1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2026 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct cfg80211_registered_device * rdev,struct net * netns,struct nlattr ** attrs)67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69 {
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 for_each_rdev(rdev) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137 }
138
139 static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net * netns,struct nlattr ** attrs)140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141 {
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163 /* make sure wdev exists */
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191 /* not wireless device -- return error */
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195 /* mismatch -- return error */
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210 }
211
212 /*
213 * This function returns a pointer to the driver
214 * that the genl_info item that is passed refers to.
215 *
216 * The result of this can be a PTR_ERR and hence must
217 * be checked with IS_ERR() for errors.
218 */
219 static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net * netns,struct genl_info * info)220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221 {
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223 }
224
validate_beacon_head(const struct nlattr * attr,struct netlink_ext_ack * extack)225 static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227 {
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 const struct ieee80211_ext *ext;
233 unsigned int fixedlen, hdrlen;
234 bool s1g_bcn;
235
236 if (len < offsetofend(typeof(*mgmt), frame_control))
237 goto err;
238
239 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
240 if (s1g_bcn) {
241 ext = (struct ieee80211_ext *)mgmt;
242 fixedlen =
243 offsetof(struct ieee80211_ext, u.s1g_beacon.variable) +
244 ieee80211_s1g_optional_len(ext->frame_control);
245 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
246 } else {
247 fixedlen = offsetof(struct ieee80211_mgmt,
248 u.beacon.variable);
249 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
250 }
251
252 if (len < fixedlen)
253 goto err;
254
255 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
256 goto err;
257
258 data += fixedlen;
259 len -= fixedlen;
260
261 for_each_element(elem, data, len) {
262 /* nothing */
263 }
264
265 if (for_each_element_completed(elem, data, len))
266 return 0;
267
268 err:
269 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
270 return -EINVAL;
271 }
272
validate_ie_attr(const struct nlattr * attr,struct netlink_ext_ack * extack)273 static int validate_ie_attr(const struct nlattr *attr,
274 struct netlink_ext_ack *extack)
275 {
276 const u8 *data = nla_data(attr);
277 unsigned int len = nla_len(attr);
278 const struct element *elem;
279
280 for_each_element(elem, data, len) {
281 /* nothing */
282 }
283
284 if (for_each_element_completed(elem, data, len))
285 return 0;
286
287 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
288 return -EINVAL;
289 }
290
validate_he_capa(const struct nlattr * attr,struct netlink_ext_ack * extack)291 static int validate_he_capa(const struct nlattr *attr,
292 struct netlink_ext_ack *extack)
293 {
294 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
295 return -EINVAL;
296
297 return 0;
298 }
299
validate_supported_selectors(const struct nlattr * attr,struct netlink_ext_ack * extack)300 static int validate_supported_selectors(const struct nlattr *attr,
301 struct netlink_ext_ack *extack)
302 {
303 const u8 *supported_selectors = nla_data(attr);
304 u8 supported_selectors_len = nla_len(attr);
305
306 /* The top bit must not be set as it is not part of the selector */
307 for (int i = 0; i < supported_selectors_len; i++) {
308 if (supported_selectors[i] & 0x80)
309 return -EINVAL;
310 }
311
312 return 0;
313 }
314
validate_nan_cluster_id(const struct nlattr * attr,struct netlink_ext_ack * extack)315 static int validate_nan_cluster_id(const struct nlattr *attr,
316 struct netlink_ext_ack *extack)
317 {
318 const u8 *data = nla_data(attr);
319 unsigned int len = nla_len(attr);
320 static const u8 cluster_id_prefix[4] = {0x50, 0x6f, 0x9a, 0x1};
321
322 if (len != ETH_ALEN) {
323 NL_SET_ERR_MSG_ATTR(extack, attr, "bad cluster id length");
324 return -EINVAL;
325 }
326
327 if (memcmp(data, cluster_id_prefix, sizeof(cluster_id_prefix))) {
328 NL_SET_ERR_MSG_ATTR(extack, attr, "invalid cluster id prefix");
329 return -EINVAL;
330 }
331
332 return 0;
333 }
334
validate_uhr_capa(const struct nlattr * attr,struct netlink_ext_ack * extack)335 static int validate_uhr_capa(const struct nlattr *attr,
336 struct netlink_ext_ack *extack)
337 {
338 const u8 *data = nla_data(attr);
339 unsigned int len = nla_len(attr);
340
341 return ieee80211_uhr_capa_size_ok(data, len, false);
342 }
343
344 /* policy for the attributes */
345 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
346
347 static const struct nla_policy
348 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
349 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
350 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
351 .len = U8_MAX },
352 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
353 .len = U8_MAX },
354 };
355
356 static const struct nla_policy
357 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
358 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
359 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
360 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
361 NLA_POLICY_MAX(NLA_U8, 15),
362 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
363 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
364 NLA_POLICY_MAX(NLA_U8, 15),
365 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 },
366 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
367 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
368 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
369 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
370 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
371 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
372 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
373 [NL80211_PMSR_FTM_REQ_ATTR_RSTA] = { .type = NLA_FLAG },
374 };
375
376 static const struct nla_policy
377 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
378 [NL80211_PMSR_TYPE_FTM] =
379 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
380 };
381
382 static const struct nla_policy
383 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
384 [NL80211_PMSR_REQ_ATTR_DATA] =
385 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
386 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
387 };
388
389 static const struct nla_policy
390 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
391 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
392 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
393 [NL80211_PMSR_PEER_ATTR_REQ] =
394 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
395 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
396 };
397
398 static const struct nla_policy
399 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
400 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
401 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
402 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
403 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
404 [NL80211_PMSR_ATTR_PEERS] =
405 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
406 };
407
408 static const struct nla_policy
409 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
410 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
411 NLA_POLICY_RANGE(NLA_U8, 1, 20),
412 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
413 NLA_POLICY_RANGE(NLA_U8, 1, 20),
414 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
415 NLA_POLICY_RANGE(NLA_U8, 1, 20),
416 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
417 NLA_POLICY_EXACT_LEN(8),
418 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
419 NLA_POLICY_EXACT_LEN(8),
420 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
421 };
422
423 static const struct nla_policy
424 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
425 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
426 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
427 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
428 };
429
430 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
431 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
432 .len = NL80211_MAX_SUPP_RATES },
433 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
434 .len = NL80211_MAX_SUPP_HT_RATES },
435 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
436 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
437 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
438 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
439 NL80211_RATE_INFO_HE_GI_0_8,
440 NL80211_RATE_INFO_HE_GI_3_2),
441 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
442 NL80211_RATE_INFO_HE_1XLTF,
443 NL80211_RATE_INFO_HE_4XLTF),
444 [NL80211_TXRATE_EHT] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_eht)),
445 [NL80211_TXRATE_EHT_GI] = NLA_POLICY_RANGE(NLA_U8,
446 NL80211_RATE_INFO_EHT_GI_0_8,
447 NL80211_RATE_INFO_EHT_GI_3_2),
448 [NL80211_TXRATE_EHT_LTF] = NLA_POLICY_RANGE(NLA_U8,
449 NL80211_RATE_INFO_EHT_1XLTF,
450 NL80211_RATE_INFO_EHT_8XLTF),
451
452 };
453
454 static const struct nla_policy
455 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
456 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
457 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
458 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
459 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
460 [NL80211_TID_CONFIG_ATTR_NOACK] =
461 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
462 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
463 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
464 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
465 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
466 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
467 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
468 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
469 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
470 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
471 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
472 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
473 NLA_POLICY_NESTED(nl80211_txattr_policy),
474 };
475
476 static const struct nla_policy
477 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
478 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
479 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
480 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
481 NLA_POLICY_RANGE(NLA_BINARY,
482 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
483 IEEE80211_MAX_DATA_LEN),
484 };
485
486 static const struct nla_policy
487 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
488 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
489 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
490 .len = IEEE80211_MAX_DATA_LEN }
491 };
492
493 static const struct nla_policy
494 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
495 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
496 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
497 };
498
499 static const struct nla_policy
500 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
501 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
502 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
503 };
504
505 static const struct nla_policy
506 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
507 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
508 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
509 NLA_POLICY_MIN(NLA_U8, 1),
510 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
511 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
512 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
513 [NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID] =
514 NLA_POLICY_MAX(NLA_U8, IEEE80211_MLD_MAX_NUM_LINKS),
515 };
516
517 static const struct nla_policy
518 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
519 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
520 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
521 };
522
523 static const struct nla_policy
524 nl80211_s1g_short_beacon[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1] = {
525 [NL80211_S1G_SHORT_BEACON_ATTR_HEAD] =
526 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
527 IEEE80211_MAX_DATA_LEN),
528 [NL80211_S1G_SHORT_BEACON_ATTR_TAIL] =
529 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
530 IEEE80211_MAX_DATA_LEN),
531 };
532
533 static const struct nla_policy
534 nl80211_nan_band_conf_policy[NL80211_NAN_BAND_CONF_ATTR_MAX + 1] = {
535 [NL80211_NAN_BAND_CONF_BAND] = NLA_POLICY_MAX(NLA_U8,
536 NUM_NL80211_BANDS - 1),
537 [NL80211_NAN_BAND_CONF_FREQ] = { .type = NLA_U16 },
538 [NL80211_NAN_BAND_CONF_RSSI_CLOSE] = NLA_POLICY_MIN(NLA_S8, -59),
539 [NL80211_NAN_BAND_CONF_RSSI_MIDDLE] = NLA_POLICY_MIN(NLA_S8, -74),
540 [NL80211_NAN_BAND_CONF_WAKE_DW] = NLA_POLICY_MAX(NLA_U8, 5),
541 [NL80211_NAN_BAND_CONF_DISABLE_SCAN] = { .type = NLA_FLAG },
542 };
543
544 static const struct nla_policy
545 nl80211_nan_conf_policy[NL80211_NAN_CONF_ATTR_MAX + 1] = {
546 [NL80211_NAN_CONF_CLUSTER_ID] =
547 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_nan_cluster_id,
548 ETH_ALEN),
549 [NL80211_NAN_CONF_EXTRA_ATTRS] = { .type = NLA_BINARY,
550 .len = IEEE80211_MAX_DATA_LEN},
551 [NL80211_NAN_CONF_VENDOR_ELEMS] =
552 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
553 IEEE80211_MAX_DATA_LEN),
554 [NL80211_NAN_CONF_BAND_CONFIGS] =
555 NLA_POLICY_NESTED_ARRAY(nl80211_nan_band_conf_policy),
556 [NL80211_NAN_CONF_SCAN_PERIOD] = { .type = NLA_U16 },
557 [NL80211_NAN_CONF_SCAN_DWELL_TIME] = NLA_POLICY_RANGE(NLA_U16, 50, 512),
558 [NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL] =
559 NLA_POLICY_RANGE(NLA_U8, 50, 200),
560 [NL80211_NAN_CONF_NOTIFY_DW] = { .type = NLA_FLAG },
561 };
562
563 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
564 .min = 0,
565 .max = 0xffff,
566 };
567
568 static const struct netlink_range_validation q_range = {
569 .max = INT_MAX,
570 };
571
572 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
573 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
574 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
575 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
576 .len = 20-1 },
577 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
578
579 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
580 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
581 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
582 NL80211_EDMG_CHANNELS_MIN,
583 NL80211_EDMG_CHANNELS_MAX),
584 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
585 NL80211_EDMG_BW_CONFIG_MIN,
586 NL80211_EDMG_BW_CONFIG_MAX),
587
588 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
589 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
590 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
591 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
592
593 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
594 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
595 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
596 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
597 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
598 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
599
600 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
601 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
602 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
603
604 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
605 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
606
607 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
608 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
609 .len = WLAN_MAX_KEY_LEN },
610 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
611 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
612 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
613 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
614 [NL80211_ATTR_KEY_TYPE] =
615 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
616
617 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
618 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
619 [NL80211_ATTR_BEACON_HEAD] =
620 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
621 IEEE80211_MAX_DATA_LEN),
622 [NL80211_ATTR_BEACON_TAIL] =
623 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
624 IEEE80211_MAX_DATA_LEN),
625 [NL80211_ATTR_STA_AID] =
626 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
627 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
628 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
629 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
630 .len = NL80211_MAX_SUPP_RATES },
631 [NL80211_ATTR_STA_PLINK_ACTION] =
632 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
633 [NL80211_ATTR_STA_TX_POWER_SETTING] =
634 NLA_POLICY_RANGE(NLA_U8,
635 NL80211_TX_POWER_AUTOMATIC,
636 NL80211_TX_POWER_FIXED),
637 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
638 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
639 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
640 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
641 .len = IEEE80211_MAX_MESH_ID_LEN },
642 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
643
644 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
645 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
646 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
647
648 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
649 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
650 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
651 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
652 .len = NL80211_MAX_SUPP_RATES },
653 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
654
655 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
656 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
657
658 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
659
660 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
661 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
662 validate_ie_attr,
663 IEEE80211_MAX_DATA_LEN),
664 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
665 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
666
667 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
668 .len = IEEE80211_MAX_SSID_LEN },
669 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
670 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
671 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
672 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
673 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
674 NL80211_MFP_NO,
675 NL80211_MFP_OPTIONAL),
676 [NL80211_ATTR_STA_FLAGS2] =
677 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
678 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
679 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
680 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
681 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
682 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
683 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
684 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
685 [NL80211_ATTR_WPA_VERSIONS] =
686 NLA_POLICY_RANGE(NLA_U32, 0,
687 NL80211_WPA_VERSION_1 |
688 NL80211_WPA_VERSION_2 |
689 NL80211_WPA_VERSION_3),
690 [NL80211_ATTR_PID] = { .type = NLA_U32 },
691 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
692 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
693 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
694 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
695 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
696 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
697 .len = IEEE80211_MAX_DATA_LEN },
698 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
699 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
700 NL80211_PS_DISABLED,
701 NL80211_PS_ENABLED),
702 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
703 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
704 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
705 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
706 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
707 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
708 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
709 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
710 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
711 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
712 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
713 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
714 [NL80211_ATTR_STA_PLINK_STATE] =
715 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
716 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
717 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
718 [NL80211_ATTR_MESH_PEER_AID] =
719 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
720 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
721 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
722 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
723 [NL80211_ATTR_HIDDEN_SSID] =
724 NLA_POLICY_RANGE(NLA_U32,
725 NL80211_HIDDEN_SSID_NOT_IN_USE,
726 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
727 [NL80211_ATTR_IE_PROBE_RESP] =
728 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
729 IEEE80211_MAX_DATA_LEN),
730 [NL80211_ATTR_IE_ASSOC_RESP] =
731 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
732 IEEE80211_MAX_DATA_LEN),
733 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
734 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
735 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
736 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
737 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
738 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
739 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
740 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
741 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
742 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
743 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
744 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
745 .len = IEEE80211_MAX_DATA_LEN },
746 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
747 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
748 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
749 .len = NL80211_HT_CAPABILITY_LEN
750 },
751 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
752 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
753 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
754 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
755 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
756
757 /* need to include at least Auth Transaction and Status Code */
758 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
759
760 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
761 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
762 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
763 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
764 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
765 NLA_POLICY_RANGE(NLA_U32,
766 NL80211_MESH_POWER_UNKNOWN + 1,
767 NL80211_MESH_POWER_MAX),
768 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
769 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
770 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
771 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
772 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
773 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
774 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
775 .len = NL80211_VHT_CAPABILITY_LEN,
776 },
777 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
778 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
779 .len = IEEE80211_MAX_DATA_LEN },
780 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
781 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
782 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
783 [NL80211_ATTR_PEER_AID] =
784 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
785 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
786 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
787 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
788 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
789 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
790 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
791 /*
792 * The value of the Length field of the Supported Operating
793 * Classes element is between 2 and 253.
794 */
795 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
796 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
797 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
798 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
799 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
800 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
801 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
802 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
803 IEEE80211_QOS_MAP_LEN_MIN,
804 IEEE80211_QOS_MAP_LEN_MAX),
805 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
806 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
807 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
808 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
809 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
810 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
811 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
812 [NL80211_ATTR_USER_PRIO] =
813 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
814 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
815 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
816 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
817 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
818 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
819 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
820 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
821 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
822 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
823 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
824 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
825 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
826 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
827 .len = VHT_MUMIMO_GROUPS_DATA_LEN
828 },
829 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
830 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
831 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
832 [NL80211_ATTR_NAN_CONFIG] = NLA_POLICY_NESTED(nl80211_nan_conf_policy),
833 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
834 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
835 .len = FILS_MAX_KEK_LEN },
836 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
837 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
838 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
839 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
840 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
841 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
842 },
843 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
844 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
845 .len = FILS_ERP_MAX_USERNAME_LEN },
846 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
847 .len = FILS_ERP_MAX_REALM_LEN },
848 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
849 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
850 .len = FILS_ERP_MAX_RRK_LEN },
851 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
852 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
853 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
854 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
855 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
856
857 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
858 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
859 [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
860 [NL80211_ATTR_HE_CAPABILITY] =
861 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
862 NL80211_HE_MAX_CAPABILITY_LEN),
863 [NL80211_ATTR_FTM_RESPONDER] =
864 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
865 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
866 [NL80211_ATTR_PEER_MEASUREMENTS] =
867 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
868 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
869 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
870 .len = SAE_PASSWORD_MAX_LEN },
871 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
872 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
873 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
874 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
875 [NL80211_ATTR_TID_CONFIG] =
876 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
877 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
878 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
879 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
880 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
881 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
882 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
883 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
884 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
885 [NL80211_ATTR_FILS_DISCOVERY] =
886 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
887 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
888 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
889 [NL80211_ATTR_S1G_CAPABILITY] =
890 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
891 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
892 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
893 [NL80211_ATTR_SAE_PWE] =
894 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
895 NL80211_SAE_PWE_BOTH),
896 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
897 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
898 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
899 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
900 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
901 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
902 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
903 [NL80211_ATTR_MBSSID_CONFIG] =
904 NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
905 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
906 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
907 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
908 [NL80211_ATTR_EHT_CAPABILITY] =
909 NLA_POLICY_RANGE(NLA_BINARY,
910 NL80211_EHT_MIN_CAPABILITY_LEN,
911 NL80211_EHT_MAX_CAPABILITY_LEN),
912 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
913 [NL80211_ATTR_MLO_LINKS] =
914 NLA_POLICY_NESTED_ARRAY(nl80211_policy),
915 [NL80211_ATTR_MLO_LINK_ID] =
916 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS - 1),
917 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
918 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
919 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
920 [NL80211_ATTR_EML_CAPABILITY] = { .type = NLA_U16 },
921 [NL80211_ATTR_PUNCT_BITMAP] =
922 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
923
924 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
925 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
926 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
927 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
928 [NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
929 [NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
930 [NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
931 [NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
932 [NL80211_ATTR_VIF_RADIO_MASK] = { .type = NLA_U32 },
933 [NL80211_ATTR_SUPPORTED_SELECTORS] =
934 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_supported_selectors,
935 NL80211_MAX_SUPP_SELECTORS),
936 [NL80211_ATTR_MLO_RECONF_REM_LINKS] = { .type = NLA_U16 },
937 [NL80211_ATTR_EPCS] = { .type = NLA_FLAG },
938 [NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS] = { .type = NLA_U16 },
939 [NL80211_ATTR_WIPHY_RADIO_INDEX] = { .type = NLA_U8 },
940 [NL80211_ATTR_S1G_LONG_BEACON_PERIOD] = NLA_POLICY_MIN(NLA_U8, 2),
941 [NL80211_ATTR_S1G_SHORT_BEACON] =
942 NLA_POLICY_NESTED(nl80211_s1g_short_beacon),
943 [NL80211_ATTR_BSS_PARAM] = { .type = NLA_FLAG },
944 [NL80211_ATTR_S1G_PRIMARY_2MHZ] = { .type = NLA_FLAG },
945 [NL80211_ATTR_EPP_PEER] = { .type = NLA_FLAG },
946 [NL80211_ATTR_UHR_CAPABILITY] =
947 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_uhr_capa, 255),
948 [NL80211_ATTR_DISABLE_UHR] = { .type = NLA_FLAG },
949 };
950
951 /* policy for the key attributes */
952 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
953 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
954 [NL80211_KEY_IDX] = { .type = NLA_U8 },
955 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
956 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
957 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
958 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
959 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
960 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
961 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
962 };
963
964 /* policy for the key default flags */
965 static const struct nla_policy
966 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
967 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
968 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
969 };
970
971 #ifdef CONFIG_PM
972 /* policy for WoWLAN attributes */
973 static const struct nla_policy
974 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
975 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
976 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
977 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
978 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
979 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
980 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
981 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
982 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
983 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
984 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
985 };
986
987 static const struct nla_policy
988 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
989 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
990 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
991 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
992 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
993 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
994 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
995 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
996 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
997 },
998 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
999 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
1000 },
1001 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
1002 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
1003 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
1004 };
1005 #endif /* CONFIG_PM */
1006
1007 /* policy for coalesce rule attributes */
1008 static const struct nla_policy
1009 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
1010 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
1011 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
1012 NLA_POLICY_RANGE(NLA_U32,
1013 NL80211_COALESCE_CONDITION_MATCH,
1014 NL80211_COALESCE_CONDITION_NO_MATCH),
1015 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
1016 };
1017
1018 /* policy for GTK rekey offload attributes */
1019 static const struct nla_policy
1020 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
1021 [NL80211_REKEY_DATA_KEK] = {
1022 .type = NLA_BINARY,
1023 .len = NL80211_KEK_EXT_LEN
1024 },
1025 [NL80211_REKEY_DATA_KCK] = {
1026 .type = NLA_BINARY,
1027 .len = NL80211_KCK_EXT_LEN_32
1028 },
1029 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
1030 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
1031 };
1032
1033 static const struct nla_policy
1034 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
1035 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
1036 .len = IEEE80211_MAX_SSID_LEN },
1037 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1038 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
1039 };
1040
1041 static const struct nla_policy
1042 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
1043 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
1044 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
1045 };
1046
1047 static const struct nla_policy
1048 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
1049 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
1050 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
1051 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
1052 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
1053 },
1054 };
1055
1056 /* policy for NAN function attributes */
1057 static const struct nla_policy
1058 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
1059 [NL80211_NAN_FUNC_TYPE] =
1060 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
1061 [NL80211_NAN_FUNC_SERVICE_ID] = {
1062 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
1063 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
1064 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
1065 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
1066 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
1067 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
1068 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1069 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
1070 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
1071 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
1072 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
1073 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
1074 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
1075 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
1076 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
1077 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
1078 };
1079
1080 /* policy for Service Response Filter attributes */
1081 static const struct nla_policy
1082 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
1083 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
1084 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
1085 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
1086 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
1087 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
1088 };
1089
1090 /* policy for packet pattern attributes */
1091 static const struct nla_policy
1092 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
1093 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
1094 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
1095 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
1096 };
1097
nl80211_prepare_wdev_dump(struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev,struct nlattr ** attrbuf)1098 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
1099 struct cfg80211_registered_device **rdev,
1100 struct wireless_dev **wdev,
1101 struct nlattr **attrbuf)
1102 {
1103 int err;
1104
1105 if (!cb->args[0]) {
1106 struct nlattr **attrbuf_free = NULL;
1107
1108 if (!attrbuf) {
1109 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
1110 if (!attrbuf)
1111 return -ENOMEM;
1112 attrbuf_free = attrbuf;
1113 }
1114
1115 err = nlmsg_parse_deprecated(cb->nlh,
1116 GENL_HDRLEN + nl80211_fam.hdrsize,
1117 attrbuf, nl80211_fam.maxattr,
1118 nl80211_policy, NULL);
1119 if (err) {
1120 kfree(attrbuf_free);
1121 return err;
1122 }
1123
1124 rtnl_lock();
1125 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1126 attrbuf);
1127 kfree(attrbuf_free);
1128 if (IS_ERR(*wdev)) {
1129 rtnl_unlock();
1130 return PTR_ERR(*wdev);
1131 }
1132 *rdev = wiphy_to_rdev((*wdev)->wiphy);
1133 mutex_lock(&(*rdev)->wiphy.mtx);
1134 rtnl_unlock();
1135 /* 0 is the first index - add 1 to parse only once */
1136 cb->args[0] = (*rdev)->wiphy_idx + 1;
1137 cb->args[1] = (*wdev)->identifier;
1138 } else {
1139 /* subtract the 1 again here */
1140 struct wiphy *wiphy;
1141 struct wireless_dev *tmp;
1142
1143 rtnl_lock();
1144 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1145 if (!wiphy) {
1146 rtnl_unlock();
1147 return -ENODEV;
1148 }
1149 *rdev = wiphy_to_rdev(wiphy);
1150 *wdev = NULL;
1151
1152 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1153 if (tmp->identifier == cb->args[1]) {
1154 *wdev = tmp;
1155 break;
1156 }
1157 }
1158
1159 if (!*wdev) {
1160 rtnl_unlock();
1161 return -ENODEV;
1162 }
1163 mutex_lock(&(*rdev)->wiphy.mtx);
1164 rtnl_unlock();
1165 }
1166
1167 return 0;
1168 }
1169
1170 /* message building helper */
nl80211hdr_put(struct sk_buff * skb,u32 portid,u32 seq,int flags,u8 cmd)1171 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1172 int flags, u8 cmd)
1173 {
1174 /* since there is no private header just add the generic one */
1175 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1176 }
1177
nl80211_msg_put_wmm_rules(struct sk_buff * msg,const struct ieee80211_reg_rule * rule)1178 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1179 const struct ieee80211_reg_rule *rule)
1180 {
1181 int j;
1182 struct nlattr *nl_wmm_rules =
1183 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1184
1185 if (!nl_wmm_rules)
1186 goto nla_put_failure;
1187
1188 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1189 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1190
1191 if (!nl_wmm_rule)
1192 goto nla_put_failure;
1193
1194 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1195 rule->wmm_rule.client[j].cw_min) ||
1196 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1197 rule->wmm_rule.client[j].cw_max) ||
1198 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1199 rule->wmm_rule.client[j].aifsn) ||
1200 nla_put_u16(msg, NL80211_WMMR_TXOP,
1201 rule->wmm_rule.client[j].cot))
1202 goto nla_put_failure;
1203
1204 nla_nest_end(msg, nl_wmm_rule);
1205 }
1206 nla_nest_end(msg, nl_wmm_rules);
1207
1208 return 0;
1209
1210 nla_put_failure:
1211 return -ENOBUFS;
1212 }
1213
nl80211_msg_put_channel(struct sk_buff * msg,struct wiphy * wiphy,struct ieee80211_channel * chan,bool large)1214 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1215 struct ieee80211_channel *chan,
1216 bool large)
1217 {
1218 /* Some channels must be completely excluded from the
1219 * list to protect old user-space tools from breaking
1220 */
1221 if (!large && chan->flags &
1222 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1223 return 0;
1224 if (!large && chan->freq_offset)
1225 return 0;
1226
1227 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1228 chan->center_freq))
1229 goto nla_put_failure;
1230
1231 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1232 goto nla_put_failure;
1233
1234 if ((chan->flags & IEEE80211_CHAN_PSD) &&
1235 nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1236 goto nla_put_failure;
1237
1238 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1239 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1240 goto nla_put_failure;
1241 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1242 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1243 goto nla_put_failure;
1244 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1245 goto nla_put_failure;
1246 }
1247 if (chan->flags & IEEE80211_CHAN_RADAR) {
1248 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1249 goto nla_put_failure;
1250 if (large) {
1251 u32 time;
1252
1253 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1254
1255 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1256 chan->dfs_state))
1257 goto nla_put_failure;
1258 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1259 time))
1260 goto nla_put_failure;
1261 if (nla_put_u32(msg,
1262 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1263 chan->dfs_cac_ms))
1264 goto nla_put_failure;
1265 }
1266 }
1267
1268 if (large) {
1269 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1270 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1271 goto nla_put_failure;
1272 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1273 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1274 goto nla_put_failure;
1275 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1276 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1277 goto nla_put_failure;
1278 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1279 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1280 goto nla_put_failure;
1281 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1282 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1283 goto nla_put_failure;
1284 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1285 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1286 goto nla_put_failure;
1287 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1288 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1289 goto nla_put_failure;
1290 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1291 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1292 goto nla_put_failure;
1293 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1294 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1295 goto nla_put_failure;
1296 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1297 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1298 goto nla_put_failure;
1299 if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1300 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1301 goto nla_put_failure;
1302 if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1303 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1304 goto nla_put_failure;
1305 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1306 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1307 goto nla_put_failure;
1308 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1309 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1310 goto nla_put_failure;
1311 if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) &&
1312 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR))
1313 goto nla_put_failure;
1314 if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) &&
1315 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP))
1316 goto nla_put_failure;
1317 if ((chan->flags & IEEE80211_CHAN_ALLOW_20MHZ_ACTIVITY) &&
1318 nla_put_flag(msg,
1319 NL80211_FREQUENCY_ATTR_ALLOW_20MHZ_ACTIVITY))
1320 goto nla_put_failure;
1321 if ((chan->flags & IEEE80211_CHAN_NO_4MHZ) &&
1322 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_4MHZ))
1323 goto nla_put_failure;
1324 if ((chan->flags & IEEE80211_CHAN_NO_8MHZ) &&
1325 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_8MHZ))
1326 goto nla_put_failure;
1327 if ((chan->flags & IEEE80211_CHAN_NO_16MHZ) &&
1328 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_16MHZ))
1329 goto nla_put_failure;
1330 if ((chan->flags & IEEE80211_CHAN_S1G_NO_PRIMARY) &&
1331 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_S1G_NO_PRIMARY))
1332 goto nla_put_failure;
1333 if ((chan->flags & IEEE80211_CHAN_NO_UHR) &&
1334 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_UHR))
1335 goto nla_put_failure;
1336 }
1337
1338 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1339 DBM_TO_MBM(chan->max_power)))
1340 goto nla_put_failure;
1341
1342 if (large) {
1343 const struct ieee80211_reg_rule *rule =
1344 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1345
1346 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1347 if (nl80211_msg_put_wmm_rules(msg, rule))
1348 goto nla_put_failure;
1349 }
1350 }
1351
1352 return 0;
1353
1354 nla_put_failure:
1355 return -ENOBUFS;
1356 }
1357
nl80211_put_txq_stats(struct sk_buff * msg,struct cfg80211_txq_stats * txqstats,int attrtype)1358 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1359 struct cfg80211_txq_stats *txqstats,
1360 int attrtype)
1361 {
1362 struct nlattr *txqattr;
1363
1364 #define PUT_TXQVAL_U32(attr, memb) do { \
1365 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1366 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1367 return false; \
1368 } while (0)
1369
1370 txqattr = nla_nest_start_noflag(msg, attrtype);
1371 if (!txqattr)
1372 return false;
1373
1374 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1375 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1376 PUT_TXQVAL_U32(FLOWS, flows);
1377 PUT_TXQVAL_U32(DROPS, drops);
1378 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1379 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1380 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1381 PUT_TXQVAL_U32(COLLISIONS, collisions);
1382 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1383 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1384 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1385 nla_nest_end(msg, txqattr);
1386
1387 #undef PUT_TXQVAL_U32
1388 return true;
1389 }
1390
1391 /* netlink command implementations */
1392
1393 /**
1394 * nl80211_link_id - return link ID
1395 * @attrs: attributes to look at
1396 *
1397 * Returns: the link ID or 0 if not given
1398 *
1399 * Note this function doesn't do any validation of the link
1400 * ID validity wrt. links that were actually added, so it must
1401 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1402 * or if additional validation is done.
1403 */
nl80211_link_id(struct nlattr ** attrs)1404 static unsigned int nl80211_link_id(struct nlattr **attrs)
1405 {
1406 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1407
1408 return nla_get_u8_default(linkid, 0);
1409 }
1410
nl80211_link_id_or_invalid(struct nlattr ** attrs)1411 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1412 {
1413 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1414
1415 if (!linkid)
1416 return -1;
1417
1418 return nla_get_u8(linkid);
1419 }
1420
1421 struct key_parse {
1422 struct key_params p;
1423 int idx;
1424 int type;
1425 bool def, defmgmt, defbeacon;
1426 bool def_uni, def_multi;
1427 };
1428
nl80211_parse_key_new(struct genl_info * info,struct nlattr * key,struct key_parse * k)1429 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1430 struct key_parse *k)
1431 {
1432 struct nlattr *tb[NL80211_KEY_MAX + 1];
1433 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1434 nl80211_key_policy,
1435 info->extack);
1436 if (err)
1437 return err;
1438
1439 k->def = !!tb[NL80211_KEY_DEFAULT];
1440 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1441 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1442
1443 if (k->def) {
1444 k->def_uni = true;
1445 k->def_multi = true;
1446 }
1447 if (k->defmgmt || k->defbeacon)
1448 k->def_multi = true;
1449
1450 if (tb[NL80211_KEY_IDX])
1451 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1452
1453 if (tb[NL80211_KEY_DATA]) {
1454 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1455 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1456 }
1457
1458 if (tb[NL80211_KEY_SEQ]) {
1459 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1460 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1461 }
1462
1463 if (tb[NL80211_KEY_CIPHER])
1464 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1465
1466 if (tb[NL80211_KEY_TYPE])
1467 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1468
1469 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1470 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1471
1472 err = nla_parse_nested_deprecated(kdt,
1473 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1474 tb[NL80211_KEY_DEFAULT_TYPES],
1475 nl80211_key_default_policy,
1476 info->extack);
1477 if (err)
1478 return err;
1479
1480 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1481 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1482 }
1483
1484 if (tb[NL80211_KEY_MODE])
1485 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1486
1487 return 0;
1488 }
1489
nl80211_parse_key_old(struct genl_info * info,struct key_parse * k)1490 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1491 {
1492 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1493 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1494 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1495 }
1496
1497 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1498 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1499 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1500 }
1501
1502 if (info->attrs[NL80211_ATTR_KEY_IDX])
1503 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1504
1505 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1506 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1507
1508 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1509 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1510
1511 if (k->def) {
1512 k->def_uni = true;
1513 k->def_multi = true;
1514 }
1515 if (k->defmgmt)
1516 k->def_multi = true;
1517
1518 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1519 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1520
1521 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1522 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1523 int err = nla_parse_nested_deprecated(kdt,
1524 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1525 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1526 nl80211_key_default_policy,
1527 info->extack);
1528 if (err)
1529 return err;
1530
1531 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1532 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1533 }
1534
1535 return 0;
1536 }
1537
nl80211_parse_key(struct genl_info * info,struct key_parse * k)1538 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1539 {
1540 int err;
1541
1542 memset(k, 0, sizeof(*k));
1543 k->idx = -1;
1544 k->type = -1;
1545
1546 if (info->attrs[NL80211_ATTR_KEY])
1547 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1548 else
1549 err = nl80211_parse_key_old(info, k);
1550
1551 if (err)
1552 return err;
1553
1554 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1555 (k->defbeacon ? 1 : 0) > 1) {
1556 GENL_SET_ERR_MSG(info,
1557 "key with multiple default flags is invalid");
1558 return -EINVAL;
1559 }
1560
1561 if (k->defmgmt || k->defbeacon) {
1562 if (k->def_uni || !k->def_multi) {
1563 GENL_SET_ERR_MSG(info,
1564 "defmgmt/defbeacon key must be mcast");
1565 return -EINVAL;
1566 }
1567 }
1568
1569 if (k->idx != -1) {
1570 if (k->defmgmt) {
1571 if (k->idx < 4 || k->idx > 5) {
1572 GENL_SET_ERR_MSG(info,
1573 "defmgmt key idx not 4 or 5");
1574 return -EINVAL;
1575 }
1576 } else if (k->defbeacon) {
1577 if (k->idx < 6 || k->idx > 7) {
1578 GENL_SET_ERR_MSG(info,
1579 "defbeacon key idx not 6 or 7");
1580 return -EINVAL;
1581 }
1582 } else if (k->def) {
1583 if (k->idx < 0 || k->idx > 3) {
1584 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1585 return -EINVAL;
1586 }
1587 } else {
1588 if (k->idx < 0 || k->idx > 7) {
1589 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1590 return -EINVAL;
1591 }
1592 }
1593 }
1594
1595 return 0;
1596 }
1597
1598 static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device * rdev,struct genl_info * info,bool * no_ht)1599 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1600 struct genl_info *info, bool *no_ht)
1601 {
1602 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1603 struct key_parse parse;
1604 struct nlattr *key;
1605 struct cfg80211_cached_keys *result;
1606 int rem, err, def = 0;
1607 bool have_key = false;
1608
1609 nla_for_each_nested(key, keys, rem) {
1610 have_key = true;
1611 break;
1612 }
1613
1614 if (!have_key)
1615 return NULL;
1616
1617 result = kzalloc_obj(*result);
1618 if (!result)
1619 return ERR_PTR(-ENOMEM);
1620
1621 result->def = -1;
1622
1623 nla_for_each_nested(key, keys, rem) {
1624 memset(&parse, 0, sizeof(parse));
1625 parse.idx = -1;
1626
1627 err = nl80211_parse_key_new(info, key, &parse);
1628 if (err)
1629 goto error;
1630 err = -EINVAL;
1631 if (!parse.p.key)
1632 goto error;
1633 if (parse.idx < 0 || parse.idx > 3) {
1634 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1635 goto error;
1636 }
1637 if (parse.def) {
1638 if (def) {
1639 GENL_SET_ERR_MSG(info,
1640 "only one key can be default");
1641 goto error;
1642 }
1643 def = 1;
1644 result->def = parse.idx;
1645 if (!parse.def_uni || !parse.def_multi)
1646 goto error;
1647 } else if (parse.defmgmt)
1648 goto error;
1649 err = cfg80211_validate_key_settings(rdev, &parse.p,
1650 parse.idx, false, NULL);
1651 if (err)
1652 goto error;
1653 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1654 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1655 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1656 err = -EINVAL;
1657 goto error;
1658 }
1659 result->params[parse.idx].cipher = parse.p.cipher;
1660 result->params[parse.idx].key_len = parse.p.key_len;
1661 result->params[parse.idx].key = result->data[parse.idx];
1662 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1663
1664 /* must be WEP key if we got here */
1665 if (no_ht)
1666 *no_ht = true;
1667 }
1668
1669 if (result->def < 0) {
1670 err = -EINVAL;
1671 GENL_SET_ERR_MSG(info, "need a default/TX key");
1672 goto error;
1673 }
1674
1675 return result;
1676 error:
1677 kfree_sensitive(result);
1678 return ERR_PTR(err);
1679 }
1680
nl80211_key_allowed(struct wireless_dev * wdev)1681 static int nl80211_key_allowed(struct wireless_dev *wdev)
1682 {
1683 lockdep_assert_wiphy(wdev->wiphy);
1684
1685 switch (wdev->iftype) {
1686 case NL80211_IFTYPE_AP:
1687 case NL80211_IFTYPE_AP_VLAN:
1688 case NL80211_IFTYPE_P2P_GO:
1689 case NL80211_IFTYPE_MESH_POINT:
1690 break;
1691 case NL80211_IFTYPE_ADHOC:
1692 if (wdev->u.ibss.current_bss)
1693 return 0;
1694 return -ENOLINK;
1695 case NL80211_IFTYPE_STATION:
1696 case NL80211_IFTYPE_P2P_CLIENT:
1697 if (wdev->connected ||
1698 (wiphy_ext_feature_isset(wdev->wiphy,
1699 NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION)))
1700 return 0;
1701 return -ENOLINK;
1702 case NL80211_IFTYPE_NAN:
1703 if (wiphy_ext_feature_isset(wdev->wiphy,
1704 NL80211_EXT_FEATURE_SECURE_NAN))
1705 return 0;
1706 return -EINVAL;
1707 case NL80211_IFTYPE_UNSPECIFIED:
1708 case NL80211_IFTYPE_OCB:
1709 case NL80211_IFTYPE_MONITOR:
1710 case NL80211_IFTYPE_P2P_DEVICE:
1711 case NL80211_IFTYPE_WDS:
1712 case NUM_NL80211_IFTYPES:
1713 return -EINVAL;
1714 }
1715
1716 return 0;
1717 }
1718
nl80211_get_valid_chan(struct wiphy * wiphy,u32 freq)1719 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1720 u32 freq)
1721 {
1722 struct ieee80211_channel *chan;
1723
1724 chan = ieee80211_get_channel_khz(wiphy, freq);
1725 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1726 return NULL;
1727 return chan;
1728 }
1729
nl80211_put_iftypes(struct sk_buff * msg,u32 attr,u16 ifmodes)1730 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1731 {
1732 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1733 int i;
1734
1735 if (!nl_modes)
1736 goto nla_put_failure;
1737
1738 i = 0;
1739 while (ifmodes) {
1740 if ((ifmodes & 1) && nla_put_flag(msg, i))
1741 goto nla_put_failure;
1742 ifmodes >>= 1;
1743 i++;
1744 }
1745
1746 nla_nest_end(msg, nl_modes);
1747 return 0;
1748
1749 nla_put_failure:
1750 return -ENOBUFS;
1751 }
1752
nl80211_put_ifcomb_data(struct sk_buff * msg,bool large,int idx,const struct ieee80211_iface_combination * c,u16 nested)1753 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx,
1754 const struct ieee80211_iface_combination *c,
1755 u16 nested)
1756 {
1757 struct nlattr *nl_combi, *nl_limits;
1758 int i;
1759
1760 nl_combi = nla_nest_start_noflag(msg, idx | nested);
1761 if (!nl_combi)
1762 goto nla_put_failure;
1763
1764 nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS |
1765 nested);
1766 if (!nl_limits)
1767 goto nla_put_failure;
1768
1769 for (i = 0; i < c->n_limits; i++) {
1770 struct nlattr *nl_limit;
1771
1772 nl_limit = nla_nest_start_noflag(msg, i + 1);
1773 if (!nl_limit)
1774 goto nla_put_failure;
1775 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max))
1776 goto nla_put_failure;
1777 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1778 c->limits[i].types))
1779 goto nla_put_failure;
1780 nla_nest_end(msg, nl_limit);
1781 }
1782
1783 nla_nest_end(msg, nl_limits);
1784
1785 if (c->beacon_int_infra_match &&
1786 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1787 goto nla_put_failure;
1788 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1789 c->num_different_channels) ||
1790 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1791 c->max_interfaces))
1792 goto nla_put_failure;
1793 if (large &&
1794 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1795 c->radar_detect_widths) ||
1796 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1797 c->radar_detect_regions)))
1798 goto nla_put_failure;
1799 if (c->beacon_int_min_gcd &&
1800 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1801 c->beacon_int_min_gcd))
1802 goto nla_put_failure;
1803
1804 nla_nest_end(msg, nl_combi);
1805
1806 return 0;
1807 nla_put_failure:
1808 return -ENOBUFS;
1809 }
1810
nl80211_put_iface_combinations(struct wiphy * wiphy,struct sk_buff * msg,int attr,int radio,bool large,u16 nested)1811 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1812 struct sk_buff *msg,
1813 int attr, int radio,
1814 bool large, u16 nested)
1815 {
1816 const struct ieee80211_iface_combination *c;
1817 struct nlattr *nl_combis;
1818 int i, n;
1819
1820 nl_combis = nla_nest_start_noflag(msg, attr | nested);
1821 if (!nl_combis)
1822 goto nla_put_failure;
1823
1824 if (radio >= 0) {
1825 c = wiphy->radio[0].iface_combinations;
1826 n = wiphy->radio[0].n_iface_combinations;
1827 } else {
1828 c = wiphy->iface_combinations;
1829 n = wiphy->n_iface_combinations;
1830 }
1831 for (i = 0; i < n; i++)
1832 if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested))
1833 goto nla_put_failure;
1834
1835 nla_nest_end(msg, nl_combis);
1836
1837 return 0;
1838 nla_put_failure:
1839 return -ENOBUFS;
1840 }
1841
1842 #ifdef CONFIG_PM
nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1843 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1844 struct sk_buff *msg)
1845 {
1846 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1847 struct nlattr *nl_tcp;
1848
1849 if (!tcp)
1850 return 0;
1851
1852 nl_tcp = nla_nest_start_noflag(msg,
1853 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1854 if (!nl_tcp)
1855 return -ENOBUFS;
1856
1857 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1858 tcp->data_payload_max))
1859 return -ENOBUFS;
1860
1861 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1862 tcp->data_payload_max))
1863 return -ENOBUFS;
1864
1865 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1866 return -ENOBUFS;
1867
1868 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1869 sizeof(*tcp->tok), tcp->tok))
1870 return -ENOBUFS;
1871
1872 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1873 tcp->data_interval_max))
1874 return -ENOBUFS;
1875
1876 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1877 tcp->wake_payload_max))
1878 return -ENOBUFS;
1879
1880 nla_nest_end(msg, nl_tcp);
1881 return 0;
1882 }
1883
nl80211_send_wowlan(struct sk_buff * msg,struct cfg80211_registered_device * rdev,bool large)1884 static int nl80211_send_wowlan(struct sk_buff *msg,
1885 struct cfg80211_registered_device *rdev,
1886 bool large)
1887 {
1888 struct nlattr *nl_wowlan;
1889
1890 if (!rdev->wiphy.wowlan)
1891 return 0;
1892
1893 nl_wowlan = nla_nest_start_noflag(msg,
1894 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1895 if (!nl_wowlan)
1896 return -ENOBUFS;
1897
1898 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1899 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1900 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1901 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1902 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1903 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1904 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1905 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1906 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1907 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1908 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1909 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1910 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1911 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1912 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1913 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1914 return -ENOBUFS;
1915
1916 if (rdev->wiphy.wowlan->n_patterns) {
1917 struct nl80211_pattern_support pat = {
1918 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1919 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1920 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1921 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1922 };
1923
1924 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1925 sizeof(pat), &pat))
1926 return -ENOBUFS;
1927 }
1928
1929 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1930 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1931 rdev->wiphy.wowlan->max_nd_match_sets))
1932 return -ENOBUFS;
1933
1934 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1935 return -ENOBUFS;
1936
1937 nla_nest_end(msg, nl_wowlan);
1938
1939 return 0;
1940 }
1941 #endif
1942
nl80211_send_coalesce(struct sk_buff * msg,struct cfg80211_registered_device * rdev)1943 static int nl80211_send_coalesce(struct sk_buff *msg,
1944 struct cfg80211_registered_device *rdev)
1945 {
1946 struct nl80211_coalesce_rule_support rule;
1947
1948 if (!rdev->wiphy.coalesce)
1949 return 0;
1950
1951 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1952 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1953 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1954 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1955 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1956 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1957
1958 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1959 return -ENOBUFS;
1960
1961 return 0;
1962 }
1963
1964 static int
nl80211_send_iftype_data(struct sk_buff * msg,const struct ieee80211_supported_band * sband,const struct ieee80211_sband_iftype_data * iftdata)1965 nl80211_send_iftype_data(struct sk_buff *msg,
1966 const struct ieee80211_supported_band *sband,
1967 const struct ieee80211_sband_iftype_data *iftdata)
1968 {
1969 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1970 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
1971 const struct ieee80211_sta_uhr_cap *uhr_cap = &iftdata->uhr_cap;
1972
1973 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1974 iftdata->types_mask))
1975 return -ENOBUFS;
1976
1977 if (he_cap->has_he) {
1978 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1979 sizeof(he_cap->he_cap_elem.mac_cap_info),
1980 he_cap->he_cap_elem.mac_cap_info) ||
1981 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1982 sizeof(he_cap->he_cap_elem.phy_cap_info),
1983 he_cap->he_cap_elem.phy_cap_info) ||
1984 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1985 sizeof(he_cap->he_mcs_nss_supp),
1986 &he_cap->he_mcs_nss_supp) ||
1987 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1988 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1989 return -ENOBUFS;
1990 }
1991
1992 if (eht_cap->has_eht && he_cap->has_he) {
1993 u8 mcs_nss_size, ppe_thresh_size;
1994 u16 ppe_thres_hdr;
1995 bool is_ap;
1996
1997 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
1998 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
1999
2000 mcs_nss_size =
2001 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
2002 &eht_cap->eht_cap_elem,
2003 is_ap);
2004
2005 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
2006 ppe_thresh_size =
2007 ieee80211_eht_ppe_size(ppe_thres_hdr,
2008 eht_cap->eht_cap_elem.phy_cap_info);
2009
2010 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
2011 sizeof(eht_cap->eht_cap_elem.mac_cap_info),
2012 eht_cap->eht_cap_elem.mac_cap_info) ||
2013 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
2014 sizeof(eht_cap->eht_cap_elem.phy_cap_info),
2015 eht_cap->eht_cap_elem.phy_cap_info) ||
2016 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
2017 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
2018 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
2019 ppe_thresh_size, eht_cap->eht_ppe_thres))
2020 return -ENOBUFS;
2021 }
2022
2023 if (uhr_cap->has_uhr) {
2024 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_UHR_CAP_MAC,
2025 sizeof(uhr_cap->mac), &uhr_cap->mac) ||
2026 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_UHR_CAP_PHY,
2027 sizeof(uhr_cap->phy), &uhr_cap->phy))
2028 return -ENOBUFS;
2029 }
2030
2031 if (sband->band == NL80211_BAND_6GHZ &&
2032 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
2033 sizeof(iftdata->he_6ghz_capa),
2034 &iftdata->he_6ghz_capa))
2035 return -ENOBUFS;
2036
2037 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
2038 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
2039 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
2040 return -ENOBUFS;
2041
2042 return 0;
2043 }
2044
nl80211_send_band_rateinfo(struct sk_buff * msg,struct ieee80211_supported_band * sband,bool large)2045 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
2046 struct ieee80211_supported_band *sband,
2047 bool large)
2048 {
2049 struct nlattr *nl_rates, *nl_rate;
2050 struct ieee80211_rate *rate;
2051 int i;
2052
2053 /* add HT info */
2054 if (sband->ht_cap.ht_supported &&
2055 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
2056 sizeof(sband->ht_cap.mcs),
2057 &sband->ht_cap.mcs) ||
2058 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
2059 sband->ht_cap.cap) ||
2060 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
2061 sband->ht_cap.ampdu_factor) ||
2062 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
2063 sband->ht_cap.ampdu_density)))
2064 return -ENOBUFS;
2065
2066 /* add VHT info */
2067 if (sband->vht_cap.vht_supported &&
2068 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
2069 sizeof(sband->vht_cap.vht_mcs),
2070 &sband->vht_cap.vht_mcs) ||
2071 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
2072 sband->vht_cap.cap)))
2073 return -ENOBUFS;
2074
2075 if (large && sband->n_iftype_data) {
2076 struct nlattr *nl_iftype_data =
2077 nla_nest_start_noflag(msg,
2078 NL80211_BAND_ATTR_IFTYPE_DATA);
2079 const struct ieee80211_sband_iftype_data *iftd;
2080 int err;
2081
2082 if (!nl_iftype_data)
2083 return -ENOBUFS;
2084
2085 for_each_sband_iftype_data(sband, i, iftd) {
2086 struct nlattr *iftdata;
2087
2088 iftdata = nla_nest_start_noflag(msg, i + 1);
2089 if (!iftdata)
2090 return -ENOBUFS;
2091
2092 err = nl80211_send_iftype_data(msg, sband, iftd);
2093 if (err)
2094 return err;
2095
2096 nla_nest_end(msg, iftdata);
2097 }
2098
2099 nla_nest_end(msg, nl_iftype_data);
2100 }
2101
2102 /* add EDMG info */
2103 if (large && sband->edmg_cap.channels &&
2104 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
2105 sband->edmg_cap.channels) ||
2106 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
2107 sband->edmg_cap.bw_config)))
2108
2109 return -ENOBUFS;
2110
2111 /* add bitrates */
2112 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
2113 if (!nl_rates)
2114 return -ENOBUFS;
2115
2116 for (i = 0; i < sband->n_bitrates; i++) {
2117 nl_rate = nla_nest_start_noflag(msg, i);
2118 if (!nl_rate)
2119 return -ENOBUFS;
2120
2121 rate = &sband->bitrates[i];
2122 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
2123 rate->bitrate))
2124 return -ENOBUFS;
2125 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
2126 nla_put_flag(msg,
2127 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
2128 return -ENOBUFS;
2129
2130 nla_nest_end(msg, nl_rate);
2131 }
2132
2133 nla_nest_end(msg, nl_rates);
2134
2135 /* S1G capabilities */
2136 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
2137 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
2138 sizeof(sband->s1g_cap.cap),
2139 sband->s1g_cap.cap) ||
2140 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
2141 sizeof(sband->s1g_cap.nss_mcs),
2142 sband->s1g_cap.nss_mcs)))
2143 return -ENOBUFS;
2144
2145 return 0;
2146 }
2147
2148 static int
nl80211_send_mgmt_stypes(struct sk_buff * msg,const struct ieee80211_txrx_stypes * mgmt_stypes)2149 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2150 const struct ieee80211_txrx_stypes *mgmt_stypes)
2151 {
2152 u16 stypes;
2153 struct nlattr *nl_ftypes, *nl_ifs;
2154 enum nl80211_iftype ift;
2155 int i;
2156
2157 if (!mgmt_stypes)
2158 return 0;
2159
2160 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2161 if (!nl_ifs)
2162 return -ENOBUFS;
2163
2164 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2165 nl_ftypes = nla_nest_start_noflag(msg, ift);
2166 if (!nl_ftypes)
2167 return -ENOBUFS;
2168 i = 0;
2169 stypes = mgmt_stypes[ift].tx;
2170 while (stypes) {
2171 if ((stypes & 1) &&
2172 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2173 (i << 4) | IEEE80211_FTYPE_MGMT))
2174 return -ENOBUFS;
2175 stypes >>= 1;
2176 i++;
2177 }
2178 nla_nest_end(msg, nl_ftypes);
2179 }
2180
2181 nla_nest_end(msg, nl_ifs);
2182
2183 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2184 if (!nl_ifs)
2185 return -ENOBUFS;
2186
2187 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2188 nl_ftypes = nla_nest_start_noflag(msg, ift);
2189 if (!nl_ftypes)
2190 return -ENOBUFS;
2191 i = 0;
2192 stypes = mgmt_stypes[ift].rx;
2193 while (stypes) {
2194 if ((stypes & 1) &&
2195 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2196 (i << 4) | IEEE80211_FTYPE_MGMT))
2197 return -ENOBUFS;
2198 stypes >>= 1;
2199 i++;
2200 }
2201 nla_nest_end(msg, nl_ftypes);
2202 }
2203 nla_nest_end(msg, nl_ifs);
2204
2205 return 0;
2206 }
2207
2208 #define CMD(op, n) \
2209 do { \
2210 if (rdev->ops->op) { \
2211 i++; \
2212 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
2213 goto nla_put_failure; \
2214 } \
2215 } while (0)
2216
nl80211_add_commands_unsplit(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2217 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2218 struct sk_buff *msg)
2219 {
2220 int i = 0;
2221
2222 /*
2223 * do *NOT* add anything into this function, new things need to be
2224 * advertised only to new versions of userspace that can deal with
2225 * the split (and they can't possibly care about new features...
2226 */
2227 CMD(add_virtual_intf, NEW_INTERFACE);
2228 CMD(change_virtual_intf, SET_INTERFACE);
2229 CMD(add_key, NEW_KEY);
2230 CMD(start_ap, START_AP);
2231 CMD(add_station, NEW_STATION);
2232 CMD(add_mpath, NEW_MPATH);
2233 CMD(update_mesh_config, SET_MESH_CONFIG);
2234 CMD(change_bss, SET_BSS);
2235 CMD(auth, AUTHENTICATE);
2236 CMD(assoc, ASSOCIATE);
2237 CMD(deauth, DEAUTHENTICATE);
2238 CMD(disassoc, DISASSOCIATE);
2239 CMD(join_ibss, JOIN_IBSS);
2240 CMD(join_mesh, JOIN_MESH);
2241 CMD(set_pmksa, SET_PMKSA);
2242 CMD(del_pmksa, DEL_PMKSA);
2243 CMD(flush_pmksa, FLUSH_PMKSA);
2244 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2245 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2246 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2247 CMD(mgmt_tx, FRAME);
2248 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2249 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2250 i++;
2251 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2252 goto nla_put_failure;
2253 }
2254 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2255 rdev->ops->join_mesh) {
2256 i++;
2257 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2258 goto nla_put_failure;
2259 }
2260 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2261 CMD(tdls_mgmt, TDLS_MGMT);
2262 CMD(tdls_oper, TDLS_OPER);
2263 }
2264 if (rdev->wiphy.max_sched_scan_reqs)
2265 CMD(sched_scan_start, START_SCHED_SCAN);
2266 CMD(probe_client, PROBE_CLIENT);
2267 CMD(set_noack_map, SET_NOACK_MAP);
2268 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2269 i++;
2270 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2271 goto nla_put_failure;
2272 }
2273 CMD(start_p2p_device, START_P2P_DEVICE);
2274 CMD(set_mcast_rate, SET_MCAST_RATE);
2275 #ifdef CONFIG_NL80211_TESTMODE
2276 CMD(testmode_cmd, TESTMODE);
2277 #endif
2278
2279 if (rdev->ops->connect || rdev->ops->auth) {
2280 i++;
2281 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2282 goto nla_put_failure;
2283 }
2284
2285 if (rdev->ops->disconnect || rdev->ops->deauth) {
2286 i++;
2287 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2288 goto nla_put_failure;
2289 }
2290
2291 return i;
2292 nla_put_failure:
2293 return -ENOBUFS;
2294 }
2295
2296 static int
nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities * cap,struct sk_buff * msg)2297 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2298 struct sk_buff *msg)
2299 {
2300 struct nlattr *ftm;
2301
2302 if (!cap->ftm.supported)
2303 return 0;
2304
2305 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2306 if (!ftm)
2307 return -ENOBUFS;
2308
2309 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2310 return -ENOBUFS;
2311 if (cap->ftm.non_asap &&
2312 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2313 return -ENOBUFS;
2314 if (cap->ftm.request_lci &&
2315 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2316 return -ENOBUFS;
2317 if (cap->ftm.request_civicloc &&
2318 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2319 return -ENOBUFS;
2320 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2321 cap->ftm.preambles))
2322 return -ENOBUFS;
2323 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2324 cap->ftm.bandwidths))
2325 return -ENOBUFS;
2326 if (cap->ftm.max_bursts_exponent >= 0 &&
2327 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2328 cap->ftm.max_bursts_exponent))
2329 return -ENOBUFS;
2330 if (cap->ftm.max_ftms_per_burst &&
2331 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2332 cap->ftm.max_ftms_per_burst))
2333 return -ENOBUFS;
2334 if (cap->ftm.trigger_based &&
2335 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2336 return -ENOBUFS;
2337 if (cap->ftm.non_trigger_based &&
2338 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2339 return -ENOBUFS;
2340 if (cap->ftm.support_6ghz &&
2341 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_6GHZ_SUPPORT))
2342 return -ENOBUFS;
2343 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TX_LTF_REP,
2344 cap->ftm.max_tx_ltf_rep))
2345 return -ENOBUFS;
2346 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_RX_LTF_REP,
2347 cap->ftm.max_rx_ltf_rep))
2348 return -ENOBUFS;
2349 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TX_STS,
2350 cap->ftm.max_tx_sts))
2351 return -ENOBUFS;
2352 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_RX_STS,
2353 cap->ftm.max_rx_sts))
2354 return -ENOBUFS;
2355 if (cap->ftm.max_total_ltf_tx > 0 &&
2356 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TOTAL_LTF_TX,
2357 cap->ftm.max_total_ltf_tx))
2358 return -ENOBUFS;
2359 if (cap->ftm.max_total_ltf_rx > 0 &&
2360 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TOTAL_LTF_RX,
2361 cap->ftm.max_total_ltf_rx))
2362 return -ENOBUFS;
2363 if (cap->ftm.support_rsta &&
2364 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_RSTA_SUPPORT))
2365 return -ENOBUFS;
2366
2367 nla_nest_end(msg, ftm);
2368 return 0;
2369 }
2370
nl80211_send_pmsr_capa(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2371 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2372 struct sk_buff *msg)
2373 {
2374 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2375 struct nlattr *pmsr, *caps;
2376
2377 if (!cap)
2378 return 0;
2379
2380 /*
2381 * we don't need to clean up anything here since the caller
2382 * will genlmsg_cancel() if we fail
2383 */
2384
2385 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2386 if (!pmsr)
2387 return -ENOBUFS;
2388
2389 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2390 return -ENOBUFS;
2391
2392 if (cap->report_ap_tsf &&
2393 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2394 return -ENOBUFS;
2395
2396 if (cap->randomize_mac_addr &&
2397 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2398 return -ENOBUFS;
2399
2400 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2401 if (!caps)
2402 return -ENOBUFS;
2403
2404 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2405 return -ENOBUFS;
2406
2407 nla_nest_end(msg, caps);
2408 nla_nest_end(msg, pmsr);
2409
2410 return 0;
2411 }
2412
2413 static int
nl80211_put_iftype_akm_suites(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2414 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2415 struct sk_buff *msg)
2416 {
2417 int i;
2418 struct nlattr *nested, *nested_akms;
2419 const struct wiphy_iftype_akm_suites *iftype_akms;
2420
2421 if (!rdev->wiphy.num_iftype_akm_suites ||
2422 !rdev->wiphy.iftype_akm_suites)
2423 return 0;
2424
2425 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2426 if (!nested)
2427 return -ENOBUFS;
2428
2429 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2430 nested_akms = nla_nest_start(msg, i + 1);
2431 if (!nested_akms)
2432 return -ENOBUFS;
2433
2434 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2435
2436 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2437 iftype_akms->iftypes_mask))
2438 return -ENOBUFS;
2439
2440 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2441 sizeof(u32) * iftype_akms->n_akm_suites,
2442 iftype_akms->akm_suites)) {
2443 return -ENOBUFS;
2444 }
2445 nla_nest_end(msg, nested_akms);
2446 }
2447
2448 nla_nest_end(msg, nested);
2449
2450 return 0;
2451 }
2452
2453 static int
nl80211_put_tid_config_support(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2454 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2455 struct sk_buff *msg)
2456 {
2457 struct nlattr *supp;
2458
2459 if (!rdev->wiphy.tid_config_support.vif &&
2460 !rdev->wiphy.tid_config_support.peer)
2461 return 0;
2462
2463 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2464 if (!supp)
2465 return -ENOSPC;
2466
2467 if (rdev->wiphy.tid_config_support.vif &&
2468 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2469 rdev->wiphy.tid_config_support.vif,
2470 NL80211_TID_CONFIG_ATTR_PAD))
2471 goto fail;
2472
2473 if (rdev->wiphy.tid_config_support.peer &&
2474 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2475 rdev->wiphy.tid_config_support.peer,
2476 NL80211_TID_CONFIG_ATTR_PAD))
2477 goto fail;
2478
2479 /* for now we just use the same value ... makes more sense */
2480 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2481 rdev->wiphy.tid_config_support.max_retry))
2482 goto fail;
2483 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2484 rdev->wiphy.tid_config_support.max_retry))
2485 goto fail;
2486
2487 nla_nest_end(msg, supp);
2488
2489 return 0;
2490 fail:
2491 nla_nest_cancel(msg, supp);
2492 return -ENOBUFS;
2493 }
2494
2495 static int
nl80211_put_sar_specs(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2496 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2497 struct sk_buff *msg)
2498 {
2499 struct nlattr *sar_capa, *specs, *sub_freq_range;
2500 u8 num_freq_ranges;
2501 int i;
2502
2503 if (!rdev->wiphy.sar_capa)
2504 return 0;
2505
2506 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2507
2508 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2509 if (!sar_capa)
2510 return -ENOSPC;
2511
2512 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2513 goto fail;
2514
2515 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2516 if (!specs)
2517 goto fail;
2518
2519 /* report supported freq_ranges */
2520 for (i = 0; i < num_freq_ranges; i++) {
2521 sub_freq_range = nla_nest_start(msg, i + 1);
2522 if (!sub_freq_range)
2523 goto fail;
2524
2525 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2526 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2527 goto fail;
2528
2529 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2530 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2531 goto fail;
2532
2533 nla_nest_end(msg, sub_freq_range);
2534 }
2535
2536 nla_nest_end(msg, specs);
2537 nla_nest_end(msg, sar_capa);
2538
2539 return 0;
2540 fail:
2541 nla_nest_cancel(msg, sar_capa);
2542 return -ENOBUFS;
2543 }
2544
nl80211_put_mbssid_support(struct wiphy * wiphy,struct sk_buff * msg)2545 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2546 {
2547 struct nlattr *config;
2548
2549 if (!wiphy->mbssid_max_interfaces)
2550 return 0;
2551
2552 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2553 if (!config)
2554 return -ENOBUFS;
2555
2556 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2557 wiphy->mbssid_max_interfaces))
2558 goto fail;
2559
2560 if (wiphy->ema_max_profile_periodicity &&
2561 nla_put_u8(msg,
2562 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2563 wiphy->ema_max_profile_periodicity))
2564 goto fail;
2565
2566 nla_nest_end(msg, config);
2567 return 0;
2568
2569 fail:
2570 nla_nest_cancel(msg, config);
2571 return -ENOBUFS;
2572 }
2573
nl80211_put_radio(struct wiphy * wiphy,struct sk_buff * msg,int idx)2574 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx)
2575 {
2576 const struct wiphy_radio *r = &wiphy->radio[idx];
2577 const struct wiphy_radio_cfg *rcfg = &wiphy->radio_cfg[idx];
2578 struct nlattr *radio, *freq;
2579 int i;
2580
2581 radio = nla_nest_start(msg, idx);
2582 if (!radio)
2583 return -ENOBUFS;
2584
2585 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx))
2586 goto nla_put_failure;
2587
2588 if (rcfg->rts_threshold &&
2589 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_RTS_THRESHOLD,
2590 rcfg->rts_threshold))
2591 goto nla_put_failure;
2592
2593 if (r->antenna_mask &&
2594 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_ANTENNA_MASK,
2595 r->antenna_mask))
2596 goto nla_put_failure;
2597
2598 for (i = 0; i < r->n_freq_range; i++) {
2599 const struct wiphy_radio_freq_range *range = &r->freq_range[i];
2600
2601 freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE);
2602 if (!freq)
2603 goto nla_put_failure;
2604
2605 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START,
2606 range->start_freq) ||
2607 nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END,
2608 range->end_freq))
2609 goto nla_put_failure;
2610
2611 nla_nest_end(msg, freq);
2612 }
2613
2614 for (i = 0; i < r->n_iface_combinations; i++)
2615 if (nl80211_put_ifcomb_data(msg, true,
2616 NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION,
2617 &r->iface_combinations[i],
2618 NLA_F_NESTED))
2619 goto nla_put_failure;
2620
2621 nla_nest_end(msg, radio);
2622
2623 return 0;
2624
2625 nla_put_failure:
2626 return -ENOBUFS;
2627 }
2628
nl80211_put_radios(struct wiphy * wiphy,struct sk_buff * msg)2629 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg)
2630 {
2631 struct nlattr *radios;
2632 int i;
2633
2634 if (!wiphy->n_radio)
2635 return 0;
2636
2637 radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS);
2638 if (!radios)
2639 return -ENOBUFS;
2640
2641 for (i = 0; i < wiphy->n_radio; i++)
2642 if (nl80211_put_radio(wiphy, msg, i))
2643 goto fail;
2644
2645 nla_nest_end(msg, radios);
2646
2647 if (nl80211_put_iface_combinations(wiphy, msg,
2648 NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS,
2649 -1, true, NLA_F_NESTED))
2650 return -ENOBUFS;
2651
2652 return 0;
2653
2654 fail:
2655 nla_nest_cancel(msg, radios);
2656 return -ENOBUFS;
2657 }
2658
nl80211_put_nan_capa(struct wiphy * wiphy,struct sk_buff * msg)2659 static int nl80211_put_nan_capa(struct wiphy *wiphy, struct sk_buff *msg)
2660 {
2661 struct nlattr *nan_caps;
2662
2663 nan_caps = nla_nest_start(msg, NL80211_ATTR_NAN_CAPABILITIES);
2664 if (!nan_caps)
2665 return -ENOBUFS;
2666
2667 if (wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_CONFIGURABLE_SYNC &&
2668 nla_put_flag(msg, NL80211_NAN_CAPA_CONFIGURABLE_SYNC))
2669 goto fail;
2670
2671 if ((wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE) &&
2672 nla_put_flag(msg, NL80211_NAN_CAPA_USERSPACE_DE))
2673 goto fail;
2674
2675 if (nla_put_u8(msg, NL80211_NAN_CAPA_OP_MODE,
2676 wiphy->nan_capa.op_mode) ||
2677 nla_put_u8(msg, NL80211_NAN_CAPA_NUM_ANTENNAS,
2678 wiphy->nan_capa.n_antennas) ||
2679 nla_put_u16(msg, NL80211_NAN_CAPA_MAX_CHANNEL_SWITCH_TIME,
2680 wiphy->nan_capa.max_channel_switch_time) ||
2681 nla_put_u8(msg, NL80211_NAN_CAPA_CAPABILITIES,
2682 wiphy->nan_capa.dev_capabilities))
2683 goto fail;
2684
2685 nla_nest_end(msg, nan_caps);
2686
2687 return 0;
2688
2689 fail:
2690 nla_nest_cancel(msg, nan_caps);
2691 return -ENOBUFS;
2692 }
2693
2694 struct nl80211_dump_wiphy_state {
2695 s64 filter_wiphy;
2696 long start;
2697 long split_start, band_start, chan_start, capa_start;
2698 bool split;
2699 };
2700
nl80211_send_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd,struct sk_buff * msg,u32 portid,u32 seq,int flags,struct nl80211_dump_wiphy_state * state)2701 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2702 enum nl80211_commands cmd,
2703 struct sk_buff *msg, u32 portid, u32 seq,
2704 int flags, struct nl80211_dump_wiphy_state *state)
2705 {
2706 void *hdr;
2707 struct nlattr *nl_bands, *nl_band;
2708 struct nlattr *nl_freqs, *nl_freq;
2709 struct nlattr *nl_cmds;
2710 enum nl80211_band band;
2711 struct ieee80211_channel *chan;
2712 int i;
2713 const struct ieee80211_txrx_stypes *mgmt_stypes =
2714 rdev->wiphy.mgmt_stypes;
2715 u32 features;
2716
2717 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2718 if (!hdr)
2719 return -ENOBUFS;
2720
2721 if (WARN_ON(!state))
2722 return -EINVAL;
2723
2724 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2725 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2726 wiphy_name(&rdev->wiphy)) ||
2727 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2728 cfg80211_rdev_list_generation))
2729 goto nla_put_failure;
2730
2731 if (cmd != NL80211_CMD_NEW_WIPHY)
2732 goto finish;
2733
2734 switch (state->split_start) {
2735 case 0:
2736 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2737 rdev->wiphy.retry_short) ||
2738 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2739 rdev->wiphy.retry_long) ||
2740 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2741 rdev->wiphy.frag_threshold) ||
2742 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2743 rdev->wiphy.rts_threshold) ||
2744 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2745 rdev->wiphy.coverage_class) ||
2746 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2747 rdev->wiphy.max_scan_ssids) ||
2748 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2749 rdev->wiphy.max_sched_scan_ssids) ||
2750 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2751 rdev->wiphy.max_scan_ie_len) ||
2752 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2753 rdev->wiphy.max_sched_scan_ie_len) ||
2754 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2755 rdev->wiphy.max_match_sets))
2756 goto nla_put_failure;
2757
2758 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2759 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2760 goto nla_put_failure;
2761 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2762 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2763 goto nla_put_failure;
2764 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2765 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2766 goto nla_put_failure;
2767 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2768 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2769 goto nla_put_failure;
2770 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2771 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2772 goto nla_put_failure;
2773 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2774 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2775 goto nla_put_failure;
2776 state->split_start++;
2777 if (state->split)
2778 break;
2779 fallthrough;
2780 case 1:
2781 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2782 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2783 rdev->wiphy.cipher_suites))
2784 goto nla_put_failure;
2785
2786 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2787 rdev->wiphy.max_num_pmkids))
2788 goto nla_put_failure;
2789
2790 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2791 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2792 goto nla_put_failure;
2793
2794 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2795 rdev->wiphy.available_antennas_tx) ||
2796 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2797 rdev->wiphy.available_antennas_rx))
2798 goto nla_put_failure;
2799
2800 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2801 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2802 rdev->wiphy.probe_resp_offload))
2803 goto nla_put_failure;
2804
2805 if ((rdev->wiphy.available_antennas_tx ||
2806 rdev->wiphy.available_antennas_rx) &&
2807 rdev->ops->get_antenna) {
2808 u32 tx_ant = 0, rx_ant = 0;
2809 int res;
2810
2811 res = rdev_get_antenna(rdev, -1, &tx_ant, &rx_ant);
2812 if (!res) {
2813 if (nla_put_u32(msg,
2814 NL80211_ATTR_WIPHY_ANTENNA_TX,
2815 tx_ant) ||
2816 nla_put_u32(msg,
2817 NL80211_ATTR_WIPHY_ANTENNA_RX,
2818 rx_ant))
2819 goto nla_put_failure;
2820 }
2821 }
2822
2823 state->split_start++;
2824 if (state->split)
2825 break;
2826 fallthrough;
2827 case 2:
2828 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2829 rdev->wiphy.interface_modes))
2830 goto nla_put_failure;
2831 state->split_start++;
2832 if (state->split)
2833 break;
2834 fallthrough;
2835 case 3:
2836 nl_bands = nla_nest_start_noflag(msg,
2837 NL80211_ATTR_WIPHY_BANDS);
2838 if (!nl_bands)
2839 goto nla_put_failure;
2840
2841 for (band = state->band_start;
2842 band < (state->split ?
2843 NUM_NL80211_BANDS :
2844 NL80211_BAND_60GHZ + 1);
2845 band++) {
2846 struct ieee80211_supported_band *sband;
2847
2848 /* omit higher bands for ancient software */
2849 if (band > NL80211_BAND_5GHZ && !state->split)
2850 break;
2851
2852 sband = rdev->wiphy.bands[band];
2853
2854 if (!sband)
2855 continue;
2856
2857 nl_band = nla_nest_start_noflag(msg, band);
2858 if (!nl_band)
2859 goto nla_put_failure;
2860
2861 switch (state->chan_start) {
2862 case 0:
2863 if (nl80211_send_band_rateinfo(msg, sband,
2864 state->split))
2865 goto nla_put_failure;
2866 state->chan_start++;
2867 if (state->split)
2868 break;
2869 fallthrough;
2870 default:
2871 /* add frequencies */
2872 nl_freqs = nla_nest_start_noflag(msg,
2873 NL80211_BAND_ATTR_FREQS);
2874 if (!nl_freqs)
2875 goto nla_put_failure;
2876
2877 for (i = state->chan_start - 1;
2878 i < sband->n_channels;
2879 i++) {
2880 nl_freq = nla_nest_start_noflag(msg,
2881 i);
2882 if (!nl_freq)
2883 goto nla_put_failure;
2884
2885 chan = &sband->channels[i];
2886
2887 if (nl80211_msg_put_channel(
2888 msg, &rdev->wiphy, chan,
2889 state->split))
2890 goto nla_put_failure;
2891
2892 nla_nest_end(msg, nl_freq);
2893 if (state->split)
2894 break;
2895 }
2896 if (i < sband->n_channels)
2897 state->chan_start = i + 2;
2898 else
2899 state->chan_start = 0;
2900 nla_nest_end(msg, nl_freqs);
2901 }
2902
2903 nla_nest_end(msg, nl_band);
2904
2905 if (state->split) {
2906 /* start again here */
2907 if (state->chan_start)
2908 band--;
2909 break;
2910 }
2911 }
2912 nla_nest_end(msg, nl_bands);
2913
2914 if (band < NUM_NL80211_BANDS)
2915 state->band_start = band + 1;
2916 else
2917 state->band_start = 0;
2918
2919 /* if bands & channels are done, continue outside */
2920 if (state->band_start == 0 && state->chan_start == 0)
2921 state->split_start++;
2922 if (state->split)
2923 break;
2924 fallthrough;
2925 case 4:
2926 nl_cmds = nla_nest_start_noflag(msg,
2927 NL80211_ATTR_SUPPORTED_COMMANDS);
2928 if (!nl_cmds)
2929 goto nla_put_failure;
2930
2931 i = nl80211_add_commands_unsplit(rdev, msg);
2932 if (i < 0)
2933 goto nla_put_failure;
2934 if (state->split) {
2935 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2936 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2937 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2938 CMD(channel_switch, CHANNEL_SWITCH);
2939 CMD(set_qos_map, SET_QOS_MAP);
2940 if (rdev->wiphy.features &
2941 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2942 CMD(add_tx_ts, ADD_TX_TS);
2943 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2944 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2945 CMD(update_ft_ies, UPDATE_FT_IES);
2946 if (rdev->wiphy.sar_capa)
2947 CMD(set_sar_specs, SET_SAR_SPECS);
2948 CMD(assoc_ml_reconf, ASSOC_MLO_RECONF);
2949 }
2950 #undef CMD
2951
2952 nla_nest_end(msg, nl_cmds);
2953 state->split_start++;
2954 if (state->split)
2955 break;
2956 fallthrough;
2957 case 5:
2958 if (rdev->ops->remain_on_channel &&
2959 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2960 nla_put_u32(msg,
2961 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2962 rdev->wiphy.max_remain_on_channel_duration))
2963 goto nla_put_failure;
2964
2965 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2966 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2967 goto nla_put_failure;
2968
2969 state->split_start++;
2970 if (state->split)
2971 break;
2972 fallthrough;
2973 case 6:
2974 #ifdef CONFIG_PM
2975 if (nl80211_send_wowlan(msg, rdev, state->split))
2976 goto nla_put_failure;
2977 state->split_start++;
2978 if (state->split)
2979 break;
2980 #else
2981 state->split_start++;
2982 #endif
2983 fallthrough;
2984 case 7:
2985 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2986 rdev->wiphy.software_iftypes))
2987 goto nla_put_failure;
2988
2989 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2990 NL80211_ATTR_INTERFACE_COMBINATIONS,
2991 rdev->wiphy.n_radio ? 0 : -1,
2992 state->split, 0))
2993 goto nla_put_failure;
2994
2995 state->split_start++;
2996 if (state->split)
2997 break;
2998 fallthrough;
2999 case 8:
3000 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
3001 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
3002 rdev->wiphy.ap_sme_capa))
3003 goto nla_put_failure;
3004
3005 features = rdev->wiphy.features;
3006 /*
3007 * We can only add the per-channel limit information if the
3008 * dump is split, otherwise it makes it too big. Therefore
3009 * only advertise it in that case.
3010 */
3011 if (state->split)
3012 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
3013 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
3014 goto nla_put_failure;
3015
3016 if (rdev->wiphy.ht_capa_mod_mask &&
3017 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
3018 sizeof(*rdev->wiphy.ht_capa_mod_mask),
3019 rdev->wiphy.ht_capa_mod_mask))
3020 goto nla_put_failure;
3021
3022 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
3023 rdev->wiphy.max_acl_mac_addrs &&
3024 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
3025 rdev->wiphy.max_acl_mac_addrs))
3026 goto nla_put_failure;
3027
3028 /*
3029 * Any information below this point is only available to
3030 * applications that can deal with it being split. This
3031 * helps ensure that newly added capabilities don't break
3032 * older tools by overrunning their buffers.
3033 *
3034 * We still increment split_start so that in the split
3035 * case we'll continue with more data in the next round,
3036 * but break unconditionally so unsplit data stops here.
