net_device *dev = info->user_ptr[1];
8832 struct bss_parameters params;
8833
8834 memset(¶ms, 0, sizeof(params));
8835 params.link_id = nl80211_link_id_or_invalid(info->attrs);
8836 /* default to not changing parameters */
8837 params.use_cts_prot = -1;
8838 params.use_short_preamble = -1;
8839 params.use_short_slot_time = -1;
8840 params.ap_isolate = -1;
8841 params.ht_opmode = -1;
8842 params.p2p_ctwindow = -1;
8843 params.p2p_opp_ps = -1;
8844
8845 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
8846 params.use_cts_prot =
8847 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
8848 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
8849 params.use_short_preamble =
8850 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
8851 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
8852 params.use_short_slot_time =
8853 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
8854 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8855 params.basic_rates =
8856 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8857 params.basic_rates_len =
8858 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8859 }
8860 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
8861 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
8862 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
8863 params.ht_opmode =
8864 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
8865
8866 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
8867 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8868 return -EINVAL;
8869 params.p2p_ctwindow =
8870 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
8871 if (params.p2p_ctwindow != 0 &&
8872 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
8873 return -EINVAL;
8874 }
8875
8876 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
8877 u8 tmp;
8878
8879 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8880 return -EINVAL;
8881 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
8882 params.p2p_opp_ps = tmp;
8883 if (params.p2p_opp_ps &&
8884 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
8885 return -EINVAL;
8886 }
8887
8888 if (!rdev->ops->change_bss)
8889 return -EOPNOTSUPP;
8890
8891 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8892 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8893 return -EOPNOTSUPP;
8894
8895 return rdev_change_bss(rdev, dev, ¶ms);
8896 }
8897
nl80211_req_set_reg(struct sk_buff * skb,struct genl_info * info)8898 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
8899 {
8900 char *data = NULL;
8901 bool is_indoor;
8902 enum nl80211_user_reg_hint_type user_reg_hint_type;
8903 u32 owner_nlportid;
8904
8905 /*
8906 * You should only get this when cfg80211 hasn't yet initialized
8907 * completely when built-in to the kernel right between the time
8908 * window between nl80211_init() and regulatory_init(), if that is
8909 * even possible.
8910 */
8911 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
8912 return -EINPROGRESS;
8913
8914 user_reg_hint_type =
8915 nla_get_u32_default(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE],
8916 NL80211_USER_REG_HINT_USER);
8917
8918 switch (user_reg_hint_type) {
8919 case NL80211_USER_REG_HINT_USER:
8920 case NL80211_USER_REG_HINT_CELL_BASE:
8921 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8922 return -EINVAL;
8923
8924 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8925 return regulatory_hint_user(data, user_reg_hint_type);
8926 case NL80211_USER_REG_HINT_INDOOR:
8927 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8928 owner_nlportid = info->snd_portid;
8929 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
8930 } else {
8931 owner_nlportid = 0;
8932 is_indoor = true;
8933 }
8934
8935 regulatory_hint_indoor(is_indoor, owner_nlportid);
8936 return 0;
8937 default:
8938 return -EINVAL;
8939 }
8940 }
8941
nl80211_reload_regdb(struct sk_buff * skb,struct genl_info * info)8942 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
8943 {
8944 return reg_reload_regdb();
8945 }
8946
nl80211_get_mesh_config(struct sk_buff * skb,struct genl_info * info)8947 static int nl80211_get_mesh_config(struct sk_buff *skb,
8948 struct genl_info *info)
8949 {
8950 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8951 struct net_device *dev = info->user_ptr[1];
8952 struct wireless_dev *wdev = dev->ieee80211_ptr;
8953 struct mesh_config cur_params;
8954 int err = 0;
8955 void *hdr;
8956 struct nlattr *pinfoattr;
8957 struct sk_buff *msg;
8958
8959 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8960 return -EOPNOTSUPP;
8961
8962 if (!rdev->ops->get_mesh_config)
8963 return -EOPNOTSUPP;
8964
8965 /* If not connected, get default parameters */
8966 if (!wdev->u.mesh.id_len)
8967 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
8968 else
8969 err = rdev_get_mesh_config(rdev, dev, &cur_params);
8970
8971 if (err)
8972 return err;
8973
8974 /* Draw up a netlink message to send back */
8975 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8976 if (!msg)
8977 return -ENOMEM;
8978 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8979 NL80211_CMD_GET_MESH_CONFIG);
8980 if (!hdr)
8981 goto out;
8982 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
8983 if (!pinfoattr)
8984 goto nla_put_failure;
8985 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8986 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
8987 cur_params.dot11MeshRetryTimeout) ||
8988 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
8989 cur_params.dot11MeshConfirmTimeout) ||
8990 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
8991 cur_params.dot11MeshHoldingTimeout) ||
8992 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
8993 cur_params.dot11MeshMaxPeerLinks) ||
8994 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
8995 cur_params.dot11MeshMaxRetries) ||
8996 nla_put_u8(msg, NL80211_MESHCONF_TTL,
8997 cur_params.dot11MeshTTL) ||
8998 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
8999 cur_params.element_ttl) ||
9000 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
9001 cur_params.auto_open_plinks) ||
9002 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
9003 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
9004 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
9005 cur_params.dot11MeshHWMPmaxPREQretries) ||
9006 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
9007 cur_params.path_refresh_time) ||
9008 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
9009 cur_params.min_discovery_timeout) ||
9010 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
9011 cur_params.dot11MeshHWMPactivePathTimeout) ||
9012 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
9013 cur_params.dot11MeshHWMPpreqMinInterval) ||
9014 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
9015 cur_params.dot11MeshHWMPperrMinInterval) ||
9016 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
9017 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
9018 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
9019 cur_params.dot11MeshHWMPRootMode) ||
9020 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
9021 cur_params.dot11MeshHWMPRannInterval) ||
9022 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
9023 cur_params.dot11MeshGateAnnouncementProtocol) ||
9024 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
9025 cur_params.dot11MeshForwarding) ||
9026 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
9027 cur_params.rssi_threshold) ||
9028 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
9029 cur_params.ht_opmode) ||
9030 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
9031 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
9032 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
9033 cur_params.dot11MeshHWMProotInterval) ||
9034 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
9035 cur_params.dot11MeshHWMPconfirmationInterval) ||
9036 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
9037 cur_params.power_mode) ||
9038 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
9039 cur_params.dot11MeshAwakeWindowDuration) ||
9040 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
9041 cur_params.plink_timeout) ||
9042 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
9043 cur_params.dot11MeshConnectedToMeshGate) ||
9044 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
9045 cur_params.dot11MeshNolearn) ||
9046 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
9047 cur_params.dot11MeshConnectedToAuthServer))
9048 goto nla_put_failure;
9049 nla_nest_end(msg, pinfoattr);
9050 genlmsg_end(msg, hdr);
9051 return genlmsg_reply(msg, info);
9052
9053 nla_put_failure:
9054 out:
9055 nlmsg_free(msg);
9056 return -ENOBUFS;
9057 }
9058
9059 static const struct nla_policy
9060 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
9061 [NL80211_MESHCONF_RETRY_TIMEOUT] =
9062 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9063 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
9064 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9065 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
9066 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9067 [NL80211_MESHCONF_MAX_PEER_LINKS] =
9068 NLA_POLICY_RANGE(NLA_U16, 0, 255),
9069 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
9070 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
9071 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
9072 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
9073 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
9074 NLA_POLICY_RANGE(NLA_U32, 1, 255),
9075 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
9076 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
9077 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
9078 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
9079 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
9080 NLA_POLICY_MIN(NLA_U16, 1),
9081 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
9082 NLA_POLICY_MIN(NLA_U16, 1),
9083 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
9084 NLA_POLICY_MIN(NLA_U16, 1),
9085 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
9086 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
9087 NLA_POLICY_MIN(NLA_U16, 1),
9088 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
9089 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
9090 [NL80211_MESHCONF_RSSI_THRESHOLD] =
9091 NLA_POLICY_RANGE(NLA_S32, -255, 0),
9092 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
9093 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
9094 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
9095 NLA_POLICY_MIN(NLA_U16, 1),
9096 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
9097 NLA_POLICY_MIN(NLA_U16, 1),
9098 [NL80211_MESHCONF_POWER_MODE] =
9099 NLA_POLICY_RANGE(NLA_U32,
9100 NL80211_MESH_POWER_ACTIVE,
9101 NL80211_MESH_POWER_MAX),
9102 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
9103 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
9104 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9105 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9106 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9107 };
9108
9109 static const struct nla_policy
9110 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
9111 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
9112 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
9113 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
9114 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
9115 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
9116 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
9117 [NL80211_MESH_SETUP_IE] =
9118 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
9119 IEEE80211_MAX_DATA_LEN),
9120 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
9121 };
9122
nl80211_parse_mesh_config(struct genl_info * info,struct mesh_config * cfg,u32 * mask_out)9123 static int nl80211_parse_mesh_config(struct genl_info *info,
9124 struct mesh_config *cfg,
9125 u32 *mask_out)
9126 {
9127 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
9128 u32 mask = 0;
9129 u16 ht_opmode;
9130
9131 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
9132 do { \
9133 if (tb[attr]) { \
9134 cfg->param = fn(tb[attr]); \
9135 mask |= BIT((attr) - 1); \
9136 } \
9137 } while (0)
9138
9139 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
9140 return -EINVAL;
9141 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
9142 return -EINVAL;
9143
9144 /* This makes sure that there aren't more than 32 mesh config
9145 * parameters (otherwise our bitfield scheme would not work.) */
9146 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
9147
9148 /* Fill in the params struct */
9149 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
9150 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
9151 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
9152 NL80211_MESHCONF_CONFIRM_TIMEOUT,
9153 nla_get_u16);
9154 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
9155 NL80211_MESHCONF_HOLDING_TIMEOUT,
9156 nla_get_u16);
9157 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
9158 NL80211_MESHCONF_MAX_PEER_LINKS,
9159 nla_get_u16);
9160 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
9161 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
9162 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
9163 NL80211_MESHCONF_TTL, nla_get_u8);
9164 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
9165 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
9166 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
9167 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
9168 nla_get_u8);
9169 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
9170 mask,
9171 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
9172 nla_get_u32);
9173 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
9174 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
9175 nla_get_u8);
9176 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
9177 NL80211_MESHCONF_PATH_REFRESH_TIME,
9178 nla_get_u32);
9179 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
9180 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
9181 return -EINVAL;
9182 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
9183 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
9184 nla_get_u16);
9185 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
9186 mask,
9187 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
9188 nla_get_u32);
9189 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
9190 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
9191 cfg->dot11MeshHWMPactivePathTimeout > 65535))
9192 return -EINVAL;
9193 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
9194 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
9195 nla_get_u16);
9196 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
9197 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
9198 nla_get_u16);
9199 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
9200 dot11MeshHWMPnetDiameterTraversalTime, mask,
9201 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
9202 nla_get_u16);
9203 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
9204 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
9205 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
9206 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
9207 nla_get_u16);
9208 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
9209 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
9210 nla_get_u8);
9211 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
9212 NL80211_MESHCONF_FORWARDING, nla_get_u8);
9213 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
9214 NL80211_MESHCONF_RSSI_THRESHOLD,
9215 nla_get_s32);
9216 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
9217 NL80211_MESHCONF_CONNECTED_TO_GATE,
9218 nla_get_u8);
9219 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
9220 NL80211_MESHCONF_CONNECTED_TO_AS,
9221 nla_get_u8);
9222 /*
9223 * Check HT operation mode based on
9224 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
9225 */
9226 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
9227 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
9228
9229 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
9230 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
9231 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
9232 return -EINVAL;
9233
9234 /* NON_HT_STA bit is reserved, but some programs set it */
9235 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
9236
9237 cfg->ht_opmode = ht_opmode;
9238 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
9239 }
9240 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
9241 dot11MeshHWMPactivePathToRootTimeout, mask,
9242 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
9243 nla_get_u32);
9244 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
9245 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
9246 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
9247 return -EINVAL;
9248 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
9249 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
9250 nla_get_u16);
9251 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
9252 mask,
9253 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
9254 nla_get_u16);
9255 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
9256 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
9257 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
9258 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
9259 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
9260 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
9261 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
9262 NL80211_MESHCONF_NOLEARN, nla_get_u8);
9263 if (mask_out)
9264 *mask_out = mask;
9265
9266 return 0;
9267
9268 #undef FILL_IN_MESH_PARAM_IF_SET
9269 }
9270
nl80211_parse_mesh_setup(struct genl_info * info,struct mesh_setup * setup)9271 static int nl80211_parse_mesh_setup(struct genl_info *info,
9272 struct mesh_setup *setup)
9273 {
9274 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9275 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
9276
9277 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
9278 return -EINVAL;
9279 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
9280 return -EINVAL;
9281
9282 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
9283 setup->sync_method =
9284 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
9285 IEEE80211_SYNC_METHOD_VENDOR :
9286 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
9287
9288 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
9289 setup->path_sel_proto =
9290 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
9291 IEEE80211_PATH_PROTOCOL_VENDOR :
9292 IEEE80211_PATH_PROTOCOL_HWMP;
9293
9294 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
9295 setup->path_metric =
9296 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
9297 IEEE80211_PATH_METRIC_VENDOR :
9298 IEEE80211_PATH_METRIC_AIRTIME;
9299
9300 if (tb[NL80211_MESH_SETUP_IE]) {
9301 struct nlattr *ieattr =
9302 tb[NL80211_MESH_SETUP_IE];
9303 setup->ie = nla_data(ieattr);
9304 setup->ie_len = nla_len(ieattr);
9305 }
9306 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
9307 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
9308 return -EINVAL;
9309 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
9310 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
9311 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
9312 if (setup->is_secure)
9313 setup->user_mpm = true;
9314
9315 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
9316 if (!setup->user_mpm)
9317 return -EINVAL;
9318 setup->auth_id =
9319 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
9320 }
9321
9322 return 0;
9323 }
9324
nl80211_update_mesh_config(struct sk_buff * skb,struct genl_info * info)9325 static int nl80211_update_mesh_config(struct sk_buff *skb,
9326 struct genl_info *info)
9327 {
9328 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9329 struct net_device *dev = info->user_ptr[1];
9330 struct wireless_dev *wdev = dev->ieee80211_ptr;
9331 struct mesh_config cfg = {};
9332 u32 mask;
9333 int err;
9334
9335 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
9336 return -EOPNOTSUPP;
9337
9338 if (!rdev->ops->update_mesh_config)
9339 return -EOPNOTSUPP;
9340
9341 err = nl80211_parse_mesh_config(info, &cfg, &mask);
9342 if (err)
9343 return err;
9344
9345 if (!wdev->u.mesh.id_len)
9346 err = -ENOLINK;
9347
9348 if (!err)
9349 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
9350
9351 return err;
9352 }
9353
nl80211_put_regdom(const struct ieee80211_regdomain * regdom,struct sk_buff * msg)9354 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
9355 struct sk_buff *msg)
9356 {
9357 struct nlattr *nl_reg_rules;
9358 unsigned int i;
9359
9360 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
9361 (regdom->dfs_region &&
9362 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
9363 goto nla_put_failure;
9364
9365 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
9366 if (!nl_reg_rules)
9367 goto nla_put_failure;
9368
9369 for (i = 0; i < regdom->n_reg_rules; i++) {
9370 struct nlattr *nl_reg_rule;
9371 const struct ieee80211_reg_rule *reg_rule;
9372 const struct ieee80211_freq_range *freq_range;
9373 const struct ieee80211_power_rule *power_rule;
9374 unsigned int max_bandwidth_khz;
9375
9376 reg_rule = ®dom->reg_rules[i];
9377 freq_range = ®_rule->freq_range;
9378 power_rule = ®_rule->power_rule;
9379
9380 nl_reg_rule = nla_nest_start_noflag(msg, i);
9381 if (!nl_reg_rule)
9382 goto nla_put_failure;
9383
9384 max_bandwidth_khz = freq_range->max_bandwidth_khz;
9385 if (!max_bandwidth_khz)
9386 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
9387 reg_rule);
9388
9389 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
9390 reg_rule->flags) ||
9391 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
9392 freq_range->start_freq_khz) ||
9393 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
9394 freq_range->end_freq_khz) ||
9395 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
9396 max_bandwidth_khz) ||
9397 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
9398 power_rule->max_antenna_gain) ||
9399 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
9400 power_rule->max_eirp) ||
9401 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
9402 reg_rule->dfs_cac_ms))
9403 goto nla_put_failure;
9404
9405 if ((reg_rule->flags & NL80211_RRF_PSD) &&
9406 nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
9407 reg_rule->psd))
9408 goto nla_put_failure;
9409
9410 nla_nest_end(msg, nl_reg_rule);
9411 }
9412
9413 nla_nest_end(msg, nl_reg_rules);
9414 return 0;
9415
9416 nla_put_failure:
9417 return -EMSGSIZE;
9418 }
9419
nl80211_get_reg_do(struct sk_buff * skb,struct genl_info * info)9420 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
9421 {
9422 const struct ieee80211_regdomain *regdom = NULL;
9423 struct cfg80211_registered_device *rdev;
9424 struct wiphy *wiphy = NULL;
9425 struct sk_buff *msg;
9426 int err = -EMSGSIZE;
9427 void *hdr;
9428
9429 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9430 if (!msg)
9431 return -ENOBUFS;
9432
9433 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9434 NL80211_CMD_GET_REG);
9435 if (!hdr)
9436 goto put_failure;
9437
9438 rtnl_lock();
9439
9440 if (info->attrs[NL80211_ATTR_WIPHY]) {
9441 bool self_managed;
9442
9443 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9444 if (IS_ERR(rdev)) {
9445 err = PTR_ERR(rdev);
9446 goto nla_put_failure;
9447 }
9448
9449 wiphy = &rdev->wiphy;
9450 self_managed = wiphy->regulatory_flags &
9451 REGULATORY_WIPHY_SELF_MANAGED;
9452
9453 rcu_read_lock();
9454
9455 regdom = get_wiphy_regdom(wiphy);
9456
9457 /* a self-managed-reg device must have a private regdom */
9458 if (WARN_ON(!regdom && self_managed)) {
9459 err = -EINVAL;
9460 goto nla_put_failure_rcu;
9461 }
9462
9463 if (regdom &&
9464 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
9465 goto nla_put_failure_rcu;
9466 } else {
9467 rcu_read_lock();
9468 }
9469
9470 if (!wiphy && reg_last_request_cell_base() &&
9471 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
9472 NL80211_USER_REG_HINT_CELL_BASE))
9473 goto nla_put_failure_rcu;
9474
9475 if (!regdom)
9476 regdom = rcu_dereference(cfg80211_regdomain);
9477
9478 if (nl80211_put_regdom(regdom, msg))
9479 goto nla_put_failure_rcu;
9480
9481 rcu_read_unlock();
9482
9483 genlmsg_end(msg, hdr);
9484 rtnl_unlock();
9485 return genlmsg_reply(msg, info);
9486
9487 nla_put_failure_rcu:
9488 rcu_read_unlock();
9489 nla_put_failure:
9490 rtnl_unlock();
9491 put_failure:
9492 nlmsg_free(msg);
9493 return err;
9494 }
9495
nl80211_send_regdom(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct wiphy * wiphy,const struct ieee80211_regdomain * regdom)9496 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
9497 u32 seq, int flags, struct wiphy *wiphy,
9498 const struct ieee80211_regdomain *regdom)
9499 {
9500 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
9501 NL80211_CMD_GET_REG);
9502
9503 if (!hdr)
9504 return -1;
9505
9506 genl_dump_check_consistent(cb, hdr);
9507
9508 if (nl80211_put_regdom(regdom, msg))
9509 goto nla_put_failure;
9510
9511 if (!wiphy && reg_last_request_cell_base() &&
9512 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
9513 NL80211_USER_REG_HINT_CELL_BASE))
9514 goto nla_put_failure;
9515
9516 if (wiphy &&
9517 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
9518 goto nla_put_failure;
9519
9520 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
9521 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
9522 goto nla_put_failure;
9523
9524 genlmsg_end(msg, hdr);
9525 return 0;
9526
9527 nla_put_failure:
9528 genlmsg_cancel(msg, hdr);
9529 return -EMSGSIZE;
9530 }
9531
nl80211_get_reg_dump(struct sk_buff * skb,struct netlink_callback * cb)9532 static int nl80211_get_reg_dump(struct sk_buff *skb,
9533 struct netlink_callback *cb)
9534 {
9535 const struct ieee80211_regdomain *regdom = NULL;
9536 struct cfg80211_registered_device *rdev;
9537 int err, reg_idx, start = cb->args[2];
9538
9539 rcu_read_lock();
9540
9541 if (cfg80211_regdomain && start == 0) {
9542 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
9543 NLM_F_MULTI, NULL,
9544 rcu_dereference(cfg80211_regdomain));
9545 if (err < 0)
9546 goto out_err;
9547 }
9548
9549 /* the global regdom is idx 0 */
9550 reg_idx = 1;
9551 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
9552 regdom = get_wiphy_regdom(&rdev->wiphy);
9553 if (!regdom)
9554 continue;
9555
9556 if (++reg_idx <= start)
9557 continue;
9558
9559 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
9560 NLM_F_MULTI, &rdev->wiphy, regdom);
9561 if (err < 0) {
9562 reg_idx--;
9563 break;
9564 }
9565 }
9566
9567 cb->args[2] = reg_idx;
9568 err = skb->len;
9569 out_err:
9570 rcu_read_unlock();
9571 return err;
9572 }
9573
9574 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
9575 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
9576 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
9577 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
9578 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
9579 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
9580 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
9581 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
9582 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
9583 };
9584
parse_reg_rule(struct nlattr * tb[],struct ieee80211_reg_rule * reg_rule)9585 static int parse_reg_rule(struct nlattr *tb[],
9586 struct ieee80211_reg_rule *reg_rule)
9587 {
9588 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
9589 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
9590
9591 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
9592 return -EINVAL;
9593 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
9594 return -EINVAL;
9595 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
9596 return -EINVAL;
9597 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
9598 return -EINVAL;
9599 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
9600 return -EINVAL;
9601
9602 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
9603
9604 freq_range->start_freq_khz =
9605 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
9606 freq_range->end_freq_khz =
9607 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
9608 freq_range->max_bandwidth_khz =
9609 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
9610
9611 power_rule->max_eirp =
9612 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
9613
9614 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
9615 power_rule->max_antenna_gain =
9616 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
9617
9618 if (tb[NL80211_ATTR_DFS_CAC_TIME])
9619 reg_rule->dfs_cac_ms =
9620 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
9621
9622 return 0;
9623 }
9624
nl80211_set_reg(struct sk_buff * skb,struct genl_info * info)9625 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
9626 {
9627 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
9628 struct nlattr *nl_reg_rule;
9629 char *alpha2;
9630 int rem_reg_rules, r;
9631 u32 num_rules = 0, rule_idx = 0;
9632 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
9633 struct ieee80211_regdomain *rd;
9634
9635 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
9636 return -EINVAL;
9637
9638 if (!info->attrs[NL80211_ATTR_REG_RULES])
9639 return -EINVAL;
9640
9641 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
9642
9643 if (info->attrs[NL80211_ATTR_DFS_REGION])
9644 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
9645
9646 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
9647 rem_reg_rules) {
9648 num_rules++;
9649 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
9650 return -EINVAL;
9651 }
9652
9653 rtnl_lock();
9654 if (!reg_is_valid_request(alpha2)) {
9655 r = -EINVAL;
9656 goto out;
9657 }
9658
9659 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
9660 if (!rd) {
9661 r = -ENOMEM;
9662 goto out;
9663 }
9664
9665 rd->n_reg_rules = num_rules;
9666 rd->alpha2[0] = alpha2[0];
9667 rd->alpha2[1] = alpha2[1];
9668
9669 /*
9670 * Disable DFS master mode if the DFS region was
9671 * not supported or known on this kernel.
9672 */
9673 if (reg_supported_dfs_region(dfs_region))
9674 rd->dfs_region = dfs_region;
9675
9676 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
9677 rem_reg_rules) {
9678 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
9679 nl_reg_rule, reg_rule_policy,
9680 info->extack);
9681 if (r)
9682 goto bad_reg;
9683 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
9684 if (r)
9685 goto bad_reg;
9686
9687 rule_idx++;
9688
9689 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
9690 r = -EINVAL;
9691 goto bad_reg;
9692 }
9693 }
9694
9695 r = set_regdom(rd, REGD_SOURCE_CRDA);
9696 /* set_regdom takes ownership of rd */
9697 rd = NULL;
9698 bad_reg:
9699 kfree(rd);
9700 out:
9701 rtnl_unlock();
9702 return r;
9703 }
9704 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
9705
validate_scan_freqs(struct nlattr * freqs)9706 static int validate_scan_freqs(struct nlattr *freqs)
9707 {
9708 struct nlattr *attr1, *attr2;
9709 int n_channels = 0, tmp1, tmp2;
9710
9711 nla_for_each_nested(attr1, freqs, tmp1)
9712 if (nla_len(attr1) != sizeof(u32))
9713 return 0;
9714
9715 nla_for_each_nested(attr1, freqs, tmp1) {
9716 n_channels++;
9717 /*
9718 * Some hardware has a limited channel list for
9719 * scanning, and it is pretty much nonsensical
9720 * to scan for a channel twice, so disallow that
9721 * and don't require drivers to check that the
9722 * channel list they get isn't longer than what
9723 * they can scan, as long as they can scan all
9724 * the channels they registered at once.
9725 */
9726 nla_for_each_nested(attr2, freqs, tmp2)
9727 if (attr1 != attr2 &&
9728 nla_get_u32(attr1) == nla_get_u32(attr2))
9729 return 0;
9730 }
9731
9732 return n_channels;
9733 }
9734
is_band_valid(struct wiphy * wiphy,enum nl80211_band b)9735 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
9736 {
9737 return b < NUM_NL80211_BANDS && wiphy->bands[b];
9738 }
9739
parse_bss_select(struct nlattr * nla,struct wiphy * wiphy,struct cfg80211_bss_selection * bss_select)9740 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
9741 struct cfg80211_bss_selection *bss_select)
9742 {
9743 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
9744 struct nlattr *nest;
9745 int err;
9746 bool found = false;
9747 int i;
9748
9749 /* only process one nested attribute */
9750 nest = nla_data(nla);
9751 if (!nla_ok(nest, nla_len(nest)))
9752 return -EINVAL;
9753
9754 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
9755 nest, nl80211_bss_select_policy,
9756 NULL);
9757 if (err)
9758 return err;
9759
9760 /* only one attribute may be given */
9761 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
9762 if (attr[i]) {
9763 if (found)
9764 return -EINVAL;
9765 found = true;
9766 }
9767 }
9768
9769 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
9770
9771 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
9772 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
9773
9774 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
9775 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
9776 bss_select->param.band_pref =
9777 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
9778 if (!is_band_valid(wiphy, bss_select->param.band_pref))
9779 return -EINVAL;
9780 }
9781
9782 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
9783 struct nl80211_bss_select_rssi_adjust *adj_param;
9784
9785 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
9786 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
9787 bss_select->param.adjust.band = adj_param->band;
9788 bss_select->param.adjust.delta = adj_param->delta;
9789 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
9790 return -EINVAL;
9791 }
9792
9793 /* user-space did not provide behaviour attribute */
9794 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
9795 return -EINVAL;
9796
9797 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
9798 return -EINVAL;
9799
9800 return 0;
9801 }
9802
nl80211_parse_random_mac(struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask)9803 int nl80211_parse_random_mac(struct nlattr **attrs,
9804 u8 *mac_addr, u8 *mac_addr_mask)
9805 {
9806 int i;
9807
9808 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
9809 eth_zero_addr(mac_addr);
9810 eth_zero_addr(mac_addr_mask);
9811 mac_addr[0] = 0x2;
9812 mac_addr_mask[0] = 0x3;
9813
9814 return 0;
9815 }
9816
9817 /* need both or none */
9818 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
9819 return -EINVAL;
9820
9821 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
9822 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
9823
9824 /* don't allow or configure an mcast address */
9825 if (!is_multicast_ether_addr(mac_addr_mask) ||
9826 is_multicast_ether_addr(mac_addr))
9827 return -EINVAL;
9828
9829 /*
9830 * allow users to pass a MAC address that has bits set outside
9831 * of the mask, but don't bother drivers with having to deal
9832 * with such bits
9833 */
9834 for (i = 0; i < ETH_ALEN; i++)
9835 mac_addr[i] &= mac_addr_mask[i];
9836
9837 return 0;
9838 }
9839
cfg80211_off_channel_oper_allowed(struct wireless_dev * wdev,struct ieee80211_channel * chan)9840 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
9841 struct ieee80211_channel *chan)
9842 {
9843 unsigned int link_id;
9844 bool all_ok = true;
9845 int radio_idx;
9846
9847 lockdep_assert_wiphy(wdev->wiphy);
9848
9849 if (!cfg80211_wdev_channel_allowed(wdev, chan))
9850 return false;
9851
9852 if (!cfg80211_beaconing_iface_active(wdev))
9853 return true;
9854
9855 radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy, chan);
9856
9857 /*
9858 * FIXME: check if we have a free radio/link for chan
9859 *
9860 * This, as well as the FIXME below, requires knowing the link
9861 * capabilities of the hardware.
9862 */
9863
9864 /* we cannot leave radar channels */
9865 for_each_valid_link(wdev, link_id) {
9866 struct cfg80211_chan_def *chandef;
9867 int link_radio_idx;
9868
9869 chandef = wdev_chandef(wdev, link_id);
9870 if (!chandef || !chandef->chan)
9871 continue;
9872
9873 if (!(chandef->chan->flags & IEEE80211_CHAN_RADAR))
9874 continue;
9875
9876 /*
9877 * chandef->chan is a radar channel. If the radio/link onto
9878 * which this radar channel falls is the same radio/link onto
9879 * which the input 'chan' falls, off-channel operation should
9880 * not be allowed. Hence, set 'all_ok' to false.
9881 */
9882
9883 link_radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy,
9884 chandef->chan);
9885 if (link_radio_idx == radio_idx) {
9886 all_ok = false;
9887 break;
9888 }
9889 }
9890
9891 if (all_ok)
9892 return true;
9893
9894 return regulatory_pre_cac_allowed(wdev->wiphy);
9895 }
9896
nl80211_check_scan_feat(struct wiphy * wiphy,u32 flags,u32 flag,enum nl80211_ext_feature_index feat)9897 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
9898 enum nl80211_ext_feature_index feat)
9899 {
9900 if (!(flags & flag))
9901 return true;
9902 if (wiphy_ext_feature_isset(wiphy, feat))
9903 return true;
9904 return false;
9905 }
9906
9907 static int
nl80211_check_scan_flags(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask,u32 * flags,enum nl80211_feature_flags randomness_flag)9908 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
9909 struct nlattr **attrs, u8 *mac_addr, u8 *mac_addr_mask,
9910 u32 *flags, enum nl80211_feature_flags randomness_flag)
9911 {
9912 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
9913 return 0;
9914
9915 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
9916
9917 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
9918 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
9919 !nl80211_check_scan_feat(wiphy, *flags,
9920 NL80211_SCAN_FLAG_LOW_SPAN,
9921 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
9922 !nl80211_check_scan_feat(wiphy, *flags,
9923 NL80211_SCAN_FLAG_LOW_POWER,
9924 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
9925 !nl80211_check_scan_feat(wiphy, *flags,
9926 NL80211_SCAN_FLAG_HIGH_ACCURACY,
9927 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
9928 !nl80211_check_scan_feat(wiphy, *flags,
9929 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
9930 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
9931 !nl80211_check_scan_feat(wiphy, *flags,
9932 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
9933 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
9934 !nl80211_check_scan_feat(wiphy, *flags,
9935 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
9936 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
9937 !nl80211_check_scan_feat(wiphy, *flags,
9938 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
9939 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
9940 !nl80211_check_scan_feat(wiphy, *flags,
9941 NL80211_SCAN_FLAG_RANDOM_SN,
9942 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
9943 !nl80211_check_scan_feat(wiphy, *flags,
9944 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
9945 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
9946 return -EOPNOTSUPP;
9947
9948 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
9949 int err;
9950
9951 if (!(wiphy->features & randomness_flag) ||
9952 (wdev && wdev->connected))
9953 return -EOPNOTSUPP;
9954
9955 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
9956 if (err)
9957 return err;
9958 }
9959
9960 return 0;
9961 }
9962
9963 static int
nl80211_check_scan_flags_sched(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,struct cfg80211_sched_scan_request * req)9964 nl80211_check_scan_flags_sched(struct wiphy *wiphy, struct wireless_dev *wdev,
9965 struct nlattr **attrs,
9966 struct cfg80211_sched_scan_request *req)
9967 {
9968 return nl80211_check_scan_flags(wiphy, wdev, attrs,
9969 req->mac_addr, req->mac_addr_mask,
9970 &req->flags,
9971 wdev ? NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
9972 NL80211_FEATURE_ND_RANDOM_MAC_ADDR);
9973 }
9974
9975 static int
nl80211_check_scan_flags_reg(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,struct cfg80211_scan_request_int * req)9976 nl80211_check_scan_flags_reg(struct wiphy *wiphy, struct wireless_dev *wdev,
9977 struct nlattr **attrs,
9978 struct cfg80211_scan_request_int *req)
9979 {
9980 return nl80211_check_scan_flags(wiphy, wdev, attrs,
9981 req->req.mac_addr,
9982 req->req.mac_addr_mask,
9983 &req->req.flags,
9984 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR);
9985 }
9986
nl80211_trigger_scan(struct sk_buff * skb,struct genl_info * info)9987 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
9988 {
9989 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9990 struct wireless_dev *wdev = info->user_ptr[1];
9991 struct cfg80211_scan_request_int *request;
9992 struct nlattr *scan_freqs = NULL;
9993 bool scan_freqs_khz = false;
9994 struct nlattr *attr;
9995 struct wiphy *wiphy;
9996 int err, tmp, n_ssids = 0, n_channels, i;
9997 size_t ie_len, size;
9998 size_t ssids_offset, ie_offset;
9999
10000 wiphy = &rdev->wiphy;
10001
10002 if (wdev->iftype == NL80211_IFTYPE_NAN)
10003 return -EOPNOTSUPP;
10004
10005 if (!rdev->ops->scan)
10006 return -EOPNOTSUPP;
10007
10008 if (rdev->scan_req || rdev->scan_msg)
10009 return -EBUSY;
10010
10011 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
10012 if (!wiphy_ext_feature_isset(wiphy,
10013 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
10014 return -EOPNOTSUPP;
10015 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
10016 scan_freqs_khz = true;
10017 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
10018 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
10019
10020 if (scan_freqs) {
10021 n_channels = validate_scan_freqs(scan_freqs);
10022 if (!n_channels)
10023 return -EINVAL;
10024 } else {
10025 n_channels = ieee80211_get_num_supported_channels(wiphy);
10026 }
10027
10028 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
10029 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
10030 n_ssids++;
10031
10032 if (n_ssids > wiphy->max_scan_ssids)
10033 return -EINVAL;
10034
10035 if (info->attrs[NL80211_ATTR_IE])
10036 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10037 else
10038 ie_len = 0;
10039
10040 if (ie_len > wiphy->max_scan_ie_len)
10041 return -EINVAL;
10042
10043 size = struct_size(request, req.channels, n_channels);
10044 ssids_offset = size;
10045 size = size_add(size, array_size(sizeof(*request->req.ssids), n_ssids));
10046 ie_offset = size;
10047 size = size_add(size, ie_len);
10048 request = kzalloc(size, GFP_KERNEL);
10049 if (!request)
10050 return -ENOMEM;
10051
10052 if (n_ssids)
10053 request->req.ssids = (void *)request + ssids_offset;
10054 request->req.n_ssids = n_ssids;
10055 if (ie_len)
10056 request->req.ie = (void *)request + ie_offset;
10057
10058 i = 0;
10059 if (scan_freqs) {
10060 /* user specified, bail out if channel not found */
10061 nla_for_each_nested(attr, scan_freqs, tmp) {
10062 struct ieee80211_channel *chan;
10063 int freq = nla_get_u32(attr);
10064
10065 if (!scan_freqs_khz)
10066 freq = MHZ_TO_KHZ(freq);
10067
10068 chan = ieee80211_get_channel_khz(wiphy, freq);
10069 if (!chan) {
10070 err = -EINVAL;
10071 goto out_free;
10072 }
10073
10074 /* ignore disabled channels */
10075 if (chan->flags & IEEE80211_CHAN_DISABLED ||
10076 !cfg80211_wdev_channel_allowed(wdev, chan))
10077 continue;
10078
10079 request->req.channels[i] = chan;
10080 i++;
10081 }
10082 } else {
10083 enum nl80211_band band;
10084
10085 /* all channels */
10086 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10087 int j;
10088
10089 if (!wiphy->bands[band])
10090 continue;
10091 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
10092 struct ieee80211_channel *chan;
10093
10094 chan = &wiphy->bands[band]->channels[j];
10095
10096 if (chan->flags & IEEE80211_CHAN_DISABLED ||
10097 !cfg80211_wdev_channel_allowed(wdev, chan))
10098 continue;
10099
10100 request->req.channels[i] = chan;
10101 i++;
10102 }
10103 }
10104 }
10105
10106 if (!i) {
10107 err = -EINVAL;
10108 goto out_free;
10109 }
10110
10111 request->req.n_channels = i;
10112
10113 for (i = 0; i < request->req.n_channels; i++) {
10114 struct ieee80211_channel *chan = request->req.channels[i];
10115
10116 /* if we can go off-channel to the target channel we're good */
10117 if (cfg80211_off_channel_oper_allowed(wdev, chan))
10118 continue;
10119
10120 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
10121 err = -EBUSY;
10122 goto out_free;
10123 }
10124 }
10125
10126 i = 0;
10127 if (n_ssids) {
10128 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
10129 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
10130 err = -EINVAL;
10131 goto out_free;
10132 }
10133 request->req.ssids[i].ssid_len = nla_len(attr);
10134 memcpy(request->req.ssids[i].ssid,
10135 nla_data(attr), nla_len(attr));
10136 i++;
10137 }
10138 }
10139
10140 if (info->attrs[NL80211_ATTR_IE]) {
10141 request->req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10142 memcpy((void *)request->req.ie,
10143 nla_data(info->attrs[NL80211_ATTR_IE]),
10144 request->req.ie_len);
10145 }
10146
10147 for (i = 0; i < NUM_NL80211_BANDS; i++)
10148 if (wiphy->bands[i])
10149 request->req.rates[i] =
10150 (1 << wiphy->bands[i]->n_bitrates) - 1;
10151
10152 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
10153 nla_for_each_nested(attr,
10154 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
10155 tmp) {
10156 enum nl80211_band band = nla_type(attr);
10157
10158 if (band < 0 || band >= NUM_NL80211_BANDS) {
10159 err = -EINVAL;
10160 goto out_free;
10161 }
10162
10163 if (!wiphy->bands[band])
10164 continue;
10165
10166 err = ieee80211_get_ratemask(wiphy->bands[band],
10167 nla_data(attr),
10168 nla_len(attr),
10169 &request->req.rates[band]);
10170 if (err)
10171 goto out_free;
10172 }
10173 }
10174
10175 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
10176 request->req.duration =
10177 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
10178 request->req.duration_mandatory =
10179 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
10180 }
10181
10182 err = nl80211_check_scan_flags_reg(wiphy, wdev, info->attrs, request);
10183 if (err)
10184 goto out_free;
10185
10186 request->req.no_cck =
10187 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10188
10189 /* Initial implementation used NL80211_ATTR_MAC to set the specific
10190 * BSSID to scan for. This was problematic because that same attribute
10191 * was already used for another purpose (local random MAC address). The
10192 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
10193 * compatibility with older userspace components, also use the
10194 * NL80211_ATTR_MAC value here if it can be determined to be used for
10195 * the specific BSSID use case instead of the random MAC address
10196 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
10197 */
10198 if (info->attrs[NL80211_ATTR_BSSID])
10199 memcpy(request->req.bssid,
10200 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
10201 else if (!(request->req.flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
10202 info->attrs[NL80211_ATTR_MAC])
10203 memcpy(request->req.bssid,
10204 nla_data(info->attrs[NL80211_ATTR_MAC]),
10205 ETH_ALEN);
10206 else
10207 eth_broadcast_addr(request->req.bssid);
10208
10209 request->req.tsf_report_link_id =
10210 nl80211_link_id_or_invalid(info->attrs);
10211 request->req.wdev = wdev;
10212 request->req.wiphy = &rdev->wiphy;
10213 request->req.scan_start = jiffies;
10214
10215 rdev->scan_req = request;
10216 err = cfg80211_scan(rdev);
10217
10218 if (err)
10219 goto out_free;
10220
10221 nl80211_send_scan_start(rdev, wdev);
10222 dev_hold(wdev->netdev);
10223
10224 return 0;
10225
10226 out_free:
10227 rdev->scan_req = NULL;
10228 kfree(request);
10229
10230 return err;
10231 }
10232
nl80211_abort_scan(struct sk_buff * skb,struct genl_info * info)10233 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
10234 {
10235 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10236 struct wireless_dev *wdev = info->user_ptr[1];
10237
10238 if (!rdev->ops->abort_scan)
10239 return -EOPNOTSUPP;
10240
10241 if (rdev->scan_msg)
10242 return 0;
10243
10244 if (!rdev->scan_req)
10245 return -ENOENT;
10246
10247 rdev_abort_scan(rdev, wdev);
10248 return 0;
10249 }
10250
10251 static int
nl80211_parse_sched_scan_plans(struct wiphy * wiphy,int n_plans,struct cfg80211_sched_scan_request * request,struct nlattr ** attrs)10252 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
10253 struct cfg80211_sched_scan_request *request,
10254 struct nlattr **attrs)
10255 {
10256 int tmp, err, i = 0;
10257 struct nlattr *attr;
10258
10259 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
10260 u32 interval;
10261
10262 /*
10263 * If scan plans are not specified,
10264 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
10265 * case one scan plan will be set with the specified scan
10266 * interval and infinite number of iterations.
10267 */
10268 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
10269 if (!interval)
10270 return -EINVAL;
10271
10272 request->scan_plans[0].interval =
10273 DIV_ROUND_UP(interval, MSEC_PER_SEC);
10274 if (!request->scan_plans[0].interval)
10275 return -EINVAL;
10276
10277 if (request->scan_plans[0].interval >
10278 wiphy->max_sched_scan_plan_interval)
10279 request->scan_plans[0].interval =
10280 wiphy->max_sched_scan_plan_interval;
10281
10282 return 0;
10283 }
10284
10285 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
10286 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
10287
10288 if (WARN_ON(i >= n_plans))
10289 return -EINVAL;
10290
10291 err = nla_parse_nested_deprecated(plan,
10292 NL80211_SCHED_SCAN_PLAN_MAX,
10293 attr, nl80211_plan_policy,
10294 NULL);
10295 if (err)
10296 return err;
10297
10298 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
10299 return -EINVAL;
10300
10301 request->scan_plans[i].interval =
10302 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
10303 if (!request->scan_plans[i].interval ||
10304 request->scan_plans[i].interval >
10305 wiphy->max_sched_scan_plan_interval)
10306 return -EINVAL;
10307
10308 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
10309 request->scan_plans[i].iterations =
10310 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
10311 if (!request->scan_plans[i].iterations ||
10312 (request->scan_plans[i].iterations >
10313 wiphy->max_sched_scan_plan_iterations))
10314 return -EINVAL;
10315 } else if (i < n_plans - 1) {
10316 /*
10317 * All scan plans but the last one must specify
10318 * a finite number of iterations
10319 */
10320 return -EINVAL;
10321 }
10322
10323 i++;
10324 }
10325
10326 /*
10327 * The last scan plan must not specify the number of
10328 * iterations, it is supposed to run infinitely
10329 */
10330 if (request->scan_plans[n_plans - 1].iterations)
10331 return -EINVAL;
10332
10333 return 0;
10334 }
10335
10336 static struct cfg80211_sched_scan_request *
nl80211_parse_sched_scan(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,int max_match_sets)10337 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
10338 struct nlattr **attrs, int max_match_sets)
10339 {
10340 struct cfg80211_sched_scan_request *request;
10341 struct nlattr *attr;
10342 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
10343 enum nl80211_band band;
10344 size_t ie_len, size;
10345 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
10346 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
10347
10348 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
10349 n_channels = validate_scan_freqs(
10350 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
10351 if (!n_channels)
10352 return ERR_PTR(-EINVAL);
10353 } else {
10354 n_channels = ieee80211_get_num_supported_channels(wiphy);
10355 }
10356
10357 if (attrs[NL80211_ATTR_SCAN_SSIDS])
10358 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
10359 tmp)
10360 n_ssids++;
10361
10362 if (n_ssids > wiphy->max_sched_scan_ssids)
10363 return ERR_PTR(-EINVAL);
10364
10365 /*
10366 * First, count the number of 'real' matchsets. Due to an issue with
10367 * the old implementation, matchsets containing only the RSSI attribute
10368 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
10369 * RSSI for all matchsets, rather than their own matchset for reporting
10370 * all APs with a strong RSSI. This is needed to be compatible with
10371 * older userspace that treated a matchset with only the RSSI as the
10372 * global RSSI for all other matchsets - if there are other matchsets.
