1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2024 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct cfg80211_registered_device * rdev,struct net * netns,struct nlattr ** attrs)67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69 {
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 for_each_rdev(rdev) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137 }
138
139 static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net * netns,struct nlattr ** attrs)140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141 {
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163 /* make sure wdev exists */
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191 /* not wireless device -- return error */
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195 /* mismatch -- return error */
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210 }
211
212 /*
213 * This function returns a pointer to the driver
214 * that the genl_info item that is passed refers to.
215 *
216 * The result of this can be a PTR_ERR and hence must
217 * be checked with IS_ERR() for errors.
218 */
219 static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net * netns,struct genl_info * info)220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221 {
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223 }
224
validate_beacon_head(const struct nlattr * attr,struct netlink_ext_ack * extack)225 static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227 {
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 unsigned int fixedlen, hdrlen;
233 bool s1g_bcn;
234
235 if (len < offsetofend(typeof(*mgmt), frame_control))
236 goto err;
237
238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
239 if (s1g_bcn) {
240 fixedlen = offsetof(struct ieee80211_ext,
241 u.s1g_beacon.variable);
242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
243 } else {
244 fixedlen = offsetof(struct ieee80211_mgmt,
245 u.beacon.variable);
246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
247 }
248
249 if (len < fixedlen)
250 goto err;
251
252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
253 goto err;
254
255 data += fixedlen;
256 len -= fixedlen;
257
258 for_each_element(elem, data, len) {
259 /* nothing */
260 }
261
262 if (for_each_element_completed(elem, data, len))
263 return 0;
264
265 err:
266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
267 return -EINVAL;
268 }
269
validate_ie_attr(const struct nlattr * attr,struct netlink_ext_ack * extack)270 static int validate_ie_attr(const struct nlattr *attr,
271 struct netlink_ext_ack *extack)
272 {
273 const u8 *data = nla_data(attr);
274 unsigned int len = nla_len(attr);
275 const struct element *elem;
276
277 for_each_element(elem, data, len) {
278 /* nothing */
279 }
280
281 if (for_each_element_completed(elem, data, len))
282 return 0;
283
284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
285 return -EINVAL;
286 }
287
validate_he_capa(const struct nlattr * attr,struct netlink_ext_ack * extack)288 static int validate_he_capa(const struct nlattr *attr,
289 struct netlink_ext_ack *extack)
290 {
291 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
292 return -EINVAL;
293
294 return 0;
295 }
296
validate_supported_selectors(const struct nlattr * attr,struct netlink_ext_ack * extack)297 static int validate_supported_selectors(const struct nlattr *attr,
298 struct netlink_ext_ack *extack)
299 {
300 const u8 *supported_selectors = nla_data(attr);
301 u8 supported_selectors_len = nla_len(attr);
302
303 /* The top bit must not be set as it is not part of the selector */
304 for (int i = 0; i < supported_selectors_len; i++) {
305 if (supported_selectors[i] & 0x80)
306 return -EINVAL;
307 }
308
309 return 0;
310 }
311
312 /* policy for the attributes */
313 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
314
315 static const struct nla_policy
316 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
317 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
318 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
319 .len = U8_MAX },
320 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
321 .len = U8_MAX },
322 };
323
324 static const struct nla_policy
325 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
326 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
327 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
328 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
329 NLA_POLICY_MAX(NLA_U8, 15),
330 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
331 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
332 NLA_POLICY_MAX(NLA_U8, 15),
333 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 },
334 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
335 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
336 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
337 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
338 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
339 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
340 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
341 };
342
343 static const struct nla_policy
344 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
345 [NL80211_PMSR_TYPE_FTM] =
346 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
347 };
348
349 static const struct nla_policy
350 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
351 [NL80211_PMSR_REQ_ATTR_DATA] =
352 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
353 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
354 };
355
356 static const struct nla_policy
357 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
358 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
359 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
360 [NL80211_PMSR_PEER_ATTR_REQ] =
361 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
362 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
363 };
364
365 static const struct nla_policy
366 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
367 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
368 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
369 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
370 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
371 [NL80211_PMSR_ATTR_PEERS] =
372 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
373 };
374
375 static const struct nla_policy
376 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
377 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
378 NLA_POLICY_RANGE(NLA_U8, 1, 20),
379 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
380 NLA_POLICY_RANGE(NLA_U8, 1, 20),
381 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
382 NLA_POLICY_RANGE(NLA_U8, 1, 20),
383 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
384 NLA_POLICY_EXACT_LEN(8),
385 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
386 NLA_POLICY_EXACT_LEN(8),
387 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
388 };
389
390 static const struct nla_policy
391 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
392 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
393 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
394 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
395 };
396
397 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
398 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
399 .len = NL80211_MAX_SUPP_RATES },
400 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
401 .len = NL80211_MAX_SUPP_HT_RATES },
402 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
403 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
404 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
405 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
406 NL80211_RATE_INFO_HE_GI_0_8,
407 NL80211_RATE_INFO_HE_GI_3_2),
408 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
409 NL80211_RATE_INFO_HE_1XLTF,
410 NL80211_RATE_INFO_HE_4XLTF),
411 };
412
413 static const struct nla_policy
414 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
415 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
416 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
417 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
418 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
419 [NL80211_TID_CONFIG_ATTR_NOACK] =
420 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
421 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
422 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
423 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
424 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
425 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
426 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
427 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
428 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
429 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
430 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
431 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
432 NLA_POLICY_NESTED(nl80211_txattr_policy),
433 };
434
435 static const struct nla_policy
436 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
437 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
438 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
439 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
440 NLA_POLICY_RANGE(NLA_BINARY,
441 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
442 IEEE80211_MAX_DATA_LEN),
443 };
444
445 static const struct nla_policy
446 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
447 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
448 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
449 .len = IEEE80211_MAX_DATA_LEN }
450 };
451
452 static const struct nla_policy
453 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
454 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
455 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
456 };
457
458 static const struct nla_policy
459 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
460 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
461 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
462 };
463
464 static const struct nla_policy
465 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
466 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
467 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
468 NLA_POLICY_MIN(NLA_U8, 1),
469 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
470 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
471 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
472 };
473
474 static const struct nla_policy
475 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
476 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
477 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
478 };
479
480 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
481 .min = 0,
482 .max = 0xffff,
483 };
484
485 static const struct netlink_range_validation q_range = {
486 .max = INT_MAX,
487 };
488
489 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
490 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
491 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
492 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
493 .len = 20-1 },
494 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
495
496 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
497 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
498 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
499 NL80211_EDMG_CHANNELS_MIN,
500 NL80211_EDMG_CHANNELS_MAX),
501 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
502 NL80211_EDMG_BW_CONFIG_MIN,
503 NL80211_EDMG_BW_CONFIG_MAX),
504
505 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
506 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
507 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
508 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
509
510 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
511 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
512 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
513 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
514 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
515 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
516
517 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
518 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
519 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
520
521 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
522 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
523
524 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
525 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
526 .len = WLAN_MAX_KEY_LEN },
527 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
528 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
529 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
530 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
531 [NL80211_ATTR_KEY_TYPE] =
532 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
533
534 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
535 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
536 [NL80211_ATTR_BEACON_HEAD] =
537 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
538 IEEE80211_MAX_DATA_LEN),
539 [NL80211_ATTR_BEACON_TAIL] =
540 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
541 IEEE80211_MAX_DATA_LEN),
542 [NL80211_ATTR_STA_AID] =
543 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
544 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
545 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
546 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
547 .len = NL80211_MAX_SUPP_RATES },
548 [NL80211_ATTR_STA_PLINK_ACTION] =
549 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
550 [NL80211_ATTR_STA_TX_POWER_SETTING] =
551 NLA_POLICY_RANGE(NLA_U8,
552 NL80211_TX_POWER_AUTOMATIC,
553 NL80211_TX_POWER_FIXED),
554 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
555 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
556 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
557 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
558 .len = IEEE80211_MAX_MESH_ID_LEN },
559 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
560
561 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
562 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
563 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
564
565 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
566 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
567 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
568 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
569 .len = NL80211_MAX_SUPP_RATES },
570 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
571
572 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
573 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
574
575 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
576
577 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
578 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
579 validate_ie_attr,
580 IEEE80211_MAX_DATA_LEN),
581 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
582 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
583
584 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
585 .len = IEEE80211_MAX_SSID_LEN },
586 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
587 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
588 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
589 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
590 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
591 NL80211_MFP_NO,
592 NL80211_MFP_OPTIONAL),
593 [NL80211_ATTR_STA_FLAGS2] =
594 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
595 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
596 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
597 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
598 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
599 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
600 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
601 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
602 [NL80211_ATTR_WPA_VERSIONS] =
603 NLA_POLICY_RANGE(NLA_U32, 0,
604 NL80211_WPA_VERSION_1 |
605 NL80211_WPA_VERSION_2 |
606 NL80211_WPA_VERSION_3),
607 [NL80211_ATTR_PID] = { .type = NLA_U32 },
608 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
609 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
610 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
611 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
612 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
613 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
614 .len = IEEE80211_MAX_DATA_LEN },
615 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
616 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
617 NL80211_PS_DISABLED,
618 NL80211_PS_ENABLED),
619 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
620 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
621 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
622 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
623 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
624 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
625 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
626 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
627 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
628 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
629 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
630 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
631 [NL80211_ATTR_STA_PLINK_STATE] =
632 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
633 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
634 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
635 [NL80211_ATTR_MESH_PEER_AID] =
636 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
637 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
638 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
639 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
640 [NL80211_ATTR_HIDDEN_SSID] =
641 NLA_POLICY_RANGE(NLA_U32,
642 NL80211_HIDDEN_SSID_NOT_IN_USE,
643 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
644 [NL80211_ATTR_IE_PROBE_RESP] =
645 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
646 IEEE80211_MAX_DATA_LEN),
647 [NL80211_ATTR_IE_ASSOC_RESP] =
648 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
649 IEEE80211_MAX_DATA_LEN),
650 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
651 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
652 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
653 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
654 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
655 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
656 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
657 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
658 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
659 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
660 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
661 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
662 .len = IEEE80211_MAX_DATA_LEN },
663 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
664 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
665 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
666 .len = NL80211_HT_CAPABILITY_LEN
667 },
668 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
669 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
670 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
671 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
672 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
673
674 /* need to include at least Auth Transaction and Status Code */
675 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
676
677 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
678 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
679 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
680 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
681 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
682 NLA_POLICY_RANGE(NLA_U32,
683 NL80211_MESH_POWER_UNKNOWN + 1,
684 NL80211_MESH_POWER_MAX),
685 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
686 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
687 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
688 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
689 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
690 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
691 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
692 .len = NL80211_VHT_CAPABILITY_LEN,
693 },
694 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
695 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
696 .len = IEEE80211_MAX_DATA_LEN },
697 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
698 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
699 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
700 [NL80211_ATTR_PEER_AID] =
701 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
702 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
703 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
704 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
705 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
706 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
707 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
708 /*
709 * The value of the Length field of the Supported Operating
710 * Classes element is between 2 and 253.
711 */
712 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
713 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
714 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
715 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
716 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
717 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
718 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
719 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
720 IEEE80211_QOS_MAP_LEN_MIN,
721 IEEE80211_QOS_MAP_LEN_MAX),
722 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
723 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
724 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
725 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
726 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
727 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
728 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
729 [NL80211_ATTR_USER_PRIO] =
730 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
731 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
732 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
733 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
734 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
735 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
736 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
737 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
738 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
739 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
740 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
741 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
742 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
743 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
744 .len = VHT_MUMIMO_GROUPS_DATA_LEN
745 },
746 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
747 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
748 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
749 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
750 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
751 .len = FILS_MAX_KEK_LEN },
752 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
753 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
754 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
755 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
756 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
757 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
758 },
759 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
760 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
761 .len = FILS_ERP_MAX_USERNAME_LEN },
762 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
763 .len = FILS_ERP_MAX_REALM_LEN },
764 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
765 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
766 .len = FILS_ERP_MAX_RRK_LEN },
767 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
768 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
769 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
770 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
771 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
772
773 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
774 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
775 [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
776 [NL80211_ATTR_HE_CAPABILITY] =
777 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
778 NL80211_HE_MAX_CAPABILITY_LEN),
779 [NL80211_ATTR_FTM_RESPONDER] =
780 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
781 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
782 [NL80211_ATTR_PEER_MEASUREMENTS] =
783 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
784 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
785 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
786 .len = SAE_PASSWORD_MAX_LEN },
787 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
788 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
789 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
790 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
791 [NL80211_ATTR_TID_CONFIG] =
792 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
793 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
794 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
795 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
796 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
797 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
798 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
799 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
800 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
801 [NL80211_ATTR_FILS_DISCOVERY] =
802 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
803 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
804 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
805 [NL80211_ATTR_S1G_CAPABILITY] =
806 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
807 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
808 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
809 [NL80211_ATTR_SAE_PWE] =
810 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
811 NL80211_SAE_PWE_BOTH),
812 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
813 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
814 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
815 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
816 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
817 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
818 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
819 [NL80211_ATTR_MBSSID_CONFIG] =
820 NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
821 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
822 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
823 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
824 [NL80211_ATTR_EHT_CAPABILITY] =
825 NLA_POLICY_RANGE(NLA_BINARY,
826 NL80211_EHT_MIN_CAPABILITY_LEN,
827 NL80211_EHT_MAX_CAPABILITY_LEN),
828 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
829 [NL80211_ATTR_MLO_LINKS] =
830 NLA_POLICY_NESTED_ARRAY(nl80211_policy),
831 [NL80211_ATTR_MLO_LINK_ID] =
832 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS - 1),
833 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
834 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
835 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
836 [NL80211_ATTR_PUNCT_BITMAP] =
837 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
838
839 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
840 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
841 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
842 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
843 [NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
844 [NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
845 [NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
846 [NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
847 [NL80211_ATTR_VIF_RADIO_MASK] = { .type = NLA_U32 },
848 [NL80211_ATTR_SUPPORTED_SELECTORS] =
849 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_supported_selectors,
850 NL80211_MAX_SUPP_SELECTORS),
851 [NL80211_ATTR_MLO_RECONF_REM_LINKS] = { .type = NLA_U16 },
852 [NL80211_ATTR_EPCS] = { .type = NLA_FLAG },
853 };
854
855 /* policy for the key attributes */
856 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
857 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
858 [NL80211_KEY_IDX] = { .type = NLA_U8 },
859 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
860 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
861 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
862 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
863 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
864 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
865 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
866 };
867
868 /* policy for the key default flags */
869 static const struct nla_policy
870 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
871 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
872 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
873 };
874
875 #ifdef CONFIG_PM
876 /* policy for WoWLAN attributes */
877 static const struct nla_policy
878 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
879 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
880 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
881 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
882 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
883 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
884 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
885 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
886 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
887 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
888 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
889 };
890
891 static const struct nla_policy
892 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
893 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
894 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
895 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
896 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
897 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
898 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
899 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
900 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
901 },
902 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
903 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
904 },
905 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
906 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
907 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
908 };
909 #endif /* CONFIG_PM */
910
911 /* policy for coalesce rule attributes */
912 static const struct nla_policy
913 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
914 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
915 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
916 NLA_POLICY_RANGE(NLA_U32,
917 NL80211_COALESCE_CONDITION_MATCH,
918 NL80211_COALESCE_CONDITION_NO_MATCH),
919 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
920 };
921
922 /* policy for GTK rekey offload attributes */
923 static const struct nla_policy
924 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
925 [NL80211_REKEY_DATA_KEK] = {
926 .type = NLA_BINARY,
927 .len = NL80211_KEK_EXT_LEN
928 },
929 [NL80211_REKEY_DATA_KCK] = {
930 .type = NLA_BINARY,
931 .len = NL80211_KCK_EXT_LEN_32
932 },
933 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
934 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
935 };
936
937 static const struct nla_policy
938 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
939 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
940 .len = IEEE80211_MAX_SSID_LEN },
941 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
942 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
943 };
944
945 static const struct nla_policy
946 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
947 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
948 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
949 };
950
951 static const struct nla_policy
952 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
953 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
954 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
955 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
956 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
957 },
958 };
959
960 /* policy for NAN function attributes */
961 static const struct nla_policy
962 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
963 [NL80211_NAN_FUNC_TYPE] =
964 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
965 [NL80211_NAN_FUNC_SERVICE_ID] = {
966 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
967 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
968 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
969 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
970 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
971 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
972 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
973 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
974 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
975 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
976 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
977 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
978 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
979 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
980 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
981 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
982 };
983
984 /* policy for Service Response Filter attributes */
985 static const struct nla_policy
986 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
987 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
988 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
989 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
990 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
991 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
992 };
993
994 /* policy for packet pattern attributes */
995 static const struct nla_policy
996 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
997 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
998 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
999 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
1000 };
1001
nl80211_prepare_wdev_dump(struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev,struct nlattr ** attrbuf)1002 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
1003 struct cfg80211_registered_device **rdev,
1004 struct wireless_dev **wdev,
1005 struct nlattr **attrbuf)
1006 {
1007 int err;
1008
1009 if (!cb->args[0]) {
1010 struct nlattr **attrbuf_free = NULL;
1011
1012 if (!attrbuf) {
1013 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
1014 GFP_KERNEL);
1015 if (!attrbuf)
1016 return -ENOMEM;
1017 attrbuf_free = attrbuf;
1018 }
1019
1020 err = nlmsg_parse_deprecated(cb->nlh,
1021 GENL_HDRLEN + nl80211_fam.hdrsize,
1022 attrbuf, nl80211_fam.maxattr,
1023 nl80211_policy, NULL);
1024 if (err) {
1025 kfree(attrbuf_free);
1026 return err;
1027 }
1028
1029 rtnl_lock();
1030 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1031 attrbuf);
1032 kfree(attrbuf_free);
1033 if (IS_ERR(*wdev)) {
1034 rtnl_unlock();
1035 return PTR_ERR(*wdev);
1036 }
1037 *rdev = wiphy_to_rdev((*wdev)->wiphy);
1038 mutex_lock(&(*rdev)->wiphy.mtx);
1039 rtnl_unlock();
1040 /* 0 is the first index - add 1 to parse only once */
1041 cb->args[0] = (*rdev)->wiphy_idx + 1;
1042 cb->args[1] = (*wdev)->identifier;
1043 } else {
1044 /* subtract the 1 again here */
1045 struct wiphy *wiphy;
1046 struct wireless_dev *tmp;
1047
1048 rtnl_lock();
1049 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1050 if (!wiphy) {
1051 rtnl_unlock();
1052 return -ENODEV;
1053 }
1054 *rdev = wiphy_to_rdev(wiphy);
1055 *wdev = NULL;
1056
1057 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1058 if (tmp->identifier == cb->args[1]) {
1059 *wdev = tmp;
1060 break;
1061 }
1062 }
1063
1064 if (!*wdev) {
1065 rtnl_unlock();
1066 return -ENODEV;
1067 }
1068 mutex_lock(&(*rdev)->wiphy.mtx);
1069 rtnl_unlock();
1070 }
1071
1072 return 0;
1073 }
1074
1075 /* message building helper */
nl80211hdr_put(struct sk_buff * skb,u32 portid,u32 seq,int flags,u8 cmd)1076 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1077 int flags, u8 cmd)
1078 {
1079 /* since there is no private header just add the generic one */
1080 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1081 }
1082
nl80211_msg_put_wmm_rules(struct sk_buff * msg,const struct ieee80211_reg_rule * rule)1083 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1084 const struct ieee80211_reg_rule *rule)
1085 {
1086 int j;
1087 struct nlattr *nl_wmm_rules =
1088 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1089
1090 if (!nl_wmm_rules)
1091 goto nla_put_failure;
1092
1093 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1094 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1095
1096 if (!nl_wmm_rule)
1097 goto nla_put_failure;
1098
1099 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1100 rule->wmm_rule.client[j].cw_min) ||
1101 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1102 rule->wmm_rule.client[j].cw_max) ||
1103 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1104 rule->wmm_rule.client[j].aifsn) ||
1105 nla_put_u16(msg, NL80211_WMMR_TXOP,
1106 rule->wmm_rule.client[j].cot))
1107 goto nla_put_failure;
1108
1109 nla_nest_end(msg, nl_wmm_rule);
1110 }
1111 nla_nest_end(msg, nl_wmm_rules);
1112
1113 return 0;
1114
1115 nla_put_failure:
1116 return -ENOBUFS;
1117 }
1118
nl80211_msg_put_channel(struct sk_buff * msg,struct wiphy * wiphy,struct ieee80211_channel * chan,bool large)1119 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1120 struct ieee80211_channel *chan,
1121 bool large)
1122 {
1123 /* Some channels must be completely excluded from the
1124 * list to protect old user-space tools from breaking
1125 */
1126 if (!large && chan->flags &
1127 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1128 return 0;
1129 if (!large && chan->freq_offset)
1130 return 0;
1131
1132 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1133 chan->center_freq))
1134 goto nla_put_failure;
1135
1136 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1137 goto nla_put_failure;
1138
1139 if ((chan->flags & IEEE80211_CHAN_PSD) &&
1140 nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1141 goto nla_put_failure;
1142
1143 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1144 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1145 goto nla_put_failure;
1146 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1147 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1148 goto nla_put_failure;
1149 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1150 goto nla_put_failure;
1151 }
1152 if (chan->flags & IEEE80211_CHAN_RADAR) {
1153 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1154 goto nla_put_failure;
1155 if (large) {
1156 u32 time;
1157
1158 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1159
1160 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1161 chan->dfs_state))
1162 goto nla_put_failure;
1163 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1164 time))
1165 goto nla_put_failure;
1166 if (nla_put_u32(msg,
1167 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1168 chan->dfs_cac_ms))
1169 goto nla_put_failure;
1170 }
1171 }
1172
1173 if (large) {
1174 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1175 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1176 goto nla_put_failure;
1177 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1178 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1179 goto nla_put_failure;
1180 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1181 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1182 goto nla_put_failure;
1183 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1184 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1185 goto nla_put_failure;
1186 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1187 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1188 goto nla_put_failure;
1189 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1190 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1191 goto nla_put_failure;
1192 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1193 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1194 goto nla_put_failure;
1195 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1196 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1197 goto nla_put_failure;
1198 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1199 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1200 goto nla_put_failure;
1201 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1202 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1203 goto nla_put_failure;
1204 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1205 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1206 goto nla_put_failure;
1207 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1208 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1209 goto nla_put_failure;
1210 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1211 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1212 goto nla_put_failure;
1213 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1214 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1215 goto nla_put_failure;
1216 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1217 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1218 goto nla_put_failure;
1219 if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1220 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1221 goto nla_put_failure;
1222 if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1223 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1224 goto nla_put_failure;
1225 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1226 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1227 goto nla_put_failure;
1228 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1229 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1230 goto nla_put_failure;
1231 if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) &&
1232 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR))
1233 goto nla_put_failure;
1234 if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) &&
1235 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP))
1236 goto nla_put_failure;
1237 }
1238
1239 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1240 DBM_TO_MBM(chan->max_power)))
1241 goto nla_put_failure;
1242
1243 if (large) {
1244 const struct ieee80211_reg_rule *rule =
1245 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1246
1247 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1248 if (nl80211_msg_put_wmm_rules(msg, rule))
1249 goto nla_put_failure;
1250 }
1251 }
1252
1253 return 0;
1254
1255 nla_put_failure:
1256 return -ENOBUFS;
1257 }
1258
nl80211_put_txq_stats(struct sk_buff * msg,struct cfg80211_txq_stats * txqstats,int attrtype)1259 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1260 struct cfg80211_txq_stats *txqstats,
1261 int attrtype)
1262 {
1263 struct nlattr *txqattr;
1264
1265 #define PUT_TXQVAL_U32(attr, memb) do { \
1266 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1267 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1268 return false; \
1269 } while (0)
1270
1271 txqattr = nla_nest_start_noflag(msg, attrtype);
1272 if (!txqattr)
1273 return false;
1274
1275 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1276 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1277 PUT_TXQVAL_U32(FLOWS, flows);
1278 PUT_TXQVAL_U32(DROPS, drops);
1279 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1280 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1281 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1282 PUT_TXQVAL_U32(COLLISIONS, collisions);
1283 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1284 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1285 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1286 nla_nest_end(msg, txqattr);
1287
1288 #undef PUT_TXQVAL_U32
1289 return true;
1290 }
1291
1292 /* netlink command implementations */
1293
1294 /**
1295 * nl80211_link_id - return link ID
1296 * @attrs: attributes to look at
1297 *
1298 * Returns: the link ID or 0 if not given
1299 *
1300 * Note this function doesn't do any validation of the link
1301 * ID validity wrt. links that were actually added, so it must
1302 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1303 * or if additional validation is done.