3037 */
3038 if (state->split)
3039 state->split_start++;
3040 else
3041 state->split_start = 0;
3042 break;
3043 case 9:
3044 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
3045 goto nla_put_failure;
3046
3047 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
3048 rdev->wiphy.max_sched_scan_plans) ||
3049 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
3050 rdev->wiphy.max_sched_scan_plan_interval) ||
3051 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
3052 rdev->wiphy.max_sched_scan_plan_iterations))
3053 goto nla_put_failure;
3054
3055 if (rdev->wiphy.extended_capabilities &&
3056 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
3057 rdev->wiphy.extended_capabilities_len,
3058 rdev->wiphy.extended_capabilities) ||
3059 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3060 rdev->wiphy.extended_capabilities_len,
3061 rdev->wiphy.extended_capabilities_mask)))
3062 goto nla_put_failure;
3063
3064 if (rdev->wiphy.vht_capa_mod_mask &&
3065 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
3066 sizeof(*rdev->wiphy.vht_capa_mod_mask),
3067 rdev->wiphy.vht_capa_mod_mask))
3068 goto nla_put_failure;
3069
3070 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
3071 rdev->wiphy.perm_addr))
3072 goto nla_put_failure;
3073
3074 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
3075 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
3076 rdev->wiphy.addr_mask))
3077 goto nla_put_failure;
3078
3079 if (rdev->wiphy.n_addresses > 1) {
3080 void *attr;
3081
3082 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
3083 if (!attr)
3084 goto nla_put_failure;
3085
3086 for (i = 0; i < rdev->wiphy.n_addresses; i++)
3087 if (nla_put(msg, i + 1, ETH_ALEN,
3088 rdev->wiphy.addresses[i].addr))
3089 goto nla_put_failure;
3090
3091 nla_nest_end(msg, attr);
3092 }
3093
3094 state->split_start++;
3095 break;
3096 case 10:
3097 if (nl80211_send_coalesce(msg, rdev))
3098 goto nla_put_failure;
3099
3100 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
3101 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
3102 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
3103 goto nla_put_failure;
3104
3105 if (rdev->wiphy.max_ap_assoc_sta &&
3106 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
3107 rdev->wiphy.max_ap_assoc_sta))
3108 goto nla_put_failure;
3109
3110 state->split_start++;
3111 break;
3112 case 11:
3113 if (rdev->wiphy.n_vendor_commands) {
3114 const struct nl80211_vendor_cmd_info *info;
3115 struct nlattr *nested;
3116
3117 nested = nla_nest_start_noflag(msg,
3118 NL80211_ATTR_VENDOR_DATA);
3119 if (!nested)
3120 goto nla_put_failure;
3121
3122 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
3123 info = &rdev->wiphy.vendor_commands[i].info;
3124 if (nla_put(msg, i + 1, sizeof(*info), info))
3125 goto nla_put_failure;
3126 }
3127 nla_nest_end(msg, nested);
3128 }
3129
3130 if (rdev->wiphy.n_vendor_events) {
3131 const struct nl80211_vendor_cmd_info *info;
3132 struct nlattr *nested;
3133
3134 nested = nla_nest_start_noflag(msg,
3135 NL80211_ATTR_VENDOR_EVENTS);
3136 if (!nested)
3137 goto nla_put_failure;
3138
3139 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
3140 info = &rdev->wiphy.vendor_events[i];
3141 if (nla_put(msg, i + 1, sizeof(*info), info))
3142 goto nla_put_failure;
3143 }
3144 nla_nest_end(msg, nested);
3145 }
3146 state->split_start++;
3147 break;
3148 case 12:
3149 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
3150 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
3151 rdev->wiphy.max_num_csa_counters))
3152 goto nla_put_failure;
3153
3154 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
3155 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
3156 goto nla_put_failure;
3157
3158 if (rdev->wiphy.max_sched_scan_reqs &&
3159 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
3160 rdev->wiphy.max_sched_scan_reqs))
3161 goto nla_put_failure;
3162
3163 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
3164 sizeof(rdev->wiphy.ext_features),
3165 rdev->wiphy.ext_features))
3166 goto nla_put_failure;
3167
3168 if (rdev->wiphy.bss_param_support) {
3169 struct nlattr *nested;
3170 u32 parsup = rdev->wiphy.bss_param_support;
3171
3172 nested = nla_nest_start(msg, NL80211_ATTR_BSS_PARAM);
3173 if (!nested)
3174 goto nla_put_failure;
3175
3176 if ((parsup & WIPHY_BSS_PARAM_CTS_PROT) &&
3177 nla_put_flag(msg, NL80211_ATTR_BSS_CTS_PROT))
3178 goto nla_put_failure;
3179 if ((parsup & WIPHY_BSS_PARAM_SHORT_PREAMBLE) &&
3180 nla_put_flag(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE))
3181 goto nla_put_failure;
3182 if ((parsup & WIPHY_BSS_PARAM_SHORT_SLOT_TIME) &&
3183 nla_put_flag(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME))
3184 goto nla_put_failure;
3185 if ((parsup & WIPHY_BSS_PARAM_BASIC_RATES) &&
3186 nla_put_flag(msg, NL80211_ATTR_BSS_BASIC_RATES))
3187 goto nla_put_failure;
3188 if ((parsup & WIPHY_BSS_PARAM_AP_ISOLATE) &&
3189 nla_put_flag(msg, NL80211_ATTR_AP_ISOLATE))
3190 goto nla_put_failure;
3191 if ((parsup & WIPHY_BSS_PARAM_HT_OPMODE) &&
3192 nla_put_flag(msg, NL80211_ATTR_BSS_HT_OPMODE))
3193 goto nla_put_failure;
3194 if ((parsup & WIPHY_BSS_PARAM_P2P_CTWINDOW) &&
3195 nla_put_flag(msg, NL80211_ATTR_P2P_CTWINDOW))
3196 goto nla_put_failure;
3197 if ((parsup & WIPHY_BSS_PARAM_P2P_OPPPS) &&
3198 nla_put_flag(msg, NL80211_ATTR_P2P_OPPPS))
3199 goto nla_put_failure;
3200 nla_nest_end(msg, nested);
3201 }
3202 if (rdev->wiphy.bss_select_support) {
3203 struct nlattr *nested;
3204 u32 bss_select_support = rdev->wiphy.bss_select_support;
3205
3206 nested = nla_nest_start_noflag(msg,
3207 NL80211_ATTR_BSS_SELECT);
3208 if (!nested)
3209 goto nla_put_failure;
3210
3211 i = 0;
3212 while (bss_select_support) {
3213 if ((bss_select_support & 1) &&
3214 nla_put_flag(msg, i))
3215 goto nla_put_failure;
3216 i++;
3217 bss_select_support >>= 1;
3218 }
3219 nla_nest_end(msg, nested);
3220 }
3221
3222 state->split_start++;
3223 break;
3224 case 13:
3225 if (rdev->wiphy.num_iftype_ext_capab &&
3226 rdev->wiphy.iftype_ext_capab) {
3227 struct nlattr *nested_ext_capab, *nested;
3228
3229 nested = nla_nest_start_noflag(msg,
3230 NL80211_ATTR_IFTYPE_EXT_CAPA);
3231 if (!nested)
3232 goto nla_put_failure;
3233
3234 for (i = state->capa_start;
3235 i < rdev->wiphy.num_iftype_ext_capab; i++) {
3236 const struct wiphy_iftype_ext_capab *capab;
3237
3238 capab = &rdev->wiphy.iftype_ext_capab[i];
3239
3240 nested_ext_capab = nla_nest_start_noflag(msg,
3241 i);
3242 if (!nested_ext_capab ||
3243 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
3244 capab->iftype) ||
3245 nla_put(msg, NL80211_ATTR_EXT_CAPA,
3246 capab->extended_capabilities_len,
3247 capab->extended_capabilities) ||
3248 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3249 capab->extended_capabilities_len,
3250 capab->extended_capabilities_mask))
3251 goto nla_put_failure;
3252
3253 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3254 (nla_put_u16(msg,
3255 NL80211_ATTR_EML_CAPABILITY,
3256 capab->eml_capabilities) ||
3257 nla_put_u16(msg,
3258 NL80211_ATTR_MLD_CAPA_AND_OPS,
3259 capab->mld_capa_and_ops)))
3260 goto nla_put_failure;
3261
3262 nla_nest_end(msg, nested_ext_capab);
3263 if (state->split)
3264 break;
3265 }
3266 nla_nest_end(msg, nested);
3267 if (i < rdev->wiphy.num_iftype_ext_capab) {
3268 state->capa_start = i + 1;
3269 break;
3270 }
3271 }
3272
3273 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
3274 rdev->wiphy.nan_supported_bands))
3275 goto nla_put_failure;
3276
3277 if (wiphy_ext_feature_isset(&rdev->wiphy,
3278 NL80211_EXT_FEATURE_TXQS)) {
3279 struct cfg80211_txq_stats txqstats = {};
3280 int res;
3281
3282 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
3283 if (!res &&
3284 !nl80211_put_txq_stats(msg, &txqstats,
3285 NL80211_ATTR_TXQ_STATS))
3286 goto nla_put_failure;
3287
3288 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
3289 rdev->wiphy.txq_limit))
3290 goto nla_put_failure;
3291 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
3292 rdev->wiphy.txq_memory_limit))
3293 goto nla_put_failure;
3294 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
3295 rdev->wiphy.txq_quantum))
3296 goto nla_put_failure;
3297 }
3298
3299 state->split_start++;
3300 break;
3301 case 14:
3302 if (nl80211_send_pmsr_capa(rdev, msg))
3303 goto nla_put_failure;
3304
3305 state->split_start++;
3306 break;
3307 case 15:
3308 if (rdev->wiphy.akm_suites &&
3309 nla_put(msg, NL80211_ATTR_AKM_SUITES,
3310 sizeof(u32) * rdev->wiphy.n_akm_suites,
3311 rdev->wiphy.akm_suites))
3312 goto nla_put_failure;
3313
3314 if (nl80211_put_iftype_akm_suites(rdev, msg))
3315 goto nla_put_failure;
3316
3317 if (nl80211_put_tid_config_support(rdev, msg))
3318 goto nla_put_failure;
3319 state->split_start++;
3320 break;
3321 case 16:
3322 if (nl80211_put_sar_specs(rdev, msg))
3323 goto nla_put_failure;
3324
3325 if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
3326 goto nla_put_failure;
3327
3328 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
3329 rdev->wiphy.max_num_akm_suites))
3330 goto nla_put_failure;
3331
3332 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3333 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3334
3335 if (rdev->wiphy.hw_timestamp_max_peers &&
3336 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3337 rdev->wiphy.hw_timestamp_max_peers))
3338 goto nla_put_failure;
3339
3340 state->split_start++;
3341 break;
3342 case 17:
3343 if (nl80211_put_radios(&rdev->wiphy, msg))
3344 goto nla_put_failure;
3345
3346 state->split_start++;
3347 break;
3348 case 18:
3349 if (nl80211_put_nan_capa(&rdev->wiphy, msg))
3350 goto nla_put_failure;
3351
3352 /* done */
3353 state->split_start = 0;
3354 break;
3355 }
3356 finish:
3357 genlmsg_end(msg, hdr);
3358 return 0;
3359
3360 nla_put_failure:
3361 genlmsg_cancel(msg, hdr);
3362 return -EMSGSIZE;
3363 }
3364
nl80211_dump_wiphy_parse(struct sk_buff * skb,struct netlink_callback * cb,struct nl80211_dump_wiphy_state * state)3365 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3366 struct netlink_callback *cb,
3367 struct nl80211_dump_wiphy_state *state)
3368 {
3369 struct nlattr **tb = kzalloc_objs(*tb, NUM_NL80211_ATTR);
3370 int ret;
3371
3372 if (!tb)
3373 return -ENOMEM;
3374
3375 ret = nlmsg_parse_deprecated(cb->nlh,
3376 GENL_HDRLEN + nl80211_fam.hdrsize,
3377 tb, nl80211_fam.maxattr,
3378 nl80211_policy, NULL);
3379 /* ignore parse errors for backward compatibility */
3380 if (ret) {
3381 ret = 0;
3382 goto out;
3383 }
3384
3385 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3386 if (tb[NL80211_ATTR_WIPHY])
3387 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3388 if (tb[NL80211_ATTR_WDEV])
3389 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3390 if (tb[NL80211_ATTR_IFINDEX]) {
3391 struct net_device *netdev;
3392 struct cfg80211_registered_device *rdev;
3393 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3394
3395 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3396 if (!netdev) {
3397 ret = -ENODEV;
3398 goto out;
3399 }
3400 if (netdev->ieee80211_ptr) {
3401 rdev = wiphy_to_rdev(
3402 netdev->ieee80211_ptr->wiphy);
3403 state->filter_wiphy = rdev->wiphy_idx;
3404 }
3405 }
3406
3407 ret = 0;
3408 out:
3409 kfree(tb);
3410 return ret;
3411 }
3412
nl80211_dump_wiphy(struct sk_buff * skb,struct netlink_callback * cb)3413 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3414 {
3415 int idx = 0, ret;
3416 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3417 struct cfg80211_registered_device *rdev;
3418
3419 rtnl_lock();
3420 if (!state) {
3421 state = kzalloc_obj(*state);
3422 if (!state) {
3423 rtnl_unlock();
3424 return -ENOMEM;
3425 }
3426 state->filter_wiphy = -1;
3427 ret = nl80211_dump_wiphy_parse(skb, cb, state);
3428 if (ret) {
3429 kfree(state);
3430 rtnl_unlock();
3431 return ret;
3432 }
3433 cb->args[0] = (long)state;
3434 }
3435
3436 for_each_rdev(rdev) {
3437 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3438 continue;
3439 if (++idx <= state->start)
3440 continue;
3441 if (state->filter_wiphy != -1 &&
3442 state->filter_wiphy != rdev->wiphy_idx)
3443 continue;
3444 wiphy_lock(&rdev->wiphy);
3445 /* attempt to fit multiple wiphy data chunks into the skb */
3446 do {
3447 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3448 skb,
3449 NETLINK_CB(cb->skb).portid,
3450 cb->nlh->nlmsg_seq,
3451 NLM_F_MULTI, state);
3452 if (ret < 0) {
3453 /*
3454 * If sending the wiphy data didn't fit (ENOBUFS
3455 * or EMSGSIZE returned), this SKB is still
3456 * empty (so it's not too big because another
3457 * wiphy dataset is already in the skb) and
3458 * we've not tried to adjust the dump allocation
3459 * yet ... then adjust the alloc size to be
3460 * bigger, and return 1 but with the empty skb.
3461 * This results in an empty message being RX'ed
3462 * in userspace, but that is ignored.
3463 *
3464 * We can then retry with the larger buffer.
3465 */
3466 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3467 !skb->len && !state->split &&
3468 cb->min_dump_alloc < 4096) {
3469 cb->min_dump_alloc = 4096;
3470 state->split_start = 0;
3471 wiphy_unlock(&rdev->wiphy);
3472 rtnl_unlock();
3473 return 1;
3474 }
3475 idx--;
3476 break;
3477 }
3478 } while (state->split_start > 0);
3479 wiphy_unlock(&rdev->wiphy);
3480 break;
3481 }
3482 rtnl_unlock();
3483
3484 state->start = idx;
3485
3486 return skb->len;
3487 }
3488
nl80211_dump_wiphy_done(struct netlink_callback * cb)3489 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3490 {
3491 kfree((void *)cb->args[0]);
3492 return 0;
3493 }
3494
nl80211_get_wiphy(struct sk_buff * skb,struct genl_info * info)3495 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3496 {
3497 struct sk_buff *msg;
3498 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3499 struct nl80211_dump_wiphy_state state = {};
3500
3501 msg = nlmsg_new(4096, GFP_KERNEL);
3502 if (!msg)
3503 return -ENOMEM;
3504
3505 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3506 info->snd_portid, info->snd_seq, 0,
3507 &state) < 0) {
3508 nlmsg_free(msg);
3509 return -ENOBUFS;
3510 }
3511
3512 return genlmsg_reply(msg, info);
3513 }
3514
3515 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3516 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
3517 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
3518 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
3519 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
3520 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
3521 };
3522
parse_txq_params(struct nlattr * tb[],struct ieee80211_txq_params * txq_params)3523 static int parse_txq_params(struct nlattr *tb[],
3524 struct ieee80211_txq_params *txq_params)
3525 {
3526 u8 ac;
3527
3528 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3529 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3530 !tb[NL80211_TXQ_ATTR_AIFS])
3531 return -EINVAL;
3532
3533 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3534 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3535 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3536 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3537 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3538
3539 if (ac >= NL80211_NUM_ACS)
3540 return -EINVAL;
3541 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3542 return 0;
3543 }
3544
nl80211_can_set_dev_channel(struct wireless_dev * wdev)3545 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3546 {
3547 /*
3548 * You can only set the channel explicitly for some interfaces,
3549 * most have their channel managed via their respective
3550 * "establish a connection" command (connect, join, ...)
3551 *
3552 * For AP/GO and mesh mode, the channel can be set with the
3553 * channel userspace API, but is only stored and passed to the
3554 * low-level driver when the AP starts or the mesh is joined.
3555 * This is for backward compatibility, userspace can also give
3556 * the channel in the start-ap or join-mesh commands instead.
3557 *
3558 * Monitors are special as they are normally slaved to
3559 * whatever else is going on, so they have their own special
3560 * operation to set the monitor channel if possible.
3561 */
3562 return !wdev ||
3563 wdev->iftype == NL80211_IFTYPE_AP ||
3564 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3565 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3566 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3567 }
3568
_nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,bool monitor,struct cfg80211_chan_def * chandef)3569 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3570 struct genl_info *info, bool monitor,
3571 struct cfg80211_chan_def *chandef)
3572 {
3573 struct netlink_ext_ack *extack = info->extack;
3574 struct nlattr **attrs = info->attrs;
3575 u32 control_freq;
3576
3577 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3578 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3579 "Frequency is missing");
3580 return -EINVAL;
3581 }
3582
3583 control_freq = MHZ_TO_KHZ(
3584 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3585 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3586 control_freq +=
3587 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3588
3589 memset(chandef, 0, sizeof(*chandef));
3590 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3591 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3592 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3593 chandef->freq1_offset = control_freq % 1000;
3594 chandef->center_freq2 = 0;
3595 chandef->s1g_primary_2mhz = false;
3596
3597 if (!chandef->chan) {
3598 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3599 "Unknown channel");
3600 return -EINVAL;
3601 }
3602
3603 if (cfg80211_chandef_is_s1g(chandef))
3604 chandef->width = NL80211_CHAN_WIDTH_1;
3605
3606 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3607 enum nl80211_channel_type chantype;
3608
3609 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3610
3611 switch (chantype) {
3612 case NL80211_CHAN_NO_HT:
3613 case NL80211_CHAN_HT20:
3614 case NL80211_CHAN_HT40PLUS:
3615 case NL80211_CHAN_HT40MINUS:
3616 cfg80211_chandef_create(chandef, chandef->chan,
3617 chantype);
3618 /* user input for center_freq is incorrect */
3619 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3620 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3621 NL_SET_ERR_MSG_ATTR(extack,
3622 attrs[NL80211_ATTR_CENTER_FREQ1],
3623 "bad center frequency 1");
3624 return -EINVAL;
3625 }
3626 /* center_freq2 must be zero */
3627 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3628 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3629 NL_SET_ERR_MSG_ATTR(extack,
3630 attrs[NL80211_ATTR_CENTER_FREQ2],
3631 "center frequency 2 can't be used");
3632 return -EINVAL;
3633 }
3634 break;
3635 default:
3636 NL_SET_ERR_MSG_ATTR(extack,
3637 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3638 "invalid channel type");
3639 return -EINVAL;
3640 }
3641 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3642 chandef->width = nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3643 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3644 chandef->center_freq1 =
3645 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3646 chandef->freq1_offset = nla_get_u32_default(
3647 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET], 0);
3648 }
3649
3650 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3651 chandef->center_freq2 =
3652 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3653
3654 chandef->s1g_primary_2mhz = nla_get_flag(
3655 attrs[NL80211_ATTR_S1G_PRIMARY_2MHZ]);
3656 }
3657
3658 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3659 chandef->edmg.channels =
3660 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3661
3662 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3663 chandef->edmg.bw_config =
3664 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3665 } else {
3666 chandef->edmg.bw_config = 0;
3667 chandef->edmg.channels = 0;
3668 }
3669
3670 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) {
3671 chandef->punctured =
3672 nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]);
3673
3674 if (chandef->punctured &&
3675 !wiphy_ext_feature_isset(&rdev->wiphy,
3676 NL80211_EXT_FEATURE_PUNCT)) {
3677 NL_SET_ERR_MSG(extack,
3678 "driver doesn't support puncturing");
3679 return -EINVAL;
3680 }
3681 }
3682
3683 if (!cfg80211_chandef_valid(chandef)) {
3684 NL_SET_ERR_MSG(extack, "invalid channel definition");
3685 return -EINVAL;
3686 }
3687
3688 if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
3689 IEEE80211_CHAN_DISABLED,
3690 monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) {
3691 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3692 return -EINVAL;
3693 }
3694
3695 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3696 chandef->width == NL80211_CHAN_WIDTH_10) &&
3697 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3698 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3699 return -EINVAL;
3700 }
3701
3702 return 0;
3703 }
3704
nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_chan_def * chandef)3705 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3706 struct genl_info *info,
3707 struct cfg80211_chan_def *chandef)
3708 {
3709 return _nl80211_parse_chandef(rdev, info, false, chandef);
3710 }
3711
__nl80211_set_channel(struct cfg80211_registered_device * rdev,struct net_device * dev,struct genl_info * info,int _link_id)3712 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3713 struct net_device *dev,
3714 struct genl_info *info,
3715 int _link_id)
3716 {
3717 struct cfg80211_chan_def chandef;
3718 int result;
3719 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3720 struct wireless_dev *wdev = NULL;
3721 int link_id = _link_id;
3722
3723 if (dev)
3724 wdev = dev->ieee80211_ptr;
3725 if (!nl80211_can_set_dev_channel(wdev))
3726 return -EOPNOTSUPP;
3727 if (wdev)
3728 iftype = wdev->iftype;
3729
3730 if (link_id < 0) {
3731 if (wdev && wdev->valid_links)
3732 return -EINVAL;
3733 link_id = 0;
3734 }
3735
3736 result = _nl80211_parse_chandef(rdev, info,
3737 iftype == NL80211_IFTYPE_MONITOR,
3738 &chandef);
3739 if (result)
3740 return result;
3741
3742 switch (iftype) {
3743 case NL80211_IFTYPE_AP:
3744 case NL80211_IFTYPE_P2P_GO:
3745 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3746 iftype))
3747 return -EINVAL;
3748 if (wdev->links[link_id].ap.beacon_interval) {
3749 struct ieee80211_channel *cur_chan;
3750
3751 if (!dev || !rdev->ops->set_ap_chanwidth ||
3752 !(rdev->wiphy.features &
3753 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
3754 return -EBUSY;
3755
3756 /* Only allow dynamic channel width changes */
3757 cur_chan = wdev->links[link_id].ap.chandef.chan;
3758 if (chandef.chan != cur_chan)
3759 return -EBUSY;
3760
3761 /* only allow this for regular channel widths */
3762 switch (wdev->links[link_id].ap.chandef.width) {
3763 case NL80211_CHAN_WIDTH_20_NOHT:
3764 case NL80211_CHAN_WIDTH_20:
3765 case NL80211_CHAN_WIDTH_40:
3766 case NL80211_CHAN_WIDTH_80:
3767 case NL80211_CHAN_WIDTH_80P80:
3768 case NL80211_CHAN_WIDTH_160:
3769 case NL80211_CHAN_WIDTH_320:
3770 break;
3771 default:
3772 return -EINVAL;
3773 }
3774
3775 switch (chandef.width) {
3776 case NL80211_CHAN_WIDTH_20_NOHT:
3777 case NL80211_CHAN_WIDTH_20:
3778 case NL80211_CHAN_WIDTH_40:
3779 case NL80211_CHAN_WIDTH_80:
3780 case NL80211_CHAN_WIDTH_80P80:
3781 case NL80211_CHAN_WIDTH_160:
3782 case NL80211_CHAN_WIDTH_320:
3783 break;
3784 default:
3785 return -EINVAL;
3786 }
3787
3788 result = rdev_set_ap_chanwidth(rdev, dev, link_id,
3789 &chandef);
3790 if (result)
3791 return result;
3792 wdev->links[link_id].ap.chandef = chandef;
3793 } else {
3794 wdev->u.ap.preset_chandef = chandef;
3795 }
3796 return 0;
3797 case NL80211_IFTYPE_MESH_POINT:
3798 return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3799 case NL80211_IFTYPE_MONITOR:
3800 return cfg80211_set_monitor_channel(rdev, dev, &chandef);
3801 default:
3802 break;
3803 }
3804
3805 return -EINVAL;
3806 }
3807
nl80211_set_channel(struct sk_buff * skb,struct genl_info * info)3808 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3809 {
3810 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3811 int link_id = nl80211_link_id_or_invalid(info->attrs);
3812 struct net_device *netdev = info->user_ptr[1];
3813
3814 return __nl80211_set_channel(rdev, netdev, info, link_id);
3815 }
3816
nl80211_set_wiphy_radio(struct genl_info * info,struct cfg80211_registered_device * rdev,int radio_idx)3817 static int nl80211_set_wiphy_radio(struct genl_info *info,
3818 struct cfg80211_registered_device *rdev,
3819 int radio_idx)
3820 {
3821 u32 rts_threshold = 0, old_rts, changed = 0;
3822 int result;
3823
3824 if (!rdev->ops->set_wiphy_params)
3825 return -EOPNOTSUPP;
3826
3827 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3828 rts_threshold = nla_get_u32(
3829 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3830 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3831 }
3832
3833 old_rts = rdev->wiphy.radio_cfg[radio_idx].rts_threshold;
3834
3835 rdev->wiphy.radio_cfg[radio_idx].rts_threshold = rts_threshold;
3836
3837 result = rdev_set_wiphy_params(rdev, radio_idx, changed);
3838 if (result)
3839 rdev->wiphy.radio_cfg[radio_idx].rts_threshold = old_rts;
3840
3841 return 0;
3842 }
3843
nl80211_set_wiphy(struct sk_buff * skb,struct genl_info * info)3844 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3845 {
3846 struct cfg80211_registered_device *rdev = NULL;
3847 struct net_device *netdev = NULL;
3848 struct wireless_dev *wdev;
3849 int result = 0, rem_txq_params = 0;
3850 struct nlattr *nl_txq_params;
3851 u32 changed;
3852 u8 retry_short = 0, retry_long = 0;
3853 u32 frag_threshold = 0, rts_threshold = 0;
3854 u8 coverage_class = 0;
3855 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3856 int radio_idx = -1;
3857
3858 rtnl_lock();
3859 /*
3860 * Try to find the wiphy and netdev. Normally this
3861 * function shouldn't need the netdev, but this is
3862 * done for backward compatibility -- previously
3863 * setting the channel was done per wiphy, but now
3864 * it is per netdev. Previous userland like hostapd
3865 * also passed a netdev to set_wiphy, so that it is
3866 * possible to let that go to the right netdev!
3867 */
3868
3869 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3870 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3871
3872 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3873 if (netdev && netdev->ieee80211_ptr)
3874 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3875 else
3876 netdev = NULL;
3877 }
3878
3879 if (!netdev) {
3880 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3881 info->attrs);
3882 if (IS_ERR(rdev)) {
3883 rtnl_unlock();
3884 return PTR_ERR(rdev);
3885 }
3886 wdev = NULL;
3887 netdev = NULL;
3888 result = 0;
3889 } else
3890 wdev = netdev->ieee80211_ptr;
3891
3892 guard(wiphy)(&rdev->wiphy);
3893
3894 /*
3895 * end workaround code, by now the rdev is available
3896 * and locked, and wdev may or may not be NULL.
3897 */
3898
3899 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3900 result = cfg80211_dev_rename(
3901 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3902 rtnl_unlock();
3903
3904 if (result)
3905 return result;
3906
3907 if (info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]) {
3908 /* Radio idx is not expected for non-multi radio wiphy */
3909 if (rdev->wiphy.n_radio <= 0)
3910 return -EINVAL;
3911
3912 radio_idx = nla_get_u8(
3913 info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]);
3914 if (radio_idx >= rdev->wiphy.n_radio)
3915 return -EINVAL;
3916
3917 return nl80211_set_wiphy_radio(info, rdev, radio_idx);
3918 }
3919
3920 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3921 struct ieee80211_txq_params txq_params;
3922 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3923
3924 if (!rdev->ops->set_txq_params)
3925 return -EOPNOTSUPP;
3926
3927 if (!netdev)
3928 return -EINVAL;
3929
3930 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3931 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3932 return -EINVAL;
3933
3934 if (!netif_running(netdev))
3935 return -ENETDOWN;
3936
3937 nla_for_each_nested(nl_txq_params,
3938 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3939 rem_txq_params) {
3940 result = nla_parse_nested_deprecated(tb,
3941 NL80211_TXQ_ATTR_MAX,
3942 nl_txq_params,
3943 txq_params_policy,
3944 info->extack);
3945 if (result)
3946 return result;
3947
3948 result = parse_txq_params(tb, &txq_params);
3949 if (result)
3950 return result;
3951
3952 txq_params.link_id =
3953 nl80211_link_id_or_invalid(info->attrs);
3954
3955 if (txq_params.link_id >= 0 &&
3956 !(netdev->ieee80211_ptr->valid_links &
3957 BIT(txq_params.link_id)))
3958 result = -ENOLINK;
3959 else if (txq_params.link_id >= 0 &&
3960 !netdev->ieee80211_ptr->valid_links)
3961 result = -EINVAL;
3962 else
3963 result = rdev_set_txq_params(rdev, netdev,
3964 &txq_params);
3965 if (result)
3966 return result;
3967 }
3968 }
3969
3970 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3971 int link_id = nl80211_link_id_or_invalid(info->attrs);
3972
3973 if (wdev) {
3974 result = __nl80211_set_channel(
3975 rdev,
3976 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3977 info, link_id);
3978 } else {
3979 result = __nl80211_set_channel(rdev, netdev, info, link_id);
3980 }
3981
3982 if (result)
3983 return result;
3984 }
3985
3986 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3987 struct wireless_dev *txp_wdev = wdev;
3988 enum nl80211_tx_power_setting type;
3989 int idx, mbm = 0;
3990
3991 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3992 txp_wdev = NULL;
3993
3994 if (!rdev->ops->set_tx_power)
3995 return -EOPNOTSUPP;
3996
3997 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3998 type = nla_get_u32(info->attrs[idx]);
3999
4000 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
4001 (type != NL80211_TX_POWER_AUTOMATIC))
4002 return -EINVAL;
4003
4004 if (type != NL80211_TX_POWER_AUTOMATIC) {
4005 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
4006 mbm = nla_get_u32(info->attrs[idx]);
4007 }
4008
4009 result = rdev_set_tx_power(rdev, txp_wdev, radio_idx, type,
4010 mbm);
4011 if (result)
4012 return result;
4013 }
4014
4015 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
4016 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
4017 u32 tx_ant, rx_ant;
4018
4019 if ((!rdev->wiphy.available_antennas_tx &&
4020 !rdev->wiphy.available_antennas_rx) ||
4021 !rdev->ops->set_antenna)
4022 return -EOPNOTSUPP;
4023
4024 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
4025 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
4026
4027 /* reject antenna configurations which don't match the
4028 * available antenna masks, except for the "all" mask */
4029 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
4030 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
4031 return -EINVAL;
4032
4033 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
4034 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
4035
4036 result = rdev_set_antenna(rdev, radio_idx, tx_ant, rx_ant);
4037 if (result)
4038 return result;
4039 }
4040
4041 changed = 0;
4042
4043 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
4044 retry_short = nla_get_u8(
4045 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
4046
4047 changed |= WIPHY_PARAM_RETRY_SHORT;
4048 }
4049
4050 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
4051 retry_long = nla_get_u8(
4052 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
4053
4054 changed |= WIPHY_PARAM_RETRY_LONG;
4055 }
4056
4057 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
4058 frag_threshold = nla_get_u32(
4059 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
4060 if (frag_threshold < 256)
4061 return -EINVAL;
4062
4063 if (frag_threshold != (u32) -1) {
4064 /*
4065 * Fragments (apart from the last one) are required to
4066 * have even length. Make the fragmentation code
4067 * simpler by stripping LSB should someone try to use
4068 * odd threshold value.
4069 */
4070 frag_threshold &= ~0x1;
4071 }
4072 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
4073 }
4074
4075 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
4076 rts_threshold = nla_get_u32(
4077 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
4078 changed |= WIPHY_PARAM_RTS_THRESHOLD;
4079 }
4080
4081 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
4082 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
4083 return -EINVAL;
4084
4085 coverage_class = nla_get_u8(
4086 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
4087 changed |= WIPHY_PARAM_COVERAGE_CLASS;
4088 }
4089
4090 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
4091 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
4092 return -EOPNOTSUPP;
4093
4094 changed |= WIPHY_PARAM_DYN_ACK;
4095 }
4096
4097 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
4098 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4099 NL80211_EXT_FEATURE_TXQS))
4100 return -EOPNOTSUPP;
4101
4102 txq_limit = nla_get_u32(
4103 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
4104 changed |= WIPHY_PARAM_TXQ_LIMIT;
4105 }
4106
4107 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
4108 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4109 NL80211_EXT_FEATURE_TXQS))
4110 return -EOPNOTSUPP;
4111
4112 txq_memory_limit = nla_get_u32(
4113 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
4114 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
4115 }
4116
4117 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
4118 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4119 NL80211_EXT_FEATURE_TXQS))
4120 return -EOPNOTSUPP;
4121
4122 txq_quantum = nla_get_u32(
4123 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
4124 changed |= WIPHY_PARAM_TXQ_QUANTUM;
4125 }
4126
4127 if (changed) {
4128 u8 old_retry_short, old_retry_long;
4129 u32 old_frag_threshold, old_rts_threshold;
4130 u8 old_coverage_class, i;
4131 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
4132 u32 *old_radio_rts_threshold = NULL;
4133
4134 if (!rdev->ops->set_wiphy_params)
4135 return -EOPNOTSUPP;
4136
4137 if (rdev->wiphy.n_radio) {
4138 old_radio_rts_threshold = kcalloc(rdev->wiphy.n_radio,
4139 sizeof(u32),
4140 GFP_KERNEL);
4141 if (!old_radio_rts_threshold)
4142 return -ENOMEM;
4143 }
4144
4145 old_retry_short = rdev->wiphy.retry_short;
4146 old_retry_long = rdev->wiphy.retry_long;
4147 old_frag_threshold = rdev->wiphy.frag_threshold;
4148 old_rts_threshold = rdev->wiphy.rts_threshold;
4149 if (old_radio_rts_threshold) {
4150 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4151 old_radio_rts_threshold[i] =
4152 rdev->wiphy.radio_cfg[i].rts_threshold;
4153 }
4154 old_coverage_class = rdev->wiphy.coverage_class;
4155 old_txq_limit = rdev->wiphy.txq_limit;
4156 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
4157 old_txq_quantum = rdev->wiphy.txq_quantum;
4158
4159 if (changed & WIPHY_PARAM_RETRY_SHORT)
4160 rdev->wiphy.retry_short = retry_short;
4161 if (changed & WIPHY_PARAM_RETRY_LONG)
4162 rdev->wiphy.retry_long = retry_long;
4163 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
4164 rdev->wiphy.frag_threshold = frag_threshold;
4165 if ((changed & WIPHY_PARAM_RTS_THRESHOLD) &&
4166 old_radio_rts_threshold) {
4167 rdev->wiphy.rts_threshold = rts_threshold;
4168 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4169 rdev->wiphy.radio_cfg[i].rts_threshold =
4170 rdev->wiphy.rts_threshold;
4171 }
4172 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
4173 rdev->wiphy.coverage_class = coverage_class;
4174 if (changed & WIPHY_PARAM_TXQ_LIMIT)
4175 rdev->wiphy.txq_limit = txq_limit;
4176 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
4177 rdev->wiphy.txq_memory_limit = txq_memory_limit;
4178 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
4179 rdev->wiphy.txq_quantum = txq_quantum;
4180
4181 result = rdev_set_wiphy_params(rdev, radio_idx, changed);
4182 if (result) {
4183 rdev->wiphy.retry_short = old_retry_short;
4184 rdev->wiphy.retry_long = old_retry_long;
4185 rdev->wiphy.frag_threshold = old_frag_threshold;
4186 rdev->wiphy.rts_threshold = old_rts_threshold;
4187 if (old_radio_rts_threshold) {
4188 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4189 rdev->wiphy.radio_cfg[i].rts_threshold =
4190 old_radio_rts_threshold[i];
4191 }
4192 rdev->wiphy.coverage_class = old_coverage_class;
4193 rdev->wiphy.txq_limit = old_txq_limit;
4194 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
4195 rdev->wiphy.txq_quantum = old_txq_quantum;
4196 }
4197
4198 kfree(old_radio_rts_threshold);
4199 return result;
4200 }
4201
4202 return 0;
4203 }
4204
nl80211_send_chandef(struct sk_buff * msg,const struct cfg80211_chan_def * chandef)4205 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
4206 {
4207 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
4208 return -EINVAL;
4209
4210 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
4211 chandef->chan->center_freq))
4212 return -ENOBUFS;
4213 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
4214 chandef->chan->freq_offset))
4215 return -ENOBUFS;
4216 switch (chandef->width) {
4217 case NL80211_CHAN_WIDTH_20_NOHT:
4218 case NL80211_CHAN_WIDTH_20:
4219 case NL80211_CHAN_WIDTH_40:
4220 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4221 cfg80211_get_chandef_type(chandef)))
4222 return -ENOBUFS;
4223 break;
4224 default:
4225 break;
4226 }
4227 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
4228 return -ENOBUFS;
4229 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
4230 return -ENOBUFS;
4231 if (chandef->center_freq2 &&
4232 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
4233 return -ENOBUFS;
4234 if (chandef->punctured &&
4235 nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
4236 return -ENOBUFS;
4237 if (chandef->s1g_primary_2mhz &&
4238 nla_put_flag(msg, NL80211_ATTR_S1G_PRIMARY_2MHZ))
4239 return -ENOBUFS;
4240
4241 return 0;
4242 }
4243 EXPORT_SYMBOL(nl80211_send_chandef);
4244
nl80211_send_iface(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)4245 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
4246 struct cfg80211_registered_device *rdev,
4247 struct wireless_dev *wdev,
4248 enum nl80211_commands cmd)
4249 {
4250 struct net_device *dev = wdev->netdev;
4251 void *hdr;
4252
4253 lockdep_assert_wiphy(&rdev->wiphy);
4254
4255 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
4256 cmd != NL80211_CMD_DEL_INTERFACE &&
4257 cmd != NL80211_CMD_SET_INTERFACE);
4258
4259 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4260 if (!hdr)
4261 return -1;
4262
4263 if (dev &&
4264 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4265 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
4266 goto nla_put_failure;
4267
4268 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
4269 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
4270 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
4271 NL80211_ATTR_PAD) ||
4272 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
4273 nla_put_u32(msg, NL80211_ATTR_GENERATION,
4274 rdev->devlist_generation ^
4275 (cfg80211_rdev_list_generation << 2)) ||
4276 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr) ||
4277 nla_put_u32(msg, NL80211_ATTR_VIF_RADIO_MASK, wdev->radio_mask))
4278 goto nla_put_failure;
4279
4280 if (rdev->ops->get_channel && !wdev->valid_links) {
4281 struct cfg80211_chan_def chandef = {};
4282 int ret;
4283
4284 ret = rdev_get_channel(rdev, wdev, 0, &chandef);
4285 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4286 goto nla_put_failure;
4287 }
4288
4289 if (rdev->ops->get_tx_power && !wdev->valid_links) {
4290 int dbm, ret;
4291
4292 ret = rdev_get_tx_power(rdev, wdev, -1, 0, &dbm);
4293 if (ret == 0 &&
4294 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4295 DBM_TO_MBM(dbm)))
4296 goto nla_put_failure;
4297 }
4298
4299 switch (wdev->iftype) {
4300 case NL80211_IFTYPE_AP:
4301 case NL80211_IFTYPE_P2P_GO:
4302 if (wdev->u.ap.ssid_len &&
4303 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
4304 wdev->u.ap.ssid))
4305 goto nla_put_failure;
4306 break;
4307 case NL80211_IFTYPE_STATION:
4308 case NL80211_IFTYPE_P2P_CLIENT:
4309 if (wdev->u.client.ssid_len &&
4310 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
4311 wdev->u.client.ssid))
4312 goto nla_put_failure;
4313 break;
4314 case NL80211_IFTYPE_ADHOC:
4315 if (wdev->u.ibss.ssid_len &&
4316 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
4317 wdev->u.ibss.ssid))
4318 goto nla_put_failure;
4319 break;
4320 default:
4321 /* nothing */
4322 break;
4323 }
4324
4325 if (rdev->ops->get_txq_stats) {
4326 struct cfg80211_txq_stats txqstats = {};
4327 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
4328
4329 if (ret == 0 &&
4330 !nl80211_put_txq_stats(msg, &txqstats,
4331 NL80211_ATTR_TXQ_STATS))
4332 goto nla_put_failure;
4333 }
4334
4335 if (wdev->valid_links) {
4336 unsigned int link_id;
4337 struct nlattr *links = nla_nest_start(msg,
4338 NL80211_ATTR_MLO_LINKS);
4339
4340 if (!links)
4341 goto nla_put_failure;
4342
4343 for_each_valid_link(wdev, link_id) {
4344 struct nlattr *link = nla_nest_start(msg, link_id + 1);
4345 struct cfg80211_chan_def chandef = {};
4346 int ret;
4347
4348 if (!link)
4349 goto nla_put_failure;
4350
4351 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
4352 goto nla_put_failure;
4353 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
4354 wdev->links[link_id].addr))
4355 goto nla_put_failure;
4356
4357 ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
4358 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4359 goto nla_put_failure;
4360
4361 if (rdev->ops->get_tx_power) {
4362 int dbm, ret;
4363
4364 ret = rdev_get_tx_power(rdev, wdev, -1, link_id, &dbm);
4365 if (ret == 0 &&
4366 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4367 DBM_TO_MBM(dbm)))
4368 goto nla_put_failure;
4369 }
4370 nla_nest_end(msg, link);
4371 }
4372
4373 nla_nest_end(msg, links);
4374 }
4375
4376 genlmsg_end(msg, hdr);
4377 return 0;
4378
4379 nla_put_failure:
4380 genlmsg_cancel(msg, hdr);
4381 return -EMSGSIZE;
4382 }
4383
nl80211_dump_interface(struct sk_buff * skb,struct netlink_callback * cb)4384 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
4385 {
4386 int wp_idx = 0;
4387 int if_idx = 0;
4388 int wp_start = cb->args[0];
4389 int if_start = cb->args[1];
4390 int filter_wiphy = -1;
4391 struct cfg80211_registered_device *rdev;
4392 struct wireless_dev *wdev;
4393 int ret;
4394
4395 rtnl_lock();
4396 if (!cb->args[2]) {
4397 struct nl80211_dump_wiphy_state state = {
4398 .filter_wiphy = -1,
4399 };
4400
4401 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
4402 if (ret)
4403 goto out_unlock;
4404
4405 filter_wiphy = state.filter_wiphy;
4406
4407 /*
4408 * if filtering, set cb->args[2] to +1 since 0 is the default
4409 * value needed to determine that parsing is necessary.
4410 */
4411 if (filter_wiphy >= 0)
4412 cb->args[2] = filter_wiphy + 1;
4413 else
4414 cb->args[2] = -1;
4415 } else if (cb->args[2] > 0) {
4416 filter_wiphy = cb->args[2] - 1;
4417 }
4418
4419 for_each_rdev(rdev) {
4420 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4421 continue;
4422 if (wp_idx < wp_start) {
4423 wp_idx++;
4424 continue;
4425 }
4426
4427 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4428 continue;
4429
4430 if_idx = 0;
4431
4432 guard(wiphy)(&rdev->wiphy);
4433
4434 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4435 if (if_idx < if_start) {
4436 if_idx++;
4437 continue;
4438 }
4439
4440 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4441 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4442 rdev, wdev,
4443 NL80211_CMD_NEW_INTERFACE) < 0)
4444 goto out;
4445
4446 if_idx++;
4447 }
4448
4449 if_start = 0;
4450 wp_idx++;
4451 }
4452 out:
4453 cb->args[0] = wp_idx;
4454 cb->args[1] = if_idx;
4455
4456 ret = skb->len;
4457 out_unlock:
4458 rtnl_unlock();
4459
4460 return ret;
4461 }
4462
nl80211_get_interface(struct sk_buff * skb,struct genl_info * info)4463 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4464 {
4465 struct sk_buff *msg;
4466 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4467 struct wireless_dev *wdev = info->user_ptr[1];
4468
4469 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4470 if (!msg)
4471 return -ENOMEM;
4472
4473 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4474 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4475 nlmsg_free(msg);
4476 return -ENOBUFS;
4477 }
4478
4479 return genlmsg_reply(msg, info);
4480 }
4481
4482 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4483 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4484 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4485 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4486 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4487 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4488 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4489 [NL80211_MNTR_FLAG_SKIP_TX] = { .type = NLA_FLAG },
4490 };
4491
parse_monitor_flags(struct nlattr * nla,u32 * mntrflags)4492 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4493 {
4494 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4495 int flag;
4496
4497 *mntrflags = 0;
4498
4499 if (!nla)
4500 return -EINVAL;
4501
4502 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4503 return -EINVAL;
4504
4505 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4506 if (flags[flag])
4507 *mntrflags |= (1<<flag);
4508
4509 /* cooked monitor mode is incompatible with other modes */
4510 if (*mntrflags & MONITOR_FLAG_COOK_FRAMES &&
4511 *mntrflags != MONITOR_FLAG_COOK_FRAMES)
4512 return -EOPNOTSUPP;
4513
4514 *mntrflags |= MONITOR_FLAG_CHANGED;
4515
4516 return 0;
4517 }
4518
nl80211_parse_mon_options(struct cfg80211_registered_device * rdev,enum nl80211_iftype type,struct genl_info * info,struct vif_params * params)4519 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4520 enum nl80211_iftype type,
4521 struct genl_info *info,
4522 struct vif_params *params)
4523 {
4524 bool change = false;
4525 int err;
4526
4527 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4528 if (type != NL80211_IFTYPE_MONITOR)
4529 return -EINVAL;
4530
4531 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4532 ¶ms->flags);
4533 if (err)
4534 return err;
4535
4536 change = true;
4537 }
4538
4539 /* MONITOR_FLAG_COOK_FRAMES is deprecated, refuse cooperation */
4540 if (params->flags & MONITOR_FLAG_COOK_FRAMES)
4541 return -EOPNOTSUPP;
4542
4543 if (params->flags & MONITOR_FLAG_ACTIVE &&
4544 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4545 return -EOPNOTSUPP;
4546
4547 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4548 const u8 *mumimo_groups;
4549 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4550
4551 if (type != NL80211_IFTYPE_MONITOR)
4552 return -EINVAL;
4553
4554 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4555 return -EOPNOTSUPP;
4556
4557 mumimo_groups =
4558 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4559
4560 /* bits 0 and 63 are reserved and must be zero */
4561 if ((mumimo_groups[0] & BIT(0)) ||
4562 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4563 return -EINVAL;
4564
4565 params->vht_mumimo_groups = mumimo_groups;
4566 change = true;
4567 }
4568
4569 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4570 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4571
4572 if (type != NL80211_IFTYPE_MONITOR)
4573 return -EINVAL;
4574
4575 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4576 return -EOPNOTSUPP;
4577
4578 params->vht_mumimo_follow_addr =
4579 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4580 change = true;
4581 }
4582
4583 return change ? 1 : 0;
4584 }
4585
nl80211_valid_4addr(struct cfg80211_registered_device * rdev,struct net_device * netdev,u8 use_4addr,enum nl80211_iftype iftype)4586 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4587 struct net_device *netdev, u8 use_4addr,
4588 enum nl80211_iftype iftype)
4589 {
4590 if (!use_4addr) {
4591 if (netdev && netif_is_bridge_port(netdev))
4592 return -EBUSY;
4593 return 0;
4594 }
4595
4596 switch (iftype) {
4597 case NL80211_IFTYPE_AP_VLAN:
4598 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
4599 return 0;
4600 break;
4601 case NL80211_IFTYPE_STATION:
4602 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
4603 return 0;
4604 break;
4605 default:
4606 break;
4607 }
4608
4609 return -EOPNOTSUPP;
4610 }
4611
nl80211_parse_vif_radio_mask(struct genl_info * info,u32 * radio_mask)4612 static int nl80211_parse_vif_radio_mask(struct genl_info *info,
4613 u32 *radio_mask)
4614 {
4615 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4616 struct nlattr *attr = info->attrs[NL80211_ATTR_VIF_RADIO_MASK];
4617 u32 mask, allowed;
4618
4619 if (!attr) {
4620 *radio_mask = 0;
4621 return 0;
4622 }
4623
4624 allowed = BIT(rdev->wiphy.n_radio) - 1;
4625 mask = nla_get_u32(attr);
4626 if (mask & ~allowed)
4627 return -EINVAL;
4628 if (!mask)
4629 mask = allowed;
4630 *radio_mask = mask;
4631
4632 return 1;
4633 }
4634
nl80211_set_interface(struct sk_buff * skb,struct genl_info * info)4635 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
4636 {
4637 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4638 struct vif_params params;
4639 int err;
4640 enum nl80211_iftype otype, ntype;
4641 struct net_device *dev = info->user_ptr[1];
4642 struct wireless_dev *wdev = dev->ieee80211_ptr;
4643 u32 radio_mask = 0;
4644 bool change = false;
4645
4646 memset(¶ms, 0, sizeof(params));
4647
4648 otype = ntype = dev->ieee80211_ptr->iftype;
4649
4650 if (info->attrs[NL80211_ATTR_IFTYPE]) {
4651 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4652 if (otype != ntype)
4653 change = true;
4654 }
4655
4656 if (info->attrs[NL80211_ATTR_MESH_ID]) {
4657 if (ntype != NL80211_IFTYPE_MESH_POINT)
4658 return -EINVAL;
4659 if (otype != NL80211_IFTYPE_MESH_POINT)
4660 return -EINVAL;
4661 if (netif_running(dev))
4662 return -EBUSY;
4663
4664 wdev->u.mesh.id_up_len =
4665 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4666 memcpy(wdev->u.mesh.id,
4667 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4668 wdev->u.mesh.id_up_len);
4669 }
4670
4671 if (info->attrs[NL80211_ATTR_4ADDR]) {
4672 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4673 change = true;
4674 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
4675 if (err)
4676 return err;
4677 } else {
4678 params.use_4addr = -1;
4679 }
4680
4681 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
4682 if (err < 0)
4683 return err;
4684 if (err > 0)
4685 change = true;
4686
4687 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4688 if (err < 0)
4689 return err;
4690 if (err && netif_running(dev))
4691 return -EBUSY;
4692
4693 if (change)
4694 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
4695 else
4696 err = 0;
4697
4698 if (!err && params.use_4addr != -1)
4699 dev->ieee80211_ptr->use_4addr = params.use_4addr;
4700
4701 if (radio_mask)
4702 wdev->radio_mask = radio_mask;
4703
4704 if (change && !err)
4705 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
4706
4707 return err;
4708 }
4709
_nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4710 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4711 {
4712 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4713 struct vif_params params;
4714 struct wireless_dev *wdev;
4715 struct sk_buff *msg;
4716 u32 radio_mask;
4717 int err;
4718 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
4719
4720 memset(¶ms, 0, sizeof(params));
4721
4722 if (!info->attrs[NL80211_ATTR_IFNAME])
4723 return -EINVAL;
4724
4725 if (info->attrs[NL80211_ATTR_IFTYPE])
4726 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4727
4728 if (!rdev->ops->add_virtual_intf)
4729 return -EOPNOTSUPP;
4730
4731 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
4732 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
4733 info->attrs[NL80211_ATTR_MAC]) {
4734 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
4735 ETH_ALEN);
4736 if (!is_valid_ether_addr(params.macaddr))
4737 return -EADDRNOTAVAIL;
4738 }
4739
4740 if (info->attrs[NL80211_ATTR_4ADDR]) {
4741 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4742 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
4743 if (err)
4744 return err;
4745 }
4746
4747 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
4748 return -EOPNOTSUPP;
4749
4750 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
4751 if (err < 0)
4752 return err;
4753
4754 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4755 if (err < 0)
4756 return err;
4757
4758 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4759 if (!msg)
4760 return -ENOMEM;
4761
4762 wdev = rdev_add_virtual_intf(rdev,
4763 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
4764 NET_NAME_USER, type, ¶ms);
4765 if (WARN_ON(!wdev)) {
4766 nlmsg_free(msg);
4767 return -EPROTO;
4768 } else if (IS_ERR(wdev)) {
4769 nlmsg_free(msg);
4770 return PTR_ERR(wdev);
4771 }
4772
4773 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4774 wdev->owner_nlportid = info->snd_portid;
4775
4776 switch (type) {
4777 case NL80211_IFTYPE_MESH_POINT:
4778 if (!info->attrs[NL80211_ATTR_MESH_ID])
4779 break;
4780 wdev->u.mesh.id_up_len =
4781 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4782 memcpy(wdev->u.mesh.id,
4783 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4784 wdev->u.mesh.id_up_len);
4785 break;
4786 case NL80211_IFTYPE_NAN:
4787 case NL80211_IFTYPE_P2P_DEVICE:
4788 /*
4789 * P2P Device and NAN do not have a netdev, so don't go
4790 * through the netdev notifier and must be added here
4791 */
4792 cfg80211_init_wdev(wdev);
4793 cfg80211_register_wdev(rdev, wdev);
4794 break;
4795 default:
4796 break;
4797 }
4798
4799 if (radio_mask)
4800 wdev->radio_mask = radio_mask;
4801
4802 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4803 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4804 nlmsg_free(msg);
4805 return -ENOBUFS;
4806 }
4807
4808 return genlmsg_reply(msg, info);
4809 }
4810
nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4811 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4812 {
4813 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4814
4815 /* to avoid failing a new interface creation due to pending removal */
4816 cfg80211_destroy_ifaces(rdev);
4817
4818 guard(wiphy)(&rdev->wiphy);
4819
4820 return _nl80211_new_interface(skb, info);
4821 }
4822
nl80211_del_interface(struct sk_buff * skb,struct genl_info * info)4823 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4824 {
4825 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4826 struct wireless_dev *wdev = info->user_ptr[1];
4827
4828 if (!rdev->ops->del_virtual_intf)
4829 return -EOPNOTSUPP;
4830
4831 /*
4832 * We hold RTNL, so this is safe, without RTNL opencount cannot
4833 * reach 0, and thus the rdev cannot be deleted.
4834 *
4835 * We need to do it for the dev_close(), since that will call
4836 * the netdev notifiers, and we need to acquire the mutex there
4837 * but don't know if we get there from here or from some other
4838 * place (e.g. "ip link set ... down").
4839 */
4840 mutex_unlock(&rdev->wiphy.mtx);
4841
4842 /*
4843 * If we remove a wireless device without a netdev then clear
4844 * user_ptr[1] so that nl80211_post_doit won't dereference it
4845 * to check if it needs to do dev_put(). Otherwise it crashes
4846 * since the wdev has been freed, unlike with a netdev where
4847 * we need the dev_put() for the netdev to really be freed.
4848 */
4849 if (!wdev->netdev)
4850 info->user_ptr[1] = NULL;
4851 else
4852 dev_close(wdev->netdev);
4853
4854 mutex_lock(&rdev->wiphy.mtx);
4855
4856 return cfg80211_remove_virtual_intf(rdev, wdev);
4857 }
4858
nl80211_set_noack_map(struct sk_buff * skb,struct genl_info * info)4859 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4860 {
4861 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4862 struct net_device *dev = info->user_ptr[1];
4863 u16 noack_map;
4864
4865 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4866 return -EINVAL;
4867
4868 if (!rdev->ops->set_noack_map)
4869 return -EOPNOTSUPP;
4870
4871 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4872
4873 return rdev_set_noack_map(rdev, dev, noack_map);
4874 }
4875
nl80211_validate_key_link_id(struct genl_info * info,struct wireless_dev * wdev,int link_id,bool pairwise)4876 static int nl80211_validate_key_link_id(struct genl_info *info,
4877 struct wireless_dev *wdev,
4878 int link_id, bool pairwise)
4879 {
4880 if (pairwise) {
4881 if (link_id != -1) {
4882 GENL_SET_ERR_MSG(info,
4883 "link ID not allowed for pairwise key");
4884 return -EINVAL;
4885 }
4886
4887 return 0;
4888 }
4889
4890 if (wdev->valid_links) {
4891 if (link_id == -1) {
4892 GENL_SET_ERR_MSG(info,
4893 "link ID must for MLO group key");
4894 return -EINVAL;
4895 }
4896 if (!(wdev->valid_links & BIT(link_id))) {
4897 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
4898 return -EINVAL;
4899 }
4900 } else if (link_id != -1) {
4901 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
4902 return -EINVAL;
4903 }
4904
4905 return 0;
4906 }
4907
4908 struct get_key_cookie {
4909 struct sk_buff *msg;
4910 int error;
4911 int idx;
4912 };
4913
get_key_callback(void * c,struct key_params * params)4914 static void get_key_callback(void *c, struct key_params *params)
4915 {
4916 struct nlattr *key;
4917 struct get_key_cookie *cookie = c;
4918
4919 if ((params->seq &&
4920 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4921 params->seq_len, params->seq)) ||
4922 (params->cipher &&
4923 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4924 params->cipher)))
4925 goto nla_put_failure;
4926
4927 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4928 if (!key)
4929 goto nla_put_failure;
4930
4931 if ((params->seq &&
4932 nla_put(cookie->msg, NL80211_KEY_SEQ,
4933 params->seq_len, params->seq)) ||
4934 (params->cipher &&
4935 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4936 params->cipher)))
4937 goto nla_put_failure;
4938
4939 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4940 goto nla_put_failure;
4941
4942 nla_nest_end(cookie->msg, key);
4943
4944 return;
4945 nla_put_failure:
4946 cookie->error = 1;
4947 }
4948
nl80211_get_key(struct sk_buff * skb,struct genl_info * info)4949 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4950 {
4951 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4952 int err;
4953 struct net_device *dev = info->user_ptr[1];
4954 u8 key_idx = 0;
4955 const u8 *mac_addr = NULL;
4956 bool pairwise;
4957 struct get_key_cookie cookie = {
4958 .error = 0,
4959 };
4960 void *hdr;
4961 struct sk_buff *msg;
4962 bool bigtk_support = false;
4963 int link_id = nl80211_link_id_or_invalid(info->attrs);
4964 struct wireless_dev *wdev = dev->ieee80211_ptr;
4965
4966 if (wiphy_ext_feature_isset(&rdev->wiphy,
4967 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4968 bigtk_support = true;
4969
4970 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
4971 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4972 wiphy_ext_feature_isset(&rdev->wiphy,
4973 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4974 bigtk_support = true;
4975
4976 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4977 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4978
4979 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4980 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4981 return -EINVAL;
4982 }
4983 }
4984
4985 if (info->attrs[NL80211_ATTR_MAC])
4986 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4987
4988 pairwise = !!mac_addr;
4989 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4990 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4991
4992 if (kt != NL80211_KEYTYPE_GROUP &&
4993 kt != NL80211_KEYTYPE_PAIRWISE)
4994 return -EINVAL;
4995 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4996 }
4997
4998 if (!rdev->ops->get_key)
4999 return -EOPNOTSUPP;
5000
5001 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
5002 return -ENOENT;
5003
5004 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5005 if (!msg)
5006 return -ENOMEM;
5007
5008 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5009 NL80211_CMD_NEW_KEY);
5010 if (!hdr)
5011 goto nla_put_failure;
5012
5013 cookie.msg = msg;
5014 cookie.idx = key_idx;
5015
5016 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5017 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
5018 goto nla_put_failure;
5019 if (mac_addr &&
5020 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
5021 goto nla_put_failure;
5022
5023 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
5024 if (err)
5025 goto free_msg;
5026
5027 err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr,
5028 &cookie, get_key_callback);
5029
5030 if (err)
5031 goto free_msg;
5032
5033 if (cookie.error)
5034 goto nla_put_failure;
5035
5036 genlmsg_end(msg, hdr);
5037 return genlmsg_reply(msg, info);
5038
5039 nla_put_failure:
5040 err = -ENOBUFS;
5041 free_msg:
5042 nlmsg_free(msg);
5043 return err;
5044 }
5045
nl80211_set_key(struct sk_buff * skb,struct genl_info * info)5046 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
5047 {
5048 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5049 struct key_parse key;
5050 int err;
5051 struct net_device *dev = info->user_ptr[1];
5052 int link_id = nl80211_link_id_or_invalid(info->attrs);
5053 struct wireless_dev *wdev = dev->ieee80211_ptr;
5054
5055 err = nl80211_parse_key(info, &key);
5056 if (err)
5057 return err;
5058
5059 if (key.idx < 0)
5060 return -EINVAL;
5061
5062 /* Only support setting default key and
5063 * Extended Key ID action NL80211_KEY_SET_TX.
5064 */
5065 if (!key.def && !key.defmgmt && !key.defbeacon &&
5066 !(key.p.mode == NL80211_KEY_SET_TX))
5067 return -EINVAL;
5068
5069 if (key.def) {
5070 if (!rdev->ops->set_default_key)
5071 return -EOPNOTSUPP;
5072
5073 err = nl80211_key_allowed(wdev);
5074 if (err)
5075 return err;
5076
5077 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5078 if (err)
5079 return err;
5080
5081 err = rdev_set_default_key(rdev, dev, link_id, key.idx,
5082 key.def_uni, key.def_multi);
5083
5084 if (err)
5085 return err;
5086
5087 #ifdef CONFIG_CFG80211_WEXT
5088 wdev->wext.default_key = key.idx;
5089 #endif
5090 return 0;
5091 } else if (key.defmgmt) {
5092 if (key.def_uni || !key.def_multi)
5093 return -EINVAL;
5094
5095 if (!rdev->ops->set_default_mgmt_key)
5096 return -EOPNOTSUPP;
5097
5098 err = nl80211_key_allowed(wdev);
5099 if (err)
5100 return err;
5101
5102 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5103 if (err)
5104 return err;
5105
5106 err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx);
5107 if (err)
5108 return err;
5109
5110 #ifdef CONFIG_CFG80211_WEXT
5111 wdev->wext.default_mgmt_key = key.idx;
5112 #endif
5113 return 0;
5114 } else if (key.defbeacon) {
5115 if (key.def_uni || !key.def_multi)
5116 return -EINVAL;
5117
5118 if (!rdev->ops->set_default_beacon_key)
5119 return -EOPNOTSUPP;
5120
5121 err = nl80211_key_allowed(wdev);
5122 if (err)
5123 return err;
5124
5125 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5126 if (err)
5127 return err;
5128
5129 return rdev_set_default_beacon_key(rdev, dev, link_id, key.idx);
5130 } else if (key.p.mode == NL80211_KEY_SET_TX &&
5131 wiphy_ext_feature_isset(&rdev->wiphy,
5132 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
5133 u8 *mac_addr = NULL;
5134
5135 if (info->attrs[NL80211_ATTR_MAC])
5136 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5137
5138 if (!mac_addr || key.idx < 0 || key.idx > 1)
5139 return -EINVAL;
5140
5141 err = nl80211_validate_key_link_id(info, wdev, link_id, true);
5142 if (err)
5143 return err;
5144
5145 return rdev_add_key(rdev, dev, link_id, key.idx,
5146 NL80211_KEYTYPE_PAIRWISE,
5147 mac_addr, &key.p);
5148 }
5149
5150 return -EINVAL;
5151 }
5152
nl80211_new_key(struct sk_buff * skb,struct genl_info * info)5153 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
5154 {
5155 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5156 int err;
5157 struct net_device *dev = info->user_ptr[1];
5158 struct key_parse key;
5159 const u8 *mac_addr = NULL;
5160 int link_id = nl80211_link_id_or_invalid(info->attrs);
5161 struct wireless_dev *wdev = dev->ieee80211_ptr;
5162
5163 err = nl80211_parse_key(info, &key);
5164 if (err)
5165 return err;
5166
5167 if (!key.p.key) {
5168 GENL_SET_ERR_MSG(info, "no key");
5169 return -EINVAL;
5170 }
5171
5172 if (info->attrs[NL80211_ATTR_MAC])
5173 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5174
5175 if (key.type == -1) {
5176 if (mac_addr)
5177 key.type = NL80211_KEYTYPE_PAIRWISE;
5178 else
5179 key.type = NL80211_KEYTYPE_GROUP;
5180 }
5181
5182 /* for now */
5183 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
5184 key.type != NL80211_KEYTYPE_GROUP) {
5185 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
5186 return -EINVAL;
5187 }
5188
5189 if (key.type == NL80211_KEYTYPE_GROUP &&
5190 info->attrs[NL80211_ATTR_VLAN_ID])
5191 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5192
5193 if (!rdev->ops->add_key)
5194 return -EOPNOTSUPP;
5195
5196 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
5197 key.type == NL80211_KEYTYPE_PAIRWISE,
5198 mac_addr)) {
5199 GENL_SET_ERR_MSG(info, "key setting validation failed");
5200 return -EINVAL;
5201 }
5202
5203 err = nl80211_key_allowed(wdev);
5204 if (err)
5205 GENL_SET_ERR_MSG(info, "key not allowed");
5206
5207 if (!err)
5208 err = nl80211_validate_key_link_id(info, wdev, link_id,
5209 key.type == NL80211_KEYTYPE_PAIRWISE);
5210
5211 if (!err) {
5212 err = rdev_add_key(rdev, dev, link_id, key.idx,
5213 key.type == NL80211_KEYTYPE_PAIRWISE,
5214 mac_addr, &key.p);
5215 if (err)
5216 GENL_SET_ERR_MSG(info, "key addition failed");
5217 }
5218
5219 return err;
5220 }
5221
nl80211_del_key(struct sk_buff * skb,struct genl_info * info)5222 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
5223 {
5224 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5225 int err;
5226 struct net_device *dev = info->user_ptr[1];
5227 u8 *mac_addr = NULL;
5228 struct key_parse key;
5229 int link_id = nl80211_link_id_or_invalid(info->attrs);
5230 struct wireless_dev *wdev = dev->ieee80211_ptr;
5231
5232 err = nl80211_parse_key(info, &key);
5233 if (err)
5234 return err;
5235
5236 if (info->attrs[NL80211_ATTR_MAC])
5237 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5238
5239 if (key.type == -1) {
5240 if (mac_addr)
5241 key.type = NL80211_KEYTYPE_PAIRWISE;
5242 else
5243 key.type = NL80211_KEYTYPE_GROUP;
5244 }
5245
5246 /* for now */
5247 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
5248 key.type != NL80211_KEYTYPE_GROUP)
5249 return -EINVAL;
5250
5251 if (!cfg80211_valid_key_idx(rdev, key.idx,
5252 key.type == NL80211_KEYTYPE_PAIRWISE))
5253 return -EINVAL;
5254
5255 if (!rdev->ops->del_key)
5256 return -EOPNOTSUPP;
5257
5258 err = nl80211_key_allowed(wdev);
5259
5260 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
5261 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
5262 err = -ENOENT;
5263
5264 if (!err)
5265 err = nl80211_validate_key_link_id(info, wdev, link_id,
5266 key.type == NL80211_KEYTYPE_PAIRWISE);
5267
5268 if (!err)
5269 err = rdev_del_key(rdev, dev, link_id, key.idx,
5270 key.type == NL80211_KEYTYPE_PAIRWISE,
5271 mac_addr);
5272
5273 #ifdef CONFIG_CFG80211_WEXT
5274 if (!err) {
5275 if (key.idx == wdev->wext.default_key)
5276 wdev->wext.default_key = -1;
5277 else if (key.idx == wdev->wext.default_mgmt_key)
5278 wdev->wext.default_mgmt_key = -1;
5279 }
5280 #endif
5281
5282 return err;
5283 }
5284
5285 /* This function returns an error or the number of nested attributes */
validate_acl_mac_addrs(struct nlattr * nl_attr)5286 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
5287 {
5288 struct nlattr *attr;
5289 int n_entries = 0, tmp;
5290
5291 nla_for_each_nested(attr, nl_attr, tmp) {
5292 if (nla_len(attr) != ETH_ALEN)
5293 return -EINVAL;
5294
5295 n_entries++;
5296 }
5297
5298 return n_entries;
5299 }
5300
5301 /*
5302 * This function parses ACL information and allocates memory for ACL data.
5303 * On successful return, the calling function is responsible to free the
5304 * ACL buffer returned by this function.
5305 */
parse_acl_data(struct wiphy * wiphy,struct genl_info * info)5306 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
5307 struct genl_info *info)
5308 {
5309 enum nl80211_acl_policy acl_policy;
5310 struct nlattr *attr;
5311 struct cfg80211_acl_data *acl;
5312 int i = 0, n_entries, tmp;
5313
5314 if (!wiphy->max_acl_mac_addrs)
5315 return ERR_PTR(-EOPNOTSUPP);
5316
5317 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
5318 return ERR_PTR(-EINVAL);
5319
5320 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
5321 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
5322 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
5323 return ERR_PTR(-EINVAL);
5324
5325 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
5326 return ERR_PTR(-EINVAL);
5327
5328 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
5329 if (n_entries < 0)
5330 return ERR_PTR(n_entries);
5331
5332 if (n_entries > wiphy->max_acl_mac_addrs)
5333 return ERR_PTR(-EOPNOTSUPP);
5334
5335 acl = kzalloc_flex(*acl, mac_addrs, n_entries);
5336 if (!acl)
5337 return ERR_PTR(-ENOMEM);
5338 acl->n_acl_entries = n_entries;
5339
5340 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
5341 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
5342 i++;
5343 }
5344 acl->acl_policy = acl_policy;
5345
5346 return acl;
5347 }
5348
nl80211_set_mac_acl(struct sk_buff * skb,struct genl_info * info)5349 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
5350 {
5351 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5352 struct net_device *dev = info->user_ptr[1];
5353 struct cfg80211_acl_data *acl;
5354 int err;
5355
5356 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5357 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5358 return -EOPNOTSUPP;
5359
5360 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
5361 return -EINVAL;
5362
5363 acl = parse_acl_data(&rdev->wiphy, info);
5364 if (IS_ERR(acl))
5365 return PTR_ERR(acl);
5366
5367 err = rdev_set_mac_acl(rdev, dev, acl);
5368
5369 kfree(acl);
5370
5371 return err;
5372 }
5373
rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len)5374 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5375 u8 *rates, u8 rates_len)
5376 {
5377 u8 i;
5378 u32 mask = 0;
5379
5380 for (i = 0; i < rates_len; i++) {
5381 int rate = (rates[i] & 0x7f) * 5;
5382 int ridx;
5383
5384 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5385 struct ieee80211_rate *srate =
5386 &sband->bitrates[ridx];
5387 if (rate == srate->bitrate) {
5388 mask |= 1 << ridx;
5389 break;
5390 }
5391 }
5392 if (ridx == sband->n_bitrates)
5393 return 0; /* rate not found */
5394 }
5395
5396 return mask;
5397 }
5398
ht_rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len,u8 mcs[IEEE80211_HT_MCS_MASK_LEN])5399 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5400 u8 *rates, u8 rates_len,
5401 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5402 {
5403 u8 i;
5404
5405 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5406
5407 for (i = 0; i < rates_len; i++) {
5408 int ridx, rbit;
5409
5410 ridx = rates[i] / 8;
5411 rbit = BIT(rates[i] % 8);
5412
5413 /* check validity */
5414 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5415 return false;
5416
5417 /* check availability */
5418 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
5419 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5420 mcs[ridx] |= rbit;
5421 else
5422 return false;
5423 }
5424
5425 return true;
5426 }
5427
vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)5428 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
5429 {
5430 u16 mcs_mask = 0;
5431
5432 switch (vht_mcs_map) {
5433 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
5434 break;
5435 case IEEE80211_VHT_MCS_SUPPORT_0_7:
5436 mcs_mask = 0x00FF;
5437 break;
5438 case IEEE80211_VHT_MCS_SUPPORT_0_8:
5439 mcs_mask = 0x01FF;
5440 break;
5441 case IEEE80211_VHT_MCS_SUPPORT_0_9:
5442 mcs_mask = 0x03FF;
5443 break;
5444 default:
5445 break;
5446 }
5447
5448 return mcs_mask;
5449 }
5450
vht_build_mcs_mask(u16 vht_mcs_map,u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])5451 static void vht_build_mcs_mask(u16 vht_mcs_map,
5452 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
5453 {
5454 u8 nss;
5455
5456 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5457 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5458 vht_mcs_map >>= 2;
5459 }
5460 }
5461
vht_set_mcs_mask(struct ieee80211_supported_band * sband,struct nl80211_txrate_vht * txrate,u16 mcs[NL80211_VHT_NSS_MAX])5462 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5463 struct nl80211_txrate_vht *txrate,
5464 u16 mcs[NL80211_VHT_NSS_MAX])
5465 {
5466 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5467 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5468 u8 i;
5469
5470 if (!sband->vht_cap.vht_supported)
5471 return false;
5472
5473 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5474
5475 /* Build vht_mcs_mask from VHT capabilities */
5476 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5477
5478 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5479 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5480 mcs[i] = txrate->mcs[i];
5481 else
5482 return false;
5483 }
5484
5485 return true;
5486 }
5487
he_mcs_map_to_mcs_mask(u8 he_mcs_map)5488 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5489 {
5490 switch (he_mcs_map) {
5491 case IEEE80211_HE_MCS_NOT_SUPPORTED:
5492 return 0;
5493 case IEEE80211_HE_MCS_SUPPORT_0_7:
5494 return 0x00FF;
5495 case IEEE80211_HE_MCS_SUPPORT_0_9:
5496 return 0x03FF;
5497 case IEEE80211_HE_MCS_SUPPORT_0_11:
5498 return 0xFFF;
5499 default:
5500 break;
5501 }
5502 return 0;
5503 }
5504
he_build_mcs_mask(u16 he_mcs_map,u16 he_mcs_mask[NL80211_HE_NSS_MAX])5505 static void he_build_mcs_mask(u16 he_mcs_map,
5506 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5507 {
5508 u8 nss;
5509
5510 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5511 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5512 he_mcs_map >>= 2;
5513 }
5514 }
5515
he_get_txmcsmap(struct genl_info * info,unsigned int link_id,const struct ieee80211_sta_he_cap * he_cap)5516 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5517 const struct ieee80211_sta_he_cap *he_cap)
5518 {
5519 struct net_device *dev = info->user_ptr[1];
5520 struct wireless_dev *wdev = dev->ieee80211_ptr;
5521 struct cfg80211_chan_def *chandef;
5522 __le16 tx_mcs;
5523
5524 chandef = wdev_chandef(wdev, link_id);
5525 if (!chandef) {
5526 /*
5527 * This is probably broken, but we never maintained
5528 * a chandef in these cases, so it always was.