10373 */
10374 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
10375 nla_for_each_nested(attr,
10376 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
10377 tmp) {
10378 struct nlattr *rssi;
10379
10380 err = nla_parse_nested_deprecated(tb,
10381 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
10382 attr,
10383 nl80211_match_policy,
10384 NULL);
10385 if (err)
10386 return ERR_PTR(err);
10387
10388 /* SSID and BSSID are mutually exclusive */
10389 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
10390 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
10391 return ERR_PTR(-EINVAL);
10392
10393 /* add other standalone attributes here */
10394 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
10395 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
10396 n_match_sets++;
10397 continue;
10398 }
10399 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
10400 if (rssi)
10401 default_match_rssi = nla_get_s32(rssi);
10402 }
10403 }
10404
10405 /* However, if there's no other matchset, add the RSSI one */
10406 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
10407 n_match_sets = 1;
10408
10409 if (n_match_sets > max_match_sets)
10410 return ERR_PTR(-EINVAL);
10411
10412 if (attrs[NL80211_ATTR_IE])
10413 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
10414 else
10415 ie_len = 0;
10416
10417 if (ie_len > wiphy->max_sched_scan_ie_len)
10418 return ERR_PTR(-EINVAL);
10419
10420 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
10421 /*
10422 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
10423 * each scan plan already specifies its own interval
10424 */
10425 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
10426 return ERR_PTR(-EINVAL);
10427
10428 nla_for_each_nested(attr,
10429 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
10430 n_plans++;
10431 } else {
10432 /*
10433 * The scan interval attribute is kept for backward
10434 * compatibility. If no scan plans are specified and sched scan
10435 * interval is specified, one scan plan will be set with this
10436 * scan interval and infinite number of iterations.
10437 */
10438 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
10439 return ERR_PTR(-EINVAL);
10440
10441 n_plans = 1;
10442 }
10443
10444 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
10445 return ERR_PTR(-EINVAL);
10446
10447 if (!wiphy_ext_feature_isset(
10448 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
10449 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
10450 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
10451 return ERR_PTR(-EINVAL);
10452
10453 size = struct_size(request, channels, n_channels);
10454 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
10455 size = size_add(size, array_size(sizeof(*request->match_sets),
10456 n_match_sets));
10457 size = size_add(size, array_size(sizeof(*request->scan_plans),
10458 n_plans));
10459 size = size_add(size, ie_len);
10460 request = kzalloc(size, GFP_KERNEL);
10461 if (!request)
10462 return ERR_PTR(-ENOMEM);
10463 request->n_channels = n_channels;
10464
10465 if (n_ssids)
10466 request->ssids = (void *)request +
10467 struct_size(request, channels, n_channels);
10468 request->n_ssids = n_ssids;
10469 if (ie_len) {
10470 if (n_ssids)
10471 request->ie = (void *)(request->ssids + n_ssids);
10472 else
10473 request->ie = (void *)(request->channels + n_channels);
10474 }
10475
10476 if (n_match_sets) {
10477 if (request->ie)
10478 request->match_sets = (void *)(request->ie + ie_len);
10479 else if (n_ssids)
10480 request->match_sets =
10481 (void *)(request->ssids + n_ssids);
10482 else
10483 request->match_sets =
10484 (void *)(request->channels + n_channels);
10485 }
10486 request->n_match_sets = n_match_sets;
10487
10488 if (n_match_sets)
10489 request->scan_plans = (void *)(request->match_sets +
10490 n_match_sets);
10491 else if (request->ie)
10492 request->scan_plans = (void *)(request->ie + ie_len);
10493 else if (n_ssids)
10494 request->scan_plans = (void *)(request->ssids + n_ssids);
10495 else
10496 request->scan_plans = (void *)(request->channels + n_channels);
10497
10498 request->n_scan_plans = n_plans;
10499
10500 i = 0;
10501 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
10502 /* user specified, bail out if channel not found */
10503 nla_for_each_nested(attr,
10504 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
10505 tmp) {
10506 struct ieee80211_channel *chan;
10507
10508 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
10509
10510 if (!chan) {
10511 err = -EINVAL;
10512 goto out_free;
10513 }
10514
10515 /* ignore disabled channels */
10516 if (chan->flags & IEEE80211_CHAN_DISABLED)
10517 continue;
10518
10519 request->channels[i] = chan;
10520 i++;
10521 }
10522 } else {
10523 /* all channels */
10524 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10525 int j;
10526
10527 if (!wiphy->bands[band])
10528 continue;
10529 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
10530 struct ieee80211_channel *chan;
10531
10532 chan = &wiphy->bands[band]->channels[j];
10533
10534 if (chan->flags & IEEE80211_CHAN_DISABLED)
10535 continue;
10536
10537 request->channels[i] = chan;
10538 i++;
10539 }
10540 }
10541 }
10542
10543 if (!i) {
10544 err = -EINVAL;
10545 goto out_free;
10546 }
10547
10548 request->n_channels = i;
10549
10550 i = 0;
10551 if (n_ssids) {
10552 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
10553 tmp) {
10554 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
10555 err = -EINVAL;
10556 goto out_free;
10557 }
10558 request->ssids[i].ssid_len = nla_len(attr);
10559 memcpy(request->ssids[i].ssid, nla_data(attr),
10560 nla_len(attr));
10561 i++;
10562 }
10563 }
10564
10565 i = 0;
10566 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
10567 nla_for_each_nested(attr,
10568 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
10569 tmp) {
10570 struct nlattr *ssid, *bssid, *rssi;
10571
10572 err = nla_parse_nested_deprecated(tb,
10573 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
10574 attr,
10575 nl80211_match_policy,
10576 NULL);
10577 if (err)
10578 goto out_free;
10579 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
10580 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
10581
10582 if (!ssid && !bssid) {
10583 i++;
10584 continue;
10585 }
10586
10587 if (WARN_ON(i >= n_match_sets)) {
10588 /* this indicates a programming error,
10589 * the loop above should have verified
10590 * things properly
10591 */
10592 err = -EINVAL;
10593 goto out_free;
10594 }
10595
10596 if (ssid) {
10597 memcpy(request->match_sets[i].ssid.ssid,
10598 nla_data(ssid), nla_len(ssid));
10599 request->match_sets[i].ssid.ssid_len =
10600 nla_len(ssid);
10601 }
10602 if (bssid)
10603 memcpy(request->match_sets[i].bssid,
10604 nla_data(bssid), ETH_ALEN);
10605
10606 /* special attribute - old implementation w/a */
10607 request->match_sets[i].rssi_thold = default_match_rssi;
10608 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
10609 if (rssi)
10610 request->match_sets[i].rssi_thold =
10611 nla_get_s32(rssi);
10612 i++;
10613 }
10614
10615 /* there was no other matchset, so the RSSI one is alone */
10616 if (i == 0 && n_match_sets)
10617 request->match_sets[0].rssi_thold = default_match_rssi;
10618
10619 request->min_rssi_thold = INT_MAX;
10620 for (i = 0; i < n_match_sets; i++)
10621 request->min_rssi_thold =
10622 min(request->match_sets[i].rssi_thold,
10623 request->min_rssi_thold);
10624 } else {
10625 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
10626 }
10627
10628 if (ie_len) {
10629 request->ie_len = ie_len;
10630 memcpy((void *)request->ie,
10631 nla_data(attrs[NL80211_ATTR_IE]),
10632 request->ie_len);
10633 }
10634
10635 err = nl80211_check_scan_flags_sched(wiphy, wdev, attrs, request);
10636 if (err)
10637 goto out_free;
10638
10639 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
10640 request->delay =
10641 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
10642
10643 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
10644 request->relative_rssi = nla_get_s8(
10645 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
10646 request->relative_rssi_set = true;
10647 }
10648
10649 if (request->relative_rssi_set &&
10650 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
10651 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
10652
10653 rssi_adjust = nla_data(
10654 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
10655 request->rssi_adjust.band = rssi_adjust->band;
10656 request->rssi_adjust.delta = rssi_adjust->delta;
10657 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
10658 err = -EINVAL;
10659 goto out_free;
10660 }
10661 }
10662
10663 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
10664 if (err)
10665 goto out_free;
10666
10667 request->scan_start = jiffies;
10668
10669 return request;
10670
10671 out_free:
10672 kfree(request);
10673 return ERR_PTR(err);
10674 }
10675
nl80211_start_sched_scan(struct sk_buff * skb,struct genl_info * info)10676 static int nl80211_start_sched_scan(struct sk_buff *skb,
10677 struct genl_info *info)
10678 {
10679 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10680 struct net_device *dev = info->user_ptr[1];
10681 struct wireless_dev *wdev = dev->ieee80211_ptr;
10682 struct cfg80211_sched_scan_request *sched_scan_req;
10683 bool want_multi;
10684 int err;
10685
10686 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
10687 return -EOPNOTSUPP;
10688
10689 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
10690 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
10691 if (err)
10692 return err;
10693
10694 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
10695 info->attrs,
10696 rdev->wiphy.max_match_sets);
10697
10698 err = PTR_ERR_OR_ZERO(sched_scan_req);
10699 if (err)
10700 goto out_err;
10701
10702 /* leave request id zero for legacy request
10703 * or if driver does not support multi-scheduled scan
10704 */
10705 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
10706 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
10707
10708 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
10709 if (err)
10710 goto out_free;
10711
10712 sched_scan_req->dev = dev;
10713 sched_scan_req->wiphy = &rdev->wiphy;
10714
10715 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10716 sched_scan_req->owner_nlportid = info->snd_portid;
10717
10718 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
10719
10720 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
10721 return 0;
10722
10723 out_free:
10724 kfree(sched_scan_req);
10725 out_err:
10726 return err;
10727 }
10728
nl80211_stop_sched_scan(struct sk_buff * skb,struct genl_info * info)10729 static int nl80211_stop_sched_scan(struct sk_buff *skb,
10730 struct genl_info *info)
10731 {
10732 struct cfg80211_sched_scan_request *req;
10733 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10734 u64 cookie;
10735
10736 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
10737 return -EOPNOTSUPP;
10738
10739 if (info->attrs[NL80211_ATTR_COOKIE]) {
10740 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10741 return __cfg80211_stop_sched_scan(rdev, cookie, false);
10742 }
10743
10744 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
10745 struct cfg80211_sched_scan_request,
10746 list);
10747 if (!req || req->reqid ||
10748 (req->owner_nlportid &&
10749 req->owner_nlportid != info->snd_portid))
10750 return -ENOENT;
10751
10752 return cfg80211_stop_sched_scan_req(rdev, req, false);
10753 }
10754
nl80211_start_radar_detection(struct sk_buff * skb,struct genl_info * info)10755 static int nl80211_start_radar_detection(struct sk_buff *skb,
10756 struct genl_info *info)
10757 {
10758 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10759 struct net_device *dev = info->user_ptr[1];
10760 struct wireless_dev *wdev = dev->ieee80211_ptr;
10761 int link_id = nl80211_link_id(info->attrs);
10762 struct wiphy *wiphy = wdev->wiphy;
10763 struct cfg80211_chan_def chandef;
10764 enum nl80211_dfs_regions dfs_region;
10765 unsigned int cac_time_ms;
10766 int err;
10767
10768 flush_delayed_work(&rdev->dfs_update_channels_wk);
10769
10770 switch (wdev->iftype) {
10771 case NL80211_IFTYPE_AP:
10772 case NL80211_IFTYPE_P2P_GO:
10773 case NL80211_IFTYPE_MESH_POINT:
10774 case NL80211_IFTYPE_ADHOC:
10775 break;
10776 default:
10777 /* caution - see cfg80211_beaconing_iface_active() below */
10778 return -EINVAL;
10779 }
10780
10781 guard(wiphy)(wiphy);
10782
10783 dfs_region = reg_get_dfs_region(wiphy);
10784 if (dfs_region == NL80211_DFS_UNSET)
10785 return -EINVAL;
10786
10787 err = nl80211_parse_chandef(rdev, info, &chandef);
10788 if (err)
10789 return err;
10790
10791 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10792 if (err < 0)
10793 return err;
10794
10795 if (err == 0)
10796 return -EINVAL;
10797
10798 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
10799 return -EINVAL;
10800
10801 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND]))
10802 return cfg80211_start_background_radar_detection(rdev, wdev,
10803 &chandef);
10804
10805 if (cfg80211_beaconing_iface_active(wdev)) {
10806 /* During MLO other link(s) can beacon, only the current link
10807 * can not already beacon
10808 */
10809 if (wdev->valid_links &&
10810 !wdev->links[link_id].ap.beacon_interval) {
10811 /* nothing */
10812 } else {
10813 return -EBUSY;
10814 }
10815 }
10816
10817 if (wdev->links[link_id].cac_started)
10818 return -EBUSY;
10819
10820 /* CAC start is offloaded to HW and can't be started manually */
10821 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
10822 return -EOPNOTSUPP;
10823
10824 if (!rdev->ops->start_radar_detection)
10825 return -EOPNOTSUPP;
10826
10827 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
10828 if (WARN_ON(!cac_time_ms))
10829 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
10830
10831 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms,
10832 link_id);
10833 if (err)
10834 return err;
10835
10836 switch (wdev->iftype) {
10837 case NL80211_IFTYPE_AP:
10838 case NL80211_IFTYPE_P2P_GO:
10839 wdev->links[link_id].ap.chandef = chandef;
10840 break;
10841 case NL80211_IFTYPE_ADHOC:
10842 wdev->u.ibss.chandef = chandef;
10843 break;
10844 case NL80211_IFTYPE_MESH_POINT:
10845 wdev->u.mesh.chandef = chandef;
10846 break;
10847 default:
10848 break;
10849 }
10850 wdev->links[link_id].cac_started = true;
10851 wdev->links[link_id].cac_start_time = jiffies;
10852 wdev->links[link_id].cac_time_ms = cac_time_ms;
10853
10854 return 0;
10855 }
10856
nl80211_notify_radar_detection(struct sk_buff * skb,struct genl_info * info)10857 static int nl80211_notify_radar_detection(struct sk_buff *skb,
10858 struct genl_info *info)
10859 {
10860 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10861 struct net_device *dev = info->user_ptr[1];
10862 struct wireless_dev *wdev = dev->ieee80211_ptr;
10863 struct wiphy *wiphy = wdev->wiphy;
10864 struct cfg80211_chan_def chandef;
10865 enum nl80211_dfs_regions dfs_region;
10866 int err;
10867
10868 dfs_region = reg_get_dfs_region(wiphy);
10869 if (dfs_region == NL80211_DFS_UNSET) {
10870 GENL_SET_ERR_MSG(info,
10871 "DFS Region is not set. Unexpected Radar indication");
10872 return -EINVAL;
10873 }
10874
10875 err = nl80211_parse_chandef(rdev, info, &chandef);
10876 if (err) {
10877 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
10878 return err;
10879 }
10880
10881 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10882 if (err < 0) {
10883 GENL_SET_ERR_MSG(info, "chandef is invalid");
10884 return err;
10885 }
10886
10887 if (err == 0) {
10888 GENL_SET_ERR_MSG(info,
10889 "Unexpected Radar indication for chandef/iftype");
10890 return -EINVAL;
10891 }
10892
10893 /* Do not process this notification if radar is already detected
10894 * by kernel on this channel, and return success.
10895 */
10896 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
10897 return 0;
10898
10899 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
10900
10901 cfg80211_sched_dfs_chan_update(rdev);
10902
10903 rdev->radar_chandef = chandef;
10904
10905 /* Propagate this notification to other radios as well */
10906 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
10907
10908 return 0;
10909 }
10910
nl80211_parse_counter_offsets(struct cfg80211_registered_device * rdev,const u8 * data,size_t datalen,int first_count,struct nlattr * attr,const u16 ** offsets,unsigned int * n_offsets)10911 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
10912 const u8 *data, size_t datalen,
10913 int first_count, struct nlattr *attr,
10914 const u16 **offsets, unsigned int *n_offsets)
10915 {
10916 int i;
10917
10918 *n_offsets = 0;
10919
10920 if (!attr)
10921 return 0;
10922
10923 if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
10924 return -EINVAL;
10925
10926 *n_offsets = nla_len(attr) / sizeof(u16);
10927 if (rdev->wiphy.max_num_csa_counters &&
10928 (*n_offsets > rdev->wiphy.max_num_csa_counters))
10929 return -EINVAL;
10930
10931 *offsets = nla_data(attr);
10932
10933 /* sanity checks - counters should fit and be the same */
10934 for (i = 0; i < *n_offsets; i++) {
10935 u16 offset = (*offsets)[i];
10936
10937 if (offset >= datalen)
10938 return -EINVAL;
10939
10940 if (first_count != -1 && data[offset] != first_count)
10941 return -EINVAL;
10942 }
10943
10944 return 0;
10945 }
10946
nl80211_channel_switch(struct sk_buff * skb,struct genl_info * info)10947 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
10948 {
10949 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10950 unsigned int link_id = nl80211_link_id(info->attrs);
10951 struct net_device *dev = info->user_ptr[1];
10952 struct wireless_dev *wdev = dev->ieee80211_ptr;
10953 struct cfg80211_csa_settings params;
10954 struct nlattr **csa_attrs = NULL;
10955 int err;
10956 bool need_new_beacon = false;
10957 bool need_handle_dfs_flag = true;
10958 u32 cs_count;
10959
10960 if (!rdev->ops->channel_switch ||
10961 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
10962 return -EOPNOTSUPP;
10963
10964 switch (dev->ieee80211_ptr->iftype) {
10965 case NL80211_IFTYPE_AP:
10966 case NL80211_IFTYPE_P2P_GO:
10967 need_new_beacon = true;
10968 /* For all modes except AP the handle_dfs flag needs to be
10969 * supplied to tell the kernel that userspace will handle radar
10970 * events when they happen. Otherwise a switch to a channel
10971 * requiring DFS will be rejected.
10972 */
10973 need_handle_dfs_flag = false;
10974
10975 /* useless if AP is not running */
10976 if (!wdev->links[link_id].ap.beacon_interval)
10977 return -ENOTCONN;
10978 break;
10979 case NL80211_IFTYPE_ADHOC:
10980 if (!wdev->u.ibss.ssid_len)
10981 return -ENOTCONN;
10982 break;
10983 case NL80211_IFTYPE_MESH_POINT:
10984 if (!wdev->u.mesh.id_len)
10985 return -ENOTCONN;
10986 break;
10987 default:
10988 return -EOPNOTSUPP;
10989 }
10990
10991 memset(¶ms, 0, sizeof(params));
10992 params.beacon_csa.ftm_responder = -1;
10993
10994 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10995 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
10996 return -EINVAL;
10997
10998 /* only important for AP, IBSS and mesh create IEs internally */
10999 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
11000 return -EINVAL;
11001
11002 /* Even though the attribute is u32, the specification says
11003 * u8, so let's make sure we don't overflow.
11004 */
11005 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
11006 if (cs_count > 255)
11007 return -EINVAL;
11008
11009 params.count = cs_count;
11010
11011 if (!need_new_beacon)
11012 goto skip_beacons;
11013
11014 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after,
11015 info->extack);
11016 if (err)
11017 goto free;
11018
11019 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
11020 GFP_KERNEL);
11021 if (!csa_attrs) {
11022 err = -ENOMEM;
11023 goto free;
11024 }
11025
11026 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
11027 info->attrs[NL80211_ATTR_CSA_IES],
11028 nl80211_policy, info->extack);
11029 if (err)
11030 goto free;
11031
11032 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa,
11033 info->extack);
11034 if (err)
11035 goto free;
11036
11037 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
11038 err = -EINVAL;
11039 goto free;
11040 }
11041
11042 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
11043 params.beacon_csa.tail_len,
11044 params.count,
11045 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
11046 ¶ms.counter_offsets_beacon,
11047 ¶ms.n_counter_offsets_beacon);
11048 if (err)
11049 goto free;
11050
11051 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
11052 params.beacon_csa.probe_resp_len,
11053 params.count,
11054 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
11055 ¶ms.counter_offsets_presp,
11056 ¶ms.n_counter_offsets_presp);
11057 if (err)
11058 goto free;
11059
11060 skip_beacons:
11061 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
11062 if (err)
11063 goto free;
11064
11065 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
11066 wdev->iftype)) {
11067 err = -EINVAL;
11068 goto free;
11069 }
11070
11071 err = cfg80211_chandef_dfs_required(wdev->wiphy,
11072 ¶ms.chandef,
11073 wdev->iftype);
11074 if (err < 0)
11075 goto free;
11076
11077 if (err > 0) {
11078 params.radar_required = true;
11079 if (need_handle_dfs_flag &&
11080 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
11081 err = -EINVAL;
11082 goto free;
11083 }
11084 }
11085
11086 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
11087 params.block_tx = true;
11088
11089 if ((wdev->iftype == NL80211_IFTYPE_AP ||
11090 wdev->iftype == NL80211_IFTYPE_P2P_GO) &&
11091 info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
11092 err = nl80211_parse_unsol_bcast_probe_resp(
11093 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
11094 ¶ms.unsol_bcast_probe_resp);
11095 if (err)
11096 goto free;
11097 }
11098
11099 params.link_id = link_id;
11100 err = rdev_channel_switch(rdev, dev, ¶ms);
11101
11102 free:
11103 kfree(params.beacon_after.mbssid_ies);
11104 kfree(params.beacon_csa.mbssid_ies);
11105 kfree(params.beacon_after.rnr_ies);
11106 kfree(params.beacon_csa.rnr_ies);
11107 kfree(csa_attrs);
11108 return err;
11109 }
11110
nl80211_send_bss(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct cfg80211_internal_bss * intbss)11111 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
11112 u32 seq, int flags,
11113 struct cfg80211_registered_device *rdev,
11114 struct wireless_dev *wdev,
11115 struct cfg80211_internal_bss *intbss)
11116 {
11117 struct cfg80211_bss *res = &intbss->pub;
11118 const struct cfg80211_bss_ies *ies;
11119 unsigned int link_id;
11120 void *hdr;
11121 struct nlattr *bss;
11122
11123 lockdep_assert_wiphy(wdev->wiphy);
11124
11125 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
11126 NL80211_CMD_NEW_SCAN_RESULTS);
11127 if (!hdr)
11128 return -1;
11129
11130 genl_dump_check_consistent(cb, hdr);
11131
11132 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
11133 goto nla_put_failure;
11134 if (wdev->netdev &&
11135 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
11136 goto nla_put_failure;
11137 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11138 NL80211_ATTR_PAD))
11139 goto nla_put_failure;
11140
11141 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
11142 if (!bss)
11143 goto nla_put_failure;
11144 if ((!is_zero_ether_addr(res->bssid) &&
11145 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
11146 goto nla_put_failure;
11147
11148 rcu_read_lock();
11149 /* indicate whether we have probe response data or not */
11150 if (rcu_access_pointer(res->proberesp_ies) &&
11151 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
11152 goto fail_unlock_rcu;
11153
11154 /* this pointer prefers to be pointed to probe response data
11155 * but is always valid
11156 */
11157 ies = rcu_dereference(res->ies);
11158 if (ies) {
11159 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
11160 NL80211_BSS_PAD))
11161 goto fail_unlock_rcu;
11162 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
11163 ies->len, ies->data))
11164 goto fail_unlock_rcu;
11165 }
11166
11167 /* and this pointer is always (unless driver didn't know) beacon data */
11168 ies = rcu_dereference(res->beacon_ies);
11169 if (ies && ies->from_beacon) {
11170 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
11171 NL80211_BSS_PAD))
11172 goto fail_unlock_rcu;
11173 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
11174 ies->len, ies->data))
11175 goto fail_unlock_rcu;
11176 }
11177 rcu_read_unlock();
11178
11179 if (res->beacon_interval &&
11180 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
11181 goto nla_put_failure;
11182 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
11183 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
11184 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
11185 res->channel->freq_offset) ||
11186 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
11187 jiffies_to_msecs(jiffies - intbss->ts)))
11188 goto nla_put_failure;
11189
11190 if (intbss->parent_tsf &&
11191 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
11192 intbss->parent_tsf, NL80211_BSS_PAD) ||
11193 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
11194 intbss->parent_bssid)))
11195 goto nla_put_failure;
11196
11197 if (res->ts_boottime &&
11198 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
11199 res->ts_boottime, NL80211_BSS_PAD))
11200 goto nla_put_failure;
11201
11202 if (!nl80211_put_signal(msg, intbss->pub.chains,
11203 intbss->pub.chain_signal,
11204 NL80211_BSS_CHAIN_SIGNAL))
11205 goto nla_put_failure;
11206
11207 if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) {
11208 switch (rdev->wiphy.signal_type) {
11209 case CFG80211_SIGNAL_TYPE_MBM:
11210 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM,
11211 res->signal))
11212 goto nla_put_failure;
11213 break;
11214 case CFG80211_SIGNAL_TYPE_UNSPEC:
11215 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC,
11216 res->signal))
11217 goto nla_put_failure;
11218 break;
11219 default:
11220 break;
11221 }
11222 }
11223
11224 switch (wdev->iftype) {
11225 case NL80211_IFTYPE_P2P_CLIENT:
11226 case NL80211_IFTYPE_STATION:
11227 for_each_valid_link(wdev, link_id) {
11228 if (intbss == wdev->links[link_id].client.current_bss &&
11229 (nla_put_u32(msg, NL80211_BSS_STATUS,
11230 NL80211_BSS_STATUS_ASSOCIATED) ||
11231 (wdev->valid_links &&
11232 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
11233 link_id) ||
11234 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
11235 wdev->u.client.connected_addr)))))
11236 goto nla_put_failure;
11237 }
11238 break;
11239 case NL80211_IFTYPE_ADHOC:
11240 if (intbss == wdev->u.ibss.current_bss &&
11241 nla_put_u32(msg, NL80211_BSS_STATUS,
11242 NL80211_BSS_STATUS_IBSS_JOINED))
11243 goto nla_put_failure;
11244 break;
11245 default:
11246 break;
11247 }
11248
11249 if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
11250 goto nla_put_failure;
11251
11252 if (res->cannot_use_reasons &&
11253 nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
11254 res->cannot_use_reasons,
11255 NL80211_BSS_PAD))
11256 goto nla_put_failure;
11257
11258 nla_nest_end(msg, bss);
11259
11260 genlmsg_end(msg, hdr);
11261 return 0;
11262
11263 fail_unlock_rcu:
11264 rcu_read_unlock();
11265 nla_put_failure:
11266 genlmsg_cancel(msg, hdr);
11267 return -EMSGSIZE;
11268 }
11269
nl80211_dump_scan(struct sk_buff * skb,struct netlink_callback * cb)11270 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
11271 {
11272 struct cfg80211_registered_device *rdev;
11273 struct cfg80211_internal_bss *scan;
11274 struct wireless_dev *wdev;
11275 struct nlattr **attrbuf;
11276 int start = cb->args[2], idx = 0;
11277 bool dump_include_use_data;
11278 int err;
11279
11280 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
11281 if (!attrbuf)
11282 return -ENOMEM;
11283
11284 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
11285 if (err) {
11286 kfree(attrbuf);
11287 return err;
11288 }
11289 /* nl80211_prepare_wdev_dump acquired it in the successful case */
11290 __acquire(&rdev->wiphy.mtx);
11291
11292 dump_include_use_data =
11293 attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
11294 kfree(attrbuf);
11295
11296 spin_lock_bh(&rdev->bss_lock);
11297
11298 /*
11299 * dump_scan will be called multiple times to break up the scan results
11300 * into multiple messages. It is unlikely that any more bss-es will be
11301 * expired after the first call, so only call only call this on the
11302 * first dump_scan invocation.
11303 */
11304 if (start == 0)
11305 cfg80211_bss_expire(rdev);
11306
11307 cb->seq = rdev->bss_generation;
11308
11309 list_for_each_entry(scan, &rdev->bss_list, list) {
11310 if (++idx <= start)
11311 continue;
11312 if (!dump_include_use_data &&
11313 !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
11314 continue;
11315 if (nl80211_send_bss(skb, cb,
11316 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11317 rdev, wdev, scan) < 0) {
11318 idx--;
11319 break;
11320 }
11321 }
11322
11323 spin_unlock_bh(&rdev->bss_lock);
11324
11325 cb->args[2] = idx;
11326 wiphy_unlock(&rdev->wiphy);
11327
11328 return skb->len;
11329 }
11330
nl80211_send_survey(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,bool allow_radio_stats,struct survey_info * survey)11331 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
11332 int flags, struct net_device *dev,
11333 bool allow_radio_stats,
11334 struct survey_info *survey)
11335 {
11336 void *hdr;
11337 struct nlattr *infoattr;
11338
11339 /* skip radio stats if userspace didn't request them */
11340 if (!survey->channel && !allow_radio_stats)
11341 return 0;
11342
11343 hdr = nl80211hdr_put(msg, portid, seq, flags,
11344 NL80211_CMD_NEW_SURVEY_RESULTS);
11345 if (!hdr)
11346 return -ENOMEM;
11347
11348 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11349 goto nla_put_failure;
11350
11351 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
11352 if (!infoattr)
11353 goto nla_put_failure;
11354
11355 if (survey->channel &&
11356 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
11357 survey->channel->center_freq))
11358 goto nla_put_failure;
11359
11360 if (survey->channel && survey->channel->freq_offset &&
11361 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
11362 survey->channel->freq_offset))
11363 goto nla_put_failure;
11364
11365 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
11366 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
11367 goto nla_put_failure;
11368 if ((survey->filled & SURVEY_INFO_IN_USE) &&
11369 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
11370 goto nla_put_failure;
11371 if ((survey->filled & SURVEY_INFO_TIME) &&
11372 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
11373 survey->time, NL80211_SURVEY_INFO_PAD))
11374 goto nla_put_failure;
11375 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
11376 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
11377 survey->time_busy, NL80211_SURVEY_INFO_PAD))
11378 goto nla_put_failure;
11379 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
11380 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
11381 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
11382 goto nla_put_failure;
11383 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
11384 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
11385 survey->time_rx, NL80211_SURVEY_INFO_PAD))
11386 goto nla_put_failure;
11387 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
11388 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
11389 survey->time_tx, NL80211_SURVEY_INFO_PAD))
11390 goto nla_put_failure;
11391 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
11392 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
11393 survey->time_scan, NL80211_SURVEY_INFO_PAD))
11394 goto nla_put_failure;
11395 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
11396 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
11397 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
11398 goto nla_put_failure;
11399
11400 nla_nest_end(msg, infoattr);
11401
11402 genlmsg_end(msg, hdr);
11403 return 0;
11404
11405 nla_put_failure:
11406 genlmsg_cancel(msg, hdr);
11407 return -EMSGSIZE;
11408 }
11409
nl80211_dump_survey(struct sk_buff * skb,struct netlink_callback * cb)11410 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
11411 {
11412 struct nlattr **attrbuf;
11413 struct survey_info survey;
11414 struct cfg80211_registered_device *rdev;
11415 struct wireless_dev *wdev;
11416 int survey_idx = cb->args[2];
11417 int res;
11418 bool radio_stats;
11419
11420 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
11421 if (!attrbuf)
11422 return -ENOMEM;
11423
11424 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
11425 if (res) {
11426 kfree(attrbuf);
11427 return res;
11428 }
11429 /* nl80211_prepare_wdev_dump acquired it in the successful case */
11430 __acquire(&rdev->wiphy.mtx);
11431
11432 /* prepare_wdev_dump parsed the attributes */
11433 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
11434
11435 if (!wdev->netdev) {
11436 res = -EINVAL;
11437 goto out_err;
11438 }
11439
11440 if (!rdev->ops->dump_survey) {
11441 res = -EOPNOTSUPP;
11442 goto out_err;
11443 }
11444
11445 while (1) {
11446 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
11447 if (res == -ENOENT)
11448 break;
11449 if (res)
11450 goto out_err;
11451
11452 /* don't send disabled channels, but do send non-channel data */
11453 if (survey.channel &&
11454 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
11455 survey_idx++;
11456 continue;
11457 }
11458
11459 if (nl80211_send_survey(skb,
11460 NETLINK_CB(cb->skb).portid,
11461 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11462 wdev->netdev, radio_stats, &survey) < 0)
11463 goto out;
11464 survey_idx++;
11465 }
11466
11467 out:
11468 cb->args[2] = survey_idx;
11469 res = skb->len;
11470 out_err:
11471 kfree(attrbuf);
11472 wiphy_unlock(&rdev->wiphy);
11473 return res;
11474 }
11475
nl80211_authenticate(struct sk_buff * skb,struct genl_info * info)11476 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
11477 {
11478 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11479 struct net_device *dev = info->user_ptr[1];
11480 struct ieee80211_channel *chan;
11481 const u8 *bssid, *ssid;
11482 int err, ssid_len;
11483 enum nl80211_auth_type auth_type;
11484 struct key_parse key;
11485 bool local_state_change;
11486 struct cfg80211_auth_request req = {};
11487 u32 freq;
11488
11489 if (!info->attrs[NL80211_ATTR_MAC])
11490 return -EINVAL;
11491
11492 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
11493 return -EINVAL;
11494
11495 if (!info->attrs[NL80211_ATTR_SSID])
11496 return -EINVAL;
11497
11498 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
11499 return -EINVAL;
11500
11501 err = nl80211_parse_key(info, &key);
11502 if (err)
11503 return err;
11504
11505 if (key.idx >= 0) {
11506 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
11507 return -EINVAL;
11508 if (!key.p.key || !key.p.key_len)
11509 return -EINVAL;
11510 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
11511 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
11512 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
11513 key.p.key_len != WLAN_KEY_LEN_WEP104))
11514 return -EINVAL;
11515 if (key.idx > 3)
11516 return -EINVAL;
11517 } else {
11518 key.p.key_len = 0;
11519 key.p.key = NULL;
11520 }
11521
11522 if (key.idx >= 0) {
11523 int i;
11524 bool ok = false;
11525
11526 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
11527 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
11528 ok = true;
11529 break;
11530 }
11531 }
11532 if (!ok)
11533 return -EINVAL;
11534 }
11535
11536 if (!rdev->ops->auth)
11537 return -EOPNOTSUPP;
11538
11539 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11540 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11541 return -EOPNOTSUPP;
11542
11543 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11544 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
11545 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
11546 freq +=
11547 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
11548
11549 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
11550 if (!chan)
11551 return -EINVAL;
11552
11553 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11554 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11555
11556 if (info->attrs[NL80211_ATTR_IE]) {
11557 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11558 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11559 }
11560
11561 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
11562 req.supported_selectors =
11563 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
11564 req.supported_selectors_len =
11565 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
11566 }
11567
11568 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
11569 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
11570 return -EINVAL;
11571
11572 if ((auth_type == NL80211_AUTHTYPE_SAE ||
11573 auth_type == NL80211_AUTHTYPE_FILS_SK ||
11574 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
11575 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
11576 !info->attrs[NL80211_ATTR_AUTH_DATA])
11577 return -EINVAL;
11578
11579 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
11580 if (auth_type != NL80211_AUTHTYPE_SAE &&
11581 auth_type != NL80211_AUTHTYPE_FILS_SK &&
11582 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
11583 auth_type != NL80211_AUTHTYPE_FILS_PK)
11584 return -EINVAL;
11585 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
11586 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
11587 }
11588
11589 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11590
11591 /*
11592 * Since we no longer track auth state, ignore
11593 * requests to only change local state.