1304 */
nl80211_link_id(struct nlattr ** attrs)1305 static unsigned int nl80211_link_id(struct nlattr **attrs)
1306 {
1307 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1308
1309 return nla_get_u8_default(linkid, 0);
1310 }
1311
nl80211_link_id_or_invalid(struct nlattr ** attrs)1312 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1313 {
1314 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1315
1316 if (!linkid)
1317 return -1;
1318
1319 return nla_get_u8(linkid);
1320 }
1321
1322 struct key_parse {
1323 struct key_params p;
1324 int idx;
1325 int type;
1326 bool def, defmgmt, defbeacon;
1327 bool def_uni, def_multi;
1328 };
1329
nl80211_parse_key_new(struct genl_info * info,struct nlattr * key,struct key_parse * k)1330 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1331 struct key_parse *k)
1332 {
1333 struct nlattr *tb[NL80211_KEY_MAX + 1];
1334 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1335 nl80211_key_policy,
1336 info->extack);
1337 if (err)
1338 return err;
1339
1340 k->def = !!tb[NL80211_KEY_DEFAULT];
1341 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1342 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1343
1344 if (k->def) {
1345 k->def_uni = true;
1346 k->def_multi = true;
1347 }
1348 if (k->defmgmt || k->defbeacon)
1349 k->def_multi = true;
1350
1351 if (tb[NL80211_KEY_IDX])
1352 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1353
1354 if (tb[NL80211_KEY_DATA]) {
1355 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1356 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1357 }
1358
1359 if (tb[NL80211_KEY_SEQ]) {
1360 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1361 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1362 }
1363
1364 if (tb[NL80211_KEY_CIPHER])
1365 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1366
1367 if (tb[NL80211_KEY_TYPE])
1368 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1369
1370 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1371 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1372
1373 err = nla_parse_nested_deprecated(kdt,
1374 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1375 tb[NL80211_KEY_DEFAULT_TYPES],
1376 nl80211_key_default_policy,
1377 info->extack);
1378 if (err)
1379 return err;
1380
1381 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1382 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1383 }
1384
1385 if (tb[NL80211_KEY_MODE])
1386 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1387
1388 return 0;
1389 }
1390
nl80211_parse_key_old(struct genl_info * info,struct key_parse * k)1391 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1392 {
1393 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1394 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1395 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1396 }
1397
1398 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1399 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1400 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1401 }
1402
1403 if (info->attrs[NL80211_ATTR_KEY_IDX])
1404 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1405
1406 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1407 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1408
1409 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1410 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1411
1412 if (k->def) {
1413 k->def_uni = true;
1414 k->def_multi = true;
1415 }
1416 if (k->defmgmt)
1417 k->def_multi = true;
1418
1419 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1420 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1421
1422 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1423 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1424 int err = nla_parse_nested_deprecated(kdt,
1425 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1426 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1427 nl80211_key_default_policy,
1428 info->extack);
1429 if (err)
1430 return err;
1431
1432 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1433 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1434 }
1435
1436 return 0;
1437 }
1438
nl80211_parse_key(struct genl_info * info,struct key_parse * k)1439 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1440 {
1441 int err;
1442
1443 memset(k, 0, sizeof(*k));
1444 k->idx = -1;
1445 k->type = -1;
1446
1447 if (info->attrs[NL80211_ATTR_KEY])
1448 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1449 else
1450 err = nl80211_parse_key_old(info, k);
1451
1452 if (err)
1453 return err;
1454
1455 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1456 (k->defbeacon ? 1 : 0) > 1) {
1457 GENL_SET_ERR_MSG(info,
1458 "key with multiple default flags is invalid");
1459 return -EINVAL;
1460 }
1461
1462 if (k->defmgmt || k->defbeacon) {
1463 if (k->def_uni || !k->def_multi) {
1464 GENL_SET_ERR_MSG(info,
1465 "defmgmt/defbeacon key must be mcast");
1466 return -EINVAL;
1467 }
1468 }
1469
1470 if (k->idx != -1) {
1471 if (k->defmgmt) {
1472 if (k->idx < 4 || k->idx > 5) {
1473 GENL_SET_ERR_MSG(info,
1474 "defmgmt key idx not 4 or 5");
1475 return -EINVAL;
1476 }
1477 } else if (k->defbeacon) {
1478 if (k->idx < 6 || k->idx > 7) {
1479 GENL_SET_ERR_MSG(info,
1480 "defbeacon key idx not 6 or 7");
1481 return -EINVAL;
1482 }
1483 } else if (k->def) {
1484 if (k->idx < 0 || k->idx > 3) {
1485 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1486 return -EINVAL;
1487 }
1488 } else {
1489 if (k->idx < 0 || k->idx > 7) {
1490 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1491 return -EINVAL;
1492 }
1493 }
1494 }
1495
1496 return 0;
1497 }
1498
1499 static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device * rdev,struct genl_info * info,bool * no_ht)1500 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1501 struct genl_info *info, bool *no_ht)
1502 {
1503 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1504 struct key_parse parse;
1505 struct nlattr *key;
1506 struct cfg80211_cached_keys *result;
1507 int rem, err, def = 0;
1508 bool have_key = false;
1509
1510 nla_for_each_nested(key, keys, rem) {
1511 have_key = true;
1512 break;
1513 }
1514
1515 if (!have_key)
1516 return NULL;
1517
1518 result = kzalloc(sizeof(*result), GFP_KERNEL);
1519 if (!result)
1520 return ERR_PTR(-ENOMEM);
1521
1522 result->def = -1;
1523
1524 nla_for_each_nested(key, keys, rem) {
1525 memset(&parse, 0, sizeof(parse));
1526 parse.idx = -1;
1527
1528 err = nl80211_parse_key_new(info, key, &parse);
1529 if (err)
1530 goto error;
1531 err = -EINVAL;
1532 if (!parse.p.key)
1533 goto error;
1534 if (parse.idx < 0 || parse.idx > 3) {
1535 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1536 goto error;
1537 }
1538 if (parse.def) {
1539 if (def) {
1540 GENL_SET_ERR_MSG(info,
1541 "only one key can be default");
1542 goto error;
1543 }
1544 def = 1;
1545 result->def = parse.idx;
1546 if (!parse.def_uni || !parse.def_multi)
1547 goto error;
1548 } else if (parse.defmgmt)
1549 goto error;
1550 err = cfg80211_validate_key_settings(rdev, &parse.p,
1551 parse.idx, false, NULL);
1552 if (err)
1553 goto error;
1554 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1555 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1556 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1557 err = -EINVAL;
1558 goto error;
1559 }
1560 result->params[parse.idx].cipher = parse.p.cipher;
1561 result->params[parse.idx].key_len = parse.p.key_len;
1562 result->params[parse.idx].key = result->data[parse.idx];
1563 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1564
1565 /* must be WEP key if we got here */
1566 if (no_ht)
1567 *no_ht = true;
1568 }
1569
1570 if (result->def < 0) {
1571 err = -EINVAL;
1572 GENL_SET_ERR_MSG(info, "need a default/TX key");
1573 goto error;
1574 }
1575
1576 return result;
1577 error:
1578 kfree(result);
1579 return ERR_PTR(err);
1580 }
1581
nl80211_key_allowed(struct wireless_dev * wdev)1582 static int nl80211_key_allowed(struct wireless_dev *wdev)
1583 {
1584 lockdep_assert_wiphy(wdev->wiphy);
1585
1586 switch (wdev->iftype) {
1587 case NL80211_IFTYPE_AP:
1588 case NL80211_IFTYPE_AP_VLAN:
1589 case NL80211_IFTYPE_P2P_GO:
1590 case NL80211_IFTYPE_MESH_POINT:
1591 break;
1592 case NL80211_IFTYPE_ADHOC:
1593 if (wdev->u.ibss.current_bss)
1594 return 0;
1595 return -ENOLINK;
1596 case NL80211_IFTYPE_STATION:
1597 case NL80211_IFTYPE_P2P_CLIENT:
1598 if (wdev->connected)
1599 return 0;
1600 return -ENOLINK;
1601 case NL80211_IFTYPE_NAN:
1602 if (wiphy_ext_feature_isset(wdev->wiphy,
1603 NL80211_EXT_FEATURE_SECURE_NAN))
1604 return 0;
1605 return -EINVAL;
1606 case NL80211_IFTYPE_UNSPECIFIED:
1607 case NL80211_IFTYPE_OCB:
1608 case NL80211_IFTYPE_MONITOR:
1609 case NL80211_IFTYPE_P2P_DEVICE:
1610 case NL80211_IFTYPE_WDS:
1611 case NUM_NL80211_IFTYPES:
1612 return -EINVAL;
1613 }
1614
1615 return 0;
1616 }
1617
nl80211_get_valid_chan(struct wiphy * wiphy,u32 freq)1618 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1619 u32 freq)
1620 {
1621 struct ieee80211_channel *chan;
1622
1623 chan = ieee80211_get_channel_khz(wiphy, freq);
1624 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1625 return NULL;
1626 return chan;
1627 }
1628
nl80211_put_iftypes(struct sk_buff * msg,u32 attr,u16 ifmodes)1629 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1630 {
1631 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1632 int i;
1633
1634 if (!nl_modes)
1635 goto nla_put_failure;
1636
1637 i = 0;
1638 while (ifmodes) {
1639 if ((ifmodes & 1) && nla_put_flag(msg, i))
1640 goto nla_put_failure;
1641 ifmodes >>= 1;
1642 i++;
1643 }
1644
1645 nla_nest_end(msg, nl_modes);
1646 return 0;
1647
1648 nla_put_failure:
1649 return -ENOBUFS;
1650 }
1651
nl80211_put_ifcomb_data(struct sk_buff * msg,bool large,int idx,const struct ieee80211_iface_combination * c,u16 nested)1652 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx,
1653 const struct ieee80211_iface_combination *c,
1654 u16 nested)
1655 {
1656 struct nlattr *nl_combi, *nl_limits;
1657 int i;
1658
1659 nl_combi = nla_nest_start_noflag(msg, idx | nested);
1660 if (!nl_combi)
1661 goto nla_put_failure;
1662
1663 nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS |
1664 nested);
1665 if (!nl_limits)
1666 goto nla_put_failure;
1667
1668 for (i = 0; i < c->n_limits; i++) {
1669 struct nlattr *nl_limit;
1670
1671 nl_limit = nla_nest_start_noflag(msg, i + 1);
1672 if (!nl_limit)
1673 goto nla_put_failure;
1674 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max))
1675 goto nla_put_failure;
1676 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1677 c->limits[i].types))
1678 goto nla_put_failure;
1679 nla_nest_end(msg, nl_limit);
1680 }
1681
1682 nla_nest_end(msg, nl_limits);
1683
1684 if (c->beacon_int_infra_match &&
1685 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1686 goto nla_put_failure;
1687 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1688 c->num_different_channels) ||
1689 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1690 c->max_interfaces))
1691 goto nla_put_failure;
1692 if (large &&
1693 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1694 c->radar_detect_widths) ||
1695 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1696 c->radar_detect_regions)))
1697 goto nla_put_failure;
1698 if (c->beacon_int_min_gcd &&
1699 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1700 c->beacon_int_min_gcd))
1701 goto nla_put_failure;
1702
1703 nla_nest_end(msg, nl_combi);
1704
1705 return 0;
1706 nla_put_failure:
1707 return -ENOBUFS;
1708 }
1709
nl80211_put_iface_combinations(struct wiphy * wiphy,struct sk_buff * msg,int attr,int radio,bool large,u16 nested)1710 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1711 struct sk_buff *msg,
1712 int attr, int radio,
1713 bool large, u16 nested)
1714 {
1715 const struct ieee80211_iface_combination *c;
1716 struct nlattr *nl_combis;
1717 int i, n;
1718
1719 nl_combis = nla_nest_start_noflag(msg, attr | nested);
1720 if (!nl_combis)
1721 goto nla_put_failure;
1722
1723 if (radio >= 0) {
1724 c = wiphy->radio[0].iface_combinations;
1725 n = wiphy->radio[0].n_iface_combinations;
1726 } else {
1727 c = wiphy->iface_combinations;
1728 n = wiphy->n_iface_combinations;
1729 }
1730 for (i = 0; i < n; i++)
1731 if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested))
1732 goto nla_put_failure;
1733
1734 nla_nest_end(msg, nl_combis);
1735
1736 return 0;
1737 nla_put_failure:
1738 return -ENOBUFS;
1739 }
1740
1741 #ifdef CONFIG_PM
nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1742 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1743 struct sk_buff *msg)
1744 {
1745 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1746 struct nlattr *nl_tcp;
1747
1748 if (!tcp)
1749 return 0;
1750
1751 nl_tcp = nla_nest_start_noflag(msg,
1752 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1753 if (!nl_tcp)
1754 return -ENOBUFS;
1755
1756 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1757 tcp->data_payload_max))
1758 return -ENOBUFS;
1759
1760 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1761 tcp->data_payload_max))
1762 return -ENOBUFS;
1763
1764 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1765 return -ENOBUFS;
1766
1767 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1768 sizeof(*tcp->tok), tcp->tok))
1769 return -ENOBUFS;
1770
1771 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1772 tcp->data_interval_max))
1773 return -ENOBUFS;
1774
1775 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1776 tcp->wake_payload_max))
1777 return -ENOBUFS;
1778
1779 nla_nest_end(msg, nl_tcp);
1780 return 0;
1781 }
1782
nl80211_send_wowlan(struct sk_buff * msg,struct cfg80211_registered_device * rdev,bool large)1783 static int nl80211_send_wowlan(struct sk_buff *msg,
1784 struct cfg80211_registered_device *rdev,
1785 bool large)
1786 {
1787 struct nlattr *nl_wowlan;
1788
1789 if (!rdev->wiphy.wowlan)
1790 return 0;
1791
1792 nl_wowlan = nla_nest_start_noflag(msg,
1793 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1794 if (!nl_wowlan)
1795 return -ENOBUFS;
1796
1797 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1798 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1799 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1800 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1801 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1802 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1803 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1804 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1805 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1806 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1807 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1808 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1809 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1810 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1811 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1812 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1813 return -ENOBUFS;
1814
1815 if (rdev->wiphy.wowlan->n_patterns) {
1816 struct nl80211_pattern_support pat = {
1817 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1818 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1819 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1820 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1821 };
1822
1823 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1824 sizeof(pat), &pat))
1825 return -ENOBUFS;
1826 }
1827
1828 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1829 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1830 rdev->wiphy.wowlan->max_nd_match_sets))
1831 return -ENOBUFS;
1832
1833 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1834 return -ENOBUFS;
1835
1836 nla_nest_end(msg, nl_wowlan);
1837
1838 return 0;
1839 }
1840 #endif
1841
nl80211_send_coalesce(struct sk_buff * msg,struct cfg80211_registered_device * rdev)1842 static int nl80211_send_coalesce(struct sk_buff *msg,
1843 struct cfg80211_registered_device *rdev)
1844 {
1845 struct nl80211_coalesce_rule_support rule;
1846
1847 if (!rdev->wiphy.coalesce)
1848 return 0;
1849
1850 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1851 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1852 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1853 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1854 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1855 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1856
1857 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1858 return -ENOBUFS;
1859
1860 return 0;
1861 }
1862
1863 static int
nl80211_send_iftype_data(struct sk_buff * msg,const struct ieee80211_supported_band * sband,const struct ieee80211_sband_iftype_data * iftdata)1864 nl80211_send_iftype_data(struct sk_buff *msg,
1865 const struct ieee80211_supported_band *sband,
1866 const struct ieee80211_sband_iftype_data *iftdata)
1867 {
1868 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1869 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
1870
1871 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1872 iftdata->types_mask))
1873 return -ENOBUFS;
1874
1875 if (he_cap->has_he) {
1876 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1877 sizeof(he_cap->he_cap_elem.mac_cap_info),
1878 he_cap->he_cap_elem.mac_cap_info) ||
1879 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1880 sizeof(he_cap->he_cap_elem.phy_cap_info),
1881 he_cap->he_cap_elem.phy_cap_info) ||
1882 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1883 sizeof(he_cap->he_mcs_nss_supp),
1884 &he_cap->he_mcs_nss_supp) ||
1885 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1886 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1887 return -ENOBUFS;
1888 }
1889
1890 if (eht_cap->has_eht && he_cap->has_he) {
1891 u8 mcs_nss_size, ppe_thresh_size;
1892 u16 ppe_thres_hdr;
1893 bool is_ap;
1894
1895 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
1896 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
1897
1898 mcs_nss_size =
1899 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
1900 &eht_cap->eht_cap_elem,
1901 is_ap);
1902
1903 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
1904 ppe_thresh_size =
1905 ieee80211_eht_ppe_size(ppe_thres_hdr,
1906 eht_cap->eht_cap_elem.phy_cap_info);
1907
1908 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
1909 sizeof(eht_cap->eht_cap_elem.mac_cap_info),
1910 eht_cap->eht_cap_elem.mac_cap_info) ||
1911 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
1912 sizeof(eht_cap->eht_cap_elem.phy_cap_info),
1913 eht_cap->eht_cap_elem.phy_cap_info) ||
1914 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
1915 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
1916 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
1917 ppe_thresh_size, eht_cap->eht_ppe_thres))
1918 return -ENOBUFS;
1919 }
1920
1921 if (sband->band == NL80211_BAND_6GHZ &&
1922 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1923 sizeof(iftdata->he_6ghz_capa),
1924 &iftdata->he_6ghz_capa))
1925 return -ENOBUFS;
1926
1927 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
1928 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
1929 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
1930 return -ENOBUFS;
1931
1932 return 0;
1933 }
1934
nl80211_send_band_rateinfo(struct sk_buff * msg,struct ieee80211_supported_band * sband,bool large)1935 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1936 struct ieee80211_supported_band *sband,
1937 bool large)
1938 {
1939 struct nlattr *nl_rates, *nl_rate;
1940 struct ieee80211_rate *rate;
1941 int i;
1942
1943 /* add HT info */
1944 if (sband->ht_cap.ht_supported &&
1945 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1946 sizeof(sband->ht_cap.mcs),
1947 &sband->ht_cap.mcs) ||
1948 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1949 sband->ht_cap.cap) ||
1950 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1951 sband->ht_cap.ampdu_factor) ||
1952 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1953 sband->ht_cap.ampdu_density)))
1954 return -ENOBUFS;
1955
1956 /* add VHT info */
1957 if (sband->vht_cap.vht_supported &&
1958 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1959 sizeof(sband->vht_cap.vht_mcs),
1960 &sband->vht_cap.vht_mcs) ||
1961 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1962 sband->vht_cap.cap)))
1963 return -ENOBUFS;
1964
1965 if (large && sband->n_iftype_data) {
1966 struct nlattr *nl_iftype_data =
1967 nla_nest_start_noflag(msg,
1968 NL80211_BAND_ATTR_IFTYPE_DATA);
1969 const struct ieee80211_sband_iftype_data *iftd;
1970 int err;
1971
1972 if (!nl_iftype_data)
1973 return -ENOBUFS;
1974
1975 for_each_sband_iftype_data(sband, i, iftd) {
1976 struct nlattr *iftdata;
1977
1978 iftdata = nla_nest_start_noflag(msg, i + 1);
1979 if (!iftdata)
1980 return -ENOBUFS;
1981
1982 err = nl80211_send_iftype_data(msg, sband, iftd);
1983 if (err)
1984 return err;
1985
1986 nla_nest_end(msg, iftdata);
1987 }
1988
1989 nla_nest_end(msg, nl_iftype_data);
1990 }
1991
1992 /* add EDMG info */
1993 if (large && sband->edmg_cap.channels &&
1994 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1995 sband->edmg_cap.channels) ||
1996 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1997 sband->edmg_cap.bw_config)))
1998
1999 return -ENOBUFS;
2000
2001 /* add bitrates */
2002 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
2003 if (!nl_rates)
2004 return -ENOBUFS;
2005
2006 for (i = 0; i < sband->n_bitrates; i++) {
2007 nl_rate = nla_nest_start_noflag(msg, i);
2008 if (!nl_rate)
2009 return -ENOBUFS;
2010
2011 rate = &sband->bitrates[i];
2012 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
2013 rate->bitrate))
2014 return -ENOBUFS;
2015 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
2016 nla_put_flag(msg,
2017 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
2018 return -ENOBUFS;
2019
2020 nla_nest_end(msg, nl_rate);
2021 }
2022
2023 nla_nest_end(msg, nl_rates);
2024
2025 /* S1G capabilities */
2026 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
2027 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
2028 sizeof(sband->s1g_cap.cap),
2029 sband->s1g_cap.cap) ||
2030 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
2031 sizeof(sband->s1g_cap.nss_mcs),
2032 sband->s1g_cap.nss_mcs)))
2033 return -ENOBUFS;
2034
2035 return 0;
2036 }
2037
2038 static int
nl80211_send_mgmt_stypes(struct sk_buff * msg,const struct ieee80211_txrx_stypes * mgmt_stypes)2039 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2040 const struct ieee80211_txrx_stypes *mgmt_stypes)
2041 {
2042 u16 stypes;
2043 struct nlattr *nl_ftypes, *nl_ifs;
2044 enum nl80211_iftype ift;
2045 int i;
2046
2047 if (!mgmt_stypes)
2048 return 0;
2049
2050 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2051 if (!nl_ifs)
2052 return -ENOBUFS;
2053
2054 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2055 nl_ftypes = nla_nest_start_noflag(msg, ift);
2056 if (!nl_ftypes)
2057 return -ENOBUFS;
2058 i = 0;
2059 stypes = mgmt_stypes[ift].tx;
2060 while (stypes) {
2061 if ((stypes & 1) &&
2062 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2063 (i << 4) | IEEE80211_FTYPE_MGMT))
2064 return -ENOBUFS;
2065 stypes >>= 1;
2066 i++;
2067 }
2068 nla_nest_end(msg, nl_ftypes);
2069 }
2070
2071 nla_nest_end(msg, nl_ifs);
2072
2073 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2074 if (!nl_ifs)
2075 return -ENOBUFS;
2076
2077 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2078 nl_ftypes = nla_nest_start_noflag(msg, ift);
2079 if (!nl_ftypes)
2080 return -ENOBUFS;
2081 i = 0;
2082 stypes = mgmt_stypes[ift].rx;
2083 while (stypes) {
2084 if ((stypes & 1) &&
2085 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2086 (i << 4) | IEEE80211_FTYPE_MGMT))
2087 return -ENOBUFS;
2088 stypes >>= 1;
2089 i++;
2090 }
2091 nla_nest_end(msg, nl_ftypes);
2092 }
2093 nla_nest_end(msg, nl_ifs);
2094
2095 return 0;
2096 }
2097
2098 #define CMD(op, n) \
2099 do { \
2100 if (rdev->ops->op) { \
2101 i++; \
2102 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
2103 goto nla_put_failure; \
2104 } \
2105 } while (0)
2106
nl80211_add_commands_unsplit(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2107 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2108 struct sk_buff *msg)
2109 {
2110 int i = 0;
2111
2112 /*
2113 * do *NOT* add anything into this function, new things need to be
2114 * advertised only to new versions of userspace that can deal with
2115 * the split (and they can't possibly care about new features...