5529 */
5530 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5531 }
5532
5533 switch (chandef->width) {
5534 case NL80211_CHAN_WIDTH_80P80:
5535 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5536 break;
5537 case NL80211_CHAN_WIDTH_160:
5538 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5539 break;
5540 default:
5541 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5542 break;
5543 }
5544
5545 return le16_to_cpu(tx_mcs);
5546 }
5547
he_set_mcs_mask(struct genl_info * info,struct wireless_dev * wdev,struct ieee80211_supported_band * sband,struct nl80211_txrate_he * txrate,u16 mcs[NL80211_HE_NSS_MAX],unsigned int link_id)5548 static bool he_set_mcs_mask(struct genl_info *info,
5549 struct wireless_dev *wdev,
5550 struct ieee80211_supported_band *sband,
5551 struct nl80211_txrate_he *txrate,
5552 u16 mcs[NL80211_HE_NSS_MAX],
5553 unsigned int link_id)
5554 {
5555 const struct ieee80211_sta_he_cap *he_cap;
5556 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5557 u16 tx_mcs_map = 0;
5558 u8 i;
5559
5560 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5561 if (!he_cap)
5562 return false;
5563
5564 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5565
5566 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5567
5568 /* Build he_mcs_mask from HE capabilities */
5569 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5570
5571 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5572 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5573 mcs[i] = txrate->mcs[i];
5574 else
5575 return false;
5576 }
5577
5578 return true;
5579 }
5580
eht_build_mcs_mask(struct genl_info * info,const struct ieee80211_sta_eht_cap * eht_cap,u8 mcs_nss_len,u16 * mcs_mask)5581 static void eht_build_mcs_mask(struct genl_info *info,
5582 const struct ieee80211_sta_eht_cap *eht_cap,
5583 u8 mcs_nss_len, u16 *mcs_mask)
5584 {
5585 struct net_device *dev = info->user_ptr[1];
5586 struct wireless_dev *wdev = dev->ieee80211_ptr;
5587 u8 nss, mcs_7 = 0, mcs_9 = 0, mcs_11 = 0, mcs_13 = 0;
5588 unsigned int link_id = nl80211_link_id(info->attrs);
5589
5590 if (mcs_nss_len == 4) {
5591 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *mcs =
5592 &eht_cap->eht_mcs_nss_supp.only_20mhz;
5593
5594 mcs_7 = u8_get_bits(mcs->rx_tx_mcs7_max_nss,
5595 IEEE80211_EHT_MCS_NSS_TX);
5596 mcs_9 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
5597 IEEE80211_EHT_MCS_NSS_TX);
5598 mcs_11 = u8_get_bits(mcs->rx_tx_mcs11_max_nss,
5599 IEEE80211_EHT_MCS_NSS_TX);
5600 mcs_13 = u8_get_bits(mcs->rx_tx_mcs13_max_nss,
5601 IEEE80211_EHT_MCS_NSS_TX);
5602
5603 } else {
5604 const struct ieee80211_eht_mcs_nss_supp_bw *mcs;
5605 enum nl80211_chan_width width;
5606
5607 switch (wdev->iftype) {
5608 case NL80211_IFTYPE_ADHOC:
5609 width = wdev->u.ibss.chandef.width;
5610 break;
5611 case NL80211_IFTYPE_MESH_POINT:
5612 width = wdev->u.mesh.chandef.width;
5613 break;
5614 case NL80211_IFTYPE_OCB:
5615 width = wdev->u.ocb.chandef.width;
5616 break;
5617 default:
5618 if (wdev->valid_links)
5619 width = wdev->links[link_id].ap.chandef.width;
5620 else
5621 width = wdev->u.ap.preset_chandef.width;
5622 break;
5623 }
5624
5625 switch (width) {
5626 case NL80211_CHAN_WIDTH_320:
5627 mcs = &eht_cap->eht_mcs_nss_supp.bw._320;
5628 break;
5629 case NL80211_CHAN_WIDTH_160:
5630 mcs = &eht_cap->eht_mcs_nss_supp.bw._160;
5631 break;
5632 default:
5633 mcs = &eht_cap->eht_mcs_nss_supp.bw._80;
5634 break;
5635 }
5636
5637 mcs_7 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
5638 IEEE80211_EHT_MCS_NSS_TX);
5639 mcs_9 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
5640 IEEE80211_EHT_MCS_NSS_TX);
5641 mcs_11 = u8_get_bits(mcs->rx_tx_mcs11_max_nss,
5642 IEEE80211_EHT_MCS_NSS_TX);
5643 mcs_13 = u8_get_bits(mcs->rx_tx_mcs13_max_nss,
5644 IEEE80211_EHT_MCS_NSS_TX);
5645 }
5646
5647 /* Enable MCS 14 for NSS 0 */
5648 if (eht_cap->eht_cap_elem.phy_cap_info[6] &
5649 IEEE80211_EHT_PHY_CAP6_EHT_DUP_6GHZ_SUPP)
5650 mcs_mask[0] |= 0x4000;
5651
5652 /* Enable MCS 15 for NSS 0 */
5653 mcs_mask[0] |= 0x8000;
5654
5655 for (nss = 0; nss < NL80211_EHT_NSS_MAX; nss++) {
5656 if (!mcs_7)
5657 continue;
5658 mcs_mask[nss] |= 0x00FF;
5659 mcs_7--;
5660
5661 if (!mcs_9)
5662 continue;
5663 mcs_mask[nss] |= 0x0300;
5664 mcs_9--;
5665
5666 if (!mcs_11)
5667 continue;
5668 mcs_mask[nss] |= 0x0C00;
5669 mcs_11--;
5670
5671 if (!mcs_13)
5672 continue;
5673 mcs_mask[nss] |= 0x3000;
5674 mcs_13--;
5675 }
5676 }
5677
eht_set_mcs_mask(struct genl_info * info,struct wireless_dev * wdev,struct ieee80211_supported_band * sband,struct nl80211_txrate_eht * txrate,u16 mcs[NL80211_EHT_NSS_MAX])5678 static bool eht_set_mcs_mask(struct genl_info *info, struct wireless_dev *wdev,
5679 struct ieee80211_supported_band *sband,
5680 struct nl80211_txrate_eht *txrate,
5681 u16 mcs[NL80211_EHT_NSS_MAX])
5682 {
5683 const struct ieee80211_sta_he_cap *he_cap;
5684 const struct ieee80211_sta_eht_cap *eht_cap;
5685 u16 tx_mcs_mask[NL80211_EHT_NSS_MAX] = { 0 };
5686 u8 i, mcs_nss_len;
5687
5688 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5689 if (!he_cap)
5690 return false;
5691
5692 eht_cap = ieee80211_get_eht_iftype_cap(sband, wdev->iftype);
5693 if (!eht_cap)
5694 return false;
5695
5696 /* Checks for MCS 14 */
5697 if (txrate->mcs[0] & 0x4000) {
5698 if (sband->band != NL80211_BAND_6GHZ)
5699 return false;
5700
5701 if (!(eht_cap->eht_cap_elem.phy_cap_info[6] &
5702 IEEE80211_EHT_PHY_CAP6_EHT_DUP_6GHZ_SUPP))
5703 return false;
5704 }
5705
5706 mcs_nss_len = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
5707 &eht_cap->eht_cap_elem,
5708 wdev->iftype ==
5709 NL80211_IFTYPE_STATION);
5710
5711 if (mcs_nss_len == 3) {
5712 /* Supported iftypes for setting non-20 MHZ only EHT MCS */
5713 switch (wdev->iftype) {
5714 case NL80211_IFTYPE_ADHOC:
5715 case NL80211_IFTYPE_AP:
5716 case NL80211_IFTYPE_P2P_GO:
5717 case NL80211_IFTYPE_MESH_POINT:
5718 case NL80211_IFTYPE_OCB:
5719 break;
5720 default:
5721 return false;
5722 }
5723 }
5724
5725 /* Build eht_mcs_mask from EHT and HE capabilities */
5726 eht_build_mcs_mask(info, eht_cap, mcs_nss_len, tx_mcs_mask);
5727
5728 memset(mcs, 0, sizeof(u16) * NL80211_EHT_NSS_MAX);
5729 for (i = 0; i < NL80211_EHT_NSS_MAX; i++) {
5730 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5731 mcs[i] = txrate->mcs[i];
5732 else
5733 return false;
5734 }
5735
5736 return true;
5737 }
5738
nl80211_parse_tx_bitrate_mask(struct genl_info * info,struct nlattr * attrs[],enum nl80211_attrs attr,struct cfg80211_bitrate_mask * mask,struct net_device * dev,bool default_all_enabled,unsigned int link_id)5739 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
5740 struct nlattr *attrs[],
5741 enum nl80211_attrs attr,
5742 struct cfg80211_bitrate_mask *mask,
5743 struct net_device *dev,
5744 bool default_all_enabled,
5745 unsigned int link_id)
5746 {
5747 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5748 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5749 struct wireless_dev *wdev = dev->ieee80211_ptr;
5750 int rem, i;
5751 struct nlattr *tx_rates;
5752 struct ieee80211_supported_band *sband;
5753 u16 vht_tx_mcs_map, he_tx_mcs_map;
5754
5755 memset(mask, 0, sizeof(*mask));
5756 /* Default to all rates enabled */
5757 for (i = 0; i < NUM_NL80211_BANDS; i++) {
5758 const struct ieee80211_sta_he_cap *he_cap;
5759 const struct ieee80211_sta_eht_cap *eht_cap;
5760 u8 mcs_nss_len;
5761
5762 if (!default_all_enabled)
5763 break;
5764
5765 sband = rdev->wiphy.bands[i];
5766
5767 if (!sband)
5768 continue;
5769
5770 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
5771 memcpy(mask->control[i].ht_mcs,
5772 sband->ht_cap.mcs.rx_mask,
5773 sizeof(mask->control[i].ht_mcs));
5774
5775 if (sband->vht_cap.vht_supported) {
5776 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5777 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
5778 }
5779
5780 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5781 if (!he_cap)
5782 continue;
5783
5784 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5785 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
5786
5787 mask->control[i].he_gi = 0xFF;
5788 mask->control[i].he_ltf = 0xFF;
5789
5790 eht_cap = ieee80211_get_eht_iftype_cap(sband, wdev->iftype);
5791 if (!eht_cap)
5792 continue;
5793
5794 mcs_nss_len = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
5795 &eht_cap->eht_cap_elem,
5796 wdev->iftype ==
5797 NL80211_IFTYPE_STATION);
5798
5799 eht_build_mcs_mask(info, eht_cap, mcs_nss_len,
5800 mask->control[i].eht_mcs);
5801
5802 mask->control[i].eht_gi = 0xFF;
5803 mask->control[i].eht_ltf = 0xFF;
5804 }
5805
5806 /* if no rates are given set it back to the defaults */
5807 if (!attrs[attr])
5808 goto out;
5809
5810 /* The nested attribute uses enum nl80211_band as the index. This maps
5811 * directly to the enum nl80211_band values used in cfg80211.
5812 */
5813 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5814 nla_for_each_nested(tx_rates, attrs[attr], rem) {
5815 enum nl80211_band band = nla_type(tx_rates);
5816 int err;
5817
5818 if (band < 0 || band >= NUM_NL80211_BANDS)
5819 return -EINVAL;
5820 sband = rdev->wiphy.bands[band];
5821 if (sband == NULL)
5822 return -EINVAL;
5823 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
5824 tx_rates,
5825 nl80211_txattr_policy,
5826 info->extack);
5827 if (err)
5828 return err;
5829 if (tb[NL80211_TXRATE_LEGACY]) {
5830 mask->control[band].legacy = rateset_to_mask(
5831 sband,
5832 nla_data(tb[NL80211_TXRATE_LEGACY]),
5833 nla_len(tb[NL80211_TXRATE_LEGACY]));
5834 if ((mask->control[band].legacy == 0) &&
5835 nla_len(tb[NL80211_TXRATE_LEGACY]))
5836 return -EINVAL;
5837 }
5838 if (tb[NL80211_TXRATE_HT]) {
5839 if (!ht_rateset_to_mask(
5840 sband,
5841 nla_data(tb[NL80211_TXRATE_HT]),
5842 nla_len(tb[NL80211_TXRATE_HT]),
5843 mask->control[band].ht_mcs))
5844 return -EINVAL;
5845 }
5846
5847 if (tb[NL80211_TXRATE_VHT]) {
5848 if (!vht_set_mcs_mask(
5849 sband,
5850 nla_data(tb[NL80211_TXRATE_VHT]),
5851 mask->control[band].vht_mcs))
5852 return -EINVAL;
5853 }
5854
5855 if (tb[NL80211_TXRATE_GI]) {
5856 mask->control[band].gi =
5857 nla_get_u8(tb[NL80211_TXRATE_GI]);
5858 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
5859 return -EINVAL;
5860 }
5861 if (tb[NL80211_TXRATE_HE] &&
5862 !he_set_mcs_mask(info, wdev, sband,
5863 nla_data(tb[NL80211_TXRATE_HE]),
5864 mask->control[band].he_mcs,
5865 link_id))
5866 return -EINVAL;
5867
5868 if (tb[NL80211_TXRATE_HE_GI])
5869 mask->control[band].he_gi =
5870 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
5871 if (tb[NL80211_TXRATE_HE_LTF])
5872 mask->control[band].he_ltf =
5873 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
5874
5875 if (tb[NL80211_TXRATE_EHT] &&
5876 !eht_set_mcs_mask(info, wdev, sband,
5877 nla_data(tb[NL80211_TXRATE_EHT]),
5878 mask->control[band].eht_mcs))
5879 return -EINVAL;
5880
5881 if (tb[NL80211_TXRATE_EHT_GI])
5882 mask->control[band].eht_gi =
5883 nla_get_u8(tb[NL80211_TXRATE_EHT_GI]);
5884 if (tb[NL80211_TXRATE_EHT_LTF])
5885 mask->control[band].eht_ltf =
5886 nla_get_u8(tb[NL80211_TXRATE_EHT_LTF]);
5887
5888 if (mask->control[band].legacy == 0) {
5889 /* don't allow empty legacy rates if HT, VHT, HE or EHT
5890 * are not even supported.
5891 */
5892 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
5893 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
5894 ieee80211_get_he_iftype_cap(sband, wdev->iftype) ||
5895 ieee80211_get_eht_iftype_cap(sband, wdev->iftype)))
5896 return -EINVAL;
5897
5898 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5899 if (mask->control[band].ht_mcs[i])
5900 goto out;
5901
5902 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
5903 if (mask->control[band].vht_mcs[i])
5904 goto out;
5905
5906 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
5907 if (mask->control[band].he_mcs[i])
5908 goto out;
5909
5910 for (i = 0; i < NL80211_EHT_NSS_MAX; i++)
5911 if (mask->control[band].eht_mcs[i])
5912 goto out;
5913
5914 /* legacy and mcs rates may not be both empty */
5915 return -EINVAL;
5916 }
5917 }
5918
5919 out:
5920 return 0;
5921 }
5922
validate_beacon_tx_rate(struct cfg80211_registered_device * rdev,enum nl80211_band band,struct cfg80211_bitrate_mask * beacon_rate)5923 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
5924 enum nl80211_band band,
5925 struct cfg80211_bitrate_mask *beacon_rate)
5926 {
5927 u32 count_ht, count_vht, count_he, count_eht, i;
5928 u32 rate = beacon_rate->control[band].legacy;
5929
5930 /* Allow only one rate */
5931 if (hweight32(rate) > 1)
5932 return -EINVAL;
5933
5934 count_ht = 0;
5935 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5936 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
5937 return -EINVAL;
5938 } else if (beacon_rate->control[band].ht_mcs[i]) {
5939 count_ht++;
5940 if (count_ht > 1)
5941 return -EINVAL;
5942 }
5943 if (count_ht && rate)
5944 return -EINVAL;
5945 }
5946
5947 count_vht = 0;
5948 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5949 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
5950 return -EINVAL;
5951 } else if (beacon_rate->control[band].vht_mcs[i]) {
5952 count_vht++;
5953 if (count_vht > 1)
5954 return -EINVAL;
5955 }
5956 if (count_vht && rate)
5957 return -EINVAL;
5958 }
5959
5960 count_he = 0;
5961 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5962 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
5963 return -EINVAL;
5964 } else if (beacon_rate->control[band].he_mcs[i]) {
5965 count_he++;
5966 if (count_he > 1)
5967 return -EINVAL;
5968 }
5969 if (count_he && rate)
5970 return -EINVAL;
5971 }
5972
5973 count_eht = 0;
5974 for (i = 0; i < NL80211_EHT_NSS_MAX; i++) {
5975 if (hweight16(beacon_rate->control[band].eht_mcs[i]) > 1) {
5976 return -EINVAL;
5977 } else if (beacon_rate->control[band].eht_mcs[i]) {
5978 count_eht++;
5979 if (count_eht > 1)
5980 return -EINVAL;
5981 }
5982 if (count_eht && rate)
5983 return -EINVAL;
5984 }
5985
5986 if ((count_ht && count_vht && count_he && count_eht) ||
5987 (!rate && !count_ht && !count_vht && !count_he && !count_eht))
5988 return -EINVAL;
5989
5990 if (rate &&
5991 !wiphy_ext_feature_isset(&rdev->wiphy,
5992 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
5993 return -EINVAL;
5994 if (count_ht &&
5995 !wiphy_ext_feature_isset(&rdev->wiphy,
5996 NL80211_EXT_FEATURE_BEACON_RATE_HT))
5997 return -EINVAL;
5998 if (count_vht &&
5999 !wiphy_ext_feature_isset(&rdev->wiphy,
6000 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
6001 return -EINVAL;
6002 if (count_he &&
6003 !wiphy_ext_feature_isset(&rdev->wiphy,
6004 NL80211_EXT_FEATURE_BEACON_RATE_HE))
6005 return -EINVAL;
6006
6007 if (count_eht &&
6008 !wiphy_ext_feature_isset(&rdev->wiphy,
6009 NL80211_EXT_FEATURE_BEACON_RATE_EHT))
6010 return -EINVAL;
6011
6012 return 0;
6013 }
6014
nl80211_parse_mbssid_config(struct wiphy * wiphy,struct net_device * dev,unsigned int link_id,struct nlattr * attrs,struct cfg80211_mbssid_config * config,u8 num_elems)6015 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
6016 struct net_device *dev,
6017 unsigned int link_id,
6018 struct nlattr *attrs,
6019 struct cfg80211_mbssid_config *config,
6020 u8 num_elems)
6021 {
6022 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
6023 int tx_link_id = -1;
6024
6025 if (!wiphy->mbssid_max_interfaces)
6026 return -EOPNOTSUPP;
6027
6028 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
6029 NULL) ||
6030 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
6031 return -EINVAL;
6032
6033 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
6034 if (config->ema) {
6035 if (!wiphy->ema_max_profile_periodicity)
6036 return -EOPNOTSUPP;
6037
6038 if (num_elems > wiphy->ema_max_profile_periodicity)
6039 return -EINVAL;
6040 }
6041
6042 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
6043 if (config->index >= wiphy->mbssid_max_interfaces ||
6044 (!config->index && !num_elems))
6045 return -EINVAL;
6046
6047 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID])
6048 tx_link_id = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID]);
6049
6050 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
6051 u32 tx_ifindex =
6052 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
6053
6054 if ((!config->index && tx_ifindex != dev->ifindex) ||
6055 (config->index && tx_ifindex == dev->ifindex))
6056 return -EINVAL;
6057
6058 if (tx_ifindex != dev->ifindex) {
6059 struct net_device *tx_netdev =
6060 dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
6061
6062 if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
6063 tx_netdev->ieee80211_ptr->wiphy != wiphy ||
6064 tx_netdev->ieee80211_ptr->iftype !=
6065 NL80211_IFTYPE_AP) {
6066 dev_put(tx_netdev);
6067 return -EINVAL;
6068 }
6069
6070 config->tx_wdev = tx_netdev->ieee80211_ptr;
6071 /* Caller should call dev_put(config->tx_wdev) from this point */
6072
6073 if (config->tx_wdev->valid_links) {
6074 if (tx_link_id == -1 ||
6075 !(config->tx_wdev->valid_links & BIT(tx_link_id)))
6076 return -ENOLINK;
6077
6078 config->tx_link_id = tx_link_id;
6079 }
6080 } else {
6081 if (tx_link_id >= 0 && tx_link_id != link_id)
6082 return -EINVAL;
6083
6084 config->tx_wdev = dev->ieee80211_ptr;
6085 }
6086 } else if (!config->index) {
6087 if (tx_link_id >= 0 && tx_link_id != link_id)
6088 return -EINVAL;
6089
6090 config->tx_wdev = dev->ieee80211_ptr;
6091 } else {
6092 return -EINVAL;
6093 }
6094
6095 return 0;
6096 }
6097
6098 static struct cfg80211_mbssid_elems *
nl80211_parse_mbssid_elems(struct wiphy * wiphy,struct nlattr * attrs)6099 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
6100 {
6101 struct nlattr *nl_elems;
6102 struct cfg80211_mbssid_elems *elems;
6103 int rem_elems;
6104 u8 i = 0, num_elems = 0;
6105
6106 if (!wiphy->mbssid_max_interfaces)
6107 return ERR_PTR(-EINVAL);
6108
6109 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6110 if (num_elems >= 255)
6111 return ERR_PTR(-EINVAL);
6112 num_elems++;
6113 }
6114
6115 elems = kzalloc_flex(*elems, elem, num_elems);
6116 if (!elems)
6117 return ERR_PTR(-ENOMEM);
6118 elems->cnt = num_elems;
6119
6120 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6121 elems->elem[i].data = nla_data(nl_elems);
6122 elems->elem[i].len = nla_len(nl_elems);
6123 i++;
6124 }
6125 return elems;
6126 }
6127
6128 static struct cfg80211_rnr_elems *
nl80211_parse_rnr_elems(struct wiphy * wiphy,struct nlattr * attrs,struct netlink_ext_ack * extack)6129 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
6130 struct netlink_ext_ack *extack)
6131 {
6132 struct nlattr *nl_elems;
6133 struct cfg80211_rnr_elems *elems;
6134 int rem_elems;
6135 u8 i = 0, num_elems = 0;
6136
6137 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6138 int ret;
6139
6140 ret = validate_ie_attr(nl_elems, extack);
6141 if (ret)
6142 return ERR_PTR(ret);
6143
6144 num_elems++;
6145 }
6146
6147 elems = kzalloc_flex(*elems, elem, num_elems);
6148 if (!elems)
6149 return ERR_PTR(-ENOMEM);
6150 elems->cnt = num_elems;
6151
6152 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6153 elems->elem[i].data = nla_data(nl_elems);
6154 elems->elem[i].len = nla_len(nl_elems);
6155 i++;
6156 }
6157 return elems;
6158 }
6159
nl80211_parse_he_bss_color(struct nlattr * attrs,struct cfg80211_he_bss_color * he_bss_color)6160 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
6161 struct cfg80211_he_bss_color *he_bss_color)
6162 {
6163 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
6164 int err;
6165
6166 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
6167 he_bss_color_policy, NULL);
6168 if (err)
6169 return err;
6170
6171 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
6172 return -EINVAL;
6173
6174 he_bss_color->color =
6175 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
6176 he_bss_color->enabled =
6177 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
6178 he_bss_color->partial =
6179 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
6180
6181 return 0;
6182 }
6183
nl80211_parse_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct cfg80211_beacon_data * bcn,struct netlink_ext_ack * extack)6184 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
6185 struct nlattr *attrs[],
6186 struct cfg80211_beacon_data *bcn,
6187 struct netlink_ext_ack *extack)
6188 {
6189 bool haveinfo = false;
6190 int err;
6191
6192 memset(bcn, 0, sizeof(*bcn));
6193
6194 bcn->link_id = nl80211_link_id(attrs);
6195
6196 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
6197 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
6198 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
6199 if (!bcn->head_len)
6200 return -EINVAL;
6201 haveinfo = true;
6202 }
6203
6204 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
6205 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
6206 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
6207 haveinfo = true;
6208 }
6209
6210 if (!haveinfo)
6211 return -EINVAL;
6212
6213 if (attrs[NL80211_ATTR_IE]) {
6214 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
6215 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
6216 }
6217
6218 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
6219 bcn->proberesp_ies =
6220 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
6221 bcn->proberesp_ies_len =
6222 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
6223 }
6224
6225 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
6226 bcn->assocresp_ies =
6227 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
6228 bcn->assocresp_ies_len =
6229 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
6230 }
6231
6232 if (attrs[NL80211_ATTR_PROBE_RESP]) {
6233 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
6234 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
6235 }
6236
6237 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
6238 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
6239
6240 err = nla_parse_nested_deprecated(tb,
6241 NL80211_FTM_RESP_ATTR_MAX,
6242 attrs[NL80211_ATTR_FTM_RESPONDER],
6243 NULL, NULL);
6244 if (err)
6245 return err;
6246
6247 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
6248 wiphy_ext_feature_isset(&rdev->wiphy,
6249 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
6250 bcn->ftm_responder = 1;
6251 else
6252 return -EOPNOTSUPP;
6253
6254 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
6255 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
6256 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
6257 }
6258
6259 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
6260 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
6261 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
6262 }
6263 } else {
6264 bcn->ftm_responder = -1;
6265 }
6266
6267 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
6268 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
6269 &bcn->he_bss_color);
6270 if (err)
6271 return err;
6272 bcn->he_bss_color_valid = true;
6273 }
6274
6275 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
6276 struct cfg80211_mbssid_elems *mbssid =
6277 nl80211_parse_mbssid_elems(&rdev->wiphy,
6278 attrs[NL80211_ATTR_MBSSID_ELEMS]);
6279
6280 if (IS_ERR(mbssid))
6281 return PTR_ERR(mbssid);
6282
6283 bcn->mbssid_ies = mbssid;
6284
6285 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
6286 struct cfg80211_rnr_elems *rnr =
6287 nl80211_parse_rnr_elems(&rdev->wiphy,
6288 attrs[NL80211_ATTR_EMA_RNR_ELEMS],
6289 extack);
6290
6291 if (IS_ERR(rnr))
6292 return PTR_ERR(rnr);
6293
6294 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
6295 return -EINVAL;
6296
6297 bcn->rnr_ies = rnr;
6298 }
6299 }
6300
6301 return 0;
6302 }
6303
nl80211_parse_he_obss_pd(struct nlattr * attrs,struct ieee80211_he_obss_pd * he_obss_pd)6304 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
6305 struct ieee80211_he_obss_pd *he_obss_pd)
6306 {
6307 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
6308 int err;
6309
6310 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
6311 he_obss_pd_policy, NULL);
6312 if (err)
6313 return err;
6314
6315 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
6316 return -EINVAL;
6317
6318 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
6319
6320 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
6321 he_obss_pd->min_offset =
6322 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
6323 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
6324 he_obss_pd->max_offset =
6325 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
6326 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
6327 he_obss_pd->non_srg_max_offset =
6328 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
6329
6330 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
6331 return -EINVAL;
6332
6333 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
6334 memcpy(he_obss_pd->bss_color_bitmap,
6335 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
6336 sizeof(he_obss_pd->bss_color_bitmap));
6337
6338 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
6339 memcpy(he_obss_pd->partial_bssid_bitmap,
6340 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
6341 sizeof(he_obss_pd->partial_bssid_bitmap));
6342
6343 he_obss_pd->enable = true;
6344
6345 return 0;
6346 }
6347
nl80211_parse_fils_discovery(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_fils_discovery * fd)6348 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
6349 struct nlattr *attrs,
6350 struct cfg80211_fils_discovery *fd)
6351 {
6352 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
6353 int ret;
6354
6355 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6356 NL80211_EXT_FEATURE_FILS_DISCOVERY))
6357 return -EINVAL;
6358
6359 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
6360 NULL, NULL);
6361 if (ret)
6362 return ret;
6363
6364 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
6365 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
6366 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
6367 fd->update = true;
6368 return 0;
6369 }
6370
6371 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
6372 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
6373 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
6374 return -EINVAL;
6375
6376 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
6377 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
6378 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
6379 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
6380 fd->update = true;
6381 return 0;
6382 }
6383
6384 static int
nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_unsol_bcast_probe_resp * presp)6385 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
6386 struct nlattr *attrs,
6387 struct cfg80211_unsol_bcast_probe_resp *presp)
6388 {
6389 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
6390 int ret;
6391
6392 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6393 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
6394 return -EINVAL;
6395
6396 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
6397 attrs, NULL, NULL);
6398 if (ret)
6399 return ret;
6400
6401 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
6402 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
6403 presp->update = true;
6404 return 0;
6405 }
6406
6407 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
6408 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
6409 return -EINVAL;
6410
6411 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6412 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6413 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
6414 presp->update = true;
6415 return 0;
6416 }
6417
nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings * params,const struct element * rates)6418 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
6419 const struct element *rates)
6420 {
6421 int i;
6422
6423 if (!rates)
6424 return;
6425
6426 for (i = 0; i < rates->datalen; i++) {
6427 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
6428 params->ht_required = true;
6429 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
6430 params->vht_required = true;
6431 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
6432 params->he_required = true;
6433 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
6434 params->sae_h2e_required = true;
6435 }
6436 }
6437
6438 /*
6439 * Since the nl80211 API didn't include, from the beginning, attributes about
6440 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
6441 * benefit of drivers that rebuild IEs in the firmware.
6442 */
nl80211_calculate_ap_params(struct cfg80211_ap_settings * params)6443 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
6444 {
6445 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
6446 size_t ies_len = bcn->tail_len;
6447 const u8 *ies = bcn->tail;
6448 const struct element *rates;
6449 const struct element *cap;
6450
6451 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
6452 nl80211_check_ap_rate_selectors(params, rates);
6453
6454 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
6455 nl80211_check_ap_rate_selectors(params, rates);
6456
6457 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
6458 if (cap && cap->datalen >= sizeof(*params->ht_cap))
6459 params->ht_cap = (void *)cap->data;
6460 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
6461 if (cap && cap->datalen >= sizeof(*params->vht_cap))
6462 params->vht_cap = (void *)cap->data;
6463 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
6464 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1)
6465 params->he_cap = (void *)(cap->data + 1);
6466 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
6467 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1)
6468 params->he_oper = (void *)(cap->data + 1);
6469 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
6470 if (cap) {
6471 if (!cap->datalen)
6472 return -EINVAL;
6473 params->eht_cap = (void *)(cap->data + 1);
6474 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
6475 (const u8 *)params->eht_cap,
6476 cap->datalen - 1, true))
6477 return -EINVAL;
6478 }
6479 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
6480 if (cap) {
6481 if (!cap->datalen)
6482 return -EINVAL;
6483 params->eht_oper = (void *)(cap->data + 1);
6484 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper,
6485 cap->datalen - 1))
6486 return -EINVAL;
6487 }
6488
6489 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_UHR_OPER, ies, ies_len);
6490 if (cap) {
6491 if (!cap->datalen)
6492 return -EINVAL;
6493 params->uhr_oper = (void *)(cap->data + 1);
6494 if (!ieee80211_uhr_oper_size_ok((const u8 *)params->uhr_oper,
6495 cap->datalen - 1, true))
6496 return -EINVAL;
6497 }
6498
6499 return 0;
6500 }
6501
nl80211_get_ap_channel(struct cfg80211_registered_device * rdev,struct cfg80211_ap_settings * params)6502 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
6503 struct cfg80211_ap_settings *params)
6504 {
6505 struct wireless_dev *wdev;
6506
6507 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
6508 if (wdev->iftype != NL80211_IFTYPE_AP &&
6509 wdev->iftype != NL80211_IFTYPE_P2P_GO)
6510 continue;
6511
6512 if (!wdev->u.ap.preset_chandef.chan)
6513 continue;
6514
6515 params->chandef = wdev->u.ap.preset_chandef;
6516 return true;
6517 }
6518
6519 return false;
6520 }
6521
nl80211_valid_auth_type(struct cfg80211_registered_device * rdev,enum nl80211_auth_type auth_type,enum nl80211_commands cmd)6522 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
6523 enum nl80211_auth_type auth_type,
6524 enum nl80211_commands cmd)
6525 {
6526 if (auth_type > NL80211_AUTHTYPE_MAX)
6527 return false;
6528
6529 switch (cmd) {
6530 case NL80211_CMD_AUTHENTICATE:
6531 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6532 auth_type == NL80211_AUTHTYPE_SAE)
6533 return false;
6534 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6535 NL80211_EXT_FEATURE_FILS_STA) &&
6536 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6537 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6538 auth_type == NL80211_AUTHTYPE_FILS_PK))
6539 return false;
6540 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6541 NL80211_EXT_FEATURE_EPPKE) &&
6542 auth_type == NL80211_AUTHTYPE_EPPKE)
6543 return false;
6544 return true;
6545 case NL80211_CMD_CONNECT:
6546 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6547 !wiphy_ext_feature_isset(&rdev->wiphy,
6548 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
6549 auth_type == NL80211_AUTHTYPE_SAE)
6550 return false;
6551
6552 /* FILS with SK PFS or PK not supported yet */
6553 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6554 auth_type == NL80211_AUTHTYPE_FILS_PK)
6555 return false;
6556 if (!wiphy_ext_feature_isset(
6557 &rdev->wiphy,
6558 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
6559 auth_type == NL80211_AUTHTYPE_FILS_SK)
6560 return false;
6561 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6562 NL80211_EXT_FEATURE_EPPKE) &&
6563 auth_type == NL80211_AUTHTYPE_EPPKE)
6564 return false;
6565 return true;
6566 case NL80211_CMD_START_AP:
6567 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6568 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
6569 auth_type == NL80211_AUTHTYPE_SAE)
6570 return false;
6571 /* FILS not supported yet */
6572 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6573 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6574 auth_type == NL80211_AUTHTYPE_FILS_PK)
6575 return false;
6576 return true;
6577 default:
6578 return false;
6579 }
6580 }
6581
nl80211_send_ap_started(struct wireless_dev * wdev,unsigned int link_id)6582 static void nl80211_send_ap_started(struct wireless_dev *wdev,
6583 unsigned int link_id)
6584 {
6585 struct wiphy *wiphy = wdev->wiphy;
6586 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6587 struct sk_buff *msg;
6588 void *hdr;
6589
6590 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6591 if (!msg)
6592 return;
6593
6594 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
6595 if (!hdr)
6596 goto out;
6597
6598 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6599 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
6600 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
6601 NL80211_ATTR_PAD) ||
6602 (wdev->u.ap.ssid_len &&
6603 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
6604 wdev->u.ap.ssid)) ||
6605 (wdev->valid_links &&
6606 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
6607 goto out;
6608
6609 genlmsg_end(msg, hdr);
6610
6611 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
6612 NL80211_MCGRP_MLME, GFP_KERNEL);
6613 return;
6614 out:
6615 nlmsg_free(msg);
6616 }
6617
nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings * params)6618 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
6619 {
6620 struct ieee80211_channel *channel = params->chandef.chan;
6621
6622 if ((params->he_cap || params->he_oper) &&
6623 (channel->flags & IEEE80211_CHAN_NO_HE))
6624 return -EOPNOTSUPP;
6625
6626 if ((params->eht_cap || params->eht_oper) &&
6627 (channel->flags & IEEE80211_CHAN_NO_EHT))
6628 return -EOPNOTSUPP;
6629
6630 if (params->uhr_oper && (channel->flags & IEEE80211_CHAN_NO_UHR))
6631 return -EOPNOTSUPP;
6632
6633 return 0;
6634 }
6635
6636 static int
nl80211_parse_s1g_short_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_s1g_short_beacon * sb)6637 nl80211_parse_s1g_short_beacon(struct cfg80211_registered_device *rdev,
6638 struct nlattr *attrs,
6639 struct cfg80211_s1g_short_beacon *sb)
6640 {
6641 struct nlattr *tb[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1];
6642 int ret;
6643
6644 if (!rdev->wiphy.bands[NL80211_BAND_S1GHZ])
6645 return -EINVAL;
6646
6647 ret = nla_parse_nested(tb, NL80211_S1G_SHORT_BEACON_ATTR_MAX, attrs,
6648 NULL, NULL);
6649 if (ret)
6650 return ret;
6651
6652 /* Short beacon tail is optional (i.e might only include the TIM) */
6653 if (!tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD])
6654 return -EINVAL;
6655
6656 sb->short_head = nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
6657 sb->short_head_len = nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
6658 sb->short_tail_len = 0;
6659
6660 if (tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]) {
6661 sb->short_tail =
6662 nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
6663 sb->short_tail_len =
6664 nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
6665 }
6666
6667 sb->update = true;
6668 return 0;
6669 }
6670
nl80211_start_ap(struct sk_buff * skb,struct genl_info * info)6671 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
6672 {
6673 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6674 struct cfg80211_beaconing_check_config beacon_check = {};
6675 unsigned int link_id = nl80211_link_id(info->attrs);
6676 struct net_device *dev = info->user_ptr[1];
6677 struct wireless_dev *wdev = dev->ieee80211_ptr;
6678 struct cfg80211_ap_settings *params;
6679 int err;
6680
6681 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6682 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6683 return -EOPNOTSUPP;
6684
6685 if (!rdev->ops->start_ap)
6686 return -EOPNOTSUPP;
6687
6688 if (wdev->links[link_id].cac_started)
6689 return -EBUSY;
6690
6691 if (wdev->links[link_id].ap.beacon_interval)
6692 return -EALREADY;
6693
6694 /* these are required for START_AP */
6695 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
6696 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
6697 !info->attrs[NL80211_ATTR_BEACON_HEAD])
6698 return -EINVAL;
6699
6700 if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
6701 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
6702 return -EOPNOTSUPP;
6703
6704 params = kzalloc_obj(*params);
6705 if (!params)
6706 return -ENOMEM;
6707
6708 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6709 info->extack);
6710 if (err)
6711 goto out;
6712
6713 params->beacon_interval =
6714 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6715 params->dtim_period =
6716 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
6717
6718 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
6719 params->beacon_interval);
6720 if (err)
6721 goto out;
6722
6723 /*
6724 * In theory, some of these attributes should be required here
6725 * but since they were not used when the command was originally
6726 * added, keep them optional for old user space programs to let
6727 * them continue to work with drivers that do not need the
6728 * additional information -- drivers must check!
6729 */
6730 if (info->attrs[NL80211_ATTR_SSID]) {
6731 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6732 params->ssid_len =
6733 nla_len(info->attrs[NL80211_ATTR_SSID]);
6734 if (params->ssid_len == 0) {
6735 err = -EINVAL;
6736 goto out;
6737 }
6738
6739 if (wdev->u.ap.ssid_len &&
6740 (wdev->u.ap.ssid_len != params->ssid_len ||
6741 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
6742 /* require identical SSID for MLO */
6743 err = -EINVAL;
6744 goto out;
6745 }
6746 } else if (wdev->valid_links) {
6747 /* require SSID for MLO */
6748 err = -EINVAL;
6749 goto out;
6750 }
6751
6752 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
6753 params->hidden_ssid = nla_get_u32(
6754 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
6755
6756 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6757
6758 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6759 params->auth_type = nla_get_u32(
6760 info->attrs[NL80211_ATTR_AUTH_TYPE]);
6761 if (!nl80211_valid_auth_type(rdev, params->auth_type,
6762 NL80211_CMD_START_AP)) {
6763 err = -EINVAL;
6764 goto out;
6765 }
6766 } else
6767 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6768
6769 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto,
6770 NL80211_MAX_NR_CIPHER_SUITES);
6771 if (err)
6772 goto out;
6773
6774 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
6775 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
6776 err = -EOPNOTSUPP;
6777 goto out;
6778 }
6779 params->inactivity_timeout = nla_get_u16(
6780 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
6781 }
6782
6783 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6784 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6785 err = -EINVAL;
6786 goto out;
6787 }
6788 params->p2p_ctwindow =
6789 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6790 if (params->p2p_ctwindow != 0 &&
6791 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
6792 err = -EINVAL;
6793 goto out;
6794 }
6795 }
6796
6797 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6798 u8 tmp;
6799
6800 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6801 err = -EINVAL;
6802 goto out;
6803 }
6804 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6805 params->p2p_opp_ps = tmp;
6806 if (params->p2p_opp_ps != 0 &&
6807 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
6808 err = -EINVAL;
6809 goto out;
6810 }
6811 }
6812
6813 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6814 err = nl80211_parse_chandef(rdev, info, ¶ms->chandef);
6815 if (err)
6816 goto out;
6817 } else if (wdev->valid_links) {
6818 /* with MLD need to specify the channel configuration */
6819 err = -EINVAL;
6820 goto out;
6821 } else if (wdev->u.ap.preset_chandef.chan) {
6822 params->chandef = wdev->u.ap.preset_chandef;
6823 } else if (!nl80211_get_ap_channel(rdev, params)) {
6824 err = -EINVAL;
6825 goto out;
6826 }
6827
6828 beacon_check.iftype = wdev->iftype;
6829 beacon_check.relax = true;
6830 beacon_check.reg_power =
6831 cfg80211_get_6ghz_power_type(params->beacon.tail,
6832 params->beacon.tail_len, 0);
6833 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, ¶ms->chandef,
6834 &beacon_check)) {
6835 err = -EINVAL;
6836 goto out;
6837 }
6838
6839 if (info->attrs[NL80211_ATTR_TX_RATES]) {
6840 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
6841 NL80211_ATTR_TX_RATES,
6842 ¶ms->beacon_rate,
6843 dev, false, link_id);
6844 if (err)
6845 goto out;
6846
6847 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
6848 ¶ms->beacon_rate);
6849 if (err)
6850 goto out;
6851 }
6852
6853 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
6854 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
6855 err = -EOPNOTSUPP;
6856 goto out;
6857 }
6858
6859 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
6860 params->acl = parse_acl_data(&rdev->wiphy, info);
6861 if (IS_ERR(params->acl)) {
6862 err = PTR_ERR(params->acl);
6863 params->acl = NULL;
6864 goto out;
6865 }
6866 }
6867
6868 params->twt_responder =
6869 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
6870
6871 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
6872 err = nl80211_parse_he_obss_pd(
6873 info->attrs[NL80211_ATTR_HE_OBSS_PD],
6874 ¶ms->he_obss_pd);
6875 if (err)
6876 goto out;
6877 }
6878
6879 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
6880 err = nl80211_parse_fils_discovery(rdev,
6881 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
6882 ¶ms->fils_discovery);
6883 if (err)
6884 goto out;
6885 }
6886
6887 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
6888 err = nl80211_parse_unsol_bcast_probe_resp(
6889 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
6890 ¶ms->unsol_bcast_probe_resp);
6891 if (err)
6892 goto out;
6893 }
6894
6895 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
6896 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev, link_id,
6897 info->attrs[NL80211_ATTR_MBSSID_CONFIG],
6898 ¶ms->mbssid_config,
6899 params->beacon.mbssid_ies ?
6900 params->beacon.mbssid_ies->cnt :
6901 0);
6902 if (err)
6903 goto out;
6904 }
6905
6906 if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
6907 err = -EINVAL;
6908 goto out;
6909 }
6910
6911 if (info->attrs[NL80211_ATTR_S1G_SHORT_BEACON]) {
6912 if (!info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]) {
6913 err = -EINVAL;
6914 goto out;
6915 }
6916
6917 params->s1g_long_beacon_period = nla_get_u8(
6918 info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]);
6919
6920 err = nl80211_parse_s1g_short_beacon(
6921 rdev, info->attrs[NL80211_ATTR_S1G_SHORT_BEACON],
6922 ¶ms->s1g_short_beacon);
6923 if (err)
6924 goto out;
6925 }
6926
6927 err = nl80211_calculate_ap_params(params);
6928 if (err)
6929 goto out;
6930
6931 err = nl80211_validate_ap_phy_operation(params);
6932 if (err)
6933 goto out;
6934
6935 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
6936 params->flags = nla_get_u32(
6937 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
6938 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
6939 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
6940
6941 if (wdev->conn_owner_nlportid &&
6942 info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
6943 wdev->conn_owner_nlportid != info->snd_portid) {
6944 err = -EINVAL;
6945 goto out;
6946 }
6947
6948 /* FIXME: validate MLO/link-id against driver capabilities */
6949
6950 err = rdev_start_ap(rdev, dev, params);
6951 if (!err) {
6952 wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
6953 wdev->links[link_id].ap.chandef = params->chandef;
6954 wdev->u.ap.ssid_len = params->ssid_len;
6955 memcpy(wdev->u.ap.ssid, params->ssid,
6956 params->ssid_len);
6957
6958 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6959 wdev->conn_owner_nlportid = info->snd_portid;
6960
6961 nl80211_send_ap_started(wdev, link_id);
6962 }
6963 out:
6964 kfree(params->acl);
6965 kfree(params->beacon.mbssid_ies);
6966 if (params->mbssid_config.tx_wdev &&
6967 params->mbssid_config.tx_wdev->netdev &&
6968 params->mbssid_config.tx_wdev->netdev != dev)
6969 dev_put(params->mbssid_config.tx_wdev->netdev);
6970 kfree(params->beacon.rnr_ies);
6971 kfree(params);
6972
6973 return err;
6974 }
6975
nl80211_set_beacon(struct sk_buff * skb,struct genl_info * info)6976 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
6977 {
6978 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6979 struct cfg80211_beaconing_check_config beacon_check = {};
6980 unsigned int link_id = nl80211_link_id(info->attrs);
6981 struct net_device *dev = info->user_ptr[1];
6982 struct wireless_dev *wdev = dev->ieee80211_ptr;
6983 struct cfg80211_ap_update *params;
6984 struct nlattr *attr;
6985 int err;
6986
6987 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6988 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6989 return -EOPNOTSUPP;
6990
6991 if (!rdev->ops->change_beacon)
6992 return -EOPNOTSUPP;
6993
6994 if (!wdev->links[link_id].ap.beacon_interval)
6995 return -EINVAL;
6996
6997 params = kzalloc_obj(*params);
6998 if (!params)
6999 return -ENOMEM;
7000
7001 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
7002 info->extack);
7003 if (err)
7004 goto out;
7005
7006 /* recheck beaconing is permitted with possibly changed power type */
7007 beacon_check.iftype = wdev->iftype;
7008 beacon_check.relax = true;
7009 beacon_check.reg_power =
7010 cfg80211_get_6ghz_power_type(params->beacon.tail,
7011 params->beacon.tail_len, 0);
7012 if (!cfg80211_reg_check_beaconing(&rdev->wiphy,
7013 &wdev->links[link_id].ap.chandef,
7014 &beacon_check)) {
7015 err = -EINVAL;
7016 goto out;
7017 }
7018
7019 attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
7020 if (attr) {
7021 err = nl80211_parse_fils_discovery(rdev, attr,
7022 ¶ms->fils_discovery);
7023 if (err)
7024 goto out;
7025 }
7026
7027 attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
7028 if (attr) {
7029 err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
7030 ¶ms->unsol_bcast_probe_resp);
7031 if (err)
7032 goto out;
7033 }
7034
7035 attr = info->attrs[NL80211_ATTR_S1G_SHORT_BEACON];
7036 if (attr) {
7037 err = nl80211_parse_s1g_short_beacon(rdev, attr,
7038 ¶ms->s1g_short_beacon);
7039 if (err)
7040 goto out;
7041 }
7042
7043 err = rdev_change_beacon(rdev, dev, params);
7044
7045 out:
7046 kfree(params->beacon.mbssid_ies);
7047 kfree(params->beacon.rnr_ies);
7048 kfree(params);
7049 return err;
7050 }
7051
nl80211_stop_ap(struct sk_buff * skb,struct genl_info * info)7052 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
7053 {
7054 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7055 unsigned int link_id = nl80211_link_id(info->attrs);
7056 struct net_device *dev = info->user_ptr[1];
7057
7058 return cfg80211_stop_ap(rdev, dev, link_id, false);
7059 }
7060
7061 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
7062 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
7063 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
7064 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
7065 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
7066 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
7067 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
7068 };
7069
parse_station_flags(struct genl_info * info,enum nl80211_iftype iftype,struct station_parameters * params)7070 static int parse_station_flags(struct genl_info *info,
7071 enum nl80211_iftype iftype,
7072 struct station_parameters *params)
7073 {
7074 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
7075 struct nlattr *nla;
7076 int flag;
7077
7078 /*
7079 * Try parsing the new attribute first so userspace
7080 * can specify both for older kernels.
7081 */
7082 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
7083 if (nla) {
7084 struct nl80211_sta_flag_update *sta_flags;
7085
7086 sta_flags = nla_data(nla);
7087 params->sta_flags_mask = sta_flags->mask;
7088 params->sta_flags_set = sta_flags->set;
7089 params->sta_flags_set &= params->sta_flags_mask;
7090 if ((params->sta_flags_mask |
7091 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
7092 return -EINVAL;
7093 return 0;
7094 }
7095
7096 /* if present, parse the old attribute */
7097
7098 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
7099 if (!nla)
7100 return 0;
7101
7102 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
7103 return -EINVAL;
7104
7105 /*
7106 * Only allow certain flags for interface types so that
7107 * other attributes are silently ignored. Remember that
7108 * this is backward compatibility code with old userspace
7109 * and shouldn't be hit in other cases anyway.
7110 */
7111 switch (iftype) {
7112 case NL80211_IFTYPE_AP:
7113 case NL80211_IFTYPE_AP_VLAN:
7114 case NL80211_IFTYPE_P2P_GO:
7115 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
7116 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
7117 BIT(NL80211_STA_FLAG_WME) |
7118 BIT(NL80211_STA_FLAG_MFP);
7119 break;
7120 case NL80211_IFTYPE_P2P_CLIENT:
7121 case NL80211_IFTYPE_STATION:
7122 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
7123 BIT(NL80211_STA_FLAG_TDLS_PEER);
7124 break;
7125 case NL80211_IFTYPE_MESH_POINT:
7126 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7127 BIT(NL80211_STA_FLAG_MFP) |
7128 BIT(NL80211_STA_FLAG_AUTHORIZED);
7129 break;
7130 default:
7131 return -EINVAL;
7132 }
7133
7134 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
7135 if (flags[flag]) {
7136 params->sta_flags_set |= (1<<flag);
7137
7138 /* no longer support new API additions in old API */
7139 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
7140 return -EINVAL;
7141 }
7142 }
7143
7144 return 0;
7145 }
7146
nl80211_put_sta_rate(struct sk_buff * msg,struct rate_info * info,int attr)7147 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
7148 {
7149 struct nlattr *rate;
7150 u32 bitrate;
7151 u16 bitrate_compat;
7152 enum nl80211_rate_info rate_flg;
7153
7154 rate = nla_nest_start_noflag(msg, attr);
7155 if (!rate)
7156 return false;
7157
7158 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
7159 bitrate = cfg80211_calculate_bitrate(info);
7160 /* report 16-bit bitrate only if we can */
7161 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
7162 if (bitrate > 0 &&
7163 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
7164 return false;
7165 if (bitrate_compat > 0 &&
7166 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
7167 return false;
7168
7169 switch (info->bw) {
7170 case RATE_INFO_BW_1:
7171 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
7172 break;
7173 case RATE_INFO_BW_2:
7174 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
7175 break;
7176 case RATE_INFO_BW_4:
7177 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
7178 break;
7179 case RATE_INFO_BW_5:
7180 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
7181 break;
7182 case RATE_INFO_BW_8:
7183 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
7184 break;
7185 case RATE_INFO_BW_10:
7186 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
7187 break;
7188 case RATE_INFO_BW_16:
7189 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
7190 break;
7191 default:
7192 WARN_ON(1);
7193 fallthrough;
7194 case RATE_INFO_BW_20:
7195 rate_flg = 0;
7196 break;
7197 case RATE_INFO_BW_40:
7198 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
7199 break;
7200 case RATE_INFO_BW_80:
7201 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
7202 break;
7203 case RATE_INFO_BW_160:
7204 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
7205 break;
7206 case RATE_INFO_BW_HE_RU:
7207 rate_flg = 0;
7208 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
7209 break;
7210 case RATE_INFO_BW_320:
7211 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
7212 break;
7213 case RATE_INFO_BW_EHT_RU:
7214 rate_flg = 0;
7215 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS) &&
7216 !(info->flags & RATE_INFO_FLAGS_UHR_MCS));
7217 break;
7218 }
7219
7220 if (rate_flg && nla_put_flag(msg, rate_flg))
7221 return false;
7222
7223 if (info->flags & RATE_INFO_FLAGS_MCS) {
7224 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
7225 return false;
7226 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7227 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7228 return false;
7229 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
7230 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
7231 return false;
7232 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
7233 return false;
7234 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7235 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7236 return false;
7237 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
7238 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
7239 return false;
7240 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
7241 return false;
7242 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
7243 return false;
7244 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
7245 return false;
7246 if (info->bw == RATE_INFO_BW_HE_RU &&
7247 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
7248 info->he_ru_alloc))
7249 return false;
7250 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
7251 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
7252 return false;
7253 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
7254 return false;
7255 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7256 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7257 return false;
7258 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
7259 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
7260 return false;
7261 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
7262 return false;
7263 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
7264 return false;
7265 if (info->bw == RATE_INFO_BW_EHT_RU &&
7266 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
7267 info->eht_ru_alloc))
7268 return false;
7269 } else if (info->flags & RATE_INFO_FLAGS_UHR_MCS) {
7270 if (nla_put_u8(msg, NL80211_RATE_INFO_UHR_MCS, info->mcs))
7271 return false;
7272 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
7273 return false;
7274 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
7275 return false;
7276 if (info->bw == RATE_INFO_BW_EHT_RU &&
7277 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
7278 info->eht_ru_alloc))
7279 return false;
7280 if (info->flags & RATE_INFO_FLAGS_UHR_ELR_MCS &&
7281 nla_put_flag(msg, NL80211_RATE_INFO_UHR_ELR))
7282 return false;
7283 if (info->flags & RATE_INFO_FLAGS_UHR_IM &&
7284 nla_put_flag(msg, NL80211_RATE_INFO_UHR_IM))
7285 return false;
7286 }
7287
7288 nla_nest_end(msg, rate);
7289 return true;
7290 }
7291
nl80211_put_signal(struct sk_buff * msg,u8 mask,s8 * signal,int id)7292 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
7293 int id)
7294 {
7295 void *attr;
7296 int i = 0;
7297
7298 if (!mask)
7299 return true;
7300
7301 attr = nla_nest_start_noflag(msg, id);
7302 if (!attr)
7303 return false;
7304
7305 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
7306 if (!(mask & BIT(i)))
7307 continue;
7308
7309 if (nla_put_u8(msg, i, signal[i]))
7310 return false;
7311 }
7312
7313 nla_nest_end(msg, attr);
7314
7315 return true;
7316 }
7317
nl80211_fill_link_station(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct link_station_info * link_sinfo)7318 static int nl80211_fill_link_station(struct sk_buff *msg,
7319 struct cfg80211_registered_device *rdev,
7320 struct link_station_info *link_sinfo)
7321 {
7322 struct nlattr *bss_param, *link_sinfoattr;
7323
7324 #define PUT_LINK_SINFO(attr, memb, type) do { \
7325 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
7326 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7327 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
7328 link_sinfo->memb)) \
7329 goto nla_put_failure; \
7330 } while (0)
7331 #define PUT_LINK_SINFO_U64(attr, memb) do { \
7332 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7333 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
7334 link_sinfo->memb, NL80211_STA_INFO_PAD)) \
7335 goto nla_put_failure; \
7336 } while (0)
7337
7338 link_sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
7339 if (!link_sinfoattr)
7340 goto nla_put_failure;
7341
7342 PUT_LINK_SINFO(INACTIVE_TIME, inactive_time, u32);
7343
7344 if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7345 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
7346 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
7347 (u32)link_sinfo->rx_bytes))
7348 goto nla_put_failure;
7349
7350 if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7351 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
7352 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
7353 (u32)link_sinfo->tx_bytes))
7354 goto nla_put_failure;
7355
7356 PUT_LINK_SINFO_U64(RX_BYTES64, rx_bytes);
7357 PUT_LINK_SINFO_U64(TX_BYTES64, tx_bytes);
7358 PUT_LINK_SINFO_U64(RX_DURATION, rx_duration);
7359 PUT_LINK_SINFO_U64(TX_DURATION, tx_duration);
7360
7361 if (wiphy_ext_feature_isset(&rdev->wiphy,
7362 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7363 PUT_LINK_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
7364
7365 switch (rdev->wiphy.signal_type) {
7366 case CFG80211_SIGNAL_TYPE_MBM:
7367 PUT_LINK_SINFO(SIGNAL, signal, u8);
7368 PUT_LINK_SINFO(SIGNAL_AVG, signal_avg, u8);
7369 break;
7370 default:
7371 break;
7372 }
7373 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
7374 if (!nl80211_put_signal(msg, link_sinfo->chains,
7375 link_sinfo->chain_signal,
7376 NL80211_STA_INFO_CHAIN_SIGNAL))
7377 goto nla_put_failure;
7378 }
7379 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
7380 if (!nl80211_put_signal(msg, link_sinfo->chains,
7381 link_sinfo->chain_signal_avg,
7382 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
7383 goto nla_put_failure;
7384 }
7385 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
7386 if (!nl80211_put_sta_rate(msg, &link_sinfo->txrate,
7387 NL80211_STA_INFO_TX_BITRATE))
7388 goto nla_put_failure;
7389 }
7390 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
7391 if (!nl80211_put_sta_rate(msg, &link_sinfo->rxrate,
7392 NL80211_STA_INFO_RX_BITRATE))
7393 goto nla_put_failure;
7394 }
7395
7396 PUT_LINK_SINFO(RX_PACKETS, rx_packets, u32);
7397 PUT_LINK_SINFO(TX_PACKETS, tx_packets, u32);
7398 PUT_LINK_SINFO(TX_RETRIES, tx_retries, u32);
7399 PUT_LINK_SINFO(TX_FAILED, tx_failed, u32);
7400 PUT_LINK_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
7401 PUT_LINK_SINFO(BEACON_LOSS, beacon_loss_count, u32);
7402
7403 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
7404 bss_param = nla_nest_start_noflag(msg,
7405 NL80211_STA_INFO_BSS_PARAM);
7406 if (!bss_param)
7407 goto nla_put_failure;
7408
7409 if (((link_sinfo->bss_param.flags &
7410 BSS_PARAM_FLAGS_CTS_PROT) &&
7411 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
7412 ((link_sinfo->bss_param.flags &
7413 BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
7414 nla_put_flag(msg,
7415 NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
7416 ((link_sinfo->bss_param.flags &
7417 BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
7418 nla_put_flag(msg,
7419 NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
7420 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
7421 link_sinfo->bss_param.dtim_period) ||
7422 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
7423 link_sinfo->bss_param.beacon_interval))
7424 goto nla_put_failure;
7425
7426 nla_nest_end(msg, bss_param);
7427 }
7428
7429 PUT_LINK_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
7430 PUT_LINK_SINFO_U64(BEACON_RX, rx_beacon);
7431 PUT_LINK_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
7432 PUT_LINK_SINFO(RX_MPDUS, rx_mpdu_count, u32);
7433 PUT_LINK_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
7434 if (wiphy_ext_feature_isset(&rdev->wiphy,
7435 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
7436 PUT_LINK_SINFO(ACK_SIGNAL, ack_signal, u8);
7437 PUT_LINK_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
7438 }
7439
7440 #undef PUT_LINK_SINFO
7441 #undef PUT_LINK_SINFO_U64
7442
7443 if (link_sinfo->pertid) {
7444 struct nlattr *tidsattr;
7445 int tid;
7446
7447 tidsattr = nla_nest_start_noflag(msg,
7448 NL80211_STA_INFO_TID_STATS);
7449 if (!tidsattr)
7450 goto nla_put_failure;
7451
7452 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
7453 struct cfg80211_tid_stats *tidstats;
7454 struct nlattr *tidattr;
7455
7456 tidstats = &link_sinfo->pertid[tid];
7457
7458 if (!tidstats->filled)
7459 continue;
7460
7461 tidattr = nla_nest_start_noflag(msg, tid + 1);
7462 if (!tidattr)
7463 goto nla_put_failure;
7464
7465 #define PUT_TIDVAL_U64(attr, memb) do { \
7466 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
7467 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
7468 tidstats->memb, NL80211_TID_STATS_PAD)) \
7469 goto nla_put_failure; \
7470 } while (0)
7471
7472 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
7473 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
7474 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
7475 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
7476
7477 #undef PUT_TIDVAL_U64
7478 if ((tidstats->filled &
7479 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
7480 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
7481 NL80211_TID_STATS_TXQ_STATS))
7482 goto nla_put_failure;
7483
7484 nla_nest_end(msg, tidattr);
7485 }
7486
7487 nla_nest_end(msg, tidsattr);
7488 }
7489
7490 nla_nest_end(msg, link_sinfoattr);
7491 return 0;
7492
7493 nla_put_failure:
7494 return -EMSGSIZE;
7495 }
7496
nl80211_send_station(struct sk_buff * msg,u32 cmd,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,bool link_stats)7497 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
7498 u32 seq, int flags,
7499 struct cfg80211_registered_device *rdev,
7500 struct net_device *dev,
7501 const u8 *mac_addr, struct station_info *sinfo,
7502 bool link_stats)
7503 {
7504 void *hdr;
7505 struct nlattr *sinfoattr, *bss_param;
7506 struct link_station_info *link_sinfo;
7507 struct nlattr *links, *link;
7508 int link_id;
7509
7510 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
7511 if (!hdr) {
7512 cfg80211_sinfo_release_content(sinfo);
7513 return -1;
7514 }
7515
7516 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7517 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
7518 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
7519 goto nla_put_failure;
7520
7521 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
7522 if (!sinfoattr)
7523 goto nla_put_failure;
7524
7525 #define PUT_SINFO(attr, memb, type) do { \
7526 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
7527 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7528 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
7529 sinfo->memb)) \
7530 goto nla_put_failure; \
7531 } while (0)
7532 #define PUT_SINFO_U64(attr, memb) do { \
7533 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7534 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
7535 sinfo->memb, NL80211_STA_INFO_PAD)) \
7536 goto nla_put_failure; \
7537 } while (0)
7538
7539 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
7540 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
7541 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
7542
7543 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7544 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
7545 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
7546 (u32)sinfo->rx_bytes))
7547 goto nla_put_failure;
7548
7549 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7550 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
7551 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
7552 (u32)sinfo->tx_bytes))
7553 goto nla_put_failure;
7554
7555 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
7556 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
7557 PUT_SINFO_U64(RX_DURATION, rx_duration);
7558 PUT_SINFO_U64(TX_DURATION, tx_duration);
7559
7560 if (wiphy_ext_feature_isset(&rdev->wiphy,
7561 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7562 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
7563
7564 switch (rdev->wiphy.signal_type) {
7565 case CFG80211_SIGNAL_TYPE_MBM:
7566 PUT_SINFO(SIGNAL, signal, u8);
7567 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
7568 break;
7569 default:
7570 break;
7571 }
7572 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
7573 if (!nl80211_put_signal(msg, sinfo->chains,
7574 sinfo->chain_signal,
7575 NL80211_STA_INFO_CHAIN_SIGNAL))
7576 goto nla_put_failure;
7577 }
7578 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
7579 if (!nl80211_put_signal(msg, sinfo->chains,
7580 sinfo->chain_signal_avg,
7581 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
7582 goto nla_put_failure;
7583 }
7584 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
7585 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
7586 NL80211_STA_INFO_TX_BITRATE))
7587 goto nla_put_failure;
7588 }
7589 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
7590 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
7591 NL80211_STA_INFO_RX_BITRATE))
7592 goto nla_put_failure;
7593 }
7594
7595 PUT_SINFO(RX_PACKETS, rx_packets, u32);
7596 PUT_SINFO(TX_PACKETS, tx_packets, u32);
7597 PUT_SINFO(TX_RETRIES, tx_retries, u32);
7598 PUT_SINFO(TX_FAILED, tx_failed, u32);
7599 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
7600 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
7601
7602 PUT_SINFO(LLID, llid, u16);
7603 PUT_SINFO(PLID, plid, u16);
7604 PUT_SINFO(PLINK_STATE, plink_state, u8);
7605 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
7606 PUT_SINFO(LOCAL_PM, local_pm, u32);
7607 PUT_SINFO(PEER_PM, peer_pm, u32);
7608 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
7609 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
7610 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
7611 PUT_SINFO_U64(T_OFFSET, t_offset);
7612
7613 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
7614 bss_param = nla_nest_start_noflag(msg,
7615 NL80211_STA_INFO_BSS_PARAM);
7616 if (!bss_param)
7617 goto nla_put_failure;
7618
7619 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
7620 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
7621 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
7622 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
7623 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
7624 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
7625 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
7626 sinfo->bss_param.dtim_period) ||
7627 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
7628 sinfo->bss_param.beacon_interval))
7629 goto nla_put_failure;
7630
7631 nla_nest_end(msg, bss_param);
7632 }
7633 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
7634 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
7635 sizeof(struct nl80211_sta_flag_update),
7636 &sinfo->sta_flags))
7637 goto nla_put_failure;
7638
7639 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
7640 PUT_SINFO_U64(BEACON_RX, rx_beacon);
7641 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
7642 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
7643 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
7644 if (wiphy_ext_feature_isset(&rdev->wiphy,
7645 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
7646 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
7647 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
7648 }
7649
7650 #undef PUT_SINFO
7651 #undef PUT_SINFO_U64
7652
7653 if (sinfo->pertid) {
7654 struct nlattr *tidsattr;
7655 int tid;
7656
7657 tidsattr = nla_nest_start_noflag(msg,
7658 NL80211_STA_INFO_TID_STATS);
7659 if (!tidsattr)
7660 goto nla_put_failure;
7661
7662 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
7663 struct cfg80211_tid_stats *tidstats;
7664 struct nlattr *tidattr;
7665
7666 tidstats = &sinfo->pertid[tid];
7667
7668 if (!tidstats->filled)
7669 continue;
7670
7671 tidattr = nla_nest_start_noflag(msg, tid + 1);
7672 if (!tidattr)
7673 goto nla_put_failure;
7674
7675 #define PUT_TIDVAL_U64(attr, memb) do { \
7676 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
7677 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
7678 tidstats->memb, NL80211_TID_STATS_PAD)) \
7679 goto nla_put_failure; \
7680 } while (0)
7681
7682 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
7683 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
7684 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
7685 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
7686
7687 #undef PUT_TIDVAL_U64
7688 if ((tidstats->filled &
7689 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
7690 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
7691 NL80211_TID_STATS_TXQ_STATS))
7692 goto nla_put_failure;
7693
7694 nla_nest_end(msg, tidattr);
7695 }
7696
7697 nla_nest_end(msg, tidsattr);
7698 }
7699
7700 nla_nest_end(msg, sinfoattr);
7701
7702 if (sinfo->assoc_req_ies_len &&
7703 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
7704 sinfo->assoc_req_ies))
7705 goto nla_put_failure;
7706
7707 if (sinfo->assoc_resp_ies_len &&
7708 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
7709 sinfo->assoc_resp_ies))
7710 goto nla_put_failure;
7711
7712 if (sinfo->mlo_params_valid) {
7713 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
7714 sinfo->assoc_link_id))
7715 goto nla_put_failure;
7716
7717 if (!is_zero_ether_addr(sinfo->mld_addr) &&
7718 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
7719 sinfo->mld_addr))
7720 goto nla_put_failure;
7721 }
7722
7723 if (link_stats && sinfo->valid_links) {
7724 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
7725 if (!links)
7726 goto nla_put_failure;
7727
7728 for_each_valid_link(sinfo, link_id) {
7729 link_sinfo = sinfo->links[link_id];
7730
7731 if (WARN_ON_ONCE(!link_sinfo))
7732 continue;
7733
7734 if (!is_valid_ether_addr(link_sinfo->addr))
7735 continue;
7736
7737 link = nla_nest_start(msg, link_id + 1);
7738 if (!link)
7739 goto nla_put_failure;
7740
7741 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
7742 link_id))
7743 goto nla_put_failure;
7744
7745 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
7746 link_sinfo->addr))
7747 goto nla_put_failure;
7748
7749 if (nl80211_fill_link_station(msg, rdev, link_sinfo))
7750 goto nla_put_failure;
7751
7752 nla_nest_end(msg, link);
7753 }
7754 nla_nest_end(msg, links);
7755 }
7756
7757 cfg80211_sinfo_release_content(sinfo);
7758 genlmsg_end(msg, hdr);
7759 return 0;
7760
7761 nla_put_failure:
7762 cfg80211_sinfo_release_content(sinfo);
7763 genlmsg_cancel(msg, hdr);
7764 return -EMSGSIZE;
7765 }
7766
cfg80211_sta_set_mld_sinfo(struct station_info * sinfo)7767 static void cfg80211_sta_set_mld_sinfo(struct station_info *sinfo)
7768 {
7769 struct link_station_info *link_sinfo;
7770 int link_id, init = 0;
7771 u32 link_inactive_time;
7772
7773 sinfo->signal = -99;
7774
7775 for_each_valid_link(sinfo, link_id) {
7776 link_sinfo = sinfo->links[link_id];
7777 if (!link_sinfo)
7778 continue;
7779
7780 if ((link_sinfo->filled &
7781 BIT_ULL(NL80211_STA_INFO_TX_PACKETS))) {
7782 sinfo->tx_packets += link_sinfo->tx_packets;
7783 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
7784 }
7785
7786 if ((link_sinfo->filled &
7787 BIT_ULL(NL80211_STA_INFO_RX_PACKETS))) {
7788 sinfo->rx_packets += link_sinfo->rx_packets;
7789 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
7790 }
7791
7792 if (link_sinfo->filled &
7793 (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7794 BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
7795 sinfo->tx_bytes += link_sinfo->tx_bytes;
7796 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
7797 }
7798
7799 if (link_sinfo->filled &
7800 (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7801 BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
7802 sinfo->rx_bytes += link_sinfo->rx_bytes;
7803 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
7804 }
7805
7806 if (link_sinfo->filled &
7807 BIT_ULL(NL80211_STA_INFO_TX_RETRIES)) {
7808 sinfo->tx_retries += link_sinfo->tx_retries;
7809 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
7810 }
7811
7812 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_FAILED)) {
7813 sinfo->tx_failed += link_sinfo->tx_failed;
7814 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
7815 }
7816
7817 if (link_sinfo->filled &
7818 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC)) {
7819 sinfo->rx_dropped_misc += link_sinfo->rx_dropped_misc;
7820 sinfo->filled |=
7821 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC);
7822 }
7823
7824 if (link_sinfo->filled &
7825 BIT_ULL(NL80211_STA_INFO_BEACON_LOSS)) {
7826 sinfo->beacon_loss_count +=
7827 link_sinfo->beacon_loss_count;
7828 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_LOSS);
7829 }
7830
7831 if (link_sinfo->filled &
7832 BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) {
7833 sinfo->expected_throughput +=
7834 link_sinfo->expected_throughput;
7835 sinfo->filled |=
7836 BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT);
7837 }
7838
7839 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_MPDUS)) {
7840 sinfo->rx_mpdu_count += link_sinfo->rx_mpdu_count;
7841 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_MPDUS);
7842 }
7843
7844 if (link_sinfo->filled &
7845 BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT)) {
7846 sinfo->fcs_err_count += link_sinfo->fcs_err_count;
7847 sinfo->filled |=
7848 BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT);
7849 }
7850
7851 if (link_sinfo->filled &
7852 BIT_ULL(NL80211_STA_INFO_BEACON_RX)) {
7853 sinfo->rx_beacon += link_sinfo->rx_beacon;
7854 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_RX);
7855 }
7856
7857 /* Update MLO signal, signal_avg as best among links */
7858 if ((link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_SIGNAL)) &&
7859 link_sinfo->signal > sinfo->signal) {
7860 sinfo->signal = link_sinfo->signal;
7861 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
7862 }
7863
7864 if ((link_sinfo->filled &
7865 BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG)) &&
7866 link_sinfo->signal_avg > sinfo->signal_avg) {
7867 sinfo->signal_avg = link_sinfo->signal_avg;
7868 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
7869 }
7870
7871 /* Update MLO inactive_time, bss_param based on least
7872 * value for corresponding field of link.
7873 */
7874 if ((link_sinfo->filled &
7875 BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME)) &&
7876 (!init ||
7877 link_inactive_time > link_sinfo->inactive_time)) {
7878 link_inactive_time = link_sinfo->inactive_time;
7879 sinfo->inactive_time = link_sinfo->inactive_time;
7880 sinfo->filled |= NL80211_STA_INFO_INACTIVE_TIME;
7881 }
7882
7883 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM) &&
7884 (!init ||
7885 sinfo->bss_param.dtim_period >
7886 link_sinfo->bss_param.dtim_period)) {
7887 sinfo->bss_param.dtim_period =
7888 link_sinfo->bss_param.dtim_period;
7889 sinfo->filled |= NL80211_STA_BSS_PARAM_DTIM_PERIOD;
7890 sinfo->bss_param.beacon_interval =
7891 link_sinfo->bss_param.beacon_interval;
7892 sinfo->filled |= NL80211_STA_BSS_PARAM_BEACON_INTERVAL;
7893 }
7894
7895 /* Update MLO rates as per last updated link rate */
7896 if ((link_sinfo->filled &
7897 BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) &&
7898 (!init ||
7899 link_inactive_time > link_sinfo->inactive_time)) {
7900 sinfo->txrate = link_sinfo->txrate;
7901 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
7902 }
7903 if ((link_sinfo->filled &
7904 BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) &&
7905 (!init ||
7906 link_inactive_time > link_sinfo->inactive_time)) {
7907 sinfo->rxrate = link_sinfo->rxrate;
7908 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
7909 }
7910
7911 if (link_sinfo->filled &
7912 BIT_ULL(NL80211_STA_INFO_TX_DURATION) &&
7913 (!init ||
7914 link_inactive_time > link_sinfo->inactive_time)) {
7915 sinfo->tx_duration += link_sinfo->tx_duration;
7916 sinfo->filled |=
7917 BIT_ULL(NL80211_STA_INFO_TX_DURATION);
7918 }
7919 if (link_sinfo->filled &
7920 BIT_ULL(NL80211_STA_INFO_RX_DURATION) &&
7921 (!init ||
7922 link_inactive_time > link_sinfo->inactive_time)) {
7923 sinfo->rx_duration += link_sinfo->rx_duration;
7924 sinfo->filled |=
7925 BIT_ULL(NL80211_STA_INFO_RX_DURATION);
7926 }
7927 init++;
7928
7929 /* pertid stats accumulate for rx/tx fields */
7930 if (sinfo->pertid) {
7931 sinfo->pertid->rx_msdu +=
7932 link_sinfo->pertid->rx_msdu;
7933 sinfo->pertid->tx_msdu +=
7934 link_sinfo->pertid->tx_msdu;
7935 sinfo->pertid->tx_msdu_retries +=
7936 link_sinfo->pertid->tx_msdu_retries;
7937 sinfo->pertid->tx_msdu_failed +=
7938 link_sinfo->pertid->tx_msdu_failed;
7939
7940 sinfo->pertid->filled |=
7941 BIT(NL80211_TID_STATS_RX_MSDU) |
7942 BIT(NL80211_TID_STATS_TX_MSDU) |
7943 BIT(NL80211_TID_STATS_TX_MSDU_RETRIES) |
7944 BIT(NL80211_TID_STATS_TX_MSDU_FAILED);
7945 }
7946 }
7947
7948 /* Reset sinfo->filled bits to exclude fields which don't make
7949 * much sense at the MLO level.
7950 */
7951 sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
7952 sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
7953 }
7954
nl80211_dump_station(struct sk_buff * skb,struct netlink_callback * cb)7955 static int nl80211_dump_station(struct sk_buff *skb,
7956 struct netlink_callback *cb)
7957 {
7958 struct station_info sinfo;
7959 struct cfg80211_registered_device *rdev;
7960 struct wireless_dev *wdev;
7961 u8 mac_addr[ETH_ALEN];
7962 int sta_idx = cb->args[2];
7963 bool sinfo_alloc = false;
7964 int err, i;
7965
7966 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
7967 if (err)
7968 return err;
7969 /* nl80211_prepare_wdev_dump acquired it in the successful case */
7970 __acquire(&rdev->wiphy.mtx);
7971
7972 if (!wdev->netdev) {
7973 err = -EINVAL;
7974 goto out_err;
7975 }
7976
7977 if (!rdev->ops->dump_station) {
7978 err = -EOPNOTSUPP;
7979 goto out_err;
7980 }
7981
7982 while (1) {
7983 memset(&sinfo, 0, sizeof(sinfo));
7984
7985 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
7986 sinfo.links[i] =
7987 kzalloc_obj(*sinfo.links[0]);
7988 if (!sinfo.links[i]) {
7989 err = -ENOMEM;
7990 goto out_err;
7991 }
7992 sinfo_alloc = true;
7993 }
7994
7995 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
7996 mac_addr, &sinfo);
7997 if (err == -ENOENT)
7998 break;
7999 if (err)
8000 goto out_err;
8001
8002 if (sinfo.valid_links)
8003 cfg80211_sta_set_mld_sinfo(&sinfo);
8004
8005 /* reset the sinfo_alloc flag as nl80211_send_station()
8006 * always releases sinfo
8007 */
8008 sinfo_alloc = false;
8009
8010 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
8011 NETLINK_CB(cb->skb).portid,
8012 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8013 rdev, wdev->netdev, mac_addr,
8014 &sinfo, false) < 0)
8015 goto out;
8016
8017 sta_idx++;
8018 }
8019
8020 out:
8021 cb->args[2] = sta_idx;
8022 err = skb->len;
8023 out_err:
8024 if (sinfo_alloc)
8025 cfg80211_sinfo_release_content(&sinfo);
8026 wiphy_unlock(&rdev->wiphy);
8027
8028 return err;
8029 }
8030
nl80211_get_station(struct sk_buff * skb,struct genl_info * info)8031 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
8032 {
8033 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8034 struct net_device *dev = info->user_ptr[1];
8035 struct station_info sinfo;
8036 struct sk_buff *msg;
8037 u8 *mac_addr = NULL;
8038 int err, i;
8039
8040 memset(&sinfo, 0, sizeof(sinfo));
8041
8042 if (!info->attrs[NL80211_ATTR_MAC])
8043 return -EINVAL;
8044
8045 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8046
8047 if (!rdev->ops->get_station)
8048 return -EOPNOTSUPP;
8049
8050 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8051 sinfo.links[i] = kzalloc_obj(*sinfo.links[0]);
8052 if (!sinfo.links[i]) {
8053 cfg80211_sinfo_release_content(&sinfo);
8054 return -ENOMEM;
8055 }
8056 }
8057
8058 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
8059 if (err) {
8060 cfg80211_sinfo_release_content(&sinfo);
8061 return err;
8062 }
8063
8064 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8065 if (!msg) {
8066 cfg80211_sinfo_release_content(&sinfo);
8067 return -ENOMEM;
8068 }
8069
8070 if (sinfo.valid_links)
8071 cfg80211_sta_set_mld_sinfo(&sinfo);
8072
8073 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
8074 info->snd_portid, info->snd_seq, 0,
8075 rdev, dev, mac_addr, &sinfo, false) < 0) {
8076 nlmsg_free(msg);
8077 return -ENOBUFS;
8078 }
8079
8080 return genlmsg_reply(msg, info);
8081 }
8082
cfg80211_check_station_change(struct wiphy * wiphy,struct station_parameters * params,enum cfg80211_station_type statype)8083 int cfg80211_check_station_change(struct wiphy *wiphy,
8084 struct station_parameters *params,
8085 enum cfg80211_station_type statype)
8086 {
8087 if (params->listen_interval != -1 &&
8088 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8089 return -EINVAL;
8090
8091 if (params->support_p2p_ps != -1 &&
8092 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8093 return -EINVAL;
8094
8095 if (params->aid &&
8096 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
8097 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8098 return -EINVAL;
8099
8100 /* When you run into this, adjust the code below for the new flag */
8101 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
8102
8103 switch (statype) {
8104 case CFG80211_STA_MESH_PEER_KERNEL:
8105 case CFG80211_STA_MESH_PEER_USER:
8106 /*
8107 * No ignoring the TDLS flag here -- the userspace mesh
8108 * code doesn't have the bug of including TDLS in the
8109 * mask everywhere.
8110 */
8111 if (params->sta_flags_mask &
8112 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8113 BIT(NL80211_STA_FLAG_MFP) |
8114 BIT(NL80211_STA_FLAG_AUTHORIZED)))
8115 return -EINVAL;
8116 break;
8117 case CFG80211_STA_TDLS_PEER_SETUP:
8118 case CFG80211_STA_TDLS_PEER_ACTIVE:
8119 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
8120 return -EINVAL;
8121 /* ignore since it can't change */
8122 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8123 break;
8124 default:
8125 /* disallow mesh-specific things */
8126 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
8127 return -EINVAL;
8128 if (params->local_pm)
8129 return -EINVAL;
8130 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
8131 return -EINVAL;
8132 }
8133
8134 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
8135 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
8136 /* TDLS can't be set, ... */
8137 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
8138 return -EINVAL;
8139 /*
8140 * ... but don't bother the driver with it. This works around
8141 * a hostapd/wpa_supplicant issue -- it always includes the
8142 * TLDS_PEER flag in the mask even for AP mode.
8143 */
8144 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8145 }
8146
8147 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
8148 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
8149 /* reject other things that can't change */
8150 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
8151 return -EINVAL;
8152 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
8153 return -EINVAL;
8154 if (params->link_sta_params.supported_rates)
8155 return -EINVAL;
8156 if (params->ext_capab || params->link_sta_params.ht_capa ||
8157 params->link_sta_params.vht_capa ||
8158 params->link_sta_params.he_capa ||
8159 params->link_sta_params.eht_capa ||
8160 params->link_sta_params.uhr_capa)
8161 return -EINVAL;
8162 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
8163 return -EINVAL;
8164 }
8165
8166 if (statype != CFG80211_STA_AP_CLIENT &&
8167 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
8168 if (params->vlan)
8169 return -EINVAL;
8170 }
8171
8172 /* Accept EMLSR capabilities only for AP client before association */
8173 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
8174 params->eml_cap_present)
8175 return -EINVAL;
8176
8177 switch (statype) {
8178 case CFG80211_STA_AP_MLME_CLIENT:
8179 /* Use this only for authorizing/unauthorizing a station */
8180 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
8181 return -EOPNOTSUPP;
8182 break;
8183 case CFG80211_STA_AP_CLIENT:
8184 case CFG80211_STA_AP_CLIENT_UNASSOC:
8185 /* accept only the listed bits */
8186 if (params->sta_flags_mask &
8187 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8188 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8189 BIT(NL80211_STA_FLAG_ASSOCIATED) |
8190 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
8191 BIT(NL80211_STA_FLAG_WME) |
8192 BIT(NL80211_STA_FLAG_MFP) |
8193 BIT(NL80211_STA_FLAG_SPP_AMSDU)))
8194 return -EINVAL;
8195
8196 /* but authenticated/associated only if driver handles it */
8197 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
8198 params->sta_flags_mask &
8199 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8200 BIT(NL80211_STA_FLAG_ASSOCIATED)))
8201 return -EINVAL;
8202 break;
8203 case CFG80211_STA_IBSS:
8204 case CFG80211_STA_AP_STA:
8205 /* reject any changes other than AUTHORIZED */
8206 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
8207 return -EINVAL;
8208 break;
8209 case CFG80211_STA_TDLS_PEER_SETUP:
8210 /* reject any changes other than AUTHORIZED or WME */
8211 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8212 BIT(NL80211_STA_FLAG_WME)))
8213 return -EINVAL;
8214 /* force (at least) rates when authorizing */
8215 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
8216 !params->link_sta_params.supported_rates)
8217 return -EINVAL;
8218 break;
8219 case CFG80211_STA_TDLS_PEER_ACTIVE:
8220 /* reject any changes */
8221 return -EINVAL;
8222 case CFG80211_STA_MESH_PEER_KERNEL:
8223 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
8224 return -EINVAL;
8225 break;
8226 case CFG80211_STA_MESH_PEER_USER:
8227 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
8228 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
8229 return -EINVAL;
8230 break;
8231 }
8232
8233 /*
8234 * Older kernel versions ignored this attribute entirely, so don't
8235 * reject attempts to update it but mark it as unused instead so the
8236 * driver won't look at the data.
8237 */
8238 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
8239 statype != CFG80211_STA_TDLS_PEER_SETUP)
8240 params->link_sta_params.opmode_notif_used = false;
8241
8242 return 0;
8243 }
8244 EXPORT_SYMBOL(cfg80211_check_station_change);
8245
8246 /*
8247 * Get vlan interface making sure it is running and on the right wiphy.