11594 */
11595 if (local_state_change)
11596 return 0;
11597
11598 req.auth_type = auth_type;
11599 req.key = key.p.key;
11600 req.key_len = key.p.key_len;
11601 req.key_idx = key.idx;
11602 req.link_id = nl80211_link_id_or_invalid(info->attrs);
11603 if (req.link_id >= 0) {
11604 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
11605 return -EINVAL;
11606 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
11607 return -EINVAL;
11608 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
11609 if (!is_valid_ether_addr(req.ap_mld_addr))
11610 return -EINVAL;
11611 }
11612
11613 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
11614 IEEE80211_BSS_TYPE_ESS,
11615 IEEE80211_PRIVACY_ANY);
11616 if (!req.bss)
11617 return -ENOENT;
11618
11619 err = cfg80211_mlme_auth(rdev, dev, &req);
11620
11621 cfg80211_put_bss(&rdev->wiphy, req.bss);
11622
11623 return err;
11624 }
11625
validate_pae_over_nl80211(struct cfg80211_registered_device * rdev,struct genl_info * info)11626 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
11627 struct genl_info *info)
11628 {
11629 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
11630 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
11631 return -EINVAL;
11632 }
11633
11634 if (!rdev->ops->tx_control_port ||
11635 !wiphy_ext_feature_isset(&rdev->wiphy,
11636 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
11637 return -EOPNOTSUPP;
11638
11639 return 0;
11640 }
11641
nl80211_crypto_settings(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_crypto_settings * settings,int cipher_limit)11642 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
11643 struct genl_info *info,
11644 struct cfg80211_crypto_settings *settings,
11645 int cipher_limit)
11646 {
11647 memset(settings, 0, sizeof(*settings));
11648
11649 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
11650
11651 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
11652 u16 proto;
11653
11654 proto = nla_get_u16(
11655 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
11656 settings->control_port_ethertype = cpu_to_be16(proto);
11657 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
11658 proto != ETH_P_PAE)
11659 return -EINVAL;
11660 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
11661 settings->control_port_no_encrypt = true;
11662 } else
11663 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
11664
11665 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11666 int r = validate_pae_over_nl80211(rdev, info);
11667
11668 if (r < 0)
11669 return r;
11670
11671 settings->control_port_over_nl80211 = true;
11672
11673 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
11674 settings->control_port_no_preauth = true;
11675 }
11676
11677 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
11678 void *data;
11679 int len, i;
11680
11681 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
11682 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
11683 settings->n_ciphers_pairwise = len / sizeof(u32);
11684
11685 if (len % sizeof(u32))
11686 return -EINVAL;
11687
11688 if (settings->n_ciphers_pairwise > cipher_limit)
11689 return -EINVAL;
11690
11691 memcpy(settings->ciphers_pairwise, data, len);
11692
11693 for (i = 0; i < settings->n_ciphers_pairwise; i++)
11694 if (!cfg80211_supported_cipher_suite(
11695 &rdev->wiphy,
11696 settings->ciphers_pairwise[i]))
11697 return -EINVAL;
11698 }
11699
11700 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
11701 settings->cipher_group =
11702 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
11703 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
11704 settings->cipher_group))
11705 return -EINVAL;
11706 }
11707
11708 if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
11709 settings->wpa_versions =
11710 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
11711
11712 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
11713 void *data;
11714 int len;
11715
11716 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
11717 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
11718 settings->n_akm_suites = len / sizeof(u32);
11719
11720 if (len % sizeof(u32))
11721 return -EINVAL;
11722
11723 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
11724 return -EINVAL;
11725
11726 memcpy(settings->akm_suites, data, len);
11727 }
11728
11729 if (info->attrs[NL80211_ATTR_PMK]) {
11730 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
11731 return -EINVAL;
11732 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11733 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
11734 !wiphy_ext_feature_isset(&rdev->wiphy,
11735 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
11736 return -EINVAL;
11737 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11738 }
11739
11740 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
11741 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11742 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
11743 !wiphy_ext_feature_isset(&rdev->wiphy,
11744 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
11745 return -EINVAL;
11746 settings->sae_pwd =
11747 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11748 settings->sae_pwd_len =
11749 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11750 }
11751
11752 settings->sae_pwe =
11753 nla_get_u8_default(info->attrs[NL80211_ATTR_SAE_PWE],
11754 NL80211_SAE_PWE_UNSPECIFIED);
11755
11756 return 0;
11757 }
11758
nl80211_assoc_bss(struct cfg80211_registered_device * rdev,const u8 * ssid,int ssid_len,struct nlattr ** attrs,int assoc_link_id,int link_id)11759 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
11760 const u8 *ssid, int ssid_len,
11761 struct nlattr **attrs,
11762 int assoc_link_id, int link_id)
11763 {
11764 struct ieee80211_channel *chan;
11765 struct cfg80211_bss *bss;
11766 const u8 *bssid;
11767 u32 freq, use_for = 0;
11768
11769 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
11770 return ERR_PTR(-EINVAL);
11771
11772 bssid = nla_data(attrs[NL80211_ATTR_MAC]);
11773
11774 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
11775 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
11776 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
11777
11778 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
11779 if (!chan)
11780 return ERR_PTR(-EINVAL);
11781
11782 if (assoc_link_id >= 0)
11783 use_for = NL80211_BSS_USE_FOR_MLD_LINK;
11784 if (assoc_link_id == link_id)
11785 use_for |= NL80211_BSS_USE_FOR_NORMAL;
11786
11787 bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
11788 ssid, ssid_len,
11789 IEEE80211_BSS_TYPE_ESS,
11790 IEEE80211_PRIVACY_ANY,
11791 use_for);
11792 if (!bss)
11793 return ERR_PTR(-ENOENT);
11794
11795 return bss;
11796 }
11797
nl80211_process_links(struct cfg80211_registered_device * rdev,struct cfg80211_assoc_link * links,int assoc_link_id,const u8 * ssid,int ssid_len,struct genl_info * info)11798 static int nl80211_process_links(struct cfg80211_registered_device *rdev,
11799 struct cfg80211_assoc_link *links,
11800 int assoc_link_id,
11801 const u8 *ssid, int ssid_len,
11802 struct genl_info *info)
11803 {
11804 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(struct nlattr *);
11805 struct nlattr **attrs __free(kfree) = kzalloc(attrsize, GFP_KERNEL);
11806 struct nlattr *link;
11807 unsigned int link_id;
11808 int rem, err;
11809
11810 if (!attrs)
11811 return -ENOMEM;
11812
11813 nla_for_each_nested(link, info->attrs[NL80211_ATTR_MLO_LINKS], rem) {
11814 memset(attrs, 0, attrsize);
11815
11816 nla_parse_nested(attrs, NL80211_ATTR_MAX, link, NULL, NULL);
11817
11818 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
11819 NL_SET_BAD_ATTR(info->extack, link);
11820 return -EINVAL;
11821 }
11822
11823 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
11824 /* cannot use the same link ID again */
11825 if (links[link_id].bss) {
11826 NL_SET_BAD_ATTR(info->extack, link);
11827 return -EINVAL;
11828 }
11829 links[link_id].bss =
11830 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
11831 assoc_link_id, link_id);
11832 if (IS_ERR(links[link_id].bss)) {
11833 err = PTR_ERR(links[link_id].bss);
11834 links[link_id].bss = NULL;
11835 NL_SET_ERR_MSG_ATTR(info->extack, link,
11836 "Error fetching BSS for link");
11837 return err;
11838 }
11839
11840 if (attrs[NL80211_ATTR_IE]) {
11841 links[link_id].elems = nla_data(attrs[NL80211_ATTR_IE]);
11842 links[link_id].elems_len =
11843 nla_len(attrs[NL80211_ATTR_IE]);
11844
11845 if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
11846 links[link_id].elems,
11847 links[link_id].elems_len)) {
11848 NL_SET_ERR_MSG_ATTR(info->extack,
11849 attrs[NL80211_ATTR_IE],
11850 "cannot deal with fragmentation");
11851 return -EINVAL;
11852 }
11853
11854 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11855 links[link_id].elems,
11856 links[link_id].elems_len)) {
11857 NL_SET_ERR_MSG_ATTR(info->extack,
11858 attrs[NL80211_ATTR_IE],
11859 "cannot deal with non-inheritance");
11860 return -EINVAL;
11861 }
11862 }
11863
11864 links[link_id].disabled =
11865 nla_get_flag(attrs[NL80211_ATTR_MLO_LINK_DISABLED]);
11866 }
11867
11868 return 0;
11869 }
11870
nl80211_associate(struct sk_buff * skb,struct genl_info * info)11871 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
11872 {
11873 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11874 struct net_device *dev = info->user_ptr[1];
11875 struct cfg80211_assoc_request req = {};
11876 const u8 *ap_addr, *ssid;
11877 unsigned int link_id;
11878 int err, ssid_len;
11879
11880 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11881 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11882 return -EPERM;
11883
11884 if (!info->attrs[NL80211_ATTR_SSID])
11885 return -EINVAL;
11886
11887 if (!rdev->ops->assoc)
11888 return -EOPNOTSUPP;
11889
11890 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11891 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11892 return -EOPNOTSUPP;
11893
11894 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11895 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11896
11897 if (info->attrs[NL80211_ATTR_IE]) {
11898 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11899 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11900
11901 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11902 req.ie, req.ie_len)) {
11903 NL_SET_ERR_MSG_ATTR(info->extack,
11904 info->attrs[NL80211_ATTR_IE],
11905 "non-inheritance makes no sense");
11906 return -EINVAL;
11907 }
11908 }
11909
11910 if (info->attrs[NL80211_ATTR_USE_MFP]) {
11911 enum nl80211_mfp mfp =
11912 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
11913 if (mfp == NL80211_MFP_REQUIRED)
11914 req.use_mfp = true;
11915 else if (mfp != NL80211_MFP_NO)
11916 return -EINVAL;
11917 }
11918
11919 if (info->attrs[NL80211_ATTR_PREV_BSSID])
11920 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
11921
11922 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
11923 req.supported_selectors =
11924 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
11925 req.supported_selectors_len =
11926 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
11927 }
11928
11929 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
11930 req.flags |= ASSOC_REQ_DISABLE_HT;
11931
11932 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11933 memcpy(&req.ht_capa_mask,
11934 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11935 sizeof(req.ht_capa_mask));
11936
11937 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11938 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11939 return -EINVAL;
11940 memcpy(&req.ht_capa,
11941 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11942 sizeof(req.ht_capa));
11943 }
11944
11945 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
11946 req.flags |= ASSOC_REQ_DISABLE_VHT;
11947
11948 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
11949 req.flags |= ASSOC_REQ_DISABLE_HE;
11950
11951 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
11952 req.flags |= ASSOC_REQ_DISABLE_EHT;
11953
11954 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11955 memcpy(&req.vht_capa_mask,
11956 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
11957 sizeof(req.vht_capa_mask));
11958
11959 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
11960 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11961 return -EINVAL;
11962 memcpy(&req.vht_capa,
11963 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
11964 sizeof(req.vht_capa));
11965 }
11966
11967 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
11968 if (!((rdev->wiphy.features &
11969 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
11970 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
11971 !wiphy_ext_feature_isset(&rdev->wiphy,
11972 NL80211_EXT_FEATURE_RRM))
11973 return -EINVAL;
11974 req.flags |= ASSOC_REQ_USE_RRM;
11975 }
11976
11977 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
11978 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
11979 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
11980 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
11981 return -EINVAL;
11982 req.fils_nonces =
11983 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
11984 }
11985
11986 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
11987 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
11988 return -EINVAL;
11989 memcpy(&req.s1g_capa_mask,
11990 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
11991 sizeof(req.s1g_capa_mask));
11992 }
11993
11994 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
11995 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
11996 return -EINVAL;
11997 memcpy(&req.s1g_capa,
11998 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
11999 sizeof(req.s1g_capa));
12000 }
12001
12002 if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
12003 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12004 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
12005 GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
12006 return -EINVAL;
12007 }
12008 req.flags |= ASSOC_REQ_SPP_AMSDU;
12009 }
12010
12011 req.link_id = nl80211_link_id_or_invalid(info->attrs);
12012
12013 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
12014 if (req.link_id < 0)
12015 return -EINVAL;
12016
12017 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
12018 return -EINVAL;
12019
12020 if (info->attrs[NL80211_ATTR_MAC] ||
12021 info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12022 !info->attrs[NL80211_ATTR_MLD_ADDR])
12023 return -EINVAL;
12024
12025 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
12026 ap_addr = req.ap_mld_addr;
12027
12028 err = nl80211_process_links(rdev, req.links, req.link_id,
12029 ssid, ssid_len, info);
12030 if (err)
12031 goto free;
12032
12033 if (!req.links[req.link_id].bss) {
12034 err = -EINVAL;
12035 goto free;
12036 }
12037
12038 if (req.links[req.link_id].elems_len) {
12039 GENL_SET_ERR_MSG(info,
12040 "cannot have per-link elems on assoc link");
12041 err = -EINVAL;
12042 goto free;
12043 }
12044
12045 if (req.links[req.link_id].disabled) {
12046 GENL_SET_ERR_MSG(info,
12047 "cannot have assoc link disabled");
12048 err = -EINVAL;
12049 goto free;
12050 }
12051
12052 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
12053 req.ext_mld_capa_ops =
12054 nla_get_u16(info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS]);
12055 } else {
12056 if (req.link_id >= 0)
12057 return -EINVAL;
12058
12059 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
12060 -1, -1);
12061 if (IS_ERR(req.bss))
12062 return PTR_ERR(req.bss);
12063 ap_addr = req.bss->bssid;
12064
12065 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
12066 return -EINVAL;
12067 }
12068
12069 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
12070 if (!err) {
12071 struct nlattr *link;
12072 int rem = 0;
12073
12074 err = cfg80211_mlme_assoc(rdev, dev, &req,
12075 info->extack);
12076
12077 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12078 dev->ieee80211_ptr->conn_owner_nlportid =
12079 info->snd_portid;
12080 memcpy(dev->ieee80211_ptr->disconnect_bssid,
12081 ap_addr, ETH_ALEN);
12082 }
12083
12084 /* Report error from first problematic link */
12085 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
12086 nla_for_each_nested(link,
12087 info->attrs[NL80211_ATTR_MLO_LINKS],
12088 rem) {
12089 struct nlattr *link_id_attr =
12090 nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
12091
12092 if (!link_id_attr)
12093 continue;
12094
12095 link_id = nla_get_u8(link_id_attr);
12096
12097 if (link_id == req.link_id)
12098 continue;
12099
12100 if (!req.links[link_id].error ||
12101 WARN_ON(req.links[link_id].error > 0))
12102 continue;
12103
12104 WARN_ON(err >= 0);
12105
12106 NL_SET_BAD_ATTR(info->extack, link);
12107 err = req.links[link_id].error;
12108 break;
12109 }
12110 }
12111 }
12112
12113 free:
12114 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
12115 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
12116 cfg80211_put_bss(&rdev->wiphy, req.bss);
12117
12118 return err;
12119 }
12120
nl80211_deauthenticate(struct sk_buff * skb,struct genl_info * info)12121 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
12122 {
12123 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12124 struct net_device *dev = info->user_ptr[1];
12125 const u8 *ie = NULL, *bssid;
12126 int ie_len = 0;
12127 u16 reason_code;
12128 bool local_state_change;
12129
12130 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12131 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12132 return -EPERM;
12133
12134 if (!info->attrs[NL80211_ATTR_MAC])
12135 return -EINVAL;
12136
12137 if (!info->attrs[NL80211_ATTR_REASON_CODE])
12138 return -EINVAL;
12139
12140 if (!rdev->ops->deauth)
12141 return -EOPNOTSUPP;
12142
12143 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12144 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12145 return -EOPNOTSUPP;
12146
12147 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12148
12149 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
12150 if (reason_code == 0) {
12151 /* Reason Code 0 is reserved */
12152 return -EINVAL;
12153 }
12154
12155 if (info->attrs[NL80211_ATTR_IE]) {
12156 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12157 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12158 }
12159
12160 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12161
12162 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
12163 local_state_change);
12164 }
12165
nl80211_disassociate(struct sk_buff * skb,struct genl_info * info)12166 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
12167 {
12168 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12169 struct net_device *dev = info->user_ptr[1];
12170 const u8 *ie = NULL, *bssid;
12171 int ie_len = 0;
12172 u16 reason_code;
12173 bool local_state_change;
12174
12175 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12176 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12177 return -EPERM;
12178
12179 if (!info->attrs[NL80211_ATTR_MAC])
12180 return -EINVAL;
12181
12182 if (!info->attrs[NL80211_ATTR_REASON_CODE])
12183 return -EINVAL;
12184
12185 if (!rdev->ops->disassoc)
12186 return -EOPNOTSUPP;
12187
12188 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12189 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12190 return -EOPNOTSUPP;
12191
12192 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12193
12194 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
12195 if (reason_code == 0) {
12196 /* Reason Code 0 is reserved */
12197 return -EINVAL;
12198 }
12199
12200 if (info->attrs[NL80211_ATTR_IE]) {
12201 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12202 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12203 }
12204
12205 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12206
12207 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
12208 local_state_change);
12209 }
12210
12211 static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device * rdev,int mcast_rate[NUM_NL80211_BANDS],int rateval)12212 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
12213 int mcast_rate[NUM_NL80211_BANDS],
12214 int rateval)
12215 {
12216 struct wiphy *wiphy = &rdev->wiphy;
12217 bool found = false;
12218 int band, i;
12219
12220 for (band = 0; band < NUM_NL80211_BANDS; band++) {
12221 struct ieee80211_supported_band *sband;
12222
12223 sband = wiphy->bands[band];
12224 if (!sband)
12225 continue;
12226
12227 for (i = 0; i < sband->n_bitrates; i++) {
12228 if (sband->bitrates[i].bitrate == rateval) {
12229 mcast_rate[band] = i + 1;
12230 found = true;
12231 break;
12232 }
12233 }
12234 }
12235
12236 return found;
12237 }
12238
nl80211_join_ibss(struct sk_buff * skb,struct genl_info * info)12239 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
12240 {
12241 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12242 struct net_device *dev = info->user_ptr[1];
12243 struct cfg80211_ibss_params ibss;
12244 struct wiphy *wiphy;
12245 struct cfg80211_cached_keys *connkeys = NULL;
12246 int err;
12247
12248 memset(&ibss, 0, sizeof(ibss));
12249
12250 if (!info->attrs[NL80211_ATTR_SSID] ||
12251 !nla_len(info->attrs[NL80211_ATTR_SSID]))
12252 return -EINVAL;
12253
12254 ibss.beacon_interval = 100;
12255
12256 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
12257 ibss.beacon_interval =
12258 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
12259
12260 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
12261 ibss.beacon_interval);
12262 if (err)
12263 return err;
12264
12265 if (!rdev->ops->join_ibss)
12266 return -EOPNOTSUPP;
12267
12268 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
12269 return -EOPNOTSUPP;
12270
12271 wiphy = &rdev->wiphy;
12272
12273 if (info->attrs[NL80211_ATTR_MAC]) {
12274 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12275
12276 if (!is_valid_ether_addr(ibss.bssid))
12277 return -EINVAL;
12278 }
12279 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12280 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12281
12282 if (info->attrs[NL80211_ATTR_IE]) {
12283 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12284 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12285 }
12286
12287 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
12288 if (err)
12289 return err;
12290
12291 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
12292 NL80211_IFTYPE_ADHOC))
12293 return -EINVAL;
12294
12295 switch (ibss.chandef.width) {
12296 case NL80211_CHAN_WIDTH_5:
12297 case NL80211_CHAN_WIDTH_10:
12298 case NL80211_CHAN_WIDTH_20_NOHT:
12299 break;
12300 case NL80211_CHAN_WIDTH_20:
12301 case NL80211_CHAN_WIDTH_40:
12302 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
12303 return -EINVAL;
12304 break;
12305 case NL80211_CHAN_WIDTH_80:
12306 case NL80211_CHAN_WIDTH_80P80:
12307 case NL80211_CHAN_WIDTH_160:
12308 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
12309 return -EINVAL;
12310 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12311 NL80211_EXT_FEATURE_VHT_IBSS))
12312 return -EINVAL;
12313 break;
12314 case NL80211_CHAN_WIDTH_320:
12315 return -EINVAL;
12316 default:
12317 return -EINVAL;
12318 }
12319
12320 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
12321 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
12322
12323 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
12324 u8 *rates =
12325 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
12326 int n_rates =
12327 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
12328 struct ieee80211_supported_band *sband =
12329 wiphy->bands[ibss.chandef.chan->band];
12330
12331 err = ieee80211_get_ratemask(sband, rates, n_rates,
12332 &ibss.basic_rates);
12333 if (err)
12334 return err;
12335 }
12336
12337 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12338 memcpy(&ibss.ht_capa_mask,
12339 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12340 sizeof(ibss.ht_capa_mask));
12341
12342 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12343 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12344 return -EINVAL;
12345 memcpy(&ibss.ht_capa,
12346 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12347 sizeof(ibss.ht_capa));
12348 }
12349
12350 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
12351 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
12352 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
12353 return -EINVAL;
12354
12355 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
12356 bool no_ht = false;
12357
12358 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
12359 if (IS_ERR(connkeys))
12360 return PTR_ERR(connkeys);
12361
12362 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
12363 no_ht) {
12364 kfree_sensitive(connkeys);
12365 return -EINVAL;
12366 }
12367 }
12368
12369 ibss.control_port =
12370 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
12371
12372 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
12373 int r = validate_pae_over_nl80211(rdev, info);
12374
12375 if (r < 0) {
12376 kfree_sensitive(connkeys);
12377 return r;
12378 }
12379
12380 ibss.control_port_over_nl80211 = true;
12381 }
12382
12383 ibss.userspace_handles_dfs =
12384 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
12385
12386 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
12387 if (err)
12388 kfree_sensitive(connkeys);
12389 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
12390 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
12391
12392 return err;
12393 }
12394
nl80211_leave_ibss(struct sk_buff * skb,struct genl_info * info)12395 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
12396 {
12397 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12398 struct net_device *dev = info->user_ptr[1];
12399
12400 if (!rdev->ops->leave_ibss)
12401 return -EOPNOTSUPP;
12402
12403 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
12404 return -EOPNOTSUPP;
12405
12406 return cfg80211_leave_ibss(rdev, dev, false);
12407 }
12408
nl80211_set_mcast_rate(struct sk_buff * skb,struct genl_info * info)12409 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
12410 {
12411 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12412 struct net_device *dev = info->user_ptr[1];
12413 int mcast_rate[NUM_NL80211_BANDS];
12414 u32 nla_rate;
12415
12416 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
12417 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
12418 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
12419 return -EOPNOTSUPP;
12420
12421 if (!rdev->ops->set_mcast_rate)
12422 return -EOPNOTSUPP;
12423
12424 memset(mcast_rate, 0, sizeof(mcast_rate));
12425
12426 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
12427 return -EINVAL;
12428
12429 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
12430 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
12431 return -EINVAL;
12432
12433 return rdev_set_mcast_rate(rdev, dev, mcast_rate);
12434 }
12435
12436 static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,int approxlen,u32 portid,u32 seq,enum nl80211_commands cmd,enum nl80211_attrs attr,const struct nl80211_vendor_cmd_info * info,gfp_t gfp)12437 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
12438 struct wireless_dev *wdev, int approxlen,
12439 u32 portid, u32 seq, enum nl80211_commands cmd,
12440 enum nl80211_attrs attr,
12441 const struct nl80211_vendor_cmd_info *info,
12442 gfp_t gfp)
12443 {
12444 struct sk_buff *skb;
12445 void *hdr;
12446 struct nlattr *data;
12447
12448 skb = nlmsg_new(approxlen + 100, gfp);
12449 if (!skb)
12450 return NULL;
12451
12452 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
12453 if (!hdr) {
12454 kfree_skb(skb);
12455 return NULL;
12456 }
12457
12458 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
12459 goto nla_put_failure;
12460
12461 if (info) {
12462 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
12463 info->vendor_id))
12464 goto nla_put_failure;
12465 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
12466 info->subcmd))
12467 goto nla_put_failure;
12468 }
12469
12470 if (wdev) {
12471 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12472 wdev_id(wdev), NL80211_ATTR_PAD))
12473 goto nla_put_failure;
12474 if (wdev->netdev &&
12475 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
12476 wdev->netdev->ifindex))
12477 goto nla_put_failure;
12478 }
12479
12480 data = nla_nest_start_noflag(skb, attr);
12481 if (!data)
12482 goto nla_put_failure;
12483
12484 ((void **)skb->cb)[0] = rdev;
12485 ((void **)skb->cb)[1] = hdr;
12486 ((void **)skb->cb)[2] = data;
12487
12488 return skb;
12489
12490 nla_put_failure:
12491 kfree_skb(skb);
12492 return NULL;
12493 }
12494
__cfg80211_alloc_event_skb(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_commands cmd,enum nl80211_attrs attr,unsigned int portid,int vendor_event_idx,int approxlen,gfp_t gfp)12495 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
12496 struct wireless_dev *wdev,
12497 enum nl80211_commands cmd,
12498 enum nl80211_attrs attr,
12499 unsigned int portid,
12500 int vendor_event_idx,
12501 int approxlen, gfp_t gfp)
12502 {
12503 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12504 const struct nl80211_vendor_cmd_info *info;
12505
12506 switch (cmd) {
12507 case NL80211_CMD_TESTMODE:
12508 if (WARN_ON(vendor_event_idx != -1))
12509 return NULL;
12510 info = NULL;
12511 break;
12512 case NL80211_CMD_VENDOR:
12513 if (WARN_ON(vendor_event_idx < 0 ||
12514 vendor_event_idx >= wiphy->n_vendor_events))
12515 return NULL;
12516 info = &wiphy->vendor_events[vendor_event_idx];
12517 break;
12518 default:
12519 WARN_ON(1);
12520 return NULL;
12521 }
12522
12523 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
12524 cmd, attr, info, gfp);
12525 }
12526 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
12527
__cfg80211_send_event_skb(struct sk_buff * skb,gfp_t gfp)12528 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
12529 {
12530 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12531 void *hdr = ((void **)skb->cb)[1];
12532 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
12533 struct nlattr *data = ((void **)skb->cb)[2];
12534 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
12535
12536 /* clear CB data for netlink core to own from now on */
12537 memset(skb->cb, 0, sizeof(skb->cb));
12538
12539 nla_nest_end(skb, data);
12540 genlmsg_end(skb, hdr);
12541
12542 if (nlhdr->nlmsg_pid) {
12543 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
12544 nlhdr->nlmsg_pid);
12545 } else {
12546 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
12547 mcgrp = NL80211_MCGRP_VENDOR;
12548
12549 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12550 skb, 0, mcgrp, gfp);
12551 }
12552 }
12553 EXPORT_SYMBOL(__cfg80211_send_event_skb);
12554
12555 #ifdef CONFIG_NL80211_TESTMODE
nl80211_testmode_do(struct sk_buff * skb,struct genl_info * info)12556 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
12557 {
12558 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12559 struct wireless_dev *wdev;
12560 int err;
12561
12562 lockdep_assert_held(&rdev->wiphy.mtx);
12563
12564 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
12565 info->attrs);
12566
12567 if (!rdev->ops->testmode_cmd)
12568 return -EOPNOTSUPP;
12569
12570 if (IS_ERR(wdev)) {
12571 err = PTR_ERR(wdev);
12572 if (err != -EINVAL)
12573 return err;
12574 wdev = NULL;
12575 } else if (wdev->wiphy != &rdev->wiphy) {
12576 return -EINVAL;
12577 }
12578
12579 if (!info->attrs[NL80211_ATTR_TESTDATA])
12580 return -EINVAL;
12581
12582 rdev->cur_cmd_info = info;
12583 err = rdev_testmode_cmd(rdev, wdev,
12584 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
12585 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
12586 rdev->cur_cmd_info = NULL;
12587
12588 return err;
12589 }
12590
nl80211_testmode_dump(struct sk_buff * skb,struct netlink_callback * cb)12591 static int nl80211_testmode_dump(struct sk_buff *skb,
12592 struct netlink_callback *cb)
12593 {
12594 struct cfg80211_registered_device *rdev;
12595 struct nlattr **attrbuf = NULL;
12596 int err;
12597 long phy_idx;
12598 void *data = NULL;
12599 int data_len = 0;
12600
12601 rtnl_lock();
12602
12603 if (cb->args[0]) {
12604 /*
12605 * 0 is a valid index, but not valid for args[0],
12606 * so we need to offset by 1.
12607 */
12608 phy_idx = cb->args[0] - 1;
12609
12610 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
12611 if (!rdev) {
12612 err = -ENOENT;
12613 goto out_err;
12614 }
12615 } else {
12616 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
12617 GFP_KERNEL);
12618 if (!attrbuf) {
12619 err = -ENOMEM;
12620 goto out_err;
12621 }
12622
12623 err = nlmsg_parse_deprecated(cb->nlh,
12624 GENL_HDRLEN + nl80211_fam.hdrsize,
12625 attrbuf, nl80211_fam.maxattr,
12626 nl80211_policy, NULL);
12627 if (err)
12628 goto out_err;
12629
12630 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12631 if (IS_ERR(rdev)) {
12632 err = PTR_ERR(rdev);
12633 goto out_err;
12634 }
12635 phy_idx = rdev->wiphy_idx;
12636
12637 if (attrbuf[NL80211_ATTR_TESTDATA])
12638 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
12639 }
12640
12641 if (cb->args[1]) {
12642 data = nla_data((void *)cb->args[1]);
12643 data_len = nla_len((void *)cb->args[1]);
12644 }
12645
12646 if (!rdev->ops->testmode_dump) {
12647 err = -EOPNOTSUPP;
12648 goto out_err;
12649 }
12650
12651 while (1) {
12652 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12653 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12654 NL80211_CMD_TESTMODE);
12655 struct nlattr *tmdata;
12656
12657 if (!hdr)
12658 break;
12659
12660 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
12661 genlmsg_cancel(skb, hdr);
12662 break;
12663 }
12664
12665 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
12666 if (!tmdata) {
12667 genlmsg_cancel(skb, hdr);
12668 break;
12669 }
12670 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
12671 nla_nest_end(skb, tmdata);
12672
12673 if (err == -ENOBUFS || err == -ENOENT) {
12674 genlmsg_cancel(skb, hdr);
12675 break;
12676 } else if (err) {
12677 genlmsg_cancel(skb, hdr);
12678 goto out_err;
12679 }
12680
12681 genlmsg_end(skb, hdr);
12682 }
12683
12684 err = skb->len;
12685 /* see above */
12686 cb->args[0] = phy_idx + 1;
12687 out_err:
12688 kfree(attrbuf);
12689 rtnl_unlock();
12690 return err;
12691 }
12692 #endif
12693
nl80211_connect(struct sk_buff * skb,struct genl_info * info)12694 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
12695 {
12696 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12697 struct net_device *dev = info->user_ptr[1];
12698 struct cfg80211_connect_params connect;
12699 struct wiphy *wiphy;
12700 struct cfg80211_cached_keys *connkeys = NULL;
12701 u32 freq = 0;
12702 int err;
12703
12704 memset(&connect, 0, sizeof(connect));
12705
12706 if (!info->attrs[NL80211_ATTR_SSID] ||
12707 !nla_len(info->attrs[NL80211_ATTR_SSID]))
12708 return -EINVAL;
12709
12710 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12711 connect.auth_type =
12712 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12713 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
12714 NL80211_CMD_CONNECT))
12715 return -EINVAL;
12716 } else
12717 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
12718
12719 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
12720
12721 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
12722 !wiphy_ext_feature_isset(&rdev->wiphy,
12723 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12724 return -EINVAL;
12725 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
12726
12727 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
12728 NL80211_MAX_NR_CIPHER_SUITES);
12729 if (err)
12730 return err;
12731
12732 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12733 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12734 return -EOPNOTSUPP;
12735
12736 wiphy = &rdev->wiphy;
12737
12738 connect.bg_scan_period = -1;
12739 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
12740 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
12741 connect.bg_scan_period =
12742 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
12743 }
12744
12745 if (info->attrs[NL80211_ATTR_MAC])
12746 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12747 else if (info->attrs[NL80211_ATTR_MAC_HINT])
12748 connect.bssid_hint =
12749 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
12750 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12751 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12752
12753 if (info->attrs[NL80211_ATTR_IE]) {
12754 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12755 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12756 }
12757
12758 if (info->attrs[NL80211_ATTR_USE_MFP]) {
12759 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
12760 if (connect.mfp == NL80211_MFP_OPTIONAL &&
12761 !wiphy_ext_feature_isset(&rdev->wiphy,
12762 NL80211_EXT_FEATURE_MFP_OPTIONAL))
12763 return -EOPNOTSUPP;
12764 } else {
12765 connect.mfp = NL80211_MFP_NO;
12766 }
12767
12768 if (info->attrs[NL80211_ATTR_PREV_BSSID])
12769 connect.prev_bssid =
12770 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
12771
12772 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
12773 freq = MHZ_TO_KHZ(nla_get_u32(
12774 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
12775 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12776 freq +=
12777 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12778
12779 if (freq) {
12780 connect.channel = nl80211_get_valid_chan(wiphy, freq);
12781 if (!connect.channel)
12782 return -EINVAL;
12783 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
12784 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
12785 freq = MHZ_TO_KHZ(freq);
12786 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
12787 if (!connect.channel_hint)
12788 return -EINVAL;
12789 }
12790
12791 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
12792 connect.edmg.channels =
12793 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
12794
12795 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
12796 connect.edmg.bw_config =
12797 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
12798 }
12799
12800 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
12801 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
12802 if (IS_ERR(connkeys))
12803 return PTR_ERR(connkeys);
12804 }
12805
12806 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
12807 connect.flags |= ASSOC_REQ_DISABLE_HT;
12808
12809 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12810 memcpy(&connect.ht_capa_mask,
12811 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12812 sizeof(connect.ht_capa_mask));
12813
12814 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12815 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
12816 kfree_sensitive(connkeys);
12817 return -EINVAL;
12818 }
12819 memcpy(&connect.ht_capa,
12820 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12821 sizeof(connect.ht_capa));
12822 }
12823
12824 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
12825 connect.flags |= ASSOC_REQ_DISABLE_VHT;
12826
12827 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
12828 connect.flags |= ASSOC_REQ_DISABLE_HE;
12829
12830 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
12831 connect.flags |= ASSOC_REQ_DISABLE_EHT;
12832
12833 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12834 memcpy(&connect.vht_capa_mask,
12835 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
12836 sizeof(connect.vht_capa_mask));
12837
12838 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
12839 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
12840 kfree_sensitive(connkeys);
12841 return -EINVAL;
12842 }
12843 memcpy(&connect.vht_capa,
12844 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
12845 sizeof(connect.vht_capa));
12846 }
12847
12848 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
12849 if (!((rdev->wiphy.features &
12850 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
12851 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
12852 !wiphy_ext_feature_isset(&rdev->wiphy,
12853 NL80211_EXT_FEATURE_RRM)) {
12854 kfree_sensitive(connkeys);
12855 return -EINVAL;
12856 }
12857 connect.flags |= ASSOC_REQ_USE_RRM;
12858 }
12859
12860 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
12861 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
12862 kfree_sensitive(connkeys);
12863 return -EOPNOTSUPP;
12864 }
12865
12866 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
12867 /* bss selection makes no sense if bssid is set */
12868 if (connect.bssid) {
12869 kfree_sensitive(connkeys);
12870 return -EINVAL;
12871 }
12872
12873 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
12874 wiphy, &connect.bss_select);
12875 if (err) {
12876 kfree_sensitive(connkeys);
12877 return err;
12878 }
12879 }
12880
12881 if (wiphy_ext_feature_isset(&rdev->wiphy,
12882 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
12883 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12884 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12885 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12886 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12887 connect.fils_erp_username =
12888 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12889 connect.fils_erp_username_len =
12890 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12891 connect.fils_erp_realm =
12892 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12893 connect.fils_erp_realm_len =
12894 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12895 connect.fils_erp_next_seq_num =
12896 nla_get_u16(
12897 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12898 connect.fils_erp_rrk =
12899 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12900 connect.fils_erp_rrk_len =
12901 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12902 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12903 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12904 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12905 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12906 kfree_sensitive(connkeys);
12907 return -EINVAL;
12908 }
12909
12910 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
12911 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12912 kfree_sensitive(connkeys);
12913 GENL_SET_ERR_MSG(info,
12914 "external auth requires connection ownership");
12915 return -EINVAL;
12916 }
12917 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
12918 }
12919
12920 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
12921 connect.flags |= CONNECT_REQ_MLO_SUPPORT;
12922
12923 err = cfg80211_connect(rdev, dev, &connect, connkeys,
12924 connect.prev_bssid);
12925 if (err)
12926 kfree_sensitive(connkeys);
12927
12928 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12929 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
12930 if (connect.bssid)
12931 memcpy(dev->ieee80211_ptr->disconnect_bssid,
12932 connect.bssid, ETH_ALEN);
12933 else
12934 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
12935 }
12936
12937 return err;
12938 }
12939
nl80211_update_connect_params(struct sk_buff * skb,struct genl_info * info)12940 static int nl80211_update_connect_params(struct sk_buff *skb,
12941 struct genl_info *info)
12942 {
12943 struct cfg80211_connect_params connect = {};
12944 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12945 struct net_device *dev = info->user_ptr[1];
12946 struct wireless_dev *wdev = dev->ieee80211_ptr;
12947 bool fils_sk_offload;
12948 u32 auth_type;
12949 u32 changed = 0;
12950
12951 if (!rdev->ops->update_connect_params)
12952 return -EOPNOTSUPP;
12953
12954 if (info->attrs[NL80211_ATTR_IE]) {
12955 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12956 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12957 changed |= UPDATE_ASSOC_IES;
12958 }
12959
12960 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
12961 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
12962
12963 /*
12964 * when driver supports fils-sk offload all attributes must be
12965 * provided. So the else covers "fils-sk-not-all" and
12966 * "no-fils-sk-any".
12967 */
12968 if (fils_sk_offload &&
12969 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12970 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12971 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12972 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12973 connect.fils_erp_username =
12974 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12975 connect.fils_erp_username_len =
12976 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12977 connect.fils_erp_realm =
12978 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12979 connect.fils_erp_realm_len =
12980 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12981 connect.fils_erp_next_seq_num =
12982 nla_get_u16(
12983 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12984 connect.fils_erp_rrk =
12985 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12986 connect.fils_erp_rrk_len =
12987 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12988 changed |= UPDATE_FILS_ERP_INFO;
12989 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12990 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12991 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12992 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12993 return -EINVAL;
12994 }
12995
12996 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12997 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12998 if (!nl80211_valid_auth_type(rdev, auth_type,
12999 NL80211_CMD_CONNECT))
13000 return -EINVAL;
13001
13002 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
13003 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
13004 return -EINVAL;
13005
13006 connect.auth_type = auth_type;
13007 changed |= UPDATE_AUTH_TYPE;
13008 }
13009
13010 if (!wdev->connected)
13011 return -ENOLINK;
13012
13013 return rdev_update_connect_params(rdev, dev, &connect, changed);
13014 }
13015
nl80211_disconnect(struct sk_buff * skb,struct genl_info * info)13016 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
13017 {
13018 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13019 struct net_device *dev = info->user_ptr[1];
13020 u16 reason;
13021
13022 if (dev->ieee80211_ptr->conn_owner_nlportid &&
13023 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
13024 return -EPERM;
13025
13026 reason = nla_get_u16_default(info->attrs[NL80211_ATTR_REASON_CODE],
13027 WLAN_REASON_DEAUTH_LEAVING);
13028
13029 if (reason == 0)
13030 return -EINVAL;
13031
13032 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13033 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13034 return -EOPNOTSUPP;
13035
13036 return cfg80211_disconnect(rdev, dev, reason, true);
13037 }
13038
nl80211_wiphy_netns(struct sk_buff * skb,struct genl_info * info)13039 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
13040 {
13041 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13042 struct net *net;
13043 int err;
13044
13045 if (info->attrs[NL80211_ATTR_PID]) {
13046 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
13047
13048 net = get_net_ns_by_pid(pid);
13049 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
13050 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
13051
13052 net = get_net_ns_by_fd(fd);
13053 } else {
13054 return -EINVAL;
13055 }
13056
13057 if (IS_ERR(net))
13058 return PTR_ERR(net);
13059
13060 err = 0;
13061
13062 /* check if anything to do */
13063 if (!net_eq(wiphy_net(&rdev->wiphy), net))
13064 err = cfg80211_switch_netns(rdev, net);
13065
13066 put_net(net);
13067 return err;
13068 }
13069
nl80211_set_pmksa(struct sk_buff * skb,struct genl_info * info)13070 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
13071 {
13072 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13073 struct net_device *dev = info->user_ptr[1];
13074 struct cfg80211_pmksa pmksa;
13075 bool ap_pmksa_caching_support = false;
13076
13077 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
13078
13079 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
13080 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
13081
13082 if (!info->attrs[NL80211_ATTR_PMKID])
13083 return -EINVAL;
13084
13085 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13086
13087 if (info->attrs[NL80211_ATTR_MAC]) {
13088 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13089 } else if (info->attrs[NL80211_ATTR_SSID] &&
13090 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
13091 info->attrs[NL80211_ATTR_PMK]) {
13092 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13093 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13094 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
13095 } else {
13096 return -EINVAL;
13097 }
13098
13099 if (info->attrs[NL80211_ATTR_PMK]) {
13100 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13101 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13102 }
13103
13104 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
13105 pmksa.pmk_lifetime =
13106 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
13107
13108 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
13109 pmksa.pmk_reauth_threshold =
13110 nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
13111
13112 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13113 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
13114 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
13115 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
13116 ap_pmksa_caching_support))
13117 return -EOPNOTSUPP;
13118
13119 if (!rdev->ops->set_pmksa)
13120 return -EOPNOTSUPP;
13121
13122 return rdev_set_pmksa(rdev, dev, &pmksa);
13123 }
13124
nl80211_del_pmksa(struct sk_buff * skb,struct genl_info * info)13125 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
13126 {
13127 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13128 struct net_device *dev = info->user_ptr[1];
13129 struct cfg80211_pmksa pmksa;
13130 bool sae_offload_support = false;
13131 bool owe_offload_support = false;
13132 bool ap_pmksa_caching_support = false;
13133
13134 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
13135
13136 sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
13137 NL80211_EXT_FEATURE_SAE_OFFLOAD);
13138 owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
13139 NL80211_EXT_FEATURE_OWE_OFFLOAD);
13140 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
13141 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
13142
13143 if (info->attrs[NL80211_ATTR_PMKID])
13144 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13145
13146 if (info->attrs[NL80211_ATTR_MAC]) {
13147 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13148 } else if (info->attrs[NL80211_ATTR_SSID]) {
13149 /* SSID based pmksa flush supported only for FILS,
13150 * OWE/SAE OFFLOAD cases
13151 */
13152 if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
13153 info->attrs[NL80211_ATTR_PMK]) {
13154 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
13155 } else if (!sae_offload_support && !owe_offload_support) {
13156 return -EINVAL;
13157 }
13158 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13159 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13160 } else {
13161 return -EINVAL;
13162 }
13163
13164 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13165 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
13166 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
13167 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
13168 ap_pmksa_caching_support))
13169 return -EOPNOTSUPP;
13170
13171 if (!rdev->ops->del_pmksa)
13172 return -EOPNOTSUPP;
13173
13174 return rdev_del_pmksa(rdev, dev, &pmksa);
13175 }
13176
nl80211_flush_pmksa(struct sk_buff * skb,struct genl_info * info)13177 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
13178 {
13179 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13180 struct net_device *dev = info->user_ptr[1];
13181
13182 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13183 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13184 return -EOPNOTSUPP;
13185
13186 if (!rdev->ops->flush_pmksa)
13187 return -EOPNOTSUPP;
13188
13189 return rdev_flush_pmksa(rdev, dev);
13190 }
13191
nl80211_tdls_mgmt(struct sk_buff * skb,struct genl_info * info)13192 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
13193 {
13194 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13195 struct net_device *dev = info->user_ptr[1];
13196 u8 action_code, dialog_token;
13197 u32 peer_capability = 0;
13198 u16 status_code;
13199 u8 *peer;
13200 int link_id;
13201 bool initiator;
13202
13203 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
13204 !rdev->ops->tdls_mgmt)
13205 return -EOPNOTSUPP;
13206
13207 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
13208 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
13209 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
13210 !info->attrs[NL80211_ATTR_IE] ||
13211 !info->attrs[NL80211_ATTR_MAC])
13212 return -EINVAL;
13213
13214 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13215 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
13216 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13217 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
13218 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
13219 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
13220 peer_capability =
13221 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
13222 link_id = nl80211_link_id_or_invalid(info->attrs);
13223
13224 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
13225 dialog_token, status_code, peer_capability,
13226 initiator,
13227 nla_data(info->attrs[NL80211_ATTR_IE]),
13228 nla_len(info->attrs[NL80211_ATTR_IE]));
13229 }
13230
nl80211_tdls_oper(struct sk_buff * skb,struct genl_info * info)13231 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
13232 {
13233 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13234 struct net_device *dev = info->user_ptr[1];
13235 enum nl80211_tdls_operation operation;
13236 u8 *peer;
13237
13238 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
13239 !rdev->ops->tdls_oper)
13240 return -EOPNOTSUPP;
13241
13242 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
13243 !info->attrs[NL80211_ATTR_MAC])
13244 return -EINVAL;
13245
13246 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
13247 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13248
13249 return rdev_tdls_oper(rdev, dev, peer, operation);
13250 }
13251
nl80211_remain_on_channel(struct sk_buff * skb,struct genl_info * info)13252 static int nl80211_remain_on_channel(struct sk_buff *skb,
13253 struct genl_info *info)
13254 {
13255 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13256 unsigned int link_id = nl80211_link_id(info->attrs);
13257 struct wireless_dev *wdev = info->user_ptr[1];
13258 struct cfg80211_chan_def chandef;
13259 struct sk_buff *msg;
13260 void *hdr;
13261 u64 cookie;
13262 u32 duration;
13263 int err;
13264
13265 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
13266 !info->attrs[NL80211_ATTR_DURATION])
13267 return -EINVAL;
13268
13269 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
13270
13271 if (!rdev->ops->remain_on_channel ||
13272 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
13273 return -EOPNOTSUPP;
13274
13275 /*
13276 * We should be on that channel for at least a minimum amount of
13277 * time (10ms) but no longer than the driver supports.
13278 */
13279 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
13280 duration > rdev->wiphy.max_remain_on_channel_duration)
13281 return -EINVAL;
13282
13283 err = nl80211_parse_chandef(rdev, info, &chandef);
13284 if (err)
13285 return err;
13286
13287 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
13288 const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
13289
13290 oper_chandef = wdev_chandef(wdev, link_id);
13291
13292 if (WARN_ON(!oper_chandef)) {
13293 /* cannot happen since we must beacon to get here */
13294 WARN_ON(1);
13295 return -EBUSY;
13296 }
13297
13298 /* note: returns first one if identical chandefs */
13299 compat_chandef = cfg80211_chandef_compatible(&chandef,
13300 oper_chandef);
13301
13302 if (compat_chandef != &chandef)
13303 return -EBUSY;
13304 }
13305
13306 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13307 if (!msg)
13308 return -ENOMEM;
13309
13310 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13311 NL80211_CMD_REMAIN_ON_CHANNEL);
13312 if (!hdr) {
13313 err = -ENOBUFS;
13314 goto free_msg;
13315 }
13316
13317 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
13318 duration, &cookie);
13319
13320 if (err)
13321 goto free_msg;
13322
13323 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13324 NL80211_ATTR_PAD))
13325 goto nla_put_failure;
13326
13327 genlmsg_end(msg, hdr);
13328
13329 return genlmsg_reply(msg, info);
13330
13331 nla_put_failure:
13332 err = -ENOBUFS;
13333 free_msg:
13334 nlmsg_free(msg);
13335 return err;
13336 }
13337
nl80211_cancel_remain_on_channel(struct sk_buff * skb,struct genl_info * info)13338 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
13339 struct genl_info *info)
13340 {
13341 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13342 struct wireless_dev *wdev = info->user_ptr[1];
13343 u64 cookie;
13344
13345 if (!info->attrs[NL80211_ATTR_COOKIE])
13346 return -EINVAL;
13347
13348 if (!rdev->ops->cancel_remain_on_channel)
13349 return -EOPNOTSUPP;
13350
13351 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13352
13353 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
13354 }
13355
nl80211_set_tx_bitrate_mask(struct sk_buff * skb,struct genl_info * info)13356 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
13357 struct genl_info *info)
13358 {
13359 struct cfg80211_bitrate_mask mask;
13360 unsigned int link_id = nl80211_link_id(info->attrs);
13361 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13362 struct net_device *dev = info->user_ptr[1];
13363 int err;
13364
13365 if (!rdev->ops->set_bitrate_mask)
13366 return -EOPNOTSUPP;
13367
13368 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
13369 NL80211_ATTR_TX_RATES, &mask,
13370 dev, true, link_id);
13371 if (err)
13372 return err;
13373
13374 return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
13375 }
13376
nl80211_register_mgmt(struct sk_buff * skb,struct genl_info * info)13377 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
13378 {
13379 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13380 struct wireless_dev *wdev = info->user_ptr[1];
13381 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
13382
13383 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
13384 return -EINVAL;
13385
13386 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
13387 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
13388
13389 switch (wdev->iftype) {
13390 case NL80211_IFTYPE_STATION:
13391 case NL80211_IFTYPE_ADHOC:
13392 case NL80211_IFTYPE_P2P_CLIENT:
13393 case NL80211_IFTYPE_AP:
13394 case NL80211_IFTYPE_AP_VLAN:
13395 case NL80211_IFTYPE_MESH_POINT:
13396 case NL80211_IFTYPE_P2P_GO:
13397 case NL80211_IFTYPE_P2P_DEVICE:
13398 break;
13399 case NL80211_IFTYPE_NAN:
13400 if (!wiphy_ext_feature_isset(wdev->wiphy,
13401 NL80211_EXT_FEATURE_SECURE_NAN))
13402 return -EOPNOTSUPP;
13403 break;
13404 default:
13405 return -EOPNOTSUPP;
13406 }
13407
13408 /* not much point in registering if we can't reply */
13409 if (!rdev->ops->mgmt_tx)
13410 return -EOPNOTSUPP;
13411
13412 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
13413 !wiphy_ext_feature_isset(&rdev->wiphy,
13414 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
13415 GENL_SET_ERR_MSG(info,
13416 "multicast RX registrations are not supported");
13417 return -EOPNOTSUPP;
13418 }
13419
13420 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
13421 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
13422 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
13423 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
13424 info->extack);
13425 }
13426
nl80211_tx_mgmt(struct sk_buff * skb,struct genl_info * info)13427 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
13428 {
13429 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13430 struct wireless_dev *wdev = info->user_ptr[1];
13431 struct cfg80211_chan_def chandef;
13432 int err;
13433 void *hdr = NULL;
13434 u64 cookie;
13435 struct sk_buff *msg = NULL;
13436 struct cfg80211_mgmt_tx_params params = {
13437 .dont_wait_for_ack =
13438 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
13439 };
13440
13441 if (!info->attrs[NL80211_ATTR_FRAME])
13442 return -EINVAL;
13443
13444 if (!rdev->ops->mgmt_tx)
13445 return -EOPNOTSUPP;
13446
13447 switch (wdev->iftype) {
13448 case NL80211_IFTYPE_P2P_DEVICE:
13449 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
13450 return -EINVAL;
13451 break;
13452 case NL80211_IFTYPE_STATION:
13453 case NL80211_IFTYPE_ADHOC:
13454 case NL80211_IFTYPE_P2P_CLIENT:
13455 case NL80211_IFTYPE_AP:
13456 case NL80211_IFTYPE_AP_VLAN:
13457 case NL80211_IFTYPE_MESH_POINT:
13458 case NL80211_IFTYPE_P2P_GO:
13459 break;
13460 case NL80211_IFTYPE_NAN:
13461 if (!wiphy_ext_feature_isset(wdev->wiphy,
13462 NL80211_EXT_FEATURE_SECURE_NAN))
13463 return -EOPNOTSUPP;
13464 break;
13465 default:
13466 return -EOPNOTSUPP;
13467 }
13468
13469 if (info->attrs[NL80211_ATTR_DURATION]) {
13470 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
13471 return -EINVAL;
13472 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
13473
13474 /*
13475 * We should wait on the channel for at least a minimum amount
13476 * of time (10ms) but no longer than the driver supports.
13477 */
13478 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
13479 params.wait > rdev->wiphy.max_remain_on_channel_duration)
13480 return -EINVAL;
13481 }
13482
13483 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
13484
13485 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
13486 return -EINVAL;
13487
13488 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
13489
13490 /* get the channel if any has been specified, otherwise pass NULL to
13491 * the driver. The latter will use the current one
13492 */
13493 chandef.chan = NULL;
13494 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
13495 err = nl80211_parse_chandef(rdev, info, &chandef);
13496 if (err)
13497 return err;
13498 }
13499
13500 if (!chandef.chan && params.offchan)
13501 return -EINVAL;
13502
13503 if (params.offchan &&
13504 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
13505 return -EBUSY;
13506
13507 params.link_id = nl80211_link_id_or_invalid(info->attrs);
13508 /*
13509 * This now races due to the unlock, but we cannot check
13510 * the valid links for the _station_ anyway, so that's up
13511 * to the driver.