2116 */
2117 CMD(add_virtual_intf, NEW_INTERFACE);
2118 CMD(change_virtual_intf, SET_INTERFACE);
2119 CMD(add_key, NEW_KEY);
2120 CMD(start_ap, START_AP);
2121 CMD(add_station, NEW_STATION);
2122 CMD(add_mpath, NEW_MPATH);
2123 CMD(update_mesh_config, SET_MESH_CONFIG);
2124 CMD(change_bss, SET_BSS);
2125 CMD(auth, AUTHENTICATE);
2126 CMD(assoc, ASSOCIATE);
2127 CMD(deauth, DEAUTHENTICATE);
2128 CMD(disassoc, DISASSOCIATE);
2129 CMD(join_ibss, JOIN_IBSS);
2130 CMD(join_mesh, JOIN_MESH);
2131 CMD(set_pmksa, SET_PMKSA);
2132 CMD(del_pmksa, DEL_PMKSA);
2133 CMD(flush_pmksa, FLUSH_PMKSA);
2134 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2135 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2136 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2137 CMD(mgmt_tx, FRAME);
2138 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2139 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2140 i++;
2141 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2142 goto nla_put_failure;
2143 }
2144 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2145 rdev->ops->join_mesh) {
2146 i++;
2147 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2148 goto nla_put_failure;
2149 }
2150 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2151 CMD(tdls_mgmt, TDLS_MGMT);
2152 CMD(tdls_oper, TDLS_OPER);
2153 }
2154 if (rdev->wiphy.max_sched_scan_reqs)
2155 CMD(sched_scan_start, START_SCHED_SCAN);
2156 CMD(probe_client, PROBE_CLIENT);
2157 CMD(set_noack_map, SET_NOACK_MAP);
2158 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2159 i++;
2160 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2161 goto nla_put_failure;
2162 }
2163 CMD(start_p2p_device, START_P2P_DEVICE);
2164 CMD(set_mcast_rate, SET_MCAST_RATE);
2165 #ifdef CONFIG_NL80211_TESTMODE
2166 CMD(testmode_cmd, TESTMODE);
2167 #endif
2168
2169 if (rdev->ops->connect || rdev->ops->auth) {
2170 i++;
2171 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2172 goto nla_put_failure;
2173 }
2174
2175 if (rdev->ops->disconnect || rdev->ops->deauth) {
2176 i++;
2177 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2178 goto nla_put_failure;
2179 }
2180
2181 return i;
2182 nla_put_failure:
2183 return -ENOBUFS;
2184 }
2185
2186 static int
nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities * cap,struct sk_buff * msg)2187 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2188 struct sk_buff *msg)
2189 {
2190 struct nlattr *ftm;
2191
2192 if (!cap->ftm.supported)
2193 return 0;
2194
2195 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2196 if (!ftm)
2197 return -ENOBUFS;
2198
2199 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2200 return -ENOBUFS;
2201 if (cap->ftm.non_asap &&
2202 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2203 return -ENOBUFS;
2204 if (cap->ftm.request_lci &&
2205 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2206 return -ENOBUFS;
2207 if (cap->ftm.request_civicloc &&
2208 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2209 return -ENOBUFS;
2210 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2211 cap->ftm.preambles))
2212 return -ENOBUFS;
2213 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2214 cap->ftm.bandwidths))
2215 return -ENOBUFS;
2216 if (cap->ftm.max_bursts_exponent >= 0 &&
2217 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2218 cap->ftm.max_bursts_exponent))
2219 return -ENOBUFS;
2220 if (cap->ftm.max_ftms_per_burst &&
2221 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2222 cap->ftm.max_ftms_per_burst))
2223 return -ENOBUFS;
2224 if (cap->ftm.trigger_based &&
2225 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2226 return -ENOBUFS;
2227 if (cap->ftm.non_trigger_based &&
2228 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2229 return -ENOBUFS;
2230
2231 nla_nest_end(msg, ftm);
2232 return 0;
2233 }
2234
nl80211_send_pmsr_capa(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2235 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2236 struct sk_buff *msg)
2237 {
2238 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2239 struct nlattr *pmsr, *caps;
2240
2241 if (!cap)
2242 return 0;
2243
2244 /*
2245 * we don't need to clean up anything here since the caller
2246 * will genlmsg_cancel() if we fail
2247 */
2248
2249 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2250 if (!pmsr)
2251 return -ENOBUFS;
2252
2253 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2254 return -ENOBUFS;
2255
2256 if (cap->report_ap_tsf &&
2257 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2258 return -ENOBUFS;
2259
2260 if (cap->randomize_mac_addr &&
2261 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2262 return -ENOBUFS;
2263
2264 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2265 if (!caps)
2266 return -ENOBUFS;
2267
2268 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2269 return -ENOBUFS;
2270
2271 nla_nest_end(msg, caps);
2272 nla_nest_end(msg, pmsr);
2273
2274 return 0;
2275 }
2276
2277 static int
nl80211_put_iftype_akm_suites(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2278 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2279 struct sk_buff *msg)
2280 {
2281 int i;
2282 struct nlattr *nested, *nested_akms;
2283 const struct wiphy_iftype_akm_suites *iftype_akms;
2284
2285 if (!rdev->wiphy.num_iftype_akm_suites ||
2286 !rdev->wiphy.iftype_akm_suites)
2287 return 0;
2288
2289 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2290 if (!nested)
2291 return -ENOBUFS;
2292
2293 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2294 nested_akms = nla_nest_start(msg, i + 1);
2295 if (!nested_akms)
2296 return -ENOBUFS;
2297
2298 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2299
2300 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2301 iftype_akms->iftypes_mask))
2302 return -ENOBUFS;
2303
2304 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2305 sizeof(u32) * iftype_akms->n_akm_suites,
2306 iftype_akms->akm_suites)) {
2307 return -ENOBUFS;
2308 }
2309 nla_nest_end(msg, nested_akms);
2310 }
2311
2312 nla_nest_end(msg, nested);
2313
2314 return 0;
2315 }
2316
2317 static int
nl80211_put_tid_config_support(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2318 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2319 struct sk_buff *msg)
2320 {
2321 struct nlattr *supp;
2322
2323 if (!rdev->wiphy.tid_config_support.vif &&
2324 !rdev->wiphy.tid_config_support.peer)
2325 return 0;
2326
2327 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2328 if (!supp)
2329 return -ENOSPC;
2330
2331 if (rdev->wiphy.tid_config_support.vif &&
2332 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2333 rdev->wiphy.tid_config_support.vif,
2334 NL80211_TID_CONFIG_ATTR_PAD))
2335 goto fail;
2336
2337 if (rdev->wiphy.tid_config_support.peer &&
2338 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2339 rdev->wiphy.tid_config_support.peer,
2340 NL80211_TID_CONFIG_ATTR_PAD))
2341 goto fail;
2342
2343 /* for now we just use the same value ... makes more sense */
2344 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2345 rdev->wiphy.tid_config_support.max_retry))
2346 goto fail;
2347 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2348 rdev->wiphy.tid_config_support.max_retry))
2349 goto fail;
2350
2351 nla_nest_end(msg, supp);
2352
2353 return 0;
2354 fail:
2355 nla_nest_cancel(msg, supp);
2356 return -ENOBUFS;
2357 }
2358
2359 static int
nl80211_put_sar_specs(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2360 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2361 struct sk_buff *msg)
2362 {
2363 struct nlattr *sar_capa, *specs, *sub_freq_range;
2364 u8 num_freq_ranges;
2365 int i;
2366
2367 if (!rdev->wiphy.sar_capa)
2368 return 0;
2369
2370 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2371
2372 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2373 if (!sar_capa)
2374 return -ENOSPC;
2375
2376 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2377 goto fail;
2378
2379 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2380 if (!specs)
2381 goto fail;
2382
2383 /* report supported freq_ranges */
2384 for (i = 0; i < num_freq_ranges; i++) {
2385 sub_freq_range = nla_nest_start(msg, i + 1);
2386 if (!sub_freq_range)
2387 goto fail;
2388
2389 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2390 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2391 goto fail;
2392
2393 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2394 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2395 goto fail;
2396
2397 nla_nest_end(msg, sub_freq_range);
2398 }
2399
2400 nla_nest_end(msg, specs);
2401 nla_nest_end(msg, sar_capa);
2402
2403 return 0;
2404 fail:
2405 nla_nest_cancel(msg, sar_capa);
2406 return -ENOBUFS;
2407 }
2408
nl80211_put_mbssid_support(struct wiphy * wiphy,struct sk_buff * msg)2409 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2410 {
2411 struct nlattr *config;
2412
2413 if (!wiphy->mbssid_max_interfaces)
2414 return 0;
2415
2416 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2417 if (!config)
2418 return -ENOBUFS;
2419
2420 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2421 wiphy->mbssid_max_interfaces))
2422 goto fail;
2423
2424 if (wiphy->ema_max_profile_periodicity &&
2425 nla_put_u8(msg,
2426 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2427 wiphy->ema_max_profile_periodicity))
2428 goto fail;
2429
2430 nla_nest_end(msg, config);
2431 return 0;
2432
2433 fail:
2434 nla_nest_cancel(msg, config);
2435 return -ENOBUFS;
2436 }
2437
nl80211_put_radio(struct wiphy * wiphy,struct sk_buff * msg,int idx)2438 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx)
2439 {
2440 const struct wiphy_radio *r = &wiphy->radio[idx];
2441 struct nlattr *radio, *freq;
2442 int i;
2443
2444 radio = nla_nest_start(msg, idx);
2445 if (!radio)
2446 return -ENOBUFS;
2447
2448 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx))
2449 goto nla_put_failure;
2450
2451 if (r->antenna_mask &&
2452 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_ANTENNA_MASK,
2453 r->antenna_mask))
2454 goto nla_put_failure;
2455
2456 for (i = 0; i < r->n_freq_range; i++) {
2457 const struct wiphy_radio_freq_range *range = &r->freq_range[i];
2458
2459 freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE);
2460 if (!freq)
2461 goto nla_put_failure;
2462
2463 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START,
2464 range->start_freq) ||
2465 nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END,
2466 range->end_freq))
2467 goto nla_put_failure;
2468
2469 nla_nest_end(msg, freq);
2470 }
2471
2472 for (i = 0; i < r->n_iface_combinations; i++)
2473 if (nl80211_put_ifcomb_data(msg, true,
2474 NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION,
2475 &r->iface_combinations[i],
2476 NLA_F_NESTED))
2477 goto nla_put_failure;
2478
2479 nla_nest_end(msg, radio);
2480
2481 return 0;
2482
2483 nla_put_failure:
2484 return -ENOBUFS;
2485 }
2486
nl80211_put_radios(struct wiphy * wiphy,struct sk_buff * msg)2487 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg)
2488 {
2489 struct nlattr *radios;
2490 int i;
2491
2492 if (!wiphy->n_radio)
2493 return 0;
2494
2495 radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS);
2496 if (!radios)
2497 return -ENOBUFS;
2498
2499 for (i = 0; i < wiphy->n_radio; i++)
2500 if (nl80211_put_radio(wiphy, msg, i))
2501 goto fail;
2502
2503 nla_nest_end(msg, radios);
2504
2505 if (nl80211_put_iface_combinations(wiphy, msg,
2506 NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS,
2507 -1, true, NLA_F_NESTED))
2508 return -ENOBUFS;
2509
2510 return 0;
2511
2512 fail:
2513 nla_nest_cancel(msg, radios);
2514 return -ENOBUFS;
2515 }
2516
2517 struct nl80211_dump_wiphy_state {
2518 s64 filter_wiphy;
2519 long start;
2520 long split_start, band_start, chan_start, capa_start;
2521 bool split;
2522 };
2523
nl80211_send_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd,struct sk_buff * msg,u32 portid,u32 seq,int flags,struct nl80211_dump_wiphy_state * state)2524 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2525 enum nl80211_commands cmd,
2526 struct sk_buff *msg, u32 portid, u32 seq,
2527 int flags, struct nl80211_dump_wiphy_state *state)
2528 {
2529 void *hdr;
2530 struct nlattr *nl_bands, *nl_band;
2531 struct nlattr *nl_freqs, *nl_freq;
2532 struct nlattr *nl_cmds;
2533 enum nl80211_band band;
2534 struct ieee80211_channel *chan;
2535 int i;
2536 const struct ieee80211_txrx_stypes *mgmt_stypes =
2537 rdev->wiphy.mgmt_stypes;
2538 u32 features;
2539
2540 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2541 if (!hdr)
2542 return -ENOBUFS;
2543
2544 if (WARN_ON(!state))
2545 return -EINVAL;
2546
2547 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2548 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2549 wiphy_name(&rdev->wiphy)) ||
2550 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2551 cfg80211_rdev_list_generation))
2552 goto nla_put_failure;
2553
2554 if (cmd != NL80211_CMD_NEW_WIPHY)
2555 goto finish;
2556
2557 switch (state->split_start) {
2558 case 0:
2559 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2560 rdev->wiphy.retry_short) ||
2561 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2562 rdev->wiphy.retry_long) ||
2563 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2564 rdev->wiphy.frag_threshold) ||
2565 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2566 rdev->wiphy.rts_threshold) ||
2567 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2568 rdev->wiphy.coverage_class) ||
2569 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2570 rdev->wiphy.max_scan_ssids) ||
2571 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2572 rdev->wiphy.max_sched_scan_ssids) ||
2573 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2574 rdev->wiphy.max_scan_ie_len) ||
2575 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2576 rdev->wiphy.max_sched_scan_ie_len) ||
2577 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2578 rdev->wiphy.max_match_sets))
2579 goto nla_put_failure;
2580
2581 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2582 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2583 goto nla_put_failure;
2584 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2585 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2586 goto nla_put_failure;
2587 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2588 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2589 goto nla_put_failure;
2590 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2591 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2592 goto nla_put_failure;
2593 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2594 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2595 goto nla_put_failure;
2596 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2597 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2598 goto nla_put_failure;
2599 state->split_start++;
2600 if (state->split)
2601 break;
2602 fallthrough;
2603 case 1:
2604 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2605 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2606 rdev->wiphy.cipher_suites))
2607 goto nla_put_failure;
2608
2609 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2610 rdev->wiphy.max_num_pmkids))
2611 goto nla_put_failure;
2612
2613 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2614 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2615 goto nla_put_failure;
2616
2617 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2618 rdev->wiphy.available_antennas_tx) ||
2619 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2620 rdev->wiphy.available_antennas_rx))
2621 goto nla_put_failure;
2622
2623 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2624 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2625 rdev->wiphy.probe_resp_offload))
2626 goto nla_put_failure;
2627
2628 if ((rdev->wiphy.available_antennas_tx ||
2629 rdev->wiphy.available_antennas_rx) &&
2630 rdev->ops->get_antenna) {
2631 u32 tx_ant = 0, rx_ant = 0;
2632 int res;
2633
2634 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2635 if (!res) {
2636 if (nla_put_u32(msg,
2637 NL80211_ATTR_WIPHY_ANTENNA_TX,
2638 tx_ant) ||
2639 nla_put_u32(msg,
2640 NL80211_ATTR_WIPHY_ANTENNA_RX,
2641 rx_ant))
2642 goto nla_put_failure;
2643 }
2644 }
2645
2646 state->split_start++;
2647 if (state->split)
2648 break;
2649 fallthrough;
2650 case 2:
2651 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2652 rdev->wiphy.interface_modes))
2653 goto nla_put_failure;
2654 state->split_start++;
2655 if (state->split)
2656 break;
2657 fallthrough;
2658 case 3:
2659 nl_bands = nla_nest_start_noflag(msg,
2660 NL80211_ATTR_WIPHY_BANDS);
2661 if (!nl_bands)
2662 goto nla_put_failure;
2663
2664 for (band = state->band_start;
2665 band < (state->split ?
2666 NUM_NL80211_BANDS :
2667 NL80211_BAND_60GHZ + 1);
2668 band++) {
2669 struct ieee80211_supported_band *sband;
2670
2671 /* omit higher bands for ancient software */
2672 if (band > NL80211_BAND_5GHZ && !state->split)
2673 break;
2674
2675 sband = rdev->wiphy.bands[band];
2676
2677 if (!sband)
2678 continue;
2679
2680 nl_band = nla_nest_start_noflag(msg, band);
2681 if (!nl_band)
2682 goto nla_put_failure;
2683
2684 switch (state->chan_start) {
2685 case 0:
2686 if (nl80211_send_band_rateinfo(msg, sband,
2687 state->split))
2688 goto nla_put_failure;
2689 state->chan_start++;
2690 if (state->split)
2691 break;
2692 fallthrough;
2693 default:
2694 /* add frequencies */
2695 nl_freqs = nla_nest_start_noflag(msg,
2696 NL80211_BAND_ATTR_FREQS);
2697 if (!nl_freqs)
2698 goto nla_put_failure;
2699
2700 for (i = state->chan_start - 1;
2701 i < sband->n_channels;
2702 i++) {
2703 nl_freq = nla_nest_start_noflag(msg,
2704 i);
2705 if (!nl_freq)
2706 goto nla_put_failure;
2707
2708 chan = &sband->channels[i];
2709
2710 if (nl80211_msg_put_channel(
2711 msg, &rdev->wiphy, chan,
2712 state->split))
2713 goto nla_put_failure;
2714
2715 nla_nest_end(msg, nl_freq);
2716 if (state->split)
2717 break;
2718 }
2719 if (i < sband->n_channels)
2720 state->chan_start = i + 2;
2721 else
2722 state->chan_start = 0;
2723 nla_nest_end(msg, nl_freqs);
2724 }
2725
2726 nla_nest_end(msg, nl_band);
2727
2728 if (state->split) {
2729 /* start again here */
2730 if (state->chan_start)
2731 band--;
2732 break;
2733 }
2734 }
2735 nla_nest_end(msg, nl_bands);
2736
2737 if (band < NUM_NL80211_BANDS)
2738 state->band_start = band + 1;
2739 else
2740 state->band_start = 0;
2741
2742 /* if bands & channels are done, continue outside */
2743 if (state->band_start == 0 && state->chan_start == 0)
2744 state->split_start++;
2745 if (state->split)
2746 break;
2747 fallthrough;
2748 case 4:
2749 nl_cmds = nla_nest_start_noflag(msg,
2750 NL80211_ATTR_SUPPORTED_COMMANDS);
2751 if (!nl_cmds)
2752 goto nla_put_failure;
2753
2754 i = nl80211_add_commands_unsplit(rdev, msg);
2755 if (i < 0)
2756 goto nla_put_failure;
2757 if (state->split) {
2758 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2759 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2760 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2761 CMD(channel_switch, CHANNEL_SWITCH);
2762 CMD(set_qos_map, SET_QOS_MAP);
2763 if (rdev->wiphy.features &
2764 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2765 CMD(add_tx_ts, ADD_TX_TS);
2766 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2767 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2768 CMD(update_ft_ies, UPDATE_FT_IES);
2769 if (rdev->wiphy.sar_capa)
2770 CMD(set_sar_specs, SET_SAR_SPECS);
2771 }
2772 #undef CMD
2773
2774 nla_nest_end(msg, nl_cmds);
2775 state->split_start++;
2776 if (state->split)
2777 break;
2778 fallthrough;
2779 case 5:
2780 if (rdev->ops->remain_on_channel &&
2781 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2782 nla_put_u32(msg,
2783 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2784 rdev->wiphy.max_remain_on_channel_duration))
2785 goto nla_put_failure;
2786
2787 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2788 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2789 goto nla_put_failure;
2790
2791 state->split_start++;
2792 if (state->split)
2793 break;
2794 fallthrough;
2795 case 6:
2796 #ifdef CONFIG_PM
2797 if (nl80211_send_wowlan(msg, rdev, state->split))
2798 goto nla_put_failure;
2799 state->split_start++;
2800 if (state->split)
2801 break;
2802 #else
2803 state->split_start++;
2804 #endif
2805 fallthrough;
2806 case 7:
2807 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2808 rdev->wiphy.software_iftypes))
2809 goto nla_put_failure;
2810
2811 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2812 NL80211_ATTR_INTERFACE_COMBINATIONS,
2813 rdev->wiphy.n_radio ? 0 : -1,
2814 state->split, 0))
2815 goto nla_put_failure;
2816
2817 state->split_start++;
2818 if (state->split)
2819 break;
2820 fallthrough;
2821 case 8:
2822 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2823 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2824 rdev->wiphy.ap_sme_capa))
2825 goto nla_put_failure;
2826
2827 features = rdev->wiphy.features;
2828 /*
2829 * We can only add the per-channel limit information if the
2830 * dump is split, otherwise it makes it too big. Therefore
2831 * only advertise it in that case.
2832 */
2833 if (state->split)
2834 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2835 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2836 goto nla_put_failure;
2837
2838 if (rdev->wiphy.ht_capa_mod_mask &&
2839 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2840 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2841 rdev->wiphy.ht_capa_mod_mask))
2842 goto nla_put_failure;
2843
2844 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2845 rdev->wiphy.max_acl_mac_addrs &&
2846 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2847 rdev->wiphy.max_acl_mac_addrs))
2848 goto nla_put_failure;
2849
2850 /*
2851 * Any information below this point is only available to
2852 * applications that can deal with it being split. This
2853 * helps ensure that newly added capabilities don't break
2854 * older tools by overrunning their buffers.
2855 *
2856 * We still increment split_start so that in the split
2857 * case we'll continue with more data in the next round,
2858 * but break unconditionally so unsplit data stops here.