8248 */
get_vlan(struct genl_info * info,struct cfg80211_registered_device * rdev)8249 static struct net_device *get_vlan(struct genl_info *info,
8250 struct cfg80211_registered_device *rdev)
8251 {
8252 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
8253 struct net_device *v;
8254 int ret;
8255
8256 if (!vlanattr)
8257 return NULL;
8258
8259 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
8260 if (!v)
8261 return ERR_PTR(-ENODEV);
8262
8263 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
8264 ret = -EINVAL;
8265 goto error;
8266 }
8267
8268 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
8269 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8270 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
8271 ret = -EINVAL;
8272 goto error;
8273 }
8274
8275 if (!netif_running(v)) {
8276 ret = -ENETDOWN;
8277 goto error;
8278 }
8279
8280 return v;
8281 error:
8282 dev_put(v);
8283 return ERR_PTR(ret);
8284 }
8285
nl80211_parse_sta_wme(struct genl_info * info,struct station_parameters * params)8286 static int nl80211_parse_sta_wme(struct genl_info *info,
8287 struct station_parameters *params)
8288 {
8289 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
8290 struct nlattr *nla;
8291 int err;
8292
8293 /* parse WME attributes if present */
8294 if (!info->attrs[NL80211_ATTR_STA_WME])
8295 return 0;
8296
8297 nla = info->attrs[NL80211_ATTR_STA_WME];
8298 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
8299 nl80211_sta_wme_policy,
8300 info->extack);
8301 if (err)
8302 return err;
8303
8304 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
8305 params->uapsd_queues = nla_get_u8(
8306 tb[NL80211_STA_WME_UAPSD_QUEUES]);
8307 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
8308 return -EINVAL;
8309
8310 if (tb[NL80211_STA_WME_MAX_SP])
8311 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
8312
8313 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
8314 return -EINVAL;
8315
8316 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
8317
8318 return 0;
8319 }
8320
nl80211_parse_sta_channel_info(struct genl_info * info,struct station_parameters * params)8321 static int nl80211_parse_sta_channel_info(struct genl_info *info,
8322 struct station_parameters *params)
8323 {
8324 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
8325 params->supported_channels =
8326 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
8327 params->supported_channels_len =
8328 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
8329 /*
8330 * Need to include at least one (first channel, number of
8331 * channels) tuple for each subband (checked in policy),
8332 * and must have proper tuples for the rest of the data as well.
8333 */
8334 if (params->supported_channels_len % 2)
8335 return -EINVAL;
8336 }
8337
8338 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
8339 params->supported_oper_classes =
8340 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
8341 params->supported_oper_classes_len =
8342 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
8343 }
8344 return 0;
8345 }
8346
nl80211_set_station_tdls(struct genl_info * info,struct station_parameters * params)8347 static int nl80211_set_station_tdls(struct genl_info *info,
8348 struct station_parameters *params)
8349 {
8350 int err;
8351 /* Dummy STA entry gets updated once the peer capabilities are known */
8352 if (info->attrs[NL80211_ATTR_PEER_AID])
8353 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
8354 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
8355 params->link_sta_params.ht_capa =
8356 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
8357 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
8358 params->link_sta_params.vht_capa =
8359 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
8360 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
8361 params->link_sta_params.he_capa =
8362 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8363 params->link_sta_params.he_capa_len =
8364 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8365
8366 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
8367 params->link_sta_params.eht_capa =
8368 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8369 params->link_sta_params.eht_capa_len =
8370 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8371
8372 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
8373 (const u8 *)params->link_sta_params.eht_capa,
8374 params->link_sta_params.eht_capa_len,
8375 false))
8376 return -EINVAL;
8377 }
8378 }
8379
8380 if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
8381 if (!params->link_sta_params.eht_capa)
8382 return -EINVAL;
8383
8384 params->link_sta_params.uhr_capa =
8385 nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8386 params->link_sta_params.uhr_capa_len =
8387 nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8388 }
8389
8390 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
8391 params->link_sta_params.s1g_capa =
8392 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
8393
8394 err = nl80211_parse_sta_channel_info(info, params);
8395 if (err)
8396 return err;
8397
8398 return nl80211_parse_sta_wme(info, params);
8399 }
8400
nl80211_parse_sta_txpower_setting(struct genl_info * info,struct sta_txpwr * txpwr,bool * txpwr_set)8401 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
8402 struct sta_txpwr *txpwr,
8403 bool *txpwr_set)
8404 {
8405 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8406 int idx;
8407
8408 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
8409 if (!rdev->ops->set_tx_power ||
8410 !wiphy_ext_feature_isset(&rdev->wiphy,
8411 NL80211_EXT_FEATURE_STA_TX_PWR))
8412 return -EOPNOTSUPP;
8413
8414 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
8415 txpwr->type = nla_get_u8(info->attrs[idx]);
8416
8417 if (txpwr->type == NL80211_TX_POWER_LIMITED) {
8418 idx = NL80211_ATTR_STA_TX_POWER;
8419
8420 if (info->attrs[idx])
8421 txpwr->power = nla_get_s16(info->attrs[idx]);
8422 else
8423 return -EINVAL;
8424 }
8425
8426 *txpwr_set = true;
8427 } else {
8428 *txpwr_set = false;
8429 }
8430
8431 return 0;
8432 }
8433
nl80211_set_station(struct sk_buff * skb,struct genl_info * info)8434 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
8435 {
8436 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8437 struct net_device *dev = info->user_ptr[1];
8438 struct station_parameters params;
8439 u8 *mac_addr;
8440 int err;
8441
8442 memset(¶ms, 0, sizeof(params));
8443
8444 if (!rdev->ops->change_station)
8445 return -EOPNOTSUPP;
8446
8447 /*
8448 * AID and listen_interval properties can be set only for unassociated
8449 * station. Include these parameters here and will check them in
8450 * cfg80211_check_station_change().
8451 */
8452 if (info->attrs[NL80211_ATTR_STA_AID])
8453 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
8454
8455 if (info->attrs[NL80211_ATTR_VLAN_ID])
8456 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
8457
8458 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
8459 params.listen_interval =
8460 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
8461 else
8462 params.listen_interval = -1;
8463
8464 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
8465 params.support_p2p_ps =
8466 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
8467 else
8468 params.support_p2p_ps = -1;
8469
8470 if (!info->attrs[NL80211_ATTR_MAC])
8471 return -EINVAL;
8472
8473 params.link_sta_params.link_id =
8474 nl80211_link_id_or_invalid(info->attrs);
8475
8476 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
8477 /* If MLD_ADDR attribute is set then this is an MLD station
8478 * and the MLD_ADDR attribute holds the MLD address and the
8479 * MAC attribute holds for the LINK address.
8480 * In that case, the link_id is also expected to be valid.
8481 */
8482 if (params.link_sta_params.link_id < 0)
8483 return -EINVAL;
8484
8485 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
8486 params.link_sta_params.mld_mac = mac_addr;
8487 params.link_sta_params.link_mac =
8488 nla_data(info->attrs[NL80211_ATTR_MAC]);
8489 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
8490 return -EINVAL;
8491 } else {
8492 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8493 }
8494
8495
8496 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
8497 params.link_sta_params.supported_rates =
8498 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8499 params.link_sta_params.supported_rates_len =
8500 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8501 }
8502
8503 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
8504 params.capability =
8505 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
8506 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
8507 }
8508
8509 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
8510 params.ext_capab =
8511 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8512 params.ext_capab_len =
8513 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8514 }
8515
8516 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
8517 return -EINVAL;
8518
8519 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
8520 params.plink_action =
8521 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
8522
8523 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
8524 params.plink_state =
8525 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
8526 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
8527 params.peer_aid = nla_get_u16(
8528 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
8529 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
8530 }
8531
8532 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
8533 params.local_pm = nla_get_u32(
8534 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
8535
8536 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
8537 params.link_sta_params.opmode_notif_used = true;
8538 params.link_sta_params.opmode_notif =
8539 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
8540 }
8541
8542 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
8543 params.link_sta_params.he_6ghz_capa =
8544 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
8545
8546 if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
8547 params.eml_cap_present = true;
8548 params.eml_cap =
8549 nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
8550 }
8551
8552 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
8553 params.airtime_weight =
8554 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
8555
8556 if (params.airtime_weight &&
8557 !wiphy_ext_feature_isset(&rdev->wiphy,
8558 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
8559 return -EOPNOTSUPP;
8560
8561 err = nl80211_parse_sta_txpower_setting(info,
8562 ¶ms.link_sta_params.txpwr,
8563 ¶ms.link_sta_params.txpwr_set);
8564 if (err)
8565 return err;
8566
8567 /* Include parameters for TDLS peer (will check later) */
8568 err = nl80211_set_station_tdls(info, ¶ms);
8569 if (err)
8570 return err;
8571
8572 params.vlan = get_vlan(info, rdev);
8573 if (IS_ERR(params.vlan))
8574 return PTR_ERR(params.vlan);
8575
8576 switch (dev->ieee80211_ptr->iftype) {
8577 case NL80211_IFTYPE_AP:
8578 case NL80211_IFTYPE_AP_VLAN:
8579 case NL80211_IFTYPE_P2P_GO:
8580 case NL80211_IFTYPE_P2P_CLIENT:
8581 case NL80211_IFTYPE_STATION:
8582 case NL80211_IFTYPE_ADHOC:
8583 case NL80211_IFTYPE_MESH_POINT:
8584 break;
8585 default:
8586 err = -EOPNOTSUPP;
8587 goto out_put_vlan;
8588 }
8589
8590 /* driver will call cfg80211_check_station_change() */
8591 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
8592
8593 out_put_vlan:
8594 dev_put(params.vlan);
8595
8596 return err;
8597 }
8598
nl80211_new_station(struct sk_buff * skb,struct genl_info * info)8599 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
8600 {
8601 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8602 int err;
8603 struct net_device *dev = info->user_ptr[1];
8604 struct wireless_dev *wdev = dev->ieee80211_ptr;
8605 struct station_parameters params;
8606 u8 *mac_addr = NULL;
8607 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8608 BIT(NL80211_STA_FLAG_ASSOCIATED);
8609
8610 memset(¶ms, 0, sizeof(params));
8611
8612 if (!rdev->ops->add_station)
8613 return -EOPNOTSUPP;
8614
8615 if (!info->attrs[NL80211_ATTR_MAC])
8616 return -EINVAL;
8617
8618 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
8619 return -EINVAL;
8620
8621 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
8622 return -EINVAL;
8623
8624 if (!info->attrs[NL80211_ATTR_STA_AID] &&
8625 !info->attrs[NL80211_ATTR_PEER_AID])
8626 return -EINVAL;
8627
8628 params.link_sta_params.link_id =
8629 nl80211_link_id_or_invalid(info->attrs);
8630
8631 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
8632 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
8633 params.link_sta_params.mld_mac = mac_addr;
8634 params.link_sta_params.link_mac =
8635 nla_data(info->attrs[NL80211_ATTR_MAC]);
8636 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
8637 return -EINVAL;
8638 } else {
8639 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8640 }
8641
8642 params.link_sta_params.supported_rates =
8643 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8644 params.link_sta_params.supported_rates_len =
8645 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8646 params.listen_interval =
8647 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
8648
8649 if (info->attrs[NL80211_ATTR_VLAN_ID])
8650 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
8651
8652 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
8653 params.support_p2p_ps =
8654 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
8655 } else {
8656 /*
8657 * if not specified, assume it's supported for P2P GO interface,
8658 * and is NOT supported for AP interface
8659 */
8660 params.support_p2p_ps =
8661 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
8662 }
8663
8664 if (info->attrs[NL80211_ATTR_PEER_AID])
8665 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
8666 else
8667 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
8668
8669 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
8670 params.capability =
8671 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
8672 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
8673 }
8674
8675 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
8676 params.ext_capab =
8677 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8678 params.ext_capab_len =
8679 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8680 }
8681
8682 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
8683 params.link_sta_params.ht_capa =
8684 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
8685
8686 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
8687 params.link_sta_params.vht_capa =
8688 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
8689
8690 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
8691 params.link_sta_params.he_capa =
8692 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8693 params.link_sta_params.he_capa_len =
8694 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8695
8696 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
8697 params.link_sta_params.eht_capa =
8698 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8699 params.link_sta_params.eht_capa_len =
8700 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8701
8702 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
8703 (const u8 *)params.link_sta_params.eht_capa,
8704 params.link_sta_params.eht_capa_len,
8705 false))
8706 return -EINVAL;
8707 }
8708 }
8709
8710 if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
8711 if (!params.link_sta_params.eht_capa)
8712 return -EINVAL;
8713
8714 params.link_sta_params.uhr_capa =
8715 nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8716 params.link_sta_params.uhr_capa_len =
8717 nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8718 }
8719
8720 if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
8721 params.eml_cap_present = true;
8722 params.eml_cap =
8723 nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
8724 }
8725
8726 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
8727 params.link_sta_params.he_6ghz_capa =
8728 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
8729
8730 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
8731 params.link_sta_params.s1g_capa =
8732 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
8733
8734 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
8735 params.link_sta_params.opmode_notif_used = true;
8736 params.link_sta_params.opmode_notif =
8737 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
8738 }
8739
8740 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
8741 params.plink_action =
8742 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
8743
8744 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
8745 params.airtime_weight =
8746 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
8747
8748 if (params.airtime_weight &&
8749 !wiphy_ext_feature_isset(&rdev->wiphy,
8750 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
8751 return -EOPNOTSUPP;
8752
8753 err = nl80211_parse_sta_txpower_setting(info,
8754 ¶ms.link_sta_params.txpwr,
8755 ¶ms.link_sta_params.txpwr_set);
8756 if (err)
8757 return err;
8758
8759 err = nl80211_parse_sta_channel_info(info, ¶ms);
8760 if (err)
8761 return err;
8762
8763 err = nl80211_parse_sta_wme(info, ¶ms);
8764 if (err)
8765 return err;
8766
8767 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
8768 return -EINVAL;
8769
8770 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
8771 * as userspace might just pass through the capabilities from the IEs
8772 * directly, rather than enforcing this restriction and returning an
8773 * error in this case.
8774 */
8775 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
8776 params.link_sta_params.ht_capa = NULL;
8777 params.link_sta_params.vht_capa = NULL;
8778
8779 /* HE, EHT and UHR require WME */
8780 if (params.link_sta_params.he_capa_len ||
8781 params.link_sta_params.he_6ghz_capa ||
8782 params.link_sta_params.eht_capa_len ||
8783 params.link_sta_params.uhr_capa_len)
8784 return -EINVAL;
8785 }
8786
8787 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
8788 if (params.link_sta_params.he_6ghz_capa &&
8789 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
8790 return -EINVAL;
8791
8792 /* When you run into this, adjust the code below for the new flag */
8793 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
8794
8795 switch (dev->ieee80211_ptr->iftype) {
8796 case NL80211_IFTYPE_AP:
8797 case NL80211_IFTYPE_AP_VLAN:
8798 case NL80211_IFTYPE_P2P_GO:
8799 /* ignore WME attributes if iface/sta is not capable */
8800 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
8801 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
8802 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
8803
8804 /* TDLS peers cannot be added */
8805 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
8806 info->attrs[NL80211_ATTR_PEER_AID])
8807 return -EINVAL;
8808 /* but don't bother the driver with it */
8809 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8810
8811 /* allow authenticated/associated only if driver handles it */
8812 if (!(rdev->wiphy.features &
8813 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
8814 params.sta_flags_mask & auth_assoc)
8815 return -EINVAL;
8816
8817 if (!wiphy_ext_feature_isset(&rdev->wiphy,
8818 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
8819 params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
8820 return -EINVAL;
8821
8822 /* Older userspace, or userspace wanting to be compatible with
8823 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
8824 * and assoc flags in the mask, but assumes the station will be
8825 * added as associated anyway since this was the required driver
8826 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
8827 * introduced.
8828 * In order to not bother drivers with this quirk in the API
8829 * set the flags in both the mask and set for new stations in
8830 * this case.
8831 */
8832 if (!(params.sta_flags_mask & auth_assoc)) {
8833 params.sta_flags_mask |= auth_assoc;
8834 params.sta_flags_set |= auth_assoc;
8835 }
8836
8837 /* must be last in here for error handling */
8838 params.vlan = get_vlan(info, rdev);
8839 if (IS_ERR(params.vlan))
8840 return PTR_ERR(params.vlan);
8841 break;
8842 case NL80211_IFTYPE_MESH_POINT:
8843 /* ignore uAPSD data */
8844 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
8845
8846 /* associated is disallowed */
8847 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
8848 return -EINVAL;
8849 /* TDLS peers cannot be added */
8850 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
8851 info->attrs[NL80211_ATTR_PEER_AID])
8852 return -EINVAL;
8853 break;
8854 case NL80211_IFTYPE_STATION:
8855 case NL80211_IFTYPE_P2P_CLIENT:
8856 /* ignore uAPSD data */
8857 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
8858
8859 /* these are disallowed */
8860 if (params.sta_flags_mask &
8861 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
8862 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
8863 return -EINVAL;
8864 /* Only TDLS peers can be added */
8865 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
8866 return -EINVAL;
8867 /* Can only add if TDLS ... */
8868 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
8869 return -EOPNOTSUPP;
8870 /* ... with external setup is supported */
8871 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
8872 return -EOPNOTSUPP;
8873 /*
8874 * Older wpa_supplicant versions always mark the TDLS peer
8875 * as authorized, but it shouldn't yet be.
8876 */
8877 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
8878 break;
8879 default:
8880 return -EOPNOTSUPP;
8881 }
8882
8883 /* be aware of params.vlan when changing code here */
8884
8885 if (wdev->valid_links) {
8886 if (params.link_sta_params.link_id < 0) {
8887 err = -EINVAL;
8888 goto out;
8889 }
8890 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
8891 err = -ENOLINK;
8892 goto out;
8893 }
8894 } else {
8895 if (params.link_sta_params.link_id >= 0) {
8896 err = -EINVAL;
8897 goto out;
8898 }
8899 }
8900
8901 params.epp_peer =
8902 nla_get_flag(info->attrs[NL80211_ATTR_EPP_PEER]);
8903
8904 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
8905 out:
8906 dev_put(params.vlan);
8907 return err;
8908 }
8909
nl80211_del_station(struct sk_buff * skb,struct genl_info * info)8910 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
8911 {
8912 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8913 struct net_device *dev = info->user_ptr[1];
8914 struct wireless_dev *wdev = dev->ieee80211_ptr;
8915 struct station_del_parameters params;
8916 int link_id = nl80211_link_id_or_invalid(info->attrs);
8917
8918 memset(¶ms, 0, sizeof(params));
8919
8920 if (info->attrs[NL80211_ATTR_MAC])
8921 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
8922
8923 switch (wdev->iftype) {
8924 case NL80211_IFTYPE_AP:
8925 case NL80211_IFTYPE_AP_VLAN:
8926 case NL80211_IFTYPE_MESH_POINT:
8927 case NL80211_IFTYPE_P2P_GO:
8928 /* always accept these */
8929 break;
8930 case NL80211_IFTYPE_ADHOC:
8931 /* conditionally accept */
8932 if (wiphy_ext_feature_isset(&rdev->wiphy,
8933 NL80211_EXT_FEATURE_DEL_IBSS_STA))
8934 break;
8935 return -EINVAL;
8936 default:
8937 return -EINVAL;
8938 }
8939
8940 if (!rdev->ops->del_station)
8941 return -EOPNOTSUPP;
8942
8943 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
8944 params.subtype =
8945 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
8946 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
8947 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
8948 return -EINVAL;
8949 } else {
8950 /* Default to Deauthentication frame */
8951 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
8952 }
8953
8954 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
8955 params.reason_code =
8956 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8957 if (params.reason_code == 0)
8958 return -EINVAL; /* 0 is reserved */
8959 } else {
8960 /* Default to reason code 2 */
8961 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
8962 }
8963
8964 /* Link ID not expected in case of non-ML operation */
8965 if (!wdev->valid_links && link_id != -1)
8966 return -EINVAL;
8967
8968 /* If given, a valid link ID should be passed during MLO */
8969 if (wdev->valid_links && link_id >= 0 &&
8970 !(wdev->valid_links & BIT(link_id)))
8971 return -EINVAL;
8972
8973 params.link_id = link_id;
8974
8975 return rdev_del_station(rdev, dev, ¶ms);
8976 }
8977
nl80211_send_mpath(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,u8 * dst,u8 * next_hop,struct mpath_info * pinfo)8978 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
8979 int flags, struct net_device *dev,
8980 u8 *dst, u8 *next_hop,
8981 struct mpath_info *pinfo)
8982 {
8983 void *hdr;
8984 struct nlattr *pinfoattr;
8985
8986 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
8987 if (!hdr)
8988 return -1;
8989
8990 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8991 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
8992 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
8993 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
8994 goto nla_put_failure;
8995
8996 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
8997 if (!pinfoattr)
8998 goto nla_put_failure;
8999 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
9000 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
9001 pinfo->frame_qlen))
9002 goto nla_put_failure;
9003 if (((pinfo->filled & MPATH_INFO_SN) &&
9004 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
9005 ((pinfo->filled & MPATH_INFO_METRIC) &&
9006 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
9007 pinfo->metric)) ||
9008 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
9009 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
9010 pinfo->exptime)) ||
9011 ((pinfo->filled & MPATH_INFO_FLAGS) &&
9012 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
9013 pinfo->flags)) ||
9014 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
9015 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
9016 pinfo->discovery_timeout)) ||
9017 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
9018 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
9019 pinfo->discovery_retries)) ||
9020 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
9021 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
9022 pinfo->hop_count)) ||
9023 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
9024 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
9025 pinfo->path_change_count)))
9026 goto nla_put_failure;
9027
9028 nla_nest_end(msg, pinfoattr);
9029
9030 genlmsg_end(msg, hdr);
9031 return 0;
9032
9033 nla_put_failure:
9034 genlmsg_cancel(msg, hdr);
9035 return -EMSGSIZE;
9036 }
9037
nl80211_dump_mpath(struct sk_buff * skb,struct netlink_callback * cb)9038 static int nl80211_dump_mpath(struct sk_buff *skb,
9039 struct netlink_callback *cb)
9040 {
9041 struct mpath_info pinfo;
9042 struct cfg80211_registered_device *rdev;
9043 struct wireless_dev *wdev;
9044 u8 dst[ETH_ALEN];
9045 u8 next_hop[ETH_ALEN];
9046 int path_idx = cb->args[2];
9047 int err;
9048
9049 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
9050 if (err)
9051 return err;
9052 /* nl80211_prepare_wdev_dump acquired it in the successful case */
9053 __acquire(&rdev->wiphy.mtx);
9054
9055 if (!rdev->ops->dump_mpath) {
9056 err = -EOPNOTSUPP;
9057 goto out_err;
9058 }
9059
9060 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
9061 err = -EOPNOTSUPP;
9062 goto out_err;
9063 }
9064
9065 while (1) {
9066 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
9067 next_hop, &pinfo);
9068 if (err == -ENOENT)
9069 break;
9070 if (err)
9071 goto out_err;
9072
9073 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
9074 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9075 wdev->netdev, dst, next_hop,
9076 &pinfo) < 0)
9077 goto out;
9078
9079 path_idx++;
9080 }
9081
9082 out:
9083 cb->args[2] = path_idx;
9084 err = skb->len;
9085 out_err:
9086 wiphy_unlock(&rdev->wiphy);
9087 return err;
9088 }
9089
nl80211_get_mpath(struct sk_buff * skb,struct genl_info * info)9090 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
9091 {
9092 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9093 int err;
9094 struct net_device *dev = info->user_ptr[1];
9095 struct mpath_info pinfo;
9096 struct sk_buff *msg;
9097 u8 *dst = NULL;
9098 u8 next_hop[ETH_ALEN];
9099
9100 memset(&pinfo, 0, sizeof(pinfo));
9101
9102 if (!info->attrs[NL80211_ATTR_MAC])
9103 return -EINVAL;
9104
9105 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9106
9107 if (!rdev->ops->get_mpath)
9108 return -EOPNOTSUPP;
9109
9110 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9111 return -EOPNOTSUPP;
9112
9113 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
9114 if (err)
9115 return err;
9116
9117 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9118 if (!msg)
9119 return -ENOMEM;
9120
9121 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
9122 dev, dst, next_hop, &pinfo) < 0) {
9123 nlmsg_free(msg);
9124 return -ENOBUFS;
9125 }
9126
9127 return genlmsg_reply(msg, info);
9128 }
9129
nl80211_set_mpath(struct sk_buff * skb,struct genl_info * info)9130 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
9131 {
9132 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9133 struct net_device *dev = info->user_ptr[1];
9134 u8 *dst = NULL;
9135 u8 *next_hop = NULL;
9136
9137 if (!info->attrs[NL80211_ATTR_MAC])
9138 return -EINVAL;
9139
9140 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
9141 return -EINVAL;
9142
9143 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9144 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
9145
9146 if (!rdev->ops->change_mpath)
9147 return -EOPNOTSUPP;
9148
9149 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9150 return -EOPNOTSUPP;
9151
9152 return rdev_change_mpath(rdev, dev, dst, next_hop);
9153 }
9154
nl80211_new_mpath(struct sk_buff * skb,struct genl_info * info)9155 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
9156 {
9157 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9158 struct net_device *dev = info->user_ptr[1];
9159 u8 *dst = NULL;
9160 u8 *next_hop = NULL;
9161
9162 if (!info->attrs[NL80211_ATTR_MAC])
9163 return -EINVAL;
9164
9165 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
9166 return -EINVAL;
9167
9168 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9169 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
9170
9171 if (!rdev->ops->add_mpath)
9172 return -EOPNOTSUPP;
9173
9174 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9175 return -EOPNOTSUPP;
9176
9177 return rdev_add_mpath(rdev, dev, dst, next_hop);
9178 }
9179
nl80211_del_mpath(struct sk_buff * skb,struct genl_info * info)9180 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
9181 {
9182 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9183 struct net_device *dev = info->user_ptr[1];
9184 u8 *dst = NULL;
9185
9186 if (info->attrs[NL80211_ATTR_MAC])
9187 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9188
9189 if (!rdev->ops->del_mpath)
9190 return -EOPNOTSUPP;
9191
9192 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9193 return -EOPNOTSUPP;
9194
9195 return rdev_del_mpath(rdev, dev, dst);
9196 }
9197
nl80211_get_mpp(struct sk_buff * skb,struct genl_info * info)9198 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
9199 {
9200 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9201 int err;
9202 struct net_device *dev = info->user_ptr[1];
9203 struct mpath_info pinfo;
9204 struct sk_buff *msg;
9205 u8 *dst = NULL;
9206 u8 mpp[ETH_ALEN];
9207
9208 memset(&pinfo, 0, sizeof(pinfo));
9209
9210 if (!info->attrs[NL80211_ATTR_MAC])
9211 return -EINVAL;
9212
9213 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9214
9215 if (!rdev->ops->get_mpp)
9216 return -EOPNOTSUPP;
9217
9218 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9219 return -EOPNOTSUPP;
9220
9221 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
9222 if (err)
9223 return err;
9224
9225 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9226 if (!msg)
9227 return -ENOMEM;
9228
9229 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
9230 dev, dst, mpp, &pinfo) < 0) {
9231 nlmsg_free(msg);
9232 return -ENOBUFS;
9233 }
9234
9235 return genlmsg_reply(msg, info);
9236 }
9237
nl80211_dump_mpp(struct sk_buff * skb,struct netlink_callback * cb)9238 static int nl80211_dump_mpp(struct sk_buff *skb,
9239 struct netlink_callback *cb)
9240 {
9241 struct mpath_info pinfo;
9242 struct cfg80211_registered_device *rdev;
9243 struct wireless_dev *wdev;
9244 u8 dst[ETH_ALEN];
9245 u8 mpp[ETH_ALEN];
9246 int path_idx = cb->args[2];
9247 int err;
9248
9249 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
9250 if (err)
9251 return err;
9252 /* nl80211_prepare_wdev_dump acquired it in the successful case */
9253 __acquire(&rdev->wiphy.mtx);
9254
9255 if (!rdev->ops->dump_mpp) {
9256 err = -EOPNOTSUPP;
9257 goto out_err;
9258 }
9259
9260 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
9261 err = -EOPNOTSUPP;
9262 goto out_err;
9263 }
9264
9265 while (1) {
9266 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
9267 mpp, &pinfo);
9268 if (err == -ENOENT)
9269 break;
9270 if (err)
9271 goto out_err;
9272
9273 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
9274 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9275 wdev->netdev, dst, mpp,
9276 &pinfo) < 0)
9277 goto out;
9278
9279 path_idx++;
9280 }
9281
9282 out:
9283 cb->args[2] = path_idx;
9284 err = skb->len;
9285 out_err:
9286 wiphy_unlock(&rdev->wiphy);
9287 return err;
9288 }
9289
nl80211_set_bss(struct sk_buff * skb,struct genl_info * info)9290 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
9291 {
9292 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9293 struct net_device *dev = info->user_ptr[1];
9294 struct bss_parameters params;
9295 u32 bss_param_support = rdev->wiphy.bss_param_support;
9296 u32 changed = 0;
9297 bool strict;
9298
9299 memset(¶ms, 0, sizeof(params));
9300 params.link_id = nl80211_link_id_or_invalid(info->attrs);
9301 /* default to not changing parameters */
9302 params.use_cts_prot = -1;
9303 params.use_short_preamble = -1;
9304 params.use_short_slot_time = -1;
9305 params.ap_isolate = -1;
9306 params.ht_opmode = -1;
9307 params.p2p_ctwindow = -1;
9308 params.p2p_opp_ps = -1;
9309
9310 strict = nla_get_flag(info->attrs[NL80211_ATTR_BSS_PARAM]);
9311 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) {
9312 if (strict && !(bss_param_support & WIPHY_BSS_PARAM_CTS_PROT))
9313 return -EINVAL;
9314 params.use_cts_prot =
9315 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
9316 changed |= WIPHY_BSS_PARAM_CTS_PROT;
9317 }
9318 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) {
9319 if (strict &&
9320 !(bss_param_support & WIPHY_BSS_PARAM_SHORT_PREAMBLE))
9321 return -EINVAL;
9322 params.use_short_preamble =
9323 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
9324 changed |= WIPHY_BSS_PARAM_SHORT_PREAMBLE;
9325 }
9326 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) {
9327 if (strict &&
9328 !(bss_param_support & WIPHY_BSS_PARAM_SHORT_SLOT_TIME))
9329 return -EINVAL;
9330 params.use_short_slot_time =
9331 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
9332 changed |= WIPHY_BSS_PARAM_SHORT_SLOT_TIME;
9333 }
9334 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9335 if (strict &&
9336 !(bss_param_support & WIPHY_BSS_PARAM_BASIC_RATES))
9337 return -EINVAL;
9338 params.basic_rates =
9339 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9340 params.basic_rates_len =
9341 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9342 changed |= WIPHY_BSS_PARAM_BASIC_RATES;
9343 }
9344 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) {
9345 if (strict && !(bss_param_support & WIPHY_BSS_PARAM_AP_ISOLATE))
9346 return -EINVAL;
9347 params.ap_isolate =
9348 !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
9349 changed |= WIPHY_BSS_PARAM_AP_ISOLATE;
9350 }
9351 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) {
9352 if (strict && !(bss_param_support & WIPHY_BSS_PARAM_HT_OPMODE))
9353 return -EINVAL;
9354 params.ht_opmode =
9355 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
9356 changed |= WIPHY_BSS_PARAM_HT_OPMODE;
9357 }
9358
9359 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
9360 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9361 return -EINVAL;
9362 params.p2p_ctwindow =
9363 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
9364 if (params.p2p_ctwindow != 0 &&
9365 !(bss_param_support & WIPHY_BSS_PARAM_P2P_CTWINDOW))
9366 return -EINVAL;
9367 changed |= WIPHY_BSS_PARAM_P2P_CTWINDOW;
9368 }
9369
9370 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
9371 u8 tmp;
9372
9373 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9374 return -EINVAL;
9375 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
9376 if (tmp && !(bss_param_support & WIPHY_BSS_PARAM_P2P_OPPPS))
9377 return -EINVAL;
9378 params.p2p_opp_ps = tmp;
9379 if (params.p2p_opp_ps &&
9380 !(rdev->wiphy.bss_param_support & WIPHY_BSS_PARAM_P2P_OPPPS))
9381 return -EINVAL;
9382 }
9383
9384 if (!rdev->ops->change_bss)
9385 return -EOPNOTSUPP;
9386
9387 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
9388 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9389 return -EOPNOTSUPP;
9390
9391 changed &= rdev->wiphy.bss_param_support;
9392 if (!changed)
9393 return 0;
9394
9395 return rdev_change_bss(rdev, dev, ¶ms);
9396 }
9397
nl80211_req_set_reg(struct sk_buff * skb,struct genl_info * info)9398 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
9399 {
9400 char *data = NULL;
9401 bool is_indoor;
9402 enum nl80211_user_reg_hint_type user_reg_hint_type;
9403 u32 owner_nlportid;
9404
9405 /*
9406 * You should only get this when cfg80211 hasn't yet initialized
9407 * completely when built-in to the kernel right between the time
9408 * window between nl80211_init() and regulatory_init(), if that is
9409 * even possible.
9410 */
9411 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
9412 return -EINPROGRESS;
9413
9414 user_reg_hint_type =
9415 nla_get_u32_default(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE],
9416 NL80211_USER_REG_HINT_USER);
9417
9418 switch (user_reg_hint_type) {
9419 case NL80211_USER_REG_HINT_USER:
9420 case NL80211_USER_REG_HINT_CELL_BASE:
9421 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
9422 return -EINVAL;
9423
9424 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
9425 return regulatory_hint_user(data, user_reg_hint_type);
9426 case NL80211_USER_REG_HINT_INDOOR:
9427 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9428 owner_nlportid = info->snd_portid;
9429 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
9430 } else {
9431 owner_nlportid = 0;
9432 is_indoor = true;
9433 }
9434
9435 regulatory_hint_indoor(is_indoor, owner_nlportid);
9436 return 0;
9437 default:
9438 return -EINVAL;
9439 }
9440 }
9441
nl80211_reload_regdb(struct sk_buff * skb,struct genl_info * info)9442 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
9443 {
9444 return reg_reload_regdb();
9445 }
9446
nl80211_get_mesh_config(struct sk_buff * skb,struct genl_info * info)9447 static int nl80211_get_mesh_config(struct sk_buff *skb,
9448 struct genl_info *info)
9449 {
9450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9451 struct net_device *dev = info->user_ptr[1];
9452 struct wireless_dev *wdev = dev->ieee80211_ptr;
9453 struct mesh_config cur_params;
9454 int err = 0;
9455 void *hdr;
9456 struct nlattr *pinfoattr;
9457 struct sk_buff *msg;
9458
9459 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
9460 return -EOPNOTSUPP;
9461
9462 if (!rdev->ops->get_mesh_config)
9463 return -EOPNOTSUPP;
9464
9465 /* If not connected, get default parameters */
9466 if (!wdev->u.mesh.id_len)
9467 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
9468 else
9469 err = rdev_get_mesh_config(rdev, dev, &cur_params);
9470
9471 if (err)
9472 return err;
9473
9474 /* Draw up a netlink message to send back */
9475 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9476 if (!msg)
9477 return -ENOMEM;
9478 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9479 NL80211_CMD_GET_MESH_CONFIG);
9480 if (!hdr)
9481 goto out;
9482 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
9483 if (!pinfoattr)
9484 goto nla_put_failure;
9485 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9486 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
9487 cur_params.dot11MeshRetryTimeout) ||
9488 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
9489 cur_params.dot11MeshConfirmTimeout) ||
9490 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
9491 cur_params.dot11MeshHoldingTimeout) ||
9492 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
9493 cur_params.dot11MeshMaxPeerLinks) ||
9494 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
9495 cur_params.dot11MeshMaxRetries) ||
9496 nla_put_u8(msg, NL80211_MESHCONF_TTL,
9497 cur_params.dot11MeshTTL) ||
9498 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
9499 cur_params.element_ttl) ||
9500 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
9501 cur_params.auto_open_plinks) ||
9502 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
9503 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
9504 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
9505 cur_params.dot11MeshHWMPmaxPREQretries) ||
9506 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
9507 cur_params.path_refresh_time) ||
9508 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
9509 cur_params.min_discovery_timeout) ||
9510 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
9511 cur_params.dot11MeshHWMPactivePathTimeout) ||
9512 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
9513 cur_params.dot11MeshHWMPpreqMinInterval) ||
9514 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
9515 cur_params.dot11MeshHWMPperrMinInterval) ||
9516 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
9517 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
9518 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
9519 cur_params.dot11MeshHWMPRootMode) ||
9520 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
9521 cur_params.dot11MeshHWMPRannInterval) ||
9522 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
9523 cur_params.dot11MeshGateAnnouncementProtocol) ||
9524 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
9525 cur_params.dot11MeshForwarding) ||
9526 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
9527 cur_params.rssi_threshold) ||
9528 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
9529 cur_params.ht_opmode) ||
9530 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
9531 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
9532 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
9533 cur_params.dot11MeshHWMProotInterval) ||
9534 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
9535 cur_params.dot11MeshHWMPconfirmationInterval) ||
9536 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
9537 cur_params.power_mode) ||
9538 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
9539 cur_params.dot11MeshAwakeWindowDuration) ||
9540 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
9541 cur_params.plink_timeout) ||
9542 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
9543 cur_params.dot11MeshConnectedToMeshGate) ||
9544 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
9545 cur_params.dot11MeshNolearn) ||
9546 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
9547 cur_params.dot11MeshConnectedToAuthServer))
9548 goto nla_put_failure;
9549 nla_nest_end(msg, pinfoattr);
9550 genlmsg_end(msg, hdr);
9551 return genlmsg_reply(msg, info);
9552
9553 nla_put_failure:
9554 out:
9555 nlmsg_free(msg);
9556 return -ENOBUFS;
9557 }
9558
9559 static const struct nla_policy
9560 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
9561 [NL80211_MESHCONF_RETRY_TIMEOUT] =
9562 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9563 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
9564 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9565 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
9566 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9567 [NL80211_MESHCONF_MAX_PEER_LINKS] =
9568 NLA_POLICY_RANGE(NLA_U16, 0, 255),
9569 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
9570 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
9571 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
9572 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
9573 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
9574 NLA_POLICY_RANGE(NLA_U32, 1, 255),
9575 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
9576 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
9577 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
9578 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
9579 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
9580 NLA_POLICY_MIN(NLA_U16, 1),
9581 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
9582 NLA_POLICY_MIN(NLA_U16, 1),
9583 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
9584 NLA_POLICY_MIN(NLA_U16, 1),
9585 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
9586 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
9587 NLA_POLICY_MIN(NLA_U16, 1),
9588 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
9589 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
9590 [NL80211_MESHCONF_RSSI_THRESHOLD] =
9591 NLA_POLICY_RANGE(NLA_S32, -255, 0),
9592 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
9593 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
9594 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
9595 NLA_POLICY_MIN(NLA_U16, 1),
9596 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
9597 NLA_POLICY_MIN(NLA_U16, 1),
9598 [NL80211_MESHCONF_POWER_MODE] =
9599 NLA_POLICY_RANGE(NLA_U32,
9600 NL80211_MESH_POWER_ACTIVE,
9601 NL80211_MESH_POWER_MAX),
9602 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
9603 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
9604 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9605 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9606 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9607 };
9608
9609 static const struct nla_policy
9610 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
9611 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
9612 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
9613 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
9614 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
9615 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
9616 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
9617 [NL80211_MESH_SETUP_IE] =
9618 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
9619 IEEE80211_MAX_DATA_LEN),
9620 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
9621 };
9622
nl80211_parse_mesh_config(struct genl_info * info,struct mesh_config * cfg,u32 * mask_out)9623 static int nl80211_parse_mesh_config(struct genl_info *info,
9624 struct mesh_config *cfg,
9625 u32 *mask_out)
9626 {
9627 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
9628 u32 mask = 0;
9629 u16 ht_opmode;
9630
9631 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
9632 do { \
9633 if (tb[attr]) { \
9634 cfg->param = fn(tb[attr]); \
9635 mask |= BIT((attr) - 1); \
9636 } \
9637 } while (0)
9638
9639 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
9640 return -EINVAL;
9641 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
9642 return -EINVAL;
9643
9644 /* This makes sure that there aren't more than 32 mesh config
9645 * parameters (otherwise our bitfield scheme would not work.) */
9646 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
9647
9648 /* Fill in the params struct */
9649 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
9650 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
9651 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
9652 NL80211_MESHCONF_CONFIRM_TIMEOUT,
9653 nla_get_u16);
9654 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
9655 NL80211_MESHCONF_HOLDING_TIMEOUT,
9656 nla_get_u16);
9657 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
9658 NL80211_MESHCONF_MAX_PEER_LINKS,
9659 nla_get_u16);
9660 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
9661 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
9662 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
9663 NL80211_MESHCONF_TTL, nla_get_u8);
9664 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
9665 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
9666 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
9667 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
9668 nla_get_u8);
9669 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
9670 mask,
9671 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
9672 nla_get_u32);
9673 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
9674 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
9675 nla_get_u8);
9676 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
9677 NL80211_MESHCONF_PATH_REFRESH_TIME,
9678 nla_get_u32);
9679 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
9680 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
9681 return -EINVAL;
9682 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
9683 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
9684 nla_get_u16);
9685 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
9686 mask,
9687 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
9688 nla_get_u32);
9689 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
9690 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
9691 cfg->dot11MeshHWMPactivePathTimeout > 65535))
9692 return -EINVAL;
9693 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
9694 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
9695 nla_get_u16);
9696 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
9697 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
9698 nla_get_u16);
9699 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
9700 dot11MeshHWMPnetDiameterTraversalTime, mask,
9701 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
9702 nla_get_u16);
9703 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
9704 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
9705 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
9706 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
9707 nla_get_u16);
9708 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
9709 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
9710 nla_get_u8);
9711 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
9712 NL80211_MESHCONF_FORWARDING, nla_get_u8);
9713 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
9714 NL80211_MESHCONF_RSSI_THRESHOLD,
9715 nla_get_s32);
9716 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
9717 NL80211_MESHCONF_CONNECTED_TO_GATE,
9718 nla_get_u8);
9719 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
9720 NL80211_MESHCONF_CONNECTED_TO_AS,
9721 nla_get_u8);
9722 /*
9723 * Check HT operation mode based on
9724 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
9725 */
9726 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
9727 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
9728
9729 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
9730 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
9731 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
9732 return -EINVAL;
9733
9734 /* NON_HT_STA bit is reserved, but some programs set it */
9735 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
9736
9737 cfg->ht_opmode = ht_opmode;
9738 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
9739 }
9740 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
9741 dot11MeshHWMPactivePathToRootTimeout, mask,
9742 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
9743 nla_get_u32);
9744 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
9745 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
9746 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
9747 return -EINVAL;
9748 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
9749 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
9750 nla_get_u16);
9751 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
9752 mask,
9753 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
9754 nla_get_u16);
9755 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
9756 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
9757 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
9758 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
9759 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
9760 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
9761 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
9762 NL80211_MESHCONF_NOLEARN, nla_get_u8);
9763 if (mask_out)
9764 *mask_out = mask;
9765
9766 return 0;
9767
9768 #undef FILL_IN_MESH_PARAM_IF_SET
9769 }
9770
nl80211_parse_mesh_setup(struct genl_info * info,struct mesh_setup * setup)9771 static int nl80211_parse_mesh_setup(struct genl_info *info,
9772 struct mesh_setup *setup)
9773 {
9774 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9775 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
9776
9777 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
9778 return -EINVAL;
9779 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
9780 return -EINVAL;
9781
9782 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
9783 setup->sync_method =
9784 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
9785 IEEE80211_SYNC_METHOD_VENDOR :
9786 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
9787
9788 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
9789 setup->path_sel_proto =
9790 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
9791 IEEE80211_PATH_PROTOCOL_VENDOR :
9792 IEEE80211_PATH_PROTOCOL_HWMP;
9793
9794 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
9795 setup->path_metric =
9796 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
9797 IEEE80211_PATH_METRIC_VENDOR :
9798 IEEE80211_PATH_METRIC_AIRTIME;
9799
9800 if (tb[NL80211_MESH_SETUP_IE]) {
9801 struct nlattr *ieattr =
9802 tb[NL80211_MESH_SETUP_IE];
9803 setup->ie = nla_data(ieattr);
9804 setup->ie_len = nla_len(ieattr);
9805 }
9806 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
9807 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
9808 return -EINVAL;
9809 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
9810 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
9811 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
9812 if (setup->is_secure)
9813 setup->user_mpm = true;
9814
9815 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
9816 if (!setup->user_mpm)
9817 return -EINVAL;
9818 setup->auth_id =
9819 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
9820 }
9821
9822 return 0;
9823 }
9824
nl80211_update_mesh_config(struct sk_buff * skb,struct genl_info * info)9825 static int nl80211_update_mesh_config(struct sk_buff *skb,
9826 struct genl_info *info)
9827 {
9828 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9829 struct net_device *dev = info->user_ptr[1];
9830 struct wireless_dev *wdev = dev->ieee80211_ptr;
9831 struct mesh_config cfg = {};
9832 u32 mask;
9833 int err;
9834
9835 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
9836 return -EOPNOTSUPP;
9837
9838 if (!rdev->ops->update_mesh_config)
9839 return -EOPNOTSUPP;
9840
9841 err = nl80211_parse_mesh_config(info, &cfg, &mask);
9842 if (err)
9843 return err;
9844
9845 if (!wdev->u.mesh.id_len)
9846 err = -ENOLINK;
9847
9848 if (!err)
9849 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
9850
9851 return err;
9852 }
9853
nl80211_put_regdom(const struct ieee80211_regdomain * regdom,struct sk_buff * msg)9854 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
9855 struct sk_buff *msg)
9856 {
9857 struct nlattr *nl_reg_rules;
9858 unsigned int i;
9859
9860 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
9861 (regdom->dfs_region &&
9862 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
9863 goto nla_put_failure;
9864
9865 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
9866 if (!nl_reg_rules)
9867 goto nla_put_failure;
9868
9869 for (i = 0; i < regdom->n_reg_rules; i++) {
9870 struct nlattr *nl_reg_rule;
9871 const struct ieee80211_reg_rule *reg_rule;
9872 const struct ieee80211_freq_range *freq_range;
9873 const struct ieee80211_power_rule *power_rule;
9874 unsigned int max_bandwidth_khz;
9875
9876 reg_rule = ®dom->reg_rules[i];
9877 freq_range = ®_rule->freq_range;
9878 power_rule = ®_rule->power_rule;
9879
9880 nl_reg_rule = nla_nest_start_noflag(msg, i);
9881 if (!nl_reg_rule)
9882 goto nla_put_failure;
9883
9884 max_bandwidth_khz = freq_range->max_bandwidth_khz;
9885 if (!max_bandwidth_khz)
9886 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
9887 reg_rule);
9888
9889 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
9890 reg_rule->flags) ||
9891 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
9892 freq_range->start_freq_khz) ||
9893 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
9894 freq_range->end_freq_khz) ||
9895 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
9896 max_bandwidth_khz) ||
9897 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
9898 power_rule->max_antenna_gain) ||
9899 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
9900 power_rule->max_eirp) ||
9901 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
9902 reg_rule->dfs_cac_ms))
9903 goto nla_put_failure;
9904
9905 if ((reg_rule->flags & NL80211_RRF_PSD) &&
9906 nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
9907 reg_rule->psd))
9908 goto nla_put_failure;
9909
9910 nla_nest_end(msg, nl_reg_rule);
9911 }
9912
9913 nla_nest_end(msg, nl_reg_rules);
9914 return 0;
9915
9916 nla_put_failure:
9917 return -EMSGSIZE;
9918 }
9919
nl80211_get_reg_do(struct sk_buff * skb,struct genl_info * info)9920 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
9921 {
9922 const struct ieee80211_regdomain *regdom = NULL;
9923 struct cfg80211_registered_device *rdev;
9924 struct wiphy *wiphy = NULL;
9925 struct sk_buff *msg;
9926 int err = -EMSGSIZE;
9927 void *hdr;
9928
9929 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9930 if (!msg)
9931 return -ENOBUFS;
9932
9933 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9934 NL80211_CMD_GET_REG);
9935 if (!hdr)
9936 goto put_failure;
9937
9938 rtnl_lock();
9939
9940 if (info->attrs[NL80211_ATTR_WIPHY]) {
9941 bool self_managed;
9942
9943 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9944 if (IS_ERR(rdev)) {
9945 err = PTR_ERR(rdev);
9946 goto nla_put_failure;
9947 }
9948
9949 wiphy = &rdev->wiphy;
9950 self_managed = wiphy->regulatory_flags &
9951 REGULATORY_WIPHY_SELF_MANAGED;
9952
9953 rcu_read_lock();
9954
9955 regdom = get_wiphy_regdom(wiphy);
9956
9957 /* a self-managed-reg device must have a private regdom */
9958 if (WARN_ON(!regdom && self_managed)) {
9959 err = -EINVAL;
9960 goto nla_put_failure_rcu;
9961 }
9962
9963 if (regdom &&
9964 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
9965 goto nla_put_failure_rcu;
9966 } else {
9967 rcu_read_lock();
9968 }
9969
9970 if (!wiphy && reg_last_request_cell_base() &&
9971 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
9972 NL80211_USER_REG_HINT_CELL_BASE))
9973 goto nla_put_failure_rcu;
9974
9975 if (!regdom)
9976 regdom = rcu_dereference(cfg80211_regdomain);
9977
9978 if (nl80211_put_regdom(regdom, msg))
9979 goto nla_put_failure_rcu;
9980
9981 rcu_read_unlock();
9982
9983 genlmsg_end(msg, hdr);
9984 rtnl_unlock();
9985 return genlmsg_reply(msg, info);
9986
9987 nla_put_failure_rcu:
9988 rcu_read_unlock();
9989 nla_put_failure:
9990 rtnl_unlock();
9991 put_failure:
9992 nlmsg_free(msg);
9993 return err;
9994 }
9995
nl80211_send_regdom(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct wiphy * wiphy,const struct ieee80211_regdomain * regdom)9996 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
9997 u32 seq, int flags, struct wiphy *wiphy,
9998 const struct ieee80211_regdomain *regdom)
9999 {
10000 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
10001 NL80211_CMD_GET_REG);
10002
10003 if (!hdr)
10004 return -1;
10005
10006 genl_dump_check_consistent(cb, hdr);
10007
10008 if (nl80211_put_regdom(regdom, msg))
10009 goto nla_put_failure;
10010
10011 if (!wiphy && reg_last_request_cell_base() &&
10012 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
10013 NL80211_USER_REG_HINT_CELL_BASE))
10014 goto nla_put_failure;
10015
10016 if (wiphy &&
10017 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10018 goto nla_put_failure;
10019
10020 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
10021 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
10022 goto nla_put_failure;
10023
10024 genlmsg_end(msg, hdr);
10025 return 0;
10026
10027 nla_put_failure:
10028 genlmsg_cancel(msg, hdr);
10029 return -EMSGSIZE;
10030 }
10031
nl80211_get_reg_dump(struct sk_buff * skb,struct netlink_callback * cb)10032 static int nl80211_get_reg_dump(struct sk_buff *skb,
10033 struct netlink_callback *cb)
10034 {
10035 const struct ieee80211_regdomain *regdom = NULL;
10036 struct cfg80211_registered_device *rdev;
10037 int err, reg_idx, start = cb->args[2];
10038
10039 rcu_read_lock();
10040
10041 if (cfg80211_regdomain && start == 0) {
10042 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
10043 NLM_F_MULTI, NULL,
10044 rcu_dereference(cfg80211_regdomain));
10045 if (err < 0)
10046 goto out_err;
10047 }
10048
10049 /* the global regdom is idx 0 */
10050 reg_idx = 1;
10051 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
10052 regdom = get_wiphy_regdom(&rdev->wiphy);
10053 if (!regdom)
10054 continue;
10055
10056 if (++reg_idx <= start)
10057 continue;
10058
10059 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
10060 NLM_F_MULTI, &rdev->wiphy, regdom);
10061 if (err < 0) {
10062 reg_idx--;
10063 break;
10064 }
10065 }
10066
10067 cb->args[2] = reg_idx;
10068 err = skb->len;
10069 out_err:
10070 rcu_read_unlock();
10071 return err;
10072 }
10073
10074 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
10075 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
10076 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
10077 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
10078 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
10079 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
10080 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
10081 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
10082 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
10083 };
10084
parse_reg_rule(struct nlattr * tb[],struct ieee80211_reg_rule * reg_rule)10085 static int parse_reg_rule(struct nlattr *tb[],
10086 struct ieee80211_reg_rule *reg_rule)
10087 {
10088 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
10089 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
10090
10091 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
10092 return -EINVAL;
10093 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
10094 return -EINVAL;
10095 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
10096 return -EINVAL;
10097 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
10098 return -EINVAL;
10099 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
10100 return -EINVAL;
10101
10102 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
10103
10104 freq_range->start_freq_khz =
10105 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
10106 freq_range->end_freq_khz =
10107 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
10108 freq_range->max_bandwidth_khz =
10109 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
10110
10111 power_rule->max_eirp =
10112 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
10113
10114 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
10115 power_rule->max_antenna_gain =
10116 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
10117
10118 if (tb[NL80211_ATTR_DFS_CAC_TIME])
10119 reg_rule->dfs_cac_ms =
10120 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
10121
10122 return 0;
10123 }
10124
nl80211_set_reg(struct sk_buff * skb,struct genl_info * info)10125 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
10126 {
10127 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
10128 struct nlattr *nl_reg_rule;
10129 char *alpha2;
10130 int rem_reg_rules, r;
10131 u32 num_rules = 0, rule_idx = 0;
10132 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
10133 struct ieee80211_regdomain *rd;
10134
10135 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
10136 return -EINVAL;
10137
10138 if (!info->attrs[NL80211_ATTR_REG_RULES])
10139 return -EINVAL;
10140
10141 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
10142
10143 if (info->attrs[NL80211_ATTR_DFS_REGION])
10144 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
10145
10146 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
10147 rem_reg_rules) {
10148 num_rules++;
10149 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
10150 return -EINVAL;
10151 }
10152
10153 rtnl_lock();
10154 if (!reg_is_valid_request(alpha2)) {
10155 r = -EINVAL;
10156 goto out;
10157 }
10158
10159 rd = kzalloc_flex(*rd, reg_rules, num_rules);
10160 if (!rd) {
10161 r = -ENOMEM;
10162 goto out;
10163 }
10164
10165 rd->n_reg_rules = num_rules;
10166 rd->alpha2[0] = alpha2[0];
10167 rd->alpha2[1] = alpha2[1];
10168
10169 /*
10170 * Disable DFS master mode if the DFS region was
10171 * not supported or known on this kernel.
10172 */
10173 if (reg_supported_dfs_region(dfs_region))
10174 rd->dfs_region = dfs_region;
10175
10176 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
10177 rem_reg_rules) {
10178 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
10179 nl_reg_rule, reg_rule_policy,
10180 info->extack);
10181 if (r)
10182 goto bad_reg;
10183 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
10184 if (r)
10185 goto bad_reg;
10186
10187 rule_idx++;
10188
10189 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
10190 r = -EINVAL;
10191 goto bad_reg;
10192 }
10193 }
10194
10195 r = set_regdom(rd, REGD_SOURCE_CRDA);
10196 /* set_regdom takes ownership of rd */
10197 rd = NULL;
10198 bad_reg:
10199 kfree(rd);
10200 out:
10201 rtnl_unlock();
10202 return r;
10203 }
10204 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
10205
validate_scan_freqs(struct nlattr * freqs)10206 static int validate_scan_freqs(struct nlattr *freqs)
10207 {
10208 struct nlattr *attr1, *attr2;
10209 int n_channels = 0, tmp1, tmp2;
10210
10211 nla_for_each_nested(attr1, freqs, tmp1)
10212 if (nla_len(attr1) != sizeof(u32))
10213 return 0;
10214
10215 nla_for_each_nested(attr1, freqs, tmp1) {
10216 n_channels++;
10217 /*
10218 * Some hardware has a limited channel list for
10219 * scanning, and it is pretty much nonsensical
10220 * to scan for a channel twice, so disallow that
10221 * and don't require drivers to check that the
10222 * channel list they get isn't longer than what
10223 * they can scan, as long as they can scan all
10224 * the channels they registered at once.
10225 */
10226 nla_for_each_nested(attr2, freqs, tmp2)
10227 if (attr1 != attr2 &&
10228 nla_get_u32(attr1) == nla_get_u32(attr2))
10229 return 0;
10230 }
10231
10232 return n_channels;
10233 }
10234
is_band_valid(struct wiphy * wiphy,enum nl80211_band b)10235 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
10236 {
10237 return b < NUM_NL80211_BANDS && wiphy->bands[b];
10238 }
10239
parse_bss_select(struct nlattr * nla,struct wiphy * wiphy,struct cfg80211_bss_selection * bss_select)10240 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
10241 struct cfg80211_bss_selection *bss_select)
10242 {
10243 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
10244 struct nlattr *nest;
10245 int err;
10246 bool found = false;
10247 int i;
10248
10249 /* only process one nested attribute */
10250 nest = nla_data(nla);
10251 if (!nla_ok(nest, nla_len(nest)))
10252 return -EINVAL;
10253
10254 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
10255 nest, nl80211_bss_select_policy,
10256 NULL);
10257 if (err)
10258 return err;
10259
10260 /* only one attribute may be given */
10261 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
10262 if (attr[i]) {
10263 if (found)
10264 return -EINVAL;
10265 found = true;
10266 }
10267 }
10268
10269 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
10270
10271 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
10272 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
10273
10274 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
10275 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
10276 bss_select->param.band_pref =
10277 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
10278 if (!is_band_valid(wiphy, bss_select->param.band_pref))
10279 return -EINVAL;
10280 }
10281
10282 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
10283 struct nl80211_bss_select_rssi_adjust *adj_param;
10284
10285 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
10286 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
10287 bss_select->param.adjust.band = adj_param->band;
10288 bss_select->param.adjust.delta = adj_param->delta;
10289 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
10290 return -EINVAL;
10291 }
10292
10293 /* user-space did not provide behaviour attribute */
10294 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
10295 return -EINVAL;
10296
10297 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
10298 return -EINVAL;
10299
10300 return 0;
10301 }
10302
nl80211_parse_random_mac(struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask)10303 int nl80211_parse_random_mac(struct nlattr **attrs,
10304 u8 *mac_addr, u8 *mac_addr_mask)
10305 {
10306 int i;
10307
10308 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
10309 eth_zero_addr(mac_addr);
10310 eth_zero_addr(mac_addr_mask);
10311 mac_addr[0] = 0x2;
10312 mac_addr_mask[0] = 0x3;
10313
10314 return 0;
10315 }
10316
10317 /* need both or none */
10318 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
10319 return -EINVAL;
10320
10321 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
10322 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
10323
10324 /* don't allow or configure an mcast address */
10325 if (!is_multicast_ether_addr(mac_addr_mask) ||
10326 is_multicast_ether_addr(mac_addr))
10327 return -EINVAL;
10328
10329 /*
10330 * allow users to pass a MAC address that has bits set outside
10331 * of the mask, but don't bother drivers with having to deal
10332 * with such bits
10333 */
10334 for (i = 0; i < ETH_ALEN; i++)
10335 mac_addr[i] &= mac_addr_mask[i];
10336
10337 return 0;
10338 }
10339
cfg80211_off_channel_oper_allowed(struct wireless_dev * wdev,struct ieee80211_channel * chan)10340 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
10341 struct ieee80211_channel *chan)
10342 {
10343 unsigned int link_id;
10344 bool all_ok = true;
10345 int radio_idx;
10346
10347 lockdep_assert_wiphy(wdev->wiphy);
10348
10349 if (!cfg80211_wdev_channel_allowed(wdev, chan))
10350 return false;
10351
10352 if (!cfg80211_beaconing_iface_active(wdev))
10353 return true;
10354
10355 radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy, chan);
10356
10357 /*
10358 * FIXME: check if we have a free radio/link for chan
10359 *
10360 * This, as well as the FIXME below, requires knowing the link
10361 * capabilities of the hardware.
10362 */
10363
10364 /* we cannot leave radar channels */
10365 for_each_valid_link(wdev, link_id) {
10366 struct cfg80211_chan_def *chandef;
10367 int link_radio_idx;
10368
10369 chandef = wdev_chandef(wdev, link_id);
10370 if (!chandef || !chandef->chan)
10371 continue;
10372
10373 if (!(chandef->chan->flags & IEEE80211_CHAN_RADAR))
10374 continue;
10375
10376 /*
10377 * chandef->chan is a radar channel. If the radio/link onto
10378 * which this radar channel falls is the same radio/link onto
10379 * which the input 'chan' falls, off-channel operation should
10380 * not be allowed. Hence, set 'all_ok' to false.
10381 */
10382
10383 link_radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy,
10384 chandef->chan);
10385 if (link_radio_idx == radio_idx) {
10386 all_ok = false;
10387 break;
10388 }
10389 }
10390
10391 if (all_ok)
10392 return true;
10393
10394 return regulatory_pre_cac_allowed(wdev->wiphy);
10395 }
10396
nl80211_check_scan_feat(struct wiphy * wiphy,u32 flags,u32 flag,enum nl80211_ext_feature_index feat)10397 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
10398 enum nl80211_ext_feature_index feat)
10399 {
10400 if (!(flags & flag))
10401 return true;
10402 if (wiphy_ext_feature_isset(wiphy, feat))
10403 return true;
10404 return false;
10405 }
10406
10407 static int
nl80211_check_scan_flags(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask,u32 * flags,enum nl80211_feature_flags randomness_flag)10408 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
10409 struct nlattr **attrs, u8 *mac_addr, u8 *mac_addr_mask,
10410 u32 *flags, enum nl80211_feature_flags randomness_flag)
10411 {
10412 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
10413 return 0;
10414
10415 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
10416
10417 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
10418 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
10419 !nl80211_check_scan_feat(wiphy, *flags,
10420 NL80211_SCAN_FLAG_LOW_SPAN,
10421 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
10422 !nl80211_check_scan_feat(wiphy, *flags,
10423 NL80211_SCAN_FLAG_LOW_POWER,
10424 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
10425 !nl80211_check_scan_feat(wiphy, *flags,
10426 NL80211_SCAN_FLAG_HIGH_ACCURACY,
10427 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
10428 !nl80211_check_scan_feat(wiphy, *flags,
10429 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
10430 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
10431 !nl80211_check_scan_feat(wiphy, *flags,
10432 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
10433 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
10434 !nl80211_check_scan_feat(wiphy, *flags,
10435 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
10436 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
10437 !nl80211_check_scan_feat(wiphy, *flags,
10438 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
10439 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
10440 !nl80211_check_scan_feat(wiphy, *flags,
10441 NL80211_SCAN_FLAG_RANDOM_SN,
10442 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
10443 !nl80211_check_scan_feat(wiphy, *flags,
10444 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
10445 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
10446 return -EOPNOTSUPP;
10447
10448 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
10449 int err;
10450
10451 if (!(wiphy->features & randomness_flag) ||
10452 (wdev && wdev->connected))
10453 return -EOPNOTSUPP;
10454
10455 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
10456 if (err)
10457 return err;
10458 }
10459
10460 return 0;
10461 }
10462
10463 static int
nl80211_check_scan_flags_sched(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,struct cfg80211_sched_scan_request * req)10464 nl80211_check_scan_flags_sched(struct wiphy *wiphy, struct wireless_dev *wdev,
10465 struct nlattr **attrs,
10466 struct cfg80211_sched_scan_request *req)
10467 {
10468 return nl80211_check_scan_flags(wiphy, wdev, attrs,
10469 req->mac_addr, req->mac_addr_mask,
10470 &req->flags,
10471 wdev ? NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
10472 NL80211_FEATURE_ND_RANDOM_MAC_ADDR);
10473 }
10474
10475 static int
nl80211_check_scan_flags_reg(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,struct cfg80211_scan_request_int * req)10476 nl80211_check_scan_flags_reg(struct wiphy *wiphy, struct wireless_dev *wdev,
10477 struct nlattr **attrs,
10478 struct cfg80211_scan_request_int *req)
10479 {
10480 return nl80211_check_scan_flags(wiphy, wdev, attrs,
10481 req->req.mac_addr,
10482 req->req.mac_addr_mask,
10483 &req->req.flags,
10484 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR);
10485 }
10486
nl80211_trigger_scan(struct sk_buff * skb,struct genl_info * info)10487 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
10488 {
10489 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10490 struct wireless_dev *wdev = info->user_ptr[1];
10491 struct cfg80211_scan_request_int *request;
10492 struct nlattr *scan_freqs = NULL;
10493 bool scan_freqs_khz = false;
10494 struct nlattr *attr;
10495 struct wiphy *wiphy;
10496 int err, tmp, n_ssids = 0, n_channels, i;
10497 size_t ie_len, size;
10498 size_t ssids_offset, ie_offset;
10499
10500 wiphy = &rdev->wiphy;
10501
10502 if (wdev->iftype == NL80211_IFTYPE_NAN)
10503 return -EOPNOTSUPP;
10504
10505 if (!rdev->ops->scan)
10506 return -EOPNOTSUPP;
10507
10508 if (rdev->scan_req || rdev->scan_msg)
10509 return -EBUSY;
10510
10511 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
10512 if (!wiphy_ext_feature_isset(wiphy,
10513 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
10514 return -EOPNOTSUPP;
10515 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
10516 scan_freqs_khz = true;
10517 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
10518 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
10519
10520 if (scan_freqs) {
10521 n_channels = validate_scan_freqs(scan_freqs);
10522 if (!n_channels)
10523 return -EINVAL;
10524 } else {
10525 n_channels = ieee80211_get_num_supported_channels(wiphy);
10526 }
10527
10528 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
10529 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
10530 n_ssids++;
10531
10532 if (n_ssids > wiphy->max_scan_ssids)
10533 return -EINVAL;
10534
10535 if (info->attrs[NL80211_ATTR_IE])
10536 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10537 else
10538 ie_len = 0;
10539
10540 if (ie_len > wiphy->max_scan_ie_len)
10541 return -EINVAL;
10542
10543 size = struct_size(request, req.channels, n_channels);
10544 ssids_offset = size;
10545 size = size_add(size, array_size(sizeof(*request->req.ssids), n_ssids));
10546 ie_offset = size;
10547 size = size_add(size, ie_len);
10548 request = kzalloc(size, GFP_KERNEL);
10549 if (!request)
10550 return -ENOMEM;
10551
10552 if (n_ssids)
10553 request->req.ssids = (void *)request + ssids_offset;
10554 request->req.n_ssids = n_ssids;
10555 if (ie_len)
10556 request->req.ie = (void *)request + ie_offset;
10557
10558 i = 0;
10559 if (scan_freqs) {
10560 /* user specified, bail out if channel not found */
10561 nla_for_each_nested(attr, scan_freqs, tmp) {
10562 struct ieee80211_channel *chan;
10563 int freq = nla_get_u32(attr);
10564
10565 if (!scan_freqs_khz)
10566 freq = MHZ_TO_KHZ(freq);
10567
10568 chan = ieee80211_get_channel_khz(wiphy, freq);
10569 if (!chan) {
10570 err = -EINVAL;
10571 goto out_free;
10572 }
10573
10574 /* Ignore disabled / no primary channels */
10575 if (chan->flags & IEEE80211_CHAN_DISABLED ||
10576 chan->flags & IEEE80211_CHAN_S1G_NO_PRIMARY ||
10577 !cfg80211_wdev_channel_allowed(wdev, chan))
10578 continue;
10579
10580 request->req.channels[i] = chan;
10581 i++;
10582 }
10583 } else {
10584 enum nl80211_band band;
10585
10586 /* all channels */
10587 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10588 int j;
10589
10590 if (!wiphy->bands[band])
10591 continue;
10592 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
10593 struct ieee80211_channel *chan;
10594
10595 chan = &wiphy->bands[band]->channels[j];
10596
10597 if (chan->flags & IEEE80211_CHAN_DISABLED ||
10598 chan->flags &
10599 IEEE80211_CHAN_S1G_NO_PRIMARY ||
10600 !cfg80211_wdev_channel_allowed(wdev, chan))
10601 continue;
10602
10603 request->req.channels[i] = chan;
10604 i++;
10605 }
10606 }
10607 }
10608
10609 if (!i) {
10610 err = -EINVAL;
10611 goto out_free;
10612 }
10613
10614 request->req.n_channels = i;
10615
10616 for (i = 0; i < request->req.n_channels; i++) {
10617 struct ieee80211_channel *chan = request->req.channels[i];
10618
10619 /* if we can go off-channel to the target channel we're good */
10620 if (cfg80211_off_channel_oper_allowed(wdev, chan))
10621 continue;
10622
10623 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
10624 err = -EBUSY;
10625 goto out_free;
10626 }
10627 }
10628
10629 i = 0;
10630 if (n_ssids) {
10631 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
10632 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
10633 err = -EINVAL;
10634 goto out_free;
10635 }
10636 request->req.ssids[i].ssid_len = nla_len(attr);
10637 memcpy(request->req.ssids[i].ssid,
10638 nla_data(attr), nla_len(attr));
10639 i++;
10640 }
10641 }
10642
10643 if (info->attrs[NL80211_ATTR_IE]) {
10644 request->req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10645 memcpy((void *)request->req.ie,
10646 nla_data(info->attrs[NL80211_ATTR_IE]),
10647 request->req.ie_len);
10648 }
10649
10650 for (i = 0; i < NUM_NL80211_BANDS; i++)
10651 if (wiphy->bands[i])
10652 request->req.rates[i] =
10653 (1 << wiphy->bands[i]->n_bitrates) - 1;
10654
10655 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
10656 nla_for_each_nested(attr,
10657 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
10658 tmp) {
10659 enum nl80211_band band = nla_type(attr);
10660
10661 if (band < 0 || band >= NUM_NL80211_BANDS) {
10662 err = -EINVAL;
10663 goto out_free;
10664 }
10665
10666 if (!wiphy->bands[band])
10667 continue;
10668
10669 err = ieee80211_get_ratemask(wiphy->bands[band],
10670 nla_data(attr),
10671 nla_len(attr),
10672 &request->req.rates[band]);
10673 if (err)
10674 goto out_free;
10675 }
10676 }
10677
10678 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
10679 request->req.duration =
10680 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
10681 request->req.duration_mandatory =
10682 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
10683 }
10684
10685 err = nl80211_check_scan_flags_reg(wiphy, wdev, info->attrs, request);
10686 if (err)
10687 goto out_free;
10688
10689 request->req.no_cck =
10690 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10691
10692 /* Initial implementation used NL80211_ATTR_MAC to set the specific
10693 * BSSID to scan for. This was problematic because that same attribute
10694 * was already used for another purpose (local random MAC address). The
10695 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
10696 * compatibility with older userspace components, also use the
10697 * NL80211_ATTR_MAC value here if it can be determined to be used for
10698 * the specific BSSID use case instead of the random MAC address
10699 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
10700 */
10701 if (info->attrs[NL80211_ATTR_BSSID])
10702 memcpy(request->req.bssid,
10703 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
10704 else if (!(request->req.flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
10705 info->attrs[NL80211_ATTR_MAC])
10706 memcpy(request->req.bssid,
10707 nla_data(info->attrs[NL80211_ATTR_MAC]),
10708 ETH_ALEN);
10709 else
10710 eth_broadcast_addr(request->req.bssid);
10711
10712 request->req.tsf_report_link_id =
10713 nl80211_link_id_or_invalid(info->attrs);
10714 request->req.wdev = wdev;
10715 request->req.wiphy = &rdev->wiphy;
10716 request->req.scan_start = jiffies;
10717
10718 rdev->scan_req = request;
10719 err = cfg80211_scan(rdev);
10720
10721 if (err)
10722 goto out_free;
10723
10724 nl80211_send_scan_start(rdev, wdev);
10725 dev_hold(wdev->netdev);
10726
10727 return 0;
10728
10729 out_free:
10730 rdev->scan_req = NULL;
10731 kfree(request);
10732
10733 return err;
10734 }
10735
nl80211_abort_scan(struct sk_buff * skb,struct genl_info * info)10736 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
10737 {
10738 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10739 struct wireless_dev *wdev = info->user_ptr[1];
10740
10741 if (!rdev->ops->abort_scan)
10742 return -EOPNOTSUPP;
10743
10744 if (rdev->scan_msg)
10745 return 0;
10746
10747 if (!rdev->scan_req)
10748 return -ENOENT;
10749
10750 rdev_abort_scan(rdev, wdev);
10751 return 0;
10752 }
10753
10754 static int
nl80211_parse_sched_scan_plans(struct wiphy * wiphy,int n_plans,struct cfg80211_sched_scan_request * request,struct nlattr ** attrs)10755 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
10756 struct cfg80211_sched_scan_request *request,
10757 struct nlattr **attrs)
10758 {
10759 int tmp, err, i = 0;
10760 struct nlattr *attr;
10761
10762 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
10763 u32 interval;
10764
10765 /*
10766 * If scan plans are not specified,
10767 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
10768 * case one scan plan will be set with the specified scan
10769 * interval and infinite number of iterations.
10770 */
10771 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
10772 if (!interval)
10773 return -EINVAL;
10774
10775 request->scan_plans[0].interval =
10776 DIV_ROUND_UP(interval, MSEC_PER_SEC);
10777 if (!request->scan_plans[0].interval)
10778 return -EINVAL;
10779
10780 if (request->scan_plans[0].interval >
10781 wiphy->max_sched_scan_plan_interval)
10782 request->scan_plans[0].interval =
10783 wiphy->max_sched_scan_plan_interval;
10784
10785 return 0;
10786 }
10787
10788 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
10789 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
10790
10791 if (WARN_ON(i >= n_plans))
10792 return -EINVAL;
10793
10794 err = nla_parse_nested_deprecated(plan,
10795 NL80211_SCHED_SCAN_PLAN_MAX,
10796 attr, nl80211_plan_policy,
10797 NULL);
10798 if (err)
10799 return err;
10800
10801 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
10802 return -EINVAL;
10803
10804 request->scan_plans[i].interval =
10805 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
10806 if (!request->scan_plans[i].interval ||
10807 request->scan_plans[i].interval >
10808 wiphy->max_sched_scan_plan_interval)
10809 return -EINVAL;
10810
10811 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
10812 request->scan_plans[i].iterations =
10813 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
10814 if (!request->scan_plans[i].iterations ||
10815 (request->scan_plans[i].iterations >
10816 wiphy->max_sched_scan_plan_iterations))
10817 return -EINVAL;
10818 } else if (i < n_plans - 1) {
10819 /*
10820 * All scan plans but the last one must specify
10821 * a finite number of iterations
10822 */
10823 return -EINVAL;
10824 }
10825
10826 i++;
10827 }
10828
10829 /*
10830 * The last scan plan must not specify the number of
10831 * iterations, it is supposed to run infinitely
10832 */
10833 if (request->scan_plans[n_plans - 1].iterations)
10834 return -EINVAL;
10835
10836 return 0;
10837 }
10838
10839 static struct cfg80211_sched_scan_request *
nl80211_parse_sched_scan(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,int max_match_sets)10840 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
10841 struct nlattr **attrs, int max_match_sets)
10842 {
10843 struct cfg80211_sched_scan_request *request;
10844 struct nlattr *attr;
10845 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
10846 enum nl80211_band band;
10847 size_t ie_len, size;
10848 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
10849 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
10850
10851 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
10852 n_channels = validate_scan_freqs(
10853 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
10854 if (!n_channels)
10855 return ERR_PTR(-EINVAL);
10856 } else {
10857 n_channels = ieee80211_get_num_supported_channels(wiphy);
10858 }
10859
10860 if (attrs[NL80211_ATTR_SCAN_SSIDS])
10861 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
10862 tmp)
10863 n_ssids++;
10864
10865 if (n_ssids > wiphy->max_sched_scan_ssids)
10866 return ERR_PTR(-EINVAL);
10867
10868 /*
10869 * First, count the number of 'real' matchsets. Due to an issue with
10870 * the old implementation, matchsets containing only the RSSI attribute
10871 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
10872 * RSSI for all matchsets, rather than their own matchset for reporting
10873 * all APs with a strong RSSI. This is needed to be compatible with
10874 * older userspace that treated a matchset with only the RSSI as the
10875 * global RSSI for all other matchsets - if there are other matchsets.
10876 */
10877 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
10878 nla_for_each_nested(attr,
10879 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
10880 tmp) {
10881 struct nlattr *rssi;
10882
10883 err = nla_parse_nested_deprecated(tb,
10884 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
10885 attr,
10886 nl80211_match_policy,
10887 NULL);
10888 if (err)
10889 return ERR_PTR(err);
10890
10891 /* SSID and BSSID are mutually exclusive */
10892 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
10893 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
10894 return ERR_PTR(-EINVAL);
10895
10896 /* add other standalone attributes here */
10897 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
10898 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
10899 n_match_sets++;
10900 continue;
10901 }
10902 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
10903 if (rssi)
10904 default_match_rssi = nla_get_s32(rssi);
10905 }
10906 }
10907
10908 /* However, if there's no other matchset, add the RSSI one */
10909 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
10910 n_match_sets = 1;
10911
10912 if (n_match_sets > max_match_sets)
10913 return ERR_PTR(-EINVAL);
10914
10915 if (attrs[NL80211_ATTR_IE])
10916 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
10917 else
10918 ie_len = 0;
10919
10920 if (ie_len > wiphy->max_sched_scan_ie_len)
10921 return ERR_PTR(-EINVAL);
10922
10923 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
10924 /*
10925 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
10926 * each scan plan already specifies its own interval
10927 */
10928 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
10929 return ERR_PTR(-EINVAL);
10930
10931 nla_for_each_nested(attr,
10932 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
10933 n_plans++;
10934 } else {
10935 /*
10936 * The scan interval attribute is kept for backward
10937 * compatibility. If no scan plans are specified and sched scan
10938 * interval is specified, one scan plan will be set with this
10939 * scan interval and infinite number of iterations.