13512 */
13513 if (params.link_id >= 0 &&
13514 !(wdev->valid_links & BIT(params.link_id)))
13515 return -EINVAL;
13516
13517 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13518 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13519
13520 err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
13521 info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
13522 ¶ms.csa_offsets,
13523 ¶ms.n_csa_offsets);
13524 if (err)
13525 return err;
13526
13527 if (!params.dont_wait_for_ack) {
13528 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13529 if (!msg)
13530 return -ENOMEM;
13531
13532 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13533 NL80211_CMD_FRAME);
13534 if (!hdr) {
13535 err = -ENOBUFS;
13536 goto free_msg;
13537 }
13538 }
13539
13540 params.chan = chandef.chan;
13541 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
13542 if (err)
13543 goto free_msg;
13544
13545 if (msg) {
13546 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13547 NL80211_ATTR_PAD))
13548 goto nla_put_failure;
13549
13550 genlmsg_end(msg, hdr);
13551 return genlmsg_reply(msg, info);
13552 }
13553
13554 return 0;
13555
13556 nla_put_failure:
13557 err = -ENOBUFS;
13558 free_msg:
13559 nlmsg_free(msg);
13560 return err;
13561 }
13562
nl80211_tx_mgmt_cancel_wait(struct sk_buff * skb,struct genl_info * info)13563 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
13564 {
13565 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13566 struct wireless_dev *wdev = info->user_ptr[1];
13567 u64 cookie;
13568
13569 if (!info->attrs[NL80211_ATTR_COOKIE])
13570 return -EINVAL;
13571
13572 if (!rdev->ops->mgmt_tx_cancel_wait)
13573 return -EOPNOTSUPP;
13574
13575 switch (wdev->iftype) {
13576 case NL80211_IFTYPE_STATION:
13577 case NL80211_IFTYPE_ADHOC:
13578 case NL80211_IFTYPE_P2P_CLIENT:
13579 case NL80211_IFTYPE_AP:
13580 case NL80211_IFTYPE_AP_VLAN:
13581 case NL80211_IFTYPE_P2P_GO:
13582 case NL80211_IFTYPE_P2P_DEVICE:
13583 break;
13584 case NL80211_IFTYPE_NAN:
13585 if (!wiphy_ext_feature_isset(wdev->wiphy,
13586 NL80211_EXT_FEATURE_SECURE_NAN))
13587 return -EOPNOTSUPP;
13588 break;
13589 default:
13590 return -EOPNOTSUPP;
13591 }
13592
13593 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13594
13595 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
13596 }
13597
nl80211_set_power_save(struct sk_buff * skb,struct genl_info * info)13598 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
13599 {
13600 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13601 struct wireless_dev *wdev;
13602 struct net_device *dev = info->user_ptr[1];
13603 u8 ps_state;
13604 bool state;
13605 int err;
13606
13607 if (!info->attrs[NL80211_ATTR_PS_STATE])
13608 return -EINVAL;
13609
13610 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
13611
13612 wdev = dev->ieee80211_ptr;
13613
13614 if (!rdev->ops->set_power_mgmt)
13615 return -EOPNOTSUPP;
13616
13617 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
13618
13619 if (state == wdev->ps)
13620 return 0;
13621
13622 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
13623 if (!err)
13624 wdev->ps = state;
13625 return err;
13626 }
13627
nl80211_get_power_save(struct sk_buff * skb,struct genl_info * info)13628 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
13629 {
13630 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13631 enum nl80211_ps_state ps_state;
13632 struct wireless_dev *wdev;
13633 struct net_device *dev = info->user_ptr[1];
13634 struct sk_buff *msg;
13635 void *hdr;
13636 int err;
13637
13638 wdev = dev->ieee80211_ptr;
13639
13640 if (!rdev->ops->set_power_mgmt)
13641 return -EOPNOTSUPP;
13642
13643 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13644 if (!msg)
13645 return -ENOMEM;
13646
13647 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13648 NL80211_CMD_GET_POWER_SAVE);
13649 if (!hdr) {
13650 err = -ENOBUFS;
13651 goto free_msg;
13652 }
13653
13654 if (wdev->ps)
13655 ps_state = NL80211_PS_ENABLED;
13656 else
13657 ps_state = NL80211_PS_DISABLED;
13658
13659 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
13660 goto nla_put_failure;
13661
13662 genlmsg_end(msg, hdr);
13663 return genlmsg_reply(msg, info);
13664
13665 nla_put_failure:
13666 err = -ENOBUFS;
13667 free_msg:
13668 nlmsg_free(msg);
13669 return err;
13670 }
13671
13672 static const struct nla_policy
13673 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
13674 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
13675 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
13676 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
13677 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
13678 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
13679 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
13680 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
13681 };
13682
nl80211_set_cqm_txe(struct genl_info * info,u32 rate,u32 pkts,u32 intvl)13683 static int nl80211_set_cqm_txe(struct genl_info *info,
13684 u32 rate, u32 pkts, u32 intvl)
13685 {
13686 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13687 struct net_device *dev = info->user_ptr[1];
13688 struct wireless_dev *wdev = dev->ieee80211_ptr;
13689
13690 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
13691 return -EINVAL;
13692
13693 if (!rdev->ops->set_cqm_txe_config)
13694 return -EOPNOTSUPP;
13695
13696 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13697 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13698 return -EOPNOTSUPP;
13699
13700 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
13701 }
13702
cfg80211_cqm_rssi_update(struct cfg80211_registered_device * rdev,struct net_device * dev,struct cfg80211_cqm_config * cqm_config)13703 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
13704 struct net_device *dev,
13705 struct cfg80211_cqm_config *cqm_config)
13706 {
13707 struct wireless_dev *wdev = dev->ieee80211_ptr;
13708 s32 last, low, high;
13709 u32 hyst;
13710 int i, n, low_index;
13711 int err;
13712
13713 /*
13714 * Obtain current RSSI value if possible, if not and no RSSI threshold
13715 * event has been received yet, we should receive an event after a
13716 * connection is established and enough beacons received to calculate
13717 * the average.
13718 */
13719 if (!cqm_config->last_rssi_event_value &&
13720 wdev->links[0].client.current_bss &&
13721 rdev->ops->get_station) {
13722 struct station_info sinfo = {};
13723 u8 *mac_addr;
13724
13725 mac_addr = wdev->links[0].client.current_bss->pub.bssid;
13726
13727 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
13728 if (err)
13729 return err;
13730
13731 cfg80211_sinfo_release_content(&sinfo);
13732 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
13733 cqm_config->last_rssi_event_value =
13734 (s8) sinfo.rx_beacon_signal_avg;
13735 }
13736
13737 last = cqm_config->last_rssi_event_value;
13738 hyst = cqm_config->rssi_hyst;
13739 n = cqm_config->n_rssi_thresholds;
13740
13741 for (i = 0; i < n; i++) {
13742 i = array_index_nospec(i, n);
13743 if (last < cqm_config->rssi_thresholds[i])
13744 break;
13745 }
13746
13747 low_index = i - 1;
13748 if (low_index >= 0) {
13749 low_index = array_index_nospec(low_index, n);
13750 low = cqm_config->rssi_thresholds[low_index] - hyst;
13751 } else {
13752 low = S32_MIN;
13753 }
13754 if (i < n) {
13755 i = array_index_nospec(i, n);
13756 high = cqm_config->rssi_thresholds[i] + hyst - 1;
13757 } else {
13758 high = S32_MAX;
13759 }
13760
13761 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
13762 }
13763
nl80211_set_cqm_rssi(struct genl_info * info,const s32 * thresholds,int n_thresholds,u32 hysteresis)13764 static int nl80211_set_cqm_rssi(struct genl_info *info,
13765 const s32 *thresholds, int n_thresholds,
13766 u32 hysteresis)
13767 {
13768 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13769 struct cfg80211_cqm_config *cqm_config = NULL, *old;
13770 struct net_device *dev = info->user_ptr[1];
13771 struct wireless_dev *wdev = dev->ieee80211_ptr;
13772 s32 prev = S32_MIN;
13773 int i, err;
13774
13775 /* Check all values negative and sorted */
13776 for (i = 0; i < n_thresholds; i++) {
13777 if (thresholds[i] > 0 || thresholds[i] <= prev)
13778 return -EINVAL;
13779
13780 prev = thresholds[i];
13781 }
13782
13783 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13784 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13785 return -EOPNOTSUPP;
13786
13787 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
13788 n_thresholds = 0;
13789
13790 old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
13791
13792 /* if already disabled just succeed */
13793 if (!n_thresholds && !old)
13794 return 0;
13795
13796 if (n_thresholds > 1) {
13797 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13798 NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
13799 !rdev->ops->set_cqm_rssi_range_config)
13800 return -EOPNOTSUPP;
13801 } else {
13802 if (!rdev->ops->set_cqm_rssi_config)
13803 return -EOPNOTSUPP;
13804 }
13805
13806 if (n_thresholds) {
13807 cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds,
13808 n_thresholds),
13809 GFP_KERNEL);
13810 if (!cqm_config)
13811 return -ENOMEM;
13812
13813 cqm_config->rssi_hyst = hysteresis;
13814 cqm_config->n_rssi_thresholds = n_thresholds;
13815 memcpy(cqm_config->rssi_thresholds, thresholds,
13816 flex_array_size(cqm_config, rssi_thresholds,
13817 n_thresholds));
13818 cqm_config->use_range_api = n_thresholds > 1 ||
13819 !rdev->ops->set_cqm_rssi_config;
13820
13821 rcu_assign_pointer(wdev->cqm_config, cqm_config);
13822
13823 if (cqm_config->use_range_api)
13824 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
13825 else
13826 err = rdev_set_cqm_rssi_config(rdev, dev,
13827 thresholds[0],
13828 hysteresis);
13829 } else {
13830 RCU_INIT_POINTER(wdev->cqm_config, NULL);
13831 /* if enabled as range also disable via range */
13832 if (old->use_range_api)
13833 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
13834 else
13835 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
13836 }
13837
13838 if (err) {
13839 rcu_assign_pointer(wdev->cqm_config, old);
13840 kfree_rcu(cqm_config, rcu_head);
13841 } else {
13842 kfree_rcu(old, rcu_head);
13843 }
13844
13845 return err;
13846 }
13847
nl80211_set_cqm(struct sk_buff * skb,struct genl_info * info)13848 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
13849 {
13850 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
13851 struct nlattr *cqm;
13852 int err;
13853
13854 cqm = info->attrs[NL80211_ATTR_CQM];
13855 if (!cqm)
13856 return -EINVAL;
13857
13858 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
13859 nl80211_attr_cqm_policy,
13860 info->extack);
13861 if (err)
13862 return err;
13863
13864 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
13865 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
13866 const s32 *thresholds =
13867 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13868 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13869 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
13870
13871 if (len % 4)
13872 return -EINVAL;
13873
13874 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
13875 hysteresis);
13876 }
13877
13878 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
13879 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
13880 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
13881 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
13882 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
13883 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
13884
13885 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
13886 }
13887
13888 return -EINVAL;
13889 }
13890
nl80211_join_ocb(struct sk_buff * skb,struct genl_info * info)13891 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
13892 {
13893 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13894 struct net_device *dev = info->user_ptr[1];
13895 struct ocb_setup setup = {};
13896 int err;
13897
13898 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13899 if (err)
13900 return err;
13901
13902 return cfg80211_join_ocb(rdev, dev, &setup);
13903 }
13904
nl80211_leave_ocb(struct sk_buff * skb,struct genl_info * info)13905 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
13906 {
13907 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13908 struct net_device *dev = info->user_ptr[1];
13909
13910 return cfg80211_leave_ocb(rdev, dev);
13911 }
13912
nl80211_join_mesh(struct sk_buff * skb,struct genl_info * info)13913 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
13914 {
13915 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13916 struct net_device *dev = info->user_ptr[1];
13917 struct mesh_config cfg;
13918 struct mesh_setup setup;
13919 int err;
13920
13921 /* start with default */
13922 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
13923 memcpy(&setup, &default_mesh_setup, sizeof(setup));
13924
13925 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
13926 /* and parse parameters if given */
13927 err = nl80211_parse_mesh_config(info, &cfg, NULL);
13928 if (err)
13929 return err;
13930 }
13931
13932 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
13933 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
13934 return -EINVAL;
13935
13936 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
13937 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
13938
13939 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
13940 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
13941 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
13942 return -EINVAL;
13943
13944 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
13945 setup.beacon_interval =
13946 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
13947
13948 err = cfg80211_validate_beacon_int(rdev,
13949 NL80211_IFTYPE_MESH_POINT,
13950 setup.beacon_interval);
13951 if (err)
13952 return err;
13953 }
13954
13955 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
13956 setup.dtim_period =
13957 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
13958 if (setup.dtim_period < 1 || setup.dtim_period > 100)
13959 return -EINVAL;
13960 }
13961
13962 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
13963 /* parse additional setup parameters if given */
13964 err = nl80211_parse_mesh_setup(info, &setup);
13965 if (err)
13966 return err;
13967 }
13968
13969 if (setup.user_mpm)
13970 cfg.auto_open_plinks = false;
13971
13972 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
13973 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13974 if (err)
13975 return err;
13976 } else {
13977 /* __cfg80211_join_mesh() will sort it out */
13978 setup.chandef.chan = NULL;
13979 }
13980
13981 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
13982 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13983 int n_rates =
13984 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13985 struct ieee80211_supported_band *sband;
13986
13987 if (!setup.chandef.chan)
13988 return -EINVAL;
13989
13990 sband = rdev->wiphy.bands[setup.chandef.chan->band];
13991
13992 err = ieee80211_get_ratemask(sband, rates, n_rates,
13993 &setup.basic_rates);
13994 if (err)
13995 return err;
13996 }
13997
13998 if (info->attrs[NL80211_ATTR_TX_RATES]) {
13999 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
14000 NL80211_ATTR_TX_RATES,
14001 &setup.beacon_rate,
14002 dev, false, 0);
14003 if (err)
14004 return err;
14005
14006 if (!setup.chandef.chan)
14007 return -EINVAL;
14008
14009 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
14010 &setup.beacon_rate);
14011 if (err)
14012 return err;
14013 }
14014
14015 setup.userspace_handles_dfs =
14016 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
14017
14018 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
14019 int r = validate_pae_over_nl80211(rdev, info);
14020
14021 if (r < 0)
14022 return r;
14023
14024 setup.control_port_over_nl80211 = true;
14025 }
14026
14027 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
14028 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
14029 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
14030
14031 return err;
14032 }
14033
nl80211_leave_mesh(struct sk_buff * skb,struct genl_info * info)14034 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
14035 {
14036 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14037 struct net_device *dev = info->user_ptr[1];
14038
14039 return cfg80211_leave_mesh(rdev, dev);
14040 }
14041
14042 #ifdef CONFIG_PM
nl80211_send_wowlan_patterns(struct sk_buff * msg,struct cfg80211_registered_device * rdev)14043 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
14044 struct cfg80211_registered_device *rdev)
14045 {
14046 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
14047 struct nlattr *nl_pats, *nl_pat;
14048 int i, pat_len;
14049
14050 if (!wowlan->n_patterns)
14051 return 0;
14052
14053 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
14054 if (!nl_pats)
14055 return -ENOBUFS;
14056
14057 for (i = 0; i < wowlan->n_patterns; i++) {
14058 nl_pat = nla_nest_start_noflag(msg, i + 1);
14059 if (!nl_pat)
14060 return -ENOBUFS;
14061 pat_len = wowlan->patterns[i].pattern_len;
14062 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
14063 wowlan->patterns[i].mask) ||
14064 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
14065 wowlan->patterns[i].pattern) ||
14066 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
14067 wowlan->patterns[i].pkt_offset))
14068 return -ENOBUFS;
14069 nla_nest_end(msg, nl_pat);
14070 }
14071 nla_nest_end(msg, nl_pats);
14072
14073 return 0;
14074 }
14075
nl80211_send_wowlan_tcp(struct sk_buff * msg,struct cfg80211_wowlan_tcp * tcp)14076 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
14077 struct cfg80211_wowlan_tcp *tcp)
14078 {
14079 struct nlattr *nl_tcp;
14080
14081 if (!tcp)
14082 return 0;
14083
14084 nl_tcp = nla_nest_start_noflag(msg,
14085 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
14086 if (!nl_tcp)
14087 return -ENOBUFS;
14088
14089 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
14090 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
14091 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
14092 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
14093 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
14094 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
14095 tcp->payload_len, tcp->payload) ||
14096 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
14097 tcp->data_interval) ||
14098 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
14099 tcp->wake_len, tcp->wake_data) ||
14100 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
14101 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
14102 return -ENOBUFS;
14103
14104 if (tcp->payload_seq.len &&
14105 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
14106 sizeof(tcp->payload_seq), &tcp->payload_seq))
14107 return -ENOBUFS;
14108
14109 if (tcp->payload_tok.len &&
14110 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
14111 sizeof(tcp->payload_tok) + tcp->tokens_size,
14112 &tcp->payload_tok))
14113 return -ENOBUFS;
14114
14115 nla_nest_end(msg, nl_tcp);
14116
14117 return 0;
14118 }
14119
nl80211_send_wowlan_nd(struct sk_buff * msg,struct cfg80211_sched_scan_request * req)14120 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
14121 struct cfg80211_sched_scan_request *req)
14122 {
14123 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
14124 int i;
14125
14126 if (!req)
14127 return 0;
14128
14129 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
14130 if (!nd)
14131 return -ENOBUFS;
14132
14133 if (req->n_scan_plans == 1 &&
14134 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
14135 req->scan_plans[0].interval * 1000))
14136 return -ENOBUFS;
14137
14138 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
14139 return -ENOBUFS;
14140
14141 if (req->relative_rssi_set) {
14142 struct nl80211_bss_select_rssi_adjust rssi_adjust;
14143
14144 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
14145 req->relative_rssi))
14146 return -ENOBUFS;
14147
14148 rssi_adjust.band = req->rssi_adjust.band;
14149 rssi_adjust.delta = req->rssi_adjust.delta;
14150 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
14151 sizeof(rssi_adjust), &rssi_adjust))
14152 return -ENOBUFS;
14153 }
14154
14155 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14156 if (!freqs)
14157 return -ENOBUFS;
14158
14159 for (i = 0; i < req->n_channels; i++) {
14160 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14161 return -ENOBUFS;
14162 }
14163
14164 nla_nest_end(msg, freqs);
14165
14166 if (req->n_match_sets) {
14167 matches = nla_nest_start_noflag(msg,
14168 NL80211_ATTR_SCHED_SCAN_MATCH);
14169 if (!matches)
14170 return -ENOBUFS;
14171
14172 for (i = 0; i < req->n_match_sets; i++) {
14173 match = nla_nest_start_noflag(msg, i);
14174 if (!match)
14175 return -ENOBUFS;
14176
14177 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
14178 req->match_sets[i].ssid.ssid_len,
14179 req->match_sets[i].ssid.ssid))
14180 return -ENOBUFS;
14181 nla_nest_end(msg, match);
14182 }
14183 nla_nest_end(msg, matches);
14184 }
14185
14186 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
14187 if (!scan_plans)
14188 return -ENOBUFS;
14189
14190 for (i = 0; i < req->n_scan_plans; i++) {
14191 scan_plan = nla_nest_start_noflag(msg, i + 1);
14192 if (!scan_plan)
14193 return -ENOBUFS;
14194
14195 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
14196 req->scan_plans[i].interval) ||
14197 (req->scan_plans[i].iterations &&
14198 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
14199 req->scan_plans[i].iterations)))
14200 return -ENOBUFS;
14201 nla_nest_end(msg, scan_plan);
14202 }
14203 nla_nest_end(msg, scan_plans);
14204
14205 nla_nest_end(msg, nd);
14206
14207 return 0;
14208 }
14209
nl80211_get_wowlan(struct sk_buff * skb,struct genl_info * info)14210 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
14211 {
14212 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14213 struct sk_buff *msg;
14214 void *hdr;
14215 u32 size = NLMSG_DEFAULT_SIZE;
14216
14217 if (!rdev->wiphy.wowlan)
14218 return -EOPNOTSUPP;
14219
14220 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
14221 /* adjust size to have room for all the data */
14222 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
14223 rdev->wiphy.wowlan_config->tcp->payload_len +
14224 rdev->wiphy.wowlan_config->tcp->wake_len +
14225 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
14226 }
14227
14228 msg = nlmsg_new(size, GFP_KERNEL);
14229 if (!msg)
14230 return -ENOMEM;
14231
14232 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14233 NL80211_CMD_GET_WOWLAN);
14234 if (!hdr)
14235 goto nla_put_failure;
14236
14237 if (rdev->wiphy.wowlan_config) {
14238 struct nlattr *nl_wowlan;
14239
14240 nl_wowlan = nla_nest_start_noflag(msg,
14241 NL80211_ATTR_WOWLAN_TRIGGERS);
14242 if (!nl_wowlan)
14243 goto nla_put_failure;
14244
14245 if ((rdev->wiphy.wowlan_config->any &&
14246 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
14247 (rdev->wiphy.wowlan_config->disconnect &&
14248 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
14249 (rdev->wiphy.wowlan_config->magic_pkt &&
14250 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
14251 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
14252 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
14253 (rdev->wiphy.wowlan_config->eap_identity_req &&
14254 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
14255 (rdev->wiphy.wowlan_config->four_way_handshake &&
14256 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
14257 (rdev->wiphy.wowlan_config->rfkill_release &&
14258 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
14259 goto nla_put_failure;
14260
14261 if (nl80211_send_wowlan_patterns(msg, rdev))
14262 goto nla_put_failure;
14263
14264 if (nl80211_send_wowlan_tcp(msg,
14265 rdev->wiphy.wowlan_config->tcp))
14266 goto nla_put_failure;
14267
14268 if (nl80211_send_wowlan_nd(
14269 msg,
14270 rdev->wiphy.wowlan_config->nd_config))
14271 goto nla_put_failure;
14272
14273 nla_nest_end(msg, nl_wowlan);
14274 }
14275
14276 genlmsg_end(msg, hdr);
14277 return genlmsg_reply(msg, info);
14278
14279 nla_put_failure:
14280 nlmsg_free(msg);
14281 return -ENOBUFS;
14282 }
14283
nl80211_parse_wowlan_tcp(struct cfg80211_registered_device * rdev,struct nlattr * attr,struct cfg80211_wowlan * trig)14284 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
14285 struct nlattr *attr,
14286 struct cfg80211_wowlan *trig)
14287 {
14288 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
14289 struct cfg80211_wowlan_tcp *cfg;
14290 struct nl80211_wowlan_tcp_data_token *tok = NULL;
14291 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
14292 u32 size;
14293 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
14294 int err, port;
14295
14296 if (!rdev->wiphy.wowlan->tcp)
14297 return -EINVAL;
14298
14299 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
14300 nl80211_wowlan_tcp_policy, NULL);
14301 if (err)
14302 return err;
14303
14304 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
14305 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
14306 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
14307 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
14308 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
14309 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
14310 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
14311 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
14312 return -EINVAL;
14313
14314 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
14315 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
14316 return -EINVAL;
14317
14318 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
14319 rdev->wiphy.wowlan->tcp->data_interval_max ||
14320 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
14321 return -EINVAL;
14322
14323 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
14324 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
14325 return -EINVAL;
14326
14327 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
14328 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
14329 return -EINVAL;
14330
14331 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
14332 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
14333
14334 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
14335 tokens_size = tokln - sizeof(*tok);
14336
14337 if (!tok->len || tokens_size % tok->len)
14338 return -EINVAL;
14339 if (!rdev->wiphy.wowlan->tcp->tok)
14340 return -EINVAL;
14341 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
14342 return -EINVAL;
14343 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
14344 return -EINVAL;
14345 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
14346 return -EINVAL;
14347 if (tok->offset + tok->len > data_size)
14348 return -EINVAL;
14349 }
14350
14351 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
14352 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
14353 if (!rdev->wiphy.wowlan->tcp->seq)
14354 return -EINVAL;
14355 if (seq->len == 0 || seq->len > 4)
14356 return -EINVAL;
14357 if (seq->len + seq->offset > data_size)
14358 return -EINVAL;
14359 }
14360
14361 size = sizeof(*cfg);
14362 size += data_size;
14363 size += wake_size + wake_mask_size;
14364 size += tokens_size;
14365
14366 cfg = kzalloc(size, GFP_KERNEL);
14367 if (!cfg)
14368 return -ENOMEM;
14369 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
14370 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
14371 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
14372 ETH_ALEN);
14373 port = nla_get_u16_default(tb[NL80211_WOWLAN_TCP_SRC_PORT], 0);
14374 #ifdef CONFIG_INET
14375 /* allocate a socket and port for it and use it */
14376 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
14377 IPPROTO_TCP, &cfg->sock, 1);
14378 if (err) {
14379 kfree(cfg);
14380 return err;
14381 }
14382 if (inet_csk_get_port(cfg->sock->sk, port)) {
14383 sock_release(cfg->sock);
14384 kfree(cfg);
14385 return -EADDRINUSE;
14386 }
14387 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
14388 #else
14389 if (!port) {
14390 kfree(cfg);
14391 return -EINVAL;
14392 }
14393 cfg->src_port = port;
14394 #endif
14395
14396 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
14397 cfg->payload_len = data_size;
14398 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
14399 memcpy((void *)cfg->payload,
14400 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
14401 data_size);
14402 if (seq)
14403 cfg->payload_seq = *seq;
14404 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
14405 cfg->wake_len = wake_size;
14406 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
14407 memcpy((void *)cfg->wake_data,
14408 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
14409 wake_size);
14410 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
14411 data_size + wake_size;
14412 memcpy((void *)cfg->wake_mask,
14413 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
14414 wake_mask_size);
14415 if (tok) {
14416 cfg->tokens_size = tokens_size;
14417 cfg->payload_tok = *tok;
14418 memcpy(cfg->payload_tok.token_stream, tok->token_stream,
14419 tokens_size);
14420 }
14421
14422 trig->tcp = cfg;
14423
14424 return 0;
14425 }
14426
nl80211_parse_wowlan_nd(struct cfg80211_registered_device * rdev,const struct wiphy_wowlan_support * wowlan,struct nlattr * attr,struct cfg80211_wowlan * trig)14427 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
14428 const struct wiphy_wowlan_support *wowlan,
14429 struct nlattr *attr,
14430 struct cfg80211_wowlan *trig)
14431 {
14432 struct nlattr **tb;
14433 int err;
14434
14435 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
14436 if (!tb)
14437 return -ENOMEM;
14438
14439 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
14440 err = -EOPNOTSUPP;
14441 goto out;
14442 }
14443
14444 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
14445 nl80211_policy, NULL);
14446 if (err)
14447 goto out;
14448
14449 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
14450 wowlan->max_nd_match_sets);
14451 err = PTR_ERR_OR_ZERO(trig->nd_config);
14452 if (err)
14453 trig->nd_config = NULL;
14454
14455 out:
14456 kfree(tb);
14457 return err;
14458 }
14459
nl80211_set_wowlan(struct sk_buff * skb,struct genl_info * info)14460 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
14461 {
14462 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14463 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
14464 struct cfg80211_wowlan new_triggers = {};
14465 struct cfg80211_wowlan *ntrig;
14466 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
14467 int err, i;
14468 bool prev_enabled = rdev->wiphy.wowlan_config;
14469 bool regular = false;
14470
14471 if (!wowlan)
14472 return -EOPNOTSUPP;
14473
14474 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
14475 cfg80211_rdev_free_wowlan(rdev);
14476 rdev->wiphy.wowlan_config = NULL;
14477 goto set_wakeup;
14478 }
14479
14480 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
14481 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
14482 nl80211_wowlan_policy, info->extack);
14483 if (err)
14484 return err;
14485
14486 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
14487 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
14488 return -EINVAL;
14489 new_triggers.any = true;
14490 }
14491
14492 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
14493 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
14494 return -EINVAL;
14495 new_triggers.disconnect = true;
14496 regular = true;
14497 }
14498
14499 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
14500 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
14501 return -EINVAL;
14502 new_triggers.magic_pkt = true;
14503 regular = true;
14504 }
14505
14506 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
14507 return -EINVAL;
14508
14509 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
14510 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
14511 return -EINVAL;
14512 new_triggers.gtk_rekey_failure = true;
14513 regular = true;
14514 }
14515
14516 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
14517 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
14518 return -EINVAL;
14519 new_triggers.eap_identity_req = true;
14520 regular = true;
14521 }
14522
14523 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
14524 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
14525 return -EINVAL;
14526 new_triggers.four_way_handshake = true;
14527 regular = true;
14528 }
14529
14530 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
14531 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
14532 return -EINVAL;
14533 new_triggers.rfkill_release = true;
14534 regular = true;
14535 }
14536
14537 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
14538 struct nlattr *pat;
14539 int n_patterns = 0;
14540 int rem, pat_len, mask_len, pkt_offset;
14541 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
14542
14543 regular = true;
14544
14545 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
14546 rem)
14547 n_patterns++;
14548 if (n_patterns > wowlan->n_patterns)
14549 return -EINVAL;
14550
14551 new_triggers.patterns = kcalloc(n_patterns,
14552 sizeof(new_triggers.patterns[0]),
14553 GFP_KERNEL);
14554 if (!new_triggers.patterns)
14555 return -ENOMEM;
14556
14557 new_triggers.n_patterns = n_patterns;
14558 i = 0;
14559
14560 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
14561 rem) {
14562 u8 *mask_pat;
14563
14564 err = nla_parse_nested_deprecated(pat_tb,
14565 MAX_NL80211_PKTPAT,
14566 pat,
14567 nl80211_packet_pattern_policy,
14568 info->extack);
14569 if (err)
14570 goto error;
14571
14572 err = -EINVAL;
14573 if (!pat_tb[NL80211_PKTPAT_MASK] ||
14574 !pat_tb[NL80211_PKTPAT_PATTERN])
14575 goto error;
14576 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
14577 mask_len = DIV_ROUND_UP(pat_len, 8);
14578 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
14579 goto error;
14580 if (pat_len > wowlan->pattern_max_len ||
14581 pat_len < wowlan->pattern_min_len)
14582 goto error;
14583
14584 pkt_offset =
14585 nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
14586 0);
14587 if (pkt_offset > wowlan->max_pkt_offset)
14588 goto error;
14589 new_triggers.patterns[i].pkt_offset = pkt_offset;
14590
14591 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
14592 if (!mask_pat) {
14593 err = -ENOMEM;
14594 goto error;
14595 }
14596 new_triggers.patterns[i].mask = mask_pat;
14597 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
14598 mask_len);
14599 mask_pat += mask_len;
14600 new_triggers.patterns[i].pattern = mask_pat;
14601 new_triggers.patterns[i].pattern_len = pat_len;
14602 memcpy(mask_pat,
14603 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
14604 pat_len);
14605 i++;
14606 }
14607 }
14608
14609 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
14610 regular = true;
14611 err = nl80211_parse_wowlan_tcp(
14612 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
14613 &new_triggers);
14614 if (err)
14615 goto error;
14616 }
14617
14618 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
14619 regular = true;
14620 err = nl80211_parse_wowlan_nd(
14621 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
14622 &new_triggers);
14623 if (err)
14624 goto error;
14625 }
14626
14627 /* The 'any' trigger means the device continues operating more or less
14628 * as in its normal operation mode and wakes up the host on most of the
14629 * normal interrupts (like packet RX, ...)
14630 * It therefore makes little sense to combine with the more constrained
14631 * wakeup trigger modes.