2859 */
2860 if (state->split)
2861 state->split_start++;
2862 else
2863 state->split_start = 0;
2864 break;
2865 case 9:
2866 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2867 goto nla_put_failure;
2868
2869 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2870 rdev->wiphy.max_sched_scan_plans) ||
2871 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2872 rdev->wiphy.max_sched_scan_plan_interval) ||
2873 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2874 rdev->wiphy.max_sched_scan_plan_iterations))
2875 goto nla_put_failure;
2876
2877 if (rdev->wiphy.extended_capabilities &&
2878 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2879 rdev->wiphy.extended_capabilities_len,
2880 rdev->wiphy.extended_capabilities) ||
2881 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2882 rdev->wiphy.extended_capabilities_len,
2883 rdev->wiphy.extended_capabilities_mask)))
2884 goto nla_put_failure;
2885
2886 if (rdev->wiphy.vht_capa_mod_mask &&
2887 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2888 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2889 rdev->wiphy.vht_capa_mod_mask))
2890 goto nla_put_failure;
2891
2892 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2893 rdev->wiphy.perm_addr))
2894 goto nla_put_failure;
2895
2896 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2897 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2898 rdev->wiphy.addr_mask))
2899 goto nla_put_failure;
2900
2901 if (rdev->wiphy.n_addresses > 1) {
2902 void *attr;
2903
2904 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2905 if (!attr)
2906 goto nla_put_failure;
2907
2908 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2909 if (nla_put(msg, i + 1, ETH_ALEN,
2910 rdev->wiphy.addresses[i].addr))
2911 goto nla_put_failure;
2912
2913 nla_nest_end(msg, attr);
2914 }
2915
2916 state->split_start++;
2917 break;
2918 case 10:
2919 if (nl80211_send_coalesce(msg, rdev))
2920 goto nla_put_failure;
2921
2922 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2923 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2924 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2925 goto nla_put_failure;
2926
2927 if (rdev->wiphy.max_ap_assoc_sta &&
2928 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2929 rdev->wiphy.max_ap_assoc_sta))
2930 goto nla_put_failure;
2931
2932 state->split_start++;
2933 break;
2934 case 11:
2935 if (rdev->wiphy.n_vendor_commands) {
2936 const struct nl80211_vendor_cmd_info *info;
2937 struct nlattr *nested;
2938
2939 nested = nla_nest_start_noflag(msg,
2940 NL80211_ATTR_VENDOR_DATA);
2941 if (!nested)
2942 goto nla_put_failure;
2943
2944 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2945 info = &rdev->wiphy.vendor_commands[i].info;
2946 if (nla_put(msg, i + 1, sizeof(*info), info))
2947 goto nla_put_failure;
2948 }
2949 nla_nest_end(msg, nested);
2950 }
2951
2952 if (rdev->wiphy.n_vendor_events) {
2953 const struct nl80211_vendor_cmd_info *info;
2954 struct nlattr *nested;
2955
2956 nested = nla_nest_start_noflag(msg,
2957 NL80211_ATTR_VENDOR_EVENTS);
2958 if (!nested)
2959 goto nla_put_failure;
2960
2961 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2962 info = &rdev->wiphy.vendor_events[i];
2963 if (nla_put(msg, i + 1, sizeof(*info), info))
2964 goto nla_put_failure;
2965 }
2966 nla_nest_end(msg, nested);
2967 }
2968 state->split_start++;
2969 break;
2970 case 12:
2971 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2972 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2973 rdev->wiphy.max_num_csa_counters))
2974 goto nla_put_failure;
2975
2976 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2977 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2978 goto nla_put_failure;
2979
2980 if (rdev->wiphy.max_sched_scan_reqs &&
2981 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2982 rdev->wiphy.max_sched_scan_reqs))
2983 goto nla_put_failure;
2984
2985 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2986 sizeof(rdev->wiphy.ext_features),
2987 rdev->wiphy.ext_features))
2988 goto nla_put_failure;
2989
2990 if (rdev->wiphy.bss_select_support) {
2991 struct nlattr *nested;
2992 u32 bss_select_support = rdev->wiphy.bss_select_support;
2993
2994 nested = nla_nest_start_noflag(msg,
2995 NL80211_ATTR_BSS_SELECT);
2996 if (!nested)
2997 goto nla_put_failure;
2998
2999 i = 0;
3000 while (bss_select_support) {
3001 if ((bss_select_support & 1) &&
3002 nla_put_flag(msg, i))
3003 goto nla_put_failure;
3004 i++;
3005 bss_select_support >>= 1;
3006 }
3007 nla_nest_end(msg, nested);
3008 }
3009
3010 state->split_start++;
3011 break;
3012 case 13:
3013 if (rdev->wiphy.num_iftype_ext_capab &&
3014 rdev->wiphy.iftype_ext_capab) {
3015 struct nlattr *nested_ext_capab, *nested;
3016
3017 nested = nla_nest_start_noflag(msg,
3018 NL80211_ATTR_IFTYPE_EXT_CAPA);
3019 if (!nested)
3020 goto nla_put_failure;
3021
3022 for (i = state->capa_start;
3023 i < rdev->wiphy.num_iftype_ext_capab; i++) {
3024 const struct wiphy_iftype_ext_capab *capab;
3025
3026 capab = &rdev->wiphy.iftype_ext_capab[i];
3027
3028 nested_ext_capab = nla_nest_start_noflag(msg,
3029 i);
3030 if (!nested_ext_capab ||
3031 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
3032 capab->iftype) ||
3033 nla_put(msg, NL80211_ATTR_EXT_CAPA,
3034 capab->extended_capabilities_len,
3035 capab->extended_capabilities) ||
3036 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3037 capab->extended_capabilities_len,
3038 capab->extended_capabilities_mask))
3039 goto nla_put_failure;
3040
3041 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3042 (nla_put_u16(msg,
3043 NL80211_ATTR_EML_CAPABILITY,
3044 capab->eml_capabilities) ||
3045 nla_put_u16(msg,
3046 NL80211_ATTR_MLD_CAPA_AND_OPS,
3047 capab->mld_capa_and_ops)))
3048 goto nla_put_failure;
3049
3050 nla_nest_end(msg, nested_ext_capab);
3051 if (state->split)
3052 break;
3053 }
3054 nla_nest_end(msg, nested);
3055 if (i < rdev->wiphy.num_iftype_ext_capab) {
3056 state->capa_start = i + 1;
3057 break;
3058 }
3059 }
3060
3061 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
3062 rdev->wiphy.nan_supported_bands))
3063 goto nla_put_failure;
3064
3065 if (wiphy_ext_feature_isset(&rdev->wiphy,
3066 NL80211_EXT_FEATURE_TXQS)) {
3067 struct cfg80211_txq_stats txqstats = {};
3068 int res;
3069
3070 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
3071 if (!res &&
3072 !nl80211_put_txq_stats(msg, &txqstats,
3073 NL80211_ATTR_TXQ_STATS))
3074 goto nla_put_failure;
3075
3076 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
3077 rdev->wiphy.txq_limit))
3078 goto nla_put_failure;
3079 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
3080 rdev->wiphy.txq_memory_limit))
3081 goto nla_put_failure;
3082 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
3083 rdev->wiphy.txq_quantum))
3084 goto nla_put_failure;
3085 }
3086
3087 state->split_start++;
3088 break;
3089 case 14:
3090 if (nl80211_send_pmsr_capa(rdev, msg))
3091 goto nla_put_failure;
3092
3093 state->split_start++;
3094 break;
3095 case 15:
3096 if (rdev->wiphy.akm_suites &&
3097 nla_put(msg, NL80211_ATTR_AKM_SUITES,
3098 sizeof(u32) * rdev->wiphy.n_akm_suites,
3099 rdev->wiphy.akm_suites))
3100 goto nla_put_failure;
3101
3102 if (nl80211_put_iftype_akm_suites(rdev, msg))
3103 goto nla_put_failure;
3104
3105 if (nl80211_put_tid_config_support(rdev, msg))
3106 goto nla_put_failure;
3107 state->split_start++;
3108 break;
3109 case 16:
3110 if (nl80211_put_sar_specs(rdev, msg))
3111 goto nla_put_failure;
3112
3113 if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
3114 goto nla_put_failure;
3115
3116 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
3117 rdev->wiphy.max_num_akm_suites))
3118 goto nla_put_failure;
3119
3120 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3121 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3122
3123 if (rdev->wiphy.hw_timestamp_max_peers &&
3124 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3125 rdev->wiphy.hw_timestamp_max_peers))
3126 goto nla_put_failure;
3127
3128 state->split_start++;
3129 break;
3130 case 17:
3131 if (nl80211_put_radios(&rdev->wiphy, msg))
3132 goto nla_put_failure;
3133
3134 /* done */
3135 state->split_start = 0;
3136 break;
3137 }
3138 finish:
3139 genlmsg_end(msg, hdr);
3140 return 0;
3141
3142 nla_put_failure:
3143 genlmsg_cancel(msg, hdr);
3144 return -EMSGSIZE;
3145 }
3146
nl80211_dump_wiphy_parse(struct sk_buff * skb,struct netlink_callback * cb,struct nl80211_dump_wiphy_state * state)3147 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3148 struct netlink_callback *cb,
3149 struct nl80211_dump_wiphy_state *state)
3150 {
3151 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
3152 int ret;
3153
3154 if (!tb)
3155 return -ENOMEM;
3156
3157 ret = nlmsg_parse_deprecated(cb->nlh,
3158 GENL_HDRLEN + nl80211_fam.hdrsize,
3159 tb, nl80211_fam.maxattr,
3160 nl80211_policy, NULL);
3161 /* ignore parse errors for backward compatibility */
3162 if (ret) {
3163 ret = 0;
3164 goto out;
3165 }
3166
3167 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3168 if (tb[NL80211_ATTR_WIPHY])
3169 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3170 if (tb[NL80211_ATTR_WDEV])
3171 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3172 if (tb[NL80211_ATTR_IFINDEX]) {
3173 struct net_device *netdev;
3174 struct cfg80211_registered_device *rdev;
3175 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3176
3177 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3178 if (!netdev) {
3179 ret = -ENODEV;
3180 goto out;
3181 }
3182 if (netdev->ieee80211_ptr) {
3183 rdev = wiphy_to_rdev(
3184 netdev->ieee80211_ptr->wiphy);
3185 state->filter_wiphy = rdev->wiphy_idx;
3186 }
3187 }
3188
3189 ret = 0;
3190 out:
3191 kfree(tb);
3192 return ret;
3193 }
3194
nl80211_dump_wiphy(struct sk_buff * skb,struct netlink_callback * cb)3195 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3196 {
3197 int idx = 0, ret;
3198 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3199 struct cfg80211_registered_device *rdev;
3200
3201 rtnl_lock();
3202 if (!state) {
3203 state = kzalloc(sizeof(*state), GFP_KERNEL);
3204 if (!state) {
3205 rtnl_unlock();
3206 return -ENOMEM;
3207 }
3208 state->filter_wiphy = -1;
3209 ret = nl80211_dump_wiphy_parse(skb, cb, state);
3210 if (ret) {
3211 kfree(state);
3212 rtnl_unlock();
3213 return ret;
3214 }
3215 cb->args[0] = (long)state;
3216 }
3217
3218 for_each_rdev(rdev) {
3219 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3220 continue;
3221 if (++idx <= state->start)
3222 continue;
3223 if (state->filter_wiphy != -1 &&
3224 state->filter_wiphy != rdev->wiphy_idx)
3225 continue;
3226 wiphy_lock(&rdev->wiphy);
3227 /* attempt to fit multiple wiphy data chunks into the skb */
3228 do {
3229 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3230 skb,
3231 NETLINK_CB(cb->skb).portid,
3232 cb->nlh->nlmsg_seq,
3233 NLM_F_MULTI, state);
3234 if (ret < 0) {
3235 /*
3236 * If sending the wiphy data didn't fit (ENOBUFS
3237 * or EMSGSIZE returned), this SKB is still
3238 * empty (so it's not too big because another
3239 * wiphy dataset is already in the skb) and
3240 * we've not tried to adjust the dump allocation
3241 * yet ... then adjust the alloc size to be
3242 * bigger, and return 1 but with the empty skb.
3243 * This results in an empty message being RX'ed
3244 * in userspace, but that is ignored.
3245 *
3246 * We can then retry with the larger buffer.
3247 */
3248 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3249 !skb->len && !state->split &&
3250 cb->min_dump_alloc < 4096) {
3251 cb->min_dump_alloc = 4096;
3252 state->split_start = 0;
3253 wiphy_unlock(&rdev->wiphy);
3254 rtnl_unlock();
3255 return 1;
3256 }
3257 idx--;
3258 break;
3259 }
3260 } while (state->split_start > 0);
3261 wiphy_unlock(&rdev->wiphy);
3262 break;
3263 }
3264 rtnl_unlock();
3265
3266 state->start = idx;
3267
3268 return skb->len;
3269 }
3270
nl80211_dump_wiphy_done(struct netlink_callback * cb)3271 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3272 {
3273 kfree((void *)cb->args[0]);
3274 return 0;
3275 }
3276
nl80211_get_wiphy(struct sk_buff * skb,struct genl_info * info)3277 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3278 {
3279 struct sk_buff *msg;
3280 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3281 struct nl80211_dump_wiphy_state state = {};
3282
3283 msg = nlmsg_new(4096, GFP_KERNEL);
3284 if (!msg)
3285 return -ENOMEM;
3286
3287 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3288 info->snd_portid, info->snd_seq, 0,
3289 &state) < 0) {
3290 nlmsg_free(msg);
3291 return -ENOBUFS;
3292 }
3293
3294 return genlmsg_reply(msg, info);
3295 }
3296
3297 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3298 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
3299 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
3300 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
3301 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
3302 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
3303 };
3304
parse_txq_params(struct nlattr * tb[],struct ieee80211_txq_params * txq_params)3305 static int parse_txq_params(struct nlattr *tb[],
3306 struct ieee80211_txq_params *txq_params)
3307 {
3308 u8 ac;
3309
3310 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3311 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3312 !tb[NL80211_TXQ_ATTR_AIFS])
3313 return -EINVAL;
3314
3315 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3316 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3317 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3318 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3319 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3320
3321 if (ac >= NL80211_NUM_ACS)
3322 return -EINVAL;
3323 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3324 return 0;
3325 }
3326
nl80211_can_set_dev_channel(struct wireless_dev * wdev)3327 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3328 {
3329 /*
3330 * You can only set the channel explicitly for some interfaces,
3331 * most have their channel managed via their respective
3332 * "establish a connection" command (connect, join, ...)
3333 *
3334 * For AP/GO and mesh mode, the channel can be set with the
3335 * channel userspace API, but is only stored and passed to the
3336 * low-level driver when the AP starts or the mesh is joined.
3337 * This is for backward compatibility, userspace can also give
3338 * the channel in the start-ap or join-mesh commands instead.
3339 *
3340 * Monitors are special as they are normally slaved to
3341 * whatever else is going on, so they have their own special
3342 * operation to set the monitor channel if possible.
3343 */
3344 return !wdev ||
3345 wdev->iftype == NL80211_IFTYPE_AP ||
3346 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3347 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3348 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3349 }
3350
_nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,bool monitor,struct cfg80211_chan_def * chandef)3351 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3352 struct genl_info *info, bool monitor,
3353 struct cfg80211_chan_def *chandef)
3354 {
3355 struct netlink_ext_ack *extack = info->extack;
3356 struct nlattr **attrs = info->attrs;
3357 u32 control_freq;
3358
3359 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3360 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3361 "Frequency is missing");
3362 return -EINVAL;
3363 }
3364
3365 control_freq = MHZ_TO_KHZ(
3366 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3367 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3368 control_freq +=
3369 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3370
3371 memset(chandef, 0, sizeof(*chandef));
3372 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3373 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3374 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3375 chandef->freq1_offset = control_freq % 1000;
3376 chandef->center_freq2 = 0;
3377
3378 if (!chandef->chan) {
3379 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3380 "Unknown channel");
3381 return -EINVAL;
3382 }
3383
3384 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3385 enum nl80211_channel_type chantype;
3386
3387 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3388
3389 switch (chantype) {
3390 case NL80211_CHAN_NO_HT:
3391 case NL80211_CHAN_HT20:
3392 case NL80211_CHAN_HT40PLUS:
3393 case NL80211_CHAN_HT40MINUS:
3394 cfg80211_chandef_create(chandef, chandef->chan,
3395 chantype);
3396 /* user input for center_freq is incorrect */
3397 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3398 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3399 NL_SET_ERR_MSG_ATTR(extack,
3400 attrs[NL80211_ATTR_CENTER_FREQ1],
3401 "bad center frequency 1");
3402 return -EINVAL;
3403 }
3404 /* center_freq2 must be zero */
3405 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3406 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3407 NL_SET_ERR_MSG_ATTR(extack,
3408 attrs[NL80211_ATTR_CENTER_FREQ2],
3409 "center frequency 2 can't be used");
3410 return -EINVAL;
3411 }
3412 break;
3413 default:
3414 NL_SET_ERR_MSG_ATTR(extack,
3415 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3416 "invalid channel type");
3417 return -EINVAL;
3418 }
3419 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3420 chandef->width =
3421 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3422 if (chandef->chan->band == NL80211_BAND_S1GHZ) {
3423 /* User input error for channel width doesn't match channel */
3424 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
3425 NL_SET_ERR_MSG_ATTR(extack,
3426 attrs[NL80211_ATTR_CHANNEL_WIDTH],
3427 "bad channel width");
3428 return -EINVAL;
3429 }
3430 }
3431 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3432 chandef->center_freq1 =
3433 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3434 chandef->freq1_offset =
3435 nla_get_u32_default(attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET],
3436 0);
3437 }
3438 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3439 chandef->center_freq2 =
3440 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3441 }
3442
3443 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3444 chandef->edmg.channels =
3445 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3446
3447 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3448 chandef->edmg.bw_config =
3449 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3450 } else {
3451 chandef->edmg.bw_config = 0;
3452 chandef->edmg.channels = 0;
3453 }
3454
3455 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) {
3456 chandef->punctured =
3457 nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]);
3458
3459 if (chandef->punctured &&
3460 !wiphy_ext_feature_isset(&rdev->wiphy,
3461 NL80211_EXT_FEATURE_PUNCT)) {
3462 NL_SET_ERR_MSG(extack,
3463 "driver doesn't support puncturing");
3464 return -EINVAL;
3465 }
3466 }
3467
3468 if (!cfg80211_chandef_valid(chandef)) {
3469 NL_SET_ERR_MSG(extack, "invalid channel definition");
3470 return -EINVAL;
3471 }
3472
3473 if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
3474 IEEE80211_CHAN_DISABLED,
3475 monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) {
3476 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3477 return -EINVAL;
3478 }
3479
3480 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3481 chandef->width == NL80211_CHAN_WIDTH_10) &&
3482 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3483 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3484 return -EINVAL;
3485 }
3486
3487 return 0;
3488 }
3489
nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_chan_def * chandef)3490 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3491 struct genl_info *info,
3492 struct cfg80211_chan_def *chandef)
3493 {
3494 return _nl80211_parse_chandef(rdev, info, false, chandef);
3495 }
3496
__nl80211_set_channel(struct cfg80211_registered_device * rdev,struct net_device * dev,struct genl_info * info,int _link_id)3497 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3498 struct net_device *dev,
3499 struct genl_info *info,
3500 int _link_id)
3501 {
3502 struct cfg80211_chan_def chandef;
3503 int result;
3504 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3505 struct wireless_dev *wdev = NULL;
3506 int link_id = _link_id;
3507
3508 if (dev)
3509 wdev = dev->ieee80211_ptr;
3510 if (!nl80211_can_set_dev_channel(wdev))
3511 return -EOPNOTSUPP;
3512 if (wdev)
3513 iftype = wdev->iftype;
3514
3515 if (link_id < 0) {
3516 if (wdev && wdev->valid_links)
3517 return -EINVAL;
3518 link_id = 0;
3519 }
3520
3521 result = _nl80211_parse_chandef(rdev, info,
3522 iftype == NL80211_IFTYPE_MONITOR,
3523 &chandef);
3524 if (result)
3525 return result;
3526
3527 switch (iftype) {
3528 case NL80211_IFTYPE_AP:
3529 case NL80211_IFTYPE_P2P_GO:
3530 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3531 iftype))
3532 return -EINVAL;
3533 if (wdev->links[link_id].ap.beacon_interval) {
3534 struct ieee80211_channel *cur_chan;
3535
3536 if (!dev || !rdev->ops->set_ap_chanwidth ||
3537 !(rdev->wiphy.features &
3538 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
3539 return -EBUSY;
3540
3541 /* Only allow dynamic channel width changes */
3542 cur_chan = wdev->links[link_id].ap.chandef.chan;
3543 if (chandef.chan != cur_chan)
3544 return -EBUSY;
3545
3546 /* only allow this for regular channel widths */
3547 switch (wdev->links[link_id].ap.chandef.width) {
3548 case NL80211_CHAN_WIDTH_20_NOHT:
3549 case NL80211_CHAN_WIDTH_20:
3550 case NL80211_CHAN_WIDTH_40:
3551 case NL80211_CHAN_WIDTH_80:
3552 case NL80211_CHAN_WIDTH_80P80:
3553 case NL80211_CHAN_WIDTH_160:
3554 case NL80211_CHAN_WIDTH_320:
3555 break;
3556 default:
3557 return -EINVAL;
3558 }
3559
3560 switch (chandef.width) {
3561 case NL80211_CHAN_WIDTH_20_NOHT:
3562 case NL80211_CHAN_WIDTH_20:
3563 case NL80211_CHAN_WIDTH_40:
3564 case NL80211_CHAN_WIDTH_80:
3565 case NL80211_CHAN_WIDTH_80P80:
3566 case NL80211_CHAN_WIDTH_160:
3567 case NL80211_CHAN_WIDTH_320:
3568 break;
3569 default:
3570 return -EINVAL;
3571 }
3572
3573 result = rdev_set_ap_chanwidth(rdev, dev, link_id,
3574 &chandef);
3575 if (result)
3576 return result;
3577 wdev->links[link_id].ap.chandef = chandef;
3578 } else {
3579 wdev->u.ap.preset_chandef = chandef;
3580 }
3581 return 0;
3582 case NL80211_IFTYPE_MESH_POINT:
3583 return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3584 case NL80211_IFTYPE_MONITOR:
3585 return cfg80211_set_monitor_channel(rdev, dev, &chandef);
3586 default:
3587 break;
3588 }
3589
3590 return -EINVAL;
3591 }
3592
nl80211_set_channel(struct sk_buff * skb,struct genl_info * info)3593 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3594 {
3595 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3596 int link_id = nl80211_link_id_or_invalid(info->attrs);
3597 struct net_device *netdev = info->user_ptr[1];
3598
3599 return __nl80211_set_channel(rdev, netdev, info, link_id);
3600 }
3601
nl80211_set_wiphy(struct sk_buff * skb,struct genl_info * info)3602 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3603 {
3604 struct cfg80211_registered_device *rdev = NULL;
3605 struct net_device *netdev = NULL;
3606 struct wireless_dev *wdev;
3607 int result = 0, rem_txq_params = 0;
3608 struct nlattr *nl_txq_params;
3609 u32 changed;
3610 u8 retry_short = 0, retry_long = 0;
3611 u32 frag_threshold = 0, rts_threshold = 0;
3612 u8 coverage_class = 0;
3613 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3614
3615 rtnl_lock();
3616 /*
3617 * Try to find the wiphy and netdev. Normally this
3618 * function shouldn't need the netdev, but this is
3619 * done for backward compatibility -- previously
3620 * setting the channel was done per wiphy, but now
3621 * it is per netdev. Previous userland like hostapd
3622 * also passed a netdev to set_wiphy, so that it is
3623 * possible to let that go to the right netdev!
3624 */
3625
3626 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3627 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3628
3629 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3630 if (netdev && netdev->ieee80211_ptr)
3631 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3632 else
3633 netdev = NULL;
3634 }
3635
3636 if (!netdev) {
3637 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3638 info->attrs);
3639 if (IS_ERR(rdev)) {
3640 rtnl_unlock();
3641 return PTR_ERR(rdev);
3642 }
3643 wdev = NULL;
3644 netdev = NULL;
3645 result = 0;
3646 } else
3647 wdev = netdev->ieee80211_ptr;
3648
3649 guard(wiphy)(&rdev->wiphy);
3650
3651 /*
3652 * end workaround code, by now the rdev is available
3653 * and locked, and wdev may or may not be NULL.
3654 */
3655
3656 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3657 result = cfg80211_dev_rename(
3658 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3659 rtnl_unlock();
3660
3661 if (result)
3662 return result;
3663
3664 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3665 struct ieee80211_txq_params txq_params;
3666 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3667
3668 if (!rdev->ops->set_txq_params)
3669 return -EOPNOTSUPP;
3670
3671 if (!netdev)
3672 return -EINVAL;
3673
3674 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3675 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3676 return -EINVAL;
3677
3678 if (!netif_running(netdev))
3679 return -ENETDOWN;
3680
3681 nla_for_each_nested(nl_txq_params,
3682 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3683 rem_txq_params) {
3684 result = nla_parse_nested_deprecated(tb,
3685 NL80211_TXQ_ATTR_MAX,
3686 nl_txq_params,
3687 txq_params_policy,
3688 info->extack);
3689 if (result)
3690 return result;
3691
3692 result = parse_txq_params(tb, &txq_params);
3693 if (result)
3694 return result;
3695
3696 txq_params.link_id =
3697 nl80211_link_id_or_invalid(info->attrs);
3698
3699 if (txq_params.link_id >= 0 &&
3700 !(netdev->ieee80211_ptr->valid_links &
3701 BIT(txq_params.link_id)))
3702 result = -ENOLINK;
3703 else if (txq_params.link_id >= 0 &&
3704 !netdev->ieee80211_ptr->valid_links)
3705 result = -EINVAL;
3706 else
3707 result = rdev_set_txq_params(rdev, netdev,
3708 &txq_params);
3709 if (result)
3710 return result;
3711 }
3712 }
3713
3714 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3715 int link_id = nl80211_link_id_or_invalid(info->attrs);
3716
3717 if (wdev) {
3718 result = __nl80211_set_channel(
3719 rdev,
3720 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3721 info, link_id);
3722 } else {
3723 result = __nl80211_set_channel(rdev, netdev, info, link_id);
3724 }
3725
3726 if (result)
3727 return result;
3728 }
3729
3730 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3731 struct wireless_dev *txp_wdev = wdev;
3732 enum nl80211_tx_power_setting type;
3733 int idx, mbm = 0;
3734
3735 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3736 txp_wdev = NULL;
3737
3738 if (!rdev->ops->set_tx_power)
3739 return -EOPNOTSUPP;
3740
3741 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3742 type = nla_get_u32(info->attrs[idx]);
3743
3744 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3745 (type != NL80211_TX_POWER_AUTOMATIC))
3746 return -EINVAL;
3747
3748 if (type != NL80211_TX_POWER_AUTOMATIC) {
3749 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3750 mbm = nla_get_u32(info->attrs[idx]);
3751 }
3752
3753 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3754 if (result)
3755 return result;
3756 }
3757
3758 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3759 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3760 u32 tx_ant, rx_ant;
3761
3762 if ((!rdev->wiphy.available_antennas_tx &&
3763 !rdev->wiphy.available_antennas_rx) ||
3764 !rdev->ops->set_antenna)
3765 return -EOPNOTSUPP;
3766
3767 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3768 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3769
3770 /* reject antenna configurations which don't match the
3771 * available antenna masks, except for the "all" mask */
3772 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3773 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3774 return -EINVAL;
3775
3776 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3777 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3778
3779 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3780 if (result)
3781 return result;
3782 }
3783
3784 changed = 0;
3785
3786 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3787 retry_short = nla_get_u8(
3788 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3789
3790 changed |= WIPHY_PARAM_RETRY_SHORT;
3791 }
3792
3793 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3794 retry_long = nla_get_u8(
3795 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3796
3797 changed |= WIPHY_PARAM_RETRY_LONG;
3798 }
3799
3800 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3801 frag_threshold = nla_get_u32(
3802 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3803 if (frag_threshold < 256)
3804 return -EINVAL;
3805
3806 if (frag_threshold != (u32) -1) {
3807 /*
3808 * Fragments (apart from the last one) are required to
3809 * have even length. Make the fragmentation code
3810 * simpler by stripping LSB should someone try to use
3811 * odd threshold value.