10940 */
10941 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
10942 return ERR_PTR(-EINVAL);
10943
10944 n_plans = 1;
10945 }
10946
10947 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
10948 return ERR_PTR(-EINVAL);
10949
10950 if (!wiphy_ext_feature_isset(
10951 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
10952 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
10953 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
10954 return ERR_PTR(-EINVAL);
10955
10956 size = struct_size(request, channels, n_channels);
10957 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
10958 size = size_add(size, array_size(sizeof(*request->match_sets),
10959 n_match_sets));
10960 size = size_add(size, array_size(sizeof(*request->scan_plans),
10961 n_plans));
10962 size = size_add(size, ie_len);
10963 request = kzalloc(size, GFP_KERNEL);
10964 if (!request)
10965 return ERR_PTR(-ENOMEM);
10966 request->n_channels = n_channels;
10967
10968 if (n_ssids)
10969 request->ssids = (void *)request +
10970 struct_size(request, channels, n_channels);
10971 request->n_ssids = n_ssids;
10972 if (ie_len) {
10973 if (n_ssids)
10974 request->ie = (void *)(request->ssids + n_ssids);
10975 else
10976 request->ie = (void *)(request->channels + n_channels);
10977 }
10978
10979 if (n_match_sets) {
10980 if (request->ie)
10981 request->match_sets = (void *)(request->ie + ie_len);
10982 else if (n_ssids)
10983 request->match_sets =
10984 (void *)(request->ssids + n_ssids);
10985 else
10986 request->match_sets =
10987 (void *)(request->channels + n_channels);
10988 }
10989 request->n_match_sets = n_match_sets;
10990
10991 if (n_match_sets)
10992 request->scan_plans = (void *)(request->match_sets +
10993 n_match_sets);
10994 else if (request->ie)
10995 request->scan_plans = (void *)(request->ie + ie_len);
10996 else if (n_ssids)
10997 request->scan_plans = (void *)(request->ssids + n_ssids);
10998 else
10999 request->scan_plans = (void *)(request->channels + n_channels);
11000
11001 request->n_scan_plans = n_plans;
11002
11003 i = 0;
11004 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
11005 /* user specified, bail out if channel not found */
11006 nla_for_each_nested(attr,
11007 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
11008 tmp) {
11009 struct ieee80211_channel *chan;
11010
11011 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
11012
11013 if (!chan) {
11014 err = -EINVAL;
11015 goto out_free;
11016 }
11017
11018 /* ignore disabled channels */
11019 if (chan->flags & IEEE80211_CHAN_DISABLED)
11020 continue;
11021
11022 request->channels[i] = chan;
11023 i++;
11024 }
11025 } else {
11026 /* all channels */
11027 for (band = 0; band < NUM_NL80211_BANDS; band++) {
11028 int j;
11029
11030 if (!wiphy->bands[band])
11031 continue;
11032 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
11033 struct ieee80211_channel *chan;
11034
11035 chan = &wiphy->bands[band]->channels[j];
11036
11037 if (chan->flags & IEEE80211_CHAN_DISABLED)
11038 continue;
11039
11040 request->channels[i] = chan;
11041 i++;
11042 }
11043 }
11044 }
11045
11046 if (!i) {
11047 err = -EINVAL;
11048 goto out_free;
11049 }
11050
11051 request->n_channels = i;
11052
11053 i = 0;
11054 if (n_ssids) {
11055 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
11056 tmp) {
11057 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
11058 err = -EINVAL;
11059 goto out_free;
11060 }
11061 request->ssids[i].ssid_len = nla_len(attr);
11062 memcpy(request->ssids[i].ssid, nla_data(attr),
11063 nla_len(attr));
11064 i++;
11065 }
11066 }
11067
11068 i = 0;
11069 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
11070 nla_for_each_nested(attr,
11071 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
11072 tmp) {
11073 struct nlattr *ssid, *bssid, *rssi;
11074
11075 err = nla_parse_nested_deprecated(tb,
11076 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
11077 attr,
11078 nl80211_match_policy,
11079 NULL);
11080 if (err)
11081 goto out_free;
11082 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
11083 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
11084
11085 if (!ssid && !bssid) {
11086 i++;
11087 continue;
11088 }
11089
11090 if (WARN_ON(i >= n_match_sets)) {
11091 /* this indicates a programming error,
11092 * the loop above should have verified
11093 * things properly
11094 */
11095 err = -EINVAL;
11096 goto out_free;
11097 }
11098
11099 if (ssid) {
11100 memcpy(request->match_sets[i].ssid.ssid,
11101 nla_data(ssid), nla_len(ssid));
11102 request->match_sets[i].ssid.ssid_len =
11103 nla_len(ssid);
11104 }
11105 if (bssid)
11106 memcpy(request->match_sets[i].bssid,
11107 nla_data(bssid), ETH_ALEN);
11108
11109 /* special attribute - old implementation w/a */
11110 request->match_sets[i].rssi_thold = default_match_rssi;
11111 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
11112 if (rssi)
11113 request->match_sets[i].rssi_thold =
11114 nla_get_s32(rssi);
11115 i++;
11116 }
11117
11118 /* there was no other matchset, so the RSSI one is alone */
11119 if (i == 0 && n_match_sets)
11120 request->match_sets[0].rssi_thold = default_match_rssi;
11121
11122 request->min_rssi_thold = INT_MAX;
11123 for (i = 0; i < n_match_sets; i++)
11124 request->min_rssi_thold =
11125 min(request->match_sets[i].rssi_thold,
11126 request->min_rssi_thold);
11127 } else {
11128 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
11129 }
11130
11131 if (ie_len) {
11132 request->ie_len = ie_len;
11133 memcpy((void *)request->ie,
11134 nla_data(attrs[NL80211_ATTR_IE]),
11135 request->ie_len);
11136 }
11137
11138 err = nl80211_check_scan_flags_sched(wiphy, wdev, attrs, request);
11139 if (err)
11140 goto out_free;
11141
11142 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
11143 request->delay =
11144 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
11145
11146 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
11147 request->relative_rssi = nla_get_s8(
11148 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
11149 request->relative_rssi_set = true;
11150 }
11151
11152 if (request->relative_rssi_set &&
11153 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
11154 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
11155
11156 rssi_adjust = nla_data(
11157 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
11158 request->rssi_adjust.band = rssi_adjust->band;
11159 request->rssi_adjust.delta = rssi_adjust->delta;
11160 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
11161 err = -EINVAL;
11162 goto out_free;
11163 }
11164 }
11165
11166 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
11167 if (err)
11168 goto out_free;
11169
11170 request->scan_start = jiffies;
11171
11172 return request;
11173
11174 out_free:
11175 kfree(request);
11176 return ERR_PTR(err);
11177 }
11178
nl80211_start_sched_scan(struct sk_buff * skb,struct genl_info * info)11179 static int nl80211_start_sched_scan(struct sk_buff *skb,
11180 struct genl_info *info)
11181 {
11182 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11183 struct net_device *dev = info->user_ptr[1];
11184 struct wireless_dev *wdev = dev->ieee80211_ptr;
11185 struct cfg80211_sched_scan_request *sched_scan_req;
11186 bool want_multi;
11187 int err;
11188
11189 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
11190 return -EOPNOTSUPP;
11191
11192 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
11193 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
11194 if (err)
11195 return err;
11196
11197 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
11198 info->attrs,
11199 rdev->wiphy.max_match_sets);
11200
11201 err = PTR_ERR_OR_ZERO(sched_scan_req);
11202 if (err)
11203 goto out_err;
11204
11205 /* leave request id zero for legacy request
11206 * or if driver does not support multi-scheduled scan
11207 */
11208 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
11209 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
11210
11211 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
11212 if (err)
11213 goto out_free;
11214
11215 sched_scan_req->dev = dev;
11216 sched_scan_req->wiphy = &rdev->wiphy;
11217
11218 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
11219 sched_scan_req->owner_nlportid = info->snd_portid;
11220
11221 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
11222
11223 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
11224 return 0;
11225
11226 out_free:
11227 kfree(sched_scan_req);
11228 out_err:
11229 return err;
11230 }
11231
nl80211_stop_sched_scan(struct sk_buff * skb,struct genl_info * info)11232 static int nl80211_stop_sched_scan(struct sk_buff *skb,
11233 struct genl_info *info)
11234 {
11235 struct cfg80211_sched_scan_request *req;
11236 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11237 u64 cookie;
11238
11239 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
11240 return -EOPNOTSUPP;
11241
11242 if (info->attrs[NL80211_ATTR_COOKIE]) {
11243 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11244 return __cfg80211_stop_sched_scan(rdev, cookie, false);
11245 }
11246
11247 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
11248 struct cfg80211_sched_scan_request,
11249 list);
11250 if (!req || req->reqid ||
11251 (req->owner_nlportid &&
11252 req->owner_nlportid != info->snd_portid))
11253 return -ENOENT;
11254
11255 return cfg80211_stop_sched_scan_req(rdev, req, false);
11256 }
11257
nl80211_start_radar_detection(struct sk_buff * skb,struct genl_info * info)11258 static int nl80211_start_radar_detection(struct sk_buff *skb,
11259 struct genl_info *info)
11260 {
11261 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11262 struct net_device *dev = info->user_ptr[1];
11263 struct wireless_dev *wdev = dev->ieee80211_ptr;
11264 int link_id = nl80211_link_id(info->attrs);
11265 struct wiphy *wiphy = wdev->wiphy;
11266 struct cfg80211_chan_def chandef;
11267 enum nl80211_dfs_regions dfs_region;
11268 unsigned int cac_time_ms;
11269 int err;
11270
11271 flush_delayed_work(&rdev->dfs_update_channels_wk);
11272
11273 switch (wdev->iftype) {
11274 case NL80211_IFTYPE_AP:
11275 case NL80211_IFTYPE_P2P_GO:
11276 case NL80211_IFTYPE_MESH_POINT:
11277 case NL80211_IFTYPE_ADHOC:
11278 break;
11279 default:
11280 /* caution - see cfg80211_beaconing_iface_active() below */
11281 return -EINVAL;
11282 }
11283
11284 guard(wiphy)(wiphy);
11285
11286 dfs_region = reg_get_dfs_region(wiphy);
11287 if (dfs_region == NL80211_DFS_UNSET)
11288 return -EINVAL;
11289
11290 err = nl80211_parse_chandef(rdev, info, &chandef);
11291 if (err)
11292 return err;
11293
11294 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
11295 if (err < 0)
11296 return err;
11297
11298 if (err == 0)
11299 return -EINVAL;
11300
11301 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
11302 return -EINVAL;
11303
11304 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND]))
11305 return cfg80211_start_background_radar_detection(rdev, wdev,
11306 &chandef);
11307
11308 if (cfg80211_beaconing_iface_active(wdev)) {
11309 /* During MLO other link(s) can beacon, only the current link
11310 * can not already beacon
11311 */
11312 if (wdev->valid_links &&
11313 !wdev->links[link_id].ap.beacon_interval) {
11314 /* nothing */
11315 } else {
11316 return -EBUSY;
11317 }
11318 }
11319
11320 if (wdev->links[link_id].cac_started)
11321 return -EBUSY;
11322
11323 /* CAC start is offloaded to HW and can't be started manually */
11324 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
11325 return -EOPNOTSUPP;
11326
11327 if (!rdev->ops->start_radar_detection)
11328 return -EOPNOTSUPP;
11329
11330 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
11331 if (WARN_ON(!cac_time_ms))
11332 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
11333
11334 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms,
11335 link_id);
11336 if (err)
11337 return err;
11338
11339 switch (wdev->iftype) {
11340 case NL80211_IFTYPE_AP:
11341 case NL80211_IFTYPE_P2P_GO:
11342 wdev->links[link_id].ap.chandef = chandef;
11343 break;
11344 case NL80211_IFTYPE_ADHOC:
11345 wdev->u.ibss.chandef = chandef;
11346 break;
11347 case NL80211_IFTYPE_MESH_POINT:
11348 wdev->u.mesh.chandef = chandef;
11349 break;
11350 default:
11351 break;
11352 }
11353 wdev->links[link_id].cac_started = true;
11354 wdev->links[link_id].cac_start_time = jiffies;
11355 wdev->links[link_id].cac_time_ms = cac_time_ms;
11356
11357 return 0;
11358 }
11359
nl80211_notify_radar_detection(struct sk_buff * skb,struct genl_info * info)11360 static int nl80211_notify_radar_detection(struct sk_buff *skb,
11361 struct genl_info *info)
11362 {
11363 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11364 struct net_device *dev = info->user_ptr[1];
11365 struct wireless_dev *wdev = dev->ieee80211_ptr;
11366 struct wiphy *wiphy = wdev->wiphy;
11367 struct cfg80211_chan_def chandef;
11368 enum nl80211_dfs_regions dfs_region;
11369 int err;
11370
11371 dfs_region = reg_get_dfs_region(wiphy);
11372 if (dfs_region == NL80211_DFS_UNSET) {
11373 GENL_SET_ERR_MSG(info,
11374 "DFS Region is not set. Unexpected Radar indication");
11375 return -EINVAL;
11376 }
11377
11378 err = nl80211_parse_chandef(rdev, info, &chandef);
11379 if (err) {
11380 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
11381 return err;
11382 }
11383
11384 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
11385 if (err < 0) {
11386 GENL_SET_ERR_MSG(info, "chandef is invalid");
11387 return err;
11388 }
11389
11390 if (err == 0) {
11391 GENL_SET_ERR_MSG(info,
11392 "Unexpected Radar indication for chandef/iftype");
11393 return -EINVAL;
11394 }
11395
11396 /* Do not process this notification if radar is already detected
11397 * by kernel on this channel, and return success.
11398 */
11399 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
11400 return 0;
11401
11402 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
11403
11404 cfg80211_sched_dfs_chan_update(rdev);
11405
11406 rdev->radar_chandef = chandef;
11407
11408 /* Propagate this notification to other radios as well */
11409 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
11410
11411 return 0;
11412 }
11413
nl80211_parse_counter_offsets(struct cfg80211_registered_device * rdev,const u8 * data,size_t datalen,int first_count,struct nlattr * attr,const u16 ** offsets,unsigned int * n_offsets)11414 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
11415 const u8 *data, size_t datalen,
11416 int first_count, struct nlattr *attr,
11417 const u16 **offsets, unsigned int *n_offsets)
11418 {
11419 int i;
11420
11421 *n_offsets = 0;
11422
11423 if (!attr)
11424 return 0;
11425
11426 if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
11427 return -EINVAL;
11428
11429 *n_offsets = nla_len(attr) / sizeof(u16);
11430 if (rdev->wiphy.max_num_csa_counters &&
11431 (*n_offsets > rdev->wiphy.max_num_csa_counters))
11432 return -EINVAL;
11433
11434 *offsets = nla_data(attr);
11435
11436 /* sanity checks - counters should fit and be the same */
11437 for (i = 0; i < *n_offsets; i++) {
11438 u16 offset = (*offsets)[i];
11439
11440 if (offset >= datalen)
11441 return -EINVAL;
11442
11443 if (first_count != -1 && data[offset] != first_count)
11444 return -EINVAL;
11445 }
11446
11447 return 0;
11448 }
11449
nl80211_channel_switch(struct sk_buff * skb,struct genl_info * info)11450 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
11451 {
11452 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11453 unsigned int link_id = nl80211_link_id(info->attrs);
11454 struct net_device *dev = info->user_ptr[1];
11455 struct wireless_dev *wdev = dev->ieee80211_ptr;
11456 struct cfg80211_csa_settings params;
11457 struct nlattr **csa_attrs = NULL;
11458 int err;
11459 bool need_new_beacon = false;
11460 bool need_handle_dfs_flag = true;
11461 u32 cs_count;
11462
11463 if (!rdev->ops->channel_switch ||
11464 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
11465 return -EOPNOTSUPP;
11466
11467 switch (dev->ieee80211_ptr->iftype) {
11468 case NL80211_IFTYPE_AP:
11469 case NL80211_IFTYPE_P2P_GO:
11470 need_new_beacon = true;
11471 /* For all modes except AP the handle_dfs flag needs to be
11472 * supplied to tell the kernel that userspace will handle radar
11473 * events when they happen. Otherwise a switch to a channel
11474 * requiring DFS will be rejected.
11475 */
11476 need_handle_dfs_flag = false;
11477
11478 /* useless if AP is not running */
11479 if (!wdev->links[link_id].ap.beacon_interval)
11480 return -ENOTCONN;
11481 break;
11482 case NL80211_IFTYPE_ADHOC:
11483 if (!wdev->u.ibss.ssid_len)
11484 return -ENOTCONN;
11485 break;
11486 case NL80211_IFTYPE_MESH_POINT:
11487 if (!wdev->u.mesh.id_len)
11488 return -ENOTCONN;
11489 break;
11490 default:
11491 return -EOPNOTSUPP;
11492 }
11493
11494 memset(¶ms, 0, sizeof(params));
11495 params.beacon_csa.ftm_responder = -1;
11496
11497 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11498 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
11499 return -EINVAL;
11500
11501 /* only important for AP, IBSS and mesh create IEs internally */
11502 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
11503 return -EINVAL;
11504
11505 /* Even though the attribute is u32, the specification says
11506 * u8, so let's make sure we don't overflow.
11507 */
11508 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
11509 if (cs_count > 255)
11510 return -EINVAL;
11511
11512 params.count = cs_count;
11513
11514 if (!need_new_beacon)
11515 goto skip_beacons;
11516
11517 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after,
11518 info->extack);
11519 if (err)
11520 goto free;
11521
11522 csa_attrs = kzalloc_objs(*csa_attrs, NL80211_ATTR_MAX + 1);
11523 if (!csa_attrs) {
11524 err = -ENOMEM;
11525 goto free;
11526 }
11527
11528 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
11529 info->attrs[NL80211_ATTR_CSA_IES],
11530 nl80211_policy, info->extack);
11531 if (err)
11532 goto free;
11533
11534 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa,
11535 info->extack);
11536 if (err)
11537 goto free;
11538
11539 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
11540 err = -EINVAL;
11541 goto free;
11542 }
11543
11544 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
11545 params.beacon_csa.tail_len,
11546 params.count,
11547 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
11548 ¶ms.counter_offsets_beacon,
11549 ¶ms.n_counter_offsets_beacon);
11550 if (err)
11551 goto free;
11552
11553 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
11554 params.beacon_csa.probe_resp_len,
11555 params.count,
11556 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
11557 ¶ms.counter_offsets_presp,
11558 ¶ms.n_counter_offsets_presp);
11559 if (err)
11560 goto free;
11561
11562 skip_beacons:
11563 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
11564 if (err)
11565 goto free;
11566
11567 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
11568 wdev->iftype)) {
11569 err = -EINVAL;
11570 goto free;
11571 }
11572
11573 err = cfg80211_chandef_dfs_required(wdev->wiphy,
11574 ¶ms.chandef,
11575 wdev->iftype);
11576 if (err < 0)
11577 goto free;
11578
11579 if (err > 0) {
11580 params.radar_required = true;
11581 if (need_handle_dfs_flag &&
11582 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
11583 err = -EINVAL;
11584 goto free;
11585 }
11586 }
11587
11588 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
11589 params.block_tx = true;
11590
11591 if ((wdev->iftype == NL80211_IFTYPE_AP ||
11592 wdev->iftype == NL80211_IFTYPE_P2P_GO) &&
11593 info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
11594 err = nl80211_parse_unsol_bcast_probe_resp(
11595 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
11596 ¶ms.unsol_bcast_probe_resp);
11597 if (err)
11598 goto free;
11599 }
11600
11601 params.link_id = link_id;
11602 err = rdev_channel_switch(rdev, dev, ¶ms);
11603
11604 free:
11605 kfree(params.beacon_after.mbssid_ies);
11606 kfree(params.beacon_csa.mbssid_ies);
11607 kfree(params.beacon_after.rnr_ies);
11608 kfree(params.beacon_csa.rnr_ies);
11609 kfree(csa_attrs);
11610 return err;
11611 }
11612
nl80211_send_bss(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct cfg80211_internal_bss * intbss)11613 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
11614 u32 seq, int flags,
11615 struct cfg80211_registered_device *rdev,
11616 struct wireless_dev *wdev,
11617 struct cfg80211_internal_bss *intbss)
11618 {
11619 struct cfg80211_bss *res = &intbss->pub;
11620 const struct cfg80211_bss_ies *ies;
11621 unsigned int link_id;
11622 void *hdr;
11623 struct nlattr *bss;
11624
11625 lockdep_assert_wiphy(wdev->wiphy);
11626
11627 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
11628 NL80211_CMD_NEW_SCAN_RESULTS);
11629 if (!hdr)
11630 return -1;
11631
11632 genl_dump_check_consistent(cb, hdr);
11633
11634 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
11635 goto nla_put_failure;
11636 if (wdev->netdev &&
11637 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
11638 goto nla_put_failure;
11639 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11640 NL80211_ATTR_PAD))
11641 goto nla_put_failure;
11642
11643 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
11644 if (!bss)
11645 goto nla_put_failure;
11646 if ((!is_zero_ether_addr(res->bssid) &&
11647 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
11648 goto nla_put_failure;
11649
11650 rcu_read_lock();
11651 /* indicate whether we have probe response data or not */
11652 if (rcu_access_pointer(res->proberesp_ies) &&
11653 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
11654 goto fail_unlock_rcu;
11655
11656 /* this pointer prefers to be pointed to probe response data
11657 * but is always valid
11658 */
11659 ies = rcu_dereference(res->ies);
11660 if (ies) {
11661 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
11662 NL80211_BSS_PAD))
11663 goto fail_unlock_rcu;
11664 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
11665 ies->len, ies->data))
11666 goto fail_unlock_rcu;
11667 }
11668
11669 /* and this pointer is always (unless driver didn't know) beacon data */
11670 ies = rcu_dereference(res->beacon_ies);
11671 if (ies && ies->from_beacon) {
11672 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
11673 NL80211_BSS_PAD))
11674 goto fail_unlock_rcu;
11675 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
11676 ies->len, ies->data))
11677 goto fail_unlock_rcu;
11678 }
11679 rcu_read_unlock();
11680
11681 if (res->beacon_interval &&
11682 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
11683 goto nla_put_failure;
11684 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
11685 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
11686 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
11687 res->channel->freq_offset) ||
11688 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
11689 jiffies_to_msecs(jiffies - intbss->ts)))
11690 goto nla_put_failure;
11691
11692 if (intbss->parent_tsf &&
11693 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
11694 intbss->parent_tsf, NL80211_BSS_PAD) ||
11695 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
11696 intbss->parent_bssid)))
11697 goto nla_put_failure;
11698
11699 if (res->ts_boottime &&
11700 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
11701 res->ts_boottime, NL80211_BSS_PAD))
11702 goto nla_put_failure;
11703
11704 if (!nl80211_put_signal(msg, intbss->pub.chains,
11705 intbss->pub.chain_signal,
11706 NL80211_BSS_CHAIN_SIGNAL))
11707 goto nla_put_failure;
11708
11709 if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) {
11710 switch (rdev->wiphy.signal_type) {
11711 case CFG80211_SIGNAL_TYPE_MBM:
11712 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM,
11713 res->signal))
11714 goto nla_put_failure;
11715 break;
11716 case CFG80211_SIGNAL_TYPE_UNSPEC:
11717 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC,
11718 res->signal))
11719 goto nla_put_failure;
11720 break;
11721 default:
11722 break;
11723 }
11724 }
11725
11726 switch (wdev->iftype) {
11727 case NL80211_IFTYPE_P2P_CLIENT:
11728 case NL80211_IFTYPE_STATION:
11729 for_each_valid_link(wdev, link_id) {
11730 if (intbss == wdev->links[link_id].client.current_bss &&
11731 (nla_put_u32(msg, NL80211_BSS_STATUS,
11732 NL80211_BSS_STATUS_ASSOCIATED) ||
11733 (wdev->valid_links &&
11734 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
11735 link_id) ||
11736 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
11737 wdev->u.client.connected_addr)))))
11738 goto nla_put_failure;
11739 }
11740 break;
11741 case NL80211_IFTYPE_ADHOC:
11742 if (intbss == wdev->u.ibss.current_bss &&
11743 nla_put_u32(msg, NL80211_BSS_STATUS,
11744 NL80211_BSS_STATUS_IBSS_JOINED))
11745 goto nla_put_failure;
11746 break;
11747 default:
11748 break;
11749 }
11750
11751 if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
11752 goto nla_put_failure;
11753
11754 if (res->cannot_use_reasons &&
11755 nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
11756 res->cannot_use_reasons,
11757 NL80211_BSS_PAD))
11758 goto nla_put_failure;
11759
11760 nla_nest_end(msg, bss);
11761
11762 genlmsg_end(msg, hdr);
11763 return 0;
11764
11765 fail_unlock_rcu:
11766 rcu_read_unlock();
11767 nla_put_failure:
11768 genlmsg_cancel(msg, hdr);
11769 return -EMSGSIZE;
11770 }
11771
nl80211_dump_scan(struct sk_buff * skb,struct netlink_callback * cb)11772 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
11773 {
11774 struct cfg80211_registered_device *rdev;
11775 struct cfg80211_internal_bss *scan;
11776 struct wireless_dev *wdev;
11777 struct nlattr **attrbuf;
11778 int start = cb->args[2], idx = 0;
11779 bool dump_include_use_data;
11780 int err;
11781
11782 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
11783 if (!attrbuf)
11784 return -ENOMEM;
11785
11786 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
11787 if (err) {
11788 kfree(attrbuf);
11789 return err;
11790 }
11791 /* nl80211_prepare_wdev_dump acquired it in the successful case */
11792 __acquire(&rdev->wiphy.mtx);
11793
11794 dump_include_use_data =
11795 attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
11796 kfree(attrbuf);
11797
11798 spin_lock_bh(&rdev->bss_lock);
11799
11800 /*
11801 * dump_scan will be called multiple times to break up the scan results
11802 * into multiple messages. It is unlikely that any more bss-es will be
11803 * expired after the first call, so only call only call this on the
11804 * first dump_scan invocation.
11805 */
11806 if (start == 0)
11807 cfg80211_bss_expire(rdev);
11808
11809 cb->seq = rdev->bss_generation;
11810
11811 list_for_each_entry(scan, &rdev->bss_list, list) {
11812 if (++idx <= start)
11813 continue;
11814 if (!dump_include_use_data &&
11815 !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
11816 continue;
11817 if (nl80211_send_bss(skb, cb,
11818 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11819 rdev, wdev, scan) < 0) {
11820 idx--;
11821 break;
11822 }
11823 }
11824
11825 spin_unlock_bh(&rdev->bss_lock);
11826
11827 cb->args[2] = idx;
11828 wiphy_unlock(&rdev->wiphy);
11829
11830 return skb->len;
11831 }
11832
nl80211_send_survey(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,bool allow_radio_stats,struct survey_info * survey)11833 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
11834 int flags, struct net_device *dev,
11835 bool allow_radio_stats,
11836 struct survey_info *survey)
11837 {
11838 void *hdr;
11839 struct nlattr *infoattr;
11840
11841 /* skip radio stats if userspace didn't request them */
11842 if (!survey->channel && !allow_radio_stats)
11843 return 0;
11844
11845 hdr = nl80211hdr_put(msg, portid, seq, flags,
11846 NL80211_CMD_NEW_SURVEY_RESULTS);
11847 if (!hdr)
11848 return -ENOMEM;
11849
11850 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11851 goto nla_put_failure;
11852
11853 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
11854 if (!infoattr)
11855 goto nla_put_failure;
11856
11857 if (survey->channel &&
11858 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
11859 survey->channel->center_freq))
11860 goto nla_put_failure;
11861
11862 if (survey->channel && survey->channel->freq_offset &&
11863 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
11864 survey->channel->freq_offset))
11865 goto nla_put_failure;
11866
11867 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
11868 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
11869 goto nla_put_failure;
11870 if ((survey->filled & SURVEY_INFO_IN_USE) &&
11871 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
11872 goto nla_put_failure;
11873 if ((survey->filled & SURVEY_INFO_TIME) &&
11874 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
11875 survey->time, NL80211_SURVEY_INFO_PAD))
11876 goto nla_put_failure;
11877 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
11878 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
11879 survey->time_busy, NL80211_SURVEY_INFO_PAD))
11880 goto nla_put_failure;
11881 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
11882 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
11883 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
11884 goto nla_put_failure;
11885 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
11886 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
11887 survey->time_rx, NL80211_SURVEY_INFO_PAD))
11888 goto nla_put_failure;
11889 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
11890 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
11891 survey->time_tx, NL80211_SURVEY_INFO_PAD))
11892 goto nla_put_failure;
11893 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
11894 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
11895 survey->time_scan, NL80211_SURVEY_INFO_PAD))
11896 goto nla_put_failure;
11897 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
11898 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
11899 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
11900 goto nla_put_failure;
11901
11902 nla_nest_end(msg, infoattr);
11903
11904 genlmsg_end(msg, hdr);
11905 return 0;
11906
11907 nla_put_failure:
11908 genlmsg_cancel(msg, hdr);
11909 return -EMSGSIZE;
11910 }
11911
nl80211_dump_survey(struct sk_buff * skb,struct netlink_callback * cb)11912 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
11913 {
11914 struct nlattr **attrbuf;
11915 struct survey_info survey;
11916 struct cfg80211_registered_device *rdev;
11917 struct wireless_dev *wdev;
11918 int survey_idx = cb->args[2];
11919 int res;
11920 bool radio_stats;
11921
11922 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
11923 if (!attrbuf)
11924 return -ENOMEM;
11925
11926 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
11927 if (res) {
11928 kfree(attrbuf);
11929 return res;
11930 }
11931 /* nl80211_prepare_wdev_dump acquired it in the successful case */
11932 __acquire(&rdev->wiphy.mtx);
11933
11934 /* prepare_wdev_dump parsed the attributes */
11935 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
11936
11937 if (!wdev->netdev) {
11938 res = -EINVAL;
11939 goto out_err;
11940 }
11941
11942 if (!rdev->ops->dump_survey) {
11943 res = -EOPNOTSUPP;
11944 goto out_err;
11945 }
11946
11947 while (1) {
11948 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
11949 if (res == -ENOENT)
11950 break;
11951 if (res)
11952 goto out_err;
11953
11954 /* don't send disabled channels, but do send non-channel data */
11955 if (survey.channel &&
11956 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
11957 survey_idx++;
11958 continue;
11959 }
11960
11961 if (nl80211_send_survey(skb,
11962 NETLINK_CB(cb->skb).portid,
11963 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11964 wdev->netdev, radio_stats, &survey) < 0)
11965 goto out;
11966 survey_idx++;
11967 }
11968
11969 out:
11970 cb->args[2] = survey_idx;
11971 res = skb->len;
11972 out_err:
11973 kfree(attrbuf);
11974 wiphy_unlock(&rdev->wiphy);
11975 return res;
11976 }
11977
nl80211_authenticate(struct sk_buff * skb,struct genl_info * info)11978 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
11979 {
11980 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11981 struct net_device *dev = info->user_ptr[1];
11982 struct ieee80211_channel *chan;
11983 const u8 *bssid, *ssid;
11984 int err, ssid_len;
11985 enum nl80211_auth_type auth_type;
11986 struct key_parse key;
11987 bool local_state_change;
11988 struct cfg80211_auth_request req = {};
11989 u32 freq;
11990
11991 if (!info->attrs[NL80211_ATTR_MAC])
11992 return -EINVAL;
11993
11994 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
11995 return -EINVAL;
11996
11997 if (!info->attrs[NL80211_ATTR_SSID])
11998 return -EINVAL;
11999
12000 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
12001 return -EINVAL;
12002
12003 err = nl80211_parse_key(info, &key);
12004 if (err)
12005 return err;
12006
12007 if (key.idx >= 0) {
12008 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
12009 return -EINVAL;
12010 if (!key.p.key || !key.p.key_len)
12011 return -EINVAL;
12012 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
12013 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
12014 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
12015 key.p.key_len != WLAN_KEY_LEN_WEP104))
12016 return -EINVAL;
12017 if (key.idx > 3)
12018 return -EINVAL;
12019 } else {
12020 key.p.key_len = 0;
12021 key.p.key = NULL;
12022 }
12023
12024 if (key.idx >= 0) {
12025 int i;
12026 bool ok = false;
12027
12028 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
12029 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
12030 ok = true;
12031 break;
12032 }
12033 }
12034 if (!ok)
12035 return -EINVAL;
12036 }
12037
12038 if (!rdev->ops->auth)
12039 return -EOPNOTSUPP;
12040
12041 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12042 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12043 return -EOPNOTSUPP;
12044
12045 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12046 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
12047 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12048 freq +=
12049 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12050
12051 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
12052 if (!chan)
12053 return -EINVAL;
12054
12055 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12056 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12057
12058 if (info->attrs[NL80211_ATTR_IE]) {
12059 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12060 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12061 }
12062
12063 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
12064 req.supported_selectors =
12065 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12066 req.supported_selectors_len =
12067 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12068 }
12069
12070 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12071 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
12072 return -EINVAL;
12073
12074 if ((auth_type == NL80211_AUTHTYPE_SAE ||
12075 auth_type == NL80211_AUTHTYPE_FILS_SK ||
12076 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
12077 auth_type == NL80211_AUTHTYPE_FILS_PK ||
12078 auth_type == NL80211_AUTHTYPE_EPPKE) &&
12079 !info->attrs[NL80211_ATTR_AUTH_DATA])
12080 return -EINVAL;
12081
12082 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
12083 if (auth_type != NL80211_AUTHTYPE_SAE &&
12084 auth_type != NL80211_AUTHTYPE_FILS_SK &&
12085 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
12086 auth_type != NL80211_AUTHTYPE_FILS_PK &&
12087 auth_type != NL80211_AUTHTYPE_EPPKE)
12088 return -EINVAL;
12089 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
12090 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
12091 }
12092
12093 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12094
12095 /*
12096 * Since we no longer track auth state, ignore
12097 * requests to only change local state.
12098 */
12099 if (local_state_change)
12100 return 0;
12101
12102 req.auth_type = auth_type;
12103 req.key = key.p.key;
12104 req.key_len = key.p.key_len;
12105 req.key_idx = key.idx;
12106 req.link_id = nl80211_link_id_or_invalid(info->attrs);
12107 if (req.link_id >= 0) {
12108 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
12109 return -EINVAL;
12110 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
12111 return -EINVAL;
12112 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
12113 if (!is_valid_ether_addr(req.ap_mld_addr))
12114 return -EINVAL;
12115 }
12116
12117 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
12118 IEEE80211_BSS_TYPE_ESS,
12119 IEEE80211_PRIVACY_ANY);
12120 if (!req.bss)
12121 return -ENOENT;
12122
12123 err = cfg80211_mlme_auth(rdev, dev, &req);
12124
12125 cfg80211_put_bss(&rdev->wiphy, req.bss);
12126
12127 return err;
12128 }
12129
validate_pae_over_nl80211(struct cfg80211_registered_device * rdev,struct genl_info * info)12130 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
12131 struct genl_info *info)
12132 {
12133 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12134 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
12135 return -EINVAL;
12136 }
12137
12138 if (!rdev->ops->tx_control_port ||
12139 !wiphy_ext_feature_isset(&rdev->wiphy,
12140 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
12141 return -EOPNOTSUPP;
12142
12143 return 0;
12144 }
12145
nl80211_crypto_settings(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_crypto_settings * settings,int cipher_limit)12146 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
12147 struct genl_info *info,
12148 struct cfg80211_crypto_settings *settings,
12149 int cipher_limit)
12150 {
12151 memset(settings, 0, sizeof(*settings));
12152
12153 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
12154
12155 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
12156 u16 proto;
12157
12158 proto = nla_get_u16(
12159 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
12160 settings->control_port_ethertype = cpu_to_be16(proto);
12161 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
12162 proto != ETH_P_PAE)
12163 return -EINVAL;
12164 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
12165 settings->control_port_no_encrypt = true;
12166 } else
12167 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
12168
12169 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
12170 int r = validate_pae_over_nl80211(rdev, info);
12171
12172 if (r < 0)
12173 return r;
12174
12175 settings->control_port_over_nl80211 = true;
12176
12177 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
12178 settings->control_port_no_preauth = true;
12179 }
12180
12181 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
12182 void *data;
12183 int len, i;
12184
12185 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
12186 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
12187 settings->n_ciphers_pairwise = len / sizeof(u32);
12188
12189 if (len % sizeof(u32))
12190 return -EINVAL;
12191
12192 if (settings->n_ciphers_pairwise > cipher_limit)
12193 return -EINVAL;
12194
12195 memcpy(settings->ciphers_pairwise, data, len);
12196
12197 for (i = 0; i < settings->n_ciphers_pairwise; i++)
12198 if (!cfg80211_supported_cipher_suite(
12199 &rdev->wiphy,
12200 settings->ciphers_pairwise[i]))
12201 return -EINVAL;
12202 }
12203
12204 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
12205 settings->cipher_group =
12206 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
12207 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
12208 settings->cipher_group))
12209 return -EINVAL;
12210 }
12211
12212 if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
12213 settings->wpa_versions =
12214 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
12215
12216 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
12217 void *data;
12218 int len;
12219
12220 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
12221 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
12222 settings->n_akm_suites = len / sizeof(u32);
12223
12224 if (len % sizeof(u32))
12225 return -EINVAL;
12226
12227 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
12228 return -EINVAL;
12229
12230 memcpy(settings->akm_suites, data, len);
12231 }
12232
12233 if (info->attrs[NL80211_ATTR_PMK]) {
12234 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
12235 return -EINVAL;
12236 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12237 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
12238 !wiphy_ext_feature_isset(&rdev->wiphy,
12239 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
12240 return -EINVAL;
12241 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12242 }
12243
12244 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
12245 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12246 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
12247 !wiphy_ext_feature_isset(&rdev->wiphy,
12248 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
12249 return -EINVAL;
12250 settings->sae_pwd =
12251 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
12252 settings->sae_pwd_len =
12253 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
12254 }
12255
12256 settings->sae_pwe =
12257 nla_get_u8_default(info->attrs[NL80211_ATTR_SAE_PWE],
12258 NL80211_SAE_PWE_UNSPECIFIED);
12259
12260 return 0;
12261 }
12262
nl80211_assoc_bss(struct cfg80211_registered_device * rdev,const u8 * ssid,int ssid_len,struct nlattr ** attrs,int assoc_link_id,int link_id)12263 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
12264 const u8 *ssid, int ssid_len,
12265 struct nlattr **attrs,
12266 int assoc_link_id, int link_id)
12267 {
12268 struct ieee80211_channel *chan;
12269 struct cfg80211_bss *bss;
12270 const u8 *bssid;
12271 u32 freq, use_for = 0;
12272
12273 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
12274 return ERR_PTR(-EINVAL);
12275
12276 bssid = nla_data(attrs[NL80211_ATTR_MAC]);
12277
12278 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
12279 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12280 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12281
12282 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
12283 if (!chan)
12284 return ERR_PTR(-EINVAL);
12285
12286 if (assoc_link_id >= 0)
12287 use_for = NL80211_BSS_USE_FOR_MLD_LINK;
12288 if (assoc_link_id == link_id)
12289 use_for |= NL80211_BSS_USE_FOR_NORMAL;
12290
12291 bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
12292 ssid, ssid_len,
12293 IEEE80211_BSS_TYPE_ESS,
12294 IEEE80211_PRIVACY_ANY,
12295 use_for);
12296 if (!bss)
12297 return ERR_PTR(-ENOENT);
12298
12299 return bss;
12300 }
12301
nl80211_process_links(struct cfg80211_registered_device * rdev,struct cfg80211_assoc_link * links,int assoc_link_id,const u8 * ssid,int ssid_len,struct genl_info * info)12302 static int nl80211_process_links(struct cfg80211_registered_device *rdev,
12303 struct cfg80211_assoc_link *links,
12304 int assoc_link_id,
12305 const u8 *ssid, int ssid_len,
12306 struct genl_info *info)
12307 {
12308 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(struct nlattr *);
12309 struct nlattr **attrs __free(kfree) = kzalloc(attrsize, GFP_KERNEL);
12310 struct nlattr *link;
12311 unsigned int link_id;
12312 int rem, err;
12313
12314 if (!attrs)
12315 return -ENOMEM;
12316
12317 nla_for_each_nested(link, info->attrs[NL80211_ATTR_MLO_LINKS], rem) {
12318 memset(attrs, 0, attrsize);
12319
12320 nla_parse_nested(attrs, NL80211_ATTR_MAX, link, NULL, NULL);
12321
12322 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
12323 NL_SET_BAD_ATTR(info->extack, link);
12324 return -EINVAL;
12325 }
12326
12327 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
12328 /* cannot use the same link ID again */
12329 if (links[link_id].bss) {
12330 NL_SET_BAD_ATTR(info->extack, link);
12331 return -EINVAL;
12332 }
12333 links[link_id].bss =
12334 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
12335 assoc_link_id, link_id);
12336 if (IS_ERR(links[link_id].bss)) {
12337 err = PTR_ERR(links[link_id].bss);
12338 links[link_id].bss = NULL;
12339 NL_SET_ERR_MSG_ATTR(info->extack, link,
12340 "Error fetching BSS for link");
12341 return err;
12342 }
12343
12344 if (attrs[NL80211_ATTR_IE]) {
12345 links[link_id].elems = nla_data(attrs[NL80211_ATTR_IE]);
12346 links[link_id].elems_len =
12347 nla_len(attrs[NL80211_ATTR_IE]);
12348
12349 if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
12350 links[link_id].elems,
12351 links[link_id].elems_len)) {
12352 NL_SET_ERR_MSG_ATTR(info->extack,
12353 attrs[NL80211_ATTR_IE],
12354 "cannot deal with fragmentation");
12355 return -EINVAL;
12356 }
12357
12358 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
12359 links[link_id].elems,
12360 links[link_id].elems_len)) {
12361 NL_SET_ERR_MSG_ATTR(info->extack,
12362 attrs[NL80211_ATTR_IE],
12363 "cannot deal with non-inheritance");
12364 return -EINVAL;
12365 }
12366 }
12367 }
12368
12369 return 0;
12370 }
12371
nl80211_associate(struct sk_buff * skb,struct genl_info * info)12372 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
12373 {
12374 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12375 struct net_device *dev = info->user_ptr[1];
12376 struct cfg80211_assoc_request req = {};
12377 const u8 *ap_addr, *ssid;
12378 unsigned int link_id;
12379 int err, ssid_len;
12380
12381 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12382 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12383 return -EPERM;
12384
12385 if (!info->attrs[NL80211_ATTR_SSID])
12386 return -EINVAL;
12387
12388 if (!rdev->ops->assoc)
12389 return -EOPNOTSUPP;
12390
12391 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12392 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12393 return -EOPNOTSUPP;
12394
12395 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12396 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12397
12398 if (info->attrs[NL80211_ATTR_IE]) {
12399 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12400 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12401
12402 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
12403 req.ie, req.ie_len)) {
12404 NL_SET_ERR_MSG_ATTR(info->extack,
12405 info->attrs[NL80211_ATTR_IE],
12406 "non-inheritance makes no sense");
12407 return -EINVAL;
12408 }
12409 }
12410
12411 if (info->attrs[NL80211_ATTR_USE_MFP]) {
12412 enum nl80211_mfp mfp =
12413 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
12414 if (mfp == NL80211_MFP_REQUIRED)
12415 req.use_mfp = true;
12416 else if (mfp != NL80211_MFP_NO)
12417 return -EINVAL;
12418 }
12419
12420 if (info->attrs[NL80211_ATTR_PREV_BSSID])
12421 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
12422
12423 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
12424 req.supported_selectors =
12425 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12426 req.supported_selectors_len =
12427 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12428 }
12429
12430 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
12431 req.flags |= ASSOC_REQ_DISABLE_HT;
12432
12433 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12434 memcpy(&req.ht_capa_mask,
12435 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12436 sizeof(req.ht_capa_mask));
12437
12438 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12439 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12440 return -EINVAL;
12441 memcpy(&req.ht_capa,
12442 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12443 sizeof(req.ht_capa));
12444 }
12445
12446 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
12447 req.flags |= ASSOC_REQ_DISABLE_VHT;
12448
12449 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
12450 req.flags |= ASSOC_REQ_DISABLE_HE;
12451
12452 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
12453 req.flags |= ASSOC_REQ_DISABLE_EHT;
12454
12455 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_UHR]))
12456 req.flags |= ASSOC_REQ_DISABLE_UHR;
12457
12458 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12459 memcpy(&req.vht_capa_mask,
12460 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
12461 sizeof(req.vht_capa_mask));
12462
12463 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
12464 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12465 return -EINVAL;
12466 memcpy(&req.vht_capa,
12467 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
12468 sizeof(req.vht_capa));
12469 }
12470
12471 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
12472 if (!((rdev->wiphy.features &
12473 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
12474 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
12475 !wiphy_ext_feature_isset(&rdev->wiphy,
12476 NL80211_EXT_FEATURE_RRM))
12477 return -EINVAL;
12478 req.flags |= ASSOC_REQ_USE_RRM;
12479 }
12480
12481 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
12482 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
12483 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
12484 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
12485 return -EINVAL;
12486 req.fils_nonces =
12487 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
12488 }
12489
12490 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
12491 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
12492 return -EINVAL;
12493 memcpy(&req.s1g_capa_mask,
12494 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
12495 sizeof(req.s1g_capa_mask));
12496 }
12497
12498 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
12499 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
12500 return -EINVAL;
12501 memcpy(&req.s1g_capa,
12502 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
12503 sizeof(req.s1g_capa));
12504 }
12505
12506 if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
12507 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12508 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
12509 GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
12510 return -EINVAL;
12511 }
12512 req.flags |= ASSOC_REQ_SPP_AMSDU;
12513 }
12514
12515 req.link_id = nl80211_link_id_or_invalid(info->attrs);
12516
12517 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
12518 if (req.link_id < 0)
12519 return -EINVAL;
12520
12521 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
12522 return -EINVAL;
12523
12524 if (info->attrs[NL80211_ATTR_MAC] ||
12525 info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12526 !info->attrs[NL80211_ATTR_MLD_ADDR])
12527 return -EINVAL;
12528
12529 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
12530 ap_addr = req.ap_mld_addr;
12531
12532 err = nl80211_process_links(rdev, req.links, req.link_id,
12533 ssid, ssid_len, info);
12534 if (err)
12535 goto free;
12536
12537 if (!req.links[req.link_id].bss) {
12538 err = -EINVAL;
12539 goto free;
12540 }
12541
12542 if (req.links[req.link_id].elems_len) {
12543 GENL_SET_ERR_MSG(info,
12544 "cannot have per-link elems on assoc link");
12545 err = -EINVAL;
12546 goto free;
12547 }
12548
12549 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
12550 req.ext_mld_capa_ops =
12551 nla_get_u16(info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS]);
12552 } else {
12553 if (req.link_id >= 0)
12554 return -EINVAL;
12555
12556 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
12557 -1, -1);
12558 if (IS_ERR(req.bss))
12559 return PTR_ERR(req.bss);
12560 ap_addr = req.bss->bssid;
12561
12562 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
12563 return -EINVAL;
12564 }
12565
12566 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
12567 if (!err) {
12568 struct nlattr *link;
12569 int rem = 0;
12570
12571 err = cfg80211_mlme_assoc(rdev, dev, &req,
12572 info->extack);
12573
12574 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12575 dev->ieee80211_ptr->conn_owner_nlportid =
12576 info->snd_portid;
12577 memcpy(dev->ieee80211_ptr->disconnect_bssid,
12578 ap_addr, ETH_ALEN);
12579 }
12580
12581 /* Report error from first problematic link */
12582 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
12583 nla_for_each_nested(link,
12584 info->attrs[NL80211_ATTR_MLO_LINKS],
12585 rem) {
12586 struct nlattr *link_id_attr =
12587 nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
12588
12589 if (!link_id_attr)
12590 continue;
12591
12592 link_id = nla_get_u8(link_id_attr);
12593
12594 if (link_id == req.link_id)
12595 continue;
12596
12597 if (!req.links[link_id].error ||
12598 WARN_ON(req.links[link_id].error > 0))
12599 continue;
12600
12601 WARN_ON(err >= 0);
12602
12603 NL_SET_BAD_ATTR(info->extack, link);
12604 err = req.links[link_id].error;
12605 break;
12606 }
12607 }
12608 }
12609
12610 free:
12611 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
12612 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
12613 cfg80211_put_bss(&rdev->wiphy, req.bss);
12614
12615 return err;
12616 }
12617
nl80211_deauthenticate(struct sk_buff * skb,struct genl_info * info)12618 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
12619 {
12620 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12621 struct net_device *dev = info->user_ptr[1];
12622 const u8 *ie = NULL, *bssid;
12623 int ie_len = 0;
12624 u16 reason_code;
12625 bool local_state_change;
12626
12627 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12628 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12629 return -EPERM;
12630
12631 if (!info->attrs[NL80211_ATTR_MAC])
12632 return -EINVAL;
12633
12634 if (!info->attrs[NL80211_ATTR_REASON_CODE])
12635 return -EINVAL;
12636
12637 if (!rdev->ops->deauth)
12638 return -EOPNOTSUPP;
12639
12640 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12641 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12642 return -EOPNOTSUPP;
12643
12644 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12645
12646 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
12647 if (reason_code == 0) {
12648 /* Reason Code 0 is reserved */
12649 return -EINVAL;
12650 }
12651
12652 if (info->attrs[NL80211_ATTR_IE]) {
12653 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12654 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12655 }
12656
12657 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12658
12659 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
12660 local_state_change);
12661 }
12662
nl80211_disassociate(struct sk_buff * skb,struct genl_info * info)12663 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
12664 {
12665 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12666 struct net_device *dev = info->user_ptr[1];
12667 const u8 *ie = NULL, *bssid;
12668 int ie_len = 0;
12669 u16 reason_code;
12670 bool local_state_change;
12671
12672 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12673 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12674 return -EPERM;
12675
12676 if (!info->attrs[NL80211_ATTR_MAC])
12677 return -EINVAL;
12678
12679 if (!info->attrs[NL80211_ATTR_REASON_CODE])
12680 return -EINVAL;
12681
12682 if (!rdev->ops->disassoc)
12683 return -EOPNOTSUPP;
12684
12685 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12686 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12687 return -EOPNOTSUPP;
12688
12689 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12690
12691 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
12692 if (reason_code == 0) {
12693 /* Reason Code 0 is reserved */
12694 return -EINVAL;
12695 }
12696
12697 if (info->attrs[NL80211_ATTR_IE]) {
12698 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12699 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12700 }
12701
12702 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12703
12704 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
12705 local_state_change);
12706 }
12707
12708 static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device * rdev,int mcast_rate[NUM_NL80211_BANDS],int rateval)12709 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
12710 int mcast_rate[NUM_NL80211_BANDS],
12711 int rateval)
12712 {
12713 struct wiphy *wiphy = &rdev->wiphy;
12714 bool found = false;
12715 int band, i;
12716
12717 for (band = 0; band < NUM_NL80211_BANDS; band++) {
12718 struct ieee80211_supported_band *sband;
12719
12720 sband = wiphy->bands[band];
12721 if (!sband)
12722 continue;
12723
12724 for (i = 0; i < sband->n_bitrates; i++) {
12725 if (sband->bitrates[i].bitrate == rateval) {
12726 mcast_rate[band] = i + 1;
12727 found = true;
12728 break;
12729 }
12730 }
12731 }
12732
12733 return found;
12734 }
12735
nl80211_join_ibss(struct sk_buff * skb,struct genl_info * info)12736 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
12737 {
12738 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12739 struct net_device *dev = info->user_ptr[1];
12740 struct cfg80211_ibss_params ibss;
12741 struct wiphy *wiphy;
12742 struct cfg80211_cached_keys *connkeys = NULL;
12743 int err;
12744
12745 memset(&ibss, 0, sizeof(ibss));
12746
12747 if (!info->attrs[NL80211_ATTR_SSID] ||
12748 !nla_len(info->attrs[NL80211_ATTR_SSID]))
12749 return -EINVAL;
12750
12751 ibss.beacon_interval = 100;
12752
12753 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
12754 ibss.beacon_interval =
12755 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
12756
12757 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
12758 ibss.beacon_interval);
12759 if (err)
12760 return err;
12761
12762 if (!rdev->ops->join_ibss)
12763 return -EOPNOTSUPP;
12764
12765 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
12766 return -EOPNOTSUPP;
12767
12768 wiphy = &rdev->wiphy;
12769
12770 if (info->attrs[NL80211_ATTR_MAC]) {
12771 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12772
12773 if (!is_valid_ether_addr(ibss.bssid))
12774 return -EINVAL;
12775 }
12776 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12777 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12778
12779 if (info->attrs[NL80211_ATTR_IE]) {
12780 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12781 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12782 }
12783
12784 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
12785 if (err)
12786 return err;
12787
12788 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
12789 NL80211_IFTYPE_ADHOC))
12790 return -EINVAL;
12791
12792 switch (ibss.chandef.width) {
12793 case NL80211_CHAN_WIDTH_5:
12794 case NL80211_CHAN_WIDTH_10:
12795 case NL80211_CHAN_WIDTH_20_NOHT:
12796 break;
12797 case NL80211_CHAN_WIDTH_20:
12798 case NL80211_CHAN_WIDTH_40:
12799 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
12800 return -EINVAL;
12801 break;
12802 case NL80211_CHAN_WIDTH_80:
12803 case NL80211_CHAN_WIDTH_80P80:
12804 case NL80211_CHAN_WIDTH_160:
12805 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
12806 return -EINVAL;
12807 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12808 NL80211_EXT_FEATURE_VHT_IBSS))
12809 return -EINVAL;
12810 break;
12811 case NL80211_CHAN_WIDTH_320:
12812 return -EINVAL;
12813 default:
12814 return -EINVAL;
12815 }
12816
12817 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
12818 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
12819
12820 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
12821 u8 *rates =
12822 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
12823 int n_rates =
12824 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
12825 struct ieee80211_supported_band *sband =
12826 wiphy->bands[ibss.chandef.chan->band];
12827
12828 err = ieee80211_get_ratemask(sband, rates, n_rates,
12829 &ibss.basic_rates);
12830 if (err)
12831 return err;
12832 }
12833
12834 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12835 memcpy(&ibss.ht_capa_mask,
12836 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12837 sizeof(ibss.ht_capa_mask));
12838
12839 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12840 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12841 return -EINVAL;
12842 memcpy(&ibss.ht_capa,
12843 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12844 sizeof(ibss.ht_capa));
12845 }
12846
12847 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
12848 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
12849 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
12850 return -EINVAL;
12851
12852 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
12853 bool no_ht = false;
12854
12855 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
12856 if (IS_ERR(connkeys))
12857 return PTR_ERR(connkeys);
12858
12859 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
12860 no_ht) {
12861 kfree_sensitive(connkeys);
12862 return -EINVAL;
12863 }
12864 }
12865
12866 ibss.control_port =
12867 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
12868
12869 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
12870 int r = validate_pae_over_nl80211(rdev, info);
12871
12872 if (r < 0) {
12873 kfree_sensitive(connkeys);
12874 return r;
12875 }
12876
12877 ibss.control_port_over_nl80211 = true;
12878 }
12879
12880 ibss.userspace_handles_dfs =
12881 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
12882
12883 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
12884 if (err)
12885 kfree_sensitive(connkeys);
12886 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
12887 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
12888
12889 return err;
12890 }
12891
nl80211_leave_ibss(struct sk_buff * skb,struct genl_info * info)12892 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
12893 {
12894 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12895 struct net_device *dev = info->user_ptr[1];
12896
12897 if (!rdev->ops->leave_ibss)
12898 return -EOPNOTSUPP;
12899
12900 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
12901 return -EOPNOTSUPP;
12902
12903 return cfg80211_leave_ibss(rdev, dev, false);
12904 }
12905
nl80211_set_mcast_rate(struct sk_buff * skb,struct genl_info * info)12906 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
12907 {
12908 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12909 struct net_device *dev = info->user_ptr[1];
12910 int mcast_rate[NUM_NL80211_BANDS];
12911 u32 nla_rate;
12912
12913 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
12914 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
12915 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
12916 return -EOPNOTSUPP;
12917
12918 if (!rdev->ops->set_mcast_rate)
12919 return -EOPNOTSUPP;
12920
12921 memset(mcast_rate, 0, sizeof(mcast_rate));
12922
12923 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
12924 return -EINVAL;
12925
12926 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
12927 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
12928 return -EINVAL;
12929
12930 return rdev_set_mcast_rate(rdev, dev, mcast_rate);
12931 }
12932
12933 static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,int approxlen,u32 portid,u32 seq,enum nl80211_commands cmd,enum nl80211_attrs attr,const struct nl80211_vendor_cmd_info * info,gfp_t gfp)12934 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
12935 struct wireless_dev *wdev, int approxlen,
12936 u32 portid, u32 seq, enum nl80211_commands cmd,
12937 enum nl80211_attrs attr,
12938 const struct nl80211_vendor_cmd_info *info,
12939 gfp_t gfp)
12940 {
12941 struct sk_buff *skb;
12942 void *hdr;
12943 struct nlattr *data;
12944
12945 skb = nlmsg_new(approxlen + 100, gfp);
12946 if (!skb)
12947 return NULL;
12948
12949 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
12950 if (!hdr) {
12951 kfree_skb(skb);
12952 return NULL;
12953 }
12954
12955 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
12956 goto nla_put_failure;
12957
12958 if (info) {
12959 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
12960 info->vendor_id))
12961 goto nla_put_failure;
12962 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
12963 info->subcmd))
12964 goto nla_put_failure;
12965 }
12966
12967 if (wdev) {
12968 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12969 wdev_id(wdev), NL80211_ATTR_PAD))
12970 goto nla_put_failure;
12971 if (wdev->netdev &&
12972 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
12973 wdev->netdev->ifindex))
12974 goto nla_put_failure;
12975 }
12976
12977 data = nla_nest_start_noflag(skb, attr);
12978 if (!data)
12979 goto nla_put_failure;
12980
12981 ((void **)skb->cb)[0] = rdev;
12982 ((void **)skb->cb)[1] = hdr;
12983 ((void **)skb->cb)[2] = data;
12984
12985 return skb;
12986
12987 nla_put_failure:
12988 kfree_skb(skb);
12989 return NULL;
12990 }
12991
__cfg80211_alloc_event_skb(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_commands cmd,enum nl80211_attrs attr,unsigned int portid,int vendor_event_idx,int approxlen,gfp_t gfp)12992 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
12993 struct wireless_dev *wdev,
12994 enum nl80211_commands cmd,
12995 enum nl80211_attrs attr,
12996 unsigned int portid,
12997 int vendor_event_idx,
12998 int approxlen, gfp_t gfp)
12999 {
13000 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13001 const struct nl80211_vendor_cmd_info *info;
13002
13003 switch (cmd) {
13004 case NL80211_CMD_TESTMODE:
13005 if (WARN_ON(vendor_event_idx != -1))
13006 return NULL;
13007 info = NULL;
13008 break;
13009 case NL80211_CMD_VENDOR:
13010 if (WARN_ON(vendor_event_idx < 0 ||
13011 vendor_event_idx >= wiphy->n_vendor_events))
13012 return NULL;
13013 info = &wiphy->vendor_events[vendor_event_idx];
13014 break;
13015 default:
13016 WARN_ON(1);
13017 return NULL;
13018 }
13019
13020 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
13021 cmd, attr, info, gfp);
13022 }
13023 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
13024
__cfg80211_send_event_skb(struct sk_buff * skb,gfp_t gfp)13025 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
13026 {
13027 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13028 void *hdr = ((void **)skb->cb)[1];
13029 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
13030 struct nlattr *data = ((void **)skb->cb)[2];
13031 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
13032
13033 /* clear CB data for netlink core to own from now on */
13034 memset(skb->cb, 0, sizeof(skb->cb));
13035
13036 nla_nest_end(skb, data);
13037 genlmsg_end(skb, hdr);
13038
13039 if (nlhdr->nlmsg_pid) {
13040 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
13041 nlhdr->nlmsg_pid);
13042 } else {
13043 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
13044 mcgrp = NL80211_MCGRP_VENDOR;
13045
13046 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13047 skb, 0, mcgrp, gfp);
13048 }
13049 }
13050 EXPORT_SYMBOL(__cfg80211_send_event_skb);
13051
13052 #ifdef CONFIG_NL80211_TESTMODE
nl80211_testmode_do(struct sk_buff * skb,struct genl_info * info)13053 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
13054 {
13055 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13056 struct wireless_dev *wdev;
13057 int err;
13058
13059 lockdep_assert_held(&rdev->wiphy.mtx);
13060
13061 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
13062 info->attrs);
13063
13064 if (!rdev->ops->testmode_cmd)
13065 return -EOPNOTSUPP;
13066
13067 if (IS_ERR(wdev)) {
13068 err = PTR_ERR(wdev);
13069 if (err != -EINVAL)
13070 return err;
13071 wdev = NULL;
13072 } else if (wdev->wiphy != &rdev->wiphy) {
13073 return -EINVAL;
13074 }
13075
13076 if (!info->attrs[NL80211_ATTR_TESTDATA])
13077 return -EINVAL;
13078
13079 rdev->cur_cmd_info = info;
13080 err = rdev_testmode_cmd(rdev, wdev,
13081 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
13082 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
13083 rdev->cur_cmd_info = NULL;
13084
13085 return err;
13086 }
13087
nl80211_testmode_dump(struct sk_buff * skb,struct netlink_callback * cb)13088 static int nl80211_testmode_dump(struct sk_buff *skb,
13089 struct netlink_callback *cb)
13090 {
13091 struct cfg80211_registered_device *rdev;
13092 struct nlattr **attrbuf = NULL;
13093 int err;
13094 long phy_idx;
13095 void *data = NULL;
13096 int data_len = 0;
13097
13098 rtnl_lock();
13099
13100 if (cb->args[0]) {
13101 /*
13102 * 0 is a valid index, but not valid for args[0],
13103 * so we need to offset by 1.
13104 */
13105 phy_idx = cb->args[0] - 1;
13106
13107 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
13108 if (!rdev) {
13109 err = -ENOENT;
13110 goto out_err;
13111 }
13112 } else {
13113 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
13114 if (!attrbuf) {
13115 err = -ENOMEM;
13116 goto out_err;
13117 }
13118
13119 err = nlmsg_parse_deprecated(cb->nlh,
13120 GENL_HDRLEN + nl80211_fam.hdrsize,
13121 attrbuf, nl80211_fam.maxattr,
13122 nl80211_policy, NULL);
13123 if (err)
13124 goto out_err;
13125
13126 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13127 if (IS_ERR(rdev)) {
13128 err = PTR_ERR(rdev);
13129 goto out_err;
13130 }
13131 phy_idx = rdev->wiphy_idx;
13132
13133 if (attrbuf[NL80211_ATTR_TESTDATA])
13134 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
13135 }
13136
13137 if (cb->args[1]) {
13138 data = nla_data((void *)cb->args[1]);
13139 data_len = nla_len((void *)cb->args[1]);
13140 }
13141
13142 if (!rdev->ops->testmode_dump) {
13143 err = -EOPNOTSUPP;
13144 goto out_err;
13145 }
13146
13147 while (1) {
13148 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13149 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13150 NL80211_CMD_TESTMODE);
13151 struct nlattr *tmdata;
13152
13153 if (!hdr)
13154 break;
13155
13156 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
13157 genlmsg_cancel(skb, hdr);
13158 break;
13159 }
13160
13161 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
13162 if (!tmdata) {
13163 genlmsg_cancel(skb, hdr);
13164 break;
13165 }
13166 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
13167 nla_nest_end(skb, tmdata);
13168
13169 if (err == -ENOBUFS || err == -ENOENT) {
13170 genlmsg_cancel(skb, hdr);
13171 break;
13172 } else if (err) {
13173 genlmsg_cancel(skb, hdr);
13174 goto out_err;
13175 }
13176
13177 genlmsg_end(skb, hdr);
13178 }
13179
13180 err = skb->len;
13181 /* see above */
13182 cb->args[0] = phy_idx + 1;
13183 out_err:
13184 kfree(attrbuf);
13185 rtnl_unlock();
13186 return err;
13187 }
13188 #endif
13189
nl80211_connect(struct sk_buff * skb,struct genl_info * info)13190 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
13191 {
13192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13193 struct net_device *dev = info->user_ptr[1];
13194 struct cfg80211_connect_params connect;
13195 struct wiphy *wiphy;
13196 struct cfg80211_cached_keys *connkeys = NULL;
13197 u32 freq = 0;
13198 int err;
13199
13200 memset(&connect, 0, sizeof(connect));
13201
13202 if (!info->attrs[NL80211_ATTR_SSID] ||
13203 !nla_len(info->attrs[NL80211_ATTR_SSID]))
13204 return -EINVAL;
13205
13206 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
13207 connect.auth_type =
13208 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
13209 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
13210 NL80211_CMD_CONNECT))
13211 return -EINVAL;
13212 } else
13213 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
13214
13215 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
13216
13217 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
13218 !wiphy_ext_feature_isset(&rdev->wiphy,
13219 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13220 return -EINVAL;
13221 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
13222
13223 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
13224 NL80211_MAX_NR_CIPHER_SUITES);
13225 if (err)
13226 return err;
13227
13228 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13229 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13230 return -EOPNOTSUPP;
13231
13232 wiphy = &rdev->wiphy;
13233
13234 connect.bg_scan_period = -1;
13235 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
13236 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
13237 connect.bg_scan_period =
13238 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
13239 }
13240
13241 if (info->attrs[NL80211_ATTR_MAC])
13242 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13243 else if (info->attrs[NL80211_ATTR_MAC_HINT])
13244 connect.bssid_hint =
13245 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
13246 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13247 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13248
13249 if (info->attrs[NL80211_ATTR_IE]) {
13250 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13251 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13252 }
13253
13254 if (info->attrs[NL80211_ATTR_USE_MFP]) {
13255 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
13256 if (connect.mfp == NL80211_MFP_OPTIONAL &&
13257 !wiphy_ext_feature_isset(&rdev->wiphy,
13258 NL80211_EXT_FEATURE_MFP_OPTIONAL))
13259 return -EOPNOTSUPP;
13260 } else {
13261 connect.mfp = NL80211_MFP_NO;
13262 }
13263
13264 if (info->attrs[NL80211_ATTR_PREV_BSSID])
13265 connect.prev_bssid =
13266 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
13267
13268 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
13269 freq = MHZ_TO_KHZ(nla_get_u32(
13270 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
13271 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
13272 freq +=
13273 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
13274
13275 if (freq) {
13276 connect.channel = nl80211_get_valid_chan(wiphy, freq);
13277 if (!connect.channel)
13278 return -EINVAL;
13279 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
13280 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
13281 freq = MHZ_TO_KHZ(freq);
13282 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
13283 if (!connect.channel_hint)
13284 return -EINVAL;
13285 }
13286
13287 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
13288 connect.edmg.channels =
13289 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
13290
13291 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
13292 connect.edmg.bw_config =
13293 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
13294 }
13295
13296 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
13297 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
13298 if (IS_ERR(connkeys))
13299 return PTR_ERR(connkeys);
13300 }
13301
13302 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
13303 connect.flags |= ASSOC_REQ_DISABLE_HT;
13304
13305 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13306 memcpy(&connect.ht_capa_mask,
13307 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
13308 sizeof(connect.ht_capa_mask));
13309
13310 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
13311 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
13312 kfree_sensitive(connkeys);
13313 return -EINVAL;
13314 }
13315 memcpy(&connect.ht_capa,
13316 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
13317 sizeof(connect.ht_capa));
13318 }
13319
13320 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
13321 connect.flags |= ASSOC_REQ_DISABLE_VHT;
13322
13323 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
13324 connect.flags |= ASSOC_REQ_DISABLE_HE;
13325
13326 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
13327 connect.flags |= ASSOC_REQ_DISABLE_EHT;
13328
13329 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_UHR]))
13330 connect.flags |= ASSOC_REQ_DISABLE_UHR;
13331
13332 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
13333 memcpy(&connect.vht_capa_mask,
13334 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
13335 sizeof(connect.vht_capa_mask));
13336
13337 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
13338 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
13339 kfree_sensitive(connkeys);
13340 return -EINVAL;
13341 }
13342 memcpy(&connect.vht_capa,
13343 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
13344 sizeof(connect.vht_capa));
13345 }
13346
13347 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
13348 if (!((rdev->wiphy.features &
13349 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
13350 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
13351 !wiphy_ext_feature_isset(&rdev->wiphy,
13352 NL80211_EXT_FEATURE_RRM)) {
13353 kfree_sensitive(connkeys);
13354 return -EINVAL;
13355 }
13356 connect.flags |= ASSOC_REQ_USE_RRM;
13357 }
13358
13359 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
13360 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
13361 kfree_sensitive(connkeys);
13362 return -EOPNOTSUPP;
13363 }
13364
13365 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
13366 /* bss selection makes no sense if bssid is set */
13367 if (connect.bssid) {
13368 kfree_sensitive(connkeys);
13369 return -EINVAL;
13370 }
13371
13372 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
13373 wiphy, &connect.bss_select);
13374 if (err) {
13375 kfree_sensitive(connkeys);
13376 return err;
13377 }
13378 }
13379
13380 if (wiphy_ext_feature_isset(&rdev->wiphy,
13381 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
13382 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
13383 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
13384 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
13385 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13386 connect.fils_erp_username =
13387 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13388 connect.fils_erp_username_len =
13389 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13390 connect.fils_erp_realm =
13391 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13392 connect.fils_erp_realm_len =
13393 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13394 connect.fils_erp_next_seq_num =
13395 nla_get_u16(
13396 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
13397 connect.fils_erp_rrk =
13398 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13399 connect.fils_erp_rrk_len =
13400 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13401 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
13402 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
13403 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
13404 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13405 kfree_sensitive(connkeys);
13406 return -EINVAL;
13407 }
13408
13409 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
13410 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
13411 kfree_sensitive(connkeys);
13412 GENL_SET_ERR_MSG(info,
13413 "external auth requires connection ownership");
13414 return -EINVAL;
13415 }
13416 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
13417 }
13418
13419 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
13420 connect.flags |= CONNECT_REQ_MLO_SUPPORT;
13421
13422 err = cfg80211_connect(rdev, dev, &connect, connkeys,
13423 connect.prev_bssid);
13424 if (err)
13425 kfree_sensitive(connkeys);
13426
13427 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
13428 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13429 if (connect.bssid)
13430 memcpy(dev->ieee80211_ptr->disconnect_bssid,
13431 connect.bssid, ETH_ALEN);
13432 else
13433 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
13434 }
13435
13436 return err;
13437 }
13438
nl80211_update_connect_params(struct sk_buff * skb,struct genl_info * info)13439 static int nl80211_update_connect_params(struct sk_buff *skb,
13440 struct genl_info *info)
13441 {
13442 struct cfg80211_connect_params connect = {};
13443 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13444 struct net_device *dev = info->user_ptr[1];
13445 struct wireless_dev *wdev = dev->ieee80211_ptr;
13446 bool fils_sk_offload;
13447 u32 auth_type;
13448 u32 changed = 0;
13449
13450 if (!rdev->ops->update_connect_params)
13451 return -EOPNOTSUPP;
13452
13453 if (info->attrs[NL80211_ATTR_IE]) {
13454 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13455 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13456 changed |= UPDATE_ASSOC_IES;
13457 }
13458
13459 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
13460 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
13461
13462 /*
13463 * when driver supports fils-sk offload all attributes must be
13464 * provided. So the else covers "fils-sk-not-all" and
13465 * "no-fils-sk-any".
13466 */
13467 if (fils_sk_offload &&
13468 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
13469 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
13470 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
13471 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13472 connect.fils_erp_username =
13473 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13474 connect.fils_erp_username_len =
13475 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13476 connect.fils_erp_realm =
13477 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13478 connect.fils_erp_realm_len =
13479 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13480 connect.fils_erp_next_seq_num =
13481 nla_get_u16(
13482 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
13483 connect.fils_erp_rrk =
13484 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13485 connect.fils_erp_rrk_len =
13486 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13487 changed |= UPDATE_FILS_ERP_INFO;
13488 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
13489 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
13490 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
13491 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13492 return -EINVAL;
13493 }
13494
13495 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
13496 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
13497 if (!nl80211_valid_auth_type(rdev, auth_type,
13498 NL80211_CMD_CONNECT))
13499 return -EINVAL;
13500
13501 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
13502 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
13503 return -EINVAL;
13504
13505 connect.auth_type = auth_type;
13506 changed |= UPDATE_AUTH_TYPE;
13507 }
13508
13509 if (!wdev->connected)
13510 return -ENOLINK;
13511
13512 return rdev_update_connect_params(rdev, dev, &connect, changed);
13513 }
13514
nl80211_disconnect(struct sk_buff * skb,struct genl_info * info)13515 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
13516 {
13517 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13518 struct net_device *dev = info->user_ptr[1];
13519 u16 reason;
13520
13521 if (dev->ieee80211_ptr->conn_owner_nlportid &&
13522 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
13523 return -EPERM;
13524
13525 reason = nla_get_u16_default(info->attrs[NL80211_ATTR_REASON_CODE],
13526 WLAN_REASON_DEAUTH_LEAVING);
13527
13528 if (reason == 0)
13529 return -EINVAL;
13530
13531 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13532 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13533 return -EOPNOTSUPP;
13534
13535 return cfg80211_disconnect(rdev, dev, reason, true);
13536 }
13537
nl80211_wiphy_netns(struct sk_buff * skb,struct genl_info * info)13538 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
13539 {
13540 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13541 struct net *net;
13542 int err;
13543
13544 if (info->attrs[NL80211_ATTR_PID]) {
13545 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
13546
13547 net = get_net_ns_by_pid(pid);
13548 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
13549 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
13550
13551 net = get_net_ns_by_fd(fd);
13552 } else {
13553 return -EINVAL;
13554 }
13555
13556 if (IS_ERR(net))
13557 return PTR_ERR(net);
13558
13559 err = 0;
13560
13561 /* check if anything to do */
13562 if (!net_eq(wiphy_net(&rdev->wiphy), net))
13563 err = cfg80211_switch_netns(rdev, net);
13564
13565 put_net(net);
13566 return err;
13567 }
13568
nl80211_set_pmksa(struct sk_buff * skb,struct genl_info * info)13569 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
13570 {
13571 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13572 struct net_device *dev = info->user_ptr[1];
13573 struct cfg80211_pmksa pmksa;
13574 bool ap_pmksa_caching_support = false;
13575
13576 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
13577
13578 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
13579 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
13580
13581 if (!info->attrs[NL80211_ATTR_PMKID])
13582 return -EINVAL;
13583
13584 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13585
13586 if (info->attrs[NL80211_ATTR_MAC]) {
13587 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13588 } else if (info->attrs[NL80211_ATTR_SSID] &&
13589 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
13590 info->attrs[NL80211_ATTR_PMK]) {
13591 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13592 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13593 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
13594 } else {
13595 return -EINVAL;
13596 }
13597
13598 if (info->attrs[NL80211_ATTR_PMK]) {
13599 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13600 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13601 }
13602
13603 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
13604 pmksa.pmk_lifetime =
13605 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
13606
13607 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
13608 pmksa.pmk_reauth_threshold =
13609 nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
13610
13611 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13612 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
13613 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
13614 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
13615 ap_pmksa_caching_support))
13616 return -EOPNOTSUPP;
13617
13618 if (!rdev->ops->set_pmksa)
13619 return -EOPNOTSUPP;
13620
13621 return rdev_set_pmksa(rdev, dev, &pmksa);
13622 }
13623
nl80211_del_pmksa(struct sk_buff * skb,struct genl_info * info)13624 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
13625 {
13626 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13627 struct net_device *dev = info->user_ptr[1];
13628 struct cfg80211_pmksa pmksa;
13629 bool sae_offload_support = false;
13630 bool owe_offload_support = false;
13631 bool ap_pmksa_caching_support = false;
13632
13633 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
13634
13635 sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
13636 NL80211_EXT_FEATURE_SAE_OFFLOAD);
13637 owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
13638 NL80211_EXT_FEATURE_OWE_OFFLOAD);
13639 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
13640 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
13641
13642 if (info->attrs[NL80211_ATTR_PMKID])
13643 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13644
13645 if (info->attrs[NL80211_ATTR_MAC]) {
13646 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13647 } else if (info->attrs[NL80211_ATTR_SSID]) {
13648 /* SSID based pmksa flush supported only for FILS,
13649 * OWE/SAE OFFLOAD cases
13650 */
13651 if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
13652 info->attrs[NL80211_ATTR_PMK]) {
13653 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
13654 } else if (!sae_offload_support && !owe_offload_support) {
13655 return -EINVAL;
13656 }
13657 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13658 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13659 } else {
13660 return -EINVAL;
13661 }
13662
13663 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13664 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
13665 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
13666 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
13667 ap_pmksa_caching_support))
13668 return -EOPNOTSUPP;
13669
13670 if (!rdev->ops->del_pmksa)
13671 return -EOPNOTSUPP;
13672
13673 return rdev_del_pmksa(rdev, dev, &pmksa);
13674 }
13675
nl80211_flush_pmksa(struct sk_buff * skb,struct genl_info * info)13676 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
13677 {
13678 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13679 struct net_device *dev = info->user_ptr[1];
13680
13681 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13682 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13683 return -EOPNOTSUPP;
13684
13685 if (!rdev->ops->flush_pmksa)
13686 return -EOPNOTSUPP;
13687
13688 return rdev_flush_pmksa(rdev, dev);
13689 }
13690
nl80211_tdls_mgmt(struct sk_buff * skb,struct genl_info * info)13691 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
13692 {
13693 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13694 struct net_device *dev = info->user_ptr[1];
13695 u8 action_code, dialog_token;
13696 u32 peer_capability = 0;
13697 u16 status_code;
13698 u8 *peer;
13699 int link_id;
13700 bool initiator;
13701
13702 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
13703 !rdev->ops->tdls_mgmt)
13704 return -EOPNOTSUPP;
13705
13706 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
13707 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
13708 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
13709 !info->attrs[NL80211_ATTR_IE] ||
13710 !info->attrs[NL80211_ATTR_MAC])
13711 return -EINVAL;
13712
13713 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13714 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
13715 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13716 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
13717 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
13718 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
13719 peer_capability =
13720 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
13721 link_id = nl80211_link_id_or_invalid(info->attrs);
13722
13723 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
13724 dialog_token, status_code, peer_capability,
13725 initiator,
13726 nla_data(info->attrs[NL80211_ATTR_IE]),
13727 nla_len(info->attrs[NL80211_ATTR_IE]));
13728 }
13729
nl80211_tdls_oper(struct sk_buff * skb,struct genl_info * info)13730 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
13731 {
13732 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13733 struct net_device *dev = info->user_ptr[1];
13734 enum nl80211_tdls_operation operation;
13735 u8 *peer;
13736
13737 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
13738 !rdev->ops->tdls_oper)
13739 return -EOPNOTSUPP;
13740
13741 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
13742 !info->attrs[NL80211_ATTR_MAC])
13743 return -EINVAL;
13744
13745 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
13746 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13747
13748 return rdev_tdls_oper(rdev, dev, peer, operation);
13749 }
13750
nl80211_remain_on_channel(struct sk_buff * skb,struct genl_info * info)13751 static int nl80211_remain_on_channel(struct sk_buff *skb,
13752 struct genl_info *info)
13753 {
13754 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13755 unsigned int link_id = nl80211_link_id(info->attrs);
13756 struct wireless_dev *wdev = info->user_ptr[1];
13757 struct cfg80211_chan_def chandef;
13758 struct sk_buff *msg;
13759 void *hdr;
13760 u64 cookie;
13761 u32 duration;
13762 int err;
13763
13764 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
13765 !info->attrs[NL80211_ATTR_DURATION])
13766 return -EINVAL;
13767
13768 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
13769
13770 if (!rdev->ops->remain_on_channel ||
13771 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
13772 return -EOPNOTSUPP;
13773
13774 /*
13775 * We should be on that channel for at least a minimum amount of
13776 * time (10ms) but no longer than the driver supports.