14632 */
14633 if (new_triggers.any && regular) {
14634 err = -EINVAL;
14635 goto error;
14636 }
14637
14638 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
14639 if (!ntrig) {
14640 err = -ENOMEM;
14641 goto error;
14642 }
14643 cfg80211_rdev_free_wowlan(rdev);
14644 rdev->wiphy.wowlan_config = ntrig;
14645
14646 set_wakeup:
14647 if (rdev->ops->set_wakeup &&
14648 prev_enabled != !!rdev->wiphy.wowlan_config)
14649 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
14650
14651 return 0;
14652 error:
14653 for (i = 0; i < new_triggers.n_patterns; i++)
14654 kfree(new_triggers.patterns[i].mask);
14655 kfree(new_triggers.patterns);
14656 if (new_triggers.tcp && new_triggers.tcp->sock)
14657 sock_release(new_triggers.tcp->sock);
14658 kfree(new_triggers.tcp);
14659 kfree(new_triggers.nd_config);
14660 return err;
14661 }
14662 #endif
14663
nl80211_send_coalesce_rules(struct sk_buff * msg,struct cfg80211_registered_device * rdev)14664 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
14665 struct cfg80211_registered_device *rdev)
14666 {
14667 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
14668 int i, j, pat_len;
14669 struct cfg80211_coalesce_rules *rule;
14670
14671 if (!rdev->coalesce->n_rules)
14672 return 0;
14673
14674 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
14675 if (!nl_rules)
14676 return -ENOBUFS;
14677
14678 for (i = 0; i < rdev->coalesce->n_rules; i++) {
14679 nl_rule = nla_nest_start_noflag(msg, i + 1);
14680 if (!nl_rule)
14681 return -ENOBUFS;
14682
14683 rule = &rdev->coalesce->rules[i];
14684 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
14685 rule->delay))
14686 return -ENOBUFS;
14687
14688 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
14689 rule->condition))
14690 return -ENOBUFS;
14691
14692 nl_pats = nla_nest_start_noflag(msg,
14693 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
14694 if (!nl_pats)
14695 return -ENOBUFS;
14696
14697 for (j = 0; j < rule->n_patterns; j++) {
14698 nl_pat = nla_nest_start_noflag(msg, j + 1);
14699 if (!nl_pat)
14700 return -ENOBUFS;
14701 pat_len = rule->patterns[j].pattern_len;
14702 if (nla_put(msg, NL80211_PKTPAT_MASK,
14703 DIV_ROUND_UP(pat_len, 8),
14704 rule->patterns[j].mask) ||
14705 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
14706 rule->patterns[j].pattern) ||
14707 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
14708 rule->patterns[j].pkt_offset))
14709 return -ENOBUFS;
14710 nla_nest_end(msg, nl_pat);
14711 }
14712 nla_nest_end(msg, nl_pats);
14713 nla_nest_end(msg, nl_rule);
14714 }
14715 nla_nest_end(msg, nl_rules);
14716
14717 return 0;
14718 }
14719
nl80211_get_coalesce(struct sk_buff * skb,struct genl_info * info)14720 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
14721 {
14722 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14723 struct sk_buff *msg;
14724 void *hdr;
14725
14726 if (!rdev->wiphy.coalesce)
14727 return -EOPNOTSUPP;
14728
14729 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14730 if (!msg)
14731 return -ENOMEM;
14732
14733 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14734 NL80211_CMD_GET_COALESCE);
14735 if (!hdr)
14736 goto nla_put_failure;
14737
14738 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
14739 goto nla_put_failure;
14740
14741 genlmsg_end(msg, hdr);
14742 return genlmsg_reply(msg, info);
14743
14744 nla_put_failure:
14745 nlmsg_free(msg);
14746 return -ENOBUFS;
14747 }
14748
cfg80211_free_coalesce(struct cfg80211_coalesce * coalesce)14749 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce)
14750 {
14751 int i, j;
14752 struct cfg80211_coalesce_rules *rule;
14753
14754 if (!coalesce)
14755 return;
14756
14757 for (i = 0; i < coalesce->n_rules; i++) {
14758 rule = &coalesce->rules[i];
14759 for (j = 0; j < rule->n_patterns; j++)
14760 kfree(rule->patterns[j].mask);
14761 kfree(rule->patterns);
14762 }
14763 kfree(coalesce);
14764 }
14765
nl80211_parse_coalesce_rule(struct cfg80211_registered_device * rdev,struct nlattr * rule,struct cfg80211_coalesce_rules * new_rule)14766 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
14767 struct nlattr *rule,
14768 struct cfg80211_coalesce_rules *new_rule)
14769 {
14770 int err, i;
14771 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14772 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
14773 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
14774 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
14775
14776 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
14777 rule, nl80211_coalesce_policy, NULL);
14778 if (err)
14779 return err;
14780
14781 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
14782 new_rule->delay =
14783 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
14784 if (new_rule->delay > coalesce->max_delay)
14785 return -EINVAL;
14786
14787 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
14788 new_rule->condition =
14789 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
14790
14791 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
14792 return -EINVAL;
14793
14794 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14795 rem)
14796 n_patterns++;
14797 if (n_patterns > coalesce->n_patterns)
14798 return -EINVAL;
14799
14800 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
14801 GFP_KERNEL);
14802 if (!new_rule->patterns)
14803 return -ENOMEM;
14804
14805 new_rule->n_patterns = n_patterns;
14806 i = 0;
14807
14808 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14809 rem) {
14810 u8 *mask_pat;
14811
14812 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
14813 pat,
14814 nl80211_packet_pattern_policy,
14815 NULL);
14816 if (err)
14817 return err;
14818
14819 if (!pat_tb[NL80211_PKTPAT_MASK] ||
14820 !pat_tb[NL80211_PKTPAT_PATTERN])
14821 return -EINVAL;
14822 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
14823 mask_len = DIV_ROUND_UP(pat_len, 8);
14824 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
14825 return -EINVAL;
14826 if (pat_len > coalesce->pattern_max_len ||
14827 pat_len < coalesce->pattern_min_len)
14828 return -EINVAL;
14829
14830 pkt_offset = nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
14831 0);
14832 if (pkt_offset > coalesce->max_pkt_offset)
14833 return -EINVAL;
14834 new_rule->patterns[i].pkt_offset = pkt_offset;
14835
14836 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
14837 if (!mask_pat)
14838 return -ENOMEM;
14839
14840 new_rule->patterns[i].mask = mask_pat;
14841 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
14842 mask_len);
14843
14844 mask_pat += mask_len;
14845 new_rule->patterns[i].pattern = mask_pat;
14846 new_rule->patterns[i].pattern_len = pat_len;
14847 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
14848 pat_len);
14849 i++;
14850 }
14851
14852 return 0;
14853 }
14854
nl80211_set_coalesce(struct sk_buff * skb,struct genl_info * info)14855 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
14856 {
14857 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14858 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14859 struct cfg80211_coalesce *new_coalesce;
14860 int err, rem_rule, n_rules = 0, i;
14861 struct nlattr *rule;
14862
14863 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
14864 return -EOPNOTSUPP;
14865
14866 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
14867 cfg80211_free_coalesce(rdev->coalesce);
14868 rdev->coalesce = NULL;
14869 rdev_set_coalesce(rdev, NULL);
14870 return 0;
14871 }
14872
14873 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14874 rem_rule)
14875 n_rules++;
14876 if (n_rules > coalesce->n_rules)
14877 return -EINVAL;
14878
14879 new_coalesce = kzalloc(struct_size(new_coalesce, rules, n_rules),
14880 GFP_KERNEL);
14881 if (!new_coalesce)
14882 return -ENOMEM;
14883
14884 new_coalesce->n_rules = n_rules;
14885 i = 0;
14886
14887 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14888 rem_rule) {
14889 err = nl80211_parse_coalesce_rule(rdev, rule,
14890 &new_coalesce->rules[i]);
14891 if (err)
14892 goto error;
14893
14894 i++;
14895 }
14896
14897 err = rdev_set_coalesce(rdev, new_coalesce);
14898 if (err)
14899 goto error;
14900
14901 cfg80211_free_coalesce(rdev->coalesce);
14902 rdev->coalesce = new_coalesce;
14903
14904 return 0;
14905 error:
14906 cfg80211_free_coalesce(new_coalesce);
14907
14908 return err;
14909 }
14910
nl80211_set_rekey_data(struct sk_buff * skb,struct genl_info * info)14911 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
14912 {
14913 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14914 struct net_device *dev = info->user_ptr[1];
14915 struct wireless_dev *wdev = dev->ieee80211_ptr;
14916 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
14917 struct cfg80211_gtk_rekey_data rekey_data = {};
14918 int err;
14919
14920 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
14921 return -EINVAL;
14922
14923 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
14924 info->attrs[NL80211_ATTR_REKEY_DATA],
14925 nl80211_rekey_policy, info->extack);
14926 if (err)
14927 return err;
14928
14929 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
14930 !tb[NL80211_REKEY_DATA_KCK])
14931 return -EINVAL;
14932 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
14933 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14934 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
14935 return -ERANGE;
14936 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
14937 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14938 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
14939 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
14940 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
14941 return -ERANGE;
14942
14943 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
14944 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
14945 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
14946 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
14947 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
14948 if (tb[NL80211_REKEY_DATA_AKM])
14949 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
14950
14951 if (!wdev->connected)
14952 return -ENOTCONN;
14953
14954 if (!rdev->ops->set_rekey_data)
14955 return -EOPNOTSUPP;
14956
14957 return rdev_set_rekey_data(rdev, dev, &rekey_data);
14958 }
14959
nl80211_register_unexpected_frame(struct sk_buff * skb,struct genl_info * info)14960 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
14961 struct genl_info *info)
14962 {
14963 struct net_device *dev = info->user_ptr[1];
14964 struct wireless_dev *wdev = dev->ieee80211_ptr;
14965
14966 if (wdev->iftype != NL80211_IFTYPE_AP &&
14967 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14968 return -EINVAL;
14969
14970 if (wdev->ap_unexpected_nlportid)
14971 return -EBUSY;
14972
14973 wdev->ap_unexpected_nlportid = info->snd_portid;
14974 return 0;
14975 }
14976
nl80211_probe_client(struct sk_buff * skb,struct genl_info * info)14977 static int nl80211_probe_client(struct sk_buff *skb,
14978 struct genl_info *info)
14979 {
14980 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14981 struct net_device *dev = info->user_ptr[1];
14982 struct wireless_dev *wdev = dev->ieee80211_ptr;
14983 struct sk_buff *msg;
14984 void *hdr;
14985 const u8 *addr;
14986 u64 cookie;
14987 int err;
14988
14989 if (wdev->iftype != NL80211_IFTYPE_AP &&
14990 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14991 return -EOPNOTSUPP;
14992
14993 if (!info->attrs[NL80211_ATTR_MAC])
14994 return -EINVAL;
14995
14996 if (!rdev->ops->probe_client)
14997 return -EOPNOTSUPP;
14998
14999 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15000 if (!msg)
15001 return -ENOMEM;
15002
15003 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15004 NL80211_CMD_PROBE_CLIENT);
15005 if (!hdr) {
15006 err = -ENOBUFS;
15007 goto free_msg;
15008 }
15009
15010 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15011
15012 err = rdev_probe_client(rdev, dev, addr, &cookie);
15013 if (err)
15014 goto free_msg;
15015
15016 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15017 NL80211_ATTR_PAD))
15018 goto nla_put_failure;
15019
15020 genlmsg_end(msg, hdr);
15021
15022 return genlmsg_reply(msg, info);
15023
15024 nla_put_failure:
15025 err = -ENOBUFS;
15026 free_msg:
15027 nlmsg_free(msg);
15028 return err;
15029 }
15030
nl80211_register_beacons(struct sk_buff * skb,struct genl_info * info)15031 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
15032 {
15033 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15034 struct cfg80211_beacon_registration *reg, *nreg;
15035 int rv;
15036
15037 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
15038 return -EOPNOTSUPP;
15039
15040 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
15041 if (!nreg)
15042 return -ENOMEM;
15043
15044 /* First, check if already registered. */
15045 spin_lock_bh(&rdev->beacon_registrations_lock);
15046 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
15047 if (reg->nlportid == info->snd_portid) {
15048 rv = -EALREADY;
15049 goto out_err;
15050 }
15051 }
15052 /* Add it to the list */
15053 nreg->nlportid = info->snd_portid;
15054 list_add(&nreg->list, &rdev->beacon_registrations);
15055
15056 spin_unlock_bh(&rdev->beacon_registrations_lock);
15057
15058 return 0;
15059 out_err:
15060 spin_unlock_bh(&rdev->beacon_registrations_lock);
15061 kfree(nreg);
15062 return rv;
15063 }
15064
nl80211_start_p2p_device(struct sk_buff * skb,struct genl_info * info)15065 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
15066 {
15067 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15068 struct wireless_dev *wdev = info->user_ptr[1];
15069 int err;
15070
15071 if (!rdev->ops->start_p2p_device)
15072 return -EOPNOTSUPP;
15073
15074 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
15075 return -EOPNOTSUPP;
15076
15077 if (wdev_running(wdev))
15078 return 0;
15079
15080 if (rfkill_blocked(rdev->wiphy.rfkill))
15081 return -ERFKILL;
15082
15083 err = rdev_start_p2p_device(rdev, wdev);
15084 if (err)
15085 return err;
15086
15087 wdev->is_running = true;
15088 rdev->opencount++;
15089
15090 return 0;
15091 }
15092
nl80211_stop_p2p_device(struct sk_buff * skb,struct genl_info * info)15093 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
15094 {
15095 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15096 struct wireless_dev *wdev = info->user_ptr[1];
15097
15098 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
15099 return -EOPNOTSUPP;
15100
15101 if (!rdev->ops->stop_p2p_device)
15102 return -EOPNOTSUPP;
15103
15104 cfg80211_stop_p2p_device(rdev, wdev);
15105
15106 return 0;
15107 }
15108
nl80211_start_nan(struct sk_buff * skb,struct genl_info * info)15109 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
15110 {
15111 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15112 struct wireless_dev *wdev = info->user_ptr[1];
15113 struct cfg80211_nan_conf conf = {};
15114 int err;
15115
15116 if (wdev->iftype != NL80211_IFTYPE_NAN)
15117 return -EOPNOTSUPP;
15118
15119 if (wdev_running(wdev))
15120 return -EEXIST;
15121
15122 if (rfkill_blocked(rdev->wiphy.rfkill))
15123 return -ERFKILL;
15124
15125 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
15126 return -EINVAL;
15127
15128 conf.master_pref =
15129 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
15130
15131 if (info->attrs[NL80211_ATTR_BANDS]) {
15132 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
15133
15134 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
15135 return -EOPNOTSUPP;
15136
15137 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
15138 return -EINVAL;
15139
15140 conf.bands = bands;
15141 }
15142
15143 err = rdev_start_nan(rdev, wdev, &conf);
15144 if (err)
15145 return err;
15146
15147 wdev->is_running = true;
15148 rdev->opencount++;
15149
15150 return 0;
15151 }
15152
nl80211_stop_nan(struct sk_buff * skb,struct genl_info * info)15153 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
15154 {
15155 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15156 struct wireless_dev *wdev = info->user_ptr[1];
15157
15158 if (wdev->iftype != NL80211_IFTYPE_NAN)
15159 return -EOPNOTSUPP;
15160
15161 cfg80211_stop_nan(rdev, wdev);
15162
15163 return 0;
15164 }
15165
validate_nan_filter(struct nlattr * filter_attr)15166 static int validate_nan_filter(struct nlattr *filter_attr)
15167 {
15168 struct nlattr *attr;
15169 int len = 0, n_entries = 0, rem;
15170
15171 nla_for_each_nested(attr, filter_attr, rem) {
15172 len += nla_len(attr);
15173 n_entries++;
15174 }
15175
15176 if (len >= U8_MAX)
15177 return -EINVAL;
15178
15179 return n_entries;
15180 }
15181
handle_nan_filter(struct nlattr * attr_filter,struct cfg80211_nan_func * func,bool tx)15182 static int handle_nan_filter(struct nlattr *attr_filter,
15183 struct cfg80211_nan_func *func,
15184 bool tx)
15185 {
15186 struct nlattr *attr;
15187 int n_entries, rem, i;
15188 struct cfg80211_nan_func_filter *filter;
15189
15190 n_entries = validate_nan_filter(attr_filter);
15191 if (n_entries < 0)
15192 return n_entries;
15193
15194 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
15195
15196 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
15197 if (!filter)
15198 return -ENOMEM;
15199
15200 i = 0;
15201 nla_for_each_nested(attr, attr_filter, rem) {
15202 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
15203 if (!filter[i].filter)
15204 goto err;
15205
15206 filter[i].len = nla_len(attr);
15207 i++;
15208 }
15209 if (tx) {
15210 func->num_tx_filters = n_entries;
15211 func->tx_filters = filter;
15212 } else {
15213 func->num_rx_filters = n_entries;
15214 func->rx_filters = filter;
15215 }
15216
15217 return 0;
15218
15219 err:
15220 i = 0;
15221 nla_for_each_nested(attr, attr_filter, rem) {
15222 kfree(filter[i].filter);
15223 i++;
15224 }
15225 kfree(filter);
15226 return -ENOMEM;
15227 }
15228
nl80211_nan_add_func(struct sk_buff * skb,struct genl_info * info)15229 static int nl80211_nan_add_func(struct sk_buff *skb,
15230 struct genl_info *info)
15231 {
15232 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15233 struct wireless_dev *wdev = info->user_ptr[1];
15234 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
15235 struct cfg80211_nan_func *func;
15236 struct sk_buff *msg = NULL;
15237 void *hdr = NULL;
15238 int err = 0;
15239
15240 if (wdev->iftype != NL80211_IFTYPE_NAN)
15241 return -EOPNOTSUPP;
15242
15243 if (!wdev_running(wdev))
15244 return -ENOTCONN;
15245
15246 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
15247 return -EINVAL;
15248
15249 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
15250 info->attrs[NL80211_ATTR_NAN_FUNC],
15251 nl80211_nan_func_policy,
15252 info->extack);
15253 if (err)
15254 return err;
15255
15256 func = kzalloc(sizeof(*func), GFP_KERNEL);
15257 if (!func)
15258 return -ENOMEM;
15259
15260 func->cookie = cfg80211_assign_cookie(rdev);
15261
15262 if (!tb[NL80211_NAN_FUNC_TYPE]) {
15263 err = -EINVAL;
15264 goto out;
15265 }
15266
15267
15268 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
15269
15270 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
15271 err = -EINVAL;
15272 goto out;
15273 }
15274
15275 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
15276 sizeof(func->service_id));
15277
15278 func->close_range =
15279 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
15280
15281 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
15282 func->serv_spec_info_len =
15283 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
15284 func->serv_spec_info =
15285 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
15286 func->serv_spec_info_len,
15287 GFP_KERNEL);
15288 if (!func->serv_spec_info) {
15289 err = -ENOMEM;
15290 goto out;
15291 }
15292 }
15293
15294 if (tb[NL80211_NAN_FUNC_TTL])
15295 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
15296
15297 switch (func->type) {
15298 case NL80211_NAN_FUNC_PUBLISH:
15299 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
15300 err = -EINVAL;
15301 goto out;
15302 }
15303
15304 func->publish_type =
15305 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
15306 func->publish_bcast =
15307 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
15308
15309 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
15310 func->publish_bcast) {
15311 err = -EINVAL;
15312 goto out;
15313 }
15314 break;
15315 case NL80211_NAN_FUNC_SUBSCRIBE:
15316 func->subscribe_active =
15317 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
15318 break;
15319 case NL80211_NAN_FUNC_FOLLOW_UP:
15320 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
15321 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
15322 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
15323 err = -EINVAL;
15324 goto out;
15325 }
15326
15327 func->followup_id =
15328 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
15329 func->followup_reqid =
15330 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
15331 memcpy(func->followup_dest.addr,
15332 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
15333 sizeof(func->followup_dest.addr));
15334 if (func->ttl) {
15335 err = -EINVAL;
15336 goto out;
15337 }
15338 break;
15339 default:
15340 err = -EINVAL;
15341 goto out;
15342 }
15343
15344 if (tb[NL80211_NAN_FUNC_SRF]) {
15345 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
15346
15347 err = nla_parse_nested_deprecated(srf_tb,
15348 NL80211_NAN_SRF_ATTR_MAX,
15349 tb[NL80211_NAN_FUNC_SRF],
15350 nl80211_nan_srf_policy,
15351 info->extack);
15352 if (err)
15353 goto out;
15354
15355 func->srf_include =
15356 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
15357
15358 if (srf_tb[NL80211_NAN_SRF_BF]) {
15359 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
15360 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
15361 err = -EINVAL;
15362 goto out;
15363 }
15364
15365 func->srf_bf_len =
15366 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
15367 func->srf_bf =
15368 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
15369 func->srf_bf_len, GFP_KERNEL);
15370 if (!func->srf_bf) {
15371 err = -ENOMEM;
15372 goto out;
15373 }
15374
15375 func->srf_bf_idx =
15376 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
15377 } else {
15378 struct nlattr *attr, *mac_attr =
15379 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
15380 int n_entries, rem, i = 0;
15381
15382 if (!mac_attr) {
15383 err = -EINVAL;
15384 goto out;
15385 }
15386
15387 n_entries = validate_acl_mac_addrs(mac_attr);
15388 if (n_entries <= 0) {
15389 err = -EINVAL;
15390 goto out;
15391 }
15392
15393 func->srf_num_macs = n_entries;
15394 func->srf_macs =
15395 kcalloc(n_entries, sizeof(*func->srf_macs),
15396 GFP_KERNEL);
15397 if (!func->srf_macs) {
15398 err = -ENOMEM;
15399 goto out;
15400 }
15401
15402 nla_for_each_nested(attr, mac_attr, rem)
15403 memcpy(func->srf_macs[i++].addr, nla_data(attr),
15404 sizeof(*func->srf_macs));
15405 }
15406 }
15407
15408 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
15409 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
15410 func, true);
15411 if (err)
15412 goto out;
15413 }
15414
15415 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
15416 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
15417 func, false);
15418 if (err)
15419 goto out;
15420 }
15421
15422 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15423 if (!msg) {
15424 err = -ENOMEM;
15425 goto out;
15426 }
15427
15428 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15429 NL80211_CMD_ADD_NAN_FUNCTION);
15430 /* This can't really happen - we just allocated 4KB */
15431 if (WARN_ON(!hdr)) {
15432 err = -ENOMEM;
15433 goto out;
15434 }
15435
15436 err = rdev_add_nan_func(rdev, wdev, func);
15437 out:
15438 if (err < 0) {
15439 cfg80211_free_nan_func(func);
15440 nlmsg_free(msg);
15441 return err;
15442 }
15443
15444 /* propagate the instance id and cookie to userspace */
15445 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
15446 NL80211_ATTR_PAD))
15447 goto nla_put_failure;
15448
15449 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
15450 if (!func_attr)
15451 goto nla_put_failure;
15452
15453 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
15454 func->instance_id))
15455 goto nla_put_failure;
15456
15457 nla_nest_end(msg, func_attr);
15458
15459 genlmsg_end(msg, hdr);
15460 return genlmsg_reply(msg, info);
15461
15462 nla_put_failure:
15463 nlmsg_free(msg);
15464 return -ENOBUFS;
15465 }
15466
nl80211_nan_del_func(struct sk_buff * skb,struct genl_info * info)15467 static int nl80211_nan_del_func(struct sk_buff *skb,
15468 struct genl_info *info)
15469 {
15470 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15471 struct wireless_dev *wdev = info->user_ptr[1];
15472 u64 cookie;
15473
15474 if (wdev->iftype != NL80211_IFTYPE_NAN)
15475 return -EOPNOTSUPP;
15476
15477 if (!wdev_running(wdev))
15478 return -ENOTCONN;
15479
15480 if (!info->attrs[NL80211_ATTR_COOKIE])
15481 return -EINVAL;
15482
15483 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
15484
15485 rdev_del_nan_func(rdev, wdev, cookie);
15486
15487 return 0;
15488 }
15489
nl80211_nan_change_config(struct sk_buff * skb,struct genl_info * info)15490 static int nl80211_nan_change_config(struct sk_buff *skb,
15491 struct genl_info *info)
15492 {
15493 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15494 struct wireless_dev *wdev = info->user_ptr[1];
15495 struct cfg80211_nan_conf conf = {};
15496 u32 changed = 0;
15497
15498 if (wdev->iftype != NL80211_IFTYPE_NAN)
15499 return -EOPNOTSUPP;
15500
15501 if (!wdev_running(wdev))
15502 return -ENOTCONN;
15503
15504 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
15505 conf.master_pref =
15506 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
15507 if (conf.master_pref <= 1 || conf.master_pref == 255)
15508 return -EINVAL;
15509
15510 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
15511 }
15512
15513 if (info->attrs[NL80211_ATTR_BANDS]) {
15514 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
15515
15516 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
15517 return -EOPNOTSUPP;
15518
15519 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
15520 return -EINVAL;
15521
15522 conf.bands = bands;
15523 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
15524 }
15525
15526 if (!changed)
15527 return -EINVAL;
15528
15529 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
15530 }
15531
cfg80211_nan_match(struct wireless_dev * wdev,struct cfg80211_nan_match_params * match,gfp_t gfp)15532 void cfg80211_nan_match(struct wireless_dev *wdev,
15533 struct cfg80211_nan_match_params *match, gfp_t gfp)
15534 {
15535 struct wiphy *wiphy = wdev->wiphy;
15536 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15537 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
15538 struct sk_buff *msg;
15539 void *hdr;
15540
15541 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
15542 return;
15543
15544 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15545 if (!msg)
15546 return;
15547
15548 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
15549 if (!hdr) {
15550 nlmsg_free(msg);
15551 return;
15552 }
15553
15554 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15555 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15556 wdev->netdev->ifindex)) ||
15557 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15558 NL80211_ATTR_PAD))
15559 goto nla_put_failure;
15560
15561 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
15562 NL80211_ATTR_PAD) ||
15563 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
15564 goto nla_put_failure;
15565
15566 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
15567 if (!match_attr)
15568 goto nla_put_failure;
15569
15570 local_func_attr = nla_nest_start_noflag(msg,
15571 NL80211_NAN_MATCH_FUNC_LOCAL);
15572 if (!local_func_attr)
15573 goto nla_put_failure;
15574
15575 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
15576 goto nla_put_failure;
15577
15578 nla_nest_end(msg, local_func_attr);
15579
15580 peer_func_attr = nla_nest_start_noflag(msg,
15581 NL80211_NAN_MATCH_FUNC_PEER);
15582 if (!peer_func_attr)
15583 goto nla_put_failure;
15584
15585 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
15586 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
15587 goto nla_put_failure;
15588
15589 if (match->info && match->info_len &&
15590 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
15591 match->info))
15592 goto nla_put_failure;
15593
15594 nla_nest_end(msg, peer_func_attr);
15595 nla_nest_end(msg, match_attr);
15596 genlmsg_end(msg, hdr);
15597
15598 if (!wdev->owner_nlportid)
15599 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
15600 msg, 0, NL80211_MCGRP_NAN, gfp);
15601 else
15602 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
15603 wdev->owner_nlportid);
15604
15605 return;
15606
15607 nla_put_failure:
15608 nlmsg_free(msg);
15609 }
15610 EXPORT_SYMBOL(cfg80211_nan_match);
15611
cfg80211_nan_func_terminated(struct wireless_dev * wdev,u8 inst_id,enum nl80211_nan_func_term_reason reason,u64 cookie,gfp_t gfp)15612 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
15613 u8 inst_id,
15614 enum nl80211_nan_func_term_reason reason,
15615 u64 cookie, gfp_t gfp)
15616 {
15617 struct wiphy *wiphy = wdev->wiphy;
15618 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15619 struct sk_buff *msg;
15620 struct nlattr *func_attr;
15621 void *hdr;
15622
15623 if (WARN_ON(!inst_id))
15624 return;
15625
15626 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15627 if (!msg)
15628 return;
15629
15630 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
15631 if (!hdr) {
15632 nlmsg_free(msg);
15633 return;
15634 }
15635
15636 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15637 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15638 wdev->netdev->ifindex)) ||
15639 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15640 NL80211_ATTR_PAD))
15641 goto nla_put_failure;
15642
15643 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15644 NL80211_ATTR_PAD))
15645 goto nla_put_failure;
15646
15647 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
15648 if (!func_attr)
15649 goto nla_put_failure;
15650
15651 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
15652 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
15653 goto nla_put_failure;
15654
15655 nla_nest_end(msg, func_attr);
15656 genlmsg_end(msg, hdr);
15657
15658 if (!wdev->owner_nlportid)
15659 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
15660 msg, 0, NL80211_MCGRP_NAN, gfp);
15661 else
15662 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
15663 wdev->owner_nlportid);
15664
15665 return;
15666
15667 nla_put_failure:
15668 nlmsg_free(msg);
15669 }
15670 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
15671
nl80211_get_protocol_features(struct sk_buff * skb,struct genl_info * info)15672 static int nl80211_get_protocol_features(struct sk_buff *skb,
15673 struct genl_info *info)
15674 {
15675 void *hdr;
15676 struct sk_buff *msg;
15677
15678 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15679 if (!msg)
15680 return -ENOMEM;
15681
15682 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15683 NL80211_CMD_GET_PROTOCOL_FEATURES);
15684 if (!hdr)
15685 goto nla_put_failure;
15686
15687 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
15688 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
15689 goto nla_put_failure;
15690
15691 genlmsg_end(msg, hdr);
15692 return genlmsg_reply(msg, info);
15693
15694 nla_put_failure:
15695 kfree_skb(msg);
15696 return -ENOBUFS;
15697 }
15698
nl80211_update_ft_ies(struct sk_buff * skb,struct genl_info * info)15699 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
15700 {
15701 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15702 struct cfg80211_update_ft_ies_params ft_params;
15703 struct net_device *dev = info->user_ptr[1];
15704
15705 if (!rdev->ops->update_ft_ies)
15706 return -EOPNOTSUPP;
15707
15708 if (!info->attrs[NL80211_ATTR_MDID] ||
15709 !info->attrs[NL80211_ATTR_IE])
15710 return -EINVAL;
15711
15712 memset(&ft_params, 0, sizeof(ft_params));
15713 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
15714 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15715 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15716
15717 return rdev_update_ft_ies(rdev, dev, &ft_params);
15718 }
15719
nl80211_crit_protocol_start(struct sk_buff * skb,struct genl_info * info)15720 static int nl80211_crit_protocol_start(struct sk_buff *skb,
15721 struct genl_info *info)
15722 {
15723 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15724 struct wireless_dev *wdev = info->user_ptr[1];
15725 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
15726 u16 duration;
15727 int ret;
15728
15729 if (!rdev->ops->crit_proto_start)
15730 return -EOPNOTSUPP;
15731
15732 if (WARN_ON(!rdev->ops->crit_proto_stop))
15733 return -EINVAL;
15734
15735 if (rdev->crit_proto_nlportid)
15736 return -EBUSY;
15737
15738 /* determine protocol if provided */
15739 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
15740 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
15741
15742 if (proto >= NUM_NL80211_CRIT_PROTO)
15743 return -EINVAL;
15744
15745 /* timeout must be provided */
15746 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
15747 return -EINVAL;
15748
15749 duration =
15750 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
15751
15752 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
15753 if (!ret)
15754 rdev->crit_proto_nlportid = info->snd_portid;
15755
15756 return ret;
15757 }
15758
nl80211_crit_protocol_stop(struct sk_buff * skb,struct genl_info * info)15759 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
15760 struct genl_info *info)
15761 {
15762 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15763 struct wireless_dev *wdev = info->user_ptr[1];
15764
15765 if (!rdev->ops->crit_proto_stop)
15766 return -EOPNOTSUPP;
15767
15768 if (rdev->crit_proto_nlportid) {
15769 rdev->crit_proto_nlportid = 0;
15770 rdev_crit_proto_stop(rdev, wdev);
15771 }
15772 return 0;
15773 }
15774
nl80211_vendor_check_policy(const struct wiphy_vendor_command * vcmd,struct nlattr * attr,struct netlink_ext_ack * extack)15775 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
15776 struct nlattr *attr,
15777 struct netlink_ext_ack *extack)
15778 {
15779 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
15780 if (attr->nla_type & NLA_F_NESTED) {
15781 NL_SET_ERR_MSG_ATTR(extack, attr,
15782 "unexpected nested data");
15783 return -EINVAL;
15784 }
15785
15786 return 0;
15787 }
15788
15789 if (!(attr->nla_type & NLA_F_NESTED)) {
15790 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
15791 return -EINVAL;
15792 }
15793
15794 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
15795 }
15796
nl80211_vendor_cmd(struct sk_buff * skb,struct genl_info * info)15797 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
15798 {
15799 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15800 struct wireless_dev *wdev =
15801 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
15802 info->attrs);
15803 int i, err;
15804 u32 vid, subcmd;
15805
15806 if (!rdev->wiphy.vendor_commands)
15807 return -EOPNOTSUPP;
15808
15809 if (IS_ERR(wdev)) {
15810 err = PTR_ERR(wdev);
15811 if (err != -EINVAL)
15812 return err;
15813 wdev = NULL;
15814 } else if (wdev->wiphy != &rdev->wiphy) {
15815 return -EINVAL;
15816 }
15817
15818 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
15819 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
15820 return -EINVAL;
15821
15822 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
15823 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
15824 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
15825 const struct wiphy_vendor_command *vcmd;
15826 void *data = NULL;
15827 int len = 0;
15828
15829 vcmd = &rdev->wiphy.vendor_commands[i];
15830
15831 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15832 continue;
15833
15834 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15835 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15836 if (!wdev)
15837 return -EINVAL;
15838 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15839 !wdev->netdev)
15840 return -EINVAL;
15841
15842 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15843 if (!wdev_running(wdev))
15844 return -ENETDOWN;
15845 }
15846 } else {
15847 wdev = NULL;
15848 }
15849
15850 if (!vcmd->doit)
15851 return -EOPNOTSUPP;
15852
15853 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
15854 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15855 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15856
15857 err = nl80211_vendor_check_policy(vcmd,
15858 info->attrs[NL80211_ATTR_VENDOR_DATA],
15859 info->extack);
15860 if (err)
15861 return err;
15862 }
15863
15864 rdev->cur_cmd_info = info;
15865 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
15866 rdev->cur_cmd_info = NULL;
15867 return err;
15868 }
15869
15870 return -EOPNOTSUPP;
15871 }
15872
nl80211_prepare_vendor_dump(struct sk_buff * skb,struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)15873 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
15874 struct netlink_callback *cb,
15875 struct cfg80211_registered_device **rdev,
15876 struct wireless_dev **wdev)
15877 {
15878 struct nlattr **attrbuf;
15879 u32 vid, subcmd;
15880 unsigned int i;
15881 int vcmd_idx = -1;
15882 int err;
15883 void *data = NULL;
15884 unsigned int data_len = 0;
15885
15886 if (cb->args[0]) {
15887 /* subtract the 1 again here */
15888 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
15889 struct wireless_dev *tmp;
15890
15891 if (!wiphy)
15892 return -ENODEV;
15893 *rdev = wiphy_to_rdev(wiphy);
15894 *wdev = NULL;
15895
15896 if (cb->args[1]) {
15897 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
15898 if (tmp->identifier == cb->args[1] - 1) {
15899 *wdev = tmp;
15900 break;
15901 }
15902 }
15903 }
15904
15905 /* keep rtnl locked in successful case */
15906 return 0;
15907 }
15908
15909 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
15910 if (!attrbuf)
15911 return -ENOMEM;
15912
15913 err = nlmsg_parse_deprecated(cb->nlh,
15914 GENL_HDRLEN + nl80211_fam.hdrsize,
15915 attrbuf, nl80211_fam.maxattr,
15916 nl80211_policy, NULL);
15917 if (err)
15918 goto out;
15919
15920 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
15921 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
15922 err = -EINVAL;
15923 goto out;
15924 }
15925
15926 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
15927 if (IS_ERR(*wdev))
15928 *wdev = NULL;
15929
15930 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
15931 if (IS_ERR(*rdev)) {
15932 err = PTR_ERR(*rdev);
15933 goto out;
15934 }
15935
15936 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
15937 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
15938
15939 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
15940 const struct wiphy_vendor_command *vcmd;
15941
15942 vcmd = &(*rdev)->wiphy.vendor_commands[i];
15943
15944 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15945 continue;
15946
15947 if (!vcmd->dumpit) {
15948 err = -EOPNOTSUPP;
15949 goto out;
15950 }
15951
15952 vcmd_idx = i;
15953 break;
15954 }
15955
15956 if (vcmd_idx < 0) {
15957 err = -EOPNOTSUPP;
15958 goto out;
15959 }
15960
15961 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
15962 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15963 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15964
15965 err = nl80211_vendor_check_policy(
15966 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
15967 attrbuf[NL80211_ATTR_VENDOR_DATA],
15968 cb->extack);
15969 if (err)
15970 goto out;
15971 }
15972
15973 /* 0 is the first index - add 1 to parse only once */
15974 cb->args[0] = (*rdev)->wiphy_idx + 1;
15975 /* add 1 to know if it was NULL */
15976 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
15977 cb->args[2] = vcmd_idx;
15978 cb->args[3] = (unsigned long)data;
15979 cb->args[4] = data_len;
15980
15981 /* keep rtnl locked in successful case */
15982 err = 0;
15983 out:
15984 kfree(attrbuf);
15985 return err;
15986 }
15987
nl80211_vendor_cmd_dump(struct sk_buff * skb,struct netlink_callback * cb)15988 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
15989 struct netlink_callback *cb)
15990 {
15991 struct cfg80211_registered_device *rdev;
15992 struct wireless_dev *wdev;
15993 unsigned int vcmd_idx;
15994 const struct wiphy_vendor_command *vcmd;
15995 void *data;
15996 int data_len;
15997 int err;
15998 struct nlattr *vendor_data;
15999
16000 rtnl_lock();
16001 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
16002 if (err)
16003 goto out;
16004
16005 vcmd_idx = cb->args[2];
16006 data = (void *)cb->args[3];
16007 data_len = cb->args[4];
16008 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
16009
16010 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
16011 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
16012 if (!wdev) {
16013 err = -EINVAL;
16014 goto out;
16015 }
16016 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
16017 !wdev->netdev) {
16018 err = -EINVAL;
16019 goto out;
16020 }
16021
16022 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
16023 if (!wdev_running(wdev)) {
16024 err = -ENETDOWN;
16025 goto out;
16026 }
16027 }
16028 }
16029
16030 while (1) {
16031 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
16032 cb->nlh->nlmsg_seq, NLM_F_MULTI,
16033 NL80211_CMD_VENDOR);
16034 if (!hdr)
16035 break;
16036
16037 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16038 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
16039 wdev_id(wdev),
16040 NL80211_ATTR_PAD))) {
16041 genlmsg_cancel(skb, hdr);
16042 break;
16043 }
16044
16045 vendor_data = nla_nest_start_noflag(skb,
16046 NL80211_ATTR_VENDOR_DATA);
16047 if (!vendor_data) {
16048 genlmsg_cancel(skb, hdr);
16049 break;
16050 }
16051
16052 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
16053 (unsigned long *)&cb->args[5]);
16054 nla_nest_end(skb, vendor_data);
16055
16056 if (err == -ENOBUFS || err == -ENOENT) {
16057 genlmsg_cancel(skb, hdr);
16058 break;
16059 } else if (err <= 0) {
16060 genlmsg_cancel(skb, hdr);
16061 goto out;
16062 }
16063
16064 genlmsg_end(skb, hdr);
16065 }
16066
16067 err = skb->len;
16068 out:
16069 rtnl_unlock();
16070 return err;
16071 }
16072
__cfg80211_alloc_reply_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int approxlen)16073 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
16074 enum nl80211_commands cmd,
16075 enum nl80211_attrs attr,
16076 int approxlen)
16077 {
16078 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16079
16080 if (WARN_ON(!rdev->cur_cmd_info))
16081 return NULL;
16082
16083 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
16084 rdev->cur_cmd_info->snd_portid,
16085 rdev->cur_cmd_info->snd_seq,
16086 cmd, attr, NULL, GFP_KERNEL);
16087 }
16088 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
16089
cfg80211_vendor_cmd_reply(struct sk_buff * skb)16090 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
16091 {
16092 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
16093 void *hdr = ((void **)skb->cb)[1];
16094 struct nlattr *data = ((void **)skb->cb)[2];
16095
16096 /* clear CB data for netlink core to own from now on */
16097 memset(skb->cb, 0, sizeof(skb->cb));
16098
16099 if (WARN_ON(!rdev->cur_cmd_info)) {
16100 kfree_skb(skb);
16101 return -EINVAL;
16102 }
16103
16104 nla_nest_end(skb, data);
16105 genlmsg_end(skb, hdr);
16106 return genlmsg_reply(skb, rdev->cur_cmd_info);
16107 }
16108 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
16109
cfg80211_vendor_cmd_get_sender(struct wiphy * wiphy)16110 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
16111 {
16112 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16113
16114 if (WARN_ON(!rdev->cur_cmd_info))
16115 return 0;
16116
16117 return rdev->cur_cmd_info->snd_portid;
16118 }
16119 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
16120
nl80211_set_qos_map(struct sk_buff * skb,struct genl_info * info)16121 static int nl80211_set_qos_map(struct sk_buff *skb,
16122 struct genl_info *info)
16123 {
16124 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16125 struct cfg80211_qos_map *qos_map = NULL;
16126 struct net_device *dev = info->user_ptr[1];
16127 u8 *pos, len, num_des, des_len, des;
16128 int ret;
16129
16130 if (!rdev->ops->set_qos_map)
16131 return -EOPNOTSUPP;
16132
16133 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
16134 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
16135 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
16136
16137 if (len % 2)
16138 return -EINVAL;
16139
16140 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
16141 if (!qos_map)
16142 return -ENOMEM;
16143
16144 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
16145 if (num_des) {
16146 des_len = num_des *
16147 sizeof(struct cfg80211_dscp_exception);
16148 memcpy(qos_map->dscp_exception, pos, des_len);
16149 qos_map->num_des = num_des;
16150 for (des = 0; des < num_des; des++) {
16151 if (qos_map->dscp_exception[des].up > 7) {
16152 kfree(qos_map);
16153 return -EINVAL;
16154 }
16155 }
16156 pos += des_len;
16157 }
16158 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
16159 }
16160
16161 ret = nl80211_key_allowed(dev->ieee80211_ptr);
16162 if (!ret)
16163 ret = rdev_set_qos_map(rdev, dev, qos_map);
16164
16165 kfree(qos_map);
16166 return ret;
16167 }
16168
nl80211_add_tx_ts(struct sk_buff * skb,struct genl_info * info)16169 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
16170 {
16171 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16172 struct net_device *dev = info->user_ptr[1];
16173 struct wireless_dev *wdev = dev->ieee80211_ptr;
16174 const u8 *peer;
16175 u8 tsid, up;
16176 u16 admitted_time = 0;
16177
16178 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
16179 return -EOPNOTSUPP;
16180
16181 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
16182 !info->attrs[NL80211_ATTR_USER_PRIO])
16183 return -EINVAL;
16184
16185 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
16186 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
16187
16188 /* WMM uses TIDs 0-7 even for TSPEC */
16189 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
16190 /* TODO: handle 802.11 TSPEC/admission control
16191 * need more attributes for that (e.g. BA session requirement);
16192 * change the WMM admission test above to allow both then
16193 */
16194 return -EINVAL;
16195 }
16196
16197 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16198
16199 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
16200 admitted_time =
16201 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
16202 if (!admitted_time)
16203 return -EINVAL;
16204 }
16205
16206 switch (wdev->iftype) {
16207 case NL80211_IFTYPE_STATION:
16208 case NL80211_IFTYPE_P2P_CLIENT:
16209 if (wdev->connected)
16210 break;
16211 return -ENOTCONN;
16212 default:
16213 return -EOPNOTSUPP;
16214 }
16215
16216 return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
16217 }
16218
nl80211_del_tx_ts(struct sk_buff * skb,struct genl_info * info)16219 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
16220 {
16221 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16222 struct net_device *dev = info->user_ptr[1];
16223 const u8 *peer;
16224 u8 tsid;
16225
16226 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
16227 return -EINVAL;
16228
16229 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
16230 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16231
16232 return rdev_del_tx_ts(rdev, dev, tsid, peer);
16233 }
16234
nl80211_tdls_channel_switch(struct sk_buff * skb,struct genl_info * info)16235 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
16236 struct genl_info *info)
16237 {
16238 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16239 struct net_device *dev = info->user_ptr[1];
16240 struct wireless_dev *wdev = dev->ieee80211_ptr;
16241 struct cfg80211_chan_def chandef = {};
16242 const u8 *addr;
16243 u8 oper_class;
16244 int err;
16245
16246 if (!rdev->ops->tdls_channel_switch ||
16247 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
16248 return -EOPNOTSUPP;
16249
16250 switch (dev->ieee80211_ptr->iftype) {
16251 case NL80211_IFTYPE_STATION:
16252 case NL80211_IFTYPE_P2P_CLIENT:
16253 break;
16254 default:
16255 return -EOPNOTSUPP;
16256 }
16257
16258 if (!info->attrs[NL80211_ATTR_MAC] ||
16259 !info->attrs[NL80211_ATTR_OPER_CLASS])
16260 return -EINVAL;
16261
16262 err = nl80211_parse_chandef(rdev, info, &chandef);
16263 if (err)
16264 return err;
16265
16266 /*
16267 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
16268 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
16269 * specification is not defined for them.