3812 */
3813 frag_threshold &= ~0x1;
3814 }
3815 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3816 }
3817
3818 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3819 rts_threshold = nla_get_u32(
3820 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3821 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3822 }
3823
3824 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3825 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3826 return -EINVAL;
3827
3828 coverage_class = nla_get_u8(
3829 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3830 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3831 }
3832
3833 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3834 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3835 return -EOPNOTSUPP;
3836
3837 changed |= WIPHY_PARAM_DYN_ACK;
3838 }
3839
3840 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3841 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3842 NL80211_EXT_FEATURE_TXQS))
3843 return -EOPNOTSUPP;
3844
3845 txq_limit = nla_get_u32(
3846 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3847 changed |= WIPHY_PARAM_TXQ_LIMIT;
3848 }
3849
3850 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3851 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3852 NL80211_EXT_FEATURE_TXQS))
3853 return -EOPNOTSUPP;
3854
3855 txq_memory_limit = nla_get_u32(
3856 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3857 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3858 }
3859
3860 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3861 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3862 NL80211_EXT_FEATURE_TXQS))
3863 return -EOPNOTSUPP;
3864
3865 txq_quantum = nla_get_u32(
3866 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3867 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3868 }
3869
3870 if (changed) {
3871 u8 old_retry_short, old_retry_long;
3872 u32 old_frag_threshold, old_rts_threshold;
3873 u8 old_coverage_class;
3874 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3875
3876 if (!rdev->ops->set_wiphy_params)
3877 return -EOPNOTSUPP;
3878
3879 old_retry_short = rdev->wiphy.retry_short;
3880 old_retry_long = rdev->wiphy.retry_long;
3881 old_frag_threshold = rdev->wiphy.frag_threshold;
3882 old_rts_threshold = rdev->wiphy.rts_threshold;
3883 old_coverage_class = rdev->wiphy.coverage_class;
3884 old_txq_limit = rdev->wiphy.txq_limit;
3885 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3886 old_txq_quantum = rdev->wiphy.txq_quantum;
3887
3888 if (changed & WIPHY_PARAM_RETRY_SHORT)
3889 rdev->wiphy.retry_short = retry_short;
3890 if (changed & WIPHY_PARAM_RETRY_LONG)
3891 rdev->wiphy.retry_long = retry_long;
3892 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3893 rdev->wiphy.frag_threshold = frag_threshold;
3894 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3895 rdev->wiphy.rts_threshold = rts_threshold;
3896 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3897 rdev->wiphy.coverage_class = coverage_class;
3898 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3899 rdev->wiphy.txq_limit = txq_limit;
3900 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3901 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3902 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3903 rdev->wiphy.txq_quantum = txq_quantum;
3904
3905 result = rdev_set_wiphy_params(rdev, changed);
3906 if (result) {
3907 rdev->wiphy.retry_short = old_retry_short;
3908 rdev->wiphy.retry_long = old_retry_long;
3909 rdev->wiphy.frag_threshold = old_frag_threshold;
3910 rdev->wiphy.rts_threshold = old_rts_threshold;
3911 rdev->wiphy.coverage_class = old_coverage_class;
3912 rdev->wiphy.txq_limit = old_txq_limit;
3913 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3914 rdev->wiphy.txq_quantum = old_txq_quantum;
3915 return result;
3916 }
3917 }
3918
3919 return 0;
3920 }
3921
nl80211_send_chandef(struct sk_buff * msg,const struct cfg80211_chan_def * chandef)3922 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
3923 {
3924 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3925 return -EINVAL;
3926
3927 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3928 chandef->chan->center_freq))
3929 return -ENOBUFS;
3930 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3931 chandef->chan->freq_offset))
3932 return -ENOBUFS;
3933 switch (chandef->width) {
3934 case NL80211_CHAN_WIDTH_20_NOHT:
3935 case NL80211_CHAN_WIDTH_20:
3936 case NL80211_CHAN_WIDTH_40:
3937 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3938 cfg80211_get_chandef_type(chandef)))
3939 return -ENOBUFS;
3940 break;
3941 default:
3942 break;
3943 }
3944 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3945 return -ENOBUFS;
3946 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3947 return -ENOBUFS;
3948 if (chandef->center_freq2 &&
3949 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3950 return -ENOBUFS;
3951 if (chandef->punctured &&
3952 nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
3953 return -ENOBUFS;
3954
3955 return 0;
3956 }
3957 EXPORT_SYMBOL(nl80211_send_chandef);
3958
nl80211_send_iface(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)3959 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3960 struct cfg80211_registered_device *rdev,
3961 struct wireless_dev *wdev,
3962 enum nl80211_commands cmd)
3963 {
3964 struct net_device *dev = wdev->netdev;
3965 void *hdr;
3966
3967 lockdep_assert_wiphy(&rdev->wiphy);
3968
3969 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3970 cmd != NL80211_CMD_DEL_INTERFACE &&
3971 cmd != NL80211_CMD_SET_INTERFACE);
3972
3973 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3974 if (!hdr)
3975 return -1;
3976
3977 if (dev &&
3978 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3979 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3980 goto nla_put_failure;
3981
3982 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3983 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3984 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3985 NL80211_ATTR_PAD) ||
3986 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3987 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3988 rdev->devlist_generation ^
3989 (cfg80211_rdev_list_generation << 2)) ||
3990 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr) ||
3991 nla_put_u32(msg, NL80211_ATTR_VIF_RADIO_MASK, wdev->radio_mask))
3992 goto nla_put_failure;
3993
3994 if (rdev->ops->get_channel && !wdev->valid_links) {
3995 struct cfg80211_chan_def chandef = {};
3996 int ret;
3997
3998 ret = rdev_get_channel(rdev, wdev, 0, &chandef);
3999 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4000 goto nla_put_failure;
4001 }
4002
4003 if (rdev->ops->get_tx_power && !wdev->valid_links) {
4004 int dbm, ret;
4005
4006 ret = rdev_get_tx_power(rdev, wdev, 0, &dbm);
4007 if (ret == 0 &&
4008 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4009 DBM_TO_MBM(dbm)))
4010 goto nla_put_failure;
4011 }
4012
4013 switch (wdev->iftype) {
4014 case NL80211_IFTYPE_AP:
4015 case NL80211_IFTYPE_P2P_GO:
4016 if (wdev->u.ap.ssid_len &&
4017 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
4018 wdev->u.ap.ssid))
4019 goto nla_put_failure;
4020 break;
4021 case NL80211_IFTYPE_STATION:
4022 case NL80211_IFTYPE_P2P_CLIENT:
4023 if (wdev->u.client.ssid_len &&
4024 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
4025 wdev->u.client.ssid))
4026 goto nla_put_failure;
4027 break;
4028 case NL80211_IFTYPE_ADHOC:
4029 if (wdev->u.ibss.ssid_len &&
4030 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
4031 wdev->u.ibss.ssid))
4032 goto nla_put_failure;
4033 break;
4034 default:
4035 /* nothing */
4036 break;
4037 }
4038
4039 if (rdev->ops->get_txq_stats) {
4040 struct cfg80211_txq_stats txqstats = {};
4041 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
4042
4043 if (ret == 0 &&
4044 !nl80211_put_txq_stats(msg, &txqstats,
4045 NL80211_ATTR_TXQ_STATS))
4046 goto nla_put_failure;
4047 }
4048
4049 if (wdev->valid_links) {
4050 unsigned int link_id;
4051 struct nlattr *links = nla_nest_start(msg,
4052 NL80211_ATTR_MLO_LINKS);
4053
4054 if (!links)
4055 goto nla_put_failure;
4056
4057 for_each_valid_link(wdev, link_id) {
4058 struct nlattr *link = nla_nest_start(msg, link_id + 1);
4059 struct cfg80211_chan_def chandef = {};
4060 int ret;
4061
4062 if (!link)
4063 goto nla_put_failure;
4064
4065 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
4066 goto nla_put_failure;
4067 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
4068 wdev->links[link_id].addr))
4069 goto nla_put_failure;
4070
4071 ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
4072 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4073 goto nla_put_failure;
4074
4075 if (rdev->ops->get_tx_power) {
4076 int dbm, ret;
4077
4078 ret = rdev_get_tx_power(rdev, wdev, link_id, &dbm);
4079 if (ret == 0 &&
4080 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4081 DBM_TO_MBM(dbm)))
4082 goto nla_put_failure;
4083 }
4084 nla_nest_end(msg, link);
4085 }
4086
4087 nla_nest_end(msg, links);
4088 }
4089
4090 genlmsg_end(msg, hdr);
4091 return 0;
4092
4093 nla_put_failure:
4094 genlmsg_cancel(msg, hdr);
4095 return -EMSGSIZE;
4096 }
4097
nl80211_dump_interface(struct sk_buff * skb,struct netlink_callback * cb)4098 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
4099 {
4100 int wp_idx = 0;
4101 int if_idx = 0;
4102 int wp_start = cb->args[0];
4103 int if_start = cb->args[1];
4104 int filter_wiphy = -1;
4105 struct cfg80211_registered_device *rdev;
4106 struct wireless_dev *wdev;
4107 int ret;
4108
4109 rtnl_lock();
4110 if (!cb->args[2]) {
4111 struct nl80211_dump_wiphy_state state = {
4112 .filter_wiphy = -1,
4113 };
4114
4115 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
4116 if (ret)
4117 goto out_unlock;
4118
4119 filter_wiphy = state.filter_wiphy;
4120
4121 /*
4122 * if filtering, set cb->args[2] to +1 since 0 is the default
4123 * value needed to determine that parsing is necessary.
4124 */
4125 if (filter_wiphy >= 0)
4126 cb->args[2] = filter_wiphy + 1;
4127 else
4128 cb->args[2] = -1;
4129 } else if (cb->args[2] > 0) {
4130 filter_wiphy = cb->args[2] - 1;
4131 }
4132
4133 for_each_rdev(rdev) {
4134 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4135 continue;
4136 if (wp_idx < wp_start) {
4137 wp_idx++;
4138 continue;
4139 }
4140
4141 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4142 continue;
4143
4144 if_idx = 0;
4145
4146 guard(wiphy)(&rdev->wiphy);
4147
4148 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4149 if (if_idx < if_start) {
4150 if_idx++;
4151 continue;
4152 }
4153
4154 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4155 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4156 rdev, wdev,
4157 NL80211_CMD_NEW_INTERFACE) < 0)
4158 goto out;
4159
4160 if_idx++;
4161 }
4162
4163 if_start = 0;
4164 wp_idx++;
4165 }
4166 out:
4167 cb->args[0] = wp_idx;
4168 cb->args[1] = if_idx;
4169
4170 ret = skb->len;
4171 out_unlock:
4172 rtnl_unlock();
4173
4174 return ret;
4175 }
4176
nl80211_get_interface(struct sk_buff * skb,struct genl_info * info)4177 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4178 {
4179 struct sk_buff *msg;
4180 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4181 struct wireless_dev *wdev = info->user_ptr[1];
4182
4183 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4184 if (!msg)
4185 return -ENOMEM;
4186
4187 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4188 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4189 nlmsg_free(msg);
4190 return -ENOBUFS;
4191 }
4192
4193 return genlmsg_reply(msg, info);
4194 }
4195
4196 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4197 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4198 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4199 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4200 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4201 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4202 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4203 [NL80211_MNTR_FLAG_SKIP_TX] = { .type = NLA_FLAG },
4204 };
4205
parse_monitor_flags(struct nlattr * nla,u32 * mntrflags)4206 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4207 {
4208 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4209 int flag;
4210
4211 *mntrflags = 0;
4212
4213 if (!nla)
4214 return -EINVAL;
4215
4216 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4217 return -EINVAL;
4218
4219 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4220 if (flags[flag])
4221 *mntrflags |= (1<<flag);
4222
4223 /* cooked monitor mode is incompatible with other modes */
4224 if (*mntrflags & MONITOR_FLAG_COOK_FRAMES &&
4225 *mntrflags != MONITOR_FLAG_COOK_FRAMES)
4226 return -EOPNOTSUPP;
4227
4228 *mntrflags |= MONITOR_FLAG_CHANGED;
4229
4230 return 0;
4231 }
4232
nl80211_parse_mon_options(struct cfg80211_registered_device * rdev,enum nl80211_iftype type,struct genl_info * info,struct vif_params * params)4233 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4234 enum nl80211_iftype type,
4235 struct genl_info *info,
4236 struct vif_params *params)
4237 {
4238 bool change = false;
4239 int err;
4240
4241 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4242 if (type != NL80211_IFTYPE_MONITOR)
4243 return -EINVAL;
4244
4245 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4246 ¶ms->flags);
4247 if (err)
4248 return err;
4249
4250 change = true;
4251 }
4252
4253 if (params->flags & MONITOR_FLAG_ACTIVE &&
4254 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4255 return -EOPNOTSUPP;
4256
4257 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4258 const u8 *mumimo_groups;
4259 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4260
4261 if (type != NL80211_IFTYPE_MONITOR)
4262 return -EINVAL;
4263
4264 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4265 return -EOPNOTSUPP;
4266
4267 mumimo_groups =
4268 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4269
4270 /* bits 0 and 63 are reserved and must be zero */
4271 if ((mumimo_groups[0] & BIT(0)) ||
4272 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4273 return -EINVAL;
4274
4275 params->vht_mumimo_groups = mumimo_groups;
4276 change = true;
4277 }
4278
4279 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4280 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4281
4282 if (type != NL80211_IFTYPE_MONITOR)
4283 return -EINVAL;
4284
4285 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4286 return -EOPNOTSUPP;
4287
4288 params->vht_mumimo_follow_addr =
4289 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4290 change = true;
4291 }
4292
4293 return change ? 1 : 0;
4294 }
4295
nl80211_valid_4addr(struct cfg80211_registered_device * rdev,struct net_device * netdev,u8 use_4addr,enum nl80211_iftype iftype)4296 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4297 struct net_device *netdev, u8 use_4addr,
4298 enum nl80211_iftype iftype)
4299 {
4300 if (!use_4addr) {
4301 if (netdev && netif_is_bridge_port(netdev))
4302 return -EBUSY;
4303 return 0;
4304 }
4305
4306 switch (iftype) {
4307 case NL80211_IFTYPE_AP_VLAN:
4308 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
4309 return 0;
4310 break;
4311 case NL80211_IFTYPE_STATION:
4312 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
4313 return 0;
4314 break;
4315 default:
4316 break;
4317 }
4318
4319 return -EOPNOTSUPP;
4320 }
4321
nl80211_parse_vif_radio_mask(struct genl_info * info,u32 * radio_mask)4322 static int nl80211_parse_vif_radio_mask(struct genl_info *info,
4323 u32 *radio_mask)
4324 {
4325 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4326 struct nlattr *attr = info->attrs[NL80211_ATTR_VIF_RADIO_MASK];
4327 u32 mask, allowed;
4328
4329 if (!attr) {
4330 *radio_mask = 0;
4331 return 0;
4332 }
4333
4334 allowed = BIT(rdev->wiphy.n_radio) - 1;
4335 mask = nla_get_u32(attr);
4336 if (mask & ~allowed)
4337 return -EINVAL;
4338 if (!mask)
4339 mask = allowed;
4340 *radio_mask = mask;
4341
4342 return 1;
4343 }
4344
nl80211_set_interface(struct sk_buff * skb,struct genl_info * info)4345 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
4346 {
4347 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4348 struct vif_params params;
4349 int err;
4350 enum nl80211_iftype otype, ntype;
4351 struct net_device *dev = info->user_ptr[1];
4352 struct wireless_dev *wdev = dev->ieee80211_ptr;
4353 u32 radio_mask = 0;
4354 bool change = false;
4355
4356 memset(¶ms, 0, sizeof(params));
4357
4358 otype = ntype = dev->ieee80211_ptr->iftype;
4359
4360 if (info->attrs[NL80211_ATTR_IFTYPE]) {
4361 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4362 if (otype != ntype)
4363 change = true;
4364 }
4365
4366 if (info->attrs[NL80211_ATTR_MESH_ID]) {
4367 if (ntype != NL80211_IFTYPE_MESH_POINT)
4368 return -EINVAL;
4369 if (otype != NL80211_IFTYPE_MESH_POINT)
4370 return -EINVAL;
4371 if (netif_running(dev))
4372 return -EBUSY;
4373
4374 wdev->u.mesh.id_up_len =
4375 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4376 memcpy(wdev->u.mesh.id,
4377 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4378 wdev->u.mesh.id_up_len);
4379 }
4380
4381 if (info->attrs[NL80211_ATTR_4ADDR]) {
4382 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4383 change = true;
4384 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
4385 if (err)
4386 return err;
4387 } else {
4388 params.use_4addr = -1;
4389 }
4390
4391 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
4392 if (err < 0)
4393 return err;
4394 if (err > 0)
4395 change = true;
4396
4397 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4398 if (err < 0)
4399 return err;
4400 if (err && netif_running(dev))
4401 return -EBUSY;
4402
4403 if (change)
4404 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
4405 else
4406 err = 0;
4407
4408 if (!err && params.use_4addr != -1)
4409 dev->ieee80211_ptr->use_4addr = params.use_4addr;
4410
4411 if (radio_mask)
4412 wdev->radio_mask = radio_mask;
4413
4414 if (change && !err)
4415 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
4416
4417 return err;
4418 }
4419
_nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4420 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4421 {
4422 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4423 struct vif_params params;
4424 struct wireless_dev *wdev;
4425 struct sk_buff *msg;
4426 u32 radio_mask;
4427 int err;
4428 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
4429
4430 memset(¶ms, 0, sizeof(params));
4431
4432 if (!info->attrs[NL80211_ATTR_IFNAME])
4433 return -EINVAL;
4434
4435 if (info->attrs[NL80211_ATTR_IFTYPE])
4436 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4437
4438 if (!rdev->ops->add_virtual_intf)
4439 return -EOPNOTSUPP;
4440
4441 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
4442 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
4443 info->attrs[NL80211_ATTR_MAC]) {
4444 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
4445 ETH_ALEN);
4446 if (!is_valid_ether_addr(params.macaddr))
4447 return -EADDRNOTAVAIL;
4448 }
4449
4450 if (info->attrs[NL80211_ATTR_4ADDR]) {
4451 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4452 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
4453 if (err)
4454 return err;
4455 }
4456
4457 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
4458 return -EOPNOTSUPP;
4459
4460 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
4461 if (err < 0)
4462 return err;
4463
4464 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4465 if (err < 0)
4466 return err;
4467
4468 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4469 if (!msg)
4470 return -ENOMEM;
4471
4472 wdev = rdev_add_virtual_intf(rdev,
4473 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
4474 NET_NAME_USER, type, ¶ms);
4475 if (WARN_ON(!wdev)) {
4476 nlmsg_free(msg);
4477 return -EPROTO;
4478 } else if (IS_ERR(wdev)) {
4479 nlmsg_free(msg);
4480 return PTR_ERR(wdev);
4481 }
4482
4483 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4484 wdev->owner_nlportid = info->snd_portid;
4485
4486 switch (type) {
4487 case NL80211_IFTYPE_MESH_POINT:
4488 if (!info->attrs[NL80211_ATTR_MESH_ID])
4489 break;
4490 wdev->u.mesh.id_up_len =
4491 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4492 memcpy(wdev->u.mesh.id,
4493 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4494 wdev->u.mesh.id_up_len);
4495 break;
4496 case NL80211_IFTYPE_NAN:
4497 case NL80211_IFTYPE_P2P_DEVICE:
4498 /*
4499 * P2P Device and NAN do not have a netdev, so don't go
4500 * through the netdev notifier and must be added here
4501 */
4502 cfg80211_init_wdev(wdev);
4503 cfg80211_register_wdev(rdev, wdev);
4504 break;
4505 default:
4506 break;
4507 }
4508
4509 if (radio_mask)
4510 wdev->radio_mask = radio_mask;
4511
4512 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4513 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4514 nlmsg_free(msg);
4515 return -ENOBUFS;
4516 }
4517
4518 return genlmsg_reply(msg, info);
4519 }
4520
nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4521 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4522 {
4523 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4524
4525 /* to avoid failing a new interface creation due to pending removal */
4526 cfg80211_destroy_ifaces(rdev);
4527
4528 guard(wiphy)(&rdev->wiphy);
4529
4530 return _nl80211_new_interface(skb, info);
4531 }
4532
nl80211_del_interface(struct sk_buff * skb,struct genl_info * info)4533 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4534 {
4535 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4536 struct wireless_dev *wdev = info->user_ptr[1];
4537
4538 if (!rdev->ops->del_virtual_intf)
4539 return -EOPNOTSUPP;
4540
4541 /*
4542 * We hold RTNL, so this is safe, without RTNL opencount cannot
4543 * reach 0, and thus the rdev cannot be deleted.
4544 *
4545 * We need to do it for the dev_close(), since that will call
4546 * the netdev notifiers, and we need to acquire the mutex there
4547 * but don't know if we get there from here or from some other
4548 * place (e.g. "ip link set ... down").
4549 */
4550 mutex_unlock(&rdev->wiphy.mtx);
4551
4552 /*
4553 * If we remove a wireless device without a netdev then clear
4554 * user_ptr[1] so that nl80211_post_doit won't dereference it
4555 * to check if it needs to do dev_put(). Otherwise it crashes
4556 * since the wdev has been freed, unlike with a netdev where
4557 * we need the dev_put() for the netdev to really be freed.
4558 */
4559 if (!wdev->netdev)
4560 info->user_ptr[1] = NULL;
4561 else
4562 dev_close(wdev->netdev);
4563
4564 mutex_lock(&rdev->wiphy.mtx);
4565
4566 return cfg80211_remove_virtual_intf(rdev, wdev);
4567 }
4568
nl80211_set_noack_map(struct sk_buff * skb,struct genl_info * info)4569 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4570 {
4571 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4572 struct net_device *dev = info->user_ptr[1];
4573 u16 noack_map;
4574
4575 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4576 return -EINVAL;
4577
4578 if (!rdev->ops->set_noack_map)
4579 return -EOPNOTSUPP;
4580
4581 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4582
4583 return rdev_set_noack_map(rdev, dev, noack_map);
4584 }
4585
nl80211_validate_key_link_id(struct genl_info * info,struct wireless_dev * wdev,int link_id,bool pairwise)4586 static int nl80211_validate_key_link_id(struct genl_info *info,
4587 struct wireless_dev *wdev,
4588 int link_id, bool pairwise)
4589 {
4590 if (pairwise) {
4591 if (link_id != -1) {
4592 GENL_SET_ERR_MSG(info,
4593 "link ID not allowed for pairwise key");
4594 return -EINVAL;
4595 }
4596
4597 return 0;
4598 }
4599
4600 if (wdev->valid_links) {
4601 if (link_id == -1) {
4602 GENL_SET_ERR_MSG(info,
4603 "link ID must for MLO group key");
4604 return -EINVAL;
4605 }
4606 if (!(wdev->valid_links & BIT(link_id))) {
4607 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
4608 return -EINVAL;
4609 }
4610 } else if (link_id != -1) {
4611 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
4612 return -EINVAL;
4613 }
4614
4615 return 0;
4616 }
4617
4618 struct get_key_cookie {
4619 struct sk_buff *msg;
4620 int error;
4621 int idx;
4622 };
4623
get_key_callback(void * c,struct key_params * params)4624 static void get_key_callback(void *c, struct key_params *params)
4625 {
4626 struct nlattr *key;
4627 struct get_key_cookie *cookie = c;
4628
4629 if ((params->seq &&
4630 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4631 params->seq_len, params->seq)) ||
4632 (params->cipher &&
4633 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4634 params->cipher)))
4635 goto nla_put_failure;
4636
4637 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4638 if (!key)
4639 goto nla_put_failure;
4640
4641 if ((params->seq &&
4642 nla_put(cookie->msg, NL80211_KEY_SEQ,
4643 params->seq_len, params->seq)) ||
4644 (params->cipher &&
4645 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4646 params->cipher)))
4647 goto nla_put_failure;
4648
4649 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4650 goto nla_put_failure;
4651
4652 nla_nest_end(cookie->msg, key);
4653
4654 return;
4655 nla_put_failure:
4656 cookie->error = 1;
4657 }
4658
nl80211_get_key(struct sk_buff * skb,struct genl_info * info)4659 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4660 {
4661 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4662 int err;
4663 struct net_device *dev = info->user_ptr[1];
4664 u8 key_idx = 0;
4665 const u8 *mac_addr = NULL;
4666 bool pairwise;
4667 struct get_key_cookie cookie = {
4668 .error = 0,
4669 };
4670 void *hdr;
4671 struct sk_buff *msg;
4672 bool bigtk_support = false;
4673 int link_id = nl80211_link_id_or_invalid(info->attrs);
4674 struct wireless_dev *wdev = dev->ieee80211_ptr;
4675
4676 if (wiphy_ext_feature_isset(&rdev->wiphy,
4677 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4678 bigtk_support = true;
4679
4680 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
4681 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4682 wiphy_ext_feature_isset(&rdev->wiphy,
4683 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4684 bigtk_support = true;
4685
4686 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4687 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4688
4689 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4690 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4691 return -EINVAL;
4692 }
4693 }
4694
4695 if (info->attrs[NL80211_ATTR_MAC])
4696 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4697
4698 pairwise = !!mac_addr;
4699 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4700 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4701
4702 if (kt != NL80211_KEYTYPE_GROUP &&
4703 kt != NL80211_KEYTYPE_PAIRWISE)
4704 return -EINVAL;
4705 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4706 }
4707
4708 if (!rdev->ops->get_key)
4709 return -EOPNOTSUPP;
4710
4711 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4712 return -ENOENT;
4713
4714 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4715 if (!msg)
4716 return -ENOMEM;
4717
4718 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4719 NL80211_CMD_NEW_KEY);
4720 if (!hdr)
4721 goto nla_put_failure;
4722
4723 cookie.msg = msg;
4724 cookie.idx = key_idx;
4725
4726 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4727 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4728 goto nla_put_failure;
4729 if (mac_addr &&
4730 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4731 goto nla_put_failure;
4732
4733 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
4734 if (err)
4735 goto free_msg;
4736
4737 err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr,
4738 &cookie, get_key_callback);
4739
4740 if (err)
4741 goto free_msg;
4742
4743 if (cookie.error)
4744 goto nla_put_failure;
4745
4746 genlmsg_end(msg, hdr);
4747 return genlmsg_reply(msg, info);
4748
4749 nla_put_failure:
4750 err = -ENOBUFS;
4751 free_msg:
4752 nlmsg_free(msg);
4753 return err;
4754 }
4755
nl80211_set_key(struct sk_buff * skb,struct genl_info * info)4756 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4757 {
4758 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4759 struct key_parse key;
4760 int err;
4761 struct net_device *dev = info->user_ptr[1];
4762 int link_id = nl80211_link_id_or_invalid(info->attrs);
4763 struct wireless_dev *wdev = dev->ieee80211_ptr;
4764
4765 err = nl80211_parse_key(info, &key);
4766 if (err)
4767 return err;
4768
4769 if (key.idx < 0)
4770 return -EINVAL;
4771
4772 /* Only support setting default key and
4773 * Extended Key ID action NL80211_KEY_SET_TX.