13777 */
13778 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
13779 duration > rdev->wiphy.max_remain_on_channel_duration)
13780 return -EINVAL;
13781
13782 err = nl80211_parse_chandef(rdev, info, &chandef);
13783 if (err)
13784 return err;
13785
13786 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
13787 const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
13788
13789 oper_chandef = wdev_chandef(wdev, link_id);
13790
13791 if (WARN_ON(!oper_chandef)) {
13792 /* cannot happen since we must beacon to get here */
13793 WARN_ON(1);
13794 return -EBUSY;
13795 }
13796
13797 /* note: returns first one if identical chandefs */
13798 compat_chandef = cfg80211_chandef_compatible(&chandef,
13799 oper_chandef);
13800
13801 if (compat_chandef != &chandef)
13802 return -EBUSY;
13803 }
13804
13805 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13806 if (!msg)
13807 return -ENOMEM;
13808
13809 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13810 NL80211_CMD_REMAIN_ON_CHANNEL);
13811 if (!hdr) {
13812 err = -ENOBUFS;
13813 goto free_msg;
13814 }
13815
13816 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
13817 duration, &cookie);
13818
13819 if (err)
13820 goto free_msg;
13821
13822 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13823 NL80211_ATTR_PAD))
13824 goto nla_put_failure;
13825
13826 genlmsg_end(msg, hdr);
13827
13828 return genlmsg_reply(msg, info);
13829
13830 nla_put_failure:
13831 err = -ENOBUFS;
13832 free_msg:
13833 nlmsg_free(msg);
13834 return err;
13835 }
13836
nl80211_cancel_remain_on_channel(struct sk_buff * skb,struct genl_info * info)13837 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
13838 struct genl_info *info)
13839 {
13840 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13841 struct wireless_dev *wdev = info->user_ptr[1];
13842 u64 cookie;
13843
13844 if (!info->attrs[NL80211_ATTR_COOKIE])
13845 return -EINVAL;
13846
13847 if (!rdev->ops->cancel_remain_on_channel)
13848 return -EOPNOTSUPP;
13849
13850 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13851
13852 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
13853 }
13854
nl80211_set_tx_bitrate_mask(struct sk_buff * skb,struct genl_info * info)13855 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
13856 struct genl_info *info)
13857 {
13858 struct cfg80211_bitrate_mask mask;
13859 unsigned int link_id = nl80211_link_id(info->attrs);
13860 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13861 struct net_device *dev = info->user_ptr[1];
13862 int err;
13863
13864 if (!rdev->ops->set_bitrate_mask)
13865 return -EOPNOTSUPP;
13866
13867 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
13868 NL80211_ATTR_TX_RATES, &mask,
13869 dev, true, link_id);
13870 if (err)
13871 return err;
13872
13873 return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
13874 }
13875
nl80211_register_mgmt(struct sk_buff * skb,struct genl_info * info)13876 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
13877 {
13878 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13879 struct wireless_dev *wdev = info->user_ptr[1];
13880 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
13881
13882 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
13883 return -EINVAL;
13884
13885 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
13886 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
13887
13888 switch (wdev->iftype) {
13889 case NL80211_IFTYPE_STATION:
13890 case NL80211_IFTYPE_ADHOC:
13891 case NL80211_IFTYPE_P2P_CLIENT:
13892 case NL80211_IFTYPE_AP:
13893 case NL80211_IFTYPE_AP_VLAN:
13894 case NL80211_IFTYPE_MESH_POINT:
13895 case NL80211_IFTYPE_P2P_GO:
13896 case NL80211_IFTYPE_P2P_DEVICE:
13897 break;
13898 case NL80211_IFTYPE_NAN:
13899 if (!wiphy_ext_feature_isset(wdev->wiphy,
13900 NL80211_EXT_FEATURE_SECURE_NAN) &&
13901 !(wdev->wiphy->nan_capa.flags &
13902 WIPHY_NAN_FLAGS_USERSPACE_DE))
13903 return -EOPNOTSUPP;
13904 break;
13905 default:
13906 return -EOPNOTSUPP;
13907 }
13908
13909 /* not much point in registering if we can't reply */
13910 if (!rdev->ops->mgmt_tx)
13911 return -EOPNOTSUPP;
13912
13913 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
13914 !wiphy_ext_feature_isset(&rdev->wiphy,
13915 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
13916 GENL_SET_ERR_MSG(info,
13917 "multicast RX registrations are not supported");
13918 return -EOPNOTSUPP;
13919 }
13920
13921 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
13922 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
13923 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
13924 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
13925 info->extack);
13926 }
13927
nl80211_tx_mgmt(struct sk_buff * skb,struct genl_info * info)13928 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
13929 {
13930 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13931 struct wireless_dev *wdev = info->user_ptr[1];
13932 struct cfg80211_chan_def chandef;
13933 int err;
13934 void *hdr = NULL;
13935 u64 cookie;
13936 struct sk_buff *msg = NULL;
13937 struct cfg80211_mgmt_tx_params params = {
13938 .dont_wait_for_ack =
13939 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
13940 };
13941
13942 if (!info->attrs[NL80211_ATTR_FRAME])
13943 return -EINVAL;
13944
13945 if (!rdev->ops->mgmt_tx)
13946 return -EOPNOTSUPP;
13947
13948 switch (wdev->iftype) {
13949 case NL80211_IFTYPE_P2P_DEVICE:
13950 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
13951 return -EINVAL;
13952 break;
13953 case NL80211_IFTYPE_STATION:
13954 case NL80211_IFTYPE_ADHOC:
13955 case NL80211_IFTYPE_P2P_CLIENT:
13956 case NL80211_IFTYPE_AP:
13957 case NL80211_IFTYPE_AP_VLAN:
13958 case NL80211_IFTYPE_MESH_POINT:
13959 case NL80211_IFTYPE_P2P_GO:
13960 break;
13961 case NL80211_IFTYPE_NAN:
13962 if (!wiphy_ext_feature_isset(wdev->wiphy,
13963 NL80211_EXT_FEATURE_SECURE_NAN) &&
13964 !(wdev->wiphy->nan_capa.flags &
13965 WIPHY_NAN_FLAGS_USERSPACE_DE))
13966 return -EOPNOTSUPP;
13967 break;
13968 default:
13969 return -EOPNOTSUPP;
13970 }
13971
13972 if (info->attrs[NL80211_ATTR_DURATION]) {
13973 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
13974 return -EINVAL;
13975 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
13976
13977 /*
13978 * We should wait on the channel for at least a minimum amount
13979 * of time (10ms) but no longer than the driver supports.
13980 */
13981 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
13982 params.wait > rdev->wiphy.max_remain_on_channel_duration)
13983 return -EINVAL;
13984 }
13985
13986 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
13987
13988 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
13989 return -EINVAL;
13990
13991 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
13992
13993 /* get the channel if any has been specified, otherwise pass NULL to
13994 * the driver. The latter will use the current one
13995 */
13996 chandef.chan = NULL;
13997 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
13998 err = nl80211_parse_chandef(rdev, info, &chandef);
13999 if (err)
14000 return err;
14001 }
14002
14003 if (!chandef.chan && params.offchan)
14004 return -EINVAL;
14005
14006 if (params.offchan &&
14007 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
14008 return -EBUSY;
14009
14010 params.link_id = nl80211_link_id_or_invalid(info->attrs);
14011 /*
14012 * This now races due to the unlock, but we cannot check
14013 * the valid links for the _station_ anyway, so that's up
14014 * to the driver.
14015 */
14016 if (params.link_id >= 0 &&
14017 !(wdev->valid_links & BIT(params.link_id)))
14018 return -EINVAL;
14019
14020 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14021 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14022
14023 err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
14024 info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
14025 ¶ms.csa_offsets,
14026 ¶ms.n_csa_offsets);
14027 if (err)
14028 return err;
14029
14030 if (!params.dont_wait_for_ack) {
14031 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14032 if (!msg)
14033 return -ENOMEM;
14034
14035 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14036 NL80211_CMD_FRAME);
14037 if (!hdr) {
14038 err = -ENOBUFS;
14039 goto free_msg;
14040 }
14041 }
14042
14043 params.chan = chandef.chan;
14044 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
14045 if (err)
14046 goto free_msg;
14047
14048 if (msg) {
14049 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14050 NL80211_ATTR_PAD))
14051 goto nla_put_failure;
14052
14053 genlmsg_end(msg, hdr);
14054 return genlmsg_reply(msg, info);
14055 }
14056
14057 return 0;
14058
14059 nla_put_failure:
14060 err = -ENOBUFS;
14061 free_msg:
14062 nlmsg_free(msg);
14063 return err;
14064 }
14065
nl80211_tx_mgmt_cancel_wait(struct sk_buff * skb,struct genl_info * info)14066 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
14067 {
14068 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14069 struct wireless_dev *wdev = info->user_ptr[1];
14070 u64 cookie;
14071
14072 if (!info->attrs[NL80211_ATTR_COOKIE])
14073 return -EINVAL;
14074
14075 if (!rdev->ops->mgmt_tx_cancel_wait)
14076 return -EOPNOTSUPP;
14077
14078 switch (wdev->iftype) {
14079 case NL80211_IFTYPE_STATION:
14080 case NL80211_IFTYPE_ADHOC:
14081 case NL80211_IFTYPE_P2P_CLIENT:
14082 case NL80211_IFTYPE_AP:
14083 case NL80211_IFTYPE_AP_VLAN:
14084 case NL80211_IFTYPE_P2P_GO:
14085 case NL80211_IFTYPE_P2P_DEVICE:
14086 break;
14087 case NL80211_IFTYPE_NAN:
14088 if (!wiphy_ext_feature_isset(wdev->wiphy,
14089 NL80211_EXT_FEATURE_SECURE_NAN))
14090 return -EOPNOTSUPP;
14091 break;
14092 default:
14093 return -EOPNOTSUPP;
14094 }
14095
14096 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14097
14098 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
14099 }
14100
nl80211_set_power_save(struct sk_buff * skb,struct genl_info * info)14101 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
14102 {
14103 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14104 struct wireless_dev *wdev;
14105 struct net_device *dev = info->user_ptr[1];
14106 u8 ps_state;
14107 bool state;
14108 int err;
14109
14110 if (!info->attrs[NL80211_ATTR_PS_STATE])
14111 return -EINVAL;
14112
14113 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
14114
14115 wdev = dev->ieee80211_ptr;
14116
14117 if (!rdev->ops->set_power_mgmt)
14118 return -EOPNOTSUPP;
14119
14120 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
14121
14122 if (state == wdev->ps)
14123 return 0;
14124
14125 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
14126 if (!err)
14127 wdev->ps = state;
14128 return err;
14129 }
14130
nl80211_get_power_save(struct sk_buff * skb,struct genl_info * info)14131 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
14132 {
14133 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14134 enum nl80211_ps_state ps_state;
14135 struct wireless_dev *wdev;
14136 struct net_device *dev = info->user_ptr[1];
14137 struct sk_buff *msg;
14138 void *hdr;
14139 int err;
14140
14141 wdev = dev->ieee80211_ptr;
14142
14143 if (!rdev->ops->set_power_mgmt)
14144 return -EOPNOTSUPP;
14145
14146 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14147 if (!msg)
14148 return -ENOMEM;
14149
14150 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14151 NL80211_CMD_GET_POWER_SAVE);
14152 if (!hdr) {
14153 err = -ENOBUFS;
14154 goto free_msg;
14155 }
14156
14157 if (wdev->ps)
14158 ps_state = NL80211_PS_ENABLED;
14159 else
14160 ps_state = NL80211_PS_DISABLED;
14161
14162 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
14163 goto nla_put_failure;
14164
14165 genlmsg_end(msg, hdr);
14166 return genlmsg_reply(msg, info);
14167
14168 nla_put_failure:
14169 err = -ENOBUFS;
14170 free_msg:
14171 nlmsg_free(msg);
14172 return err;
14173 }
14174
14175 static const struct nla_policy
14176 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
14177 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
14178 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
14179 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
14180 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
14181 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
14182 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
14183 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
14184 };
14185
nl80211_set_cqm_txe(struct genl_info * info,u32 rate,u32 pkts,u32 intvl)14186 static int nl80211_set_cqm_txe(struct genl_info *info,
14187 u32 rate, u32 pkts, u32 intvl)
14188 {
14189 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14190 struct net_device *dev = info->user_ptr[1];
14191 struct wireless_dev *wdev = dev->ieee80211_ptr;
14192
14193 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
14194 return -EINVAL;
14195
14196 if (!rdev->ops->set_cqm_txe_config)
14197 return -EOPNOTSUPP;
14198
14199 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14200 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14201 return -EOPNOTSUPP;
14202
14203 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
14204 }
14205
cfg80211_cqm_rssi_update(struct cfg80211_registered_device * rdev,struct net_device * dev,struct cfg80211_cqm_config * cqm_config)14206 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
14207 struct net_device *dev,
14208 struct cfg80211_cqm_config *cqm_config)
14209 {
14210 struct wireless_dev *wdev = dev->ieee80211_ptr;
14211 s32 last, low, high;
14212 u32 hyst;
14213 int i, n, low_index;
14214 int err;
14215
14216 /*
14217 * Obtain current RSSI value if possible, if not and no RSSI threshold
14218 * event has been received yet, we should receive an event after a
14219 * connection is established and enough beacons received to calculate
14220 * the average.
14221 */
14222 if (!cqm_config->last_rssi_event_value &&
14223 wdev->links[0].client.current_bss &&
14224 rdev->ops->get_station) {
14225 struct station_info sinfo = {};
14226 u8 *mac_addr;
14227
14228 mac_addr = wdev->links[0].client.current_bss->pub.bssid;
14229
14230 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
14231 if (err)
14232 return err;
14233
14234 cfg80211_sinfo_release_content(&sinfo);
14235 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
14236 cqm_config->last_rssi_event_value =
14237 (s8) sinfo.rx_beacon_signal_avg;
14238 }
14239
14240 last = cqm_config->last_rssi_event_value;
14241 hyst = cqm_config->rssi_hyst;
14242 n = cqm_config->n_rssi_thresholds;
14243
14244 for (i = 0; i < n; i++) {
14245 i = array_index_nospec(i, n);
14246 if (last < cqm_config->rssi_thresholds[i])
14247 break;
14248 }
14249
14250 low_index = i - 1;
14251 if (low_index >= 0) {
14252 low_index = array_index_nospec(low_index, n);
14253 low = cqm_config->rssi_thresholds[low_index] - hyst;
14254 } else {
14255 low = S32_MIN;
14256 }
14257 if (i < n) {
14258 i = array_index_nospec(i, n);
14259 high = cqm_config->rssi_thresholds[i] + hyst - 1;
14260 } else {
14261 high = S32_MAX;
14262 }
14263
14264 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
14265 }
14266
nl80211_set_cqm_rssi(struct genl_info * info,const s32 * thresholds,int n_thresholds,u32 hysteresis)14267 static int nl80211_set_cqm_rssi(struct genl_info *info,
14268 const s32 *thresholds, int n_thresholds,
14269 u32 hysteresis)
14270 {
14271 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14272 struct cfg80211_cqm_config *cqm_config = NULL, *old;
14273 struct net_device *dev = info->user_ptr[1];
14274 struct wireless_dev *wdev = dev->ieee80211_ptr;
14275 s32 prev = S32_MIN;
14276 int i, err;
14277
14278 /* Check all values negative and sorted */
14279 for (i = 0; i < n_thresholds; i++) {
14280 if (thresholds[i] > 0 || thresholds[i] <= prev)
14281 return -EINVAL;
14282
14283 prev = thresholds[i];
14284 }
14285
14286 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14287 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14288 return -EOPNOTSUPP;
14289
14290 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
14291 n_thresholds = 0;
14292
14293 old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
14294
14295 /* if already disabled just succeed */
14296 if (!n_thresholds && !old)
14297 return 0;
14298
14299 if (n_thresholds > 1) {
14300 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14301 NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
14302 !rdev->ops->set_cqm_rssi_range_config)
14303 return -EOPNOTSUPP;
14304 } else {
14305 if (!rdev->ops->set_cqm_rssi_config)
14306 return -EOPNOTSUPP;
14307 }
14308
14309 if (n_thresholds) {
14310 cqm_config = kzalloc_flex(*cqm_config, rssi_thresholds,
14311 n_thresholds);
14312 if (!cqm_config)
14313 return -ENOMEM;
14314
14315 cqm_config->rssi_hyst = hysteresis;
14316 cqm_config->n_rssi_thresholds = n_thresholds;
14317 memcpy(cqm_config->rssi_thresholds, thresholds,
14318 flex_array_size(cqm_config, rssi_thresholds,
14319 n_thresholds));
14320 cqm_config->use_range_api = n_thresholds > 1 ||
14321 !rdev->ops->set_cqm_rssi_config;
14322
14323 rcu_assign_pointer(wdev->cqm_config, cqm_config);
14324
14325 if (cqm_config->use_range_api)
14326 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
14327 else
14328 err = rdev_set_cqm_rssi_config(rdev, dev,
14329 thresholds[0],
14330 hysteresis);
14331 } else {
14332 RCU_INIT_POINTER(wdev->cqm_config, NULL);
14333 /* if enabled as range also disable via range */
14334 if (old->use_range_api)
14335 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
14336 else
14337 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
14338 }
14339
14340 if (err) {
14341 rcu_assign_pointer(wdev->cqm_config, old);
14342 kfree_rcu(cqm_config, rcu_head);
14343 } else {
14344 kfree_rcu(old, rcu_head);
14345 }
14346
14347 return err;
14348 }
14349
nl80211_set_cqm(struct sk_buff * skb,struct genl_info * info)14350 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
14351 {
14352 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
14353 struct nlattr *cqm;
14354 int err;
14355
14356 cqm = info->attrs[NL80211_ATTR_CQM];
14357 if (!cqm)
14358 return -EINVAL;
14359
14360 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
14361 nl80211_attr_cqm_policy,
14362 info->extack);
14363 if (err)
14364 return err;
14365
14366 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
14367 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
14368 const s32 *thresholds =
14369 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
14370 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
14371 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
14372
14373 if (len % 4)
14374 return -EINVAL;
14375
14376 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
14377 hysteresis);
14378 }
14379
14380 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
14381 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
14382 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
14383 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
14384 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
14385 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
14386
14387 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
14388 }
14389
14390 return -EINVAL;
14391 }
14392
nl80211_join_ocb(struct sk_buff * skb,struct genl_info * info)14393 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
14394 {
14395 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14396 struct net_device *dev = info->user_ptr[1];
14397 struct ocb_setup setup = {};
14398 int err;
14399
14400 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
14401 if (err)
14402 return err;
14403
14404 return cfg80211_join_ocb(rdev, dev, &setup);
14405 }
14406
nl80211_leave_ocb(struct sk_buff * skb,struct genl_info * info)14407 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
14408 {
14409 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14410 struct net_device *dev = info->user_ptr[1];
14411
14412 return cfg80211_leave_ocb(rdev, dev);
14413 }
14414
nl80211_join_mesh(struct sk_buff * skb,struct genl_info * info)14415 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
14416 {
14417 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14418 struct net_device *dev = info->user_ptr[1];
14419 struct mesh_config cfg;
14420 struct mesh_setup setup;
14421 int err;
14422
14423 /* start with default */
14424 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
14425 memcpy(&setup, &default_mesh_setup, sizeof(setup));
14426
14427 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
14428 /* and parse parameters if given */
14429 err = nl80211_parse_mesh_config(info, &cfg, NULL);
14430 if (err)
14431 return err;
14432 }
14433
14434 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
14435 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
14436 return -EINVAL;
14437
14438 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
14439 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
14440
14441 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
14442 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
14443 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
14444 return -EINVAL;
14445
14446 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
14447 setup.beacon_interval =
14448 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
14449
14450 err = cfg80211_validate_beacon_int(rdev,
14451 NL80211_IFTYPE_MESH_POINT,
14452 setup.beacon_interval);
14453 if (err)
14454 return err;
14455 }
14456
14457 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
14458 setup.dtim_period =
14459 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
14460 if (setup.dtim_period < 1 || setup.dtim_period > 100)
14461 return -EINVAL;
14462 }
14463
14464 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
14465 /* parse additional setup parameters if given */
14466 err = nl80211_parse_mesh_setup(info, &setup);
14467 if (err)
14468 return err;
14469 }
14470
14471 if (setup.user_mpm)
14472 cfg.auto_open_plinks = false;
14473
14474 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
14475 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
14476 if (err)
14477 return err;
14478 } else {
14479 /* __cfg80211_join_mesh() will sort it out */
14480 setup.chandef.chan = NULL;
14481 }
14482
14483 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
14484 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
14485 int n_rates =
14486 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
14487 struct ieee80211_supported_band *sband;
14488
14489 if (!setup.chandef.chan)
14490 return -EINVAL;
14491
14492 sband = rdev->wiphy.bands[setup.chandef.chan->band];
14493
14494 err = ieee80211_get_ratemask(sband, rates, n_rates,
14495 &setup.basic_rates);
14496 if (err)
14497 return err;
14498 }
14499
14500 if (info->attrs[NL80211_ATTR_TX_RATES]) {
14501 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
14502 NL80211_ATTR_TX_RATES,
14503 &setup.beacon_rate,
14504 dev, false, 0);
14505 if (err)
14506 return err;
14507
14508 if (!setup.chandef.chan)
14509 return -EINVAL;
14510
14511 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
14512 &setup.beacon_rate);
14513 if (err)
14514 return err;
14515 }
14516
14517 setup.userspace_handles_dfs =
14518 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
14519
14520 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
14521 int r = validate_pae_over_nl80211(rdev, info);
14522
14523 if (r < 0)
14524 return r;
14525
14526 setup.control_port_over_nl80211 = true;
14527 }
14528
14529 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
14530 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
14531 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
14532
14533 return err;
14534 }
14535
nl80211_leave_mesh(struct sk_buff * skb,struct genl_info * info)14536 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
14537 {
14538 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14539 struct net_device *dev = info->user_ptr[1];
14540
14541 return cfg80211_leave_mesh(rdev, dev);
14542 }
14543
14544 #ifdef CONFIG_PM
nl80211_send_wowlan_patterns(struct sk_buff * msg,struct cfg80211_registered_device * rdev)14545 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
14546 struct cfg80211_registered_device *rdev)
14547 {
14548 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
14549 struct nlattr *nl_pats, *nl_pat;
14550 int i, pat_len;
14551
14552 if (!wowlan->n_patterns)
14553 return 0;
14554
14555 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
14556 if (!nl_pats)
14557 return -ENOBUFS;
14558
14559 for (i = 0; i < wowlan->n_patterns; i++) {
14560 nl_pat = nla_nest_start_noflag(msg, i + 1);
14561 if (!nl_pat)
14562 return -ENOBUFS;
14563 pat_len = wowlan->patterns[i].pattern_len;
14564 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
14565 wowlan->patterns[i].mask) ||
14566 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
14567 wowlan->patterns[i].pattern) ||
14568 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
14569 wowlan->patterns[i].pkt_offset))
14570 return -ENOBUFS;
14571 nla_nest_end(msg, nl_pat);
14572 }
14573 nla_nest_end(msg, nl_pats);
14574
14575 return 0;
14576 }
14577
nl80211_send_wowlan_tcp(struct sk_buff * msg,struct cfg80211_wowlan_tcp * tcp)14578 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
14579 struct cfg80211_wowlan_tcp *tcp)
14580 {
14581 struct nlattr *nl_tcp;
14582
14583 if (!tcp)
14584 return 0;
14585
14586 nl_tcp = nla_nest_start_noflag(msg,
14587 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
14588 if (!nl_tcp)
14589 return -ENOBUFS;
14590
14591 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
14592 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
14593 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
14594 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
14595 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
14596 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
14597 tcp->payload_len, tcp->payload) ||
14598 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
14599 tcp->data_interval) ||
14600 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
14601 tcp->wake_len, tcp->wake_data) ||
14602 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
14603 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
14604 return -ENOBUFS;
14605
14606 if (tcp->payload_seq.len &&
14607 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
14608 sizeof(tcp->payload_seq), &tcp->payload_seq))
14609 return -ENOBUFS;
14610
14611 if (tcp->payload_tok.len &&
14612 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
14613 sizeof(tcp->payload_tok) + tcp->tokens_size,
14614 &tcp->payload_tok))
14615 return -ENOBUFS;
14616
14617 nla_nest_end(msg, nl_tcp);
14618
14619 return 0;
14620 }
14621
nl80211_send_wowlan_nd(struct sk_buff * msg,struct cfg80211_sched_scan_request * req)14622 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
14623 struct cfg80211_sched_scan_request *req)
14624 {
14625 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
14626 int i;
14627
14628 if (!req)
14629 return 0;
14630
14631 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
14632 if (!nd)
14633 return -ENOBUFS;
14634
14635 if (req->n_scan_plans == 1 &&
14636 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
14637 req->scan_plans[0].interval * 1000))
14638 return -ENOBUFS;
14639
14640 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
14641 return -ENOBUFS;
14642
14643 if (req->relative_rssi_set) {
14644 struct nl80211_bss_select_rssi_adjust rssi_adjust;
14645
14646 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
14647 req->relative_rssi))
14648 return -ENOBUFS;
14649
14650 rssi_adjust.band = req->rssi_adjust.band;
14651 rssi_adjust.delta = req->rssi_adjust.delta;
14652 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
14653 sizeof(rssi_adjust), &rssi_adjust))
14654 return -ENOBUFS;
14655 }
14656
14657 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14658 if (!freqs)
14659 return -ENOBUFS;
14660
14661 for (i = 0; i < req->n_channels; i++) {
14662 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14663 return -ENOBUFS;
14664 }
14665
14666 nla_nest_end(msg, freqs);
14667
14668 if (req->n_match_sets) {
14669 matches = nla_nest_start_noflag(msg,
14670 NL80211_ATTR_SCHED_SCAN_MATCH);
14671 if (!matches)
14672 return -ENOBUFS;
14673
14674 for (i = 0; i < req->n_match_sets; i++) {
14675 match = nla_nest_start_noflag(msg, i);
14676 if (!match)
14677 return -ENOBUFS;
14678
14679 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
14680 req->match_sets[i].ssid.ssid_len,
14681 req->match_sets[i].ssid.ssid))
14682 return -ENOBUFS;
14683 nla_nest_end(msg, match);
14684 }
14685 nla_nest_end(msg, matches);
14686 }
14687
14688 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
14689 if (!scan_plans)
14690 return -ENOBUFS;
14691
14692 for (i = 0; i < req->n_scan_plans; i++) {
14693 scan_plan = nla_nest_start_noflag(msg, i + 1);
14694 if (!scan_plan)
14695 return -ENOBUFS;
14696
14697 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
14698 req->scan_plans[i].interval) ||
14699 (req->scan_plans[i].iterations &&
14700 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
14701 req->scan_plans[i].iterations)))
14702 return -ENOBUFS;
14703 nla_nest_end(msg, scan_plan);
14704 }
14705 nla_nest_end(msg, scan_plans);
14706
14707 nla_nest_end(msg, nd);
14708
14709 return 0;
14710 }
14711
nl80211_get_wowlan(struct sk_buff * skb,struct genl_info * info)14712 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
14713 {
14714 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14715 struct sk_buff *msg;
14716 void *hdr;
14717 u32 size = NLMSG_DEFAULT_SIZE;
14718
14719 if (!rdev->wiphy.wowlan)
14720 return -EOPNOTSUPP;
14721
14722 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
14723 /* adjust size to have room for all the data */
14724 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
14725 rdev->wiphy.wowlan_config->tcp->payload_len +
14726 rdev->wiphy.wowlan_config->tcp->wake_len +
14727 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
14728 }
14729
14730 msg = nlmsg_new(size, GFP_KERNEL);
14731 if (!msg)
14732 return -ENOMEM;
14733
14734 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14735 NL80211_CMD_GET_WOWLAN);
14736 if (!hdr)
14737 goto nla_put_failure;
14738
14739 if (rdev->wiphy.wowlan_config) {
14740 struct nlattr *nl_wowlan;
14741
14742 nl_wowlan = nla_nest_start_noflag(msg,
14743 NL80211_ATTR_WOWLAN_TRIGGERS);
14744 if (!nl_wowlan)
14745 goto nla_put_failure;
14746
14747 if ((rdev->wiphy.wowlan_config->any &&
14748 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
14749 (rdev->wiphy.wowlan_config->disconnect &&
14750 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
14751 (rdev->wiphy.wowlan_config->magic_pkt &&
14752 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
14753 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
14754 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
14755 (rdev->wiphy.wowlan_config->eap_identity_req &&
14756 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
14757 (rdev->wiphy.wowlan_config->four_way_handshake &&
14758 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
14759 (rdev->wiphy.wowlan_config->rfkill_release &&
14760 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
14761 goto nla_put_failure;
14762
14763 if (nl80211_send_wowlan_patterns(msg, rdev))
14764 goto nla_put_failure;
14765
14766 if (nl80211_send_wowlan_tcp(msg,
14767 rdev->wiphy.wowlan_config->tcp))
14768 goto nla_put_failure;
14769
14770 if (nl80211_send_wowlan_nd(
14771 msg,
14772 rdev->wiphy.wowlan_config->nd_config))
14773 goto nla_put_failure;
14774
14775 nla_nest_end(msg, nl_wowlan);
14776 }
14777
14778 genlmsg_end(msg, hdr);
14779 return genlmsg_reply(msg, info);
14780
14781 nla_put_failure:
14782 nlmsg_free(msg);
14783 return -ENOBUFS;
14784 }
14785
nl80211_parse_wowlan_tcp(struct cfg80211_registered_device * rdev,struct nlattr * attr,struct cfg80211_wowlan * trig)14786 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
14787 struct nlattr *attr,
14788 struct cfg80211_wowlan *trig)
14789 {
14790 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
14791 struct cfg80211_wowlan_tcp *cfg;
14792 struct nl80211_wowlan_tcp_data_token *tok = NULL;
14793 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
14794 u32 size;
14795 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
14796 int err, port;
14797
14798 if (!rdev->wiphy.wowlan->tcp)
14799 return -EINVAL;
14800
14801 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
14802 nl80211_wowlan_tcp_policy, NULL);
14803 if (err)
14804 return err;
14805
14806 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
14807 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
14808 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
14809 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
14810 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
14811 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
14812 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
14813 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
14814 return -EINVAL;
14815
14816 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
14817 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
14818 return -EINVAL;
14819
14820 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
14821 rdev->wiphy.wowlan->tcp->data_interval_max ||
14822 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
14823 return -EINVAL;
14824
14825 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
14826 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
14827 return -EINVAL;
14828
14829 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
14830 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
14831 return -EINVAL;
14832
14833 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
14834 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
14835
14836 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
14837 tokens_size = tokln - sizeof(*tok);
14838
14839 if (!tok->len || tokens_size % tok->len)
14840 return -EINVAL;
14841 if (!rdev->wiphy.wowlan->tcp->tok)
14842 return -EINVAL;
14843 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
14844 return -EINVAL;
14845 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
14846 return -EINVAL;
14847 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
14848 return -EINVAL;
14849 if (tok->offset + tok->len > data_size)
14850 return -EINVAL;
14851 }
14852
14853 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
14854 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
14855 if (!rdev->wiphy.wowlan->tcp->seq)
14856 return -EINVAL;
14857 if (seq->len == 0 || seq->len > 4)
14858 return -EINVAL;
14859 if (seq->len + seq->offset > data_size)
14860 return -EINVAL;
14861 }
14862
14863 size = sizeof(*cfg);
14864 size += data_size;
14865 size += wake_size + wake_mask_size;
14866 size += tokens_size;
14867
14868 cfg = kzalloc(size, GFP_KERNEL);
14869 if (!cfg)
14870 return -ENOMEM;
14871 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
14872 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
14873 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
14874 ETH_ALEN);
14875 port = nla_get_u16_default(tb[NL80211_WOWLAN_TCP_SRC_PORT], 0);
14876 #ifdef CONFIG_INET
14877 /* allocate a socket and port for it and use it */
14878 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
14879 IPPROTO_TCP, &cfg->sock, 1);
14880 if (err) {
14881 kfree(cfg);
14882 return err;
14883 }
14884 if (inet_csk_get_port(cfg->sock->sk, port)) {
14885 sock_release(cfg->sock);
14886 kfree(cfg);
14887 return -EADDRINUSE;
14888 }
14889 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
14890 #else
14891 if (!port) {
14892 kfree(cfg);
14893 return -EINVAL;
14894 }
14895 cfg->src_port = port;
14896 #endif
14897
14898 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
14899 cfg->payload_len = data_size;
14900 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
14901 memcpy((void *)cfg->payload,
14902 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
14903 data_size);
14904 if (seq)
14905 cfg->payload_seq = *seq;
14906 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
14907 cfg->wake_len = wake_size;
14908 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
14909 memcpy((void *)cfg->wake_data,
14910 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
14911 wake_size);
14912 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
14913 data_size + wake_size;
14914 memcpy((void *)cfg->wake_mask,
14915 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
14916 wake_mask_size);
14917 if (tok) {
14918 cfg->tokens_size = tokens_size;
14919 cfg->payload_tok = *tok;
14920 memcpy(cfg->payload_tok.token_stream, tok->token_stream,
14921 tokens_size);
14922 }
14923
14924 trig->tcp = cfg;
14925
14926 return 0;
14927 }
14928
nl80211_parse_wowlan_nd(struct cfg80211_registered_device * rdev,const struct wiphy_wowlan_support * wowlan,struct nlattr * attr,struct cfg80211_wowlan * trig)14929 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
14930 const struct wiphy_wowlan_support *wowlan,
14931 struct nlattr *attr,
14932 struct cfg80211_wowlan *trig)
14933 {
14934 struct nlattr **tb;
14935 int err;
14936
14937 tb = kzalloc_objs(*tb, NUM_NL80211_ATTR);
14938 if (!tb)
14939 return -ENOMEM;
14940
14941 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
14942 err = -EOPNOTSUPP;
14943 goto out;
14944 }
14945
14946 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
14947 nl80211_policy, NULL);
14948 if (err)
14949 goto out;
14950
14951 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
14952 wowlan->max_nd_match_sets);
14953 err = PTR_ERR_OR_ZERO(trig->nd_config);
14954 if (err)
14955 trig->nd_config = NULL;
14956
14957 out:
14958 kfree(tb);
14959 return err;
14960 }
14961
nl80211_set_wowlan(struct sk_buff * skb,struct genl_info * info)14962 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
14963 {
14964 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14965 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
14966 struct cfg80211_wowlan new_triggers = {};
14967 struct cfg80211_wowlan *ntrig;
14968 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
14969 int err, i;
14970 bool prev_enabled = rdev->wiphy.wowlan_config;
14971 bool regular = false;
14972
14973 if (!wowlan)
14974 return -EOPNOTSUPP;
14975
14976 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
14977 cfg80211_rdev_free_wowlan(rdev);
14978 rdev->wiphy.wowlan_config = NULL;
14979 goto set_wakeup;
14980 }
14981
14982 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
14983 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
14984 nl80211_wowlan_policy, info->extack);
14985 if (err)
14986 return err;
14987
14988 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
14989 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
14990 return -EINVAL;
14991 new_triggers.any = true;
14992 }
14993
14994 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
14995 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
14996 return -EINVAL;
14997 new_triggers.disconnect = true;
14998 regular = true;
14999 }
15000
15001 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
15002 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
15003 return -EINVAL;
15004 new_triggers.magic_pkt = true;
15005 regular = true;
15006 }
15007
15008 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
15009 return -EINVAL;
15010
15011 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
15012 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
15013 return -EINVAL;
15014 new_triggers.gtk_rekey_failure = true;
15015 regular = true;
15016 }
15017
15018 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
15019 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
15020 return -EINVAL;
15021 new_triggers.eap_identity_req = true;
15022 regular = true;
15023 }
15024
15025 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
15026 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
15027 return -EINVAL;
15028 new_triggers.four_way_handshake = true;
15029 regular = true;
15030 }
15031
15032 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
15033 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
15034 return -EINVAL;
15035 new_triggers.rfkill_release = true;
15036 regular = true;
15037 }
15038
15039 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
15040 struct nlattr *pat;
15041 int n_patterns = 0;
15042 int rem, pat_len, mask_len, pkt_offset;
15043 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
15044
15045 regular = true;
15046
15047 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
15048 rem)
15049 n_patterns++;
15050 if (n_patterns > wowlan->n_patterns)
15051 return -EINVAL;
15052
15053 new_triggers.patterns = kzalloc_objs(new_triggers.patterns[0],
15054 n_patterns);
15055 if (!new_triggers.patterns)
15056 return -ENOMEM;
15057
15058 new_triggers.n_patterns = n_patterns;
15059 i = 0;
15060
15061 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
15062 rem) {
15063 u8 *mask_pat;
15064
15065 err = nla_parse_nested_deprecated(pat_tb,
15066 MAX_NL80211_PKTPAT,
15067 pat,
15068 nl80211_packet_pattern_policy,
15069 info->extack);
15070 if (err)
15071 goto error;
15072
15073 err = -EINVAL;
15074 if (!pat_tb[NL80211_PKTPAT_MASK] ||
15075 !pat_tb[NL80211_PKTPAT_PATTERN])
15076 goto error;
15077 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
15078 mask_len = DIV_ROUND_UP(pat_len, 8);
15079 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
15080 goto error;
15081 if (pat_len > wowlan->pattern_max_len ||
15082 pat_len < wowlan->pattern_min_len)
15083 goto error;
15084
15085 pkt_offset =
15086 nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
15087 0);
15088 if (pkt_offset > wowlan->max_pkt_offset)
15089 goto error;
15090 new_triggers.patterns[i].pkt_offset = pkt_offset;
15091
15092 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
15093 if (!mask_pat) {
15094 err = -ENOMEM;
15095 goto error;
15096 }
15097 new_triggers.patterns[i].mask = mask_pat;
15098 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
15099 mask_len);
15100 mask_pat += mask_len;
15101 new_triggers.patterns[i].pattern = mask_pat;
15102 new_triggers.patterns[i].pattern_len = pat_len;
15103 memcpy(mask_pat,
15104 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
15105 pat_len);
15106 i++;
15107 }
15108 }
15109
15110 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
15111 regular = true;
15112 err = nl80211_parse_wowlan_tcp(
15113 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
15114 &new_triggers);
15115 if (err)
15116 goto error;
15117 }
15118
15119 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
15120 regular = true;
15121 err = nl80211_parse_wowlan_nd(
15122 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
15123 &new_triggers);
15124 if (err)
15125 goto error;
15126 }
15127
15128 /* The 'any' trigger means the device continues operating more or less
15129 * as in its normal operation mode and wakes up the host on most of the
15130 * normal interrupts (like packet RX, ...)
15131 * It therefore makes little sense to combine with the more constrained
15132 * wakeup trigger modes.
15133 */
15134 if (new_triggers.any && regular) {
15135 err = -EINVAL;
15136 goto error;
15137 }
15138
15139 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
15140 if (!ntrig) {
15141 err = -ENOMEM;
15142 goto error;
15143 }
15144 cfg80211_rdev_free_wowlan(rdev);
15145 rdev->wiphy.wowlan_config = ntrig;
15146
15147 set_wakeup:
15148 if (rdev->ops->set_wakeup &&
15149 prev_enabled != !!rdev->wiphy.wowlan_config)
15150 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
15151
15152 return 0;
15153 error:
15154 for (i = 0; i < new_triggers.n_patterns; i++)
15155 kfree(new_triggers.patterns[i].mask);
15156 kfree(new_triggers.patterns);
15157 if (new_triggers.tcp && new_triggers.tcp->sock)
15158 sock_release(new_triggers.tcp->sock);
15159 kfree(new_triggers.tcp);
15160 kfree(new_triggers.nd_config);
15161 return err;
15162 }
15163 #endif
15164
nl80211_send_coalesce_rules(struct sk_buff * msg,struct cfg80211_registered_device * rdev)15165 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
15166 struct cfg80211_registered_device *rdev)
15167 {
15168 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
15169 int i, j, pat_len;
15170 struct cfg80211_coalesce_rules *rule;
15171
15172 if (!rdev->coalesce->n_rules)
15173 return 0;
15174
15175 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
15176 if (!nl_rules)
15177 return -ENOBUFS;
15178
15179 for (i = 0; i < rdev->coalesce->n_rules; i++) {
15180 nl_rule = nla_nest_start_noflag(msg, i + 1);
15181 if (!nl_rule)
15182 return -ENOBUFS;
15183
15184 rule = &rdev->coalesce->rules[i];
15185 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
15186 rule->delay))
15187 return -ENOBUFS;
15188
15189 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
15190 rule->condition))
15191 return -ENOBUFS;
15192
15193 nl_pats = nla_nest_start_noflag(msg,
15194 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
15195 if (!nl_pats)
15196 return -ENOBUFS;
15197
15198 for (j = 0; j < rule->n_patterns; j++) {
15199 nl_pat = nla_nest_start_noflag(msg, j + 1);
15200 if (!nl_pat)
15201 return -ENOBUFS;
15202 pat_len = rule->patterns[j].pattern_len;
15203 if (nla_put(msg, NL80211_PKTPAT_MASK,
15204 DIV_ROUND_UP(pat_len, 8),
15205 rule->patterns[j].mask) ||
15206 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
15207 rule->patterns[j].pattern) ||
15208 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
15209 rule->patterns[j].pkt_offset))
15210 return -ENOBUFS;
15211 nla_nest_end(msg, nl_pat);
15212 }
15213 nla_nest_end(msg, nl_pats);
15214 nla_nest_end(msg, nl_rule);
15215 }
15216 nla_nest_end(msg, nl_rules);
15217
15218 return 0;
15219 }
15220
nl80211_get_coalesce(struct sk_buff * skb,struct genl_info * info)15221 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
15222 {
15223 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15224 struct sk_buff *msg;
15225 void *hdr;
15226
15227 if (!rdev->wiphy.coalesce)
15228 return -EOPNOTSUPP;
15229
15230 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15231 if (!msg)
15232 return -ENOMEM;
15233
15234 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15235 NL80211_CMD_GET_COALESCE);
15236 if (!hdr)
15237 goto nla_put_failure;
15238
15239 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
15240 goto nla_put_failure;
15241
15242 genlmsg_end(msg, hdr);
15243 return genlmsg_reply(msg, info);
15244
15245 nla_put_failure:
15246 nlmsg_free(msg);
15247 return -ENOBUFS;
15248 }
15249
cfg80211_free_coalesce(struct cfg80211_coalesce * coalesce)15250 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce)
15251 {
15252 int i, j;
15253 struct cfg80211_coalesce_rules *rule;
15254
15255 if (!coalesce)
15256 return;
15257
15258 for (i = 0; i < coalesce->n_rules; i++) {
15259 rule = &coalesce->rules[i];
15260 for (j = 0; j < rule->n_patterns; j++)
15261 kfree(rule->patterns[j].mask);
15262 kfree(rule->patterns);
15263 }
15264 kfree(coalesce);
15265 }
15266
nl80211_parse_coalesce_rule(struct cfg80211_registered_device * rdev,struct nlattr * rule,struct cfg80211_coalesce_rules * new_rule)15267 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
15268 struct nlattr *rule,
15269 struct cfg80211_coalesce_rules *new_rule)
15270 {
15271 int err, i;
15272 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
15273 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
15274 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
15275 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
15276
15277 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
15278 rule, nl80211_coalesce_policy, NULL);
15279 if (err)
15280 return err;
15281
15282 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
15283 new_rule->delay =
15284 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
15285 if (new_rule->delay > coalesce->max_delay)
15286 return -EINVAL;
15287
15288 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
15289 new_rule->condition =
15290 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
15291
15292 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
15293 return -EINVAL;
15294
15295 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
15296 rem)
15297 n_patterns++;
15298 if (n_patterns > coalesce->n_patterns)
15299 return -EINVAL;
15300
15301 new_rule->patterns = kzalloc_objs(new_rule->patterns[0], n_patterns);
15302 if (!new_rule->patterns)
15303 return -ENOMEM;
15304
15305 new_rule->n_patterns = n_patterns;
15306 i = 0;
15307
15308 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
15309 rem) {
15310 u8 *mask_pat;
15311
15312 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
15313 pat,
15314 nl80211_packet_pattern_policy,
15315 NULL);
15316 if (err)
15317 return err;
15318
15319 if (!pat_tb[NL80211_PKTPAT_MASK] ||
15320 !pat_tb[NL80211_PKTPAT_PATTERN])
15321 return -EINVAL;
15322 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
15323 mask_len = DIV_ROUND_UP(pat_len, 8);
15324 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
15325 return -EINVAL;
15326 if (pat_len > coalesce->pattern_max_len ||
15327 pat_len < coalesce->pattern_min_len)
15328 return -EINVAL;
15329
15330 pkt_offset = nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
15331 0);
15332 if (pkt_offset > coalesce->max_pkt_offset)
15333 return -EINVAL;
15334 new_rule->patterns[i].pkt_offset = pkt_offset;
15335
15336 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
15337 if (!mask_pat)
15338 return -ENOMEM;
15339
15340 new_rule->patterns[i].mask = mask_pat;
15341 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
15342 mask_len);
15343
15344 mask_pat += mask_len;
15345 new_rule->patterns[i].pattern = mask_pat;
15346 new_rule->patterns[i].pattern_len = pat_len;
15347 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
15348 pat_len);
15349 i++;
15350 }
15351
15352 return 0;
15353 }
15354
nl80211_set_coalesce(struct sk_buff * skb,struct genl_info * info)15355 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
15356 {
15357 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15358 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
15359 struct cfg80211_coalesce *new_coalesce;
15360 int err, rem_rule, n_rules = 0, i;
15361 struct nlattr *rule;
15362
15363 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
15364 return -EOPNOTSUPP;
15365
15366 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
15367 cfg80211_free_coalesce(rdev->coalesce);
15368 rdev->coalesce = NULL;
15369 rdev_set_coalesce(rdev, NULL);
15370 return 0;
15371 }
15372
15373 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
15374 rem_rule)
15375 n_rules++;
15376 if (n_rules > coalesce->n_rules)
15377 return -EINVAL;
15378
15379 new_coalesce = kzalloc_flex(*new_coalesce, rules, n_rules);
15380 if (!new_coalesce)
15381 return -ENOMEM;
15382
15383 new_coalesce->n_rules = n_rules;
15384 i = 0;
15385
15386 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
15387 rem_rule) {
15388 err = nl80211_parse_coalesce_rule(rdev, rule,
15389 &new_coalesce->rules[i]);
15390 if (err)
15391 goto error;
15392
15393 i++;
15394 }
15395
15396 err = rdev_set_coalesce(rdev, new_coalesce);
15397 if (err)
15398 goto error;
15399
15400 cfg80211_free_coalesce(rdev->coalesce);
15401 rdev->coalesce = new_coalesce;
15402
15403 return 0;
15404 error:
15405 cfg80211_free_coalesce(new_coalesce);
15406
15407 return err;
15408 }
15409
nl80211_set_rekey_data(struct sk_buff * skb,struct genl_info * info)15410 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
15411 {
15412 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15413 struct net_device *dev = info->user_ptr[1];
15414 struct wireless_dev *wdev = dev->ieee80211_ptr;
15415 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
15416 struct cfg80211_gtk_rekey_data rekey_data = {};
15417 int err;
15418
15419 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
15420 return -EINVAL;
15421
15422 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
15423 info->attrs[NL80211_ATTR_REKEY_DATA],
15424 nl80211_rekey_policy, info->extack);
15425 if (err)
15426 return err;
15427
15428 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
15429 !tb[NL80211_REKEY_DATA_KCK])
15430 return -EINVAL;
15431 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
15432 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
15433 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
15434 return -ERANGE;
15435 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
15436 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
15437 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
15438 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
15439 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
15440 return -ERANGE;
15441
15442 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
15443 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
15444 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
15445 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
15446 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
15447 if (tb[NL80211_REKEY_DATA_AKM])
15448 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
15449
15450 if (!wdev->connected)
15451 return -ENOTCONN;
15452
15453 if (!rdev->ops->set_rekey_data)
15454 return -EOPNOTSUPP;
15455
15456 return rdev_set_rekey_data(rdev, dev, &rekey_data);
15457 }
15458
nl80211_register_unexpected_frame(struct sk_buff * skb,struct genl_info * info)15459 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
15460 struct genl_info *info)
15461 {
15462 struct net_device *dev = info->user_ptr[1];
15463 struct wireless_dev *wdev = dev->ieee80211_ptr;
15464
15465 if (wdev->iftype != NL80211_IFTYPE_AP &&
15466 wdev->iftype != NL80211_IFTYPE_P2P_GO)
15467 return -EINVAL;
15468
15469 if (wdev->ap_unexpected_nlportid)
15470 return -EBUSY;
15471
15472 wdev->ap_unexpected_nlportid = info->snd_portid;
15473 return 0;
15474 }
15475
nl80211_probe_client(struct sk_buff * skb,struct genl_info * info)15476 static int nl80211_probe_client(struct sk_buff *skb,
15477 struct genl_info *info)
15478 {
15479 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15480 struct net_device *dev = info->user_ptr[1];
15481 struct wireless_dev *wdev = dev->ieee80211_ptr;
15482 struct sk_buff *msg;
15483 void *hdr;
15484 const u8 *addr;
15485 u64 cookie;
15486 int err;
15487
15488 if (wdev->iftype != NL80211_IFTYPE_AP &&
15489 wdev->iftype != NL80211_IFTYPE_P2P_GO)
15490 return -EOPNOTSUPP;
15491
15492 if (!info->attrs[NL80211_ATTR_MAC])
15493 return -EINVAL;
15494
15495 if (!rdev->ops->probe_client)
15496 return -EOPNOTSUPP;
15497
15498 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15499 if (!msg)
15500 return -ENOMEM;
15501
15502 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15503 NL80211_CMD_PROBE_CLIENT);
15504 if (!hdr) {
15505 err = -ENOBUFS;
15506 goto free_msg;
15507 }
15508
15509 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15510
15511 err = rdev_probe_client(rdev, dev, addr, &cookie);
15512 if (err)
15513 goto free_msg;
15514
15515 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15516 NL80211_ATTR_PAD))
15517 goto nla_put_failure;
15518
15519 genlmsg_end(msg, hdr);
15520
15521 return genlmsg_reply(msg, info);
15522
15523 nla_put_failure:
15524 err = -ENOBUFS;
15525 free_msg:
15526 nlmsg_free(msg);
15527 return err;
15528 }
15529
nl80211_register_beacons(struct sk_buff * skb,struct genl_info * info)15530 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
15531 {
15532 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15533 struct cfg80211_beacon_registration *reg, *nreg;
15534 int rv;
15535
15536 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
15537 return -EOPNOTSUPP;
15538
15539 nreg = kzalloc_obj(*nreg);
15540 if (!nreg)
15541 return -ENOMEM;
15542
15543 /* First, check if already registered. */
15544 spin_lock_bh(&rdev->beacon_registrations_lock);
15545 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
15546 if (reg->nlportid == info->snd_portid) {
15547 rv = -EALREADY;
15548 goto out_err;
15549 }
15550 }
15551 /* Add it to the list */
15552 nreg->nlportid = info->snd_portid;
15553 list_add(&nreg->list, &rdev->beacon_registrations);
15554
15555 spin_unlock_bh(&rdev->beacon_registrations_lock);
15556
15557 return 0;
15558 out_err:
15559 spin_unlock_bh(&rdev->beacon_registrations_lock);
15560 kfree(nreg);
15561 return rv;
15562 }
15563
nl80211_start_p2p_device(struct sk_buff * skb,struct genl_info * info)15564 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
15565 {
15566 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15567 struct wireless_dev *wdev = info->user_ptr[1];
15568 int err;
15569
15570 if (!rdev->ops->start_p2p_device)
15571 return -EOPNOTSUPP;
15572
15573 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
15574 return -EOPNOTSUPP;
15575
15576 if (wdev_running(wdev))
15577 return 0;
15578
15579 if (rfkill_blocked(rdev->wiphy.rfkill))
15580 return -ERFKILL;
15581
15582 err = rdev_start_p2p_device(rdev, wdev);
15583 if (err)
15584 return err;
15585
15586 wdev->is_running = true;
15587 rdev->opencount++;
15588
15589 return 0;
15590 }
15591
nl80211_stop_p2p_device(struct sk_buff * skb,struct genl_info * info)15592 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
15593 {
15594 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15595 struct wireless_dev *wdev = info->user_ptr[1];
15596
15597 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
15598 return -EOPNOTSUPP;
15599
15600 if (!rdev->ops->stop_p2p_device)
15601 return -EOPNOTSUPP;
15602
15603 cfg80211_stop_p2p_device(rdev, wdev);
15604
15605 return 0;
15606 }
15607
nl80211_get_nan_channel(struct wiphy * wiphy,int freq)15608 static struct ieee80211_channel *nl80211_get_nan_channel(struct wiphy *wiphy,
15609 int freq)
15610 {
15611 struct ieee80211_channel *chan;
15612 struct cfg80211_chan_def def;
15613
15614 /* Check if the frequency is valid for NAN */
15615 if (freq != 5220 && freq != 5745 && freq != 2437)
15616 return NULL;
15617
15618 chan = ieee80211_get_channel(wiphy, freq);
15619 if (!chan)
15620 return NULL;
15621
15622 cfg80211_chandef_create(&def, chan, NL80211_CHAN_NO_HT);
15623
15624 /* Check if the channel is allowed */
15625 if (cfg80211_reg_can_beacon(wiphy, &def, NL80211_IFTYPE_NAN))
15626 return chan;
15627
15628 return NULL;
15629 }
15630
nl80211_parse_nan_band_config(struct wiphy * wiphy,struct nlattr ** tb,struct cfg80211_nan_band_config * cfg,enum nl80211_band band)15631 static int nl80211_parse_nan_band_config(struct wiphy *wiphy,
15632 struct nlattr **tb,
15633 struct cfg80211_nan_band_config *cfg,
15634 enum nl80211_band band)
15635 {
15636 if (BIT(band) & ~(u32)wiphy->nan_supported_bands)
15637 return -EINVAL;
15638
15639 if (tb[NL80211_NAN_BAND_CONF_FREQ]) {
15640 u16 freq = nla_get_u16(tb[NL80211_NAN_BAND_CONF_FREQ]);
15641
15642 if (band != NL80211_BAND_5GHZ)
15643 return -EINVAL;
15644
15645 cfg->chan = nl80211_get_nan_channel(wiphy, freq);
15646 if (!cfg->chan)
15647 return -EINVAL;
15648 }
15649
15650 if (tb[NL80211_NAN_BAND_CONF_RSSI_CLOSE]) {
15651 cfg->rssi_close =
15652 nla_get_s8(tb[NL80211_NAN_BAND_CONF_RSSI_CLOSE]);
15653 if (!tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE])
15654 return -EINVAL;
15655 }
15656
15657 if (tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE]) {
15658 cfg->rssi_middle =
15659 nla_get_s8(tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE]);
15660 if (!cfg->rssi_close || cfg->rssi_middle >= cfg->rssi_close)
15661 return -EINVAL;
15662 }
15663
15664 if (tb[NL80211_NAN_BAND_CONF_WAKE_DW]) {
15665 cfg->awake_dw_interval =
15666 nla_get_u8(tb[NL80211_NAN_BAND_CONF_WAKE_DW]);
15667
15668 if (band == NL80211_BAND_2GHZ && cfg->awake_dw_interval == 0)
15669 return -EINVAL;
15670 }
15671
15672 cfg->disable_scan =
15673 nla_get_flag(tb[NL80211_NAN_BAND_CONF_DISABLE_SCAN]);
15674 return 0;
15675 }
15676
nl80211_parse_nan_conf(struct wiphy * wiphy,struct genl_info * info,struct cfg80211_nan_conf * conf,u32 * changed_flags,bool start)15677 static int nl80211_parse_nan_conf(struct wiphy *wiphy,
15678 struct genl_info *info,
15679 struct cfg80211_nan_conf *conf,
15680 u32 *changed_flags,
15681 bool start)
15682 {
15683 struct nlattr *attrs[NL80211_NAN_CONF_ATTR_MAX + 1];
15684 int err, rem;
15685 u32 changed = 0;
15686 struct nlattr *band_config;
15687
15688 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
15689 conf->master_pref =
15690 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
15691
15692 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
15693 }
15694
15695 if (info->attrs[NL80211_ATTR_BANDS]) {
15696 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
15697
15698 if (bands & ~(u32)wiphy->nan_supported_bands)
15699 return -EOPNOTSUPP;
15700
15701 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
15702 return -EINVAL;
15703
15704 conf->bands = bands;
15705 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
15706 }
15707
15708 conf->band_cfgs[NL80211_BAND_2GHZ].awake_dw_interval = 1;
15709 if (conf->bands & BIT(NL80211_BAND_5GHZ) || !conf->bands)
15710 conf->band_cfgs[NL80211_BAND_5GHZ].awake_dw_interval = 1;
15711
15712 /* On 2.4 GHz band use channel 6 */
15713 conf->band_cfgs[NL80211_BAND_2GHZ].chan =
15714 nl80211_get_nan_channel(wiphy, 2437);
15715 if (!conf->band_cfgs[NL80211_BAND_2GHZ].chan)
15716 return -EINVAL;
15717
15718 if (!info->attrs[NL80211_ATTR_NAN_CONFIG])
15719 goto out;
15720
15721 err = nla_parse_nested(attrs, NL80211_NAN_CONF_ATTR_MAX,
15722 info->attrs[NL80211_ATTR_NAN_CONFIG], NULL,
15723 info->extack);
15724 if (err)
15725 return err;
15726
15727 changed |= CFG80211_NAN_CONF_CHANGED_CONFIG;
15728 if (attrs[NL80211_NAN_CONF_CLUSTER_ID] && start)
15729 conf->cluster_id =
15730 nla_data(attrs[NL80211_NAN_CONF_CLUSTER_ID]);
15731
15732 if (attrs[NL80211_NAN_CONF_EXTRA_ATTRS]) {
15733 conf->extra_nan_attrs =
15734 nla_data(attrs[NL80211_NAN_CONF_EXTRA_ATTRS]);
15735 conf->extra_nan_attrs_len =
15736 nla_len(attrs[NL80211_NAN_CONF_EXTRA_ATTRS]);
15737 }
15738
15739 if (attrs[NL80211_NAN_CONF_VENDOR_ELEMS]) {
15740 conf->vendor_elems =
15741 nla_data(attrs[NL80211_NAN_CONF_VENDOR_ELEMS]);
15742 conf->vendor_elems_len =
15743 nla_len(attrs[NL80211_NAN_CONF_VENDOR_ELEMS]);
15744 }
15745
15746 if (attrs[NL80211_NAN_CONF_BAND_CONFIGS]) {
15747 nla_for_each_nested(band_config,
15748 attrs[NL80211_NAN_CONF_BAND_CONFIGS],
15749 rem) {
15750 enum nl80211_band band;
15751 struct cfg80211_nan_band_config *cfg;
15752 struct nlattr *tb[NL80211_NAN_BAND_CONF_ATTR_MAX + 1];
15753
15754 err = nla_parse_nested(tb,
15755 NL80211_NAN_BAND_CONF_ATTR_MAX,
15756 band_config, NULL,
15757 info->extack);
15758 if (err)
15759 return err;
15760
15761 if (!tb[NL80211_NAN_BAND_CONF_BAND])
15762 return -EINVAL;
15763
15764 band = nla_get_u8(tb[NL80211_NAN_BAND_CONF_BAND]);
15765 if (conf->bands && !(conf->bands & BIT(band)))
15766 return -EINVAL;
15767
15768 cfg = &conf->band_cfgs[band];
15769
15770 err = nl80211_parse_nan_band_config(wiphy, tb, cfg,
15771 band);
15772 if (err)
15773 return err;
15774 }
15775 }
15776
15777 if (attrs[NL80211_NAN_CONF_SCAN_PERIOD])
15778 conf->scan_period =
15779 nla_get_u16(attrs[NL80211_NAN_CONF_SCAN_PERIOD]);
15780
15781 if (attrs[NL80211_NAN_CONF_SCAN_DWELL_TIME])
15782 conf->scan_dwell_time =
15783 nla_get_u16(attrs[NL80211_NAN_CONF_SCAN_DWELL_TIME]);
15784
15785 if (attrs[NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL])
15786 conf->discovery_beacon_interval =
15787 nla_get_u8(attrs[NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL]);
15788
15789 if (attrs[NL80211_NAN_CONF_NOTIFY_DW])
15790 conf->enable_dw_notification =
15791 nla_get_flag(attrs[NL80211_NAN_CONF_NOTIFY_DW]);
15792
15793 out:
15794 if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan &&
15795 (!conf->bands || conf->bands & BIT(NL80211_BAND_5GHZ))) {
15796 /* If no 5GHz channel is specified use default, if possible */
15797 conf->band_cfgs[NL80211_BAND_5GHZ].chan =
15798 nl80211_get_nan_channel(wiphy, 5745);
15799 if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan)
15800 conf->band_cfgs[NL80211_BAND_5GHZ].chan =
15801 nl80211_get_nan_channel(wiphy, 5220);
15802
15803 /* Return error if user space asked explicitly for 5 GHz */
15804 if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan &&
15805 conf->bands & BIT(NL80211_BAND_5GHZ)) {
15806 NL_SET_ERR_MSG_ATTR(info->extack,
15807 info->attrs[NL80211_ATTR_BANDS],
15808 "5 GHz band operation is not allowed");
15809 return -EINVAL;
15810 }
15811 }
15812
15813 if (changed_flags)
15814 *changed_flags = changed;
15815
15816 return 0;
15817 }
15818
nl80211_start_nan(struct sk_buff * skb,struct genl_info * info)15819 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
15820 {
15821 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15822 struct wireless_dev *wdev = info->user_ptr[1];
15823 struct cfg80211_nan_conf conf = {};
15824 int err;
15825
15826 if (wdev->iftype != NL80211_IFTYPE_NAN)
15827 return -EOPNOTSUPP;
15828
15829 if (wdev_running(wdev))
15830 return -EEXIST;
15831
15832 if (rfkill_blocked(rdev->wiphy.rfkill))
15833 return -ERFKILL;
15834
15835 /* Master preference is mandatory for START_NAN */
15836 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
15837 return -EINVAL;
15838
15839 err = nl80211_parse_nan_conf(&rdev->wiphy, info, &conf, NULL, true);
15840 if (err)
15841 return err;
15842
15843 err = rdev_start_nan(rdev, wdev, &conf);
15844 if (err)
15845 return err;
15846
15847 wdev->is_running = true;
15848 rdev->opencount++;
15849
15850 return 0;
15851 }
15852
nl80211_stop_nan(struct sk_buff * skb,struct genl_info * info)15853 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
15854 {
15855 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15856 struct wireless_dev *wdev = info->user_ptr[1];
15857
15858 if (wdev->iftype != NL80211_IFTYPE_NAN)
15859 return -EOPNOTSUPP;
15860
15861 cfg80211_stop_nan(rdev, wdev);
15862
15863 return 0;
15864 }
15865
validate_nan_filter(struct nlattr * filter_attr)15866 static int validate_nan_filter(struct nlattr *filter_attr)
15867 {
15868 struct nlattr *attr;
15869 int len = 0, n_entries = 0, rem;
15870
15871 nla_for_each_nested(attr, filter_attr, rem) {
15872 len += nla_len(attr);
15873 n_entries++;
15874 }
15875
15876 if (len >= U8_MAX)
15877 return -EINVAL;
15878
15879 return n_entries;
15880 }
15881
handle_nan_filter(struct nlattr * attr_filter,struct cfg80211_nan_func * func,bool tx)15882 static int handle_nan_filter(struct nlattr *attr_filter,
15883 struct cfg80211_nan_func *func,
15884 bool tx)
15885 {
15886 struct nlattr *attr;
15887 int n_entries, rem, i;
15888 struct cfg80211_nan_func_filter *filter;
15889
15890 n_entries = validate_nan_filter(attr_filter);
15891 if (n_entries < 0)
15892 return n_entries;
15893
15894 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
15895
15896 filter = kzalloc_objs(*func->rx_filters, n_entries);
15897 if (!filter)
15898 return -ENOMEM;
15899
15900 i = 0;
15901 nla_for_each_nested(attr, attr_filter, rem) {
15902 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
15903 if (!filter[i].filter)
15904 goto err;
15905
15906 filter[i].len = nla_len(attr);
15907 i++;
15908 }
15909 if (tx) {
15910 func->num_tx_filters = n_entries;
15911 func->tx_filters = filter;
15912 } else {
15913 func->num_rx_filters = n_entries;
15914 func->rx_filters = filter;
15915 }
15916
15917 return 0;
15918
15919 err:
15920 i = 0;
15921 nla_for_each_nested(attr, attr_filter, rem) {
15922 kfree(filter[i].filter);
15923 i++;
15924 }
15925 kfree(filter);
15926 return -ENOMEM;
15927 }
15928
nl80211_nan_add_func(struct sk_buff * skb,struct genl_info * info)15929 static int nl80211_nan_add_func(struct sk_buff *skb,
15930 struct genl_info *info)
15931 {
15932 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15933 struct wireless_dev *wdev = info->user_ptr[1];
15934 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
15935 struct cfg80211_nan_func *func;
15936 struct sk_buff *msg = NULL;
15937 void *hdr = NULL;
15938 int err = 0;
15939
15940 if (wdev->iftype != NL80211_IFTYPE_NAN)
15941 return -EOPNOTSUPP;
15942
15943 if (!wdev_running(wdev))
15944 return -ENOTCONN;
15945
15946 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
15947 return -EINVAL;
15948
15949 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
15950 info->attrs[NL80211_ATTR_NAN_FUNC],
15951 nl80211_nan_func_policy,
15952 info->extack);
15953 if (err)
15954 return err;
15955
15956 func = kzalloc_obj(*func);
15957 if (!func)
15958 return -ENOMEM;
15959
15960 func->cookie = cfg80211_assign_cookie(rdev);
15961
15962 if (!tb[NL80211_NAN_FUNC_TYPE]) {
15963 err = -EINVAL;
15964 goto out;
15965 }
15966
15967
15968 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
15969
15970 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
15971 err = -EINVAL;
15972 goto out;
15973 }
15974
15975 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
15976 sizeof(func->service_id));
15977
15978 func->close_range =
15979 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
15980
15981 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
15982 func->serv_spec_info_len =
15983 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
15984 func->serv_spec_info =
15985 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
15986 func->serv_spec_info_len,
15987 GFP_KERNEL);
15988 if (!func->serv_spec_info) {
15989 err = -ENOMEM;
15990 goto out;
15991 }
15992 }
15993
15994 if (tb[NL80211_NAN_FUNC_TTL])
15995 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
15996
15997 switch (func->type) {
15998 case NL80211_NAN_FUNC_PUBLISH:
15999 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
16000 err = -EINVAL;
16001 goto out;
16002 }
16003
16004 func->publish_type =
16005 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
16006 func->publish_bcast =
16007 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
16008
16009 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
16010 func->publish_bcast) {
16011 err = -EINVAL;
16012 goto out;
16013 }
16014 break;
16015 case NL80211_NAN_FUNC_SUBSCRIBE:
16016 func->subscribe_active =
16017 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
16018 break;
16019 case NL80211_NAN_FUNC_FOLLOW_UP:
16020 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
16021 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
16022 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
16023 err = -EINVAL;
16024 goto out;
16025 }
16026
16027 func->followup_id =
16028 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
16029 func->followup_reqid =
16030 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
16031 memcpy(func->followup_dest.addr,
16032 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
16033 sizeof(func->followup_dest.addr));
16034 if (func->ttl) {
16035 err = -EINVAL;
16036 goto out;
16037 }
16038 break;
16039 default:
16040 err = -EINVAL;
16041 goto out;
16042 }
16043
16044 if (tb[NL80211_NAN_FUNC_SRF]) {
16045 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
16046
16047 err = nla_parse_nested_deprecated(srf_tb,
16048 NL80211_NAN_SRF_ATTR_MAX,
16049 tb[NL80211_NAN_FUNC_SRF],
16050 nl80211_nan_srf_policy,
16051 info->extack);
16052 if (err)
16053 goto out;
16054
16055 func->srf_include =
16056 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
16057
16058 if (srf_tb[NL80211_NAN_SRF_BF]) {
16059 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
16060 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
16061 err = -EINVAL;
16062 goto out;
16063 }
16064
16065 func->srf_bf_len =
16066 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
16067 func->srf_bf =
16068 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
16069 func->srf_bf_len, GFP_KERNEL);
16070 if (!func->srf_bf) {
16071 err = -ENOMEM;
16072 goto out;
16073 }
16074
16075 func->srf_bf_idx =
16076 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
16077 } else {
16078 struct nlattr *attr, *mac_attr =
16079 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
16080 int n_entries, rem, i = 0;
16081
16082 if (!mac_attr) {
16083 err = -EINVAL;
16084 goto out;
16085 }
16086
16087 n_entries = validate_acl_mac_addrs(mac_attr);
16088 if (n_entries <= 0) {
16089 err = -EINVAL;
16090 goto out;
16091 }
16092
16093 func->srf_num_macs = n_entries;
16094 func->srf_macs =
16095 kzalloc_objs(*func->srf_macs, n_entries);
16096 if (!func->srf_macs) {
16097 err = -ENOMEM;
16098 goto out;
16099 }
16100
16101 nla_for_each_nested(attr, mac_attr, rem)
16102 memcpy(func->srf_macs[i++].addr, nla_data(attr),
16103 sizeof(*func->srf_macs));
16104 }
16105 }
16106
16107 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
16108 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
16109 func, true);
16110 if (err)
16111 goto out;
16112 }
16113
16114 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
16115 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
16116 func, false);
16117 if (err)
16118 goto out;
16119 }
16120
16121 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16122 if (!msg) {
16123 err = -ENOMEM;
16124 goto out;
16125 }
16126
16127 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
16128 NL80211_CMD_ADD_NAN_FUNCTION);
16129 /* This can't really happen - we just allocated 4KB */
16130 if (WARN_ON(!hdr)) {
16131 err = -ENOMEM;
16132 goto out;
16133 }
16134
16135 err = rdev_add_nan_func(rdev, wdev, func);
16136 out:
16137 if (err < 0) {
16138 cfg80211_free_nan_func(func);
16139 nlmsg_free(msg);
16140 return err;
16141 }
16142
16143 /* propagate the instance id and cookie to userspace */
16144 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
16145 NL80211_ATTR_PAD))
16146 goto nla_put_failure;
16147
16148 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
16149 if (!func_attr)
16150 goto nla_put_failure;
16151
16152 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
16153 func->instance_id))
16154 goto nla_put_failure;
16155
16156 nla_nest_end(msg, func_attr);
16157
16158 genlmsg_end(msg, hdr);
16159 return genlmsg_reply(msg, info);
16160
16161 nla_put_failure:
16162 nlmsg_free(msg);
16163 return -ENOBUFS;
16164 }
16165
nl80211_nan_del_func(struct sk_buff * skb,struct genl_info * info)16166 static int nl80211_nan_del_func(struct sk_buff *skb,
16167 struct genl_info *info)
16168 {
16169 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16170 struct wireless_dev *wdev = info->user_ptr[1];
16171 u64 cookie;
16172
16173 if (wdev->iftype != NL80211_IFTYPE_NAN)
16174 return -EOPNOTSUPP;
16175
16176 if (!wdev_running(wdev))
16177 return -ENOTCONN;
16178
16179 if (!info->attrs[NL80211_ATTR_COOKIE])
16180 return -EINVAL;
16181
16182 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
16183
16184 rdev_del_nan_func(rdev, wdev, cookie);
16185
16186 return 0;
16187 }
16188
nl80211_nan_change_config(struct sk_buff * skb,struct genl_info * info)16189 static int nl80211_nan_change_config(struct sk_buff *skb,
16190 struct genl_info *info)
16191 {
16192 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16193 struct wireless_dev *wdev = info->user_ptr[1];
16194 struct cfg80211_nan_conf conf = {};
16195 u32 changed = 0;
16196 int err;
16197
16198 if (wdev->iftype != NL80211_IFTYPE_NAN)
16199 return -EOPNOTSUPP;
16200
16201 if (!wdev_running(wdev))
16202 return -ENOTCONN;
16203
16204 err = nl80211_parse_nan_conf(&rdev->wiphy, info, &conf, &changed, false);
16205 if (err)
16206 return err;
16207
16208 if (!changed)
16209 return -EINVAL;
16210
16211 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
16212 }
16213
cfg80211_nan_match(struct wireless_dev * wdev,struct cfg80211_nan_match_params * match,gfp_t gfp)16214 void cfg80211_nan_match(struct wireless_dev *wdev,
16215 struct cfg80211_nan_match_params *match, gfp_t gfp)
16216 {
16217 struct wiphy *wiphy = wdev->wiphy;
16218 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16219 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
16220 struct sk_buff *msg;
16221 void *hdr;
16222
16223 if (WARN_ON(wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE))
16224 return;
16225
16226 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
16227 return;
16228
16229 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16230 if (!msg)
16231 return;
16232
16233 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
16234 if (!hdr) {
16235 nlmsg_free(msg);
16236 return;
16237 }
16238
16239 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16240 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16241 wdev->netdev->ifindex)) ||
16242 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16243 NL80211_ATTR_PAD))
16244 goto nla_put_failure;
16245
16246 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
16247 NL80211_ATTR_PAD) ||
16248 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
16249 goto nla_put_failure;
16250
16251 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
16252 if (!match_attr)
16253 goto nla_put_failure;
16254
16255 local_func_attr = nla_nest_start_noflag(msg,
16256 NL80211_NAN_MATCH_FUNC_LOCAL);
16257 if (!local_func_attr)
16258 goto nla_put_failure;
16259
16260 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
16261 goto nla_put_failure;
16262
16263 nla_nest_end(msg, local_func_attr);
16264
16265 peer_func_attr = nla_nest_start_noflag(msg,
16266 NL80211_NAN_MATCH_FUNC_PEER);
16267 if (!peer_func_attr)
16268 goto nla_put_failure;
16269
16270 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
16271 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
16272 goto nla_put_failure;
16273
16274 if (match->info && match->info_len &&
16275 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
16276 match->info))
16277 goto nla_put_failure;
16278
16279 nla_nest_end(msg, peer_func_attr);
16280 nla_nest_end(msg, match_attr);
16281 genlmsg_end(msg, hdr);
16282
16283 if (!wdev->owner_nlportid)
16284 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
16285 msg, 0, NL80211_MCGRP_NAN, gfp);
16286 else
16287 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16288 wdev->owner_nlportid);
16289
16290 return;
16291
16292 nla_put_failure:
16293 nlmsg_free(msg);
16294 }
16295 EXPORT_SYMBOL(cfg80211_nan_match);
16296
cfg80211_nan_func_terminated(struct wireless_dev * wdev,u8 inst_id,enum nl80211_nan_func_term_reason reason,u64 cookie,gfp_t gfp)16297 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
16298 u8 inst_id,
16299 enum nl80211_nan_func_term_reason reason,
16300 u64 cookie, gfp_t gfp)
16301 {
16302 struct wiphy *wiphy = wdev->wiphy;
16303 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16304 struct sk_buff *msg;
16305 struct nlattr *func_attr;
16306 void *hdr;
16307
16308 if (WARN_ON(wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE))
16309 return;
16310
16311 if (WARN_ON(!inst_id))
16312 return;
16313
16314 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16315 if (!msg)
16316 return;
16317
16318 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
16319 if (!hdr) {
16320 nlmsg_free(msg);
16321 return;
16322 }
16323
16324 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16325 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16326 wdev->netdev->ifindex)) ||
16327 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16328 NL80211_ATTR_PAD))
16329 goto nla_put_failure;
16330
16331 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16332 NL80211_ATTR_PAD))
16333 goto nla_put_failure;
16334
16335 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
16336 if (!func_attr)
16337 goto nla_put_failure;
16338
16339 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
16340 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
16341 goto nla_put_failure;
16342
16343 nla_nest_end(msg, func_attr);
16344 genlmsg_end(msg, hdr);
16345
16346 if (!wdev->owner_nlportid)
16347 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
16348 msg, 0, NL80211_MCGRP_NAN, gfp);
16349 else
16350 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16351 wdev->owner_nlportid);
16352
16353 return;
16354
16355 nla_put_failure:
16356 nlmsg_free(msg);
16357 }
16358 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
16359
nl80211_get_protocol_features(struct sk_buff * skb,struct genl_info * info)16360 static int nl80211_get_protocol_features(struct sk_buff *skb,
16361 struct genl_info *info)
16362 {
16363 void *hdr;
16364 struct sk_buff *msg;
16365
16366 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16367 if (!msg)
16368 return -ENOMEM;
16369
16370 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
16371 NL80211_CMD_GET_PROTOCOL_FEATURES);
16372 if (!hdr)
16373 goto nla_put_failure;
16374
16375 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
16376 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
16377 goto nla_put_failure;
16378
16379 genlmsg_end(msg, hdr);
16380 return genlmsg_reply(msg, info);
16381
16382 nla_put_failure:
16383 kfree_skb(msg);
16384 return -ENOBUFS;
16385 }
16386
nl80211_update_ft_ies(struct sk_buff * skb,struct genl_info * info)16387 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
16388 {
16389 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16390 struct cfg80211_update_ft_ies_params ft_params;
16391 struct net_device *dev = info->user_ptr[1];
16392
16393 if (!rdev->ops->update_ft_ies)
16394 return -EOPNOTSUPP;
16395
16396 if (!info->attrs[NL80211_ATTR_MDID] ||
16397 !info->attrs[NL80211_ATTR_IE])
16398 return -EINVAL;
16399
16400 memset(&ft_params, 0, sizeof(ft_params));
16401 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
16402 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
16403 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
16404
16405 return rdev_update_ft_ies(rdev, dev, &ft_params);
16406 }
16407
nl80211_crit_protocol_start(struct sk_buff * skb,struct genl_info * info)16408 static int nl80211_crit_protocol_start(struct sk_buff *skb,
16409 struct genl_info *info)
16410 {
16411 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16412 struct wireless_dev *wdev = info->user_ptr[1];
16413 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
16414 u16 duration;
16415 int ret;
16416
16417 if (!rdev->ops->crit_proto_start)
16418 return -EOPNOTSUPP;
16419
16420 if (WARN_ON(!rdev->ops->crit_proto_stop))
16421 return -EINVAL;
16422
16423 if (rdev->crit_proto_nlportid)
16424 return -EBUSY;
16425
16426 /* determine protocol if provided */
16427 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
16428 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
16429
16430 if (proto >= NUM_NL80211_CRIT_PROTO)
16431 return -EINVAL;
16432
16433 /* timeout must be provided */
16434 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
16435 return -EINVAL;
16436
16437 duration =
16438 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
16439
16440 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
16441 if (!ret)
16442 rdev->crit_proto_nlportid = info->snd_portid;
16443
16444 return ret;
16445 }
16446
nl80211_crit_protocol_stop(struct sk_buff * skb,struct genl_info * info)16447 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
16448 struct genl_info *info)
16449 {
16450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16451 struct wireless_dev *wdev = info->user_ptr[1];
16452
16453 if (!rdev->ops->crit_proto_stop)
16454 return -EOPNOTSUPP;
16455
16456 if (rdev->crit_proto_nlportid) {
16457 rdev->crit_proto_nlportid = 0;
16458 rdev_crit_proto_stop(rdev, wdev);
16459 }
16460 return 0;
16461 }
16462
nl80211_vendor_check_policy(const struct wiphy_vendor_command * vcmd,struct nlattr * attr,struct netlink_ext_ack * extack)16463 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
16464 struct nlattr *attr,
16465 struct netlink_ext_ack *extack)
16466 {
16467 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
16468 if (attr->nla_type & NLA_F_NESTED) {
16469 NL_SET_ERR_MSG_ATTR(extack, attr,
16470 "unexpected nested data");
16471 return -EINVAL;
16472 }
16473
16474 return 0;
16475 }
16476
16477 if (!(attr->nla_type & NLA_F_NESTED)) {
16478 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
16479 return -EINVAL;
16480 }
16481
16482 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
16483 }
16484
nl80211_vendor_cmd(struct sk_buff * skb,struct genl_info * info)16485 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
16486 {
16487 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16488 struct wireless_dev *wdev =
16489 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
16490 info->attrs);
16491 int i, err;
16492 u32 vid, subcmd;
16493
16494 if (!rdev->wiphy.vendor_commands)
16495 return -EOPNOTSUPP;
16496
16497 if (IS_ERR(wdev)) {
16498 err = PTR_ERR(wdev);
16499 if (err != -EINVAL)
16500 return err;
16501 wdev = NULL;
16502 } else if (wdev->wiphy != &rdev->wiphy) {
16503 return -EINVAL;
16504 }
16505
16506 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
16507 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
16508 return -EINVAL;
16509
16510 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
16511 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
16512 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
16513 const struct wiphy_vendor_command *vcmd;
16514 void *data = NULL;
16515 int len = 0;
16516
16517 vcmd = &rdev->wiphy.vendor_commands[i];
16518
16519 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
16520 continue;
16521
16522 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
16523 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
16524 if (!wdev)
16525 return -EINVAL;
16526 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
16527 !wdev->netdev)
16528 return -EINVAL;
16529
16530 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
16531 if (!wdev_running(wdev))
16532 return -ENETDOWN;
16533 }
16534 } else {
16535 wdev = NULL;
16536 }
16537
16538 if (!vcmd->doit)
16539 return -EOPNOTSUPP;
16540
16541 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
16542 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
16543 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
16544
16545 err = nl80211_vendor_check_policy(vcmd,
16546 info->attrs[NL80211_ATTR_VENDOR_DATA],
16547 info->extack);
16548 if (err)
16549 return err;
16550 }
16551
16552 rdev->cur_cmd_info = info;
16553 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
16554 rdev->cur_cmd_info = NULL;
16555 return err;
16556 }
16557
16558 return -EOPNOTSUPP;
16559 }
16560
nl80211_prepare_vendor_dump(struct sk_buff * skb,struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)16561 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
16562 struct netlink_callback *cb,
16563 struct cfg80211_registered_device **rdev,
16564 struct wireless_dev **wdev)
16565 {
16566 struct nlattr **attrbuf;
16567 u32 vid, subcmd;
16568 unsigned int i;
16569 int vcmd_idx = -1;
16570 int err;
16571 void *data = NULL;
16572 unsigned int data_len = 0;
16573
16574 if (cb->args[0]) {
16575 /* subtract the 1 again here */
16576 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
16577 struct wireless_dev *tmp;
16578
16579 if (!wiphy)
16580 return -ENODEV;
16581 *rdev = wiphy_to_rdev(wiphy);
16582 *wdev = NULL;
16583
16584 if (cb->args[1]) {
16585 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
16586 if (tmp->identifier == cb->args[1] - 1) {
16587 *wdev = tmp;
16588 break;
16589 }
16590 }
16591 }
16592
16593 /* keep rtnl locked in successful case */
16594 return 0;
16595 }
16596
16597 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
16598 if (!attrbuf)
16599 return -ENOMEM;
16600
16601 err = nlmsg_parse_deprecated(cb->nlh,
16602 GENL_HDRLEN + nl80211_fam.hdrsize,
16603 attrbuf, nl80211_fam.maxattr,
16604 nl80211_policy, NULL);
16605 if (err)
16606 goto out;
16607
16608 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
16609 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
16610 err = -EINVAL;
16611 goto out;
16612 }
16613
16614 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
16615 if (IS_ERR(*wdev))
16616 *wdev = NULL;
16617
16618 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
16619 if (IS_ERR(*rdev)) {
16620 err = PTR_ERR(*rdev);
16621 goto out;
16622 }
16623
16624 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
16625 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
16626
16627 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
16628 const struct wiphy_vendor_command *vcmd;
16629
16630 vcmd = &(*rdev)->wiphy.vendor_commands[i];
16631
16632 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
16633 continue;
16634
16635 if (!vcmd->dumpit) {
16636 err = -EOPNOTSUPP;
16637 goto out;
16638 }
16639
16640 vcmd_idx = i;
16641 break;
16642 }
16643
16644 if (vcmd_idx < 0) {
16645 err = -EOPNOTSUPP;
16646 goto out;
16647 }
16648
16649 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
16650 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
16651 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
16652
16653 err = nl80211_vendor_check_policy(
16654 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
16655 attrbuf[NL80211_ATTR_VENDOR_DATA],
16656 cb->extack);
16657 if (err)
16658 goto out;
16659 }
16660
16661 /* 0 is the first index - add 1 to parse only once */
16662 cb->args[0] = (*rdev)->wiphy_idx + 1;
16663 /* add 1 to know if it was NULL */
16664 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
16665 cb->args[2] = vcmd_idx;
16666 cb->args[3] = (unsigned long)data;
16667 cb->args[4] = data_len;
16668
16669 /* keep rtnl locked in successful case */
16670 err = 0;
16671 out:
16672 kfree(attrbuf);
16673 return err;
16674 }
16675
nl80211_vendor_cmd_dump(struct sk_buff * skb,struct netlink_callback * cb)16676 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
16677 struct netlink_callback *cb)
16678 {
16679 struct cfg80211_registered_device *rdev;
16680 struct wireless_dev *wdev;
16681 unsigned int vcmd_idx;
16682 const struct wiphy_vendor_command *vcmd;
16683 void *data;
16684 int data_len;
16685 int err;
16686 struct nlattr *vendor_data;
16687
16688 rtnl_lock();
16689 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
16690 if (err)
16691 goto out;
16692
16693 vcmd_idx = cb->args[2];
16694 data = (void *)cb->args[3];
16695 data_len = cb->args[4];
16696 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
16697
16698 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
16699 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
16700 if (!wdev) {
16701 err = -EINVAL;
16702 goto out;
16703 }
16704 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
16705 !wdev->netdev) {
16706 err = -EINVAL;
16707 goto out;
16708 }
16709
16710 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
16711 if (!wdev_running(wdev)) {
16712 err = -ENETDOWN;
16713 goto out;
16714 }
16715 }
16716 }
16717
16718 while (1) {
16719 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
16720 cb->nlh->nlmsg_seq, NLM_F_MULTI,
16721 NL80211_CMD_VENDOR);
16722 if (!hdr)
16723 break;
16724
16725 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16726 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
16727 wdev_id(wdev),
16728 NL80211_ATTR_PAD))) {
16729 genlmsg_cancel(skb, hdr);
16730 break;
16731 }
16732
16733 vendor_data = nla_nest_start_noflag(skb,
16734 NL80211_ATTR_VENDOR_DATA);
16735 if (!vendor_data) {
16736 genlmsg_cancel(skb, hdr);
16737 break;
16738 }
16739
16740 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
16741 (unsigned long *)&cb->args[5]);
16742 nla_nest_end(skb, vendor_data);
16743
16744 if (err == -ENOBUFS || err == -ENOENT) {
16745 genlmsg_cancel(skb, hdr);
16746 break;
16747 } else if (err <= 0) {
16748 genlmsg_cancel(skb, hdr);
16749 goto out;
16750 }
16751
16752 genlmsg_end(skb, hdr);
16753 }
16754
16755 err = skb->len;
16756 out:
16757 rtnl_unlock();
16758 return err;
16759 }
16760
__cfg80211_alloc_reply_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int approxlen)16761 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
16762 enum nl80211_commands cmd,
16763 enum nl80211_attrs attr,
16764 int approxlen)
16765 {
16766 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16767
16768 if (WARN_ON(!rdev->cur_cmd_info))
16769 return NULL;
16770
16771 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
16772 rdev->cur_cmd_info->snd_portid,
16773 rdev->cur_cmd_info->snd_seq,
16774 cmd, attr, NULL, GFP_KERNEL);
16775 }
16776 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
16777
cfg80211_vendor_cmd_reply(struct sk_buff * skb)16778 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
16779 {
16780 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
16781 void *hdr = ((void **)skb->cb)[1];
16782 struct nlattr *data = ((void **)skb->cb)[2];
16783
16784 /* clear CB data for netlink core to own from now on */
16785 memset(skb->cb, 0, sizeof(skb->cb));
16786
16787 if (WARN_ON(!rdev->cur_cmd_info)) {
16788 kfree_skb(skb);
16789 return -EINVAL;
16790 }
16791
16792 nla_nest_end(skb, data);
16793 genlmsg_end(skb, hdr);
16794 return genlmsg_reply(skb, rdev->cur_cmd_info);
16795 }
16796 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
16797
cfg80211_vendor_cmd_get_sender(struct wiphy * wiphy)16798 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
16799 {
16800 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16801
16802 if (WARN_ON(!rdev->cur_cmd_info))
16803 return 0;
16804
16805 return rdev->cur_cmd_info->snd_portid;
16806 }
16807 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
16808
nl80211_set_qos_map(struct sk_buff * skb,struct genl_info * info)16809 static int nl80211_set_qos_map(struct sk_buff *skb,
16810 struct genl_info *info)
16811 {
16812 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16813 struct cfg80211_qos_map *qos_map = NULL;
16814 struct net_device *dev = info->user_ptr[1];
16815 u8 *pos, len, num_des, des_len, des;
16816 int ret;
16817
16818 if (!rdev->ops->set_qos_map)
16819 return -EOPNOTSUPP;
16820
16821 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
16822 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
16823 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
16824
16825 if (len % 2)
16826 return -EINVAL;
16827
16828 qos_map = kzalloc_obj(struct cfg80211_qos_map);
16829 if (!qos_map)
16830 return -ENOMEM;
16831
16832 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
16833 if (num_des) {
16834 des_len = num_des *
16835 sizeof(struct cfg80211_dscp_exception);
16836 memcpy(qos_map->dscp_exception, pos, des_len);
16837 qos_map->num_des = num_des;
16838 for (des = 0; des < num_des; des++) {
16839 if (qos_map->dscp_exception[des].up > 7) {
16840 kfree(qos_map);
16841 return -EINVAL;
16842 }
16843 }
16844 pos += des_len;
16845 }
16846 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
16847 }
16848
16849 ret = nl80211_key_allowed(dev->ieee80211_ptr);
16850 if (!ret)
16851 ret = rdev_set_qos_map(rdev, dev, qos_map);
16852
16853 kfree(qos_map);
16854 return ret;
16855 }
16856
nl80211_add_tx_ts(struct sk_buff * skb,struct genl_info * info)16857 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
16858 {
16859 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16860 struct net_device *dev = info->user_ptr[1];
16861 struct wireless_dev *wdev = dev->ieee80211_ptr;
16862 const u8 *peer;
16863 u8 tsid, up;
16864 u16 admitted_time = 0;
16865
16866 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
16867 return -EOPNOTSUPP;
16868
16869 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
16870 !info->attrs[NL80211_ATTR_USER_PRIO])
16871 return -EINVAL;
16872
16873 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
16874 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
16875
16876 /* WMM uses TIDs 0-7 even for TSPEC */
16877 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
16878 /* TODO: handle 802.11 TSPEC/admission control
16879 * need more attributes for that (e.g. BA session requirement);
16880 * change the WMM admission test above to allow both then
16881 */
16882 return -EINVAL;
16883 }
16884
16885 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16886
16887 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
16888 admitted_time =
16889 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
16890 if (!admitted_time)
16891 return -EINVAL;
16892 }
16893
16894 switch (wdev->iftype) {
16895 case NL80211_IFTYPE_STATION:
16896 case NL80211_IFTYPE_P2P_CLIENT:
16897 if (wdev->connected)
16898 break;
16899 return -ENOTCONN;
16900 default:
16901 return -EOPNOTSUPP;
16902 }
16903
16904 return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
16905 }
16906
nl80211_del_tx_ts(struct sk_buff * skb,struct genl_info * info)16907 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
16908 {
16909 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16910 struct net_device *dev = info->user_ptr[1];
16911 const u8 *peer;
16912 u8 tsid;
16913
16914 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
16915 return -EINVAL;
16916
16917 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
16918 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16919
16920 return rdev_del_tx_ts(rdev, dev, tsid, peer);
16921 }
16922
nl80211_tdls_channel_switch(struct sk_buff * skb,struct genl_info * info)16923 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
16924 struct genl_info *info)
16925 {
16926 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16927 struct net_device *dev = info->user_ptr[1];
16928 struct wireless_dev *wdev = dev->ieee80211_ptr;
16929 struct cfg80211_chan_def chandef = {};
16930 const u8 *addr;
16931 u8 oper_class;
16932 int err;
16933
16934 if (!rdev->ops->tdls_channel_switch ||
16935 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
16936 return -EOPNOTSUPP;
16937
16938 switch (dev->ieee80211_ptr->iftype) {
16939 case NL80211_IFTYPE_STATION:
16940 case NL80211_IFTYPE_P2P_CLIENT:
16941 break;
16942 default:
16943 return -EOPNOTSUPP;
16944 }
16945
16946 if (!info->attrs[NL80211_ATTR_MAC] ||
16947 !info->attrs[NL80211_ATTR_OPER_CLASS])
16948 return -EINVAL;
16949
16950 err = nl80211_parse_chandef(rdev, info, &chandef);
16951 if (err)
16952 return err;
16953
16954 /*
16955 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
16956 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
16957 * specification is not defined for them.