16270 */
16271 if (chandef.chan->band == NL80211_BAND_2GHZ &&
16272 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
16273 chandef.width != NL80211_CHAN_WIDTH_20)
16274 return -EINVAL;
16275
16276 /* we will be active on the TDLS link */
16277 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
16278 wdev->iftype))
16279 return -EINVAL;
16280
16281 /* don't allow switching to DFS channels */
16282 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
16283 return -EINVAL;
16284
16285 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16286 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
16287
16288 return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
16289 }
16290
nl80211_tdls_cancel_channel_switch(struct sk_buff * skb,struct genl_info * info)16291 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
16292 struct genl_info *info)
16293 {
16294 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16295 struct net_device *dev = info->user_ptr[1];
16296 const u8 *addr;
16297
16298 if (!rdev->ops->tdls_channel_switch ||
16299 !rdev->ops->tdls_cancel_channel_switch ||
16300 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
16301 return -EOPNOTSUPP;
16302
16303 switch (dev->ieee80211_ptr->iftype) {
16304 case NL80211_IFTYPE_STATION:
16305 case NL80211_IFTYPE_P2P_CLIENT:
16306 break;
16307 default:
16308 return -EOPNOTSUPP;
16309 }
16310
16311 if (!info->attrs[NL80211_ATTR_MAC])
16312 return -EINVAL;
16313
16314 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16315
16316 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
16317
16318 return 0;
16319 }
16320
nl80211_set_multicast_to_unicast(struct sk_buff * skb,struct genl_info * info)16321 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
16322 struct genl_info *info)
16323 {
16324 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16325 struct net_device *dev = info->user_ptr[1];
16326 struct wireless_dev *wdev = dev->ieee80211_ptr;
16327 const struct nlattr *nla;
16328 bool enabled;
16329
16330 if (!rdev->ops->set_multicast_to_unicast)
16331 return -EOPNOTSUPP;
16332
16333 if (wdev->iftype != NL80211_IFTYPE_AP &&
16334 wdev->iftype != NL80211_IFTYPE_P2P_GO)
16335 return -EOPNOTSUPP;
16336
16337 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
16338 enabled = nla_get_flag(nla);
16339
16340 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
16341 }
16342
nl80211_set_pmk(struct sk_buff * skb,struct genl_info * info)16343 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
16344 {
16345 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16346 struct net_device *dev = info->user_ptr[1];
16347 struct wireless_dev *wdev = dev->ieee80211_ptr;
16348 struct cfg80211_pmk_conf pmk_conf = {};
16349
16350 if (wdev->iftype != NL80211_IFTYPE_STATION &&
16351 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
16352 return -EOPNOTSUPP;
16353
16354 if (!wiphy_ext_feature_isset(&rdev->wiphy,
16355 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
16356 return -EOPNOTSUPP;
16357
16358 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
16359 return -EINVAL;
16360
16361 if (!wdev->connected)
16362 return -ENOTCONN;
16363
16364 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
16365 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
16366 return -EINVAL;
16367
16368 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
16369 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
16370 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
16371 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
16372 return -EINVAL;
16373
16374 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
16375 pmk_conf.pmk_r0_name =
16376 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
16377
16378 return rdev_set_pmk(rdev, dev, &pmk_conf);
16379 }
16380
nl80211_del_pmk(struct sk_buff * skb,struct genl_info * info)16381 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
16382 {
16383 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16384 struct net_device *dev = info->user_ptr[1];
16385 struct wireless_dev *wdev = dev->ieee80211_ptr;
16386 const u8 *aa;
16387
16388 if (wdev->iftype != NL80211_IFTYPE_STATION &&
16389 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
16390 return -EOPNOTSUPP;
16391
16392 if (!wiphy_ext_feature_isset(&rdev->wiphy,
16393 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
16394 return -EOPNOTSUPP;
16395
16396 if (!info->attrs[NL80211_ATTR_MAC])
16397 return -EINVAL;
16398
16399 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
16400 return rdev_del_pmk(rdev, dev, aa);
16401 }
16402
nl80211_external_auth(struct sk_buff * skb,struct genl_info * info)16403 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
16404 {
16405 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16406 struct net_device *dev = info->user_ptr[1];
16407 struct cfg80211_external_auth_params params;
16408
16409 if (!rdev->ops->external_auth)
16410 return -EOPNOTSUPP;
16411
16412 if (!info->attrs[NL80211_ATTR_SSID] &&
16413 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
16414 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
16415 return -EINVAL;
16416
16417 if (!info->attrs[NL80211_ATTR_BSSID])
16418 return -EINVAL;
16419
16420 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
16421 return -EINVAL;
16422
16423 memset(¶ms, 0, sizeof(params));
16424
16425 if (info->attrs[NL80211_ATTR_SSID]) {
16426 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
16427 if (params.ssid.ssid_len == 0)
16428 return -EINVAL;
16429 memcpy(params.ssid.ssid,
16430 nla_data(info->attrs[NL80211_ATTR_SSID]),
16431 params.ssid.ssid_len);
16432 }
16433
16434 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
16435 ETH_ALEN);
16436
16437 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
16438
16439 if (info->attrs[NL80211_ATTR_PMKID])
16440 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
16441
16442 return rdev_external_auth(rdev, dev, ¶ms);
16443 }
16444
nl80211_tx_control_port(struct sk_buff * skb,struct genl_info * info)16445 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
16446 {
16447 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
16448 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16449 struct net_device *dev = info->user_ptr[1];
16450 struct wireless_dev *wdev = dev->ieee80211_ptr;
16451 const u8 *buf;
16452 size_t len;
16453 u8 *dest;
16454 u16 proto;
16455 bool noencrypt;
16456 u64 cookie = 0;
16457 int link_id;
16458 int err;
16459
16460 if (!wiphy_ext_feature_isset(&rdev->wiphy,
16461 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
16462 return -EOPNOTSUPP;
16463
16464 if (!rdev->ops->tx_control_port)
16465 return -EOPNOTSUPP;
16466
16467 if (!info->attrs[NL80211_ATTR_FRAME] ||
16468 !info->attrs[NL80211_ATTR_MAC] ||
16469 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
16470 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
16471 return -EINVAL;
16472 }
16473
16474 switch (wdev->iftype) {
16475 case NL80211_IFTYPE_AP:
16476 case NL80211_IFTYPE_P2P_GO:
16477 case NL80211_IFTYPE_MESH_POINT:
16478 break;
16479 case NL80211_IFTYPE_ADHOC:
16480 if (wdev->u.ibss.current_bss)
16481 break;
16482 return -ENOTCONN;
16483 case NL80211_IFTYPE_STATION:
16484 case NL80211_IFTYPE_P2P_CLIENT:
16485 if (wdev->connected)
16486 break;
16487 return -ENOTCONN;
16488 default:
16489 return -EOPNOTSUPP;
16490 }
16491
16492 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
16493 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
16494 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
16495 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
16496 noencrypt =
16497 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
16498
16499 link_id = nl80211_link_id_or_invalid(info->attrs);
16500
16501 err = rdev_tx_control_port(rdev, dev, buf, len,
16502 dest, cpu_to_be16(proto), noencrypt, link_id,
16503 dont_wait_for_ack ? NULL : &cookie);
16504 if (!err && !dont_wait_for_ack)
16505 nl_set_extack_cookie_u64(info->extack, cookie);
16506 return err;
16507 }
16508
nl80211_get_ftm_responder_stats(struct sk_buff * skb,struct genl_info * info)16509 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
16510 struct genl_info *info)
16511 {
16512 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16513 struct net_device *dev = info->user_ptr[1];
16514 struct wireless_dev *wdev = dev->ieee80211_ptr;
16515 struct cfg80211_ftm_responder_stats ftm_stats = {};
16516 unsigned int link_id = nl80211_link_id(info->attrs);
16517 struct sk_buff *msg;
16518 void *hdr;
16519 struct nlattr *ftm_stats_attr;
16520 int err;
16521
16522 if (wdev->iftype != NL80211_IFTYPE_AP ||
16523 !wdev->links[link_id].ap.beacon_interval)
16524 return -EOPNOTSUPP;
16525
16526 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
16527 if (err)
16528 return err;
16529
16530 if (!ftm_stats.filled)
16531 return -ENODATA;
16532
16533 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16534 if (!msg)
16535 return -ENOMEM;
16536
16537 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
16538 NL80211_CMD_GET_FTM_RESPONDER_STATS);
16539 if (!hdr)
16540 goto nla_put_failure;
16541
16542 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16543 goto nla_put_failure;
16544
16545 ftm_stats_attr = nla_nest_start_noflag(msg,
16546 NL80211_ATTR_FTM_RESPONDER_STATS);
16547 if (!ftm_stats_attr)
16548 goto nla_put_failure;
16549
16550 #define SET_FTM(field, name, type) \
16551 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
16552 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
16553 ftm_stats.field)) \
16554 goto nla_put_failure; } while (0)
16555 #define SET_FTM_U64(field, name) \
16556 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
16557 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
16558 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
16559 goto nla_put_failure; } while (0)
16560
16561 SET_FTM(success_num, SUCCESS_NUM, u32);
16562 SET_FTM(partial_num, PARTIAL_NUM, u32);
16563 SET_FTM(failed_num, FAILED_NUM, u32);
16564 SET_FTM(asap_num, ASAP_NUM, u32);
16565 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
16566 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
16567 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
16568 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
16569 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
16570 #undef SET_FTM
16571
16572 nla_nest_end(msg, ftm_stats_attr);
16573
16574 genlmsg_end(msg, hdr);
16575 return genlmsg_reply(msg, info);
16576
16577 nla_put_failure:
16578 nlmsg_free(msg);
16579 return -ENOBUFS;
16580 }
16581
nl80211_update_owe_info(struct sk_buff * skb,struct genl_info * info)16582 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
16583 {
16584 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16585 struct cfg80211_update_owe_info owe_info;
16586 struct net_device *dev = info->user_ptr[1];
16587
16588 if (!rdev->ops->update_owe_info)
16589 return -EOPNOTSUPP;
16590
16591 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
16592 !info->attrs[NL80211_ATTR_MAC])
16593 return -EINVAL;
16594
16595 memset(&owe_info, 0, sizeof(owe_info));
16596 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
16597 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
16598
16599 if (info->attrs[NL80211_ATTR_IE]) {
16600 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
16601 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
16602 }
16603
16604 return rdev_update_owe_info(rdev, dev, &owe_info);
16605 }
16606
nl80211_probe_mesh_link(struct sk_buff * skb,struct genl_info * info)16607 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
16608 {
16609 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16610 struct net_device *dev = info->user_ptr[1];
16611 struct wireless_dev *wdev = dev->ieee80211_ptr;
16612 struct station_info sinfo = {};
16613 const u8 *buf;
16614 size_t len;
16615 u8 *dest;
16616 int err;
16617
16618 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
16619 return -EOPNOTSUPP;
16620
16621 if (!info->attrs[NL80211_ATTR_MAC] ||
16622 !info->attrs[NL80211_ATTR_FRAME]) {
16623 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
16624 return -EINVAL;
16625 }
16626
16627 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
16628 return -EOPNOTSUPP;
16629
16630 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
16631 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
16632 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
16633
16634 if (len < sizeof(struct ethhdr))
16635 return -EINVAL;
16636
16637 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
16638 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
16639 return -EINVAL;
16640
16641 err = rdev_get_station(rdev, dev, dest, &sinfo);
16642 if (err)
16643 return err;
16644
16645 cfg80211_sinfo_release_content(&sinfo);
16646
16647 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
16648 }
16649
parse_tid_conf(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct net_device * dev,struct cfg80211_tid_cfg * tid_conf,struct genl_info * info,const u8 * peer,unsigned int link_id)16650 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
16651 struct nlattr *attrs[], struct net_device *dev,
16652 struct cfg80211_tid_cfg *tid_conf,
16653 struct genl_info *info, const u8 *peer,
16654 unsigned int link_id)
16655 {
16656 struct netlink_ext_ack *extack = info->extack;
16657 u64 mask;
16658 int err;
16659
16660 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
16661 return -EINVAL;
16662
16663 tid_conf->config_override =
16664 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
16665 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
16666
16667 if (tid_conf->config_override) {
16668 if (rdev->ops->reset_tid_config) {
16669 err = rdev_reset_tid_config(rdev, dev, peer,
16670 tid_conf->tids);
16671 if (err)
16672 return err;
16673 } else {
16674 return -EINVAL;
16675 }
16676 }
16677
16678 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
16679 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
16680 tid_conf->noack =
16681 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
16682 }
16683
16684 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
16685 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
16686 tid_conf->retry_short =
16687 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
16688
16689 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
16690 return -EINVAL;
16691 }
16692
16693 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
16694 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
16695 tid_conf->retry_long =
16696 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
16697
16698 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
16699 return -EINVAL;
16700 }
16701
16702 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
16703 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
16704 tid_conf->ampdu =
16705 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
16706 }
16707
16708 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
16709 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
16710 tid_conf->rtscts =
16711 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
16712 }
16713
16714 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
16715 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
16716 tid_conf->amsdu =
16717 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
16718 }
16719
16720 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
16721 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
16722
16723 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
16724
16725 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
16726 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
16727 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
16728 &tid_conf->txrate_mask, dev,
16729 true, link_id);
16730 if (err)
16731 return err;
16732
16733 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
16734 }
16735 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
16736 }
16737
16738 if (peer)
16739 mask = rdev->wiphy.tid_config_support.peer;
16740 else
16741 mask = rdev->wiphy.tid_config_support.vif;
16742
16743 if (tid_conf->mask & ~mask) {
16744 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
16745 return -EOPNOTSUPP;
16746 }
16747
16748 return 0;
16749 }
16750
nl80211_set_tid_config(struct sk_buff * skb,struct genl_info * info)16751 static int nl80211_set_tid_config(struct sk_buff *skb,
16752 struct genl_info *info)
16753 {
16754 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16755 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
16756 unsigned int link_id = nl80211_link_id(info->attrs);
16757 struct net_device *dev = info->user_ptr[1];
16758 struct cfg80211_tid_config *tid_config;
16759 struct nlattr *tid;
16760 int conf_idx = 0, rem_conf;
16761 int ret = -EINVAL;
16762 u32 num_conf = 0;
16763
16764 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
16765 return -EINVAL;
16766
16767 if (!rdev->ops->set_tid_config)
16768 return -EOPNOTSUPP;
16769
16770 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16771 rem_conf)
16772 num_conf++;
16773
16774 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
16775 GFP_KERNEL);
16776 if (!tid_config)
16777 return -ENOMEM;
16778
16779 tid_config->n_tid_conf = num_conf;
16780
16781 if (info->attrs[NL80211_ATTR_MAC])
16782 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16783
16784 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16785 rem_conf) {
16786 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
16787 tid, NULL, NULL);
16788
16789 if (ret)
16790 goto bad_tid_conf;
16791
16792 ret = parse_tid_conf(rdev, attrs, dev,
16793 &tid_config->tid_conf[conf_idx],
16794 info, tid_config->peer, link_id);
16795 if (ret)
16796 goto bad_tid_conf;
16797
16798 conf_idx++;
16799 }
16800
16801 ret = rdev_set_tid_config(rdev, dev, tid_config);
16802
16803 bad_tid_conf:
16804 kfree(tid_config);
16805 return ret;
16806 }
16807
nl80211_color_change(struct sk_buff * skb,struct genl_info * info)16808 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
16809 {
16810 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16811 struct cfg80211_color_change_settings params = {};
16812 struct net_device *dev = info->user_ptr[1];
16813 struct wireless_dev *wdev = dev->ieee80211_ptr;
16814 struct nlattr **tb;
16815 u16 offset;
16816 int err;
16817
16818 if (!rdev->ops->color_change)
16819 return -EOPNOTSUPP;
16820
16821 if (!wiphy_ext_feature_isset(&rdev->wiphy,
16822 NL80211_EXT_FEATURE_BSS_COLOR))
16823 return -EOPNOTSUPP;
16824
16825 if (wdev->iftype != NL80211_IFTYPE_AP)
16826 return -EOPNOTSUPP;
16827
16828 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
16829 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
16830 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
16831 return -EINVAL;
16832
16833 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
16834 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
16835
16836 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next,
16837 info->extack);
16838 if (err)
16839 return err;
16840
16841 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
16842 if (!tb)
16843 return -ENOMEM;
16844
16845 err = nla_parse_nested(tb, NL80211_ATTR_MAX,
16846 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
16847 nl80211_policy, info->extack);
16848 if (err)
16849 goto out;
16850
16851 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change,
16852 info->extack);
16853 if (err)
16854 goto out;
16855
16856 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
16857 err = -EINVAL;
16858 goto out;
16859 }
16860
16861 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
16862 err = -EINVAL;
16863 goto out;
16864 }
16865
16866 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
16867 if (offset >= params.beacon_color_change.tail_len) {
16868 err = -EINVAL;
16869 goto out;
16870 }
16871
16872 if (params.beacon_color_change.tail[offset] != params.count) {
16873 err = -EINVAL;
16874 goto out;
16875 }
16876
16877 params.counter_offset_beacon = offset;
16878
16879 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
16880 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
16881 sizeof(u16)) {
16882 err = -EINVAL;
16883 goto out;
16884 }
16885
16886 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
16887 if (offset >= params.beacon_color_change.probe_resp_len) {
16888 err = -EINVAL;
16889 goto out;
16890 }
16891
16892 if (params.beacon_color_change.probe_resp[offset] !=
16893 params.count) {
16894 err = -EINVAL;
16895 goto out;
16896 }
16897
16898 params.counter_offset_presp = offset;
16899 }
16900
16901 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
16902 err = nl80211_parse_unsol_bcast_probe_resp(
16903 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
16904 ¶ms.unsol_bcast_probe_resp);
16905 if (err)
16906 goto out;
16907 }
16908
16909 params.link_id = nl80211_link_id(info->attrs);
16910 err = rdev_color_change(rdev, dev, ¶ms);
16911
16912 out:
16913 kfree(params.beacon_next.mbssid_ies);
16914 kfree(params.beacon_color_change.mbssid_ies);
16915 kfree(params.beacon_next.rnr_ies);
16916 kfree(params.beacon_color_change.rnr_ies);
16917 kfree(tb);
16918 return err;
16919 }
16920
nl80211_set_fils_aad(struct sk_buff * skb,struct genl_info * info)16921 static int nl80211_set_fils_aad(struct sk_buff *skb,
16922 struct genl_info *info)
16923 {
16924 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16925 struct net_device *dev = info->user_ptr[1];
16926 struct cfg80211_fils_aad fils_aad = {};
16927 u8 *nonces;
16928
16929 if (!info->attrs[NL80211_ATTR_MAC] ||
16930 !info->attrs[NL80211_ATTR_FILS_KEK] ||
16931 !info->attrs[NL80211_ATTR_FILS_NONCES])
16932 return -EINVAL;
16933
16934 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16935 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
16936 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
16937 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
16938 fils_aad.snonce = nonces;
16939 fils_aad.anonce = nonces + FILS_NONCE_LEN;
16940
16941 return rdev_set_fils_aad(rdev, dev, &fils_aad);
16942 }
16943
nl80211_add_link(struct sk_buff * skb,struct genl_info * info)16944 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
16945 {
16946 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16947 unsigned int link_id = nl80211_link_id(info->attrs);
16948 struct net_device *dev = info->user_ptr[1];
16949 struct wireless_dev *wdev = dev->ieee80211_ptr;
16950 int ret;
16951
16952 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
16953 return -EINVAL;
16954
16955 switch (wdev->iftype) {
16956 case NL80211_IFTYPE_AP:
16957 break;
16958 default:
16959 return -EINVAL;
16960 }
16961
16962 if (!info->attrs[NL80211_ATTR_MAC] ||
16963 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
16964 return -EINVAL;
16965
16966 wdev->valid_links |= BIT(link_id);
16967 ether_addr_copy(wdev->links[link_id].addr,
16968 nla_data(info->attrs[NL80211_ATTR_MAC]));
16969
16970 ret = rdev_add_intf_link(rdev, wdev, link_id);
16971 if (ret) {
16972 wdev->valid_links &= ~BIT(link_id);
16973 eth_zero_addr(wdev->links[link_id].addr);
16974 }
16975
16976 return ret;
16977 }
16978
nl80211_remove_link(struct sk_buff * skb,struct genl_info * info)16979 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
16980 {
16981 unsigned int link_id = nl80211_link_id(info->attrs);
16982 struct net_device *dev = info->user_ptr[1];
16983 struct wireless_dev *wdev = dev->ieee80211_ptr;
16984
16985 /* cannot remove if there's no link */
16986 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16987 return -EINVAL;
16988
16989 switch (wdev->iftype) {
16990 case NL80211_IFTYPE_AP:
16991 break;
16992 default:
16993 return -EINVAL;
16994 }
16995
16996 cfg80211_remove_link(wdev, link_id);
16997
16998 return 0;
16999 }
17000
17001 static int
nl80211_add_mod_link_station(struct sk_buff * skb,struct genl_info * info,bool add)17002 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
17003 bool add)
17004 {
17005 struct link_station_parameters params = {};
17006 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17007 struct net_device *dev = info->user_ptr[1];
17008 int err;
17009
17010 if ((add && !rdev->ops->add_link_station) ||
17011 (!add && !rdev->ops->mod_link_station))
17012 return -EOPNOTSUPP;
17013
17014 if (add && !info->attrs[NL80211_ATTR_MAC])
17015 return -EINVAL;
17016
17017 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
17018 return -EINVAL;
17019
17020 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
17021 return -EINVAL;
17022
17023 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
17024
17025 if (info->attrs[NL80211_ATTR_MAC]) {
17026 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
17027 if (!is_valid_ether_addr(params.link_mac))
17028 return -EINVAL;
17029 }
17030
17031 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
17032 return -EINVAL;
17033
17034 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
17035
17036 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
17037 params.supported_rates =
17038 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
17039 params.supported_rates_len =
17040 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
17041 }
17042
17043 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
17044 params.ht_capa =
17045 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
17046
17047 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
17048 params.vht_capa =
17049 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
17050
17051 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
17052 params.he_capa =
17053 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
17054 params.he_capa_len =
17055 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
17056
17057 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
17058 params.eht_capa =
17059 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
17060 params.eht_capa_len =
17061 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
17062
17063 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
17064 (const u8 *)params.eht_capa,
17065 params.eht_capa_len,
17066 false))
17067 return -EINVAL;
17068 }
17069 }
17070
17071 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
17072 params.he_6ghz_capa =
17073 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
17074
17075 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
17076 params.opmode_notif_used = true;
17077 params.opmode_notif =
17078 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
17079 }
17080
17081 err = nl80211_parse_sta_txpower_setting(info, ¶ms.txpwr,
17082 ¶ms.txpwr_set);
17083 if (err)
17084 return err;
17085
17086 if (add)
17087 return rdev_add_link_station(rdev, dev, ¶ms);
17088
17089 return rdev_mod_link_station(rdev, dev, ¶ms);
17090 }
17091
17092 static int
nl80211_add_link_station(struct sk_buff * skb,struct genl_info * info)17093 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
17094 {
17095 return nl80211_add_mod_link_station(skb, info, true);
17096 }
17097
17098 static int
nl80211_modify_link_station(struct sk_buff * skb,struct genl_info * info)17099 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
17100 {
17101 return nl80211_add_mod_link_station(skb, info, false);
17102 }
17103
17104 static int
nl80211_remove_link_station(struct sk_buff * skb,struct genl_info * info)17105 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
17106 {
17107 struct link_station_del_parameters params = {};
17108 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17109 struct net_device *dev = info->user_ptr[1];
17110
17111 if (!rdev->ops->del_link_station)
17112 return -EOPNOTSUPP;
17113
17114 if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
17115 !info->attrs[NL80211_ATTR_MLO_LINK_ID])
17116 return -EINVAL;
17117
17118 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
17119 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
17120
17121 return rdev_del_link_station(rdev, dev, ¶ms);
17122 }
17123
nl80211_set_hw_timestamp(struct sk_buff * skb,struct genl_info * info)17124 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
17125 struct genl_info *info)
17126 {
17127 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17128 struct net_device *dev = info->user_ptr[1];
17129 struct cfg80211_set_hw_timestamp hwts = {};
17130
17131 if (!rdev->wiphy.hw_timestamp_max_peers)
17132 return -EOPNOTSUPP;
17133
17134 if (!info->attrs[NL80211_ATTR_MAC] &&
17135 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
17136 return -EOPNOTSUPP;
17137
17138 if (info->attrs[NL80211_ATTR_MAC])
17139 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17140
17141 hwts.enable =
17142 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
17143
17144 return rdev_set_hw_timestamp(rdev, dev, &hwts);
17145 }
17146
17147 static int
nl80211_set_ttlm(struct sk_buff * skb,struct genl_info * info)17148 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
17149 {
17150 struct cfg80211_ttlm_params params = {};
17151 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17152 struct net_device *dev = info->user_ptr[1];
17153 struct wireless_dev *wdev = dev->ieee80211_ptr;
17154
17155 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17156 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17157 return -EOPNOTSUPP;
17158
17159 if (!wdev->connected)
17160 return -ENOLINK;
17161
17162 if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
17163 !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
17164 return -EINVAL;
17165
17166 nla_memcpy(params.dlink,
17167 info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
17168 sizeof(params.dlink));
17169 nla_memcpy(params.ulink,
17170 info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
17171 sizeof(params.ulink));
17172
17173 return rdev_set_ttlm(rdev, dev, ¶ms);
17174 }
17175
nl80211_assoc_ml_reconf(struct sk_buff * skb,struct genl_info * info)17176 static int nl80211_assoc_ml_reconf(struct sk_buff *skb, struct genl_info *info)
17177 {
17178 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17179 struct net_device *dev = info->user_ptr[1];
17180 struct wireless_dev *wdev = dev->ieee80211_ptr;
17181 struct cfg80211_ml_reconf_req req = {};
17182 unsigned int link_id;
17183 u16 add_links;
17184 int err;
17185
17186 if (!wdev->valid_links)
17187 return -EINVAL;
17188
17189 if (dev->ieee80211_ptr->conn_owner_nlportid &&
17190 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
17191 return -EPERM;
17192
17193 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
17194 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
17195 return -EOPNOTSUPP;
17196
17197 add_links = 0;
17198 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
17199 err = nl80211_process_links(rdev, req.add_links,
17200 /* mark as MLO, but not assoc */
17201 IEEE80211_MLD_MAX_NUM_LINKS,
17202 NULL, 0, info);
17203 if (err)
17204 return err;
17205
17206 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
17207 link_id++) {
17208 if (!req.add_links[link_id].bss)
17209 continue;
17210 add_links |= BIT(link_id);
17211 }
17212 }
17213
17214 if (info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS])
17215 req.rem_links =
17216 nla_get_u16(info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS]);
17217
17218 /* Validate that existing links are not added, removed links are valid
17219 * and don't allow adding and removing the same links
17220 */
17221 if ((add_links & req.rem_links) || !(add_links | req.rem_links) ||
17222 (wdev->valid_links & add_links) ||
17223 ((wdev->valid_links & req.rem_links) != req.rem_links)) {
17224 err = -EINVAL;
17225 goto out;
17226 }
17227
17228 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
17229 req.ext_mld_capa_ops =
17230 nla_get_u16(info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS]);
17231
17232 err = cfg80211_assoc_ml_reconf(rdev, dev, &req);
17233
17234 out:
17235 for (link_id = 0; link_id < ARRAY_SIZE(req.add_links); link_id++)
17236 cfg80211_put_bss(&rdev->wiphy, req.add_links[link_id].bss);
17237
17238 return err;
17239 }
17240
17241 static int
nl80211_epcs_cfg(struct sk_buff * skb,struct genl_info * info)17242 nl80211_epcs_cfg(struct sk_buff *skb, struct genl_info *info)
17243 {
17244 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17245 struct net_device *dev = info->user_ptr[1];
17246 struct wireless_dev *wdev = dev->ieee80211_ptr;
17247 bool val;
17248
17249 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17250 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17251 return -EOPNOTSUPP;
17252
17253 if (!wdev->connected)
17254 return -ENOLINK;
17255
17256 val = nla_get_flag(info->attrs[NL80211_ATTR_EPCS]);
17257
17258 return rdev_set_epcs(rdev, dev, val);
17259 }
17260
17261 #define NL80211_FLAG_NEED_WIPHY 0x01
17262 #define NL80211_FLAG_NEED_NETDEV 0x02
17263 #define NL80211_FLAG_NEED_RTNL 0x04
17264 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
17265 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
17266 NL80211_FLAG_CHECK_NETDEV_UP)
17267 #define NL80211_FLAG_NEED_WDEV 0x10
17268 /* If a netdev is associated, it must be UP, P2P must be started */
17269 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
17270 NL80211_FLAG_CHECK_NETDEV_UP)
17271 #define NL80211_FLAG_CLEAR_SKB 0x20
17272 #define NL80211_FLAG_NO_WIPHY_MTX 0x40
17273 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80
17274 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100
17275
17276 #define INTERNAL_FLAG_SELECTORS(__sel) \
17277 SELECTOR(__sel, NONE, 0) /* must be first */ \
17278 SELECTOR(__sel, WIPHY, \
17279 NL80211_FLAG_NEED_WIPHY) \
17280 SELECTOR(__sel, WDEV, \
17281 NL80211_FLAG_NEED_WDEV) \
17282 SELECTOR(__sel, NETDEV, \
17283 NL80211_FLAG_NEED_NETDEV) \
17284 SELECTOR(__sel, NETDEV_LINK, \
17285 NL80211_FLAG_NEED_NETDEV | \
17286 NL80211_FLAG_MLO_VALID_LINK_ID) \
17287 SELECTOR(__sel, NETDEV_NO_MLO, \
17288 NL80211_FLAG_NEED_NETDEV | \
17289 NL80211_FLAG_MLO_UNSUPPORTED) \
17290 SELECTOR(__sel, WIPHY_RTNL, \
17291 NL80211_FLAG_NEED_WIPHY | \
17292 NL80211_FLAG_NEED_RTNL) \
17293 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \
17294 NL80211_FLAG_NEED_WIPHY | \
17295 NL80211_FLAG_NEED_RTNL | \
17296 NL80211_FLAG_NO_WIPHY_MTX) \
17297 SELECTOR(__sel, WDEV_RTNL, \
17298 NL80211_FLAG_NEED_WDEV | \
17299 NL80211_FLAG_NEED_RTNL) \
17300 SELECTOR(__sel, NETDEV_RTNL, \
17301 NL80211_FLAG_NEED_NETDEV | \
17302 NL80211_FLAG_NEED_RTNL) \
17303 SELECTOR(__sel, NETDEV_UP, \
17304 NL80211_FLAG_NEED_NETDEV_UP) \
17305 SELECTOR(__sel, NETDEV_UP_LINK, \
17306 NL80211_FLAG_NEED_NETDEV_UP | \
17307 NL80211_FLAG_MLO_VALID_LINK_ID) \
17308 SELECTOR(__sel, NETDEV_UP_NO_MLO, \
17309 NL80211_FLAG_NEED_NETDEV_UP | \
17310 NL80211_FLAG_MLO_UNSUPPORTED) \
17311 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \
17312 NL80211_FLAG_NEED_NETDEV_UP | \
17313 NL80211_FLAG_CLEAR_SKB | \
17314 NL80211_FLAG_MLO_UNSUPPORTED) \
17315 SELECTOR(__sel, NETDEV_UP_NOTMX, \
17316 NL80211_FLAG_NEED_NETDEV_UP | \
17317 NL80211_FLAG_NO_WIPHY_MTX) \
17318 SELECTOR(__sel, NETDEV_UP_NOTMX_MLO, \
17319 NL80211_FLAG_NEED_NETDEV_UP | \
17320 NL80211_FLAG_NO_WIPHY_MTX | \
17321 NL80211_FLAG_MLO_VALID_LINK_ID) \
17322 SELECTOR(__sel, NETDEV_UP_CLEAR, \
17323 NL80211_FLAG_NEED_NETDEV_UP | \
17324 NL80211_FLAG_CLEAR_SKB) \
17325 SELECTOR(__sel, WDEV_UP, \
17326 NL80211_FLAG_NEED_WDEV_UP) \
17327 SELECTOR(__sel, WDEV_UP_LINK, \
17328 NL80211_FLAG_NEED_WDEV_UP | \
17329 NL80211_FLAG_MLO_VALID_LINK_ID) \
17330 SELECTOR(__sel, WDEV_UP_RTNL, \
17331 NL80211_FLAG_NEED_WDEV_UP | \
17332 NL80211_FLAG_NEED_RTNL) \
17333 SELECTOR(__sel, WIPHY_CLEAR, \
17334 NL80211_FLAG_NEED_WIPHY | \
17335 NL80211_FLAG_CLEAR_SKB)
17336
17337 enum nl80211_internal_flags_selector {
17338 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name,
17339 INTERNAL_FLAG_SELECTORS(_)
17340 #undef SELECTOR
17341 };
17342
17343 static u32 nl80211_internal_flags[] = {
17344 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value,
17345 INTERNAL_FLAG_SELECTORS(_)
17346 #undef SELECTOR
17347 };
17348
nl80211_pre_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)17349 static int nl80211_pre_doit(const struct genl_split_ops *ops,
17350 struct sk_buff *skb,
17351 struct genl_info *info)
17352 {
17353 struct cfg80211_registered_device *rdev = NULL;
17354 struct wireless_dev *wdev = NULL;
17355 struct net_device *dev = NULL;
17356 u32 internal_flags;
17357 int err;
17358
17359 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
17360 return -EINVAL;
17361
17362 internal_flags = nl80211_internal_flags[ops->internal_flags];
17363
17364 rtnl_lock();
17365 if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
17366 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
17367 if (IS_ERR(rdev)) {
17368 err = PTR_ERR(rdev);
17369 goto out_unlock;
17370 }
17371 info->user_ptr[0] = rdev;
17372 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
17373 internal_flags & NL80211_FLAG_NEED_WDEV) {
17374 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
17375 info->attrs);
17376 if (IS_ERR(wdev)) {
17377 err = PTR_ERR(wdev);
17378 goto out_unlock;
17379 }
17380
17381 dev = wdev->netdev;
17382 dev_hold(dev);
17383 rdev = wiphy_to_rdev(wdev->wiphy);
17384
17385 if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
17386 if (!dev) {
17387 err = -EINVAL;
17388 goto out_unlock;
17389 }
17390
17391 info->user_ptr[1] = dev;
17392 } else {
17393 info->user_ptr[1] = wdev;
17394 }
17395
17396 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
17397 !wdev_running(wdev)) {
17398 err = -ENETDOWN;
17399 goto out_unlock;
17400 }
17401
17402 info->user_ptr[0] = rdev;
17403 }
17404
17405 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
17406 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
17407
17408 if (!wdev) {
17409 err = -EINVAL;
17410 goto out_unlock;
17411 }
17412
17413 /* MLO -> require valid link ID */
17414 if (wdev->valid_links &&
17415 (!link_id ||
17416 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
17417 err = -EINVAL;
17418 goto out_unlock;
17419 }
17420
17421 /* non-MLO -> no link ID attribute accepted */
17422 if (!wdev->valid_links && link_id) {
17423 err = -EINVAL;
17424 goto out_unlock;
17425 }
17426 }
17427
17428 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
17429 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
17430 (wdev && wdev->valid_links)) {
17431 err = -EINVAL;
17432 goto out_unlock;
17433 }
17434 }
17435
17436 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
17437 wiphy_lock(&rdev->wiphy);
17438 /* we keep the mutex locked until post_doit */
17439 __release(&rdev->wiphy.mtx);
17440 }
17441 if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
17442 rtnl_unlock();
17443
17444 return 0;
17445 out_unlock:
17446 rtnl_unlock();
17447 dev_put(dev);
17448 return err;
17449 }
17450
nl80211_post_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)17451 static void nl80211_post_doit(const struct genl_split_ops *ops,
17452 struct sk_buff *skb,
17453 struct genl_info *info)
17454 {
17455 u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
17456
17457 if (info->user_ptr[1]) {
17458 if (internal_flags & NL80211_FLAG_NEED_WDEV) {
17459 struct wireless_dev *wdev = info->user_ptr[1];
17460
17461 dev_put(wdev->netdev);
17462 } else {
17463 dev_put(info->user_ptr[1]);
17464 }
17465 }
17466
17467 if (info->user_ptr[0] &&
17468 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
17469 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17470
17471 /* we kept the mutex locked since pre_doit */
17472 __acquire(&rdev->wiphy.mtx);
17473 wiphy_unlock(&rdev->wiphy);
17474 }
17475
17476 if (internal_flags & NL80211_FLAG_NEED_RTNL)
17477 rtnl_unlock();
17478
17479 /* If needed, clear the netlink message payload from the SKB
17480 * as it might contain key data that shouldn't stick around on
17481 * the heap after the SKB is freed. The netlink message header
17482 * is still needed for further processing, so leave it intact.
17483 */
17484 if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
17485 struct nlmsghdr *nlh = nlmsg_hdr(skb);
17486
17487 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
17488 }
17489 }
17490
nl80211_set_sar_sub_specs(struct cfg80211_registered_device * rdev,struct cfg80211_sar_specs * sar_specs,struct nlattr * spec[],int index)17491 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
17492 struct cfg80211_sar_specs *sar_specs,
17493 struct nlattr *spec[], int index)
17494 {
17495 u32 range_index, i;
17496
17497 if (!sar_specs || !spec)
17498 return -EINVAL;
17499
17500 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
17501 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
17502 return -EINVAL;
17503
17504 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
17505
17506 /* check if range_index exceeds num_freq_ranges */
17507 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
17508 return -EINVAL;
17509
17510 /* check if range_index duplicates */
17511 for (i = 0; i < index; i++) {
17512 if (sar_specs->sub_specs[i].freq_range_index == range_index)
17513 return -EINVAL;
17514 }
17515
17516 sar_specs->sub_specs[index].power =
17517 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
17518
17519 sar_specs->sub_specs[index].freq_range_index = range_index;
17520
17521 return 0;
17522 }
17523
nl80211_set_sar_specs(struct sk_buff * skb,struct genl_info * info)17524 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
17525 {
17526 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17527 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
17528 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
17529 struct cfg80211_sar_specs *sar_spec;
17530 enum nl80211_sar_type type;
17531 struct nlattr *spec_list;
17532 u32 specs;
17533 int rem, err;
17534
17535 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
17536 return -EOPNOTSUPP;
17537
17538 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
17539 return -EINVAL;
17540
17541 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
17542 info->attrs[NL80211_ATTR_SAR_SPEC],
17543 NULL, NULL);
17544
17545 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
17546 return -EINVAL;
17547
17548 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
17549 if (type != rdev->wiphy.sar_capa->type)
17550 return -EINVAL;
17551
17552 specs = 0;
17553 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
17554 specs++;
17555
17556 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
17557 return -EINVAL;
17558
17559 sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL);
17560 if (!sar_spec)
17561 return -ENOMEM;
17562
17563 sar_spec->num_sub_specs = specs;
17564 sar_spec->type = type;
17565 specs = 0;
17566 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
17567 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
17568 spec_list, NULL, NULL);
17569
17570 switch (type) {
17571 case NL80211_SAR_TYPE_POWER:
17572 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
17573 spec, specs)) {
17574 err = -EINVAL;
17575 goto error;
17576 }
17577 break;
17578 default:
17579 err = -EINVAL;
17580 goto error;
17581 }
17582 specs++;
17583 }
17584
17585 sar_spec->num_sub_specs = specs;
17586
17587 rdev->cur_cmd_info = info;
17588 err = rdev_set_sar_specs(rdev, sar_spec);
17589 rdev->cur_cmd_info = NULL;
17590 error:
17591 kfree(sar_spec);
17592 return err;
17593 }
17594
17595 #define SELECTOR(__sel, name, value) \
17596 ((__sel) == (value)) ? NL80211_IFL_SEL_##name :
17597 int __missing_selector(void);
17598 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
17599
17600 static const struct genl_ops nl80211_ops[] = {
17601 {
17602 .cmd = NL80211_CMD_GET_WIPHY,
17603 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17604 .doit = nl80211_get_wiphy,
17605 .dumpit = nl80211_dump_wiphy,
17606 .done = nl80211_dump_wiphy_done,
17607 /* can be retrieved by unprivileged users */
17608 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17609 },
17610 };
17611
17612 static const struct genl_small_ops nl80211_small_ops[] = {
17613 {
17614 .cmd = NL80211_CMD_SET_WIPHY,
17615 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17616 .doit = nl80211_set_wiphy,
17617 .flags = GENL_UNS_ADMIN_PERM,
17618 },
17619 {
17620 .cmd = NL80211_CMD_GET_INTERFACE,
17621 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17622 .doit = nl80211_get_interface,
17623 .dumpit = nl80211_dump_interface,
17624 /* can be retrieved by unprivileged users */
17625 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
17626 },
17627 {
17628 .cmd = NL80211_CMD_SET_INTERFACE,
17629 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17630 .doit = nl80211_set_interface,
17631 .flags = GENL_UNS_ADMIN_PERM,
17632 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17633 NL80211_FLAG_NEED_RTNL),
17634 },
17635 {
17636 .cmd = NL80211_CMD_NEW_INTERFACE,
17637 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17638 .doit = nl80211_new_interface,
17639 .flags = GENL_UNS_ADMIN_PERM,
17640 .internal_flags =
17641 IFLAGS(NL80211_FLAG_NEED_WIPHY |
17642 NL80211_FLAG_NEED_RTNL |
17643 /* we take the wiphy mutex later ourselves */
17644 NL80211_FLAG_NO_WIPHY_MTX),
17645 },
17646 {
17647 .cmd = NL80211_CMD_DEL_INTERFACE,
17648 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17649 .doit = nl80211_del_interface,
17650 .flags = GENL_UNS_ADMIN_PERM,
17651 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17652 NL80211_FLAG_NEED_RTNL),
17653 },
17654 {
17655 .cmd = NL80211_CMD_GET_KEY,
17656 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17657 .doit = nl80211_get_key,
17658 .flags = GENL_UNS_ADMIN_PERM,
17659 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17660 },
17661 {
17662 .cmd = NL80211_CMD_SET_KEY,
17663 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17664 .doit = nl80211_set_key,
17665 .flags = GENL_UNS_ADMIN_PERM,
17666 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
17667 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17668 NL80211_FLAG_CLEAR_SKB),
17669 },
17670 {
17671 .cmd = NL80211_CMD_NEW_KEY,
17672 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17673 .doit = nl80211_new_key,
17674 .flags = GENL_UNS_ADMIN_PERM,
17675 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17676 NL80211_FLAG_CLEAR_SKB),
17677 },
17678 {
17679 .cmd = NL80211_CMD_DEL_KEY,
17680 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17681 .doit = nl80211_del_key,
17682 .flags = GENL_UNS_ADMIN_PERM,
17683 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17684 },
17685 {
17686 .cmd = NL80211_CMD_SET_BEACON,
17687 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17688 .flags = GENL_UNS_ADMIN_PERM,
17689 .doit = nl80211_set_beacon,
17690 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17691 NL80211_FLAG_MLO_VALID_LINK_ID),
17692 },
17693 {
17694 .cmd = NL80211_CMD_START_AP,
17695 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17696 .flags = GENL_UNS_ADMIN_PERM,
17697 .doit = nl80211_start_ap,
17698 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17699 NL80211_FLAG_MLO_VALID_LINK_ID),
17700 },
17701 {
17702 .cmd = NL80211_CMD_STOP_AP,
17703 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17704 .flags = GENL_UNS_ADMIN_PERM,
17705 .doit = nl80211_stop_ap,
17706 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17707 NL80211_FLAG_MLO_VALID_LINK_ID),
17708 },
17709 {
17710 .cmd = NL80211_CMD_GET_STATION,
17711 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17712 .doit = nl80211_get_station,
17713 .dumpit = nl80211_dump_station,
17714 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17715 },
17716 {
17717 .cmd = NL80211_CMD_SET_STATION,
17718 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17719 .doit = nl80211_set_station,
17720 .flags = GENL_UNS_ADMIN_PERM,
17721 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17722 },
17723 {
17724 .cmd = NL80211_CMD_NEW_STATION,
17725 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17726 .doit = nl80211_new_station,
17727 .flags = GENL_UNS_ADMIN_PERM,
17728 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17729 },
17730 {
17731 .cmd = NL80211_CMD_DEL_STATION,
17732 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17733 .doit = nl80211_del_station,
17734 .flags = GENL_UNS_ADMIN_PERM,
17735 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
17736 * whether MAC address is passed or not. If MAC address is
17737 * passed, then even during MLO, link ID is not required.