4774 */
4775 if (!key.def && !key.defmgmt && !key.defbeacon &&
4776 !(key.p.mode == NL80211_KEY_SET_TX))
4777 return -EINVAL;
4778
4779 if (key.def) {
4780 if (!rdev->ops->set_default_key)
4781 return -EOPNOTSUPP;
4782
4783 err = nl80211_key_allowed(wdev);
4784 if (err)
4785 return err;
4786
4787 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4788 if (err)
4789 return err;
4790
4791 err = rdev_set_default_key(rdev, dev, link_id, key.idx,
4792 key.def_uni, key.def_multi);
4793
4794 if (err)
4795 return err;
4796
4797 #ifdef CONFIG_CFG80211_WEXT
4798 wdev->wext.default_key = key.idx;
4799 #endif
4800 return 0;
4801 } else if (key.defmgmt) {
4802 if (key.def_uni || !key.def_multi)
4803 return -EINVAL;
4804
4805 if (!rdev->ops->set_default_mgmt_key)
4806 return -EOPNOTSUPP;
4807
4808 err = nl80211_key_allowed(wdev);
4809 if (err)
4810 return err;
4811
4812 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4813 if (err)
4814 return err;
4815
4816 err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx);
4817 if (err)
4818 return err;
4819
4820 #ifdef CONFIG_CFG80211_WEXT
4821 wdev->wext.default_mgmt_key = key.idx;
4822 #endif
4823 return 0;
4824 } else if (key.defbeacon) {
4825 if (key.def_uni || !key.def_multi)
4826 return -EINVAL;
4827
4828 if (!rdev->ops->set_default_beacon_key)
4829 return -EOPNOTSUPP;
4830
4831 err = nl80211_key_allowed(wdev);
4832 if (err)
4833 return err;
4834
4835 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4836 if (err)
4837 return err;
4838
4839 return rdev_set_default_beacon_key(rdev, dev, link_id, key.idx);
4840 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4841 wiphy_ext_feature_isset(&rdev->wiphy,
4842 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4843 u8 *mac_addr = NULL;
4844
4845 if (info->attrs[NL80211_ATTR_MAC])
4846 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4847
4848 if (!mac_addr || key.idx < 0 || key.idx > 1)
4849 return -EINVAL;
4850
4851 err = nl80211_validate_key_link_id(info, wdev, link_id, true);
4852 if (err)
4853 return err;
4854
4855 return rdev_add_key(rdev, dev, link_id, key.idx,
4856 NL80211_KEYTYPE_PAIRWISE,
4857 mac_addr, &key.p);
4858 }
4859
4860 return -EINVAL;
4861 }
4862
nl80211_new_key(struct sk_buff * skb,struct genl_info * info)4863 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4864 {
4865 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4866 int err;
4867 struct net_device *dev = info->user_ptr[1];
4868 struct key_parse key;
4869 const u8 *mac_addr = NULL;
4870 int link_id = nl80211_link_id_or_invalid(info->attrs);
4871 struct wireless_dev *wdev = dev->ieee80211_ptr;
4872
4873 err = nl80211_parse_key(info, &key);
4874 if (err)
4875 return err;
4876
4877 if (!key.p.key) {
4878 GENL_SET_ERR_MSG(info, "no key");
4879 return -EINVAL;
4880 }
4881
4882 if (info->attrs[NL80211_ATTR_MAC])
4883 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4884
4885 if (key.type == -1) {
4886 if (mac_addr)
4887 key.type = NL80211_KEYTYPE_PAIRWISE;
4888 else
4889 key.type = NL80211_KEYTYPE_GROUP;
4890 }
4891
4892 /* for now */
4893 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4894 key.type != NL80211_KEYTYPE_GROUP) {
4895 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4896 return -EINVAL;
4897 }
4898
4899 if (key.type == NL80211_KEYTYPE_GROUP &&
4900 info->attrs[NL80211_ATTR_VLAN_ID])
4901 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4902
4903 if (!rdev->ops->add_key)
4904 return -EOPNOTSUPP;
4905
4906 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4907 key.type == NL80211_KEYTYPE_PAIRWISE,
4908 mac_addr)) {
4909 GENL_SET_ERR_MSG(info, "key setting validation failed");
4910 return -EINVAL;
4911 }
4912
4913 err = nl80211_key_allowed(wdev);
4914 if (err)
4915 GENL_SET_ERR_MSG(info, "key not allowed");
4916
4917 if (!err)
4918 err = nl80211_validate_key_link_id(info, wdev, link_id,
4919 key.type == NL80211_KEYTYPE_PAIRWISE);
4920
4921 if (!err) {
4922 err = rdev_add_key(rdev, dev, link_id, key.idx,
4923 key.type == NL80211_KEYTYPE_PAIRWISE,
4924 mac_addr, &key.p);
4925 if (err)
4926 GENL_SET_ERR_MSG(info, "key addition failed");
4927 }
4928
4929 return err;
4930 }
4931
nl80211_del_key(struct sk_buff * skb,struct genl_info * info)4932 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4933 {
4934 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4935 int err;
4936 struct net_device *dev = info->user_ptr[1];
4937 u8 *mac_addr = NULL;
4938 struct key_parse key;
4939 int link_id = nl80211_link_id_or_invalid(info->attrs);
4940 struct wireless_dev *wdev = dev->ieee80211_ptr;
4941
4942 err = nl80211_parse_key(info, &key);
4943 if (err)
4944 return err;
4945
4946 if (info->attrs[NL80211_ATTR_MAC])
4947 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4948
4949 if (key.type == -1) {
4950 if (mac_addr)
4951 key.type = NL80211_KEYTYPE_PAIRWISE;
4952 else
4953 key.type = NL80211_KEYTYPE_GROUP;
4954 }
4955
4956 /* for now */
4957 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4958 key.type != NL80211_KEYTYPE_GROUP)
4959 return -EINVAL;
4960
4961 if (!cfg80211_valid_key_idx(rdev, key.idx,
4962 key.type == NL80211_KEYTYPE_PAIRWISE))
4963 return -EINVAL;
4964
4965 if (!rdev->ops->del_key)
4966 return -EOPNOTSUPP;
4967
4968 err = nl80211_key_allowed(wdev);
4969
4970 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4971 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4972 err = -ENOENT;
4973
4974 if (!err)
4975 err = nl80211_validate_key_link_id(info, wdev, link_id,
4976 key.type == NL80211_KEYTYPE_PAIRWISE);
4977
4978 if (!err)
4979 err = rdev_del_key(rdev, dev, link_id, key.idx,
4980 key.type == NL80211_KEYTYPE_PAIRWISE,
4981 mac_addr);
4982
4983 #ifdef CONFIG_CFG80211_WEXT
4984 if (!err) {
4985 if (key.idx == wdev->wext.default_key)
4986 wdev->wext.default_key = -1;
4987 else if (key.idx == wdev->wext.default_mgmt_key)
4988 wdev->wext.default_mgmt_key = -1;
4989 }
4990 #endif
4991
4992 return err;
4993 }
4994
4995 /* This function returns an error or the number of nested attributes */
validate_acl_mac_addrs(struct nlattr * nl_attr)4996 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4997 {
4998 struct nlattr *attr;
4999 int n_entries = 0, tmp;
5000
5001 nla_for_each_nested(attr, nl_attr, tmp) {
5002 if (nla_len(attr) != ETH_ALEN)
5003 return -EINVAL;
5004
5005 n_entries++;
5006 }
5007
5008 return n_entries;
5009 }
5010
5011 /*
5012 * This function parses ACL information and allocates memory for ACL data.
5013 * On successful return, the calling function is responsible to free the
5014 * ACL buffer returned by this function.
5015 */
parse_acl_data(struct wiphy * wiphy,struct genl_info * info)5016 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
5017 struct genl_info *info)
5018 {
5019 enum nl80211_acl_policy acl_policy;
5020 struct nlattr *attr;
5021 struct cfg80211_acl_data *acl;
5022 int i = 0, n_entries, tmp;
5023
5024 if (!wiphy->max_acl_mac_addrs)
5025 return ERR_PTR(-EOPNOTSUPP);
5026
5027 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
5028 return ERR_PTR(-EINVAL);
5029
5030 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
5031 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
5032 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
5033 return ERR_PTR(-EINVAL);
5034
5035 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
5036 return ERR_PTR(-EINVAL);
5037
5038 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
5039 if (n_entries < 0)
5040 return ERR_PTR(n_entries);
5041
5042 if (n_entries > wiphy->max_acl_mac_addrs)
5043 return ERR_PTR(-EOPNOTSUPP);
5044
5045 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
5046 if (!acl)
5047 return ERR_PTR(-ENOMEM);
5048 acl->n_acl_entries = n_entries;
5049
5050 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
5051 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
5052 i++;
5053 }
5054 acl->acl_policy = acl_policy;
5055
5056 return acl;
5057 }
5058
nl80211_set_mac_acl(struct sk_buff * skb,struct genl_info * info)5059 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
5060 {
5061 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5062 struct net_device *dev = info->user_ptr[1];
5063 struct cfg80211_acl_data *acl;
5064 int err;
5065
5066 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5067 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5068 return -EOPNOTSUPP;
5069
5070 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
5071 return -EINVAL;
5072
5073 acl = parse_acl_data(&rdev->wiphy, info);
5074 if (IS_ERR(acl))
5075 return PTR_ERR(acl);
5076
5077 err = rdev_set_mac_acl(rdev, dev, acl);
5078
5079 kfree(acl);
5080
5081 return err;
5082 }
5083
rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len)5084 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5085 u8 *rates, u8 rates_len)
5086 {
5087 u8 i;
5088 u32 mask = 0;
5089
5090 for (i = 0; i < rates_len; i++) {
5091 int rate = (rates[i] & 0x7f) * 5;
5092 int ridx;
5093
5094 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5095 struct ieee80211_rate *srate =
5096 &sband->bitrates[ridx];
5097 if (rate == srate->bitrate) {
5098 mask |= 1 << ridx;
5099 break;
5100 }
5101 }
5102 if (ridx == sband->n_bitrates)
5103 return 0; /* rate not found */
5104 }
5105
5106 return mask;
5107 }
5108
ht_rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len,u8 mcs[IEEE80211_HT_MCS_MASK_LEN])5109 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5110 u8 *rates, u8 rates_len,
5111 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5112 {
5113 u8 i;
5114
5115 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5116
5117 for (i = 0; i < rates_len; i++) {
5118 int ridx, rbit;
5119
5120 ridx = rates[i] / 8;
5121 rbit = BIT(rates[i] % 8);
5122
5123 /* check validity */
5124 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5125 return false;
5126
5127 /* check availability */
5128 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
5129 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5130 mcs[ridx] |= rbit;
5131 else
5132 return false;
5133 }
5134
5135 return true;
5136 }
5137
vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)5138 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
5139 {
5140 u16 mcs_mask = 0;
5141
5142 switch (vht_mcs_map) {
5143 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
5144 break;
5145 case IEEE80211_VHT_MCS_SUPPORT_0_7:
5146 mcs_mask = 0x00FF;
5147 break;
5148 case IEEE80211_VHT_MCS_SUPPORT_0_8:
5149 mcs_mask = 0x01FF;
5150 break;
5151 case IEEE80211_VHT_MCS_SUPPORT_0_9:
5152 mcs_mask = 0x03FF;
5153 break;
5154 default:
5155 break;
5156 }
5157
5158 return mcs_mask;
5159 }
5160
vht_build_mcs_mask(u16 vht_mcs_map,u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])5161 static void vht_build_mcs_mask(u16 vht_mcs_map,
5162 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
5163 {
5164 u8 nss;
5165
5166 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5167 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5168 vht_mcs_map >>= 2;
5169 }
5170 }
5171
vht_set_mcs_mask(struct ieee80211_supported_band * sband,struct nl80211_txrate_vht * txrate,u16 mcs[NL80211_VHT_NSS_MAX])5172 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5173 struct nl80211_txrate_vht *txrate,
5174 u16 mcs[NL80211_VHT_NSS_MAX])
5175 {
5176 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5177 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5178 u8 i;
5179
5180 if (!sband->vht_cap.vht_supported)
5181 return false;
5182
5183 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5184
5185 /* Build vht_mcs_mask from VHT capabilities */
5186 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5187
5188 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5189 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5190 mcs[i] = txrate->mcs[i];
5191 else
5192 return false;
5193 }
5194
5195 return true;
5196 }
5197
he_mcs_map_to_mcs_mask(u8 he_mcs_map)5198 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5199 {
5200 switch (he_mcs_map) {
5201 case IEEE80211_HE_MCS_NOT_SUPPORTED:
5202 return 0;
5203 case IEEE80211_HE_MCS_SUPPORT_0_7:
5204 return 0x00FF;
5205 case IEEE80211_HE_MCS_SUPPORT_0_9:
5206 return 0x03FF;
5207 case IEEE80211_HE_MCS_SUPPORT_0_11:
5208 return 0xFFF;
5209 default:
5210 break;
5211 }
5212 return 0;
5213 }
5214
he_build_mcs_mask(u16 he_mcs_map,u16 he_mcs_mask[NL80211_HE_NSS_MAX])5215 static void he_build_mcs_mask(u16 he_mcs_map,
5216 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5217 {
5218 u8 nss;
5219
5220 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5221 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5222 he_mcs_map >>= 2;
5223 }
5224 }
5225
he_get_txmcsmap(struct genl_info * info,unsigned int link_id,const struct ieee80211_sta_he_cap * he_cap)5226 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5227 const struct ieee80211_sta_he_cap *he_cap)
5228 {
5229 struct net_device *dev = info->user_ptr[1];
5230 struct wireless_dev *wdev = dev->ieee80211_ptr;
5231 struct cfg80211_chan_def *chandef;
5232 __le16 tx_mcs;
5233
5234 chandef = wdev_chandef(wdev, link_id);
5235 if (!chandef) {
5236 /*
5237 * This is probably broken, but we never maintained
5238 * a chandef in these cases, so it always was.
5239 */
5240 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5241 }
5242
5243 switch (chandef->width) {
5244 case NL80211_CHAN_WIDTH_80P80:
5245 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5246 break;
5247 case NL80211_CHAN_WIDTH_160:
5248 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5249 break;
5250 default:
5251 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5252 break;
5253 }
5254
5255 return le16_to_cpu(tx_mcs);
5256 }
5257
he_set_mcs_mask(struct genl_info * info,struct wireless_dev * wdev,struct ieee80211_supported_band * sband,struct nl80211_txrate_he * txrate,u16 mcs[NL80211_HE_NSS_MAX],unsigned int link_id)5258 static bool he_set_mcs_mask(struct genl_info *info,
5259 struct wireless_dev *wdev,
5260 struct ieee80211_supported_band *sband,
5261 struct nl80211_txrate_he *txrate,
5262 u16 mcs[NL80211_HE_NSS_MAX],
5263 unsigned int link_id)
5264 {
5265 const struct ieee80211_sta_he_cap *he_cap;
5266 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5267 u16 tx_mcs_map = 0;
5268 u8 i;
5269
5270 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5271 if (!he_cap)
5272 return false;
5273
5274 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5275
5276 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5277
5278 /* Build he_mcs_mask from HE capabilities */
5279 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5280
5281 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5282 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5283 mcs[i] = txrate->mcs[i];
5284 else
5285 return false;
5286 }
5287
5288 return true;
5289 }
5290
nl80211_parse_tx_bitrate_mask(struct genl_info * info,struct nlattr * attrs[],enum nl80211_attrs attr,struct cfg80211_bitrate_mask * mask,struct net_device * dev,bool default_all_enabled,unsigned int link_id)5291 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
5292 struct nlattr *attrs[],
5293 enum nl80211_attrs attr,
5294 struct cfg80211_bitrate_mask *mask,
5295 struct net_device *dev,
5296 bool default_all_enabled,
5297 unsigned int link_id)
5298 {
5299 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5300 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5301 struct wireless_dev *wdev = dev->ieee80211_ptr;
5302 int rem, i;
5303 struct nlattr *tx_rates;
5304 struct ieee80211_supported_band *sband;
5305 u16 vht_tx_mcs_map, he_tx_mcs_map;
5306
5307 memset(mask, 0, sizeof(*mask));
5308 /* Default to all rates enabled */
5309 for (i = 0; i < NUM_NL80211_BANDS; i++) {
5310 const struct ieee80211_sta_he_cap *he_cap;
5311
5312 if (!default_all_enabled)
5313 break;
5314
5315 sband = rdev->wiphy.bands[i];
5316
5317 if (!sband)
5318 continue;
5319
5320 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
5321 memcpy(mask->control[i].ht_mcs,
5322 sband->ht_cap.mcs.rx_mask,
5323 sizeof(mask->control[i].ht_mcs));
5324
5325 if (sband->vht_cap.vht_supported) {
5326 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5327 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
5328 }
5329
5330 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5331 if (!he_cap)
5332 continue;
5333
5334 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5335 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
5336
5337 mask->control[i].he_gi = 0xFF;
5338 mask->control[i].he_ltf = 0xFF;
5339 }
5340
5341 /* if no rates are given set it back to the defaults */
5342 if (!attrs[attr])
5343 goto out;
5344
5345 /* The nested attribute uses enum nl80211_band as the index. This maps
5346 * directly to the enum nl80211_band values used in cfg80211.
5347 */
5348 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5349 nla_for_each_nested(tx_rates, attrs[attr], rem) {
5350 enum nl80211_band band = nla_type(tx_rates);
5351 int err;
5352
5353 if (band < 0 || band >= NUM_NL80211_BANDS)
5354 return -EINVAL;
5355 sband = rdev->wiphy.bands[band];
5356 if (sband == NULL)
5357 return -EINVAL;
5358 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
5359 tx_rates,
5360 nl80211_txattr_policy,
5361 info->extack);
5362 if (err)
5363 return err;
5364 if (tb[NL80211_TXRATE_LEGACY]) {
5365 mask->control[band].legacy = rateset_to_mask(
5366 sband,
5367 nla_data(tb[NL80211_TXRATE_LEGACY]),
5368 nla_len(tb[NL80211_TXRATE_LEGACY]));
5369 if ((mask->control[band].legacy == 0) &&
5370 nla_len(tb[NL80211_TXRATE_LEGACY]))
5371 return -EINVAL;
5372 }
5373 if (tb[NL80211_TXRATE_HT]) {
5374 if (!ht_rateset_to_mask(
5375 sband,
5376 nla_data(tb[NL80211_TXRATE_HT]),
5377 nla_len(tb[NL80211_TXRATE_HT]),
5378 mask->control[band].ht_mcs))
5379 return -EINVAL;
5380 }
5381
5382 if (tb[NL80211_TXRATE_VHT]) {
5383 if (!vht_set_mcs_mask(
5384 sband,
5385 nla_data(tb[NL80211_TXRATE_VHT]),
5386 mask->control[band].vht_mcs))
5387 return -EINVAL;
5388 }
5389
5390 if (tb[NL80211_TXRATE_GI]) {
5391 mask->control[band].gi =
5392 nla_get_u8(tb[NL80211_TXRATE_GI]);
5393 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
5394 return -EINVAL;
5395 }
5396 if (tb[NL80211_TXRATE_HE] &&
5397 !he_set_mcs_mask(info, wdev, sband,
5398 nla_data(tb[NL80211_TXRATE_HE]),
5399 mask->control[band].he_mcs,
5400 link_id))
5401 return -EINVAL;
5402
5403 if (tb[NL80211_TXRATE_HE_GI])
5404 mask->control[band].he_gi =
5405 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
5406 if (tb[NL80211_TXRATE_HE_LTF])
5407 mask->control[band].he_ltf =
5408 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
5409
5410 if (mask->control[band].legacy == 0) {
5411 /* don't allow empty legacy rates if HT, VHT or HE
5412 * are not even supported.