16958 */
16959 if (chandef.chan->band == NL80211_BAND_2GHZ &&
16960 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
16961 chandef.width != NL80211_CHAN_WIDTH_20)
16962 return -EINVAL;
16963
16964 /* we will be active on the TDLS link */
16965 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
16966 wdev->iftype))
16967 return -EINVAL;
16968
16969 /* don't allow switching to DFS channels */
16970 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
16971 return -EINVAL;
16972
16973 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16974 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
16975
16976 return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
16977 }
16978
nl80211_tdls_cancel_channel_switch(struct sk_buff * skb,struct genl_info * info)16979 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
16980 struct genl_info *info)
16981 {
16982 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16983 struct net_device *dev = info->user_ptr[1];
16984 const u8 *addr;
16985
16986 if (!rdev->ops->tdls_channel_switch ||
16987 !rdev->ops->tdls_cancel_channel_switch ||
16988 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
16989 return -EOPNOTSUPP;
16990
16991 switch (dev->ieee80211_ptr->iftype) {
16992 case NL80211_IFTYPE_STATION:
16993 case NL80211_IFTYPE_P2P_CLIENT:
16994 break;
16995 default:
16996 return -EOPNOTSUPP;
16997 }
16998
16999 if (!info->attrs[NL80211_ATTR_MAC])
17000 return -EINVAL;
17001
17002 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17003
17004 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
17005
17006 return 0;
17007 }
17008
nl80211_set_multicast_to_unicast(struct sk_buff * skb,struct genl_info * info)17009 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
17010 struct genl_info *info)
17011 {
17012 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17013 struct net_device *dev = info->user_ptr[1];
17014 struct wireless_dev *wdev = dev->ieee80211_ptr;
17015 const struct nlattr *nla;
17016 bool enabled;
17017
17018 if (!rdev->ops->set_multicast_to_unicast)
17019 return -EOPNOTSUPP;
17020
17021 if (wdev->iftype != NL80211_IFTYPE_AP &&
17022 wdev->iftype != NL80211_IFTYPE_P2P_GO)
17023 return -EOPNOTSUPP;
17024
17025 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
17026 enabled = nla_get_flag(nla);
17027
17028 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
17029 }
17030
nl80211_set_pmk(struct sk_buff * skb,struct genl_info * info)17031 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
17032 {
17033 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17034 struct net_device *dev = info->user_ptr[1];
17035 struct wireless_dev *wdev = dev->ieee80211_ptr;
17036 struct cfg80211_pmk_conf pmk_conf = {};
17037
17038 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17039 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17040 return -EOPNOTSUPP;
17041
17042 if (!wiphy_ext_feature_isset(&rdev->wiphy,
17043 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
17044 return -EOPNOTSUPP;
17045
17046 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
17047 return -EINVAL;
17048
17049 if (!wdev->connected)
17050 return -ENOTCONN;
17051
17052 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
17053 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
17054 return -EINVAL;
17055
17056 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
17057 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
17058 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
17059 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
17060 return -EINVAL;
17061
17062 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
17063 pmk_conf.pmk_r0_name =
17064 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
17065
17066 return rdev_set_pmk(rdev, dev, &pmk_conf);
17067 }
17068
nl80211_del_pmk(struct sk_buff * skb,struct genl_info * info)17069 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
17070 {
17071 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17072 struct net_device *dev = info->user_ptr[1];
17073 struct wireless_dev *wdev = dev->ieee80211_ptr;
17074 const u8 *aa;
17075
17076 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17077 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17078 return -EOPNOTSUPP;
17079
17080 if (!wiphy_ext_feature_isset(&rdev->wiphy,
17081 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
17082 return -EOPNOTSUPP;
17083
17084 if (!info->attrs[NL80211_ATTR_MAC])
17085 return -EINVAL;
17086
17087 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
17088 return rdev_del_pmk(rdev, dev, aa);
17089 }
17090
nl80211_external_auth(struct sk_buff * skb,struct genl_info * info)17091 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
17092 {
17093 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17094 struct net_device *dev = info->user_ptr[1];
17095 struct cfg80211_external_auth_params params;
17096
17097 if (!rdev->ops->external_auth)
17098 return -EOPNOTSUPP;
17099
17100 if (!info->attrs[NL80211_ATTR_SSID] &&
17101 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
17102 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
17103 return -EINVAL;
17104
17105 if (!info->attrs[NL80211_ATTR_BSSID])
17106 return -EINVAL;
17107
17108 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
17109 return -EINVAL;
17110
17111 memset(¶ms, 0, sizeof(params));
17112
17113 if (info->attrs[NL80211_ATTR_SSID]) {
17114 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
17115 if (params.ssid.ssid_len == 0)
17116 return -EINVAL;
17117 memcpy(params.ssid.ssid,
17118 nla_data(info->attrs[NL80211_ATTR_SSID]),
17119 params.ssid.ssid_len);
17120 }
17121
17122 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
17123 ETH_ALEN);
17124
17125 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
17126
17127 if (info->attrs[NL80211_ATTR_PMKID])
17128 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
17129
17130 return rdev_external_auth(rdev, dev, ¶ms);
17131 }
17132
nl80211_tx_control_port(struct sk_buff * skb,struct genl_info * info)17133 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
17134 {
17135 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
17136 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17137 struct net_device *dev = info->user_ptr[1];
17138 struct wireless_dev *wdev = dev->ieee80211_ptr;
17139 const u8 *buf;
17140 size_t len;
17141 u8 *dest;
17142 u16 proto;
17143 bool noencrypt;
17144 u64 cookie = 0;
17145 int link_id;
17146 int err;
17147
17148 if (!wiphy_ext_feature_isset(&rdev->wiphy,
17149 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
17150 return -EOPNOTSUPP;
17151
17152 if (!rdev->ops->tx_control_port)
17153 return -EOPNOTSUPP;
17154
17155 if (!info->attrs[NL80211_ATTR_FRAME] ||
17156 !info->attrs[NL80211_ATTR_MAC] ||
17157 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
17158 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
17159 return -EINVAL;
17160 }
17161
17162 switch (wdev->iftype) {
17163 case NL80211_IFTYPE_AP:
17164 case NL80211_IFTYPE_P2P_GO:
17165 case NL80211_IFTYPE_MESH_POINT:
17166 break;
17167 case NL80211_IFTYPE_ADHOC:
17168 if (wdev->u.ibss.current_bss)
17169 break;
17170 return -ENOTCONN;
17171 case NL80211_IFTYPE_STATION:
17172 case NL80211_IFTYPE_P2P_CLIENT:
17173 if (wdev->connected)
17174 break;
17175 return -ENOTCONN;
17176 default:
17177 return -EOPNOTSUPP;
17178 }
17179
17180 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
17181 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
17182 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
17183 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
17184 noencrypt =
17185 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
17186
17187 link_id = nl80211_link_id_or_invalid(info->attrs);
17188
17189 err = rdev_tx_control_port(rdev, dev, buf, len,
17190 dest, cpu_to_be16(proto), noencrypt, link_id,
17191 dont_wait_for_ack ? NULL : &cookie);
17192 if (!err && !dont_wait_for_ack)
17193 nl_set_extack_cookie_u64(info->extack, cookie);
17194 return err;
17195 }
17196
nl80211_get_ftm_responder_stats(struct sk_buff * skb,struct genl_info * info)17197 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
17198 struct genl_info *info)
17199 {
17200 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17201 struct net_device *dev = info->user_ptr[1];
17202 struct wireless_dev *wdev = dev->ieee80211_ptr;
17203 struct cfg80211_ftm_responder_stats ftm_stats = {};
17204 unsigned int link_id = nl80211_link_id(info->attrs);
17205 struct sk_buff *msg;
17206 void *hdr;
17207 struct nlattr *ftm_stats_attr;
17208 int err;
17209
17210 if (wdev->iftype != NL80211_IFTYPE_AP ||
17211 !wdev->links[link_id].ap.beacon_interval)
17212 return -EOPNOTSUPP;
17213
17214 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
17215 if (err)
17216 return err;
17217
17218 if (!ftm_stats.filled)
17219 return -ENODATA;
17220
17221 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17222 if (!msg)
17223 return -ENOMEM;
17224
17225 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
17226 NL80211_CMD_GET_FTM_RESPONDER_STATS);
17227 if (!hdr)
17228 goto nla_put_failure;
17229
17230 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17231 goto nla_put_failure;
17232
17233 ftm_stats_attr = nla_nest_start_noflag(msg,
17234 NL80211_ATTR_FTM_RESPONDER_STATS);
17235 if (!ftm_stats_attr)
17236 goto nla_put_failure;
17237
17238 #define SET_FTM(field, name, type) \
17239 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
17240 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
17241 ftm_stats.field)) \
17242 goto nla_put_failure; } while (0)
17243 #define SET_FTM_U64(field, name) \
17244 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
17245 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
17246 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
17247 goto nla_put_failure; } while (0)
17248
17249 SET_FTM(success_num, SUCCESS_NUM, u32);
17250 SET_FTM(partial_num, PARTIAL_NUM, u32);
17251 SET_FTM(failed_num, FAILED_NUM, u32);
17252 SET_FTM(asap_num, ASAP_NUM, u32);
17253 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
17254 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
17255 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
17256 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
17257 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
17258 #undef SET_FTM
17259
17260 nla_nest_end(msg, ftm_stats_attr);
17261
17262 genlmsg_end(msg, hdr);
17263 return genlmsg_reply(msg, info);
17264
17265 nla_put_failure:
17266 nlmsg_free(msg);
17267 return -ENOBUFS;
17268 }
17269
nl80211_update_owe_info(struct sk_buff * skb,struct genl_info * info)17270 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
17271 {
17272 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17273 struct cfg80211_update_owe_info owe_info;
17274 struct net_device *dev = info->user_ptr[1];
17275
17276 if (!rdev->ops->update_owe_info)
17277 return -EOPNOTSUPP;
17278
17279 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
17280 !info->attrs[NL80211_ATTR_MAC])
17281 return -EINVAL;
17282
17283 memset(&owe_info, 0, sizeof(owe_info));
17284 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
17285 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
17286
17287 if (info->attrs[NL80211_ATTR_IE]) {
17288 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
17289 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
17290 }
17291
17292 return rdev_update_owe_info(rdev, dev, &owe_info);
17293 }
17294
nl80211_probe_mesh_link(struct sk_buff * skb,struct genl_info * info)17295 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
17296 {
17297 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17298 struct net_device *dev = info->user_ptr[1];
17299 struct wireless_dev *wdev = dev->ieee80211_ptr;
17300 struct station_info sinfo = {};
17301 const u8 *buf;
17302 size_t len;
17303 u8 *dest;
17304 int err;
17305
17306 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
17307 return -EOPNOTSUPP;
17308
17309 if (!info->attrs[NL80211_ATTR_MAC] ||
17310 !info->attrs[NL80211_ATTR_FRAME]) {
17311 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
17312 return -EINVAL;
17313 }
17314
17315 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
17316 return -EOPNOTSUPP;
17317
17318 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
17319 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
17320 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
17321
17322 if (len < sizeof(struct ethhdr))
17323 return -EINVAL;
17324
17325 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
17326 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
17327 return -EINVAL;
17328
17329 err = rdev_get_station(rdev, dev, dest, &sinfo);
17330 if (err)
17331 return err;
17332
17333 cfg80211_sinfo_release_content(&sinfo);
17334
17335 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
17336 }
17337
parse_tid_conf(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct net_device * dev,struct cfg80211_tid_cfg * tid_conf,struct genl_info * info,const u8 * peer,unsigned int link_id)17338 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
17339 struct nlattr *attrs[], struct net_device *dev,
17340 struct cfg80211_tid_cfg *tid_conf,
17341 struct genl_info *info, const u8 *peer,
17342 unsigned int link_id)
17343 {
17344 struct netlink_ext_ack *extack = info->extack;
17345 u64 mask;
17346 int err;
17347
17348 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
17349 return -EINVAL;
17350
17351 tid_conf->config_override =
17352 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
17353 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
17354
17355 if (tid_conf->config_override) {
17356 if (rdev->ops->reset_tid_config) {
17357 err = rdev_reset_tid_config(rdev, dev, peer,
17358 tid_conf->tids);
17359 if (err)
17360 return err;
17361 } else {
17362 return -EINVAL;
17363 }
17364 }
17365
17366 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
17367 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
17368 tid_conf->noack =
17369 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
17370 }
17371
17372 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
17373 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
17374 tid_conf->retry_short =
17375 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
17376
17377 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
17378 return -EINVAL;
17379 }
17380
17381 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
17382 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
17383 tid_conf->retry_long =
17384 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
17385
17386 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
17387 return -EINVAL;
17388 }
17389
17390 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
17391 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
17392 tid_conf->ampdu =
17393 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
17394 }
17395
17396 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
17397 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
17398 tid_conf->rtscts =
17399 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
17400 }
17401
17402 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
17403 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
17404 tid_conf->amsdu =
17405 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
17406 }
17407
17408 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
17409 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
17410
17411 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
17412
17413 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
17414 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
17415 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
17416 &tid_conf->txrate_mask, dev,
17417 true, link_id);
17418 if (err)
17419 return err;
17420
17421 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
17422 }
17423 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
17424 }
17425
17426 if (peer)
17427 mask = rdev->wiphy.tid_config_support.peer;
17428 else
17429 mask = rdev->wiphy.tid_config_support.vif;
17430
17431 if (tid_conf->mask & ~mask) {
17432 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
17433 return -EOPNOTSUPP;
17434 }
17435
17436 return 0;
17437 }
17438
nl80211_set_tid_config(struct sk_buff * skb,struct genl_info * info)17439 static int nl80211_set_tid_config(struct sk_buff *skb,
17440 struct genl_info *info)
17441 {
17442 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17443 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
17444 unsigned int link_id = nl80211_link_id(info->attrs);
17445 struct net_device *dev = info->user_ptr[1];
17446 struct cfg80211_tid_config *tid_config;
17447 struct nlattr *tid;
17448 int conf_idx = 0, rem_conf;
17449 int ret = -EINVAL;
17450 u32 num_conf = 0;
17451
17452 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
17453 return -EINVAL;
17454
17455 if (!rdev->ops->set_tid_config)
17456 return -EOPNOTSUPP;
17457
17458 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
17459 rem_conf)
17460 num_conf++;
17461
17462 tid_config = kzalloc_flex(*tid_config, tid_conf, num_conf);
17463 if (!tid_config)
17464 return -ENOMEM;
17465
17466 tid_config->n_tid_conf = num_conf;
17467
17468 if (info->attrs[NL80211_ATTR_MAC])
17469 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
17470
17471 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
17472 rem_conf) {
17473 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
17474 tid, NULL, NULL);
17475
17476 if (ret)
17477 goto bad_tid_conf;
17478
17479 ret = parse_tid_conf(rdev, attrs, dev,
17480 &tid_config->tid_conf[conf_idx],
17481 info, tid_config->peer, link_id);
17482 if (ret)
17483 goto bad_tid_conf;
17484
17485 conf_idx++;
17486 }
17487
17488 ret = rdev_set_tid_config(rdev, dev, tid_config);
17489
17490 bad_tid_conf:
17491 kfree(tid_config);
17492 return ret;
17493 }
17494
nl80211_color_change(struct sk_buff * skb,struct genl_info * info)17495 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
17496 {
17497 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17498 struct cfg80211_color_change_settings params = {};
17499 struct net_device *dev = info->user_ptr[1];
17500 struct wireless_dev *wdev = dev->ieee80211_ptr;
17501 struct nlattr **tb;
17502 u16 offset;
17503 int err;
17504
17505 if (!rdev->ops->color_change)
17506 return -EOPNOTSUPP;
17507
17508 if (!wiphy_ext_feature_isset(&rdev->wiphy,
17509 NL80211_EXT_FEATURE_BSS_COLOR))
17510 return -EOPNOTSUPP;
17511
17512 if (wdev->iftype != NL80211_IFTYPE_AP)
17513 return -EOPNOTSUPP;
17514
17515 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
17516 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
17517 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
17518 return -EINVAL;
17519
17520 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
17521 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
17522
17523 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next,
17524 info->extack);
17525 if (err)
17526 return err;
17527
17528 tb = kzalloc_objs(*tb, NL80211_ATTR_MAX + 1);
17529 if (!tb)
17530 return -ENOMEM;
17531
17532 err = nla_parse_nested(tb, NL80211_ATTR_MAX,
17533 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
17534 nl80211_policy, info->extack);
17535 if (err)
17536 goto out;
17537
17538 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change,
17539 info->extack);
17540 if (err)
17541 goto out;
17542
17543 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
17544 err = -EINVAL;
17545 goto out;
17546 }
17547
17548 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
17549 err = -EINVAL;
17550 goto out;
17551 }
17552
17553 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
17554 if (offset >= params.beacon_color_change.tail_len) {
17555 err = -EINVAL;
17556 goto out;
17557 }
17558
17559 if (params.beacon_color_change.tail[offset] != params.count) {
17560 err = -EINVAL;
17561 goto out;
17562 }
17563
17564 params.counter_offset_beacon = offset;
17565
17566 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
17567 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
17568 sizeof(u16)) {
17569 err = -EINVAL;
17570 goto out;
17571 }
17572
17573 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
17574 if (offset >= params.beacon_color_change.probe_resp_len) {
17575 err = -EINVAL;
17576 goto out;
17577 }
17578
17579 if (params.beacon_color_change.probe_resp[offset] !=
17580 params.count) {
17581 err = -EINVAL;
17582 goto out;
17583 }
17584
17585 params.counter_offset_presp = offset;
17586 }
17587
17588 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
17589 err = nl80211_parse_unsol_bcast_probe_resp(
17590 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
17591 ¶ms.unsol_bcast_probe_resp);
17592 if (err)
17593 goto out;
17594 }
17595
17596 params.link_id = nl80211_link_id(info->attrs);
17597 err = rdev_color_change(rdev, dev, ¶ms);
17598
17599 out:
17600 kfree(params.beacon_next.mbssid_ies);
17601 kfree(params.beacon_color_change.mbssid_ies);
17602 kfree(params.beacon_next.rnr_ies);
17603 kfree(params.beacon_color_change.rnr_ies);
17604 kfree(tb);
17605 return err;
17606 }
17607
nl80211_set_fils_aad(struct sk_buff * skb,struct genl_info * info)17608 static int nl80211_set_fils_aad(struct sk_buff *skb,
17609 struct genl_info *info)
17610 {
17611 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17612 struct net_device *dev = info->user_ptr[1];
17613 struct cfg80211_fils_aad fils_aad = {};
17614 u8 *nonces;
17615
17616 if (!info->attrs[NL80211_ATTR_MAC] ||
17617 !info->attrs[NL80211_ATTR_FILS_KEK] ||
17618 !info->attrs[NL80211_ATTR_FILS_NONCES])
17619 return -EINVAL;
17620
17621 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17622 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
17623 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
17624 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
17625 fils_aad.snonce = nonces;
17626 fils_aad.anonce = nonces + FILS_NONCE_LEN;
17627
17628 return rdev_set_fils_aad(rdev, dev, &fils_aad);
17629 }
17630
nl80211_add_link(struct sk_buff * skb,struct genl_info * info)17631 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
17632 {
17633 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17634 unsigned int link_id = nl80211_link_id(info->attrs);
17635 struct net_device *dev = info->user_ptr[1];
17636 struct wireless_dev *wdev = dev->ieee80211_ptr;
17637 int ret;
17638
17639 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
17640 return -EINVAL;
17641
17642 switch (wdev->iftype) {
17643 case NL80211_IFTYPE_AP:
17644 break;
17645 default:
17646 return -EINVAL;
17647 }
17648
17649 if (!info->attrs[NL80211_ATTR_MAC] ||
17650 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
17651 return -EINVAL;
17652
17653 wdev->valid_links |= BIT(link_id);
17654 ether_addr_copy(wdev->links[link_id].addr,
17655 nla_data(info->attrs[NL80211_ATTR_MAC]));
17656
17657 ret = rdev_add_intf_link(rdev, wdev, link_id);
17658 if (ret) {
17659 wdev->valid_links &= ~BIT(link_id);
17660 eth_zero_addr(wdev->links[link_id].addr);
17661 }
17662
17663 return ret;
17664 }
17665
nl80211_remove_link(struct sk_buff * skb,struct genl_info * info)17666 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
17667 {
17668 unsigned int link_id = nl80211_link_id(info->attrs);
17669 struct net_device *dev = info->user_ptr[1];
17670 struct wireless_dev *wdev = dev->ieee80211_ptr;
17671
17672 /* cannot remove if there's no link */
17673 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
17674 return -EINVAL;
17675
17676 switch (wdev->iftype) {
17677 case NL80211_IFTYPE_AP:
17678 break;
17679 default:
17680 return -EINVAL;
17681 }
17682
17683 cfg80211_remove_link(wdev, link_id);
17684
17685 return 0;
17686 }
17687
17688 static int
nl80211_add_mod_link_station(struct sk_buff * skb,struct genl_info * info,bool add)17689 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
17690 bool add)
17691 {
17692 struct link_station_parameters params = {};
17693 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17694 struct net_device *dev = info->user_ptr[1];
17695 int err;
17696
17697 if ((add && !rdev->ops->add_link_station) ||
17698 (!add && !rdev->ops->mod_link_station))
17699 return -EOPNOTSUPP;
17700
17701 if (add && !info->attrs[NL80211_ATTR_MAC])
17702 return -EINVAL;
17703
17704 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
17705 return -EINVAL;
17706
17707 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
17708 return -EINVAL;
17709
17710 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
17711
17712 if (info->attrs[NL80211_ATTR_MAC]) {
17713 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
17714 if (!is_valid_ether_addr(params.link_mac))
17715 return -EINVAL;
17716 }
17717
17718 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
17719 return -EINVAL;
17720
17721 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
17722
17723 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
17724 params.supported_rates =
17725 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
17726 params.supported_rates_len =
17727 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
17728 }
17729
17730 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
17731 params.ht_capa =
17732 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
17733
17734 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
17735 params.vht_capa =
17736 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
17737
17738 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
17739 params.he_capa =
17740 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
17741 params.he_capa_len =
17742 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
17743
17744 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
17745 params.eht_capa =
17746 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
17747 params.eht_capa_len =
17748 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
17749
17750 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
17751 (const u8 *)params.eht_capa,
17752 params.eht_capa_len,
17753 false))
17754 return -EINVAL;
17755 }
17756 }
17757
17758 if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
17759 if (!params.eht_capa)
17760 return -EINVAL;
17761
17762 params.uhr_capa =
17763 nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
17764 params.uhr_capa_len =
17765 nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
17766 }
17767
17768 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
17769 params.he_6ghz_capa =
17770 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
17771
17772 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
17773 params.opmode_notif_used = true;
17774 params.opmode_notif =
17775 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
17776 }
17777
17778 err = nl80211_parse_sta_txpower_setting(info, ¶ms.txpwr,
17779 ¶ms.txpwr_set);
17780 if (err)
17781 return err;
17782
17783 if (add)
17784 return rdev_add_link_station(rdev, dev, ¶ms);
17785
17786 return rdev_mod_link_station(rdev, dev, ¶ms);
17787 }
17788
17789 static int
nl80211_add_link_station(struct sk_buff * skb,struct genl_info * info)17790 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
17791 {
17792 return nl80211_add_mod_link_station(skb, info, true);
17793 }
17794
17795 static int
nl80211_modify_link_station(struct sk_buff * skb,struct genl_info * info)17796 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
17797 {
17798 return nl80211_add_mod_link_station(skb, info, false);
17799 }
17800
17801 static int
nl80211_remove_link_station(struct sk_buff * skb,struct genl_info * info)17802 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
17803 {
17804 struct link_station_del_parameters params = {};
17805 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17806 struct net_device *dev = info->user_ptr[1];
17807
17808 if (!rdev->ops->del_link_station)
17809 return -EOPNOTSUPP;
17810
17811 if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
17812 !info->attrs[NL80211_ATTR_MLO_LINK_ID])
17813 return -EINVAL;
17814
17815 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
17816 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
17817
17818 return rdev_del_link_station(rdev, dev, ¶ms);
17819 }
17820
nl80211_set_hw_timestamp(struct sk_buff * skb,struct genl_info * info)17821 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
17822 struct genl_info *info)
17823 {
17824 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17825 struct net_device *dev = info->user_ptr[1];
17826 struct cfg80211_set_hw_timestamp hwts = {};
17827
17828 if (!rdev->wiphy.hw_timestamp_max_peers)
17829 return -EOPNOTSUPP;
17830
17831 if (!info->attrs[NL80211_ATTR_MAC] &&
17832 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
17833 return -EOPNOTSUPP;
17834
17835 if (info->attrs[NL80211_ATTR_MAC])
17836 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17837
17838 hwts.enable =
17839 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
17840
17841 return rdev_set_hw_timestamp(rdev, dev, &hwts);
17842 }
17843
17844 static int
nl80211_set_ttlm(struct sk_buff * skb,struct genl_info * info)17845 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
17846 {
17847 struct cfg80211_ttlm_params params = {};
17848 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17849 struct net_device *dev = info->user_ptr[1];
17850 struct wireless_dev *wdev = dev->ieee80211_ptr;
17851
17852 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17853 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17854 return -EOPNOTSUPP;
17855
17856 if (!wdev->connected)
17857 return -ENOLINK;
17858
17859 if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
17860 !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
17861 return -EINVAL;
17862
17863 nla_memcpy(params.dlink,
17864 info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
17865 sizeof(params.dlink));
17866 nla_memcpy(params.ulink,
17867 info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
17868 sizeof(params.ulink));
17869
17870 return rdev_set_ttlm(rdev, dev, ¶ms);
17871 }
17872
nl80211_assoc_ml_reconf(struct sk_buff * skb,struct genl_info * info)17873 static int nl80211_assoc_ml_reconf(struct sk_buff *skb, struct genl_info *info)
17874 {
17875 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17876 struct net_device *dev = info->user_ptr[1];
17877 struct wireless_dev *wdev = dev->ieee80211_ptr;
17878 struct cfg80211_ml_reconf_req req = {};
17879 unsigned int link_id;
17880 u16 add_links;
17881 int err;
17882
17883 if (!wdev->valid_links)
17884 return -EINVAL;
17885
17886 if (dev->ieee80211_ptr->conn_owner_nlportid &&
17887 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
17888 return -EPERM;
17889
17890 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
17891 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
17892 return -EOPNOTSUPP;
17893
17894 add_links = 0;
17895 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
17896 err = nl80211_process_links(rdev, req.add_links,
17897 /* mark as MLO, but not assoc */
17898 IEEE80211_MLD_MAX_NUM_LINKS,
17899 NULL, 0, info);
17900 if (err)
17901 return err;
17902
17903 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
17904 link_id++) {
17905 if (!req.add_links[link_id].bss)
17906 continue;
17907 add_links |= BIT(link_id);
17908 }
17909 }
17910
17911 if (info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS])
17912 req.rem_links =
17913 nla_get_u16(info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS]);
17914
17915 /* Validate that existing links are not added, removed links are valid
17916 * and don't allow adding and removing the same links
17917 */
17918 if ((add_links & req.rem_links) || !(add_links | req.rem_links) ||
17919 (wdev->valid_links & add_links) ||
17920 ((wdev->valid_links & req.rem_links) != req.rem_links)) {
17921 err = -EINVAL;
17922 goto out;
17923 }
17924
17925 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
17926 req.ext_mld_capa_ops =
17927 nla_get_u16(info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS]);
17928
17929 err = cfg80211_assoc_ml_reconf(rdev, dev, &req);
17930
17931 out:
17932 for (link_id = 0; link_id < ARRAY_SIZE(req.add_links); link_id++)
17933 cfg80211_put_bss(&rdev->wiphy, req.add_links[link_id].bss);
17934
17935 return err;
17936 }
17937
17938 static int
nl80211_epcs_cfg(struct sk_buff * skb,struct genl_info * info)17939 nl80211_epcs_cfg(struct sk_buff *skb, struct genl_info *info)
17940 {
17941 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17942 struct net_device *dev = info->user_ptr[1];
17943 struct wireless_dev *wdev = dev->ieee80211_ptr;
17944 bool val;
17945
17946 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17947 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17948 return -EOPNOTSUPP;
17949
17950 if (!wdev->connected)
17951 return -ENOLINK;
17952
17953 val = nla_get_flag(info->attrs[NL80211_ATTR_EPCS]);
17954
17955 return rdev_set_epcs(rdev, dev, val);
17956 }
17957
17958 #define NL80211_FLAG_NEED_WIPHY 0x01
17959 #define NL80211_FLAG_NEED_NETDEV 0x02
17960 #define NL80211_FLAG_NEED_RTNL 0x04
17961 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
17962 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
17963 NL80211_FLAG_CHECK_NETDEV_UP)
17964 #define NL80211_FLAG_NEED_WDEV 0x10
17965 /* If a netdev is associated, it must be UP, P2P must be started */
17966 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
17967 NL80211_FLAG_CHECK_NETDEV_UP)
17968 #define NL80211_FLAG_CLEAR_SKB 0x20
17969 #define NL80211_FLAG_NO_WIPHY_MTX 0x40
17970 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80
17971 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100
17972
17973 #define INTERNAL_FLAG_SELECTORS(__sel) \
17974 SELECTOR(__sel, NONE, 0) /* must be first */ \
17975 SELECTOR(__sel, WIPHY, \
17976 NL80211_FLAG_NEED_WIPHY) \
17977 SELECTOR(__sel, WDEV, \
17978 NL80211_FLAG_NEED_WDEV) \
17979 SELECTOR(__sel, NETDEV, \
17980 NL80211_FLAG_NEED_NETDEV) \
17981 SELECTOR(__sel, NETDEV_LINK, \
17982 NL80211_FLAG_NEED_NETDEV | \
17983 NL80211_FLAG_MLO_VALID_LINK_ID) \
17984 SELECTOR(__sel, NETDEV_NO_MLO, \
17985 NL80211_FLAG_NEED_NETDEV | \
17986 NL80211_FLAG_MLO_UNSUPPORTED) \
17987 SELECTOR(__sel, WIPHY_RTNL, \
17988 NL80211_FLAG_NEED_WIPHY | \
17989 NL80211_FLAG_NEED_RTNL) \
17990 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \
17991 NL80211_FLAG_NEED_WIPHY | \
17992 NL80211_FLAG_NEED_RTNL | \
17993 NL80211_FLAG_NO_WIPHY_MTX) \
17994 SELECTOR(__sel, WDEV_RTNL, \
17995 NL80211_FLAG_NEED_WDEV | \
17996 NL80211_FLAG_NEED_RTNL) \
17997 SELECTOR(__sel, NETDEV_RTNL, \
17998 NL80211_FLAG_NEED_NETDEV | \
17999 NL80211_FLAG_NEED_RTNL) \
18000 SELECTOR(__sel, NETDEV_UP, \
18001 NL80211_FLAG_NEED_NETDEV_UP) \
18002 SELECTOR(__sel, NETDEV_UP_LINK, \
18003 NL80211_FLAG_NEED_NETDEV_UP | \
18004 NL80211_FLAG_MLO_VALID_LINK_ID) \
18005 SELECTOR(__sel, NETDEV_UP_NO_MLO, \
18006 NL80211_FLAG_NEED_NETDEV_UP | \
18007 NL80211_FLAG_MLO_UNSUPPORTED) \
18008 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \
18009 NL80211_FLAG_NEED_NETDEV_UP | \
18010 NL80211_FLAG_CLEAR_SKB | \
18011 NL80211_FLAG_MLO_UNSUPPORTED) \
18012 SELECTOR(__sel, NETDEV_UP_NOTMX, \
18013 NL80211_FLAG_NEED_NETDEV_UP | \
18014 NL80211_FLAG_NO_WIPHY_MTX) \
18015 SELECTOR(__sel, NETDEV_UP_NOTMX_MLO, \
18016 NL80211_FLAG_NEED_NETDEV_UP | \
18017 NL80211_FLAG_NO_WIPHY_MTX | \
18018 NL80211_FLAG_MLO_VALID_LINK_ID) \
18019 SELECTOR(__sel, NETDEV_UP_CLEAR, \
18020 NL80211_FLAG_NEED_NETDEV_UP | \
18021 NL80211_FLAG_CLEAR_SKB) \
18022 SELECTOR(__sel, WDEV_UP, \
18023 NL80211_FLAG_NEED_WDEV_UP) \
18024 SELECTOR(__sel, WDEV_UP_LINK, \
18025 NL80211_FLAG_NEED_WDEV_UP | \
18026 NL80211_FLAG_MLO_VALID_LINK_ID) \
18027 SELECTOR(__sel, WDEV_UP_RTNL, \
18028 NL80211_FLAG_NEED_WDEV_UP | \
18029 NL80211_FLAG_NEED_RTNL) \
18030 SELECTOR(__sel, WIPHY_CLEAR, \
18031 NL80211_FLAG_NEED_WIPHY | \
18032 NL80211_FLAG_CLEAR_SKB)
18033
18034 enum nl80211_internal_flags_selector {
18035 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name,
18036 INTERNAL_FLAG_SELECTORS(_)
18037 #undef SELECTOR
18038 };
18039
18040 static u32 nl80211_internal_flags[] = {
18041 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value,
18042 INTERNAL_FLAG_SELECTORS(_)
18043 #undef SELECTOR
18044 };
18045
nl80211_pre_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)18046 static int nl80211_pre_doit(const struct genl_split_ops *ops,
18047 struct sk_buff *skb,
18048 struct genl_info *info)
18049 {
18050 struct cfg80211_registered_device *rdev = NULL;
18051 struct wireless_dev *wdev = NULL;
18052 struct net_device *dev = NULL;
18053 u32 internal_flags;
18054 int err;
18055
18056 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
18057 return -EINVAL;
18058
18059 internal_flags = nl80211_internal_flags[ops->internal_flags];
18060
18061 rtnl_lock();
18062 if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
18063 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
18064 if (IS_ERR(rdev)) {
18065 err = PTR_ERR(rdev);
18066 goto out_unlock;
18067 }
18068 info->user_ptr[0] = rdev;
18069 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
18070 internal_flags & NL80211_FLAG_NEED_WDEV) {
18071 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
18072 info->attrs);
18073 if (IS_ERR(wdev)) {
18074 err = PTR_ERR(wdev);
18075 goto out_unlock;
18076 }
18077
18078 dev = wdev->netdev;
18079 dev_hold(dev);
18080 rdev = wiphy_to_rdev(wdev->wiphy);
18081
18082 if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
18083 if (!dev) {
18084 err = -EINVAL;
18085 goto out_unlock;
18086 }
18087
18088 info->user_ptr[1] = dev;
18089 } else {
18090 info->user_ptr[1] = wdev;
18091 }
18092
18093 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
18094 !wdev_running(wdev)) {
18095 err = -ENETDOWN;
18096 goto out_unlock;
18097 }
18098
18099 info->user_ptr[0] = rdev;
18100 }
18101
18102 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
18103 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
18104
18105 if (!wdev) {
18106 err = -EINVAL;
18107 goto out_unlock;
18108 }
18109
18110 /* MLO -> require valid link ID */
18111 if (wdev->valid_links &&
18112 (!link_id ||
18113 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
18114 err = -EINVAL;
18115 goto out_unlock;
18116 }
18117
18118 /* non-MLO -> no link ID attribute accepted */
18119 if (!wdev->valid_links && link_id) {
18120 err = -EINVAL;
18121 goto out_unlock;
18122 }
18123 }
18124
18125 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
18126 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
18127 (wdev && wdev->valid_links)) {
18128 err = -EINVAL;
18129 goto out_unlock;
18130 }
18131 }
18132
18133 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
18134 wiphy_lock(&rdev->wiphy);
18135 /* we keep the mutex locked until post_doit */
18136 __release(&rdev->wiphy.mtx);
18137 }
18138 if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
18139 rtnl_unlock();
18140
18141 return 0;
18142 out_unlock:
18143 rtnl_unlock();
18144 dev_put(dev);
18145 return err;
18146 }
18147
nl80211_post_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)18148 static void nl80211_post_doit(const struct genl_split_ops *ops,
18149 struct sk_buff *skb,
18150 struct genl_info *info)
18151 {
18152 u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
18153
18154 if (info->user_ptr[1]) {
18155 if (internal_flags & NL80211_FLAG_NEED_WDEV) {
18156 struct wireless_dev *wdev = info->user_ptr[1];
18157
18158 dev_put(wdev->netdev);
18159 } else {
18160 dev_put(info->user_ptr[1]);
18161 }
18162 }
18163
18164 if (info->user_ptr[0] &&
18165 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
18166 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18167
18168 /* we kept the mutex locked since pre_doit */
18169 __acquire(&rdev->wiphy.mtx);
18170 wiphy_unlock(&rdev->wiphy);
18171 }
18172
18173 if (internal_flags & NL80211_FLAG_NEED_RTNL)
18174 rtnl_unlock();
18175
18176 /* If needed, clear the netlink message payload from the SKB
18177 * as it might contain key data that shouldn't stick around on
18178 * the heap after the SKB is freed. The netlink message header
18179 * is still needed for further processing, so leave it intact.
18180 */
18181 if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
18182 struct nlmsghdr *nlh = nlmsg_hdr(skb);
18183
18184 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
18185 }
18186 }
18187
nl80211_set_sar_sub_specs(struct cfg80211_registered_device * rdev,struct cfg80211_sar_specs * sar_specs,struct nlattr * spec[],int index)18188 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
18189 struct cfg80211_sar_specs *sar_specs,
18190 struct nlattr *spec[], int index)
18191 {
18192 u32 range_index, i;
18193
18194 if (!sar_specs || !spec)
18195 return -EINVAL;
18196
18197 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
18198 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
18199 return -EINVAL;
18200
18201 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
18202
18203 /* check if range_index exceeds num_freq_ranges */
18204 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
18205 return -EINVAL;
18206
18207 /* check if range_index duplicates */
18208 for (i = 0; i < index; i++) {
18209 if (sar_specs->sub_specs[i].freq_range_index == range_index)
18210 return -EINVAL;
18211 }
18212
18213 sar_specs->sub_specs[index].power =
18214 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
18215
18216 sar_specs->sub_specs[index].freq_range_index = range_index;
18217
18218 return 0;
18219 }
18220
nl80211_set_sar_specs(struct sk_buff * skb,struct genl_info * info)18221 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
18222 {
18223 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18224 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
18225 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
18226 struct cfg80211_sar_specs *sar_spec;
18227 enum nl80211_sar_type type;
18228 struct nlattr *spec_list;
18229 u32 specs;
18230 int rem, err;
18231
18232 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
18233 return -EOPNOTSUPP;
18234
18235 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
18236 return -EINVAL;
18237
18238 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
18239 info->attrs[NL80211_ATTR_SAR_SPEC],
18240 NULL, NULL);
18241
18242 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
18243 return -EINVAL;
18244
18245 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
18246 if (type != rdev->wiphy.sar_capa->type)
18247 return -EINVAL;
18248
18249 specs = 0;
18250 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
18251 specs++;
18252
18253 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
18254 return -EINVAL;
18255
18256 sar_spec = kzalloc_flex(*sar_spec, sub_specs, specs);
18257 if (!sar_spec)
18258 return -ENOMEM;
18259
18260 sar_spec->num_sub_specs = specs;
18261 sar_spec->type = type;
18262 specs = 0;
18263 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
18264 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
18265 spec_list, NULL, NULL);
18266
18267 switch (type) {
18268 case NL80211_SAR_TYPE_POWER:
18269 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
18270 spec, specs)) {
18271 err = -EINVAL;
18272 goto error;
18273 }
18274 break;
18275 default:
18276 err = -EINVAL;
18277 goto error;
18278 }
18279 specs++;
18280 }
18281
18282 sar_spec->num_sub_specs = specs;
18283
18284 rdev->cur_cmd_info = info;
18285 err = rdev_set_sar_specs(rdev, sar_spec);
18286 rdev->cur_cmd_info = NULL;
18287 error:
18288 kfree(sar_spec);
18289 return err;
18290 }
18291
18292 #define SELECTOR(__sel, name, value) \
18293 ((__sel) == (value)) ? NL80211_IFL_SEL_##name :
18294 int __missing_selector(void);
18295 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
18296
18297 static const struct genl_ops nl80211_ops[] = {
18298 {
18299 .cmd = NL80211_CMD_GET_WIPHY,
18300 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18301 .doit = nl80211_get_wiphy,
18302 .dumpit = nl80211_dump_wiphy,
18303 .done = nl80211_dump_wiphy_done,
18304 /* can be retrieved by unprivileged users */
18305 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18306 },
18307 };
18308
18309 static const struct genl_small_ops nl80211_small_ops[] = {
18310 {
18311 .cmd = NL80211_CMD_SET_WIPHY,
18312 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18313 .doit = nl80211_set_wiphy,
18314 .flags = GENL_UNS_ADMIN_PERM,
18315 },
18316 {
18317 .cmd = NL80211_CMD_GET_INTERFACE,
18318 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18319 .doit = nl80211_get_interface,
18320 .dumpit = nl80211_dump_interface,
18321 /* can be retrieved by unprivileged users */
18322 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
18323 },
18324 {
18325 .cmd = NL80211_CMD_SET_INTERFACE,
18326 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18327 .doit = nl80211_set_interface,
18328 .flags = GENL_UNS_ADMIN_PERM,
18329 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18330 NL80211_FLAG_NEED_RTNL),
18331 },
18332 {
18333 .cmd = NL80211_CMD_NEW_INTERFACE,
18334 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18335 .doit = nl80211_new_interface,
18336 .flags = GENL_UNS_ADMIN_PERM,
18337 .internal_flags =
18338 IFLAGS(NL80211_FLAG_NEED_WIPHY |
18339 NL80211_FLAG_NEED_RTNL |
18340 /* we take the wiphy mutex later ourselves */
18341 NL80211_FLAG_NO_WIPHY_MTX),
18342 },
18343 {
18344 .cmd = NL80211_CMD_DEL_INTERFACE,
18345 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18346 .doit = nl80211_del_interface,
18347 .flags = GENL_UNS_ADMIN_PERM,
18348 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
18349 NL80211_FLAG_NEED_RTNL),
18350 },
18351 {
18352 .cmd = NL80211_CMD_GET_KEY,
18353 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18354 .doit = nl80211_get_key,
18355 .flags = GENL_UNS_ADMIN_PERM,
18356 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18357 },
18358 {
18359 .cmd = NL80211_CMD_SET_KEY,
18360 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18361 .doit = nl80211_set_key,
18362 .flags = GENL_UNS_ADMIN_PERM,
18363 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
18364 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18365 NL80211_FLAG_CLEAR_SKB),
18366 },
18367 {
18368 .cmd = NL80211_CMD_NEW_KEY,
18369 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18370 .doit = nl80211_new_key,
18371 .flags = GENL_UNS_ADMIN_PERM,
18372 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18373 NL80211_FLAG_CLEAR_SKB),
18374 },
18375 {
18376 .cmd = NL80211_CMD_DEL_KEY,
18377 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18378 .doit = nl80211_del_key,
18379 .flags = GENL_UNS_ADMIN_PERM,
18380 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18381 },
18382 {
18383 .cmd = NL80211_CMD_SET_BEACON,
18384 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18385 .flags = GENL_UNS_ADMIN_PERM,
18386 .doit = nl80211_set_beacon,
18387 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18388 NL80211_FLAG_MLO_VALID_LINK_ID),
18389 },
18390 {
18391 .cmd = NL80211_CMD_START_AP,
18392 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18393 .flags = GENL_UNS_ADMIN_PERM,
18394 .doit = nl80211_start_ap,
18395 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18396 NL80211_FLAG_MLO_VALID_LINK_ID),
18397 },
18398 {
18399 .cmd = NL80211_CMD_STOP_AP,
18400 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18401 .flags = GENL_UNS_ADMIN_PERM,
18402 .doit = nl80211_stop_ap,
18403 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18404 NL80211_FLAG_MLO_VALID_LINK_ID),
18405 },
18406 {
18407 .cmd = NL80211_CMD_GET_STATION,
18408 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18409 .doit = nl80211_get_station,
18410 .dumpit = nl80211_dump_station,
18411 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18412 },
18413 {
18414 .cmd = NL80211_CMD_SET_STATION,
18415 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18416 .doit = nl80211_set_station,
18417 .flags = GENL_UNS_ADMIN_PERM,
18418 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18419 },
18420 {
18421 .cmd = NL80211_CMD_NEW_STATION,
18422 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18423 .doit = nl80211_new_station,
18424 .flags = GENL_UNS_ADMIN_PERM,
18425 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18426 },
18427 {
18428 .cmd = NL80211_CMD_DEL_STATION,
18429 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18430 .doit = nl80211_del_station,
18431 .flags = GENL_UNS_ADMIN_PERM,
18432 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
18433 * whether MAC address is passed or not. If MAC address is
18434 * passed, then even during MLO, link ID is not required.
18435 */
18436 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18437 },
18438 {
18439 .cmd = NL80211_CMD_GET_MPATH,
18440 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18441 .doit = nl80211_get_mpath,
18442 .dumpit = nl80211_dump_mpath,
18443 .flags = GENL_UNS_ADMIN_PERM,
18444 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18445 },
18446 {
18447 .cmd = NL80211_CMD_GET_MPP,
18448 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18449 .doit = nl80211_get_mpp,
18450 .dumpit = nl80211_dump_mpp,
18451 .flags = GENL_UNS_ADMIN_PERM,
18452 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18453 },
18454 {
18455 .cmd = NL80211_CMD_SET_MPATH,
18456 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18457 .doit = nl80211_set_mpath,
18458 .flags = GENL_UNS_ADMIN_PERM,
18459 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18460 },
18461 {
18462 .cmd = NL80211_CMD_NEW_MPATH,
18463 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18464 .doit = nl80211_new_mpath,
18465 .flags = GENL_UNS_ADMIN_PERM,
18466 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18467 },
18468 {
18469 .cmd = NL80211_CMD_DEL_MPATH,
18470 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18471 .doit = nl80211_del_mpath,
18472 .flags = GENL_UNS_ADMIN_PERM,
18473 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18474 },
18475 {
18476 .cmd = NL80211_CMD_SET_BSS,
18477 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18478 .doit = nl80211_set_bss,
18479 .flags = GENL_UNS_ADMIN_PERM,
18480 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18481 NL80211_FLAG_MLO_VALID_LINK_ID),
18482 },
18483 {
18484 .cmd = NL80211_CMD_GET_REG,
18485 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18486 .doit = nl80211_get_reg_do,
18487 .dumpit = nl80211_get_reg_dump,
18488 /* can be retrieved by unprivileged users */
18489 },
18490 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
18491 {
18492 .cmd = NL80211_CMD_SET_REG,
18493 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18494 .doit = nl80211_set_reg,
18495 .flags = GENL_ADMIN_PERM,
18496 },
18497 #endif
18498 {
18499 .cmd = NL80211_CMD_REQ_SET_REG,
18500 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18501 .doit = nl80211_req_set_reg,
18502 .flags = GENL_ADMIN_PERM,
18503 },
18504 {
18505 .cmd = NL80211_CMD_RELOAD_REGDB,
18506 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18507 .doit = nl80211_reload_regdb,
18508 .flags = GENL_ADMIN_PERM,
18509 },
18510 {
18511 .cmd = NL80211_CMD_GET_MESH_CONFIG,
18512 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18513 .doit = nl80211_get_mesh_config,
18514 /* can be retrieved by unprivileged users */
18515 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18516 },
18517 {
18518 .cmd = NL80211_CMD_SET_MESH_CONFIG,
18519 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18520 .doit = nl80211_update_mesh_config,
18521 .flags = GENL_UNS_ADMIN_PERM,
18522 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18523 },
18524 {
18525 .cmd = NL80211_CMD_TRIGGER_SCAN,
18526 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18527 .doit = nl80211_trigger_scan,
18528 .flags = GENL_UNS_ADMIN_PERM,
18529 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18530 },
18531 {
18532 .cmd = NL80211_CMD_ABORT_SCAN,
18533 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18534 .doit = nl80211_abort_scan,
18535 .flags = GENL_UNS_ADMIN_PERM,
18536 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18537 },
18538 {
18539 .cmd = NL80211_CMD_GET_SCAN,
18540 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18541 .dumpit = nl80211_dump_scan,
18542 },
18543 {
18544 .cmd = NL80211_CMD_START_SCHED_SCAN,
18545 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18546 .doit = nl80211_start_sched_scan,
18547 .flags = GENL_UNS_ADMIN_PERM,
18548 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18549 },
18550 {
18551 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
18552 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18553 .doit = nl80211_stop_sched_scan,
18554 .flags = GENL_UNS_ADMIN_PERM,
18555 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18556 },
18557 {
18558 .cmd = NL80211_CMD_AUTHENTICATE,
18559 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18560 .doit = nl80211_authenticate,
18561 .flags = GENL_UNS_ADMIN_PERM,
18562 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18563 NL80211_FLAG_CLEAR_SKB),
18564 },
18565 {
18566 .cmd = NL80211_CMD_ASSOCIATE,
18567 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18568 .doit = nl80211_associate,
18569 .flags = GENL_UNS_ADMIN_PERM,
18570 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18571 NL80211_FLAG_CLEAR_SKB),
18572 },
18573 {
18574 .cmd = NL80211_CMD_DEAUTHENTICATE,
18575 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18576 .doit = nl80211_deauthenticate,
18577 .flags = GENL_UNS_ADMIN_PERM,
18578 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18579 },
18580 {
18581 .cmd = NL80211_CMD_DISASSOCIATE,
18582 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18583 .doit = nl80211_disassociate,
18584 .flags = GENL_UNS_ADMIN_PERM,
18585 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18586 },
18587 {
18588 .cmd = NL80211_CMD_JOIN_IBSS,
18589 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18590 .doit = nl80211_join_ibss,
18591 .flags = GENL_UNS_ADMIN_PERM,
18592 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18593 },
18594 {
18595 .cmd = NL80211_CMD_LEAVE_IBSS,
18596 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18597 .doit = nl80211_leave_ibss,
18598 .flags = GENL_UNS_ADMIN_PERM,
18599 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18600 },
18601 #ifdef CONFIG_NL80211_TESTMODE
18602 {
18603 .cmd = NL80211_CMD_TESTMODE,
18604 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18605 .doit = nl80211_testmode_do,
18606 .dumpit = nl80211_testmode_dump,
18607 .flags = GENL_UNS_ADMIN_PERM,
18608 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18609 },
18610 #endif
18611 {
18612 .cmd = NL80211_CMD_CONNECT,
18613 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18614 .doit = nl80211_connect,
18615 .flags = GENL_UNS_ADMIN_PERM,
18616 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18617 NL80211_FLAG_CLEAR_SKB),
18618 },
18619 {
18620 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
18621 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18622 .doit = nl80211_update_connect_params,
18623 .flags = GENL_ADMIN_PERM,
18624 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18625 NL80211_FLAG_CLEAR_SKB),
18626 },
18627 {
18628 .cmd = NL80211_CMD_DISCONNECT,
18629 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18630 .doit = nl80211_disconnect,
18631 .flags = GENL_UNS_ADMIN_PERM,
18632 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18633 },
18634 {
18635 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
18636 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18637 .doit = nl80211_wiphy_netns,
18638 .flags = GENL_UNS_ADMIN_PERM,
18639 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
18640 NL80211_FLAG_NEED_RTNL |
18641 NL80211_FLAG_NO_WIPHY_MTX),
18642 },
18643 {
18644 .cmd = NL80211_CMD_GET_SURVEY,
18645 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18646 .dumpit = nl80211_dump_survey,
18647 },
18648 {
18649 .cmd = NL80211_CMD_SET_PMKSA,
18650 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18651 .doit = nl80211_set_pmksa,
18652 .flags = GENL_UNS_ADMIN_PERM,
18653 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18654 NL80211_FLAG_CLEAR_SKB),
18655 },
18656 {
18657 .cmd = NL80211_CMD_DEL_PMKSA,
18658 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18659 .doit = nl80211_del_pmksa,
18660 .flags = GENL_UNS_ADMIN_PERM,
18661 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18662 },
18663 {
18664 .cmd = NL80211_CMD_FLUSH_PMKSA,
18665 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18666 .doit = nl80211_flush_pmksa,
18667 .flags = GENL_UNS_ADMIN_PERM,
18668 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18669 },
18670 {
18671 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
18672 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18673 .doit = nl80211_remain_on_channel,
18674 .flags = GENL_UNS_ADMIN_PERM,
18675 /* FIXME: requiring a link ID here is probably not good */
18676 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
18677 NL80211_FLAG_MLO_VALID_LINK_ID),
18678 },
18679 {
18680 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
18681 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18682 .doit = nl80211_cancel_remain_on_channel,
18683 .flags = GENL_UNS_ADMIN_PERM,
18684 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18685 },
18686 {
18687 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
18688 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18689 .doit = nl80211_set_tx_bitrate_mask,
18690 .flags = GENL_UNS_ADMIN_PERM,
18691 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18692 NL80211_FLAG_MLO_VALID_LINK_ID),
18693 },
18694 {
18695 .cmd = NL80211_CMD_REGISTER_FRAME,
18696 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18697 .doit = nl80211_register_mgmt,
18698 .flags = GENL_UNS_ADMIN_PERM,
18699 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
18700 },
18701 {
18702 .cmd = NL80211_CMD_FRAME,
18703 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18704 .doit = nl80211_tx_mgmt,
18705 .flags = GENL_UNS_ADMIN_PERM,
18706 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18707 },
18708 {
18709 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
18710 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18711 .doit = nl80211_tx_mgmt_cancel_wait,
18712 .flags = GENL_UNS_ADMIN_PERM,
18713 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18714 },
18715 {
18716 .cmd = NL80211_CMD_SET_POWER_SAVE,
18717 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18718 .doit = nl80211_set_power_save,
18719 .flags = GENL_UNS_ADMIN_PERM,
18720 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18721 },
18722 {
18723 .cmd = NL80211_CMD_GET_POWER_SAVE,
18724 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18725 .doit = nl80211_get_power_save,
18726 /* can be retrieved by unprivileged users */
18727 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18728 },
18729 {
18730 .cmd = NL80211_CMD_SET_CQM,
18731 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18732 .doit = nl80211_set_cqm,
18733 .flags = GENL_UNS_ADMIN_PERM,
18734 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18735 },
18736 {
18737 .cmd = NL80211_CMD_SET_CHANNEL,
18738 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18739 .doit = nl80211_set_channel,
18740 .flags = GENL_UNS_ADMIN_PERM,
18741 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18742 NL80211_FLAG_MLO_VALID_LINK_ID),
18743 },
18744 {
18745 .cmd = NL80211_CMD_JOIN_MESH,
18746 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18747 .doit = nl80211_join_mesh,
18748 .flags = GENL_UNS_ADMIN_PERM,
18749 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18750 },
18751 {
18752 .cmd = NL80211_CMD_LEAVE_MESH,
18753 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18754 .doit = nl80211_leave_mesh,
18755 .flags = GENL_UNS_ADMIN_PERM,
18756 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18757 },
18758 {
18759 .cmd = NL80211_CMD_JOIN_OCB,
18760 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18761 .doit = nl80211_join_ocb,
18762 .flags = GENL_UNS_ADMIN_PERM,
18763 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18764 },
18765 {
18766 .cmd = NL80211_CMD_LEAVE_OCB,
18767 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18768 .doit = nl80211_leave_ocb,
18769 .flags = GENL_UNS_ADMIN_PERM,
18770 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18771 },
18772 #ifdef CONFIG_PM
18773 {
18774 .cmd = NL80211_CMD_GET_WOWLAN,
18775 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18776 .doit = nl80211_get_wowlan,
18777 /* can be retrieved by unprivileged users */
18778 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18779 },
18780 {
18781 .cmd = NL80211_CMD_SET_WOWLAN,
18782 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18783 .doit = nl80211_set_wowlan,
18784 .flags = GENL_UNS_ADMIN_PERM,
18785 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18786 },
18787 #endif
18788 {
18789 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
18790 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18791 .doit = nl80211_set_rekey_data,
18792 .flags = GENL_UNS_ADMIN_PERM,
18793 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18794 NL80211_FLAG_CLEAR_SKB),
18795 },
18796 {
18797 .cmd = NL80211_CMD_TDLS_MGMT,
18798 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18799 .doit = nl80211_tdls_mgmt,
18800 .flags = GENL_UNS_ADMIN_PERM,
18801 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18802 NL80211_FLAG_MLO_VALID_LINK_ID),
18803 },
18804 {
18805 .cmd = NL80211_CMD_TDLS_OPER,
18806 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18807 .doit = nl80211_tdls_oper,
18808 .flags = GENL_UNS_ADMIN_PERM,
18809 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18810 },
18811 {
18812 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
18813 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18814 .doit = nl80211_register_unexpected_frame,
18815 .flags = GENL_UNS_ADMIN_PERM,
18816 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18817 },
18818 {
18819 .cmd = NL80211_CMD_PROBE_CLIENT,
18820 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18821 .doit = nl80211_probe_client,
18822 .flags = GENL_UNS_ADMIN_PERM,
18823 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18824 },
18825 {
18826 .cmd = NL80211_CMD_REGISTER_BEACONS,
18827 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18828 .doit = nl80211_register_beacons,
18829 .flags = GENL_UNS_ADMIN_PERM,
18830 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18831 },
18832 {
18833 .cmd = NL80211_CMD_SET_NOACK_MAP,
18834 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18835 .doit = nl80211_set_noack_map,
18836 .flags = GENL_UNS_ADMIN_PERM,
18837 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18838 },
18839 {
18840 .cmd = NL80211_CMD_START_P2P_DEVICE,
18841 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18842 .doit = nl80211_start_p2p_device,
18843 .flags = GENL_UNS_ADMIN_PERM,
18844 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
18845 NL80211_FLAG_NEED_RTNL),
18846 },
18847 {
18848 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
18849 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18850 .doit = nl80211_stop_p2p_device,
18851 .flags = GENL_UNS_ADMIN_PERM,
18852 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
18853 NL80211_FLAG_NEED_RTNL),
18854 },
18855 {
18856 .cmd = NL80211_CMD_START_NAN,
18857 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18858 .doit = nl80211_start_nan,
18859 .flags = GENL_ADMIN_PERM,
18860 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
18861 NL80211_FLAG_NEED_RTNL),
18862 },
18863 {
18864 .cmd = NL80211_CMD_STOP_NAN,
18865 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18866 .doit = nl80211_stop_nan,
18867 .flags = GENL_ADMIN_PERM,
18868 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
18869 NL80211_FLAG_NEED_RTNL),
18870 },
18871 {
18872 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
18873 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18874 .doit = nl80211_nan_add_func,
18875 .flags = GENL_ADMIN_PERM,
18876 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18877 },
18878 {
18879 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
18880 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18881 .doit = nl80211_nan_del_func,
18882 .flags = GENL_ADMIN_PERM,
18883 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18884 },
18885 {
18886 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
18887 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18888 .doit = nl80211_nan_change_config,
18889 .flags = GENL_ADMIN_PERM,
18890 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18891 },
18892 {
18893 .cmd = NL80211_CMD_SET_MCAST_RATE,
18894 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18895 .doit = nl80211_set_mcast_rate,
18896 .flags = GENL_UNS_ADMIN_PERM,
18897 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
18898 },
18899 {
18900 .cmd = NL80211_CMD_SET_MAC_ACL,
18901 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18902 .doit = nl80211_set_mac_acl,
18903 .flags = GENL_UNS_ADMIN_PERM,
18904 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
18905 NL80211_FLAG_MLO_UNSUPPORTED),
18906 },
18907 {
18908 .cmd = NL80211_CMD_RADAR_DETECT,
18909 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18910 .doit = nl80211_start_radar_detection,
18911 .flags = GENL_UNS_ADMIN_PERM,
18912 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18913 NL80211_FLAG_NO_WIPHY_MTX |
18914 NL80211_FLAG_MLO_VALID_LINK_ID),
18915 },
18916 {
18917 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
18918 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18919 .doit = nl80211_get_protocol_features,
18920 },
18921 {
18922 .cmd = NL80211_CMD_UPDATE_FT_IES,
18923 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18924 .doit = nl80211_update_ft_ies,
18925 .flags = GENL_UNS_ADMIN_PERM,
18926 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18927 },
18928 {
18929 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
18930 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18931 .doit = nl80211_crit_protocol_start,
18932 .flags = GENL_UNS_ADMIN_PERM,
18933 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18934 },
18935 {
18936 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
18937 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18938 .doit = nl80211_crit_protocol_stop,
18939 .flags = GENL_UNS_ADMIN_PERM,
18940 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
18941 },
18942 {
18943 .cmd = NL80211_CMD_GET_COALESCE,
18944 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18945 .doit = nl80211_get_coalesce,
18946 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18947 },
18948 {
18949 .cmd = NL80211_CMD_SET_COALESCE,
18950 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18951 .doit = nl80211_set_coalesce,
18952 .flags = GENL_UNS_ADMIN_PERM,
18953 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
18954 },
18955 {
18956 .cmd = NL80211_CMD_CHANNEL_SWITCH,
18957 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18958 .doit = nl80211_channel_switch,
18959 .flags = GENL_UNS_ADMIN_PERM,
18960 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18961 NL80211_FLAG_MLO_VALID_LINK_ID),
18962 },
18963 {
18964 .cmd = NL80211_CMD_VENDOR,
18965 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18966 .doit = nl80211_vendor_cmd,
18967 .dumpit = nl80211_vendor_cmd_dump,
18968 .flags = GENL_UNS_ADMIN_PERM,
18969 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
18970 NL80211_FLAG_CLEAR_SKB),
18971 },
18972 {
18973 .cmd = NL80211_CMD_SET_QOS_MAP,
18974 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18975 .doit = nl80211_set_qos_map,
18976 .flags = GENL_UNS_ADMIN_PERM,
18977 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18978 },
18979 {
18980 .cmd = NL80211_CMD_ADD_TX_TS,
18981 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18982 .doit = nl80211_add_tx_ts,
18983 .flags = GENL_UNS_ADMIN_PERM,
18984 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
18985 NL80211_FLAG_MLO_UNSUPPORTED),
18986 },
18987 {
18988 .cmd = NL80211_CMD_DEL_TX_TS,
18989 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18990 .doit = nl80211_del_tx_ts,
18991 .flags = GENL_UNS_ADMIN_PERM,
18992 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
18993 },
18994 {
18995 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
18996 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
18997 .doit = nl80211_tdls_channel_switch,
18998 .flags = GENL_UNS_ADMIN_PERM,
18999 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19000 },
19001 {
19002 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
19003 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19004 .doit = nl80211_tdls_cancel_channel_switch,
19005 .flags = GENL_UNS_ADMIN_PERM,
19006 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19007 },
19008 {
19009 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
19010 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19011 .doit = nl80211_set_multicast_to_unicast,
19012 .flags = GENL_UNS_ADMIN_PERM,
19013 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19014 },
19015 {
19016 .cmd = NL80211_CMD_SET_PMK,
19017 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19018 .doit = nl80211_set_pmk,
19019 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19020 NL80211_FLAG_CLEAR_SKB),
19021 },
19022 {
19023 .cmd = NL80211_CMD_DEL_PMK,
19024 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19025 .doit = nl80211_del_pmk,
19026 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19027 },
19028 {
19029 .cmd = NL80211_CMD_EXTERNAL_AUTH,
19030 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19031 .doit = nl80211_external_auth,
19032 .flags = GENL_ADMIN_PERM,
19033 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19034 },
19035 {
19036 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
19037 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19038 .doit = nl80211_tx_control_port,
19039 .flags = GENL_UNS_ADMIN_PERM,
19040 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19041 },
19042 {
19043 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
19044 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19045 .doit = nl80211_get_ftm_responder_stats,
19046 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19047 NL80211_FLAG_MLO_VALID_LINK_ID),
19048 },
19049 {
19050 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
19051 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19052 .doit = nl80211_pmsr_start,
19053 .flags = GENL_UNS_ADMIN_PERM,
19054 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19055 },
19056 {
19057 .cmd = NL80211_CMD_NOTIFY_RADAR,
19058 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19059 .doit = nl80211_notify_radar_detection,
19060 .flags = GENL_UNS_ADMIN_PERM,
19061 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19062 },
19063 {
19064 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
19065 .doit = nl80211_update_owe_info,
19066 .flags = GENL_ADMIN_PERM,
19067 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19068 },
19069 {
19070 .cmd = NL80211_CMD_PROBE_MESH_LINK,
19071 .doit = nl80211_probe_mesh_link,
19072 .flags = GENL_UNS_ADMIN_PERM,
19073 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19074 },
19075 {
19076 .cmd = NL80211_CMD_SET_TID_CONFIG,
19077 .doit = nl80211_set_tid_config,
19078 .flags = GENL_UNS_ADMIN_PERM,
19079 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19080 NL80211_FLAG_MLO_VALID_LINK_ID),
19081 },
19082 {
19083 .cmd = NL80211_CMD_SET_SAR_SPECS,
19084 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19085 .doit = nl80211_set_sar_specs,
19086 .flags = GENL_UNS_ADMIN_PERM,
19087 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
19088 NL80211_FLAG_NEED_RTNL),
19089 },
19090 {
19091 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
19092 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19093 .doit = nl80211_color_change,
19094 .flags = GENL_UNS_ADMIN_PERM,
19095 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19096 NL80211_FLAG_MLO_VALID_LINK_ID),
19097 },
19098 {
19099 .cmd = NL80211_CMD_SET_FILS_AAD,
19100 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19101 .doit = nl80211_set_fils_aad,
19102 .flags = GENL_UNS_ADMIN_PERM,
19103 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19104 },
19105 {
19106 .cmd = NL80211_CMD_ADD_LINK,
19107 .doit = nl80211_add_link,
19108 .flags = GENL_UNS_ADMIN_PERM,
19109 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19110 },
19111 {
19112 .cmd = NL80211_CMD_REMOVE_LINK,
19113 .doit = nl80211_remove_link,
19114 .flags = GENL_UNS_ADMIN_PERM,
19115 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19116 NL80211_FLAG_MLO_VALID_LINK_ID),
19117 },
19118 {
19119 .cmd = NL80211_CMD_ADD_LINK_STA,
19120 .doit = nl80211_add_link_station,
19121 .flags = GENL_UNS_ADMIN_PERM,
19122 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19123 NL80211_FLAG_MLO_VALID_LINK_ID),
19124 },
19125 {
19126 .cmd = NL80211_CMD_MODIFY_LINK_STA,
19127 .doit = nl80211_modify_link_station,
19128 .flags = GENL_UNS_ADMIN_PERM,
19129 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19130 NL80211_FLAG_MLO_VALID_LINK_ID),
19131 },
19132 {
19133 .cmd = NL80211_CMD_REMOVE_LINK_STA,
19134 .doit = nl80211_remove_link_station,
19135 .flags = GENL_UNS_ADMIN_PERM,
19136 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19137 NL80211_FLAG_MLO_VALID_LINK_ID),
19138 },
19139 {
19140 .cmd = NL80211_CMD_SET_HW_TIMESTAMP,
19141 .doit = nl80211_set_hw_timestamp,
19142 .flags = GENL_UNS_ADMIN_PERM,
19143 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19144 },
19145 {
19146 .cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
19147 .doit = nl80211_set_ttlm,
19148 .flags = GENL_UNS_ADMIN_PERM,
19149 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19150 },
19151 {
19152 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
19153 .doit = nl80211_assoc_ml_reconf,
19154 .flags = GENL_UNS_ADMIN_PERM,
19155 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19156 },
19157 {
19158 .cmd = NL80211_CMD_EPCS_CFG,
19159 .doit = nl80211_epcs_cfg,
19160 .flags = GENL_UNS_ADMIN_PERM,
19161 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19162 },
19163 };
19164
19165 static struct genl_family nl80211_fam __ro_after_init = {
19166 .name = NL80211_GENL_NAME, /* have users key off the name instead */
19167 .hdrsize = 0, /* no private header */
19168 .version = 1, /* no particular meaning now */
19169 .maxattr = NL80211_ATTR_MAX,
19170 .policy = nl80211_policy,
19171 .netnsok = true,
19172 .pre_doit = nl80211_pre_doit,
19173 .post_doit = nl80211_post_doit,
19174 .module = THIS_MODULE,
19175 .ops = nl80211_ops,
19176 .n_ops = ARRAY_SIZE(nl80211_ops),
19177 .small_ops = nl80211_small_ops,
19178 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
19179 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
19180 .mcgrps = nl80211_mcgrps,
19181 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
19182 .parallel_ops = true,
19183 };
19184
19185 /* notification functions */
19186
nl80211_notify_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd)19187 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
19188 enum nl80211_commands cmd)
19189 {
19190 struct sk_buff *msg;
19191 struct nl80211_dump_wiphy_state state = {};
19192
19193 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
19194 cmd != NL80211_CMD_DEL_WIPHY);
19195
19196 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19197 if (!msg)
19198 return;
19199
19200 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
19201 nlmsg_free(msg);
19202 return;
19203 }
19204
19205 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19206 NL80211_MCGRP_CONFIG, GFP_KERNEL);
19207 }
19208
nl80211_notify_iface(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)19209 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
19210 struct wireless_dev *wdev,
19211 enum nl80211_commands cmd)
19212 {
19213 struct sk_buff *msg;
19214
19215 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19216 if (!msg)
19217 return;
19218
19219 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
19220 nlmsg_free(msg);
19221 return;
19222 }
19223
19224 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19225 NL80211_MCGRP_CONFIG, GFP_KERNEL);
19226 }
19227
nl80211_add_scan_req(struct sk_buff * msg,struct cfg80211_registered_device * rdev)19228 static int nl80211_add_scan_req(struct sk_buff *msg,
19229 struct cfg80211_registered_device *rdev)
19230 {
19231 struct cfg80211_scan_request_int *req = rdev->scan_req;
19232 struct nlattr *nest;
19233 int i;
19234 struct cfg80211_scan_info *info;
19235
19236 if (WARN_ON(!req))
19237 return 0;
19238
19239 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
19240 if (!nest)
19241 goto nla_put_failure;
19242 for (i = 0; i < req->req.n_ssids; i++) {
19243 if (nla_put(msg, i, req->req.ssids[i].ssid_len,
19244 req->req.ssids[i].ssid))
19245 goto nla_put_failure;
19246 }
19247 nla_nest_end(msg, nest);
19248
19249 if (req->req.flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
19250 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
19251 if (!nest)
19252 goto nla_put_failure;
19253 for (i = 0; i < req->req.n_channels; i++) {
19254 if (nla_put_u32(msg, i,
19255 ieee80211_channel_to_khz(req->req.channels[i])))
19256 goto nla_put_failure;
19257 }
19258 nla_nest_end(msg, nest);
19259 } else {
19260 nest = nla_nest_start_noflag(msg,
19261 NL80211_ATTR_SCAN_FREQUENCIES);
19262 if (!nest)
19263 goto nla_put_failure;
19264 for (i = 0; i < req->req.n_channels; i++) {
19265 if (nla_put_u32(msg, i,
19266 req->req.channels[i]->center_freq))
19267 goto nla_put_failure;
19268 }
19269 nla_nest_end(msg, nest);
19270 }
19271
19272 if (req->req.ie &&
19273 nla_put(msg, NL80211_ATTR_IE, req->req.ie_len, req->req.ie))
19274 goto nla_put_failure;
19275
19276 if (req->req.flags &&
19277 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->req.flags))
19278 goto nla_put_failure;
19279
19280 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
19281 &rdev->scan_req->info;
19282 if (info->scan_start_tsf &&
19283 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
19284 info->scan_start_tsf, NL80211_BSS_PAD) ||
19285 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
19286 info->tsf_bssid)))
19287 goto nla_put_failure;
19288
19289 return 0;
19290 nla_put_failure:
19291 return -ENOBUFS;
19292 }
19293
nl80211_prep_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 portid,u32 seq,int flags,u32 cmd)19294 static int nl80211_prep_scan_msg(struct sk_buff *msg,
19295 struct cfg80211_registered_device *rdev,
19296 struct wireless_dev *wdev,
19297 u32 portid, u32 seq, int flags,
19298 u32 cmd)
19299 {
19300 void *hdr;
19301
19302 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
19303 if (!hdr)
19304 return -1;
19305
19306 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19307 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19308 wdev->netdev->ifindex)) ||
19309 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19310 NL80211_ATTR_PAD))
19311 goto nla_put_failure;
19312
19313 /* ignore errors and send incomplete event anyway */
19314 nl80211_add_scan_req(msg, rdev);
19315
19316 genlmsg_end(msg, hdr);
19317 return 0;
19318
19319 nla_put_failure:
19320 genlmsg_cancel(msg, hdr);
19321 return -EMSGSIZE;
19322 }
19323
19324 static int
nl80211_prep_sched_scan_msg(struct sk_buff * msg,struct cfg80211_sched_scan_request * req,u32 cmd)19325 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
19326 struct cfg80211_sched_scan_request *req, u32 cmd)
19327 {
19328 void *hdr;
19329
19330 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19331 if (!hdr)
19332 return -1;
19333
19334 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
19335 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
19336 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
19337 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
19338 NL80211_ATTR_PAD))
19339 goto nla_put_failure;
19340
19341 genlmsg_end(msg, hdr);
19342 return 0;
19343
19344 nla_put_failure:
19345 genlmsg_cancel(msg, hdr);
19346 return -EMSGSIZE;
19347 }
19348
nl80211_send_scan_start(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)19349 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
19350 struct wireless_dev *wdev)
19351 {
19352 struct sk_buff *msg;
19353
19354 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19355 if (!msg)
19356 return;
19357
19358 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
19359 NL80211_CMD_TRIGGER_SCAN) < 0) {
19360 nlmsg_free(msg);
19361 return;
19362 }
19363
19364 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19365 NL80211_MCGRP_SCAN, GFP_KERNEL);
19366 }
19367
nl80211_build_scan_msg(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,bool aborted)19368 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
19369 struct wireless_dev *wdev, bool aborted)
19370 {
19371 struct sk_buff *msg;
19372
19373 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19374 if (!msg)
19375 return NULL;
19376
19377 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
19378 aborted ? NL80211_CMD_SCAN_ABORTED :
19379 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
19380 nlmsg_free(msg);
19381 return NULL;
19382 }
19383
19384 return msg;
19385 }
19386
19387 /* send message created by nl80211_build_scan_msg() */
nl80211_send_scan_msg(struct cfg80211_registered_device * rdev,struct sk_buff * msg)19388 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
19389 struct sk_buff *msg)
19390 {
19391 if (!msg)
19392 return;
19393
19394 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19395 NL80211_MCGRP_SCAN, GFP_KERNEL);
19396 }
19397
nl80211_send_sched_scan(struct cfg80211_sched_scan_request * req,u32 cmd)19398 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
19399 {
19400 struct sk_buff *msg;
19401
19402 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19403 if (!msg)
19404 return;
19405
19406 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
19407 nlmsg_free(msg);
19408 return;
19409 }
19410
19411 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
19412 NL80211_MCGRP_SCAN, GFP_KERNEL);
19413 }
19414
nl80211_reg_change_event_fill(struct sk_buff * msg,struct regulatory_request * request)19415 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
19416 struct regulatory_request *request)
19417 {
19418 /* Userspace can always count this one always being set */
19419 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
19420 goto nla_put_failure;
19421
19422 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
19423 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
19424 NL80211_REGDOM_TYPE_WORLD))
19425 goto nla_put_failure;
19426 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
19427 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
19428 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
19429 goto nla_put_failure;
19430 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
19431 request->intersect) {
19432 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
19433 NL80211_REGDOM_TYPE_INTERSECTION))
19434 goto nla_put_failure;
19435 } else {
19436 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
19437 NL80211_REGDOM_TYPE_COUNTRY) ||
19438 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
19439 request->alpha2))
19440 goto nla_put_failure;
19441 }
19442
19443 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
19444 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
19445
19446 if (wiphy &&
19447 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
19448 goto nla_put_failure;
19449
19450 if (wiphy &&
19451 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
19452 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
19453 goto nla_put_failure;
19454 }
19455
19456 return true;
19457
19458 nla_put_failure:
19459 return false;
19460 }
19461
19462 /*
19463 * This can happen on global regulatory changes or device specific settings
19464 * based on custom regulatory domains.