17738 */
17739 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17740 },
17741 {
17742 .cmd = NL80211_CMD_GET_MPATH,
17743 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17744 .doit = nl80211_get_mpath,
17745 .dumpit = nl80211_dump_mpath,
17746 .flags = GENL_UNS_ADMIN_PERM,
17747 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17748 },
17749 {
17750 .cmd = NL80211_CMD_GET_MPP,
17751 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17752 .doit = nl80211_get_mpp,
17753 .dumpit = nl80211_dump_mpp,
17754 .flags = GENL_UNS_ADMIN_PERM,
17755 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17756 },
17757 {
17758 .cmd = NL80211_CMD_SET_MPATH,
17759 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17760 .doit = nl80211_set_mpath,
17761 .flags = GENL_UNS_ADMIN_PERM,
17762 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17763 },
17764 {
17765 .cmd = NL80211_CMD_NEW_MPATH,
17766 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17767 .doit = nl80211_new_mpath,
17768 .flags = GENL_UNS_ADMIN_PERM,
17769 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17770 },
17771 {
17772 .cmd = NL80211_CMD_DEL_MPATH,
17773 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17774 .doit = nl80211_del_mpath,
17775 .flags = GENL_UNS_ADMIN_PERM,
17776 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17777 },
17778 {
17779 .cmd = NL80211_CMD_SET_BSS,
17780 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17781 .doit = nl80211_set_bss,
17782 .flags = GENL_UNS_ADMIN_PERM,
17783 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17784 NL80211_FLAG_MLO_VALID_LINK_ID),
17785 },
17786 {
17787 .cmd = NL80211_CMD_GET_REG,
17788 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17789 .doit = nl80211_get_reg_do,
17790 .dumpit = nl80211_get_reg_dump,
17791 /* can be retrieved by unprivileged users */
17792 },
17793 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
17794 {
17795 .cmd = NL80211_CMD_SET_REG,
17796 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17797 .doit = nl80211_set_reg,
17798 .flags = GENL_ADMIN_PERM,
17799 },
17800 #endif
17801 {
17802 .cmd = NL80211_CMD_REQ_SET_REG,
17803 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17804 .doit = nl80211_req_set_reg,
17805 .flags = GENL_ADMIN_PERM,
17806 },
17807 {
17808 .cmd = NL80211_CMD_RELOAD_REGDB,
17809 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17810 .doit = nl80211_reload_regdb,
17811 .flags = GENL_ADMIN_PERM,
17812 },
17813 {
17814 .cmd = NL80211_CMD_GET_MESH_CONFIG,
17815 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17816 .doit = nl80211_get_mesh_config,
17817 /* can be retrieved by unprivileged users */
17818 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17819 },
17820 {
17821 .cmd = NL80211_CMD_SET_MESH_CONFIG,
17822 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17823 .doit = nl80211_update_mesh_config,
17824 .flags = GENL_UNS_ADMIN_PERM,
17825 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17826 },
17827 {
17828 .cmd = NL80211_CMD_TRIGGER_SCAN,
17829 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17830 .doit = nl80211_trigger_scan,
17831 .flags = GENL_UNS_ADMIN_PERM,
17832 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17833 },
17834 {
17835 .cmd = NL80211_CMD_ABORT_SCAN,
17836 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17837 .doit = nl80211_abort_scan,
17838 .flags = GENL_UNS_ADMIN_PERM,
17839 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17840 },
17841 {
17842 .cmd = NL80211_CMD_GET_SCAN,
17843 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17844 .dumpit = nl80211_dump_scan,
17845 },
17846 {
17847 .cmd = NL80211_CMD_START_SCHED_SCAN,
17848 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17849 .doit = nl80211_start_sched_scan,
17850 .flags = GENL_UNS_ADMIN_PERM,
17851 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17852 },
17853 {
17854 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
17855 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17856 .doit = nl80211_stop_sched_scan,
17857 .flags = GENL_UNS_ADMIN_PERM,
17858 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17859 },
17860 {
17861 .cmd = NL80211_CMD_AUTHENTICATE,
17862 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17863 .doit = nl80211_authenticate,
17864 .flags = GENL_UNS_ADMIN_PERM,
17865 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17866 NL80211_FLAG_CLEAR_SKB),
17867 },
17868 {
17869 .cmd = NL80211_CMD_ASSOCIATE,
17870 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17871 .doit = nl80211_associate,
17872 .flags = GENL_UNS_ADMIN_PERM,
17873 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17874 NL80211_FLAG_CLEAR_SKB),
17875 },
17876 {
17877 .cmd = NL80211_CMD_DEAUTHENTICATE,
17878 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17879 .doit = nl80211_deauthenticate,
17880 .flags = GENL_UNS_ADMIN_PERM,
17881 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17882 },
17883 {
17884 .cmd = NL80211_CMD_DISASSOCIATE,
17885 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17886 .doit = nl80211_disassociate,
17887 .flags = GENL_UNS_ADMIN_PERM,
17888 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17889 },
17890 {
17891 .cmd = NL80211_CMD_JOIN_IBSS,
17892 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17893 .doit = nl80211_join_ibss,
17894 .flags = GENL_UNS_ADMIN_PERM,
17895 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17896 },
17897 {
17898 .cmd = NL80211_CMD_LEAVE_IBSS,
17899 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17900 .doit = nl80211_leave_ibss,
17901 .flags = GENL_UNS_ADMIN_PERM,
17902 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17903 },
17904 #ifdef CONFIG_NL80211_TESTMODE
17905 {
17906 .cmd = NL80211_CMD_TESTMODE,
17907 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17908 .doit = nl80211_testmode_do,
17909 .dumpit = nl80211_testmode_dump,
17910 .flags = GENL_UNS_ADMIN_PERM,
17911 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17912 },
17913 #endif
17914 {
17915 .cmd = NL80211_CMD_CONNECT,
17916 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17917 .doit = nl80211_connect,
17918 .flags = GENL_UNS_ADMIN_PERM,
17919 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17920 NL80211_FLAG_CLEAR_SKB),
17921 },
17922 {
17923 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
17924 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17925 .doit = nl80211_update_connect_params,
17926 .flags = GENL_ADMIN_PERM,
17927 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17928 NL80211_FLAG_CLEAR_SKB),
17929 },
17930 {
17931 .cmd = NL80211_CMD_DISCONNECT,
17932 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17933 .doit = nl80211_disconnect,
17934 .flags = GENL_UNS_ADMIN_PERM,
17935 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17936 },
17937 {
17938 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
17939 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17940 .doit = nl80211_wiphy_netns,
17941 .flags = GENL_UNS_ADMIN_PERM,
17942 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17943 NL80211_FLAG_NEED_RTNL |
17944 NL80211_FLAG_NO_WIPHY_MTX),
17945 },
17946 {
17947 .cmd = NL80211_CMD_GET_SURVEY,
17948 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17949 .dumpit = nl80211_dump_survey,
17950 },
17951 {
17952 .cmd = NL80211_CMD_SET_PMKSA,
17953 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17954 .doit = nl80211_set_pmksa,
17955 .flags = GENL_UNS_ADMIN_PERM,
17956 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17957 NL80211_FLAG_CLEAR_SKB),
17958 },
17959 {
17960 .cmd = NL80211_CMD_DEL_PMKSA,
17961 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17962 .doit = nl80211_del_pmksa,
17963 .flags = GENL_UNS_ADMIN_PERM,
17964 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17965 },
17966 {
17967 .cmd = NL80211_CMD_FLUSH_PMKSA,
17968 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17969 .doit = nl80211_flush_pmksa,
17970 .flags = GENL_UNS_ADMIN_PERM,
17971 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17972 },
17973 {
17974 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
17975 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17976 .doit = nl80211_remain_on_channel,
17977 .flags = GENL_UNS_ADMIN_PERM,
17978 /* FIXME: requiring a link ID here is probably not good */
17979 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17980 NL80211_FLAG_MLO_VALID_LINK_ID),
17981 },
17982 {
17983 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
17984 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17985 .doit = nl80211_cancel_remain_on_channel,
17986 .flags = GENL_UNS_ADMIN_PERM,
17987 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17988 },
17989 {
17990 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
17991 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17992 .doit = nl80211_set_tx_bitrate_mask,
17993 .flags = GENL_UNS_ADMIN_PERM,
17994 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17995 NL80211_FLAG_MLO_VALID_LINK_ID),
17996 },
17997 {
17998 .cmd = NL80211_CMD_REGISTER_FRAME,
17999 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18000 .doit = nl80211_register_mgmt,
18001 .flags = GENL_UNS_ADMIN_PERM,
18002 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
18003 },
18004 {
18005 .cmd = NL80211_CMD_FRAME,
18006 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18007 .doit = nl80211_tx_mgmt,
18008 .flags = GENL_UNS_ADMIN_PERM,
18009 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18010 },
18011 {
18012 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
18013 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18014 .doit = nl80211_tx_mgmt_cancel_wait,
18015 .flags = GENL_UNS_ADMIN_PERM,
18016 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18017 },
18018 {
18019 .cmd = NL80211_CMD_SET_POWER_SAVE,
18020 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18021 .doit = nl80211_set_power_save,
18022 .flags = GENL_UNS_ADMIN_PERM,
18023 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18024 },
18025 {
18026 .cmd = NL80211_CMD_GET_POWER_SAVE,
18027 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18028 .doit = nl80211_get_power_save,
18029 /* can be retrieved by unprivileged users */
18030 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18031 },
18032 {
18033 .cmd = NL80211_CMD_SET_CQM,
18034 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18035 .doit = nl80211_set_cqm,
18036 .flags = GENL_UNS_ADMIN_PERM,
18037 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18038 },
18039 {
18040 .cmd = NL80211_CMD_SET_CHANNEL,
18041 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18042 .doit = nl80211_set_channel,
18043 .flags = GENL_UNS_ADMIN_PERM,
18044 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18045 NL80211_FLAG_MLO_VALID_LINK_ID),
18046 },
18047 {
18048 .cmd = NL80211_CMD_JOIN_MESH,
18049 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18050 .doit = nl80211_join_mesh,
18051 .flags = GENL_UNS_ADMIN_PERM,
18052 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18053 },
18054 {
18055 .cmd = NL80211_CMD_LEAVE_MESH,
18056 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18057 .doit = nl80211_leave_mesh,
18058 .flags = GENL_UNS_ADMIN_PERM,
18059 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18060 },
18061 {
18062 .cmd = NL80211_CMD_JOIN_OCB,
18063 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18064 .doit = nl80211_join_ocb,
18065 .flags = GENL_UNS_ADMIN_PERM,
18066 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18067 },
18068 {
18069 .cmd = NL80211_CMD_LEAVE_OCB,
18070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18071 .doit = nl80211_leave_ocb,
18072 .flags = GENL_UNS_ADMIN_PERM,
18073 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18074 },
18075 #ifdef CONFIG_PM
18076 {
18077 .cmd = NL80211_CMD_GET_WOWLAN,
18078 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18079 .doit = nl80211_get_wowlan,
18080 /* can be retrieved by unprivileged users */
18081 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18082 },
18083 {
18084 .cmd = NL80211_CMD_SET_WOWLAN,
18085 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18086 .doit = nl80211_set_wowlan,
18087 .flags = GENL_UNS_ADMIN_PERM,
18088 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18089 },
18090 #endif
18091 {
18092 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
18093 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18094 .doit = nl80211_set_rekey_data,
18095 .flags = GENL_UNS_ADMIN_PERM,
18096 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18097 NL80211_FLAG_CLEAR_SKB),
18098 },
18099 {
18100 .cmd = NL80211_CMD_TDLS_MGMT,
18101 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18102 .doit = nl80211_tdls_mgmt,
18103 .flags = GENL_UNS_ADMIN_PERM,
18104 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18105 NL80211_FLAG_MLO_VALID_LINK_ID),
18106 },
18107 {
18108 .cmd = NL80211_CMD_TDLS_OPER,
18109 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18110 .doit = nl80211_tdls_oper,
18111 .flags = GENL_UNS_ADMIN_PERM,
18112 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18113 },
18114 {
18115 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
18116 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18117 .doit = nl80211_register_unexpected_frame,
18118 .flags = GENL_UNS_ADMIN_PERM,
18119 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18120 },
18121 {
18122 .cmd = NL80211_CMD_PROBE_CLIENT,
18123 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18124 .doit = nl80211_probe_client,
18125 .flags = GENL_UNS_ADMIN_PERM,
18126 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18127 },
18128 {
18129 .cmd = NL80211_CMD_REGISTER_BEACONS,
18130 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18131 .doit = nl80211_register_beacons,
18132 .flags = GENL_UNS_ADMIN_PERM,
18133 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18134 },
18135 {
18136 .cmd = NL80211_CMD_SET_NOACK_MAP,
18137 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18138 .doit = nl80211_set_noack_map,
18139 .flags = GENL_UNS_ADMIN_PERM,
18140 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18141 },
18142 {
18143 .cmd = NL80211_CMD_START_P2P_DEVICE,
18144 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18145 .doit = nl80211_start_p2p_device,
18146 .flags = GENL_UNS_ADMIN_PERM,
18147 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
18148 NL80211_FLAG_NEED_RTNL),
18149 },
18150 {
18151 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
18152 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18153 .doit = nl80211_stop_p2p_device,
18154 .flags = GENL_UNS_ADMIN_PERM,
18155 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
18156 NL80211_FLAG_NEED_RTNL),
18157 },
18158 {
18159 .cmd = NL80211_CMD_START_NAN,
18160 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18161 .doit = nl80211_start_nan,
18162 .flags = GENL_ADMIN_PERM,
18163 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
18164 NL80211_FLAG_NEED_RTNL),
18165 },
18166 {
18167 .cmd = NL80211_CMD_STOP_NAN,
18168 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18169 .doit = nl80211_stop_nan,
18170 .flags = GENL_ADMIN_PERM,
18171 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
18172 NL80211_FLAG_NEED_RTNL),
18173 },
18174 {
18175 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
18176 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18177 .doit = nl80211_nan_add_func,
18178 .flags = GENL_ADMIN_PERM,
18179 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18180 },
18181 {
18182 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
18183 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18184 .doit = nl80211_nan_del_func,
18185 .flags = GENL_ADMIN_PERM,
18186 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18187 },
18188 {
18189 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
18190 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18191 .doit = nl80211_nan_change_config,
18192 .flags = GENL_ADMIN_PERM,
18193 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18194 },
18195 {
18196 .cmd = NL80211_CMD_SET_MCAST_RATE,
18197 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18198 .doit = nl80211_set_mcast_rate,
18199 .flags = GENL_UNS_ADMIN_PERM,
18200 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18201 },
18202 {
18203 .cmd = NL80211_CMD_SET_MAC_ACL,
18204 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18205 .doit = nl80211_set_mac_acl,
18206 .flags = GENL_UNS_ADMIN_PERM,
18207 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18208 NL80211_FLAG_MLO_UNSUPPORTED),
18209 },
18210 {
18211 .cmd = NL80211_CMD_RADAR_DETECT,
18212 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18213 .doit = nl80211_start_radar_detection,
18214 .flags = GENL_UNS_ADMIN_PERM,
18215 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18216 NL80211_FLAG_NO_WIPHY_MTX |
18217 NL80211_FLAG_MLO_VALID_LINK_ID),
18218 },
18219 {
18220 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
18221 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18222 .doit = nl80211_get_protocol_features,
18223 },
18224 {
18225 .cmd = NL80211_CMD_UPDATE_FT_IES,
18226 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18227 .doit = nl80211_update_ft_ies,
18228 .flags = GENL_UNS_ADMIN_PERM,
18229 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18230 },
18231 {
18232 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
18233 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18234 .doit = nl80211_crit_protocol_start,
18235 .flags = GENL_UNS_ADMIN_PERM,
18236 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18237 },
18238 {
18239 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
18240 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18241 .doit = nl80211_crit_protocol_stop,
18242 .flags = GENL_UNS_ADMIN_PERM,
18243 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18244 },
18245 {
18246 .cmd = NL80211_CMD_GET_COALESCE,
18247 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18248 .doit = nl80211_get_coalesce,
18249 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18250 },
18251 {
18252 .cmd = NL80211_CMD_SET_COALESCE,
18253 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18254 .doit = nl80211_set_coalesce,
18255 .flags = GENL_UNS_ADMIN_PERM,
18256 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18257 },
18258 {
18259 .cmd = NL80211_CMD_CHANNEL_SWITCH,
18260 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18261 .doit = nl80211_channel_switch,
18262 .flags = GENL_UNS_ADMIN_PERM,
18263 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18264 NL80211_FLAG_MLO_VALID_LINK_ID),
18265 },
18266 {
18267 .cmd = NL80211_CMD_VENDOR,
18268 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18269 .doit = nl80211_vendor_cmd,
18270 .dumpit = nl80211_vendor_cmd_dump,
18271 .flags = GENL_UNS_ADMIN_PERM,
18272 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
18273 NL80211_FLAG_CLEAR_SKB),
18274 },
18275 {
18276 .cmd = NL80211_CMD_SET_QOS_MAP,
18277 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18278 .doit = nl80211_set_qos_map,
18279 .flags = GENL_UNS_ADMIN_PERM,
18280 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18281 },
18282 {
18283 .cmd = NL80211_CMD_ADD_TX_TS,
18284 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18285 .doit = nl80211_add_tx_ts,
18286 .flags = GENL_UNS_ADMIN_PERM,
18287 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18288 NL80211_FLAG_MLO_UNSUPPORTED),
18289 },
18290 {
18291 .cmd = NL80211_CMD_DEL_TX_TS,
18292 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18293 .doit = nl80211_del_tx_ts,
18294 .flags = GENL_UNS_ADMIN_PERM,
18295 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18296 },
18297 {
18298 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
18299 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18300 .doit = nl80211_tdls_channel_switch,
18301 .flags = GENL_UNS_ADMIN_PERM,
18302 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18303 },
18304 {
18305 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
18306 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18307 .doit = nl80211_tdls_cancel_channel_switch,
18308 .flags = GENL_UNS_ADMIN_PERM,
18309 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18310 },
18311 {
18312 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
18313 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18314 .doit = nl80211_set_multicast_to_unicast,
18315 .flags = GENL_UNS_ADMIN_PERM,
18316 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18317 },
18318 {
18319 .cmd = NL80211_CMD_SET_PMK,
18320 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18321 .doit = nl80211_set_pmk,
18322 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18323 NL80211_FLAG_CLEAR_SKB),
18324 },
18325 {
18326 .cmd = NL80211_CMD_DEL_PMK,
18327 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18328 .doit = nl80211_del_pmk,
18329 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18330 },
18331 {
18332 .cmd = NL80211_CMD_EXTERNAL_AUTH,
18333 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18334 .doit = nl80211_external_auth,
18335 .flags = GENL_ADMIN_PERM,
18336 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18337 },
18338 {
18339 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
18340 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18341 .doit = nl80211_tx_control_port,
18342 .flags = GENL_UNS_ADMIN_PERM,
18343 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18344 },
18345 {
18346 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
18347 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18348 .doit = nl80211_get_ftm_responder_stats,
18349 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18350 NL80211_FLAG_MLO_VALID_LINK_ID),
18351 },
18352 {
18353 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
18354 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18355 .doit = nl80211_pmsr_start,
18356 .flags = GENL_UNS_ADMIN_PERM,
18357 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18358 },
18359 {
18360 .cmd = NL80211_CMD_NOTIFY_RADAR,
18361 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18362 .doit = nl80211_notify_radar_detection,
18363 .flags = GENL_UNS_ADMIN_PERM,
18364 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18365 },
18366 {
18367 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
18368 .doit = nl80211_update_owe_info,
18369 .flags = GENL_ADMIN_PERM,
18370 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18371 },
18372 {
18373 .cmd = NL80211_CMD_PROBE_MESH_LINK,
18374 .doit = nl80211_probe_mesh_link,
18375 .flags = GENL_UNS_ADMIN_PERM,
18376 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18377 },
18378 {
18379 .cmd = NL80211_CMD_SET_TID_CONFIG,
18380 .doit = nl80211_set_tid_config,
18381 .flags = GENL_UNS_ADMIN_PERM,
18382 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18383 NL80211_FLAG_MLO_VALID_LINK_ID),
18384 },
18385 {
18386 .cmd = NL80211_CMD_SET_SAR_SPECS,
18387 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18388 .doit = nl80211_set_sar_specs,
18389 .flags = GENL_UNS_ADMIN_PERM,
18390 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
18391 NL80211_FLAG_NEED_RTNL),
18392 },
18393 {
18394 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
18395 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18396 .doit = nl80211_color_change,
18397 .flags = GENL_UNS_ADMIN_PERM,
18398 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18399 NL80211_FLAG_MLO_VALID_LINK_ID),
18400 },
18401 {
18402 .cmd = NL80211_CMD_SET_FILS_AAD,
18403 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18404 .doit = nl80211_set_fils_aad,
18405 .flags = GENL_UNS_ADMIN_PERM,
18406 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18407 },
18408 {
18409 .cmd = NL80211_CMD_ADD_LINK,
18410 .doit = nl80211_add_link,
18411 .flags = GENL_UNS_ADMIN_PERM,
18412 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18413 },
18414 {
18415 .cmd = NL80211_CMD_REMOVE_LINK,
18416 .doit = nl80211_remove_link,
18417 .flags = GENL_UNS_ADMIN_PERM,
18418 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18419 NL80211_FLAG_MLO_VALID_LINK_ID),
18420 },
18421 {
18422 .cmd = NL80211_CMD_ADD_LINK_STA,
18423 .doit = nl80211_add_link_station,
18424 .flags = GENL_UNS_ADMIN_PERM,
18425 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18426 NL80211_FLAG_MLO_VALID_LINK_ID),
18427 },
18428 {
18429 .cmd = NL80211_CMD_MODIFY_LINK_STA,
18430 .doit = nl80211_modify_link_station,
18431 .flags = GENL_UNS_ADMIN_PERM,
18432 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18433 NL80211_FLAG_MLO_VALID_LINK_ID),
18434 },
18435 {
18436 .cmd = NL80211_CMD_REMOVE_LINK_STA,
18437 .doit = nl80211_remove_link_station,
18438 .flags = GENL_UNS_ADMIN_PERM,
18439 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18440 NL80211_FLAG_MLO_VALID_LINK_ID),
18441 },
18442 {
18443 .cmd = NL80211_CMD_SET_HW_TIMESTAMP,
18444 .doit = nl80211_set_hw_timestamp,
18445 .flags = GENL_UNS_ADMIN_PERM,
18446 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18447 },
18448 {
18449 .cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
18450 .doit = nl80211_set_ttlm,
18451 .flags = GENL_UNS_ADMIN_PERM,
18452 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18453 },
18454 {
18455 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
18456 .doit = nl80211_assoc_ml_reconf,
18457 .flags = GENL_UNS_ADMIN_PERM,
18458 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18459 },
18460 {
18461 .cmd = NL80211_CMD_EPCS_CFG,
18462 .doit = nl80211_epcs_cfg,
18463 .flags = GENL_UNS_ADMIN_PERM,
18464 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18465 },
18466 };
18467
18468 static struct genl_family nl80211_fam __ro_after_init = {
18469 .name = NL80211_GENL_NAME, /* have users key off the name instead */
18470 .hdrsize = 0, /* no private header */
18471 .version = 1, /* no particular meaning now */
18472 .maxattr = NL80211_ATTR_MAX,
18473 .policy = nl80211_policy,
18474 .netnsok = true,
18475 .pre_doit = nl80211_pre_doit,
18476 .post_doit = nl80211_post_doit,
18477 .module = THIS_MODULE,
18478 .ops = nl80211_ops,
18479 .n_ops = ARRAY_SIZE(nl80211_ops),
18480 .small_ops = nl80211_small_ops,
18481 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
18482 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
18483 .mcgrps = nl80211_mcgrps,
18484 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
18485 .parallel_ops = true,
18486 };
18487
18488 /* notification functions */
18489
nl80211_notify_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd)18490 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
18491 enum nl80211_commands cmd)
18492 {
18493 struct sk_buff *msg;
18494 struct nl80211_dump_wiphy_state state = {};
18495
18496 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
18497 cmd != NL80211_CMD_DEL_WIPHY);
18498
18499 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18500 if (!msg)
18501 return;
18502
18503 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
18504 nlmsg_free(msg);
18505 return;
18506 }
18507
18508 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18509 NL80211_MCGRP_CONFIG, GFP_KERNEL);
18510 }
18511
nl80211_notify_iface(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)18512 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
18513 struct wireless_dev *wdev,
18514 enum nl80211_commands cmd)
18515 {
18516 struct sk_buff *msg;
18517
18518 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18519 if (!msg)
18520 return;
18521
18522 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
18523 nlmsg_free(msg);
18524 return;
18525 }
18526
18527 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18528 NL80211_MCGRP_CONFIG, GFP_KERNEL);
18529 }
18530
nl80211_add_scan_req(struct sk_buff * msg,struct cfg80211_registered_device * rdev)18531 static int nl80211_add_scan_req(struct sk_buff *msg,
18532 struct cfg80211_registered_device *rdev)
18533 {
18534 struct cfg80211_scan_request_int *req = rdev->scan_req;
18535 struct nlattr *nest;
18536 int i;
18537 struct cfg80211_scan_info *info;
18538
18539 if (WARN_ON(!req))
18540 return 0;
18541
18542 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
18543 if (!nest)
18544 goto nla_put_failure;
18545 for (i = 0; i < req->req.n_ssids; i++) {
18546 if (nla_put(msg, i, req->req.ssids[i].ssid_len,
18547 req->req.ssids[i].ssid))
18548 goto nla_put_failure;
18549 }
18550 nla_nest_end(msg, nest);
18551
18552 if (req->req.flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
18553 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
18554 if (!nest)
18555 goto nla_put_failure;
18556 for (i = 0; i < req->req.n_channels; i++) {
18557 if (nla_put_u32(msg, i,
18558 ieee80211_channel_to_khz(req->req.channels[i])))
18559 goto nla_put_failure;
18560 }
18561 nla_nest_end(msg, nest);
18562 } else {
18563 nest = nla_nest_start_noflag(msg,
18564 NL80211_ATTR_SCAN_FREQUENCIES);
18565 if (!nest)
18566 goto nla_put_failure;
18567 for (i = 0; i < req->req.n_channels; i++) {
18568 if (nla_put_u32(msg, i,
18569 req->req.channels[i]->center_freq))
18570 goto nla_put_failure;
18571 }
18572 nla_nest_end(msg, nest);
18573 }
18574
18575 if (req->req.ie &&
18576 nla_put(msg, NL80211_ATTR_IE, req->req.ie_len, req->req.ie))
18577 goto nla_put_failure;
18578
18579 if (req->req.flags &&
18580 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->req.flags))
18581 goto nla_put_failure;
18582
18583 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
18584 &rdev->scan_req->info;
18585 if (info->scan_start_tsf &&
18586 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
18587 info->scan_start_tsf, NL80211_BSS_PAD) ||
18588 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
18589 info->tsf_bssid)))
18590 goto nla_put_failure;
18591
18592 return 0;
18593 nla_put_failure:
18594 return -ENOBUFS;
18595 }
18596
nl80211_prep_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 portid,u32 seq,int flags,u32 cmd)18597 static int nl80211_prep_scan_msg(struct sk_buff *msg,
18598 struct cfg80211_registered_device *rdev,
18599 struct wireless_dev *wdev,
18600 u32 portid, u32 seq, int flags,
18601 u32 cmd)
18602 {
18603 void *hdr;
18604
18605 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
18606 if (!hdr)
18607 return -1;
18608
18609 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18610 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
18611 wdev->netdev->ifindex)) ||
18612 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18613 NL80211_ATTR_PAD))
18614 goto nla_put_failure;
18615
18616 /* ignore errors and send incomplete event anyway */
18617 nl80211_add_scan_req(msg, rdev);
18618
18619 genlmsg_end(msg, hdr);
18620 return 0;
18621
18622 nla_put_failure:
18623 genlmsg_cancel(msg, hdr);
18624 return -EMSGSIZE;
18625 }
18626
18627 static int
nl80211_prep_sched_scan_msg(struct sk_buff * msg,struct cfg80211_sched_scan_request * req,u32 cmd)18628 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
18629 struct cfg80211_sched_scan_request *req, u32 cmd)
18630 {
18631 void *hdr;
18632
18633 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18634 if (!hdr)
18635 return -1;
18636
18637 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
18638 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
18639 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
18640 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
18641 NL80211_ATTR_PAD))
18642 goto nla_put_failure;
18643
18644 genlmsg_end(msg, hdr);
18645 return 0;
18646
18647 nla_put_failure:
18648 genlmsg_cancel(msg, hdr);
18649 return -EMSGSIZE;
18650 }
18651
nl80211_send_scan_start(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)18652 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
18653 struct wireless_dev *wdev)
18654 {
18655 struct sk_buff *msg;
18656
18657 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18658 if (!msg)
18659 return;
18660
18661 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
18662 NL80211_CMD_TRIGGER_SCAN) < 0) {
18663 nlmsg_free(msg);
18664 return;
18665 }
18666
18667 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18668 NL80211_MCGRP_SCAN, GFP_KERNEL);
18669 }
18670
nl80211_build_scan_msg(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,bool aborted)18671 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
18672 struct wireless_dev *wdev, bool aborted)
18673 {
18674 struct sk_buff *msg;
18675
18676 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18677 if (!msg)
18678 return NULL;
18679
18680 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
18681 aborted ? NL80211_CMD_SCAN_ABORTED :
18682 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
18683 nlmsg_free(msg);
18684 return NULL;
18685 }
18686
18687 return msg;
18688 }
18689
18690 /* send message created by nl80211_build_scan_msg() */
nl80211_send_scan_msg(struct cfg80211_registered_device * rdev,struct sk_buff * msg)18691 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
18692 struct sk_buff *msg)
18693 {
18694 if (!msg)
18695 return;
18696
18697 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18698 NL80211_MCGRP_SCAN, GFP_KERNEL);
18699 }
18700
nl80211_send_sched_scan(struct cfg80211_sched_scan_request * req,u32 cmd)18701 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
18702 {
18703 struct sk_buff *msg;
18704
18705 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18706 if (!msg)
18707 return;
18708
18709 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
18710 nlmsg_free(msg);
18711 return;
18712 }
18713
18714 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
18715 NL80211_MCGRP_SCAN, GFP_KERNEL);
18716 }
18717
nl80211_reg_change_event_fill(struct sk_buff * msg,struct regulatory_request * request)18718 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
18719 struct regulatory_request *request)
18720 {
18721 /* Userspace can always count this one always being set */
18722 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
18723 goto nla_put_failure;
18724
18725 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
18726 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18727 NL80211_REGDOM_TYPE_WORLD))
18728 goto nla_put_failure;
18729 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
18730 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18731 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
18732 goto nla_put_failure;
18733 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
18734 request->intersect) {
18735 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18736 NL80211_REGDOM_TYPE_INTERSECTION))
18737 goto nla_put_failure;
18738 } else {
18739 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18740 NL80211_REGDOM_TYPE_COUNTRY) ||
18741 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
18742 request->alpha2))
18743 goto nla_put_failure;
18744 }
18745
18746 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
18747 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
18748
18749 if (wiphy &&
18750 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
18751 goto nla_put_failure;
18752
18753 if (wiphy &&
18754 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
18755 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
18756 goto nla_put_failure;
18757 }
18758
18759 return true;
18760
18761 nla_put_failure:
18762 return false;
18763 }
18764
18765 /*
18766 * This can happen on global regulatory changes or device specific settings
18767 * based on custom regulatory domains.
18768 */
nl80211_common_reg_change_event(enum nl80211_commands cmd_id,struct regulatory_request * request)18769 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
18770 struct regulatory_request *request)
18771 {
18772 struct sk_buff *msg;
18773 void *hdr;
18774
18775 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18776 if (!msg)
18777 return;
18778
18779 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
18780 if (!hdr)
18781 goto nla_put_failure;
18782
18783 if (!nl80211_reg_change_event_fill(msg, request))
18784 goto nla_put_failure;
18785
18786 genlmsg_end(msg, hdr);
18787
18788 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
18789 NL80211_MCGRP_REGULATORY);
18790
18791 return;
18792
18793 nla_put_failure:
18794 nlmsg_free(msg);
18795 }
18796
18797 struct nl80211_mlme_event {
18798 enum nl80211_commands cmd;
18799 const u8 *buf;
18800 size_t buf_len;
18801 int uapsd_queues;
18802 const u8 *req_ies;
18803 size_t req_ies_len;
18804 bool reconnect;
18805 };
18806
nl80211_send_mlme_event(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct nl80211_mlme_event * event,gfp_t gfp)18807 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
18808 struct net_device *netdev,
18809 const struct nl80211_mlme_event *event,
18810 gfp_t gfp)
18811 {
18812 struct sk_buff *msg;
18813 void *hdr;
18814
18815 msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
18816 if (!msg)
18817 return;
18818
18819 hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
18820 if (!hdr) {
18821 nlmsg_free(msg);
18822 return;
18823 }
18824
18825 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18826 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18827 nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
18828 (event->req_ies &&
18829 nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
18830 event->req_ies)))
18831 goto nla_put_failure;
18832
18833 if (event->reconnect &&
18834 nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
18835 goto nla_put_failure;
18836
18837 if (event->uapsd_queues >= 0) {
18838 struct nlattr *nla_wmm =
18839 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
18840 if (!nla_wmm)
18841 goto nla_put_failure;
18842
18843 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
18844 event->uapsd_queues))
18845 goto nla_put_failure;
18846
18847 nla_nest_end(msg, nla_wmm);
18848 }
18849
18850 genlmsg_end(msg, hdr);
18851
18852 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18853 NL80211_MCGRP_MLME, gfp);
18854 return;
18855
18856 nla_put_failure:
18857 nlmsg_free(msg);
18858 }
18859
nl80211_send_rx_auth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)18860 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
18861 struct net_device *netdev, const u8 *buf,
18862 size_t len, gfp_t gfp)
18863 {
18864 struct nl80211_mlme_event event = {
18865 .cmd = NL80211_CMD_AUTHENTICATE,
18866 .buf = buf,
18867 .buf_len = len,
18868 .uapsd_queues = -1,
18869 };
18870
18871 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18872 }
18873
nl80211_send_rx_assoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct cfg80211_rx_assoc_resp_data * data)18874 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
18875 struct net_device *netdev,
18876 const struct cfg80211_rx_assoc_resp_data *data)
18877 {
18878 struct nl80211_mlme_event event = {
18879 .cmd = NL80211_CMD_ASSOCIATE,
18880 .buf = data->buf,
18881 .buf_len = data->len,
18882 .uapsd_queues = data->uapsd_queues,
18883 .req_ies = data->req_ies,
18884 .req_ies_len = data->req_ies_len,
18885 };
18886
18887 nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
18888 }
18889
nl80211_send_deauth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)18890 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
18891 struct net_device *netdev, const u8 *buf,
18892 size_t len, bool reconnect, gfp_t gfp)
18893 {
18894 struct nl80211_mlme_event event = {
18895 .cmd = NL80211_CMD_DEAUTHENTICATE,
18896 .buf = buf,
18897 .buf_len = len,
18898 .reconnect = reconnect,
18899 .uapsd_queues = -1,
18900 };
18901
18902 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18903 }
18904
nl80211_send_disassoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)18905 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
18906 struct net_device *netdev, const u8 *buf,
18907 size_t len, bool reconnect, gfp_t gfp)
18908 {
18909 struct nl80211_mlme_event event = {
18910 .cmd = NL80211_CMD_DISASSOCIATE,
18911 .buf = buf,
18912 .buf_len = len,
18913 .reconnect = reconnect,
18914 .uapsd_queues = -1,
18915 };
18916
18917 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18918 }
18919
cfg80211_rx_unprot_mlme_mgmt(struct net_device * dev,const u8 * buf,size_t len)18920 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
18921 size_t len)
18922 {
18923 struct wireless_dev *wdev = dev->ieee80211_ptr;
18924 struct wiphy *wiphy = wdev->wiphy;
18925 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18926 const struct ieee80211_mgmt *mgmt = (void *)buf;
18927 struct nl80211_mlme_event event = {
18928 .buf = buf,
18929 .buf_len = len,
18930 .uapsd_queues = -1,
18931 };
18932
18933 if (WARN_ON(len < 2))
18934 return;
18935
18936 if (ieee80211_is_deauth(mgmt->frame_control)) {
18937 event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
18938 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
18939 event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
18940 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
18941 if (wdev->unprot_beacon_reported &&
18942 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
18943 return;
18944 event.cmd = NL80211_CMD_UNPROT_BEACON;
18945 wdev->unprot_beacon_reported = jiffies;
18946 } else {
18947 return;
18948 }
18949
18950 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
18951 nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
18952 }
18953 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
18954
nl80211_send_mlme_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,int cmd,const u8 * addr,gfp_t gfp)18955 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
18956 struct net_device *netdev, int cmd,
18957 const u8 *addr, gfp_t gfp)
18958 {
18959 struct sk_buff *msg;
18960 void *hdr;
18961
18962 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18963 if (!msg)
18964 return;
18965
18966 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18967 if (!hdr) {
18968 nlmsg_free(msg);
18969 return;
18970 }
18971
18972 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18973 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18974 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18975 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18976 goto nla_put_failure;
18977
18978 genlmsg_end(msg, hdr);
18979
18980 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18981 NL80211_MCGRP_MLME, gfp);
18982 return;
18983
18984 nla_put_failure:
18985 nlmsg_free(msg);
18986 }
18987
nl80211_send_auth_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)18988 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
18989 struct net_device *netdev, const u8 *addr,
18990 gfp_t gfp)
18991 {
18992 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
18993 addr, gfp);
18994 }
18995
nl80211_send_assoc_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)18996 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
18997 struct net_device *netdev, const u8 *addr,
18998 gfp_t gfp)
18999 {
19000 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
19001 addr, gfp);
19002 }
19003
nl80211_send_connect_result(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_connect_resp_params * cr,gfp_t gfp)19004 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
19005 struct net_device *netdev,
19006 struct cfg80211_connect_resp_params *cr,
19007 gfp_t gfp)
19008 {
19009 struct sk_buff *msg;
19010 void *hdr;
19011 unsigned int link;
19012 size_t link_info_size = 0;
19013 const u8 *connected_addr = cr->valid_links ?
19014 cr->ap_mld_addr : cr->links[0].bssid;
19015
19016 if (cr->valid_links) {
19017 for_each_valid_link(cr, link) {
19018 /* Nested attribute header */
19019 link_info_size += NLA_HDRLEN;
19020 /* Link ID */
19021 link_info_size += nla_total_size(sizeof(u8));
19022 link_info_size += cr->links[link].addr ?
19023 nla_total_size(ETH_ALEN) : 0;
19024 link_info_size += (cr->links[link].bssid ||
19025 cr->links[link].bss) ?
19026 nla_total_size(ETH_ALEN) : 0;
19027 link_info_size += nla_total_size(sizeof(u16));
19028 }
19029 }
19030
19031 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
19032 cr->fils.kek_len + cr->fils.pmk_len +
19033 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
19034 gfp);
19035 if (!msg)
19036 return;
19037
19038 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
19039 if (!hdr) {
19040 nlmsg_free(msg);
19041 return;
19042 }
19043
19044 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19045 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19046 (connected_addr &&
19047 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
19048 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
19049 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
19050 cr->status) ||
19051 (cr->status < 0 &&
19052 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
19053 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
19054 cr->timeout_reason))) ||
19055 (cr->req_ie &&
19056 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
19057 (cr->resp_ie &&
19058 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
19059 cr->resp_ie)) ||
19060 (cr->fils.update_erp_next_seq_num &&
19061 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
19062 cr->fils.erp_next_seq_num)) ||
19063 (cr->status == WLAN_STATUS_SUCCESS &&
19064 ((cr->fils.kek &&
19065 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
19066 cr->fils.kek)) ||
19067 (cr->fils.pmk &&
19068 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
19069 (cr->fils.pmkid &&
19070 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
19071 goto nla_put_failure;
19072
19073 if (cr->valid_links) {
19074 int i = 1;
19075 struct nlattr *nested;
19076
19077 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
19078 if (!nested)
19079 goto nla_put_failure;
19080
19081 for_each_valid_link(cr, link) {
19082 struct nlattr *nested_mlo_links;
19083 const u8 *bssid = cr->links[link].bss ?
19084 cr->links[link].bss->bssid :
19085 cr->links[link].bssid;
19086
19087 nested_mlo_links = nla_nest_start(msg, i);
19088 if (!nested_mlo_links)
19089 goto nla_put_failure;
19090
19091 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
19092 (bssid &&
19093 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
19094 (cr->links[link].addr &&
19095 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
19096 cr->links[link].addr)) ||
19097 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
19098 cr->links[link].status))
19099 goto nla_put_failure;
19100
19101 nla_nest_end(msg, nested_mlo_links);
19102 i++;
19103 }
19104 nla_nest_end(msg, nested);
19105 }
19106
19107 genlmsg_end(msg, hdr);
19108
19109 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19110 NL80211_MCGRP_MLME, gfp);
19111 return;
19112
19113 nla_put_failure:
19114 nlmsg_free(msg);
19115 }
19116
nl80211_send_roamed(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_roam_info * info,gfp_t gfp)19117 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
19118 struct net_device *netdev,
19119 struct cfg80211_roam_info *info, gfp_t gfp)
19120 {
19121 struct sk_buff *msg;
19122 void *hdr;
19123 size_t link_info_size = 0;
19124 unsigned int link;
19125 const u8 *connected_addr = info->ap_mld_addr ?
19126 info->ap_mld_addr :
19127 (info->links[0].bss ?
19128 info->links[0].bss->bssid :
19129 info->links[0].bssid);
19130
19131 if (info->valid_links) {
19132 for_each_valid_link(info, link) {
19133 /* Nested attribute header */
19134 link_info_size += NLA_HDRLEN;
19135 /* Link ID */
19136 link_info_size += nla_total_size(sizeof(u8));
19137 link_info_size += info->links[link].addr ?
19138 nla_total_size(ETH_ALEN) : 0;
19139 link_info_size += (info->links[link].bssid ||
19140 info->links[link].bss) ?
19141 nla_total_size(ETH_ALEN) : 0;
19142 }
19143 }
19144
19145 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
19146 info->fils.kek_len + info->fils.pmk_len +
19147 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
19148 link_info_size, gfp);
19149 if (!msg)
19150 return;
19151
19152 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
19153 if (!hdr) {
19154 nlmsg_free(msg);
19155 return;
19156 }
19157
19158 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19159 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19160 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
19161 (info->req_ie &&
19162 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
19163 info->req_ie)) ||
19164 (info->resp_ie &&
19165 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
19166 info->resp_ie)) ||
19167 (info->fils.update_erp_next_seq_num &&
19168 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
19169 info->fils.erp_next_seq_num)) ||
19170 (info->fils.kek &&
19171 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
19172 info->fils.kek)) ||
19173 (info->fils.pmk &&
19174 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
19175 (info->fils.pmkid &&
19176 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
19177 goto nla_put_failure;
19178
19179 if (info->valid_links) {
19180 int i = 1;
19181 struct nlattr *nested;
19182
19183 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
19184 if (!nested)
19185 goto nla_put_failure;
19186
19187 for_each_valid_link(info, link) {
19188 struct nlattr *nested_mlo_links;
19189 const u8 *bssid = info->links[link].bss ?