5413 */
5414 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
5415 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
5416 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
5417 return -EINVAL;
5418
5419 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5420 if (mask->control[band].ht_mcs[i])
5421 goto out;
5422
5423 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
5424 if (mask->control[band].vht_mcs[i])
5425 goto out;
5426
5427 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
5428 if (mask->control[band].he_mcs[i])
5429 goto out;
5430
5431 /* legacy and mcs rates may not be both empty */
5432 return -EINVAL;
5433 }
5434 }
5435
5436 out:
5437 return 0;
5438 }
5439
validate_beacon_tx_rate(struct cfg80211_registered_device * rdev,enum nl80211_band band,struct cfg80211_bitrate_mask * beacon_rate)5440 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
5441 enum nl80211_band band,
5442 struct cfg80211_bitrate_mask *beacon_rate)
5443 {
5444 u32 count_ht, count_vht, count_he, i;
5445 u32 rate = beacon_rate->control[band].legacy;
5446
5447 /* Allow only one rate */
5448 if (hweight32(rate) > 1)
5449 return -EINVAL;
5450
5451 count_ht = 0;
5452 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5453 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
5454 return -EINVAL;
5455 } else if (beacon_rate->control[band].ht_mcs[i]) {
5456 count_ht++;
5457 if (count_ht > 1)
5458 return -EINVAL;
5459 }
5460 if (count_ht && rate)
5461 return -EINVAL;
5462 }
5463
5464 count_vht = 0;
5465 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5466 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
5467 return -EINVAL;
5468 } else if (beacon_rate->control[band].vht_mcs[i]) {
5469 count_vht++;
5470 if (count_vht > 1)
5471 return -EINVAL;
5472 }
5473 if (count_vht && rate)
5474 return -EINVAL;
5475 }
5476
5477 count_he = 0;
5478 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5479 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
5480 return -EINVAL;
5481 } else if (beacon_rate->control[band].he_mcs[i]) {
5482 count_he++;
5483 if (count_he > 1)
5484 return -EINVAL;
5485 }
5486 if (count_he && rate)
5487 return -EINVAL;
5488 }
5489
5490 if ((count_ht && count_vht && count_he) ||
5491 (!rate && !count_ht && !count_vht && !count_he))
5492 return -EINVAL;
5493
5494 if (rate &&
5495 !wiphy_ext_feature_isset(&rdev->wiphy,
5496 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
5497 return -EINVAL;
5498 if (count_ht &&
5499 !wiphy_ext_feature_isset(&rdev->wiphy,
5500 NL80211_EXT_FEATURE_BEACON_RATE_HT))
5501 return -EINVAL;
5502 if (count_vht &&
5503 !wiphy_ext_feature_isset(&rdev->wiphy,
5504 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
5505 return -EINVAL;
5506 if (count_he &&
5507 !wiphy_ext_feature_isset(&rdev->wiphy,
5508 NL80211_EXT_FEATURE_BEACON_RATE_HE))
5509 return -EINVAL;
5510
5511 return 0;
5512 }
5513
nl80211_parse_mbssid_config(struct wiphy * wiphy,struct net_device * dev,struct nlattr * attrs,struct cfg80211_mbssid_config * config,u8 num_elems)5514 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
5515 struct net_device *dev,
5516 struct nlattr *attrs,
5517 struct cfg80211_mbssid_config *config,
5518 u8 num_elems)
5519 {
5520 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
5521
5522 if (!wiphy->mbssid_max_interfaces)
5523 return -EOPNOTSUPP;
5524
5525 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
5526 NULL) ||
5527 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
5528 return -EINVAL;
5529
5530 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
5531 if (config->ema) {
5532 if (!wiphy->ema_max_profile_periodicity)
5533 return -EOPNOTSUPP;
5534
5535 if (num_elems > wiphy->ema_max_profile_periodicity)
5536 return -EINVAL;
5537 }
5538
5539 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
5540 if (config->index >= wiphy->mbssid_max_interfaces ||
5541 (!config->index && !num_elems))
5542 return -EINVAL;
5543
5544 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
5545 u32 tx_ifindex =
5546 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
5547
5548 if ((!config->index && tx_ifindex != dev->ifindex) ||
5549 (config->index && tx_ifindex == dev->ifindex))
5550 return -EINVAL;
5551
5552 if (tx_ifindex != dev->ifindex) {
5553 struct net_device *tx_netdev =
5554 dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
5555
5556 if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
5557 tx_netdev->ieee80211_ptr->wiphy != wiphy ||
5558 tx_netdev->ieee80211_ptr->iftype !=
5559 NL80211_IFTYPE_AP) {
5560 dev_put(tx_netdev);
5561 return -EINVAL;
5562 }
5563
5564 config->tx_wdev = tx_netdev->ieee80211_ptr;
5565 } else {
5566 config->tx_wdev = dev->ieee80211_ptr;
5567 }
5568 } else if (!config->index) {
5569 config->tx_wdev = dev->ieee80211_ptr;
5570 } else {
5571 return -EINVAL;
5572 }
5573
5574 return 0;
5575 }
5576
5577 static struct cfg80211_mbssid_elems *
nl80211_parse_mbssid_elems(struct wiphy * wiphy,struct nlattr * attrs)5578 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
5579 {
5580 struct nlattr *nl_elems;
5581 struct cfg80211_mbssid_elems *elems;
5582 int rem_elems;
5583 u8 i = 0, num_elems = 0;
5584
5585 if (!wiphy->mbssid_max_interfaces)
5586 return ERR_PTR(-EINVAL);
5587
5588 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5589 if (num_elems >= 255)
5590 return ERR_PTR(-EINVAL);
5591 num_elems++;
5592 }
5593
5594 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5595 if (!elems)
5596 return ERR_PTR(-ENOMEM);
5597 elems->cnt = num_elems;
5598
5599 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5600 elems->elem[i].data = nla_data(nl_elems);
5601 elems->elem[i].len = nla_len(nl_elems);
5602 i++;
5603 }
5604 return elems;
5605 }
5606
5607 static struct cfg80211_rnr_elems *
nl80211_parse_rnr_elems(struct wiphy * wiphy,struct nlattr * attrs,struct netlink_ext_ack * extack)5608 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
5609 struct netlink_ext_ack *extack)
5610 {
5611 struct nlattr *nl_elems;
5612 struct cfg80211_rnr_elems *elems;
5613 int rem_elems;
5614 u8 i = 0, num_elems = 0;
5615
5616 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5617 int ret;
5618
5619 ret = validate_ie_attr(nl_elems, extack);
5620 if (ret)
5621 return ERR_PTR(ret);
5622
5623 num_elems++;
5624 }
5625
5626 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5627 if (!elems)
5628 return ERR_PTR(-ENOMEM);
5629 elems->cnt = num_elems;
5630
5631 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5632 elems->elem[i].data = nla_data(nl_elems);
5633 elems->elem[i].len = nla_len(nl_elems);
5634 i++;
5635 }
5636 return elems;
5637 }
5638
nl80211_parse_he_bss_color(struct nlattr * attrs,struct cfg80211_he_bss_color * he_bss_color)5639 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5640 struct cfg80211_he_bss_color *he_bss_color)
5641 {
5642 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5643 int err;
5644
5645 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5646 he_bss_color_policy, NULL);
5647 if (err)
5648 return err;
5649
5650 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5651 return -EINVAL;
5652
5653 he_bss_color->color =
5654 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5655 he_bss_color->enabled =
5656 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5657 he_bss_color->partial =
5658 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5659
5660 return 0;
5661 }
5662
nl80211_parse_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct cfg80211_beacon_data * bcn,struct netlink_ext_ack * extack)5663 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
5664 struct nlattr *attrs[],
5665 struct cfg80211_beacon_data *bcn,
5666 struct netlink_ext_ack *extack)
5667 {
5668 bool haveinfo = false;
5669 int err;
5670
5671 memset(bcn, 0, sizeof(*bcn));
5672
5673 bcn->link_id = nl80211_link_id(attrs);
5674
5675 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
5676 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
5677 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
5678 if (!bcn->head_len)
5679 return -EINVAL;
5680 haveinfo = true;
5681 }
5682
5683 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
5684 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
5685 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
5686 haveinfo = true;
5687 }
5688
5689 if (!haveinfo)
5690 return -EINVAL;
5691
5692 if (attrs[NL80211_ATTR_IE]) {
5693 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5694 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5695 }
5696
5697 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5698 bcn->proberesp_ies =
5699 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5700 bcn->proberesp_ies_len =
5701 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5702 }
5703
5704 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5705 bcn->assocresp_ies =
5706 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5707 bcn->assocresp_ies_len =
5708 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5709 }
5710
5711 if (attrs[NL80211_ATTR_PROBE_RESP]) {
5712 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5713 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5714 }
5715
5716 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5717 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5718
5719 err = nla_parse_nested_deprecated(tb,
5720 NL80211_FTM_RESP_ATTR_MAX,
5721 attrs[NL80211_ATTR_FTM_RESPONDER],
5722 NULL, NULL);
5723 if (err)
5724 return err;
5725
5726 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5727 wiphy_ext_feature_isset(&rdev->wiphy,
5728 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5729 bcn->ftm_responder = 1;
5730 else
5731 return -EOPNOTSUPP;
5732
5733 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5734 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5735 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5736 }
5737
5738 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5739 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5740 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5741 }
5742 } else {
5743 bcn->ftm_responder = -1;
5744 }
5745
5746 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5747 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
5748 &bcn->he_bss_color);
5749 if (err)
5750 return err;
5751 bcn->he_bss_color_valid = true;
5752 }
5753
5754 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
5755 struct cfg80211_mbssid_elems *mbssid =
5756 nl80211_parse_mbssid_elems(&rdev->wiphy,
5757 attrs[NL80211_ATTR_MBSSID_ELEMS]);
5758
5759 if (IS_ERR(mbssid))
5760 return PTR_ERR(mbssid);
5761
5762 bcn->mbssid_ies = mbssid;
5763
5764 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
5765 struct cfg80211_rnr_elems *rnr =
5766 nl80211_parse_rnr_elems(&rdev->wiphy,
5767 attrs[NL80211_ATTR_EMA_RNR_ELEMS],
5768 extack);
5769
5770 if (IS_ERR(rnr))
5771 return PTR_ERR(rnr);
5772
5773 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
5774 return -EINVAL;
5775
5776 bcn->rnr_ies = rnr;
5777 }
5778 }
5779
5780 return 0;
5781 }
5782
nl80211_parse_he_obss_pd(struct nlattr * attrs,struct ieee80211_he_obss_pd * he_obss_pd)5783 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5784 struct ieee80211_he_obss_pd *he_obss_pd)
5785 {
5786 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5787 int err;
5788
5789 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5790 he_obss_pd_policy, NULL);
5791 if (err)
5792 return err;
5793
5794 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5795 return -EINVAL;
5796
5797 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5798
5799 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5800 he_obss_pd->min_offset =
5801 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5802 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5803 he_obss_pd->max_offset =
5804 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5805 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5806 he_obss_pd->non_srg_max_offset =
5807 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5808
5809 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5810 return -EINVAL;
5811
5812 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5813 memcpy(he_obss_pd->bss_color_bitmap,
5814 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5815 sizeof(he_obss_pd->bss_color_bitmap));
5816
5817 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5818 memcpy(he_obss_pd->partial_bssid_bitmap,
5819 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5820 sizeof(he_obss_pd->partial_bssid_bitmap));
5821
5822 he_obss_pd->enable = true;
5823
5824 return 0;
5825 }
5826
nl80211_parse_fils_discovery(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_fils_discovery * fd)5827 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5828 struct nlattr *attrs,
5829 struct cfg80211_fils_discovery *fd)
5830 {
5831 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5832 int ret;
5833
5834 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5835 NL80211_EXT_FEATURE_FILS_DISCOVERY))
5836 return -EINVAL;
5837
5838 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5839 NULL, NULL);
5840 if (ret)
5841 return ret;
5842
5843 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
5844 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
5845 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
5846 fd->update = true;
5847 return 0;
5848 }
5849
5850 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5851 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5852 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5853 return -EINVAL;
5854
5855 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5856 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5857 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5858 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5859 fd->update = true;
5860 return 0;
5861 }
5862
5863 static int
nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_unsol_bcast_probe_resp * presp)5864 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5865 struct nlattr *attrs,
5866 struct cfg80211_unsol_bcast_probe_resp *presp)
5867 {
5868 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5869 int ret;
5870
5871 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5872 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5873 return -EINVAL;
5874
5875 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5876 attrs, NULL, NULL);
5877 if (ret)
5878 return ret;
5879
5880 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
5881 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
5882 presp->update = true;
5883 return 0;
5884 }
5885
5886 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5887 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5888 return -EINVAL;
5889
5890 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5891 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5892 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5893 presp->update = true;
5894 return 0;
5895 }
5896
nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings * params,const struct element * rates)5897 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5898 const struct element *rates)
5899 {
5900 int i;
5901
5902 if (!rates)
5903 return;
5904
5905 for (i = 0; i < rates->datalen; i++) {
5906 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5907 params->ht_required = true;
5908 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5909 params->vht_required = true;
5910 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5911 params->he_required = true;
5912 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5913 params->sae_h2e_required = true;
5914 }
5915 }
5916
5917 /*
5918 * Since the nl80211 API didn't include, from the beginning, attributes about
5919 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
5920 * benefit of drivers that rebuild IEs in the firmware.
5921 */
nl80211_calculate_ap_params(struct cfg80211_ap_settings * params)5922 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5923 {
5924 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
5925 size_t ies_len = bcn->tail_len;
5926 const u8 *ies = bcn->tail;
5927 const struct element *rates;
5928 const struct element *cap;
5929
5930 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
5931 nl80211_check_ap_rate_selectors(params, rates);
5932
5933 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5934 nl80211_check_ap_rate_selectors(params, rates);
5935
5936 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5937 if (cap && cap->datalen >= sizeof(*params->ht_cap))
5938 params->ht_cap = (void *)cap->data;
5939 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5940 if (cap && cap->datalen >= sizeof(*params->vht_cap))
5941 params->vht_cap = (void *)cap->data;
5942 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5943 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1)
5944 params->he_cap = (void *)(cap->data + 1);
5945 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5946 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1)
5947 params->he_oper = (void *)(cap->data + 1);
5948 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
5949 if (cap) {
5950 if (!cap->datalen)
5951 return -EINVAL;
5952 params->eht_cap = (void *)(cap->data + 1);
5953 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
5954 (const u8 *)params->eht_cap,
5955 cap->datalen - 1, true))
5956 return -EINVAL;
5957 }
5958 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
5959 if (cap) {
5960 if (!cap->datalen)
5961 return -EINVAL;
5962 params->eht_oper = (void *)(cap->data + 1);
5963 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper,
5964 cap->datalen - 1))
5965 return -EINVAL;
5966 }
5967 return 0;
5968 }
5969
nl80211_get_ap_channel(struct cfg80211_registered_device * rdev,struct cfg80211_ap_settings * params)5970 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5971 struct cfg80211_ap_settings *params)
5972 {
5973 struct wireless_dev *wdev;
5974
5975 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5976 if (wdev->iftype != NL80211_IFTYPE_AP &&
5977 wdev->iftype != NL80211_IFTYPE_P2P_GO)
5978 continue;
5979
5980 if (!wdev->u.ap.preset_chandef.chan)
5981 continue;
5982
5983 params->chandef = wdev->u.ap.preset_chandef;
5984 return true;
5985 }
5986
5987 return false;
5988 }
5989
nl80211_valid_auth_type(struct cfg80211_registered_device * rdev,enum nl80211_auth_type auth_type,enum nl80211_commands cmd)5990 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5991 enum nl80211_auth_type auth_type,
5992 enum nl80211_commands cmd)
5993 {
5994 if (auth_type > NL80211_AUTHTYPE_MAX)
5995 return false;
5996
5997 switch (cmd) {
5998 case NL80211_CMD_AUTHENTICATE:
5999 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6000 auth_type == NL80211_AUTHTYPE_SAE)
6001 return false;
6002 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6003 NL80211_EXT_FEATURE_FILS_STA) &&
6004 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6005 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6006 auth_type == NL80211_AUTHTYPE_FILS_PK))
6007 return false;
6008 return true;
6009 case NL80211_CMD_CONNECT:
6010 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6011 !wiphy_ext_feature_isset(&rdev->wiphy,
6012 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
6013 auth_type == NL80211_AUTHTYPE_SAE)
6014 return false;
6015
6016 /* FILS with SK PFS or PK not supported yet */
6017 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6018 auth_type == NL80211_AUTHTYPE_FILS_PK)
6019 return false;
6020 if (!wiphy_ext_feature_isset(
6021 &rdev->wiphy,
6022 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
6023 auth_type == NL80211_AUTHTYPE_FILS_SK)
6024 return false;
6025 return true;
6026 case NL80211_CMD_START_AP:
6027 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6028 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
6029 auth_type == NL80211_AUTHTYPE_SAE)
6030 return false;
6031 /* FILS not supported yet */
6032 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6033 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6034 auth_type == NL80211_AUTHTYPE_FILS_PK)
6035 return false;
6036 return true;
6037 default:
6038 return false;
6039 }
6040 }
6041
nl80211_send_ap_started(struct wireless_dev * wdev,unsigned int link_id)6042 static void nl80211_send_ap_started(struct wireless_dev *wdev,
6043 unsigned int link_id)
6044 {
6045 struct wiphy *wiphy = wdev->wiphy;
6046 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6047 struct sk_buff *msg;
6048 void *hdr;
6049
6050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6051 if (!msg)
6052 return;
6053
6054 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
6055 if (!hdr)
6056 goto out;
6057
6058 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6059 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
6060 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
6061 NL80211_ATTR_PAD) ||
6062 (wdev->u.ap.ssid_len &&
6063 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
6064 wdev->u.ap.ssid)) ||
6065 (wdev->valid_links &&
6066 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
6067 goto out;
6068
6069 genlmsg_end(msg, hdr);
6070
6071 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
6072 NL80211_MCGRP_MLME, GFP_KERNEL);
6073 return;
6074 out:
6075 nlmsg_free(msg);
6076 }
6077
nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings * params)6078 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
6079 {
6080 struct ieee80211_channel *channel = params->chandef.chan;
6081
6082 if ((params->he_cap || params->he_oper) &&
6083 (channel->flags & IEEE80211_CHAN_NO_HE))
6084 return -EOPNOTSUPP;
6085
6086 if ((params->eht_cap || params->eht_oper) &&
6087 (channel->flags & IEEE80211_CHAN_NO_EHT))
6088 return -EOPNOTSUPP;
6089
6090 return 0;
6091 }
6092
nl80211_start_ap(struct sk_buff * skb,struct genl_info * info)6093 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
6094 {
6095 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6096 struct cfg80211_beaconing_check_config beacon_check = {};
6097 unsigned int link_id = nl80211_link_id(info->attrs);
6098 struct net_device *dev = info->user_ptr[1];
6099 struct wireless_dev *wdev = dev->ieee80211_ptr;
6100 struct cfg80211_ap_settings *params;
6101 int err;
6102
6103 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6104 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6105 return -EOPNOTSUPP;
6106
6107 if (!rdev->ops->start_ap)
6108 return -EOPNOTSUPP;
6109
6110 if (wdev->links[link_id].cac_started)
6111 return -EBUSY;
6112
6113 if (wdev->links[link_id].ap.beacon_interval)
6114 return -EALREADY;
6115
6116 /* these are required for START_AP */
6117 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
6118 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
6119 !info->attrs[NL80211_ATTR_BEACON_HEAD])
6120 return -EINVAL;
6121
6122 if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
6123 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
6124 return -EOPNOTSUPP;
6125
6126 params = kzalloc(sizeof(*params), GFP_KERNEL);
6127 if (!params)
6128 return -ENOMEM;
6129
6130 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6131 info->extack);
6132 if (err)
6133 goto out;
6134
6135 params->beacon_interval =
6136 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6137 params->dtim_period =
6138 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
6139
6140 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
6141 params->beacon_interval);
6142 if (err)
6143 goto out;
6144
6145 /*
6146 * In theory, some of these attributes should be required here
6147 * but since they were not used when the command was originally
6148 * added, keep them optional for old user space programs to let
6149 * them continue to work with drivers that do not need the
6150 * additional information -- drivers must check!
6151 */
6152 if (info->attrs[NL80211_ATTR_SSID]) {
6153 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6154 params->ssid_len =
6155 nla_len(info->attrs[NL80211_ATTR_SSID]);
6156 if (params->ssid_len == 0) {
6157 err = -EINVAL;
6158 goto out;
6159 }
6160
6161 if (wdev->u.ap.ssid_len &&
6162 (wdev->u.ap.ssid_len != params->ssid_len ||
6163 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
6164 /* require identical SSID for MLO */
6165 err = -EINVAL;
6166 goto out;
6167 }
6168 } else if (wdev->valid_links) {
6169 /* require SSID for MLO */
6170 err = -EINVAL;
6171 goto out;
6172 }
6173
6174 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
6175 params->hidden_ssid = nla_get_u32(
6176 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
6177
6178 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6179
6180 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6181 params->auth_type = nla_get_u32(
6182 info->attrs[NL80211_ATTR_AUTH_TYPE]);
6183 if (!nl80211_valid_auth_type(rdev, params->auth_type,
6184 NL80211_CMD_START_AP)) {
6185 err = -EINVAL;
6186 goto out;
6187 }
6188 } else
6189 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6190
6191 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto,
6192 NL80211_MAX_NR_CIPHER_SUITES);
6193 if (err)
6194 goto out;
6195
6196 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
6197 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
6198 err = -EOPNOTSUPP;
6199 goto out;
6200 }
6201 params->inactivity_timeout = nla_get_u16(
6202 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
6203 }
6204
6205 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6206 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6207 err = -EINVAL;
6208 goto out;
6209 }
6210 params->p2p_ctwindow =
6211 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6212 if (params->p2p_ctwindow != 0 &&
6213 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
6214 err = -EINVAL;
6215 goto out;
6216 }
6217 }
6218
6219 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6220 u8 tmp;
6221
6222 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6223 err = -EINVAL;
6224 goto out;
6225 }
6226 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6227 params->p2p_opp_ps = tmp;
6228 if (params->p2p_opp_ps != 0 &&
6229 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
6230 err = -EINVAL;
6231 goto out;
6232 }
6233 }
6234
6235 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6236 err = nl80211_parse_chandef(rdev, info, ¶ms->chandef);
6237 if (err)
6238 goto out;
6239 } else if (wdev->valid_links) {
6240 /* with MLD need to specify the channel configuration */
6241 err = -EINVAL;
6242 goto out;
6243 } else if (wdev->u.ap.preset_chandef.chan) {
6244 params->chandef = wdev->u.ap.preset_chandef;
6245 } else if (!nl80211_get_ap_channel(rdev, params)) {
6246 err = -EINVAL;
6247 goto out;
6248 }
6249
6250 beacon_check.iftype = wdev->iftype;
6251 beacon_check.relax = true;
6252 beacon_check.reg_power =
6253 cfg80211_get_6ghz_power_type(params->beacon.tail,
6254 params->beacon.tail_len);
6255 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, ¶ms->chandef,
6256 &beacon_check)) {
6257 err = -EINVAL;
6258 goto out;
6259 }
6260
6261 if (info->attrs[NL80211_ATTR_TX_RATES]) {
6262 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
6263 NL80211_ATTR_TX_RATES,
6264 ¶ms->beacon_rate,
6265 dev, false, link_id);
6266 if (err)
6267 goto out;
6268
6269 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
6270 ¶ms->beacon_rate);
6271 if (err)
6272 goto out;
6273 }
6274
6275 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
6276 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
6277 err = -EOPNOTSUPP;
6278 goto out;
6279 }
6280
6281 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
6282 params->acl = parse_acl_data(&rdev->wiphy, info);
6283 if (IS_ERR(params->acl)) {
6284 err = PTR_ERR(params->acl);
6285 params->acl = NULL;
6286 goto out;
6287 }
6288 }
6289
6290 params->twt_responder =
6291 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
6292
6293 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
6294 err = nl80211_parse_he_obss_pd(
6295 info->attrs[NL80211_ATTR_HE_OBSS_PD],
6296 ¶ms->he_obss_pd);
6297 if (err)
6298 goto out;
6299 }
6300
6301 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
6302 err = nl80211_parse_fils_discovery(rdev,
6303 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
6304 ¶ms->fils_discovery);
6305 if (err)
6306 goto out;
6307 }
6308
6309 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
6310 err = nl80211_parse_unsol_bcast_probe_resp(
6311 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
6312 ¶ms->unsol_bcast_probe_resp);
6313 if (err)
6314 goto out;
6315 }
6316
6317 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
6318 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev,
6319 info->attrs[NL80211_ATTR_MBSSID_CONFIG],
6320 ¶ms->mbssid_config,
6321 params->beacon.mbssid_ies ?
6322 params->beacon.mbssid_ies->cnt :
6323 0);
6324 if (err)
6325 goto out;
6326 }
6327
6328 if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
6329 err = -EINVAL;
6330 goto out;
6331 }
6332
6333 err = nl80211_calculate_ap_params(params);
6334 if (err)
6335 goto out;
6336
6337 err = nl80211_validate_ap_phy_operation(params);
6338 if (err)
6339 goto out;
6340
6341 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
6342 params->flags = nla_get_u32(
6343 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
6344 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
6345 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
6346
6347 if (wdev->conn_owner_nlportid &&
6348 info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
6349 wdev->conn_owner_nlportid != info->snd_portid) {
6350 err = -EINVAL;
6351 goto out;
6352 }
6353
6354 /* FIXME: validate MLO/link-id against driver capabilities */
6355
6356 err = rdev_start_ap(rdev, dev, params);
6357 if (!err) {
6358 wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
6359 wdev->links[link_id].ap.chandef = params->chandef;
6360 wdev->u.ap.ssid_len = params->ssid_len;
6361 memcpy(wdev->u.ap.ssid, params->ssid,
6362 params->ssid_len);
6363
6364 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6365 wdev->conn_owner_nlportid = info->snd_portid;
6366
6367 nl80211_send_ap_started(wdev, link_id);
6368 }
6369 out:
6370 kfree(params->acl);
6371 kfree(params->beacon.mbssid_ies);
6372 if (params->mbssid_config.tx_wdev &&
6373 params->mbssid_config.tx_wdev->netdev &&
6374 params->mbssid_config.tx_wdev->netdev != dev)
6375 dev_put(params->mbssid_config.tx_wdev->netdev);
6376 kfree(params->beacon.rnr_ies);
6377 kfree(params);
6378
6379 return err;
6380 }
6381
nl80211_set_beacon(struct sk_buff * skb,struct genl_info * info)6382 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
6383 {
6384 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6385 struct cfg80211_beaconing_check_config beacon_check = {};
6386 unsigned int link_id = nl80211_link_id(info->attrs);
6387 struct net_device *dev = info->user_ptr[1];
6388 struct wireless_dev *wdev = dev->ieee80211_ptr;
6389 struct cfg80211_ap_update *params;
6390 struct nlattr *attr;
6391 int err;
6392
6393 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6394 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6395 return -EOPNOTSUPP;
6396
6397 if (!rdev->ops->change_beacon)
6398 return -EOPNOTSUPP;
6399
6400 if (!wdev->links[link_id].ap.beacon_interval)
6401 return -EINVAL;
6402
6403 params = kzalloc(sizeof(*params), GFP_KERNEL);
6404 if (!params)
6405 return -ENOMEM;
6406
6407 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6408 info->extack);
6409 if (err)
6410 goto out;
6411
6412 /* recheck beaconing is permitted with possibly changed power type */
6413 beacon_check.iftype = wdev->iftype;
6414 beacon_check.relax = true;
6415 beacon_check.reg_power =
6416 cfg80211_get_6ghz_power_type(params->beacon.tail,
6417 params->beacon.tail_len);
6418 if (!cfg80211_reg_check_beaconing(&rdev->wiphy,
6419 &wdev->links[link_id].ap.chandef,
6420 &beacon_check)) {
6421 err = -EINVAL;
6422 goto out;
6423 }
6424
6425 attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
6426 if (attr) {
6427 err = nl80211_parse_fils_discovery(rdev, attr,
6428 ¶ms->fils_discovery);
6429 if (err)
6430 goto out;
6431 }
6432
6433 attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
6434 if (attr) {
6435 err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
6436 ¶ms->unsol_bcast_probe_resp);
6437 if (err)
6438 goto out;
6439 }
6440
6441 err = rdev_change_beacon(rdev, dev, params);
6442
6443 out:
6444 kfree(params->beacon.mbssid_ies);
6445 kfree(params->beacon.rnr_ies);
6446 kfree(params);
6447 return err;
6448 }
6449
nl80211_stop_ap(struct sk_buff * skb,struct genl_info * info)6450 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
6451 {
6452 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6453 unsigned int link_id = nl80211_link_id(info->attrs);
6454 struct net_device *dev = info->user_ptr[1];
6455
6456 return cfg80211_stop_ap(rdev, dev, link_id, false);
6457 }
6458
6459 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
6460 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
6461 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
6462 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
6463 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
6464 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
6465 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
6466 };
6467
parse_station_flags(struct genl_info * info,enum nl80211_iftype iftype,struct station_parameters * params)6468 static int parse_station_flags(struct genl_info *info,
6469 enum nl80211_iftype iftype,
6470 struct station_parameters *params)
6471 {
6472 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
6473 struct nlattr *nla;
6474 int flag;
6475
6476 /*
6477 * Try parsing the new attribute first so userspace
6478 * can specify both for older kernels.