19465 */
nl80211_common_reg_change_event(enum nl80211_commands cmd_id,struct regulatory_request * request)19466 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
19467 struct regulatory_request *request)
19468 {
19469 struct sk_buff *msg;
19470 void *hdr;
19471
19472 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19473 if (!msg)
19474 return;
19475
19476 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
19477 if (!hdr)
19478 goto nla_put_failure;
19479
19480 if (!nl80211_reg_change_event_fill(msg, request))
19481 goto nla_put_failure;
19482
19483 genlmsg_end(msg, hdr);
19484
19485 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
19486 NL80211_MCGRP_REGULATORY);
19487
19488 return;
19489
19490 nla_put_failure:
19491 nlmsg_free(msg);
19492 }
19493
19494 struct nl80211_mlme_event {
19495 enum nl80211_commands cmd;
19496 const u8 *buf;
19497 size_t buf_len;
19498 int uapsd_queues;
19499 const u8 *req_ies;
19500 size_t req_ies_len;
19501 bool reconnect;
19502 };
19503
nl80211_send_mlme_event(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct nl80211_mlme_event * event,gfp_t gfp)19504 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
19505 struct net_device *netdev,
19506 const struct nl80211_mlme_event *event,
19507 gfp_t gfp)
19508 {
19509 struct sk_buff *msg;
19510 void *hdr;
19511
19512 msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
19513 if (!msg)
19514 return;
19515
19516 hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
19517 if (!hdr) {
19518 nlmsg_free(msg);
19519 return;
19520 }
19521
19522 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19523 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19524 nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
19525 (event->req_ies &&
19526 nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
19527 event->req_ies)))
19528 goto nla_put_failure;
19529
19530 if (event->reconnect &&
19531 nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
19532 goto nla_put_failure;
19533
19534 if (event->uapsd_queues >= 0) {
19535 struct nlattr *nla_wmm =
19536 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
19537 if (!nla_wmm)
19538 goto nla_put_failure;
19539
19540 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
19541 event->uapsd_queues))
19542 goto nla_put_failure;
19543
19544 nla_nest_end(msg, nla_wmm);
19545 }
19546
19547 genlmsg_end(msg, hdr);
19548
19549 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19550 NL80211_MCGRP_MLME, gfp);
19551 return;
19552
19553 nla_put_failure:
19554 nlmsg_free(msg);
19555 }
19556
nl80211_send_rx_auth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)19557 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
19558 struct net_device *netdev, const u8 *buf,
19559 size_t len, gfp_t gfp)
19560 {
19561 struct nl80211_mlme_event event = {
19562 .cmd = NL80211_CMD_AUTHENTICATE,
19563 .buf = buf,
19564 .buf_len = len,
19565 .uapsd_queues = -1,
19566 };
19567
19568 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
19569 }
19570
nl80211_send_rx_assoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct cfg80211_rx_assoc_resp_data * data)19571 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
19572 struct net_device *netdev,
19573 const struct cfg80211_rx_assoc_resp_data *data)
19574 {
19575 struct nl80211_mlme_event event = {
19576 .cmd = NL80211_CMD_ASSOCIATE,
19577 .buf = data->buf,
19578 .buf_len = data->len,
19579 .uapsd_queues = data->uapsd_queues,
19580 .req_ies = data->req_ies,
19581 .req_ies_len = data->req_ies_len,
19582 };
19583
19584 nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
19585 }
19586
nl80211_send_deauth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)19587 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
19588 struct net_device *netdev, const u8 *buf,
19589 size_t len, bool reconnect, gfp_t gfp)
19590 {
19591 struct nl80211_mlme_event event = {
19592 .cmd = NL80211_CMD_DEAUTHENTICATE,
19593 .buf = buf,
19594 .buf_len = len,
19595 .reconnect = reconnect,
19596 .uapsd_queues = -1,
19597 };
19598
19599 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
19600 }
19601
nl80211_send_disassoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)19602 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
19603 struct net_device *netdev, const u8 *buf,
19604 size_t len, bool reconnect, gfp_t gfp)
19605 {
19606 struct nl80211_mlme_event event = {
19607 .cmd = NL80211_CMD_DISASSOCIATE,
19608 .buf = buf,
19609 .buf_len = len,
19610 .reconnect = reconnect,
19611 .uapsd_queues = -1,
19612 };
19613
19614 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
19615 }
19616
cfg80211_rx_unprot_mlme_mgmt(struct net_device * dev,const u8 * buf,size_t len)19617 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
19618 size_t len)
19619 {
19620 struct wireless_dev *wdev = dev->ieee80211_ptr;
19621 struct wiphy *wiphy = wdev->wiphy;
19622 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19623 const struct ieee80211_mgmt *mgmt = (void *)buf;
19624 struct nl80211_mlme_event event = {
19625 .buf = buf,
19626 .buf_len = len,
19627 .uapsd_queues = -1,
19628 };
19629
19630 if (WARN_ON(len < 2))
19631 return;
19632
19633 if (ieee80211_is_deauth(mgmt->frame_control)) {
19634 event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
19635 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
19636 event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
19637 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
19638 if (wdev->unprot_beacon_reported &&
19639 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
19640 return;
19641 event.cmd = NL80211_CMD_UNPROT_BEACON;
19642 wdev->unprot_beacon_reported = jiffies;
19643 } else {
19644 return;
19645 }
19646
19647 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
19648 nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
19649 }
19650 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
19651
nl80211_send_mlme_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,int cmd,const u8 * addr,gfp_t gfp)19652 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
19653 struct net_device *netdev, int cmd,
19654 const u8 *addr, gfp_t gfp)
19655 {
19656 struct sk_buff *msg;
19657 void *hdr;
19658
19659 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19660 if (!msg)
19661 return;
19662
19663 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19664 if (!hdr) {
19665 nlmsg_free(msg);
19666 return;
19667 }
19668
19669 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19670 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19671 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
19672 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
19673 goto nla_put_failure;
19674
19675 genlmsg_end(msg, hdr);
19676
19677 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19678 NL80211_MCGRP_MLME, gfp);
19679 return;
19680
19681 nla_put_failure:
19682 nlmsg_free(msg);
19683 }
19684
nl80211_send_auth_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)19685 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
19686 struct net_device *netdev, const u8 *addr,
19687 gfp_t gfp)
19688 {
19689 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
19690 addr, gfp);
19691 }
19692
nl80211_send_assoc_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)19693 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
19694 struct net_device *netdev, const u8 *addr,
19695 gfp_t gfp)
19696 {
19697 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
19698 addr, gfp);
19699 }
19700
nl80211_send_connect_result(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_connect_resp_params * cr,gfp_t gfp)19701 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
19702 struct net_device *netdev,
19703 struct cfg80211_connect_resp_params *cr,
19704 gfp_t gfp)
19705 {
19706 struct sk_buff *msg;
19707 void *hdr;
19708 unsigned int link;
19709 size_t link_info_size = 0;
19710 const u8 *connected_addr = cr->valid_links ?
19711 cr->ap_mld_addr : cr->links[0].bssid;
19712
19713 if (cr->valid_links) {
19714 for_each_valid_link(cr, link) {
19715 /* Nested attribute header */
19716 link_info_size += NLA_HDRLEN;
19717 /* Link ID */
19718 link_info_size += nla_total_size(sizeof(u8));
19719 link_info_size += cr->links[link].addr ?
19720 nla_total_size(ETH_ALEN) : 0;
19721 link_info_size += (cr->links[link].bssid ||
19722 cr->links[link].bss) ?
19723 nla_total_size(ETH_ALEN) : 0;
19724 link_info_size += nla_total_size(sizeof(u16));
19725 }
19726 }
19727
19728 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
19729 cr->fils.kek_len + cr->fils.pmk_len +
19730 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
19731 gfp);
19732 if (!msg)
19733 return;
19734
19735 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
19736 if (!hdr) {
19737 nlmsg_free(msg);
19738 return;
19739 }
19740
19741 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19742 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19743 (connected_addr &&
19744 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
19745 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
19746 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
19747 cr->status) ||
19748 (cr->status < 0 &&
19749 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
19750 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
19751 cr->timeout_reason))) ||
19752 (cr->req_ie &&
19753 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
19754 (cr->resp_ie &&
19755 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
19756 cr->resp_ie)) ||
19757 (cr->fils.update_erp_next_seq_num &&
19758 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
19759 cr->fils.erp_next_seq_num)) ||
19760 (cr->status == WLAN_STATUS_SUCCESS &&
19761 ((cr->fils.kek &&
19762 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
19763 cr->fils.kek)) ||
19764 (cr->fils.pmk &&
19765 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
19766 (cr->fils.pmkid &&
19767 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
19768 goto nla_put_failure;
19769
19770 if (cr->valid_links) {
19771 int i = 1;
19772 struct nlattr *nested;
19773
19774 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
19775 if (!nested)
19776 goto nla_put_failure;
19777
19778 for_each_valid_link(cr, link) {
19779 struct nlattr *nested_mlo_links;
19780 const u8 *bssid = cr->links[link].bss ?
19781 cr->links[link].bss->bssid :
19782 cr->links[link].bssid;
19783
19784 nested_mlo_links = nla_nest_start(msg, i);
19785 if (!nested_mlo_links)
19786 goto nla_put_failure;
19787
19788 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
19789 (bssid &&
19790 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
19791 (cr->links[link].addr &&
19792 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
19793 cr->links[link].addr)) ||
19794 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
19795 cr->links[link].status))
19796 goto nla_put_failure;
19797
19798 nla_nest_end(msg, nested_mlo_links);
19799 i++;
19800 }
19801 nla_nest_end(msg, nested);
19802 }
19803
19804 genlmsg_end(msg, hdr);
19805
19806 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19807 NL80211_MCGRP_MLME, gfp);
19808 return;
19809
19810 nla_put_failure:
19811 nlmsg_free(msg);
19812 }
19813
nl80211_send_roamed(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_roam_info * info,gfp_t gfp)19814 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
19815 struct net_device *netdev,
19816 struct cfg80211_roam_info *info, gfp_t gfp)
19817 {
19818 struct sk_buff *msg;
19819 void *hdr;
19820 size_t link_info_size = 0;
19821 unsigned int link;
19822 const u8 *connected_addr = info->ap_mld_addr ?
19823 info->ap_mld_addr :
19824 (info->links[0].bss ?
19825 info->links[0].bss->bssid :
19826 info->links[0].bssid);
19827
19828 if (info->valid_links) {
19829 for_each_valid_link(info, link) {
19830 /* Nested attribute header */
19831 link_info_size += NLA_HDRLEN;
19832 /* Link ID */
19833 link_info_size += nla_total_size(sizeof(u8));
19834 link_info_size += info->links[link].addr ?
19835 nla_total_size(ETH_ALEN) : 0;
19836 link_info_size += (info->links[link].bssid ||
19837 info->links[link].bss) ?
19838 nla_total_size(ETH_ALEN) : 0;
19839 }
19840 }
19841
19842 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
19843 info->fils.kek_len + info->fils.pmk_len +
19844 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
19845 link_info_size, gfp);
19846 if (!msg)
19847 return;
19848
19849 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
19850 if (!hdr) {
19851 nlmsg_free(msg);
19852 return;
19853 }
19854
19855 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19856 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19857 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
19858 (info->req_ie &&
19859 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
19860 info->req_ie)) ||
19861 (info->resp_ie &&
19862 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
19863 info->resp_ie)) ||
19864 (info->fils.update_erp_next_seq_num &&
19865 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
19866 info->fils.erp_next_seq_num)) ||
19867 (info->fils.kek &&
19868 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
19869 info->fils.kek)) ||
19870 (info->fils.pmk &&
19871 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
19872 (info->fils.pmkid &&
19873 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
19874 goto nla_put_failure;
19875
19876 if (info->valid_links) {
19877 int i = 1;
19878 struct nlattr *nested;
19879
19880 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
19881 if (!nested)
19882 goto nla_put_failure;
19883
19884 for_each_valid_link(info, link) {
19885 struct nlattr *nested_mlo_links;
19886 const u8 *bssid = info->links[link].bss ?
19887 info->links[link].bss->bssid :
19888 info->links[link].bssid;
19889
19890 nested_mlo_links = nla_nest_start(msg, i);
19891 if (!nested_mlo_links)
19892 goto nla_put_failure;
19893
19894 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
19895 (bssid &&
19896 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
19897 (info->links[link].addr &&
19898 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
19899 info->links[link].addr)))
19900 goto nla_put_failure;
19901
19902 nla_nest_end(msg, nested_mlo_links);
19903 i++;
19904 }
19905 nla_nest_end(msg, nested);
19906 }
19907
19908 genlmsg_end(msg, hdr);
19909
19910 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19911 NL80211_MCGRP_MLME, gfp);
19912 return;
19913
19914 nla_put_failure:
19915 nlmsg_free(msg);
19916 }
19917
nl80211_send_port_authorized(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * peer_addr,const u8 * td_bitmap,u8 td_bitmap_len)19918 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
19919 struct net_device *netdev, const u8 *peer_addr,
19920 const u8 *td_bitmap, u8 td_bitmap_len)
19921 {
19922 struct sk_buff *msg;
19923 void *hdr;
19924
19925 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19926 if (!msg)
19927 return;
19928
19929 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
19930 if (!hdr) {
19931 nlmsg_free(msg);
19932 return;
19933 }
19934
19935 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19936 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19937 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
19938 goto nla_put_failure;
19939
19940 if (td_bitmap_len > 0 && td_bitmap &&
19941 nla_put(msg, NL80211_ATTR_TD_BITMAP, td_bitmap_len, td_bitmap))
19942 goto nla_put_failure;
19943
19944 genlmsg_end(msg, hdr);
19945
19946 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19947 NL80211_MCGRP_MLME, GFP_KERNEL);
19948 return;
19949
19950 nla_put_failure:
19951 nlmsg_free(msg);
19952 }
19953
nl80211_send_disconnected(struct cfg80211_registered_device * rdev,struct net_device * netdev,u16 reason,const u8 * ie,size_t ie_len,bool from_ap)19954 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
19955 struct net_device *netdev, u16 reason,
19956 const u8 *ie, size_t ie_len, bool from_ap)
19957 {
19958 struct sk_buff *msg;
19959 void *hdr;
19960
19961 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
19962 if (!msg)
19963 return;
19964
19965 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
19966 if (!hdr) {
19967 nlmsg_free(msg);
19968 return;
19969 }
19970
19971 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19972 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19973 (reason &&
19974 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
19975 (from_ap &&
19976 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
19977 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
19978 goto nla_put_failure;
19979
19980 genlmsg_end(msg, hdr);
19981
19982 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19983 NL80211_MCGRP_MLME, GFP_KERNEL);
19984 return;
19985
19986 nla_put_failure:
19987 nlmsg_free(msg);
19988 }
19989
cfg80211_links_removed(struct net_device * dev,u16 link_mask)19990 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
19991 {
19992 struct wireless_dev *wdev = dev->ieee80211_ptr;
19993 struct wiphy *wiphy = wdev->wiphy;
19994 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19995 struct sk_buff *msg;
19996 struct nlattr *links;
19997 void *hdr;
19998
19999 lockdep_assert_wiphy(wdev->wiphy);
20000 trace_cfg80211_links_removed(dev, link_mask);
20001
20002 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
20003 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
20004 return;
20005
20006 if (WARN_ON(!wdev->valid_links || !link_mask ||
20007 (wdev->valid_links & link_mask) != link_mask ||
20008 wdev->valid_links == link_mask))
20009 return;
20010
20011 cfg80211_wdev_release_link_bsses(wdev, link_mask);
20012 wdev->valid_links &= ~link_mask;
20013
20014 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20015 if (!msg)
20016 return;
20017
20018 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
20019 if (!hdr) {
20020 nlmsg_free(msg);
20021 return;
20022 }
20023
20024 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20025 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
20026 goto nla_put_failure;
20027
20028 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
20029 if (!links)
20030 goto nla_put_failure;
20031
20032 while (link_mask) {
20033 struct nlattr *link;
20034 int link_id = __ffs(link_mask);
20035
20036 link = nla_nest_start(msg, link_id + 1);
20037 if (!link)
20038 goto nla_put_failure;
20039
20040 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
20041 goto nla_put_failure;
20042
20043 nla_nest_end(msg, link);
20044 link_mask &= ~(1 << link_id);
20045 }
20046
20047 nla_nest_end(msg, links);
20048
20049 genlmsg_end(msg, hdr);
20050
20051 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20052 NL80211_MCGRP_MLME, GFP_KERNEL);
20053 return;
20054
20055 nla_put_failure:
20056 nlmsg_free(msg);
20057 }
20058 EXPORT_SYMBOL(cfg80211_links_removed);
20059
nl80211_mlo_reconf_add_done(struct net_device * dev,struct cfg80211_mlo_reconf_done_data * data)20060 void nl80211_mlo_reconf_add_done(struct net_device *dev,
20061 struct cfg80211_mlo_reconf_done_data *data)
20062 {
20063 struct wireless_dev *wdev = dev->ieee80211_ptr;
20064 struct wiphy *wiphy = wdev->wiphy;
20065 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20066 struct nl80211_mlme_event event = {
20067 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
20068 .buf = data->buf,
20069 .buf_len = data->len,
20070 .uapsd_queues = -1,
20071 };
20072
20073 nl80211_send_mlme_event(rdev, dev, &event, GFP_KERNEL);
20074 }
20075 EXPORT_SYMBOL(nl80211_mlo_reconf_add_done);
20076
nl80211_send_ibss_bssid(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,gfp_t gfp)20077 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
20078 struct net_device *netdev, const u8 *bssid,
20079 gfp_t gfp)
20080 {
20081 struct sk_buff *msg;
20082 void *hdr;
20083
20084 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20085 if (!msg)
20086 return;
20087
20088 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
20089 if (!hdr) {
20090 nlmsg_free(msg);
20091 return;
20092 }
20093
20094 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20095 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20096 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
20097 goto nla_put_failure;
20098
20099 genlmsg_end(msg, hdr);
20100
20101 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20102 NL80211_MCGRP_MLME, gfp);
20103 return;
20104
20105 nla_put_failure:
20106 nlmsg_free(msg);
20107 }
20108
cfg80211_notify_new_peer_candidate(struct net_device * dev,const u8 * addr,const u8 * ie,u8 ie_len,int sig_dbm,gfp_t gfp)20109 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
20110 const u8 *ie, u8 ie_len,
20111 int sig_dbm, gfp_t gfp)
20112 {
20113 struct wireless_dev *wdev = dev->ieee80211_ptr;
20114 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20115 struct sk_buff *msg;
20116 void *hdr;
20117
20118 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
20119 return;
20120
20121 trace_cfg80211_notify_new_peer_candidate(dev, addr);
20122
20123 msg = nlmsg_new(100 + ie_len, gfp);
20124 if (!msg)
20125 return;
20126
20127 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
20128 if (!hdr) {
20129 nlmsg_free(msg);
20130 return;
20131 }
20132
20133 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20134 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20135 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
20136 (ie_len && ie &&
20137 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
20138 (sig_dbm &&
20139 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
20140 goto nla_put_failure;
20141
20142 genlmsg_end(msg, hdr);
20143
20144 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20145 NL80211_MCGRP_MLME, gfp);
20146 return;
20147
20148 nla_put_failure:
20149 nlmsg_free(msg);
20150 }
20151 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
20152
nl80211_michael_mic_failure(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,enum nl80211_key_type key_type,int key_id,const u8 * tsc,gfp_t gfp)20153 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
20154 struct net_device *netdev, const u8 *addr,
20155 enum nl80211_key_type key_type, int key_id,
20156 const u8 *tsc, gfp_t gfp)
20157 {
20158 struct sk_buff *msg;
20159 void *hdr;
20160
20161 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20162 if (!msg)
20163 return;
20164
20165 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
20166 if (!hdr) {
20167 nlmsg_free(msg);
20168 return;
20169 }
20170
20171 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20172 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20173 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
20174 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
20175 (key_id != -1 &&
20176 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
20177 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
20178 goto nla_put_failure;
20179
20180 genlmsg_end(msg, hdr);
20181
20182 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20183 NL80211_MCGRP_MLME, gfp);
20184 return;
20185
20186 nla_put_failure:
20187 nlmsg_free(msg);
20188 }
20189
nl80211_send_beacon_hint_event(struct wiphy * wiphy,struct ieee80211_channel * channel_before,struct ieee80211_channel * channel_after)20190 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
20191 struct ieee80211_channel *channel_before,
20192 struct ieee80211_channel *channel_after)
20193 {
20194 struct sk_buff *msg;
20195 void *hdr;
20196 struct nlattr *nl_freq;
20197
20198 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
20199 if (!msg)
20200 return;
20201
20202 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
20203 if (!hdr) {
20204 nlmsg_free(msg);
20205 return;
20206 }
20207
20208 /*
20209 * Since we are applying the beacon hint to a wiphy we know its
20210 * wiphy_idx is valid
20211 */
20212 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
20213 goto nla_put_failure;
20214
20215 /* Before */
20216 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
20217 if (!nl_freq)
20218 goto nla_put_failure;
20219
20220 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
20221 goto nla_put_failure;
20222 nla_nest_end(msg, nl_freq);
20223
20224 /* After */
20225 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
20226 if (!nl_freq)
20227 goto nla_put_failure;
20228
20229 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
20230 goto nla_put_failure;
20231 nla_nest_end(msg, nl_freq);
20232
20233 genlmsg_end(msg, hdr);
20234
20235 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
20236 NL80211_MCGRP_REGULATORY);
20237
20238 return;
20239
20240 nla_put_failure:
20241 nlmsg_free(msg);
20242 }
20243
nl80211_send_remain_on_chan_event(int cmd,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)20244 static void nl80211_send_remain_on_chan_event(
20245 int cmd, struct cfg80211_registered_device *rdev,
20246 struct wireless_dev *wdev, u64 cookie,
20247 struct ieee80211_channel *chan,
20248 unsigned int duration, gfp_t gfp)
20249 {
20250 struct sk_buff *msg;
20251 void *hdr;
20252
20253 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20254 if (!msg)
20255 return;
20256
20257 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
20258 if (!hdr) {
20259 nlmsg_free(msg);
20260 return;
20261 }
20262
20263 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20264 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
20265 wdev->netdev->ifindex)) ||
20266 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20267 NL80211_ATTR_PAD) ||
20268 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
20269 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
20270 NL80211_CHAN_NO_HT) ||
20271 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
20272 NL80211_ATTR_PAD))
20273 goto nla_put_failure;
20274
20275 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
20276 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
20277 goto nla_put_failure;
20278
20279 genlmsg_end(msg, hdr);
20280
20281 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20282 NL80211_MCGRP_MLME, gfp);
20283 return;
20284
20285 nla_put_failure:
20286 nlmsg_free(msg);
20287 }
20288
cfg80211_assoc_comeback(struct net_device * netdev,const u8 * ap_addr,u32 timeout)20289 void cfg80211_assoc_comeback(struct net_device *netdev,
20290 const u8 *ap_addr, u32 timeout)
20291 {
20292 struct wireless_dev *wdev = netdev->ieee80211_ptr;
20293 struct wiphy *wiphy = wdev->wiphy;
20294 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20295 struct sk_buff *msg;
20296 void *hdr;
20297
20298 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
20299
20300 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20301 if (!msg)
20302 return;
20303
20304 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
20305 if (!hdr) {
20306 nlmsg_free(msg);
20307 return;
20308 }
20309
20310 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20311 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20312 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
20313 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
20314 goto nla_put_failure;
20315
20316 genlmsg_end(msg, hdr);
20317
20318 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20319 NL80211_MCGRP_MLME, GFP_KERNEL);
20320 return;
20321
20322 nla_put_failure:
20323 nlmsg_free(msg);
20324 }
20325 EXPORT_SYMBOL(cfg80211_assoc_comeback);
20326
cfg80211_ready_on_channel(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)20327 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
20328 struct ieee80211_channel *chan,
20329 unsigned int duration, gfp_t gfp)
20330 {
20331 struct wiphy *wiphy = wdev->wiphy;
20332 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20333
20334 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
20335 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
20336 rdev, wdev, cookie, chan,
20337 duration, gfp);
20338 }
20339 EXPORT_SYMBOL(cfg80211_ready_on_channel);
20340
cfg80211_remain_on_channel_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)20341 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
20342 struct ieee80211_channel *chan,
20343 gfp_t gfp)
20344 {
20345 struct wiphy *wiphy = wdev->wiphy;
20346 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20347
20348 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
20349 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
20350 rdev, wdev, cookie, chan, 0, gfp);
20351 }
20352 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
20353
cfg80211_tx_mgmt_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)20354 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
20355 struct ieee80211_channel *chan,
20356 gfp_t gfp)
20357 {
20358 struct wiphy *wiphy = wdev->wiphy;
20359 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20360
20361 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
20362 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
20363 rdev, wdev, cookie, chan, 0, gfp);
20364 }
20365 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
20366
cfg80211_new_sta(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)20367 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
20368 struct station_info *sinfo, gfp_t gfp)
20369 {
20370 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
20371 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20372 struct sk_buff *msg;
20373
20374 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
20375
20376 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20377 if (!msg)
20378 return;
20379
20380 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
20381 rdev, dev, mac_addr, sinfo, false) < 0) {
20382 nlmsg_free(msg);
20383 return;
20384 }
20385
20386 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20387 NL80211_MCGRP_MLME, gfp);
20388 }
20389 EXPORT_SYMBOL(cfg80211_new_sta);
20390
cfg80211_del_sta_sinfo(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)20391 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
20392 struct station_info *sinfo, gfp_t gfp)
20393 {
20394 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
20395 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20396 struct sk_buff *msg;
20397 struct station_info empty_sinfo = {};
20398
20399 if (!sinfo)
20400 sinfo = &empty_sinfo;
20401
20402 trace_cfg80211_del_sta(dev, mac_addr);
20403
20404 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20405 if (!msg) {
20406 cfg80211_sinfo_release_content(sinfo);
20407 return;
20408 }
20409
20410 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
20411 rdev, dev, mac_addr, sinfo, false) < 0) {
20412 nlmsg_free(msg);
20413 return;
20414 }
20415
20416 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20417 NL80211_MCGRP_MLME, gfp);
20418 }
20419 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
20420
cfg80211_conn_failed(struct net_device * dev,const u8 * mac_addr,enum nl80211_connect_failed_reason reason,gfp_t gfp)20421 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
20422 enum nl80211_connect_failed_reason reason,
20423 gfp_t gfp)
20424 {
20425 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
20426 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20427 struct sk_buff *msg;
20428 void *hdr;
20429
20430 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
20431 if (!msg)
20432 return;
20433
20434 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
20435 if (!hdr) {
20436 nlmsg_free(msg);
20437 return;
20438 }
20439
20440 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20441 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
20442 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
20443 goto nla_put_failure;
20444
20445 genlmsg_end(msg, hdr);
20446
20447 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20448 NL80211_MCGRP_MLME, gfp);
20449 return;
20450
20451 nla_put_failure:
20452 nlmsg_free(msg);
20453 }
20454 EXPORT_SYMBOL(cfg80211_conn_failed);
20455
__nl80211_unexpected_frame(struct net_device * dev,u8 cmd,const u8 * addr,int link_id,gfp_t gfp)20456 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
20457 const u8 *addr, int link_id, gfp_t gfp)
20458 {
20459 struct wireless_dev *wdev = dev->ieee80211_ptr;
20460 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20461 struct sk_buff *msg;
20462 void *hdr;
20463 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
20464
20465 if (!nlportid)
20466 return false;
20467
20468 msg = nlmsg_new(100, gfp);
20469 if (!msg)
20470 return true;
20471
20472 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
20473 if (!hdr) {
20474 nlmsg_free(msg);
20475 return true;
20476 }
20477
20478 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20479 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20480 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
20481 (link_id >= 0 &&
20482 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
20483 goto nla_put_failure;
20484
20485 genlmsg_end(msg, hdr);
20486 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20487 return true;
20488
20489 nla_put_failure:
20490 nlmsg_free(msg);
20491 return true;
20492 }
20493
cfg80211_rx_spurious_frame(struct net_device * dev,const u8 * addr,int link_id,gfp_t gfp)20494 bool cfg80211_rx_spurious_frame(struct net_device *dev, const u8 *addr,
20495 int link_id, gfp_t gfp)
20496 {
20497 struct wireless_dev *wdev = dev->ieee80211_ptr;
20498 bool ret;
20499
20500 trace_cfg80211_rx_spurious_frame(dev, addr, link_id);
20501
20502 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
20503 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
20504 trace_cfg80211_return_bool(false);
20505 return false;
20506 }
20507 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
20508 addr, link_id, gfp);
20509 trace_cfg80211_return_bool(ret);
20510 return ret;
20511 }
20512 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
20513
cfg80211_rx_unexpected_4addr_frame(struct net_device * dev,const u8 * addr,int link_id,gfp_t gfp)20514 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, const u8 *addr,
20515 int link_id, gfp_t gfp)
20516 {
20517 struct wireless_dev *wdev = dev->ieee80211_ptr;
20518 bool ret;
20519
20520 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr, link_id);
20521
20522 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
20523 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
20524 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
20525 trace_cfg80211_return_bool(false);
20526 return false;
20527 }
20528 ret = __nl80211_unexpected_frame(dev,
20529 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
20530 addr, link_id, gfp);
20531 trace_cfg80211_return_bool(ret);
20532 return ret;
20533 }
20534 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
20535
nl80211_send_mgmt(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 nlportid,struct cfg80211_rx_info * info,gfp_t gfp)20536 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
20537 struct wireless_dev *wdev, u32 nlportid,
20538 struct cfg80211_rx_info *info, gfp_t gfp)
20539 {
20540 struct net_device *netdev = wdev->netdev;
20541 struct sk_buff *msg;
20542 void *hdr;
20543
20544 msg = nlmsg_new(100 + info->len, gfp);
20545 if (!msg)
20546 return -ENOMEM;
20547
20548 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
20549 if (!hdr) {
20550 nlmsg_free(msg);
20551 return -ENOMEM;
20552 }
20553
20554 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20555 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
20556 netdev->ifindex)) ||
20557 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20558 NL80211_ATTR_PAD) ||
20559 (info->have_link_id &&
20560 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
20561 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
20562 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
20563 (info->sig_dbm &&
20564 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
20565 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
20566 (info->flags &&
20567 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
20568 (info->rx_tstamp && nla_put_u64_64bit(msg,
20569 NL80211_ATTR_RX_HW_TIMESTAMP,
20570 info->rx_tstamp,
20571 NL80211_ATTR_PAD)) ||
20572 (info->ack_tstamp && nla_put_u64_64bit(msg,
20573 NL80211_ATTR_TX_HW_TIMESTAMP,
20574 info->ack_tstamp,
20575 NL80211_ATTR_PAD)))
20576 goto nla_put_failure;
20577
20578 genlmsg_end(msg, hdr);
20579
20580 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20581
20582 nla_put_failure:
20583 nlmsg_free(msg);
20584 return -ENOBUFS;
20585 }
20586
nl80211_frame_tx_status(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp,enum nl80211_commands command)20587 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
20588 struct cfg80211_tx_status *status,
20589 gfp_t gfp, enum nl80211_commands command)
20590 {
20591 struct wiphy *wiphy = wdev->wiphy;
20592 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20593 struct net_device *netdev = wdev->netdev;
20594 struct sk_buff *msg;
20595 void *hdr;
20596
20597 if (command == NL80211_CMD_FRAME_TX_STATUS)
20598 trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
20599 status->ack);
20600 else
20601 trace_cfg80211_control_port_tx_status(wdev, status->cookie,
20602 status->ack);
20603
20604 msg = nlmsg_new(100 + status->len, gfp);
20605 if (!msg)
20606 return;
20607
20608 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
20609 if (!hdr) {
20610 nlmsg_free(msg);
20611 return;
20612 }
20613
20614 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20615 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
20616 netdev->ifindex)) ||
20617 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20618 NL80211_ATTR_PAD) ||
20619 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
20620 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
20621 NL80211_ATTR_PAD) ||
20622 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
20623 (status->tx_tstamp &&
20624 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
20625 status->tx_tstamp, NL80211_ATTR_PAD)) ||
20626 (status->ack_tstamp &&
20627 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
20628 status->ack_tstamp, NL80211_ATTR_PAD)))
20629 goto nla_put_failure;
20630
20631 genlmsg_end(msg, hdr);
20632
20633 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20634 NL80211_MCGRP_MLME, gfp);
20635 return;
20636
20637 nla_put_failure:
20638 nlmsg_free(msg);
20639 }
20640
cfg80211_control_port_tx_status(struct wireless_dev * wdev,u64 cookie,const u8 * buf,size_t len,bool ack,gfp_t gfp)20641 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
20642 const u8 *buf, size_t len, bool ack,
20643 gfp_t gfp)
20644 {
20645 struct cfg80211_tx_status status = {
20646 .cookie = cookie,
20647 .buf = buf,
20648 .len = len,
20649 .ack = ack
20650 };
20651
20652 nl80211_frame_tx_status(wdev, &status, gfp,
20653 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
20654 }
20655 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
20656
cfg80211_mgmt_tx_status_ext(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp)20657 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
20658 struct cfg80211_tx_status *status, gfp_t gfp)
20659 {
20660 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
20661 }
20662 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
20663
__nl80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id,gfp_t gfp)20664 static int __nl80211_rx_control_port(struct net_device *dev,
20665 struct sk_buff *skb,
20666 bool unencrypted,
20667 int link_id,
20668 gfp_t gfp)
20669 {
20670 struct wireless_dev *wdev = dev->ieee80211_ptr;
20671 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20672 struct ethhdr *ehdr = eth_hdr(skb);
20673 const u8 *addr = ehdr->h_source;
20674 u16 proto = be16_to_cpu(skb->protocol);
20675 struct sk_buff *msg;
20676 void *hdr;
20677 struct nlattr *frame;
20678
20679 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
20680
20681 if (!nlportid)
20682 return -ENOENT;
20683
20684 msg = nlmsg_new(100 + skb->len, gfp);
20685 if (!msg)
20686 return -ENOMEM;
20687
20688 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
20689 if (!hdr) {
20690 nlmsg_free(msg);
20691 return -ENOBUFS;
20692 }
20693
20694 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20695 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20696 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20697 NL80211_ATTR_PAD) ||
20698 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
20699 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
20700 (link_id >= 0 &&
20701 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
20702 (unencrypted && nla_put_flag(msg,
20703 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
20704 goto nla_put_failure;
20705
20706 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
20707 if (!frame)
20708 goto nla_put_failure;
20709
20710 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
20711 genlmsg_end(msg, hdr);
20712
20713 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20714
20715 nla_put_failure:
20716 nlmsg_free(msg);
20717 return -ENOBUFS;
20718 }
20719
cfg80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id)20720 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
20721 bool unencrypted, int link_id)
20722 {
20723 int ret;
20724
20725 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
20726 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
20727 GFP_ATOMIC);
20728 trace_cfg80211_return_bool(ret == 0);
20729 return ret == 0;
20730 }
20731 EXPORT_SYMBOL(cfg80211_rx_control_port);
20732
cfg80211_prepare_cqm(struct net_device * dev,const char * mac,gfp_t gfp)20733 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
20734 const char *mac, gfp_t gfp)
20735 {
20736 struct wireless_dev *wdev = dev->ieee80211_ptr;
20737 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20738 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20739 void **cb;
20740
20741 if (!msg)
20742 return NULL;
20743
20744 cb = (void **)msg->cb;
20745
20746 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
20747 if (!cb[0]) {
20748 nlmsg_free(msg);
20749 return NULL;
20750 }
20751
20752 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20753 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
20754 goto nla_put_failure;
20755
20756 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
20757 goto nla_put_failure;
20758
20759 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
20760 if (!cb[1])
20761 goto nla_put_failure;
20762
20763 cb[2] = rdev;
20764
20765 return msg;
20766 nla_put_failure:
20767 nlmsg_free(msg);
20768 return NULL;
20769 }
20770
cfg80211_send_cqm(struct sk_buff * msg,gfp_t gfp)20771 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
20772 {
20773 void **cb = (void **)msg->cb;
20774 struct cfg80211_registered_device *rdev = cb[2];
20775
20776 nla_nest_end(msg, cb[1]);
20777 genlmsg_end(msg, cb[0]);
20778
20779 memset(msg->cb, 0, sizeof(msg->cb));
20780
20781 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20782 NL80211_MCGRP_MLME, gfp);
20783 }
20784
cfg80211_cqm_rssi_notify(struct net_device * dev,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)20785 void cfg80211_cqm_rssi_notify(struct net_device *dev,
20786 enum nl80211_cqm_rssi_threshold_event rssi_event,
20787 s32 rssi_level, gfp_t gfp)
20788 {
20789 struct wireless_dev *wdev = dev->ieee80211_ptr;
20790 struct cfg80211_cqm_config *cqm_config;
20791
20792 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
20793
20794 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
20795 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
20796 return;
20797
20798 rcu_read_lock();
20799 cqm_config = rcu_dereference(wdev->cqm_config);
20800 if (cqm_config) {
20801 cqm_config->last_rssi_event_value = rssi_level;
20802 cqm_config->last_rssi_event_type = rssi_event;
20803 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
20804 }
20805 rcu_read_unlock();
20806 }
20807 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
20808
cfg80211_cqm_rssi_notify_work(struct wiphy * wiphy,struct wiphy_work * work)20809 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
20810 {
20811 struct wireless_dev *wdev = container_of(work, struct wireless_dev,
20812 cqm_rssi_work);
20813 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20814 enum nl80211_cqm_rssi_threshold_event rssi_event;
20815 struct cfg80211_cqm_config *cqm_config;
20816 struct sk_buff *msg;
20817 s32 rssi_level;
20818
20819 cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
20820 if (!cqm_config)
20821 return;
20822
20823 if (cqm_config->use_range_api)
20824 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
20825
20826 rssi_level = cqm_config->last_rssi_event_value;
20827 rssi_event = cqm_config->last_rssi_event_type;
20828
20829 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
20830 if (!msg)
20831 return;
20832
20833 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
20834 rssi_event))
20835 goto nla_put_failure;
20836
20837 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
20838 rssi_level))
20839 goto nla_put_failure;
20840
20841 cfg80211_send_cqm(msg, GFP_KERNEL);
20842
20843 return;
20844
20845 nla_put_failure:
20846 nlmsg_free(msg);
20847 }
20848
cfg80211_cqm_txe_notify(struct net_device * dev,const u8 * peer,u32 num_packets,u32 rate,u32 intvl,gfp_t gfp)20849 void cfg80211_cqm_txe_notify(struct net_device *dev,
20850 const u8 *peer, u32 num_packets,
20851 u32 rate, u32 intvl, gfp_t gfp)
20852 {
20853 struct sk_buff *msg;
20854
20855 msg = cfg80211_prepare_cqm(dev, peer, gfp);
20856 if (!msg)
20857 return;
20858
20859 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
20860 goto nla_put_failure;
20861
20862 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
20863 goto nla_put_failure;
20864
20865 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
20866 goto nla_put_failure;
20867
20868 cfg80211_send_cqm(msg, gfp);
20869 return;
20870
20871 nla_put_failure:
20872 nlmsg_free(msg);
20873 }
20874 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
20875
cfg80211_cqm_pktloss_notify(struct net_device * dev,const u8 * peer,u32 num_packets,gfp_t gfp)20876 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
20877 const u8 *peer, u32 num_packets, gfp_t gfp)
20878 {
20879 struct sk_buff *msg;
20880
20881 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
20882
20883 msg = cfg80211_prepare_cqm(dev, peer, gfp);
20884 if (!msg)
20885 return;
20886
20887 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
20888 goto nla_put_failure;
20889
20890 cfg80211_send_cqm(msg, gfp);
20891 return;
20892
20893 nla_put_failure:
20894 nlmsg_free(msg);
20895 }
20896 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
20897
cfg80211_cqm_beacon_loss_notify(struct net_device * dev,gfp_t gfp)20898 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
20899 {
20900 struct sk_buff *msg;
20901
20902 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
20903 if (!msg)
20904 return;
20905
20906 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
20907 goto nla_put_failure;
20908
20909 cfg80211_send_cqm(msg, gfp);
20910 return;
20911
20912 nla_put_failure:
20913 nlmsg_free(msg);
20914 }
20915 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
20916
nl80211_gtk_rekey_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)20917 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
20918 struct net_device *netdev, const u8 *bssid,
20919 const u8 *replay_ctr, gfp_t gfp)
20920 {
20921 struct sk_buff *msg;
20922 struct nlattr *rekey_attr;
20923 void *hdr;
20924
20925 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20926 if (!msg)
20927 return;
20928
20929 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
20930 if (!hdr) {
20931 nlmsg_free(msg);
20932 return;
20933 }
20934
20935 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20936 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20937 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
20938 goto nla_put_failure;
20939
20940 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
20941 if (!rekey_attr)
20942 goto nla_put_failure;
20943
20944 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
20945 NL80211_REPLAY_CTR_LEN, replay_ctr))
20946 goto nla_put_failure;
20947
20948 nla_nest_end(msg, rekey_attr);
20949
20950 genlmsg_end(msg, hdr);
20951
20952 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20953 NL80211_MCGRP_MLME, gfp);
20954 return;
20955
20956 nla_put_failure:
20957 nlmsg_free(msg);
20958 }
20959
cfg80211_gtk_rekey_notify(struct net_device * dev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)20960 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
20961 const u8 *replay_ctr, gfp_t gfp)
20962 {
20963 struct wireless_dev *wdev = dev->ieee80211_ptr;
20964 struct wiphy *wiphy = wdev->wiphy;
20965 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20966
20967 trace_cfg80211_gtk_rekey_notify(dev, bssid);
20968 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
20969 }
20970 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
20971
20972 static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,int index,const u8 * bssid,bool preauth,gfp_t gfp)20973 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
20974 struct net_device *netdev, int index,
20975 const u8 *bssid, bool preauth, gfp_t gfp)
20976 {
20977 struct sk_buff *msg;
20978 struct nlattr *attr;
20979 void *hdr;
20980
20981 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20982 if (!msg)
20983 return;
20984
20985 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
20986 if (!hdr) {
20987 nlmsg_free(msg);
20988 return;
20989 }
20990
20991 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20992 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
20993 goto nla_put_failure;
20994
20995 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
20996 if (!attr)
20997 goto nla_put_failure;
20998
20999 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
21000 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
21001 (preauth &&
21002 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
21003 goto nla_put_failure;
21004
21005 nla_nest_end(msg, attr);
21006
21007 genlmsg_end(msg, hdr);
21008
21009 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21010 NL80211_MCGRP_MLME, gfp);
21011 return;
21012
21013 nla_put_failure:
21014 nlmsg_free(msg);
21015 }
21016
cfg80211_pmksa_candidate_notify(struct net_device * dev,int index,const u8 * bssid,bool preauth,gfp_t gfp)21017 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
21018 const u8 *bssid, bool preauth, gfp_t gfp)
21019 {
21020 struct wireless_dev *wdev = dev->ieee80211_ptr;
21021 struct wiphy *wiphy = wdev->wiphy;
21022 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21023
21024 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
21025 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
21026 }
21027 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
21028
nl80211_ch_switch_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,unsigned int link_id,struct cfg80211_chan_def * chandef,gfp_t gfp,enum nl80211_commands notif,u8 count,bool quiet)21029 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
21030 struct net_device *netdev,
21031 unsigned int link_id,
21032 struct cfg80211_chan_def *chandef,
21033 gfp_t gfp,
21034 enum nl80211_commands notif,
21035 u8 count, bool quiet)
21036 {
21037 struct wireless_dev *wdev = netdev->ieee80211_ptr;
21038 struct sk_buff *msg;
21039 void *hdr;
21040
21041 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21042 if (!msg)
21043 return;
21044
21045 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
21046 if (!hdr) {
21047 nlmsg_free(msg);
21048 return;
21049 }
21050
21051 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
21052 goto nla_put_failure;
21053
21054 if (wdev->valid_links &&
21055 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
21056 goto nla_put_failure;
21057
21058 if (nl80211_send_chandef(msg, chandef))
21059 goto nla_put_failure;
21060
21061 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
21062 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
21063 goto nla_put_failure;
21064 if (quiet &&
21065 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
21066 goto nla_put_failure;
21067 }
21068
21069 genlmsg_end(msg, hdr);
21070
21071 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21072 NL80211_MCGRP_MLME, gfp);
21073 return;
21074
21075 nla_put_failure:
21076 nlmsg_free(msg);
21077 }
21078
cfg80211_ch_switch_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id)21079 void cfg80211_ch_switch_notify(struct net_device *dev,
21080 struct cfg80211_chan_def *chandef,
21081 unsigned int link_id)
21082 {
21083 struct wireless_dev *wdev = dev->ieee80211_ptr;
21084 struct wiphy *wiphy = wdev->wiphy;
21085 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21086
21087 lockdep_assert_wiphy(wdev->wiphy);
21088 WARN_INVALID_LINK_ID(wdev, link_id);
21089
21090 trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
21091
21092 switch (wdev->iftype) {
21093 case NL80211_IFTYPE_STATION:
21094 case NL80211_IFTYPE_P2P_CLIENT:
21095 if (!WARN_ON(!wdev->links[link_id].client.current_bss))
21096 cfg80211_update_assoc_bss_entry(wdev, link_id,
21097 chandef->chan);
21098 break;
21099 case NL80211_IFTYPE_MESH_POINT:
21100 wdev->u.mesh.chandef = *chandef;
21101 wdev->u.mesh.preset_chandef = *chandef;
21102 break;
21103 case NL80211_IFTYPE_AP:
21104 case NL80211_IFTYPE_P2P_GO:
21105 wdev->links[link_id].ap.chandef = *chandef;
21106 break;
21107 case NL80211_IFTYPE_ADHOC:
21108 wdev->u.ibss.chandef = *chandef;
21109 break;
21110 default:
21111 WARN_ON(1);
21112 break;
21113 }
21114
21115 cfg80211_schedule_channels_check(wdev);
21116 cfg80211_sched_dfs_chan_update(rdev);
21117
21118 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
21119 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
21120 }
21121 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
21122
cfg80211_ch_switch_started_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id,u8 count,bool quiet)21123 void cfg80211_ch_switch_started_notify(struct net_device *dev,
21124 struct cfg80211_chan_def *chandef,
21125 unsigned int link_id, u8 count,
21126 bool quiet)
21127 {
21128 struct wireless_dev *wdev = dev->ieee80211_ptr;
21129 struct wiphy *wiphy = wdev->wiphy;
21130 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21131
21132 lockdep_assert_wiphy(wdev->wiphy);
21133 WARN_INVALID_LINK_ID(wdev, link_id);
21134
21135 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
21136
21137
21138 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
21139 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
21140 count, quiet);
21141 }
21142 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
21143
cfg80211_bss_color_notify(struct net_device * dev,enum nl80211_commands cmd,u8 count,u64 color_bitmap,u8 link_id)21144 int cfg80211_bss_color_notify(struct net_device *dev,
21145 enum nl80211_commands cmd, u8 count,
21146 u64 color_bitmap, u8 link_id)
21147 {
21148 struct wireless_dev *wdev = dev->ieee80211_ptr;
21149 struct wiphy *wiphy = wdev->wiphy;
21150 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21151 struct sk_buff *msg;
21152 void *hdr;
21153
21154 lockdep_assert_wiphy(wdev->wiphy);
21155
21156 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
21157
21158 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21159 if (!msg)
21160 return -ENOMEM;
21161
21162 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
21163 if (!hdr)
21164 goto nla_put_failure;
21165
21166 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
21167 goto nla_put_failure;
21168
21169 if (wdev->valid_links &&
21170 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
21171 goto nla_put_failure;
21172
21173 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
21174 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
21175 goto nla_put_failure;
21176
21177 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
21178 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
21179 color_bitmap, NL80211_ATTR_PAD))
21180 goto nla_put_failure;
21181
21182 genlmsg_end(msg, hdr);
21183
21184 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
21185 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
21186
21187 nla_put_failure:
21188 nlmsg_free(msg);
21189 return -EINVAL;
21190 }
21191 EXPORT_SYMBOL(cfg80211_bss_color_notify);
21192
21193 void
nl80211_radar_notify(struct cfg80211_registered_device * rdev,const struct cfg80211_chan_def * chandef,enum nl80211_radar_event event,struct net_device * netdev,gfp_t gfp)21194 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
21195 const struct cfg80211_chan_def *chandef,
21196 enum nl80211_radar_event event,
21197 struct net_device *netdev, gfp_t gfp)
21198 {
21199 struct sk_buff *msg;
21200 void *hdr;
21201
21202 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21203 if (!msg)
21204 return;
21205
21206 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
21207 if (!hdr) {
21208 nlmsg_free(msg);
21209 return;
21210 }
21211
21212 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
21213 goto nla_put_failure;
21214
21215 /* NOP and radar events don't need a netdev parameter */
21216 if (netdev) {
21217 struct wireless_dev *wdev = netdev->ieee80211_ptr;
21218
21219 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21220 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21221 NL80211_ATTR_PAD))
21222 goto nla_put_failure;
21223 }
21224
21225 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
21226 goto nla_put_failure;
21227
21228 if (nl80211_send_chandef(msg, chandef))
21229 goto nla_put_failure;
21230
21231 genlmsg_end(msg, hdr);
21232
21233 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21234 NL80211_MCGRP_MLME, gfp);
21235 return;
21236
21237 nla_put_failure:
21238 nlmsg_free(msg);
21239 }
21240
cfg80211_sta_opmode_change_notify(struct net_device * dev,const u8 * mac,struct sta_opmode_info * sta_opmode,gfp_t gfp)21241 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
21242 struct sta_opmode_info *sta_opmode,
21243 gfp_t gfp)
21244 {
21245 struct sk_buff *msg;
21246 struct wireless_dev *wdev = dev->ieee80211_ptr;
21247 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21248 void *hdr;
21249
21250 if (WARN_ON(!mac))
21251 return;
21252
21253 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21254 if (!msg)
21255 return;
21256
21257 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
21258 if (!hdr) {
21259 nlmsg_free(msg);
21260 return;
21261 }
21262
21263 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
21264 goto nla_put_failure;
21265
21266 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
21267 goto nla_put_failure;
21268
21269 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
21270 goto nla_put_failure;
21271
21272 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
21273 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
21274 goto nla_put_failure;
21275
21276 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
21277 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
21278 goto nla_put_failure;
21279
21280 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
21281 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
21282 goto nla_put_failure;
21283
21284 genlmsg_end(msg, hdr);
21285
21286 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21287 NL80211_MCGRP_MLME, gfp);
21288
21289 return;
21290
21291 nla_put_failure:
21292 nlmsg_free(msg);
21293 }
21294 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
21295
cfg80211_probe_status(struct net_device * dev,const u8 * addr,u64 cookie,bool acked,s32 ack_signal,bool is_valid_ack_signal,gfp_t gfp)21296 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
21297 u64 cookie, bool acked, s32 ack_signal,
21298 bool is_valid_ack_signal, gfp_t gfp)
21299 {
21300 struct wireless_dev *wdev = dev->ieee80211_ptr;
21301 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21302 struct sk_buff *msg;
21303 void *hdr;
21304
21305 trace_cfg80211_probe_status(dev, addr, cookie, acked);
21306
21307 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21308
21309 if (!msg)
21310 return;
21311
21312 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
21313 if (!hdr) {
21314 nlmsg_free(msg);
21315 return;
21316 }
21317
21318 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21319 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21320 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
21321 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
21322 NL80211_ATTR_PAD) ||
21323 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
21324 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
21325 ack_signal)))
21326 goto nla_put_failure;
21327
21328 genlmsg_end(msg, hdr);
21329
21330 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21331 NL80211_MCGRP_MLME, gfp);
21332 return;
21333
21334 nla_put_failure:
21335 nlmsg_free(msg);
21336 }
21337 EXPORT_SYMBOL(cfg80211_probe_status);
21338
cfg80211_report_obss_beacon_khz(struct wiphy * wiphy,const u8 * frame,size_t len,int freq,int sig_dbm)21339 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
21340 size_t len, int freq, int sig_dbm)
21341 {
21342 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21343 struct sk_buff *msg;
21344 void *hdr;
21345 struct cfg80211_beacon_registration *reg;
21346
21347 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
21348
21349 spin_lock_bh(&rdev->beacon_registrations_lock);
21350 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
21351 msg = nlmsg_new(len + 100, GFP_ATOMIC);
21352 if (!msg) {
21353 spin_unlock_bh(&rdev->beacon_registrations_lock);
21354 return;
21355 }
21356
21357 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
21358 if (!hdr)
21359 goto nla_put_failure;
21360
21361 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21362 (freq &&
21363 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
21364 KHZ_TO_MHZ(freq)) ||
21365 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
21366 freq % 1000))) ||
21367 (sig_dbm &&
21368 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
21369 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
21370 goto nla_put_failure;
21371
21372 genlmsg_end(msg, hdr);
21373
21374 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
21375 }
21376 spin_unlock_bh(&rdev->beacon_registrations_lock);
21377 return;
21378
21379 nla_put_failure:
21380 spin_unlock_bh(&rdev->beacon_registrations_lock);
21381 nlmsg_free(msg);
21382 }
21383 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
21384
21385 #ifdef CONFIG_PM
cfg80211_net_detect_results(struct sk_buff * msg,struct cfg80211_wowlan_wakeup * wakeup)21386 static int cfg80211_net_detect_results(struct sk_buff *msg,
21387 struct cfg80211_wowlan_wakeup *wakeup)
21388 {
21389 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
21390 struct nlattr *nl_results, *nl_match, *nl_freqs;
21391 int i, j;
21392
21393 nl_results = nla_nest_start_noflag(msg,
21394 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
21395 if (!nl_results)
21396 return -EMSGSIZE;
21397
21398 for (i = 0; i < nd->n_matches; i++) {
21399 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
21400
21401 nl_match = nla_nest_start_noflag(msg, i);
21402 if (!nl_match)
21403 break;
21404
21405 /* The SSID attribute is optional in nl80211, but for
21406 * simplicity reasons it's always present in the
21407 * cfg80211 structure. If a driver can't pass the
21408 * SSID, that needs to be changed. A zero length SSID
21409 * is still a valid SSID (wildcard), so it cannot be
21410 * used for this purpose.
21411 */
21412 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
21413 match->ssid.ssid)) {
21414 nla_nest_cancel(msg, nl_match);
21415 goto out;
21416 }
21417
21418 if (match->n_channels) {
21419 nl_freqs = nla_nest_start_noflag(msg,
21420 NL80211_ATTR_SCAN_FREQUENCIES);
21421 if (!nl_freqs) {
21422 nla_nest_cancel(msg, nl_match);
21423 goto out;
21424 }
21425
21426 for (j = 0; j < match->n_channels; j++) {
21427 if (nla_put_u32(msg, j, match->channels[j])) {
21428 nla_nest_cancel(msg, nl_freqs);
21429 nla_nest_cancel(msg, nl_match);
21430 goto out;
21431 }
21432 }
21433
21434 nla_nest_end(msg, nl_freqs);
21435 }
21436
21437 nla_nest_end(msg, nl_match);
21438 }
21439
21440 out:
21441 nla_nest_end(msg, nl_results);
21442 return 0;
21443 }
21444
cfg80211_report_wowlan_wakeup(struct wireless_dev * wdev,struct cfg80211_wowlan_wakeup * wakeup,gfp_t gfp)21445 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
21446 struct cfg80211_wowlan_wakeup *wakeup,
21447 gfp_t gfp)
21448 {
21449 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21450 struct sk_buff *msg;
21451 void *hdr;
21452 int size = 200;
21453
21454 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
21455
21456 if (wakeup)
21457 size += wakeup->packet_present_len;
21458
21459 msg = nlmsg_new(size, gfp);
21460 if (!msg)
21461 return;
21462
21463 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
21464 if (!hdr)
21465 goto free_msg;
21466
21467 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21468 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21469 NL80211_ATTR_PAD))
21470 goto free_msg;
21471
21472 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
21473 wdev->netdev->ifindex))
21474 goto free_msg;
21475
21476 if (wakeup) {
21477 struct nlattr *reasons;
21478
21479 reasons = nla_nest_start_noflag(msg,
21480 NL80211_ATTR_WOWLAN_TRIGGERS);
21481 if (!reasons)
21482 goto free_msg;
21483
21484 if (wakeup->disconnect &&
21485 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
21486 goto free_msg;
21487 if (wakeup->magic_pkt &&
21488 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
21489 goto free_msg;
21490 if (wakeup->gtk_rekey_failure &&
21491 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
21492 goto free_msg;
21493 if (wakeup->eap_identity_req &&
21494 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
21495 goto free_msg;
21496 if (wakeup->four_way_handshake &&
21497 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
21498 goto free_msg;
21499 if (wakeup->rfkill_release &&
21500 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
21501 goto free_msg;
21502
21503 if (wakeup->pattern_idx >= 0 &&
21504 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
21505 wakeup->pattern_idx))
21506 goto free_msg;
21507
21508 if (wakeup->tcp_match &&
21509 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
21510 goto free_msg;
21511
21512 if (wakeup->tcp_connlost &&
21513 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
21514 goto free_msg;
21515
21516 if (wakeup->tcp_nomoretokens &&
21517 nla_put_flag(msg,
21518 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
21519 goto free_msg;
21520
21521 if (wakeup->unprot_deauth_disassoc &&
21522 nla_put_flag(msg,
21523 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
21524 goto free_msg;
21525
21526 if (wakeup->packet) {
21527 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
21528 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
21529
21530 if (!wakeup->packet_80211) {
21531 pkt_attr =
21532 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
21533 len_attr =
21534 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
21535 }
21536
21537 if (wakeup->packet_len &&
21538 nla_put_u32(msg, len_attr, wakeup->packet_len))
21539 goto free_msg;
21540
21541 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
21542 wakeup->packet))
21543 goto free_msg;
21544 }
21545
21546 if (wakeup->net_detect &&
21547 cfg80211_net_detect_results(msg, wakeup))
21548 goto free_msg;
21549
21550 nla_nest_end(msg, reasons);
21551 }
21552
21553 genlmsg_end(msg, hdr);
21554
21555 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21556 NL80211_MCGRP_MLME, gfp);
21557 return;
21558
21559 free_msg:
21560 nlmsg_free(msg);
21561 }
21562 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
21563 #endif
21564
cfg80211_tdls_oper_request(struct net_device * dev,const u8 * peer,enum nl80211_tdls_operation oper,u16 reason_code,gfp_t gfp)21565 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
21566 enum nl80211_tdls_operation oper,
21567 u16 reason_code, gfp_t gfp)
21568 {
21569 struct wireless_dev *wdev = dev->ieee80211_ptr;
21570 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21571 struct sk_buff *msg;
21572 void *hdr;
21573
21574 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
21575 reason_code);
21576
21577 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21578 if (!msg)
21579 return;
21580
21581 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
21582 if (!hdr) {
21583 nlmsg_free(msg);
21584 return;
21585 }
21586
21587 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21588 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21589 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
21590 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
21591 (reason_code > 0 &&
21592 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
21593 goto nla_put_failure;
21594
21595 genlmsg_end(msg, hdr);
21596
21597 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21598 NL80211_MCGRP_MLME, gfp);
21599 return;
21600
21601 nla_put_failure:
21602 nlmsg_free(msg);
21603 }
21604 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
21605
nl80211_netlink_notify(struct notifier_block * nb,unsigned long state,void * _notify)21606 static int nl80211_netlink_notify(struct notifier_block * nb,
21607 unsigned long state,
21608 void *_notify)
21609 {
21610 struct netlink_notify *notify = _notify;
21611 struct cfg80211_registered_device *rdev;
21612 struct wireless_dev *wdev;
21613 struct cfg80211_beacon_registration *reg, *tmp;
21614
21615 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
21616 return NOTIFY_DONE;
21617
21618 rcu_read_lock();
21619
21620 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
21621 struct cfg80211_sched_scan_request *sched_scan_req;
21622
21623 list_for_each_entry_rcu(sched_scan_req,
21624 &rdev->sched_scan_req_list,
21625 list) {
21626 if (sched_scan_req->owner_nlportid == notify->portid) {
21627 sched_scan_req->nl_owner_dead = true;
21628 wiphy_work_queue(&rdev->wiphy,
21629 &rdev->sched_scan_stop_wk);
21630 }
21631 }
21632
21633 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
21634 cfg80211_mlme_unregister_socket(wdev, notify->portid);
21635
21636 if (wdev->owner_nlportid == notify->portid) {
21637 wdev->nl_owner_dead = true;
21638 schedule_work(&rdev->destroy_work);
21639 } else if (wdev->conn_owner_nlportid == notify->portid) {
21640 schedule_work(&wdev->disconnect_wk);
21641 }
21642
21643 cfg80211_release_pmsr(wdev, notify->portid);
21644 }
21645
21646 spin_lock_bh(&rdev->beacon_registrations_lock);
21647 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
21648 list) {
21649 if (reg->nlportid == notify->portid) {
21650 list_del(®->list);
21651 kfree(reg);
21652 break;
21653 }
21654 }
21655 spin_unlock_bh(&rdev->beacon_registrations_lock);
21656 }
21657
21658 rcu_read_unlock();
21659
21660 /*
21661 * It is possible that the user space process that is controlling the
21662 * indoor setting disappeared, so notify the regulatory core.
21663 */
21664 regulatory_netlink_notify(notify->portid);
21665 return NOTIFY_OK;
21666 }
21667
21668 static struct notifier_block nl80211_netlink_notifier = {
21669 .notifier_call = nl80211_netlink_notify,
21670 };
21671
cfg80211_ft_event(struct net_device * netdev,struct cfg80211_ft_event_params * ft_event)21672 void cfg80211_ft_event(struct net_device *netdev,
21673 struct cfg80211_ft_event_params *ft_event)
21674 {
21675 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
21676 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21677 struct sk_buff *msg;
21678 void *hdr;
21679
21680 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
21681
21682 if (!ft_event->target_ap)
21683 return;
21684
21685 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
21686 GFP_KERNEL);
21687 if (!msg)
21688 return;
21689
21690 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
21691 if (!hdr)
21692 goto out;
21693
21694 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21695 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21696 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
21697 goto out;
21698
21699 if (ft_event->ies &&
21700 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
21701 goto out;
21702 if (ft_event->ric_ies &&
21703 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
21704 ft_event->ric_ies))
21705 goto out;
21706
21707 genlmsg_end(msg, hdr);
21708
21709 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21710 NL80211_MCGRP_MLME, GFP_KERNEL);
21711 return;
21712 out:
21713 nlmsg_free(msg);
21714 }
21715 EXPORT_SYMBOL(cfg80211_ft_event);
21716
cfg80211_crit_proto_stopped(struct wireless_dev * wdev,gfp_t gfp)21717 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
21718 {
21719 struct cfg80211_registered_device *rdev;
21720 struct sk_buff *msg;
21721 void *hdr;
21722 u32 nlportid;
21723
21724 rdev = wiphy_to_rdev(wdev->wiphy);
21725 if (!rdev->crit_proto_nlportid)
21726 return;
21727
21728 nlportid = rdev->crit_proto_nlportid;
21729 rdev->crit_proto_nlportid = 0;
21730
21731 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21732 if (!msg)
21733 return;
21734
21735 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
21736 if (!hdr)
21737 goto nla_put_failure;
21738
21739 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21740 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21741 NL80211_ATTR_PAD))
21742 goto nla_put_failure;
21743
21744 genlmsg_end(msg, hdr);
21745
21746 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21747 return;
21748
21749 nla_put_failure:
21750 nlmsg_free(msg);
21751 }
21752 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
21753
nl80211_send_ap_stopped(struct wireless_dev * wdev,unsigned int link_id)21754 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
21755 {
21756 struct wiphy *wiphy = wdev->wiphy;
21757 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21758 struct sk_buff *msg;
21759 void *hdr;
21760
21761 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21762 if (!msg)
21763 return;
21764
21765 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
21766 if (!hdr)
21767 goto out;
21768
21769 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21770 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
21771 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21772 NL80211_ATTR_PAD) ||
21773 (wdev->valid_links &&
21774 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
21775 goto out;
21776
21777 genlmsg_end(msg, hdr);
21778
21779 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
21780 NL80211_MCGRP_MLME, GFP_KERNEL);
21781 return;
21782 out:
21783 nlmsg_free(msg);
21784 }
21785
cfg80211_external_auth_request(struct net_device * dev,struct cfg80211_external_auth_params * params,gfp_t gfp)21786 int cfg80211_external_auth_request(struct net_device *dev,
21787 struct cfg80211_external_auth_params *params,
21788 gfp_t gfp)
21789 {
21790 struct wireless_dev *wdev = dev->ieee80211_ptr;
21791 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21792 struct sk_buff *msg;
21793 void *hdr;
21794
21795 if (!wdev->conn_owner_nlportid)
21796 return -EINVAL;
21797
21798 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21799 if (!msg)
21800 return -ENOMEM;
21801
21802 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
21803 if (!hdr)
21804 goto nla_put_failure;
21805
21806 /* Some historical mistakes in drivers <-> userspace interface (notably
21807 * between drivers and wpa_supplicant) led to a big-endian conversion
21808 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
21809 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
21810 * benefit of older wpa_supplicant versions, send this particular value
21811 * in big-endian. Note that newer wpa_supplicant will also detect this
21812 * particular value in big endian still, so it all continues to work.
21813 */
21814 if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
21815 if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
21816 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
21817 goto nla_put_failure;
21818 } else {
21819 if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
21820 params->key_mgmt_suite))
21821 goto nla_put_failure;
21822 }
21823
21824 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21825 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21826 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
21827 params->action) ||
21828 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
21829 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
21830 params->ssid.ssid) ||
21831 (!is_zero_ether_addr(params->mld_addr) &&
21832 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
21833 goto nla_put_failure;
21834
21835 genlmsg_end(msg, hdr);
21836 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
21837 wdev->conn_owner_nlportid);
21838 return 0;
21839
21840 nla_put_failure:
21841 nlmsg_free(msg);
21842 return -ENOBUFS;
21843 }
21844 EXPORT_SYMBOL(cfg80211_external_auth_request);
21845
cfg80211_update_owe_info_event(struct net_device * netdev,struct cfg80211_update_owe_info * owe_info,gfp_t gfp)21846 void cfg80211_update_owe_info_event(struct net_device *netdev,
21847 struct cfg80211_update_owe_info *owe_info,
21848 gfp_t gfp)
21849 {
21850 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
21851 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21852 struct sk_buff *msg;
21853 void *hdr;
21854
21855 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
21856
21857 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21858 if (!msg)
21859 return;
21860
21861 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
21862 if (!hdr)
21863 goto nla_put_failure;
21864
21865 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21866 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21867 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
21868 goto nla_put_failure;
21869
21870 if (!owe_info->ie_len ||
21871 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
21872 goto nla_put_failure;
21873
21874 if (owe_info->assoc_link_id != -1) {
21875 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
21876 owe_info->assoc_link_id))
21877 goto nla_put_failure;
21878
21879 if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
21880 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
21881 owe_info->peer_mld_addr))
21882 goto nla_put_failure;
21883 }
21884
21885 genlmsg_end(msg, hdr);
21886
21887 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21888 NL80211_MCGRP_MLME, gfp);
21889 return;
21890
21891 nla_put_failure:
21892 genlmsg_cancel(msg, hdr);
21893 nlmsg_free(msg);
21894 }
21895 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
21896
cfg80211_schedule_channels_check(struct wireless_dev * wdev)21897 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
21898 {
21899 struct wiphy *wiphy = wdev->wiphy;
21900
21901 /* Schedule channels check if NO_IR or DFS relaxations are supported */
21902 if (wdev->iftype == NL80211_IFTYPE_STATION &&
21903 (wiphy_ext_feature_isset(wiphy,
21904 NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
21905 (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
21906 wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
21907 reg_check_channels();
21908 }
21909 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
21910
cfg80211_epcs_changed(struct net_device * netdev,bool enabled)21911 void cfg80211_epcs_changed(struct net_device *netdev, bool enabled)
21912 {
21913 struct wireless_dev *wdev = netdev->ieee80211_ptr;
21914 struct wiphy *wiphy = wdev->wiphy;
21915 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21916 struct sk_buff *msg;
21917 void *hdr;
21918
21919 trace_cfg80211_epcs_changed(wdev, enabled);
21920
21921 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21922 if (!msg)
21923 return;
21924
21925 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EPCS_CFG);
21926 if (!hdr) {
21927 nlmsg_free(msg);
21928 return;
21929 }
21930
21931 if (enabled && nla_put_flag(msg, NL80211_ATTR_EPCS))
21932 goto nla_put_failure;
21933
21934 genlmsg_end(msg, hdr);
21935 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21936 NL80211_MCGRP_MLME, GFP_KERNEL);
21937 return;
21938
21939 nla_put_failure:
21940 nlmsg_free(msg);
21941 }
21942 EXPORT_SYMBOL(cfg80211_epcs_changed);
21943
cfg80211_next_nan_dw_notif(struct wireless_dev * wdev,struct ieee80211_channel * chan,gfp_t gfp)21944 void cfg80211_next_nan_dw_notif(struct wireless_dev *wdev,
21945 struct ieee80211_channel *chan, gfp_t gfp)
21946 {
21947 struct wiphy *wiphy = wdev->wiphy;
21948 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21949 struct sk_buff *msg;
21950 void *hdr;
21951
21952 trace_cfg80211_next_nan_dw_notif(wdev, chan);
21953
21954 if (!wdev->owner_nlportid)
21955 return;
21956
21957 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21958 if (!msg)
21959 return;
21960
21961 hdr = nl80211hdr_put(msg, 0, 0, 0,
21962 NL80211_CMD_NAN_NEXT_DW_NOTIFICATION);
21963 if (!hdr)
21964 goto nla_put_failure;
21965
21966 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21967 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21968 NL80211_ATTR_PAD) ||
21969 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq))
21970 goto nla_put_failure;
21971
21972 genlmsg_end(msg, hdr);
21973
21974 genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
21975
21976 return;
21977
21978 nla_put_failure:
21979 nlmsg_free(msg);
21980 }
21981 EXPORT_SYMBOL(cfg80211_next_nan_dw_notif);
21982
cfg80211_nan_cluster_joined(struct wireless_dev * wdev,const u8 * cluster_id,bool new_cluster,gfp_t gfp)21983 void cfg80211_nan_cluster_joined(struct wireless_dev *wdev,
21984 const u8 *cluster_id, bool new_cluster,
21985 gfp_t gfp)
21986 {
21987 struct wiphy *wiphy = wdev->wiphy;
21988 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21989 struct sk_buff *msg;
21990 void *hdr;
21991
21992 trace_cfg80211_nan_cluster_joined(wdev, cluster_id, new_cluster);
21993
21994 memcpy(wdev->u.nan.cluster_id, cluster_id, ETH_ALEN);
21995
21996 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21997 if (!msg)
21998 return;
21999
22000 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_CLUSTER_JOINED);
22001 if (!hdr)
22002 goto nla_put_failure;
22003
22004 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22005 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22006 NL80211_ATTR_PAD) ||
22007 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cluster_id) ||
22008 (new_cluster && nla_put_flag(msg, NL80211_ATTR_NAN_NEW_CLUSTER)))
22009 goto nla_put_failure;
22010
22011 genlmsg_end(msg, hdr);
22012
22013 if (!wdev->owner_nlportid)
22014 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy),
22015 msg, 0, NL80211_MCGRP_NAN, gfp);
22016 else
22017 genlmsg_unicast(wiphy_net(wiphy), msg,
22018 wdev->owner_nlportid);
22019 return;
22020
22021 nla_put_failure:
22022 nlmsg_free(msg);
22023 }
22024 EXPORT_SYMBOL(cfg80211_nan_cluster_joined);
22025
22026 /* initialisation/exit functions */
22027
nl80211_init(void)22028 int __init nl80211_init(void)
22029 {
22030 int err;
22031
22032 err = genl_register_family(&nl80211_fam);
22033 if (err)
22034 return err;
22035
22036 err = netlink_register_notifier(&nl80211_netlink_notifier);
22037 if (err)
22038 goto err_out;
22039
22040 return 0;
22041 err_out:
22042 genl_unregister_family(&nl80211_fam);
22043 return err;
22044 }
22045
nl80211_exit(void)22046 void nl80211_exit(void)
22047 {
22048 netlink_unregister_notifier(&nl80211_netlink_notifier);
22049 genl_unregister_family(&nl80211_fam);
22050 }
22051