19190 info->links[link].bss->bssid :
19191 info->links[link].bssid;
19192
19193 nested_mlo_links = nla_nest_start(msg, i);
19194 if (!nested_mlo_links)
19195 goto nla_put_failure;
19196
19197 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
19198 (bssid &&
19199 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
19200 (info->links[link].addr &&
19201 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
19202 info->links[link].addr)))
19203 goto nla_put_failure;
19204
19205 nla_nest_end(msg, nested_mlo_links);
19206 i++;
19207 }
19208 nla_nest_end(msg, nested);
19209 }
19210
19211 genlmsg_end(msg, hdr);
19212
19213 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19214 NL80211_MCGRP_MLME, gfp);
19215 return;
19216
19217 nla_put_failure:
19218 nlmsg_free(msg);
19219 }
19220
nl80211_send_port_authorized(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * peer_addr,const u8 * td_bitmap,u8 td_bitmap_len)19221 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
19222 struct net_device *netdev, const u8 *peer_addr,
19223 const u8 *td_bitmap, u8 td_bitmap_len)
19224 {
19225 struct sk_buff *msg;
19226 void *hdr;
19227
19228 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19229 if (!msg)
19230 return;
19231
19232 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
19233 if (!hdr) {
19234 nlmsg_free(msg);
19235 return;
19236 }
19237
19238 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19239 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19240 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
19241 goto nla_put_failure;
19242
19243 if (td_bitmap_len > 0 && td_bitmap &&
19244 nla_put(msg, NL80211_ATTR_TD_BITMAP, td_bitmap_len, td_bitmap))
19245 goto nla_put_failure;
19246
19247 genlmsg_end(msg, hdr);
19248
19249 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19250 NL80211_MCGRP_MLME, GFP_KERNEL);
19251 return;
19252
19253 nla_put_failure:
19254 nlmsg_free(msg);
19255 }
19256
nl80211_send_disconnected(struct cfg80211_registered_device * rdev,struct net_device * netdev,u16 reason,const u8 * ie,size_t ie_len,bool from_ap)19257 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
19258 struct net_device *netdev, u16 reason,
19259 const u8 *ie, size_t ie_len, bool from_ap)
19260 {
19261 struct sk_buff *msg;
19262 void *hdr;
19263
19264 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
19265 if (!msg)
19266 return;
19267
19268 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
19269 if (!hdr) {
19270 nlmsg_free(msg);
19271 return;
19272 }
19273
19274 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19275 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19276 (reason &&
19277 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
19278 (from_ap &&
19279 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
19280 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
19281 goto nla_put_failure;
19282
19283 genlmsg_end(msg, hdr);
19284
19285 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19286 NL80211_MCGRP_MLME, GFP_KERNEL);
19287 return;
19288
19289 nla_put_failure:
19290 nlmsg_free(msg);
19291 }
19292
cfg80211_links_removed(struct net_device * dev,u16 link_mask)19293 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
19294 {
19295 struct wireless_dev *wdev = dev->ieee80211_ptr;
19296 struct wiphy *wiphy = wdev->wiphy;
19297 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19298 struct sk_buff *msg;
19299 struct nlattr *links;
19300 void *hdr;
19301
19302 lockdep_assert_wiphy(wdev->wiphy);
19303 trace_cfg80211_links_removed(dev, link_mask);
19304
19305 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
19306 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
19307 return;
19308
19309 if (WARN_ON(!wdev->valid_links || !link_mask ||
19310 (wdev->valid_links & link_mask) != link_mask ||
19311 wdev->valid_links == link_mask))
19312 return;
19313
19314 cfg80211_wdev_release_link_bsses(wdev, link_mask);
19315 wdev->valid_links &= ~link_mask;
19316
19317 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19318 if (!msg)
19319 return;
19320
19321 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
19322 if (!hdr) {
19323 nlmsg_free(msg);
19324 return;
19325 }
19326
19327 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19328 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19329 goto nla_put_failure;
19330
19331 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
19332 if (!links)
19333 goto nla_put_failure;
19334
19335 while (link_mask) {
19336 struct nlattr *link;
19337 int link_id = __ffs(link_mask);
19338
19339 link = nla_nest_start(msg, link_id + 1);
19340 if (!link)
19341 goto nla_put_failure;
19342
19343 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19344 goto nla_put_failure;
19345
19346 nla_nest_end(msg, link);
19347 link_mask &= ~(1 << link_id);
19348 }
19349
19350 nla_nest_end(msg, links);
19351
19352 genlmsg_end(msg, hdr);
19353
19354 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19355 NL80211_MCGRP_MLME, GFP_KERNEL);
19356 return;
19357
19358 nla_put_failure:
19359 nlmsg_free(msg);
19360 }
19361 EXPORT_SYMBOL(cfg80211_links_removed);
19362
nl80211_mlo_reconf_add_done(struct net_device * dev,struct cfg80211_mlo_reconf_done_data * data)19363 void nl80211_mlo_reconf_add_done(struct net_device *dev,
19364 struct cfg80211_mlo_reconf_done_data *data)
19365 {
19366 struct wireless_dev *wdev = dev->ieee80211_ptr;
19367 struct wiphy *wiphy = wdev->wiphy;
19368 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19369 struct nl80211_mlme_event event = {
19370 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
19371 .buf = data->buf,
19372 .buf_len = data->len,
19373 .uapsd_queues = -1,
19374 };
19375
19376 nl80211_send_mlme_event(rdev, dev, &event, GFP_KERNEL);
19377 }
19378 EXPORT_SYMBOL(nl80211_mlo_reconf_add_done);
19379
nl80211_send_ibss_bssid(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,gfp_t gfp)19380 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
19381 struct net_device *netdev, const u8 *bssid,
19382 gfp_t gfp)
19383 {
19384 struct sk_buff *msg;
19385 void *hdr;
19386
19387 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19388 if (!msg)
19389 return;
19390
19391 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
19392 if (!hdr) {
19393 nlmsg_free(msg);
19394 return;
19395 }
19396
19397 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19398 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19399 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
19400 goto nla_put_failure;
19401
19402 genlmsg_end(msg, hdr);
19403
19404 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19405 NL80211_MCGRP_MLME, gfp);
19406 return;
19407
19408 nla_put_failure:
19409 nlmsg_free(msg);
19410 }
19411
cfg80211_notify_new_peer_candidate(struct net_device * dev,const u8 * addr,const u8 * ie,u8 ie_len,int sig_dbm,gfp_t gfp)19412 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
19413 const u8 *ie, u8 ie_len,
19414 int sig_dbm, gfp_t gfp)
19415 {
19416 struct wireless_dev *wdev = dev->ieee80211_ptr;
19417 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19418 struct sk_buff *msg;
19419 void *hdr;
19420
19421 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
19422 return;
19423
19424 trace_cfg80211_notify_new_peer_candidate(dev, addr);
19425
19426 msg = nlmsg_new(100 + ie_len, gfp);
19427 if (!msg)
19428 return;
19429
19430 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
19431 if (!hdr) {
19432 nlmsg_free(msg);
19433 return;
19434 }
19435
19436 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19437 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19438 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19439 (ie_len && ie &&
19440 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
19441 (sig_dbm &&
19442 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
19443 goto nla_put_failure;
19444
19445 genlmsg_end(msg, hdr);
19446
19447 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19448 NL80211_MCGRP_MLME, gfp);
19449 return;
19450
19451 nla_put_failure:
19452 nlmsg_free(msg);
19453 }
19454 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
19455
nl80211_michael_mic_failure(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,enum nl80211_key_type key_type,int key_id,const u8 * tsc,gfp_t gfp)19456 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
19457 struct net_device *netdev, const u8 *addr,
19458 enum nl80211_key_type key_type, int key_id,
19459 const u8 *tsc, gfp_t gfp)
19460 {
19461 struct sk_buff *msg;
19462 void *hdr;
19463
19464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19465 if (!msg)
19466 return;
19467
19468 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
19469 if (!hdr) {
19470 nlmsg_free(msg);
19471 return;
19472 }
19473
19474 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19475 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19476 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
19477 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
19478 (key_id != -1 &&
19479 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
19480 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
19481 goto nla_put_failure;
19482
19483 genlmsg_end(msg, hdr);
19484
19485 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19486 NL80211_MCGRP_MLME, gfp);
19487 return;
19488
19489 nla_put_failure:
19490 nlmsg_free(msg);
19491 }
19492
nl80211_send_beacon_hint_event(struct wiphy * wiphy,struct ieee80211_channel * channel_before,struct ieee80211_channel * channel_after)19493 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
19494 struct ieee80211_channel *channel_before,
19495 struct ieee80211_channel *channel_after)
19496 {
19497 struct sk_buff *msg;
19498 void *hdr;
19499 struct nlattr *nl_freq;
19500
19501 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
19502 if (!msg)
19503 return;
19504
19505 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
19506 if (!hdr) {
19507 nlmsg_free(msg);
19508 return;
19509 }
19510
19511 /*
19512 * Since we are applying the beacon hint to a wiphy we know its
19513 * wiphy_idx is valid
19514 */
19515 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
19516 goto nla_put_failure;
19517
19518 /* Before */
19519 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
19520 if (!nl_freq)
19521 goto nla_put_failure;
19522
19523 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
19524 goto nla_put_failure;
19525 nla_nest_end(msg, nl_freq);
19526
19527 /* After */
19528 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
19529 if (!nl_freq)
19530 goto nla_put_failure;
19531
19532 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
19533 goto nla_put_failure;
19534 nla_nest_end(msg, nl_freq);
19535
19536 genlmsg_end(msg, hdr);
19537
19538 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
19539 NL80211_MCGRP_REGULATORY);
19540
19541 return;
19542
19543 nla_put_failure:
19544 nlmsg_free(msg);
19545 }
19546
nl80211_send_remain_on_chan_event(int cmd,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)19547 static void nl80211_send_remain_on_chan_event(
19548 int cmd, struct cfg80211_registered_device *rdev,
19549 struct wireless_dev *wdev, u64 cookie,
19550 struct ieee80211_channel *chan,
19551 unsigned int duration, gfp_t gfp)
19552 {
19553 struct sk_buff *msg;
19554 void *hdr;
19555
19556 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19557 if (!msg)
19558 return;
19559
19560 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19561 if (!hdr) {
19562 nlmsg_free(msg);
19563 return;
19564 }
19565
19566 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19567 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19568 wdev->netdev->ifindex)) ||
19569 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19570 NL80211_ATTR_PAD) ||
19571 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
19572 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
19573 NL80211_CHAN_NO_HT) ||
19574 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
19575 NL80211_ATTR_PAD))
19576 goto nla_put_failure;
19577
19578 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
19579 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
19580 goto nla_put_failure;
19581
19582 genlmsg_end(msg, hdr);
19583
19584 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19585 NL80211_MCGRP_MLME, gfp);
19586 return;
19587
19588 nla_put_failure:
19589 nlmsg_free(msg);
19590 }
19591
cfg80211_assoc_comeback(struct net_device * netdev,const u8 * ap_addr,u32 timeout)19592 void cfg80211_assoc_comeback(struct net_device *netdev,
19593 const u8 *ap_addr, u32 timeout)
19594 {
19595 struct wireless_dev *wdev = netdev->ieee80211_ptr;
19596 struct wiphy *wiphy = wdev->wiphy;
19597 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19598 struct sk_buff *msg;
19599 void *hdr;
19600
19601 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
19602
19603 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19604 if (!msg)
19605 return;
19606
19607 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
19608 if (!hdr) {
19609 nlmsg_free(msg);
19610 return;
19611 }
19612
19613 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19614 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19615 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
19616 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
19617 goto nla_put_failure;
19618
19619 genlmsg_end(msg, hdr);
19620
19621 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19622 NL80211_MCGRP_MLME, GFP_KERNEL);
19623 return;
19624
19625 nla_put_failure:
19626 nlmsg_free(msg);
19627 }
19628 EXPORT_SYMBOL(cfg80211_assoc_comeback);
19629
cfg80211_ready_on_channel(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)19630 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
19631 struct ieee80211_channel *chan,
19632 unsigned int duration, gfp_t gfp)
19633 {
19634 struct wiphy *wiphy = wdev->wiphy;
19635 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19636
19637 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
19638 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
19639 rdev, wdev, cookie, chan,
19640 duration, gfp);
19641 }
19642 EXPORT_SYMBOL(cfg80211_ready_on_channel);
19643
cfg80211_remain_on_channel_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)19644 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
19645 struct ieee80211_channel *chan,
19646 gfp_t gfp)
19647 {
19648 struct wiphy *wiphy = wdev->wiphy;
19649 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19650
19651 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
19652 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
19653 rdev, wdev, cookie, chan, 0, gfp);
19654 }
19655 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
19656
cfg80211_tx_mgmt_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)19657 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
19658 struct ieee80211_channel *chan,
19659 gfp_t gfp)
19660 {
19661 struct wiphy *wiphy = wdev->wiphy;
19662 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19663
19664 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
19665 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
19666 rdev, wdev, cookie, chan, 0, gfp);
19667 }
19668 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
19669
cfg80211_new_sta(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)19670 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
19671 struct station_info *sinfo, gfp_t gfp)
19672 {
19673 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
19674 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19675 struct sk_buff *msg;
19676
19677 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
19678
19679 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19680 if (!msg)
19681 return;
19682
19683 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
19684 rdev, dev, mac_addr, sinfo, false) < 0) {
19685 nlmsg_free(msg);
19686 return;
19687 }
19688
19689 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19690 NL80211_MCGRP_MLME, gfp);
19691 }
19692 EXPORT_SYMBOL(cfg80211_new_sta);
19693
cfg80211_del_sta_sinfo(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)19694 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
19695 struct station_info *sinfo, gfp_t gfp)
19696 {
19697 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
19698 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19699 struct sk_buff *msg;
19700 struct station_info empty_sinfo = {};
19701
19702 if (!sinfo)
19703 sinfo = &empty_sinfo;
19704
19705 trace_cfg80211_del_sta(dev, mac_addr);
19706
19707 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19708 if (!msg) {
19709 cfg80211_sinfo_release_content(sinfo);
19710 return;
19711 }
19712
19713 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
19714 rdev, dev, mac_addr, sinfo, false) < 0) {
19715 nlmsg_free(msg);
19716 return;
19717 }
19718
19719 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19720 NL80211_MCGRP_MLME, gfp);
19721 }
19722 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
19723
cfg80211_conn_failed(struct net_device * dev,const u8 * mac_addr,enum nl80211_connect_failed_reason reason,gfp_t gfp)19724 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
19725 enum nl80211_connect_failed_reason reason,
19726 gfp_t gfp)
19727 {
19728 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
19729 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19730 struct sk_buff *msg;
19731 void *hdr;
19732
19733 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
19734 if (!msg)
19735 return;
19736
19737 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
19738 if (!hdr) {
19739 nlmsg_free(msg);
19740 return;
19741 }
19742
19743 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19744 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
19745 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
19746 goto nla_put_failure;
19747
19748 genlmsg_end(msg, hdr);
19749
19750 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19751 NL80211_MCGRP_MLME, gfp);
19752 return;
19753
19754 nla_put_failure:
19755 nlmsg_free(msg);
19756 }
19757 EXPORT_SYMBOL(cfg80211_conn_failed);
19758
__nl80211_unexpected_frame(struct net_device * dev,u8 cmd,const u8 * addr,int link_id,gfp_t gfp)19759 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
19760 const u8 *addr, int link_id, gfp_t gfp)
19761 {
19762 struct wireless_dev *wdev = dev->ieee80211_ptr;
19763 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19764 struct sk_buff *msg;
19765 void *hdr;
19766 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
19767
19768 if (!nlportid)
19769 return false;
19770
19771 msg = nlmsg_new(100, gfp);
19772 if (!msg)
19773 return true;
19774
19775 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19776 if (!hdr) {
19777 nlmsg_free(msg);
19778 return true;
19779 }
19780
19781 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19782 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19783 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19784 (link_id >= 0 &&
19785 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
19786 goto nla_put_failure;
19787
19788 genlmsg_end(msg, hdr);
19789 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19790 return true;
19791
19792 nla_put_failure:
19793 nlmsg_free(msg);
19794 return true;
19795 }
19796
cfg80211_rx_spurious_frame(struct net_device * dev,const u8 * addr,int link_id,gfp_t gfp)19797 bool cfg80211_rx_spurious_frame(struct net_device *dev, const u8 *addr,
19798 int link_id, gfp_t gfp)
19799 {
19800 struct wireless_dev *wdev = dev->ieee80211_ptr;
19801 bool ret;
19802
19803 trace_cfg80211_rx_spurious_frame(dev, addr, link_id);
19804
19805 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
19806 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
19807 trace_cfg80211_return_bool(false);
19808 return false;
19809 }
19810 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
19811 addr, link_id, gfp);
19812 trace_cfg80211_return_bool(ret);
19813 return ret;
19814 }
19815 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
19816
cfg80211_rx_unexpected_4addr_frame(struct net_device * dev,const u8 * addr,int link_id,gfp_t gfp)19817 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, const u8 *addr,
19818 int link_id, gfp_t gfp)
19819 {
19820 struct wireless_dev *wdev = dev->ieee80211_ptr;
19821 bool ret;
19822
19823 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr, link_id);
19824
19825 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
19826 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
19827 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
19828 trace_cfg80211_return_bool(false);
19829 return false;
19830 }
19831 ret = __nl80211_unexpected_frame(dev,
19832 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
19833 addr, link_id, gfp);
19834 trace_cfg80211_return_bool(ret);
19835 return ret;
19836 }
19837 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
19838
nl80211_send_mgmt(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 nlportid,struct cfg80211_rx_info * info,gfp_t gfp)19839 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
19840 struct wireless_dev *wdev, u32 nlportid,
19841 struct cfg80211_rx_info *info, gfp_t gfp)
19842 {
19843 struct net_device *netdev = wdev->netdev;
19844 struct sk_buff *msg;
19845 void *hdr;
19846
19847 msg = nlmsg_new(100 + info->len, gfp);
19848 if (!msg)
19849 return -ENOMEM;
19850
19851 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19852 if (!hdr) {
19853 nlmsg_free(msg);
19854 return -ENOMEM;
19855 }
19856
19857 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19858 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19859 netdev->ifindex)) ||
19860 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19861 NL80211_ATTR_PAD) ||
19862 (info->have_link_id &&
19863 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
19864 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
19865 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
19866 (info->sig_dbm &&
19867 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
19868 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
19869 (info->flags &&
19870 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
19871 (info->rx_tstamp && nla_put_u64_64bit(msg,
19872 NL80211_ATTR_RX_HW_TIMESTAMP,
19873 info->rx_tstamp,
19874 NL80211_ATTR_PAD)) ||
19875 (info->ack_tstamp && nla_put_u64_64bit(msg,
19876 NL80211_ATTR_TX_HW_TIMESTAMP,
19877 info->ack_tstamp,
19878 NL80211_ATTR_PAD)))
19879 goto nla_put_failure;
19880
19881 genlmsg_end(msg, hdr);
19882
19883 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19884
19885 nla_put_failure:
19886 nlmsg_free(msg);
19887 return -ENOBUFS;
19888 }
19889
nl80211_frame_tx_status(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp,enum nl80211_commands command)19890 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
19891 struct cfg80211_tx_status *status,
19892 gfp_t gfp, enum nl80211_commands command)
19893 {
19894 struct wiphy *wiphy = wdev->wiphy;
19895 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19896 struct net_device *netdev = wdev->netdev;
19897 struct sk_buff *msg;
19898 void *hdr;
19899
19900 if (command == NL80211_CMD_FRAME_TX_STATUS)
19901 trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
19902 status->ack);
19903 else
19904 trace_cfg80211_control_port_tx_status(wdev, status->cookie,
19905 status->ack);
19906
19907 msg = nlmsg_new(100 + status->len, gfp);
19908 if (!msg)
19909 return;
19910
19911 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
19912 if (!hdr) {
19913 nlmsg_free(msg);
19914 return;
19915 }
19916
19917 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19918 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19919 netdev->ifindex)) ||
19920 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19921 NL80211_ATTR_PAD) ||
19922 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
19923 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
19924 NL80211_ATTR_PAD) ||
19925 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19926 (status->tx_tstamp &&
19927 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
19928 status->tx_tstamp, NL80211_ATTR_PAD)) ||
19929 (status->ack_tstamp &&
19930 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
19931 status->ack_tstamp, NL80211_ATTR_PAD)))
19932 goto nla_put_failure;
19933
19934 genlmsg_end(msg, hdr);
19935
19936 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19937 NL80211_MCGRP_MLME, gfp);
19938 return;
19939
19940 nla_put_failure:
19941 nlmsg_free(msg);
19942 }
19943
cfg80211_control_port_tx_status(struct wireless_dev * wdev,u64 cookie,const u8 * buf,size_t len,bool ack,gfp_t gfp)19944 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
19945 const u8 *buf, size_t len, bool ack,
19946 gfp_t gfp)
19947 {
19948 struct cfg80211_tx_status status = {
19949 .cookie = cookie,
19950 .buf = buf,
19951 .len = len,
19952 .ack = ack
19953 };
19954
19955 nl80211_frame_tx_status(wdev, &status, gfp,
19956 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
19957 }
19958 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
19959
cfg80211_mgmt_tx_status_ext(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp)19960 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
19961 struct cfg80211_tx_status *status, gfp_t gfp)
19962 {
19963 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
19964 }
19965 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
19966
__nl80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id,gfp_t gfp)19967 static int __nl80211_rx_control_port(struct net_device *dev,
19968 struct sk_buff *skb,
19969 bool unencrypted,
19970 int link_id,
19971 gfp_t gfp)
19972 {
19973 struct wireless_dev *wdev = dev->ieee80211_ptr;
19974 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19975 struct ethhdr *ehdr = eth_hdr(skb);
19976 const u8 *addr = ehdr->h_source;
19977 u16 proto = be16_to_cpu(skb->protocol);
19978 struct sk_buff *msg;
19979 void *hdr;
19980 struct nlattr *frame;
19981
19982 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
19983
19984 if (!nlportid)
19985 return -ENOENT;
19986
19987 msg = nlmsg_new(100 + skb->len, gfp);
19988 if (!msg)
19989 return -ENOMEM;
19990
19991 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
19992 if (!hdr) {
19993 nlmsg_free(msg);
19994 return -ENOBUFS;
19995 }
19996
19997 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19998 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19999 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20000 NL80211_ATTR_PAD) ||
20001 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
20002 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
20003 (link_id >= 0 &&
20004 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
20005 (unencrypted && nla_put_flag(msg,
20006 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
20007 goto nla_put_failure;
20008
20009 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
20010 if (!frame)
20011 goto nla_put_failure;
20012
20013 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
20014 genlmsg_end(msg, hdr);
20015
20016 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20017
20018 nla_put_failure:
20019 nlmsg_free(msg);
20020 return -ENOBUFS;
20021 }
20022
cfg80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id)20023 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
20024 bool unencrypted, int link_id)
20025 {
20026 int ret;
20027
20028 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
20029 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
20030 GFP_ATOMIC);
20031 trace_cfg80211_return_bool(ret == 0);
20032 return ret == 0;
20033 }
20034 EXPORT_SYMBOL(cfg80211_rx_control_port);
20035
cfg80211_prepare_cqm(struct net_device * dev,const char * mac,gfp_t gfp)20036 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
20037 const char *mac, gfp_t gfp)
20038 {
20039 struct wireless_dev *wdev = dev->ieee80211_ptr;
20040 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20041 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20042 void **cb;
20043
20044 if (!msg)
20045 return NULL;
20046
20047 cb = (void **)msg->cb;
20048
20049 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
20050 if (!cb[0]) {
20051 nlmsg_free(msg);
20052 return NULL;
20053 }
20054
20055 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20056 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
20057 goto nla_put_failure;
20058
20059 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
20060 goto nla_put_failure;
20061
20062 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
20063 if (!cb[1])
20064 goto nla_put_failure;
20065
20066 cb[2] = rdev;
20067
20068 return msg;
20069 nla_put_failure:
20070 nlmsg_free(msg);
20071 return NULL;
20072 }
20073
cfg80211_send_cqm(struct sk_buff * msg,gfp_t gfp)20074 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
20075 {
20076 void **cb = (void **)msg->cb;
20077 struct cfg80211_registered_device *rdev = cb[2];
20078
20079 nla_nest_end(msg, cb[1]);
20080 genlmsg_end(msg, cb[0]);
20081
20082 memset(msg->cb, 0, sizeof(msg->cb));
20083
20084 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20085 NL80211_MCGRP_MLME, gfp);
20086 }
20087
cfg80211_cqm_rssi_notify(struct net_device * dev,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)20088 void cfg80211_cqm_rssi_notify(struct net_device *dev,
20089 enum nl80211_cqm_rssi_threshold_event rssi_event,
20090 s32 rssi_level, gfp_t gfp)
20091 {
20092 struct wireless_dev *wdev = dev->ieee80211_ptr;
20093 struct cfg80211_cqm_config *cqm_config;
20094
20095 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
20096
20097 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
20098 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
20099 return;
20100
20101 rcu_read_lock();
20102 cqm_config = rcu_dereference(wdev->cqm_config);
20103 if (cqm_config) {
20104 cqm_config->last_rssi_event_value = rssi_level;
20105 cqm_config->last_rssi_event_type = rssi_event;
20106 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
20107 }
20108 rcu_read_unlock();
20109 }
20110 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
20111
cfg80211_cqm_rssi_notify_work(struct wiphy * wiphy,struct wiphy_work * work)20112 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
20113 {
20114 struct wireless_dev *wdev = container_of(work, struct wireless_dev,
20115 cqm_rssi_work);
20116 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20117 enum nl80211_cqm_rssi_threshold_event rssi_event;
20118 struct cfg80211_cqm_config *cqm_config;
20119 struct sk_buff *msg;
20120 s32 rssi_level;
20121
20122 cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
20123 if (!cqm_config)
20124 return;
20125
20126 if (cqm_config->use_range_api)
20127 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
20128
20129 rssi_level = cqm_config->last_rssi_event_value;
20130 rssi_event = cqm_config->last_rssi_event_type;
20131
20132 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
20133 if (!msg)
20134 return;
20135
20136 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
20137 rssi_event))
20138 goto nla_put_failure;
20139
20140 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
20141 rssi_level))
20142 goto nla_put_failure;
20143
20144 cfg80211_send_cqm(msg, GFP_KERNEL);
20145
20146 return;
20147
20148 nla_put_failure:
20149 nlmsg_free(msg);
20150 }
20151
cfg80211_cqm_txe_notify(struct net_device * dev,const u8 * peer,u32 num_packets,u32 rate,u32 intvl,gfp_t gfp)20152 void cfg80211_cqm_txe_notify(struct net_device *dev,
20153 const u8 *peer, u32 num_packets,
20154 u32 rate, u32 intvl, gfp_t gfp)
20155 {
20156 struct sk_buff *msg;
20157
20158 msg = cfg80211_prepare_cqm(dev, peer, gfp);
20159 if (!msg)
20160 return;
20161
20162 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
20163 goto nla_put_failure;
20164
20165 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
20166 goto nla_put_failure;
20167
20168 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
20169 goto nla_put_failure;
20170
20171 cfg80211_send_cqm(msg, gfp);
20172 return;
20173
20174 nla_put_failure:
20175 nlmsg_free(msg);
20176 }
20177 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
20178
cfg80211_cqm_pktloss_notify(struct net_device * dev,const u8 * peer,u32 num_packets,gfp_t gfp)20179 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
20180 const u8 *peer, u32 num_packets, gfp_t gfp)
20181 {
20182 struct sk_buff *msg;
20183
20184 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
20185
20186 msg = cfg80211_prepare_cqm(dev, peer, gfp);
20187 if (!msg)
20188 return;
20189
20190 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
20191 goto nla_put_failure;
20192
20193 cfg80211_send_cqm(msg, gfp);
20194 return;
20195
20196 nla_put_failure:
20197 nlmsg_free(msg);
20198 }
20199 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
20200
cfg80211_cqm_beacon_loss_notify(struct net_device * dev,gfp_t gfp)20201 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
20202 {
20203 struct sk_buff *msg;
20204
20205 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
20206 if (!msg)
20207 return;
20208
20209 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
20210 goto nla_put_failure;
20211
20212 cfg80211_send_cqm(msg, gfp);
20213 return;
20214
20215 nla_put_failure:
20216 nlmsg_free(msg);
20217 }
20218 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
20219
nl80211_gtk_rekey_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)20220 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
20221 struct net_device *netdev, const u8 *bssid,
20222 const u8 *replay_ctr, gfp_t gfp)
20223 {
20224 struct sk_buff *msg;
20225 struct nlattr *rekey_attr;
20226 void *hdr;
20227
20228 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20229 if (!msg)
20230 return;
20231
20232 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
20233 if (!hdr) {
20234 nlmsg_free(msg);
20235 return;
20236 }
20237
20238 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20239 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20240 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
20241 goto nla_put_failure;
20242
20243 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
20244 if (!rekey_attr)
20245 goto nla_put_failure;
20246
20247 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
20248 NL80211_REPLAY_CTR_LEN, replay_ctr))
20249 goto nla_put_failure;
20250
20251 nla_nest_end(msg, rekey_attr);
20252
20253 genlmsg_end(msg, hdr);
20254
20255 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20256 NL80211_MCGRP_MLME, gfp);
20257 return;
20258
20259 nla_put_failure:
20260 nlmsg_free(msg);
20261 }
20262
cfg80211_gtk_rekey_notify(struct net_device * dev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)20263 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
20264 const u8 *replay_ctr, gfp_t gfp)
20265 {
20266 struct wireless_dev *wdev = dev->ieee80211_ptr;
20267 struct wiphy *wiphy = wdev->wiphy;
20268 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20269
20270 trace_cfg80211_gtk_rekey_notify(dev, bssid);
20271 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
20272 }
20273 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
20274
20275 static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,int index,const u8 * bssid,bool preauth,gfp_t gfp)20276 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
20277 struct net_device *netdev, int index,
20278 const u8 *bssid, bool preauth, gfp_t gfp)
20279 {
20280 struct sk_buff *msg;
20281 struct nlattr *attr;
20282 void *hdr;
20283
20284 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20285 if (!msg)
20286 return;
20287
20288 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
20289 if (!hdr) {
20290 nlmsg_free(msg);
20291 return;
20292 }
20293
20294 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20295 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
20296 goto nla_put_failure;
20297
20298 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
20299 if (!attr)
20300 goto nla_put_failure;
20301
20302 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
20303 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
20304 (preauth &&
20305 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
20306 goto nla_put_failure;
20307
20308 nla_nest_end(msg, attr);
20309
20310 genlmsg_end(msg, hdr);
20311
20312 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20313 NL80211_MCGRP_MLME, gfp);
20314 return;
20315
20316 nla_put_failure:
20317 nlmsg_free(msg);
20318 }
20319
cfg80211_pmksa_candidate_notify(struct net_device * dev,int index,const u8 * bssid,bool preauth,gfp_t gfp)20320 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
20321 const u8 *bssid, bool preauth, gfp_t gfp)
20322 {
20323 struct wireless_dev *wdev = dev->ieee80211_ptr;
20324 struct wiphy *wiphy = wdev->wiphy;
20325 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20326
20327 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
20328 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
20329 }
20330 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
20331
nl80211_ch_switch_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,unsigned int link_id,struct cfg80211_chan_def * chandef,gfp_t gfp,enum nl80211_commands notif,u8 count,bool quiet)20332 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
20333 struct net_device *netdev,
20334 unsigned int link_id,
20335 struct cfg80211_chan_def *chandef,
20336 gfp_t gfp,
20337 enum nl80211_commands notif,
20338 u8 count, bool quiet)
20339 {
20340 struct wireless_dev *wdev = netdev->ieee80211_ptr;
20341 struct sk_buff *msg;
20342 void *hdr;
20343
20344 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20345 if (!msg)
20346 return;
20347
20348 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
20349 if (!hdr) {
20350 nlmsg_free(msg);
20351 return;
20352 }
20353
20354 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
20355 goto nla_put_failure;
20356
20357 if (wdev->valid_links &&
20358 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
20359 goto nla_put_failure;
20360
20361 if (nl80211_send_chandef(msg, chandef))
20362 goto nla_put_failure;
20363
20364 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
20365 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
20366 goto nla_put_failure;
20367 if (quiet &&
20368 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
20369 goto nla_put_failure;
20370 }
20371
20372 genlmsg_end(msg, hdr);
20373
20374 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20375 NL80211_MCGRP_MLME, gfp);
20376 return;
20377
20378 nla_put_failure:
20379 nlmsg_free(msg);
20380 }
20381
cfg80211_ch_switch_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id)20382 void cfg80211_ch_switch_notify(struct net_device *dev,
20383 struct cfg80211_chan_def *chandef,
20384 unsigned int link_id)
20385 {
20386 struct wireless_dev *wdev = dev->ieee80211_ptr;
20387 struct wiphy *wiphy = wdev->wiphy;
20388 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20389
20390 lockdep_assert_wiphy(wdev->wiphy);
20391 WARN_INVALID_LINK_ID(wdev, link_id);
20392
20393 trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
20394
20395 switch (wdev->iftype) {
20396 case NL80211_IFTYPE_STATION:
20397 case NL80211_IFTYPE_P2P_CLIENT:
20398 if (!WARN_ON(!wdev->links[link_id].client.current_bss))
20399 cfg80211_update_assoc_bss_entry(wdev, link_id,
20400 chandef->chan);
20401 break;
20402 case NL80211_IFTYPE_MESH_POINT:
20403 wdev->u.mesh.chandef = *chandef;
20404 wdev->u.mesh.preset_chandef = *chandef;
20405 break;
20406 case NL80211_IFTYPE_AP:
20407 case NL80211_IFTYPE_P2P_GO:
20408 wdev->links[link_id].ap.chandef = *chandef;
20409 break;
20410 case NL80211_IFTYPE_ADHOC:
20411 wdev->u.ibss.chandef = *chandef;
20412 break;
20413 default:
20414 WARN_ON(1);
20415 break;
20416 }
20417
20418 cfg80211_schedule_channels_check(wdev);
20419 cfg80211_sched_dfs_chan_update(rdev);
20420
20421 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
20422 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
20423 }
20424 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
20425
cfg80211_ch_switch_started_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id,u8 count,bool quiet)20426 void cfg80211_ch_switch_started_notify(struct net_device *dev,
20427 struct cfg80211_chan_def *chandef,
20428 unsigned int link_id, u8 count,
20429 bool quiet)
20430 {
20431 struct wireless_dev *wdev = dev->ieee80211_ptr;
20432 struct wiphy *wiphy = wdev->wiphy;
20433 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20434
20435 lockdep_assert_wiphy(wdev->wiphy);
20436 WARN_INVALID_LINK_ID(wdev, link_id);
20437
20438 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
20439
20440
20441 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
20442 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
20443 count, quiet);
20444 }
20445 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
20446
cfg80211_bss_color_notify(struct net_device * dev,enum nl80211_commands cmd,u8 count,u64 color_bitmap,u8 link_id)20447 int cfg80211_bss_color_notify(struct net_device *dev,
20448 enum nl80211_commands cmd, u8 count,
20449 u64 color_bitmap, u8 link_id)
20450 {
20451 struct wireless_dev *wdev = dev->ieee80211_ptr;
20452 struct wiphy *wiphy = wdev->wiphy;
20453 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20454 struct sk_buff *msg;
20455 void *hdr;
20456
20457 lockdep_assert_wiphy(wdev->wiphy);
20458
20459 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
20460
20461 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20462 if (!msg)
20463 return -ENOMEM;
20464
20465 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
20466 if (!hdr)
20467 goto nla_put_failure;
20468
20469 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
20470 goto nla_put_failure;
20471
20472 if (wdev->valid_links &&
20473 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
20474 goto nla_put_failure;
20475
20476 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
20477 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
20478 goto nla_put_failure;
20479
20480 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
20481 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
20482 color_bitmap, NL80211_ATTR_PAD))
20483 goto nla_put_failure;
20484
20485 genlmsg_end(msg, hdr);
20486
20487 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
20488 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
20489
20490 nla_put_failure:
20491 nlmsg_free(msg);
20492 return -EINVAL;
20493 }
20494 EXPORT_SYMBOL(cfg80211_bss_color_notify);
20495
20496 void
nl80211_radar_notify(struct cfg80211_registered_device * rdev,const struct cfg80211_chan_def * chandef,enum nl80211_radar_event event,struct net_device * netdev,gfp_t gfp)20497 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
20498 const struct cfg80211_chan_def *chandef,
20499 enum nl80211_radar_event event,
20500 struct net_device *netdev, gfp_t gfp)
20501 {
20502 struct sk_buff *msg;
20503 void *hdr;
20504
20505 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20506 if (!msg)
20507 return;
20508
20509 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
20510 if (!hdr) {
20511 nlmsg_free(msg);
20512 return;
20513 }
20514
20515 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
20516 goto nla_put_failure;
20517
20518 /* NOP and radar events don't need a netdev parameter */
20519 if (netdev) {
20520 struct wireless_dev *wdev = netdev->ieee80211_ptr;
20521
20522 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20523 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20524 NL80211_ATTR_PAD))
20525 goto nla_put_failure;
20526 }
20527
20528 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
20529 goto nla_put_failure;
20530
20531 if (nl80211_send_chandef(msg, chandef))
20532 goto nla_put_failure;
20533
20534 genlmsg_end(msg, hdr);
20535
20536 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20537 NL80211_MCGRP_MLME, gfp);
20538 return;
20539
20540 nla_put_failure:
20541 nlmsg_free(msg);
20542 }
20543
cfg80211_sta_opmode_change_notify(struct net_device * dev,const u8 * mac,struct sta_opmode_info * sta_opmode,gfp_t gfp)20544 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
20545 struct sta_opmode_info *sta_opmode,
20546 gfp_t gfp)
20547 {
20548 struct sk_buff *msg;
20549 struct wireless_dev *wdev = dev->ieee80211_ptr;
20550 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20551 void *hdr;
20552
20553 if (WARN_ON(!mac))
20554 return;
20555
20556 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20557 if (!msg)
20558 return;
20559
20560 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
20561 if (!hdr) {
20562 nlmsg_free(msg);
20563 return;
20564 }
20565
20566 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
20567 goto nla_put_failure;
20568
20569 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
20570 goto nla_put_failure;
20571
20572 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
20573 goto nla_put_failure;
20574
20575 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
20576 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
20577 goto nla_put_failure;
20578
20579 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
20580 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
20581 goto nla_put_failure;
20582
20583 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
20584 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
20585 goto nla_put_failure;
20586
20587 genlmsg_end(msg, hdr);
20588
20589 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20590 NL80211_MCGRP_MLME, gfp);
20591
20592 return;
20593
20594 nla_put_failure:
20595 nlmsg_free(msg);
20596 }
20597 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
20598
cfg80211_probe_status(struct net_device * dev,const u8 * addr,u64 cookie,bool acked,s32 ack_signal,bool is_valid_ack_signal,gfp_t gfp)20599 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
20600 u64 cookie, bool acked, s32 ack_signal,
20601 bool is_valid_ack_signal, gfp_t gfp)
20602 {
20603 struct wireless_dev *wdev = dev->ieee80211_ptr;
20604 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20605 struct sk_buff *msg;
20606 void *hdr;
20607
20608 trace_cfg80211_probe_status(dev, addr, cookie, acked);
20609
20610 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20611
20612 if (!msg)
20613 return;
20614
20615 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
20616 if (!hdr) {
20617 nlmsg_free(msg);
20618 return;
20619 }
20620
20621 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20622 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20623 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
20624 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
20625 NL80211_ATTR_PAD) ||
20626 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
20627 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
20628 ack_signal)))
20629 goto nla_put_failure;
20630
20631 genlmsg_end(msg, hdr);
20632
20633 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20634 NL80211_MCGRP_MLME, gfp);
20635 return;
20636
20637 nla_put_failure:
20638 nlmsg_free(msg);
20639 }
20640 EXPORT_SYMBOL(cfg80211_probe_status);
20641
cfg80211_report_obss_beacon_khz(struct wiphy * wiphy,const u8 * frame,size_t len,int freq,int sig_dbm)20642 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
20643 size_t len, int freq, int sig_dbm)
20644 {
20645 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20646 struct sk_buff *msg;
20647 void *hdr;
20648 struct cfg80211_beacon_registration *reg;
20649
20650 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
20651
20652 spin_lock_bh(&rdev->beacon_registrations_lock);
20653 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
20654 msg = nlmsg_new(len + 100, GFP_ATOMIC);
20655 if (!msg) {
20656 spin_unlock_bh(&rdev->beacon_registrations_lock);
20657 return;
20658 }
20659
20660 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
20661 if (!hdr)
20662 goto nla_put_failure;
20663
20664 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20665 (freq &&
20666 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
20667 KHZ_TO_MHZ(freq)) ||
20668 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
20669 freq % 1000))) ||
20670 (sig_dbm &&
20671 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
20672 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
20673 goto nla_put_failure;
20674
20675 genlmsg_end(msg, hdr);
20676
20677 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
20678 }
20679 spin_unlock_bh(&rdev->beacon_registrations_lock);
20680 return;
20681
20682 nla_put_failure:
20683 spin_unlock_bh(&rdev->beacon_registrations_lock);
20684 nlmsg_free(msg);
20685 }
20686 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
20687
20688 #ifdef CONFIG_PM
cfg80211_net_detect_results(struct sk_buff * msg,struct cfg80211_wowlan_wakeup * wakeup)20689 static int cfg80211_net_detect_results(struct sk_buff *msg,
20690 struct cfg80211_wowlan_wakeup *wakeup)
20691 {
20692 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
20693 struct nlattr *nl_results, *nl_match, *nl_freqs;
20694 int i, j;
20695
20696 nl_results = nla_nest_start_noflag(msg,
20697 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
20698 if (!nl_results)
20699 return -EMSGSIZE;
20700
20701 for (i = 0; i < nd->n_matches; i++) {
20702 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
20703
20704 nl_match = nla_nest_start_noflag(msg, i);
20705 if (!nl_match)
20706 break;
20707
20708 /* The SSID attribute is optional in nl80211, but for
20709 * simplicity reasons it's always present in the
20710 * cfg80211 structure. If a driver can't pass the
20711 * SSID, that needs to be changed. A zero length SSID
20712 * is still a valid SSID (wildcard), so it cannot be
20713 * used for this purpose.
20714 */
20715 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
20716 match->ssid.ssid)) {
20717 nla_nest_cancel(msg, nl_match);
20718 goto out;
20719 }
20720
20721 if (match->n_channels) {
20722 nl_freqs = nla_nest_start_noflag(msg,
20723 NL80211_ATTR_SCAN_FREQUENCIES);
20724 if (!nl_freqs) {
20725 nla_nest_cancel(msg, nl_match);
20726 goto out;
20727 }
20728
20729 for (j = 0; j < match->n_channels; j++) {
20730 if (nla_put_u32(msg, j, match->channels[j])) {
20731 nla_nest_cancel(msg, nl_freqs);
20732 nla_nest_cancel(msg, nl_match);
20733 goto out;
20734 }
20735 }
20736
20737 nla_nest_end(msg, nl_freqs);
20738 }
20739
20740 nla_nest_end(msg, nl_match);
20741 }
20742
20743 out:
20744 nla_nest_end(msg, nl_results);
20745 return 0;
20746 }
20747
cfg80211_report_wowlan_wakeup(struct wireless_dev * wdev,struct cfg80211_wowlan_wakeup * wakeup,gfp_t gfp)20748 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
20749 struct cfg80211_wowlan_wakeup *wakeup,
20750 gfp_t gfp)
20751 {
20752 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20753 struct sk_buff *msg;
20754 void *hdr;
20755 int size = 200;
20756
20757 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
20758
20759 if (wakeup)
20760 size += wakeup->packet_present_len;
20761
20762 msg = nlmsg_new(size, gfp);
20763 if (!msg)
20764 return;
20765
20766 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
20767 if (!hdr)
20768 goto free_msg;
20769
20770 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20771 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20772 NL80211_ATTR_PAD))
20773 goto free_msg;
20774
20775 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
20776 wdev->netdev->ifindex))
20777 goto free_msg;
20778
20779 if (wakeup) {
20780 struct nlattr *reasons;
20781
20782 reasons = nla_nest_start_noflag(msg,
20783 NL80211_ATTR_WOWLAN_TRIGGERS);
20784 if (!reasons)
20785 goto free_msg;
20786
20787 if (wakeup->disconnect &&
20788 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
20789 goto free_msg;
20790 if (wakeup->magic_pkt &&
20791 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
20792 goto free_msg;
20793 if (wakeup->gtk_rekey_failure &&
20794 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
20795 goto free_msg;
20796 if (wakeup->eap_identity_req &&
20797 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
20798 goto free_msg;
20799 if (wakeup->four_way_handshake &&
20800 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
20801 goto free_msg;
20802 if (wakeup->rfkill_release &&
20803 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
20804 goto free_msg;
20805
20806 if (wakeup->pattern_idx >= 0 &&
20807 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
20808 wakeup->pattern_idx))
20809 goto free_msg;
20810
20811 if (wakeup->tcp_match &&
20812 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
20813 goto free_msg;
20814
20815 if (wakeup->tcp_connlost &&
20816 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
20817 goto free_msg;
20818
20819 if (wakeup->tcp_nomoretokens &&
20820 nla_put_flag(msg,
20821 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
20822 goto free_msg;
20823
20824 if (wakeup->unprot_deauth_disassoc &&
20825 nla_put_flag(msg,
20826 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
20827 goto free_msg;
20828
20829 if (wakeup->packet) {
20830 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
20831 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
20832
20833 if (!wakeup->packet_80211) {
20834 pkt_attr =
20835 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
20836 len_attr =
20837 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
20838 }
20839
20840 if (wakeup->packet_len &&
20841 nla_put_u32(msg, len_attr, wakeup->packet_len))
20842 goto free_msg;
20843
20844 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
20845 wakeup->packet))
20846 goto free_msg;
20847 }
20848
20849 if (wakeup->net_detect &&
20850 cfg80211_net_detect_results(msg, wakeup))
20851 goto free_msg;
20852
20853 nla_nest_end(msg, reasons);
20854 }
20855
20856 genlmsg_end(msg, hdr);
20857
20858 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20859 NL80211_MCGRP_MLME, gfp);
20860 return;
20861
20862 free_msg:
20863 nlmsg_free(msg);
20864 }
20865 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
20866 #endif
20867
cfg80211_tdls_oper_request(struct net_device * dev,const u8 * peer,enum nl80211_tdls_operation oper,u16 reason_code,gfp_t gfp)20868 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
20869 enum nl80211_tdls_operation oper,
20870 u16 reason_code, gfp_t gfp)
20871 {
20872 struct wireless_dev *wdev = dev->ieee80211_ptr;
20873 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20874 struct sk_buff *msg;
20875 void *hdr;
20876
20877 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
20878 reason_code);
20879
20880 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20881 if (!msg)
20882 return;
20883
20884 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
20885 if (!hdr) {
20886 nlmsg_free(msg);
20887 return;
20888 }
20889
20890 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20891 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20892 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
20893 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
20894 (reason_code > 0 &&
20895 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
20896 goto nla_put_failure;
20897
20898 genlmsg_end(msg, hdr);
20899
20900 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20901 NL80211_MCGRP_MLME, gfp);
20902 return;
20903
20904 nla_put_failure:
20905 nlmsg_free(msg);
20906 }
20907 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
20908
nl80211_netlink_notify(struct notifier_block * nb,unsigned long state,void * _notify)20909 static int nl80211_netlink_notify(struct notifier_block * nb,
20910 unsigned long state,
20911 void *_notify)
20912 {
20913 struct netlink_notify *notify = _notify;
20914 struct cfg80211_registered_device *rdev;
20915 struct wireless_dev *wdev;
20916 struct cfg80211_beacon_registration *reg, *tmp;
20917
20918 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
20919 return NOTIFY_DONE;
20920
20921 rcu_read_lock();
20922
20923 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
20924 struct cfg80211_sched_scan_request *sched_scan_req;
20925
20926 list_for_each_entry_rcu(sched_scan_req,
20927 &rdev->sched_scan_req_list,
20928 list) {
20929 if (sched_scan_req->owner_nlportid == notify->portid) {
20930 sched_scan_req->nl_owner_dead = true;
20931 wiphy_work_queue(&rdev->wiphy,
20932 &rdev->sched_scan_stop_wk);
20933 }
20934 }
20935
20936 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
20937 cfg80211_mlme_unregister_socket(wdev, notify->portid);
20938
20939 if (wdev->owner_nlportid == notify->portid) {
20940 wdev->nl_owner_dead = true;
20941 schedule_work(&rdev->destroy_work);
20942 } else if (wdev->conn_owner_nlportid == notify->portid) {
20943 schedule_work(&wdev->disconnect_wk);
20944 }
20945
20946 cfg80211_release_pmsr(wdev, notify->portid);
20947 }
20948
20949 spin_lock_bh(&rdev->beacon_registrations_lock);
20950 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
20951 list) {
20952 if (reg->nlportid == notify->portid) {
20953 list_del(®->list);
20954 kfree(reg);
20955 break;
20956 }
20957 }
20958 spin_unlock_bh(&rdev->beacon_registrations_lock);
20959 }
20960
20961 rcu_read_unlock();
20962
20963 /*
20964 * It is possible that the user space process that is controlling the
20965 * indoor setting disappeared, so notify the regulatory core.
20966 */
20967 regulatory_netlink_notify(notify->portid);
20968 return NOTIFY_OK;
20969 }
20970
20971 static struct notifier_block nl80211_netlink_notifier = {
20972 .notifier_call = nl80211_netlink_notify,
20973 };
20974
cfg80211_ft_event(struct net_device * netdev,struct cfg80211_ft_event_params * ft_event)20975 void cfg80211_ft_event(struct net_device *netdev,
20976 struct cfg80211_ft_event_params *ft_event)
20977 {
20978 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20979 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20980 struct sk_buff *msg;
20981 void *hdr;
20982
20983 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
20984
20985 if (!ft_event->target_ap)
20986 return;
20987
20988 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
20989 GFP_KERNEL);
20990 if (!msg)
20991 return;
20992
20993 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
20994 if (!hdr)
20995 goto out;
20996
20997 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20998 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20999 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
21000 goto out;
21001
21002 if (ft_event->ies &&
21003 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
21004 goto out;
21005 if (ft_event->ric_ies &&
21006 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
21007 ft_event->ric_ies))
21008 goto out;
21009
21010 genlmsg_end(msg, hdr);
21011
21012 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21013 NL80211_MCGRP_MLME, GFP_KERNEL);
21014 return;
21015 out:
21016 nlmsg_free(msg);
21017 }
21018 EXPORT_SYMBOL(cfg80211_ft_event);
21019
cfg80211_crit_proto_stopped(struct wireless_dev * wdev,gfp_t gfp)21020 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
21021 {
21022 struct cfg80211_registered_device *rdev;
21023 struct sk_buff *msg;
21024 void *hdr;
21025 u32 nlportid;
21026
21027 rdev = wiphy_to_rdev(wdev->wiphy);
21028 if (!rdev->crit_proto_nlportid)
21029 return;
21030
21031 nlportid = rdev->crit_proto_nlportid;
21032 rdev->crit_proto_nlportid = 0;
21033
21034 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21035 if (!msg)
21036 return;
21037
21038 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
21039 if (!hdr)
21040 goto nla_put_failure;
21041
21042 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21043 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21044 NL80211_ATTR_PAD))
21045 goto nla_put_failure;
21046
21047 genlmsg_end(msg, hdr);
21048
21049 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21050 return;
21051
21052 nla_put_failure:
21053 nlmsg_free(msg);
21054 }
21055 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
21056
nl80211_send_ap_stopped(struct wireless_dev * wdev,unsigned int link_id)21057 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
21058 {
21059 struct wiphy *wiphy = wdev->wiphy;
21060 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21061 struct sk_buff *msg;
21062 void *hdr;
21063
21064 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21065 if (!msg)
21066 return;
21067
21068 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
21069 if (!hdr)
21070 goto out;
21071
21072 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21073 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
21074 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21075 NL80211_ATTR_PAD) ||
21076 (wdev->valid_links &&
21077 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
21078 goto out;
21079
21080 genlmsg_end(msg, hdr);
21081
21082 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
21083 NL80211_MCGRP_MLME, GFP_KERNEL);
21084 return;
21085 out:
21086 nlmsg_free(msg);
21087 }
21088
cfg80211_external_auth_request(struct net_device * dev,struct cfg80211_external_auth_params * params,gfp_t gfp)21089 int cfg80211_external_auth_request(struct net_device *dev,
21090 struct cfg80211_external_auth_params *params,
21091 gfp_t gfp)
21092 {
21093 struct wireless_dev *wdev = dev->ieee80211_ptr;
21094 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21095 struct sk_buff *msg;
21096 void *hdr;
21097
21098 if (!wdev->conn_owner_nlportid)
21099 return -EINVAL;
21100
21101 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21102 if (!msg)
21103 return -ENOMEM;
21104
21105 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
21106 if (!hdr)
21107 goto nla_put_failure;
21108
21109 /* Some historical mistakes in drivers <-> userspace interface (notably
21110 * between drivers and wpa_supplicant) led to a big-endian conversion
21111 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
21112 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
21113 * benefit of older wpa_supplicant versions, send this particular value
21114 * in big-endian. Note that newer wpa_supplicant will also detect this
21115 * particular value in big endian still, so it all continues to work.
21116 */
21117 if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
21118 if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
21119 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
21120 goto nla_put_failure;
21121 } else {
21122 if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
21123 params->key_mgmt_suite))
21124 goto nla_put_failure;
21125 }
21126
21127 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21128 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21129 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
21130 params->action) ||
21131 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
21132 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
21133 params->ssid.ssid) ||
21134 (!is_zero_ether_addr(params->mld_addr) &&
21135 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
21136 goto nla_put_failure;
21137
21138 genlmsg_end(msg, hdr);
21139 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
21140 wdev->conn_owner_nlportid);
21141 return 0;
21142
21143 nla_put_failure:
21144 nlmsg_free(msg);
21145 return -ENOBUFS;
21146 }
21147 EXPORT_SYMBOL(cfg80211_external_auth_request);
21148
cfg80211_update_owe_info_event(struct net_device * netdev,struct cfg80211_update_owe_info * owe_info,gfp_t gfp)21149 void cfg80211_update_owe_info_event(struct net_device *netdev,
21150 struct cfg80211_update_owe_info *owe_info,
21151 gfp_t gfp)
21152 {
21153 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
21154 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21155 struct sk_buff *msg;
21156 void *hdr;
21157
21158 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
21159
21160 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21161 if (!msg)
21162 return;
21163
21164 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
21165 if (!hdr)
21166 goto nla_put_failure;
21167
21168 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21169 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21170 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
21171 goto nla_put_failure;
21172
21173 if (!owe_info->ie_len ||
21174 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
21175 goto nla_put_failure;
21176
21177 if (owe_info->assoc_link_id != -1) {
21178 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
21179 owe_info->assoc_link_id))
21180 goto nla_put_failure;
21181
21182 if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
21183 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
21184 owe_info->peer_mld_addr))
21185 goto nla_put_failure;
21186 }
21187
21188 genlmsg_end(msg, hdr);
21189
21190 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21191 NL80211_MCGRP_MLME, gfp);
21192 return;
21193
21194 nla_put_failure:
21195 genlmsg_cancel(msg, hdr);
21196 nlmsg_free(msg);
21197 }
21198 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
21199
cfg80211_schedule_channels_check(struct wireless_dev * wdev)21200 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
21201 {
21202 struct wiphy *wiphy = wdev->wiphy;
21203
21204 /* Schedule channels check if NO_IR or DFS relaxations are supported */
21205 if (wdev->iftype == NL80211_IFTYPE_STATION &&
21206 (wiphy_ext_feature_isset(wiphy,
21207 NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
21208 (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
21209 wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
21210 reg_check_channels();
21211 }
21212 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
21213
cfg80211_epcs_changed(struct net_device * netdev,bool enabled)21214 void cfg80211_epcs_changed(struct net_device *netdev, bool enabled)
21215 {
21216 struct wireless_dev *wdev = netdev->ieee80211_ptr;
21217 struct wiphy *wiphy = wdev->wiphy;
21218 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21219 struct sk_buff *msg;
21220 void *hdr;
21221
21222 trace_cfg80211_epcs_changed(wdev, enabled);
21223
21224 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21225 if (!msg)
21226 return;
21227
21228 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EPCS_CFG);
21229 if (!hdr) {
21230 nlmsg_free(msg);
21231 return;
21232 }
21233
21234 if (enabled && nla_put_flag(msg, NL80211_ATTR_EPCS))
21235 goto nla_put_failure;
21236
21237 genlmsg_end(msg, hdr);
21238 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21239 NL80211_MCGRP_MLME, GFP_KERNEL);
21240 return;
21241
21242 nla_put_failure:
21243 nlmsg_free(msg);
21244 }
21245 EXPORT_SYMBOL(cfg80211_epcs_changed);
21246
21247 /* initialisation/exit functions */
21248
nl80211_init(void)21249 int __init nl80211_init(void)
21250 {
21251 int err;
21252
21253 err = genl_register_family(&nl80211_fam);
21254 if (err)
21255 return err;
21256
21257 err = netlink_register_notifier(&nl80211_netlink_notifier);
21258 if (err)
21259 goto err_out;
21260
21261 return 0;
21262 err_out:
21263 genl_unregister_family(&nl80211_fam);
21264 return err;
21265 }
21266
nl80211_exit(void)21267 void nl80211_exit(void)
21268 {
21269 netlink_unregister_notifier(&nl80211_netlink_notifier);
21270 genl_unregister_family(&nl80211_fam);
21271 }
21272