6479 */
6480 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
6481 if (nla) {
6482 struct nl80211_sta_flag_update *sta_flags;
6483
6484 sta_flags = nla_data(nla);
6485 params->sta_flags_mask = sta_flags->mask;
6486 params->sta_flags_set = sta_flags->set;
6487 params->sta_flags_set &= params->sta_flags_mask;
6488 if ((params->sta_flags_mask |
6489 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
6490 return -EINVAL;
6491 return 0;
6492 }
6493
6494 /* if present, parse the old attribute */
6495
6496 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
6497 if (!nla)
6498 return 0;
6499
6500 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
6501 return -EINVAL;
6502
6503 /*
6504 * Only allow certain flags for interface types so that
6505 * other attributes are silently ignored. Remember that
6506 * this is backward compatibility code with old userspace
6507 * and shouldn't be hit in other cases anyway.
6508 */
6509 switch (iftype) {
6510 case NL80211_IFTYPE_AP:
6511 case NL80211_IFTYPE_AP_VLAN:
6512 case NL80211_IFTYPE_P2P_GO:
6513 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6514 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6515 BIT(NL80211_STA_FLAG_WME) |
6516 BIT(NL80211_STA_FLAG_MFP);
6517 break;
6518 case NL80211_IFTYPE_P2P_CLIENT:
6519 case NL80211_IFTYPE_STATION:
6520 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6521 BIT(NL80211_STA_FLAG_TDLS_PEER);
6522 break;
6523 case NL80211_IFTYPE_MESH_POINT:
6524 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6525 BIT(NL80211_STA_FLAG_MFP) |
6526 BIT(NL80211_STA_FLAG_AUTHORIZED);
6527 break;
6528 default:
6529 return -EINVAL;
6530 }
6531
6532 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
6533 if (flags[flag]) {
6534 params->sta_flags_set |= (1<<flag);
6535
6536 /* no longer support new API additions in old API */
6537 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
6538 return -EINVAL;
6539 }
6540 }
6541
6542 return 0;
6543 }
6544
nl80211_put_sta_rate(struct sk_buff * msg,struct rate_info * info,int attr)6545 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
6546 {
6547 struct nlattr *rate;
6548 u32 bitrate;
6549 u16 bitrate_compat;
6550 enum nl80211_rate_info rate_flg;
6551
6552 rate = nla_nest_start_noflag(msg, attr);
6553 if (!rate)
6554 return false;
6555
6556 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
6557 bitrate = cfg80211_calculate_bitrate(info);
6558 /* report 16-bit bitrate only if we can */
6559 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
6560 if (bitrate > 0 &&
6561 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
6562 return false;
6563 if (bitrate_compat > 0 &&
6564 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
6565 return false;
6566
6567 switch (info->bw) {
6568 case RATE_INFO_BW_1:
6569 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
6570 break;
6571 case RATE_INFO_BW_2:
6572 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
6573 break;
6574 case RATE_INFO_BW_4:
6575 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
6576 break;
6577 case RATE_INFO_BW_5:
6578 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
6579 break;
6580 case RATE_INFO_BW_8:
6581 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
6582 break;
6583 case RATE_INFO_BW_10:
6584 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
6585 break;
6586 case RATE_INFO_BW_16:
6587 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
6588 break;
6589 default:
6590 WARN_ON(1);
6591 fallthrough;
6592 case RATE_INFO_BW_20:
6593 rate_flg = 0;
6594 break;
6595 case RATE_INFO_BW_40:
6596 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
6597 break;
6598 case RATE_INFO_BW_80:
6599 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
6600 break;
6601 case RATE_INFO_BW_160:
6602 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
6603 break;
6604 case RATE_INFO_BW_HE_RU:
6605 rate_flg = 0;
6606 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
6607 break;
6608 case RATE_INFO_BW_320:
6609 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
6610 break;
6611 case RATE_INFO_BW_EHT_RU:
6612 rate_flg = 0;
6613 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS));
6614 break;
6615 }
6616
6617 if (rate_flg && nla_put_flag(msg, rate_flg))
6618 return false;
6619
6620 if (info->flags & RATE_INFO_FLAGS_MCS) {
6621 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
6622 return false;
6623 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6624 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6625 return false;
6626 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
6627 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
6628 return false;
6629 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
6630 return false;
6631 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6632 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6633 return false;
6634 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
6635 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
6636 return false;
6637 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
6638 return false;
6639 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
6640 return false;
6641 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
6642 return false;
6643 if (info->bw == RATE_INFO_BW_HE_RU &&
6644 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
6645 info->he_ru_alloc))
6646 return false;
6647 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
6648 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
6649 return false;
6650 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
6651 return false;
6652 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6653 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6654 return false;
6655 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
6656 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
6657 return false;
6658 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
6659 return false;
6660 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
6661 return false;
6662 if (info->bw == RATE_INFO_BW_EHT_RU &&
6663 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
6664 info->eht_ru_alloc))
6665 return false;
6666 }
6667
6668 nla_nest_end(msg, rate);
6669 return true;
6670 }
6671
nl80211_put_signal(struct sk_buff * msg,u8 mask,s8 * signal,int id)6672 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
6673 int id)
6674 {
6675 void *attr;
6676 int i = 0;
6677
6678 if (!mask)
6679 return true;
6680
6681 attr = nla_nest_start_noflag(msg, id);
6682 if (!attr)
6683 return false;
6684
6685 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
6686 if (!(mask & BIT(i)))
6687 continue;
6688
6689 if (nla_put_u8(msg, i, signal[i]))
6690 return false;
6691 }
6692
6693 nla_nest_end(msg, attr);
6694
6695 return true;
6696 }
6697
nl80211_send_station(struct sk_buff * msg,u32 cmd,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo)6698 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
6699 u32 seq, int flags,
6700 struct cfg80211_registered_device *rdev,
6701 struct net_device *dev,
6702 const u8 *mac_addr, struct station_info *sinfo)
6703 {
6704 void *hdr;
6705 struct nlattr *sinfoattr, *bss_param;
6706
6707 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
6708 if (!hdr) {
6709 cfg80211_sinfo_release_content(sinfo);
6710 return -1;
6711 }
6712
6713 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6714 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
6715 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
6716 goto nla_put_failure;
6717
6718 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
6719 if (!sinfoattr)
6720 goto nla_put_failure;
6721
6722 #define PUT_SINFO(attr, memb, type) do { \
6723 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
6724 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6725 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
6726 sinfo->memb)) \
6727 goto nla_put_failure; \
6728 } while (0)
6729 #define PUT_SINFO_U64(attr, memb) do { \
6730 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6731 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
6732 sinfo->memb, NL80211_STA_INFO_PAD)) \
6733 goto nla_put_failure; \
6734 } while (0)
6735
6736 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
6737 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
6738 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
6739
6740 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
6741 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
6742 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
6743 (u32)sinfo->rx_bytes))
6744 goto nla_put_failure;
6745
6746 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
6747 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
6748 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
6749 (u32)sinfo->tx_bytes))
6750 goto nla_put_failure;
6751
6752 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
6753 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
6754 PUT_SINFO(LLID, llid, u16);
6755 PUT_SINFO(PLID, plid, u16);
6756 PUT_SINFO(PLINK_STATE, plink_state, u8);
6757 PUT_SINFO_U64(RX_DURATION, rx_duration);
6758 PUT_SINFO_U64(TX_DURATION, tx_duration);
6759
6760 if (wiphy_ext_feature_isset(&rdev->wiphy,
6761 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6762 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
6763
6764 switch (rdev->wiphy.signal_type) {
6765 case CFG80211_SIGNAL_TYPE_MBM:
6766 PUT_SINFO(SIGNAL, signal, u8);
6767 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
6768 break;
6769 default:
6770 break;
6771 }
6772 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
6773 if (!nl80211_put_signal(msg, sinfo->chains,
6774 sinfo->chain_signal,
6775 NL80211_STA_INFO_CHAIN_SIGNAL))
6776 goto nla_put_failure;
6777 }
6778 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
6779 if (!nl80211_put_signal(msg, sinfo->chains,
6780 sinfo->chain_signal_avg,
6781 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
6782 goto nla_put_failure;
6783 }
6784 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
6785 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
6786 NL80211_STA_INFO_TX_BITRATE))
6787 goto nla_put_failure;
6788 }
6789 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
6790 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
6791 NL80211_STA_INFO_RX_BITRATE))
6792 goto nla_put_failure;
6793 }
6794
6795 PUT_SINFO(RX_PACKETS, rx_packets, u32);
6796 PUT_SINFO(TX_PACKETS, tx_packets, u32);
6797 PUT_SINFO(TX_RETRIES, tx_retries, u32);
6798 PUT_SINFO(TX_FAILED, tx_failed, u32);
6799 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
6800 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
6801 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
6802 PUT_SINFO(LOCAL_PM, local_pm, u32);
6803 PUT_SINFO(PEER_PM, peer_pm, u32);
6804 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
6805 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
6806 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
6807
6808 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
6809 bss_param = nla_nest_start_noflag(msg,
6810 NL80211_STA_INFO_BSS_PARAM);
6811 if (!bss_param)
6812 goto nla_put_failure;
6813
6814 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
6815 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
6816 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
6817 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
6818 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
6819 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
6820 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
6821 sinfo->bss_param.dtim_period) ||
6822 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
6823 sinfo->bss_param.beacon_interval))
6824 goto nla_put_failure;
6825
6826 nla_nest_end(msg, bss_param);
6827 }
6828 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
6829 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
6830 sizeof(struct nl80211_sta_flag_update),
6831 &sinfo->sta_flags))
6832 goto nla_put_failure;
6833
6834 PUT_SINFO_U64(T_OFFSET, t_offset);
6835 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
6836 PUT_SINFO_U64(BEACON_RX, rx_beacon);
6837 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
6838 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
6839 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
6840 if (wiphy_ext_feature_isset(&rdev->wiphy,
6841 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
6842 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
6843 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
6844 }
6845
6846 #undef PUT_SINFO
6847 #undef PUT_SINFO_U64
6848
6849 if (sinfo->pertid) {
6850 struct nlattr *tidsattr;
6851 int tid;
6852
6853 tidsattr = nla_nest_start_noflag(msg,
6854 NL80211_STA_INFO_TID_STATS);
6855 if (!tidsattr)
6856 goto nla_put_failure;
6857
6858 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
6859 struct cfg80211_tid_stats *tidstats;
6860 struct nlattr *tidattr;
6861
6862 tidstats = &sinfo->pertid[tid];
6863
6864 if (!tidstats->filled)
6865 continue;
6866
6867 tidattr = nla_nest_start_noflag(msg, tid + 1);
6868 if (!tidattr)
6869 goto nla_put_failure;
6870
6871 #define PUT_TIDVAL_U64(attr, memb) do { \
6872 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
6873 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
6874 tidstats->memb, NL80211_TID_STATS_PAD)) \
6875 goto nla_put_failure; \
6876 } while (0)
6877
6878 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
6879 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
6880 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
6881 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
6882
6883 #undef PUT_TIDVAL_U64
6884 if ((tidstats->filled &
6885 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
6886 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
6887 NL80211_TID_STATS_TXQ_STATS))
6888 goto nla_put_failure;
6889
6890 nla_nest_end(msg, tidattr);
6891 }
6892
6893 nla_nest_end(msg, tidsattr);
6894 }
6895
6896 nla_nest_end(msg, sinfoattr);
6897
6898 if (sinfo->assoc_req_ies_len &&
6899 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
6900 sinfo->assoc_req_ies))
6901 goto nla_put_failure;
6902
6903 if (sinfo->assoc_resp_ies_len &&
6904 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
6905 sinfo->assoc_resp_ies))
6906 goto nla_put_failure;
6907
6908 if (sinfo->mlo_params_valid) {
6909 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
6910 sinfo->assoc_link_id))
6911 goto nla_put_failure;
6912
6913 if (!is_zero_ether_addr(sinfo->mld_addr) &&
6914 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
6915 sinfo->mld_addr))
6916 goto nla_put_failure;
6917 }
6918
6919 cfg80211_sinfo_release_content(sinfo);
6920 genlmsg_end(msg, hdr);
6921 return 0;
6922
6923 nla_put_failure:
6924 cfg80211_sinfo_release_content(sinfo);
6925 genlmsg_cancel(msg, hdr);
6926 return -EMSGSIZE;
6927 }
6928
nl80211_dump_station(struct sk_buff * skb,struct netlink_callback * cb)6929 static int nl80211_dump_station(struct sk_buff *skb,
6930 struct netlink_callback *cb)
6931 {
6932 struct station_info sinfo;
6933 struct cfg80211_registered_device *rdev;
6934 struct wireless_dev *wdev;
6935 u8 mac_addr[ETH_ALEN];
6936 int sta_idx = cb->args[2];
6937 int err;
6938
6939 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
6940 if (err)
6941 return err;
6942 /* nl80211_prepare_wdev_dump acquired it in the successful case */
6943 __acquire(&rdev->wiphy.mtx);
6944
6945 if (!wdev->netdev) {
6946 err = -EINVAL;
6947 goto out_err;
6948 }
6949
6950 if (!rdev->ops->dump_station) {
6951 err = -EOPNOTSUPP;
6952 goto out_err;
6953 }
6954
6955 while (1) {
6956 memset(&sinfo, 0, sizeof(sinfo));
6957 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
6958 mac_addr, &sinfo);
6959 if (err == -ENOENT)
6960 break;
6961 if (err)
6962 goto out_err;
6963
6964 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6965 NETLINK_CB(cb->skb).portid,
6966 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6967 rdev, wdev->netdev, mac_addr,
6968 &sinfo) < 0)
6969 goto out;
6970
6971 sta_idx++;
6972 }
6973
6974 out:
6975 cb->args[2] = sta_idx;
6976 err = skb->len;
6977 out_err:
6978 wiphy_unlock(&rdev->wiphy);
6979
6980 return err;
6981 }
6982
nl80211_get_station(struct sk_buff * skb,struct genl_info * info)6983 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6984 {
6985 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6986 struct net_device *dev = info->user_ptr[1];
6987 struct station_info sinfo;
6988 struct sk_buff *msg;
6989 u8 *mac_addr = NULL;
6990 int err;
6991
6992 memset(&sinfo, 0, sizeof(sinfo));
6993
6994 if (!info->attrs[NL80211_ATTR_MAC])
6995 return -EINVAL;
6996
6997 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6998
6999 if (!rdev->ops->get_station)
7000 return -EOPNOTSUPP;
7001
7002 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
7003 if (err)
7004 return err;
7005
7006 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7007 if (!msg) {
7008 cfg80211_sinfo_release_content(&sinfo);
7009 return -ENOMEM;
7010 }
7011
7012 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
7013 info->snd_portid, info->snd_seq, 0,
7014 rdev, dev, mac_addr, &sinfo) < 0) {
7015 nlmsg_free(msg);
7016 return -ENOBUFS;
7017 }
7018
7019 return genlmsg_reply(msg, info);
7020 }
7021
cfg80211_check_station_change(struct wiphy * wiphy,struct station_parameters * params,enum cfg80211_station_type statype)7022 int cfg80211_check_station_change(struct wiphy *wiphy,
7023 struct station_parameters *params,
7024 enum cfg80211_station_type statype)
7025 {
7026 if (params->listen_interval != -1 &&
7027 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7028 return -EINVAL;
7029
7030 if (params->support_p2p_ps != -1 &&
7031 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7032 return -EINVAL;
7033
7034 if (params->aid &&
7035 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
7036 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7037 return -EINVAL;
7038
7039 /* When you run into this, adjust the code below for the new flag */
7040 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7041
7042 switch (statype) {
7043 case CFG80211_STA_MESH_PEER_KERNEL:
7044 case CFG80211_STA_MESH_PEER_USER:
7045 /*
7046 * No ignoring the TDLS flag here -- the userspace mesh
7047 * code doesn't have the bug of including TDLS in the
7048 * mask everywhere.
7049 */
7050 if (params->sta_flags_mask &
7051 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7052 BIT(NL80211_STA_FLAG_MFP) |
7053 BIT(NL80211_STA_FLAG_AUTHORIZED)))
7054 return -EINVAL;
7055 break;
7056 case CFG80211_STA_TDLS_PEER_SETUP:
7057 case CFG80211_STA_TDLS_PEER_ACTIVE:
7058 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7059 return -EINVAL;
7060 /* ignore since it can't change */
7061 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7062 break;
7063 default:
7064 /* disallow mesh-specific things */
7065 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
7066 return -EINVAL;
7067 if (params->local_pm)
7068 return -EINVAL;
7069 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7070 return -EINVAL;
7071 }
7072
7073 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7074 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
7075 /* TDLS can't be set, ... */
7076 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
7077 return -EINVAL;
7078 /*
7079 * ... but don't bother the driver with it. This works around
7080 * a hostapd/wpa_supplicant issue -- it always includes the
7081 * TLDS_PEER flag in the mask even for AP mode.
7082 */
7083 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7084 }
7085
7086 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7087 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7088 /* reject other things that can't change */
7089 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
7090 return -EINVAL;
7091 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
7092 return -EINVAL;
7093 if (params->link_sta_params.supported_rates)
7094 return -EINVAL;
7095 if (params->ext_capab || params->link_sta_params.ht_capa ||
7096 params->link_sta_params.vht_capa ||
7097 params->link_sta_params.he_capa ||
7098 params->link_sta_params.eht_capa)
7099 return -EINVAL;
7100 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7101 return -EINVAL;
7102 }
7103
7104 if (statype != CFG80211_STA_AP_CLIENT &&
7105 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7106 if (params->vlan)
7107 return -EINVAL;
7108 }
7109
7110 switch (statype) {
7111 case CFG80211_STA_AP_MLME_CLIENT:
7112 /* Use this only for authorizing/unauthorizing a station */
7113 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
7114 return -EOPNOTSUPP;
7115 break;
7116 case CFG80211_STA_AP_CLIENT:
7117 case CFG80211_STA_AP_CLIENT_UNASSOC:
7118 /* accept only the listed bits */
7119 if (params->sta_flags_mask &
7120 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7121 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7122 BIT(NL80211_STA_FLAG_ASSOCIATED) |
7123 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
7124 BIT(NL80211_STA_FLAG_WME) |
7125 BIT(NL80211_STA_FLAG_MFP) |
7126 BIT(NL80211_STA_FLAG_SPP_AMSDU)))
7127 return -EINVAL;
7128
7129 /* but authenticated/associated only if driver handles it */
7130 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7131 params->sta_flags_mask &
7132 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7133 BIT(NL80211_STA_FLAG_ASSOCIATED)))
7134 return -EINVAL;
7135 break;
7136 case CFG80211_STA_IBSS:
7137 case CFG80211_STA_AP_STA:
7138 /* reject any changes other than AUTHORIZED */
7139 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
7140 return -EINVAL;
7141 break;
7142 case CFG80211_STA_TDLS_PEER_SETUP:
7143 /* reject any changes other than AUTHORIZED or WME */
7144 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7145 BIT(NL80211_STA_FLAG_WME)))
7146 return -EINVAL;
7147 /* force (at least) rates when authorizing */
7148 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
7149 !params->link_sta_params.supported_rates)
7150 return -EINVAL;
7151 break;
7152 case CFG80211_STA_TDLS_PEER_ACTIVE:
7153 /* reject any changes */
7154 return -EINVAL;
7155 case CFG80211_STA_MESH_PEER_KERNEL:
7156 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7157 return -EINVAL;
7158 break;
7159 case CFG80211_STA_MESH_PEER_USER:
7160 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
7161 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
7162 return -EINVAL;
7163 break;
7164 }
7165
7166 /*
7167 * Older kernel versions ignored this attribute entirely, so don't
7168 * reject attempts to update it but mark it as unused instead so the
7169 * driver won't look at the data.
7170 */
7171 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
7172 statype != CFG80211_STA_TDLS_PEER_SETUP)
7173 params->link_sta_params.opmode_notif_used = false;
7174
7175 return 0;
7176 }
7177 EXPORT_SYMBOL(cfg80211_check_station_change);
7178
7179 /*
7180 * Get vlan interface making sure it is running and on the right wiphy.
7181 */
get_vlan(struct genl_info * info,struct cfg80211_registered_device * rdev)7182 static struct net_device *get_vlan(struct genl_info *info,
7183 struct cfg80211_registered_device *rdev)
7184 {
7185 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
7186 struct net_device *v;
7187 int ret;
7188
7189 if (!vlanattr)
7190 return NULL;
7191
7192 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
7193 if (!v)
7194 return ERR_PTR(-ENODEV);
7195
7196 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
7197 ret = -EINVAL;
7198 goto error;
7199 }
7200
7201 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
7202 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7203 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7204 ret = -EINVAL;
7205 goto error;
7206 }
7207
7208 if (!netif_running(v)) {
7209 ret = -ENETDOWN;
7210 goto error;
7211 }
7212
7213 return v;
7214 error:
7215 dev_put(v);
7216 return ERR_PTR(ret);
7217 }
7218
nl80211_parse_sta_wme(struct genl_info * info,struct station_parameters * params)7219 static int nl80211_parse_sta_wme(struct genl_info *info,
7220 struct station_parameters *params)
7221 {
7222 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
7223 struct nlattr *nla;
7224 int err;
7225
7226 /* parse WME attributes if present */
7227 if (!info->attrs[NL80211_ATTR_STA_WME])
7228 return 0;
7229
7230 nla = info->attrs[NL80211_ATTR_STA_WME];
7231 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
7232 nl80211_sta_wme_policy,
7233 info->extack);
7234 if (err)
7235 return err;
7236
7237 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
7238 params->uapsd_queues = nla_get_u8(
7239 tb[NL80211_STA_WME_UAPSD_QUEUES]);
7240 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
7241 return -EINVAL;
7242
7243 if (tb[NL80211_STA_WME_MAX_SP])
7244 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
7245
7246 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
7247 return -EINVAL;
7248
7249 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
7250
7251 return 0;
7252 }
7253
nl80211_parse_sta_channel_info(struct genl_info * info,struct station_parameters * params)7254 static int nl80211_parse_sta_channel_info(struct genl_info *info,
7255 struct station_parameters *params)
7256 {
7257 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
7258 params->supported_channels =
7259 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7260 params->supported_channels_len =
7261 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7262 /*
7263 * Need to include at least one (first channel, number of
7264 * channels) tuple for each subband (checked in policy),
7265 * and must have proper tuples for the rest of the data as well.
7266 */
7267 if (params->supported_channels_len % 2)
7268 return -EINVAL;
7269 }
7270
7271 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
7272 params->supported_oper_classes =
7273 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7274 params->supported_oper_classes_len =
7275 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7276 }
7277 return 0;
7278 }
7279
nl80211_set_station_tdls(struct genl_info * info,struct station_parameters * params)7280 static int nl80211_set_station_tdls(struct genl_info *info,
7281 struct station_parameters *params)
7282 {
7283 int err;
7284 /* Dummy STA entry gets updated once the peer capabilities are known */
7285 if (info->attrs[NL80211_ATTR_PEER_AID])
7286 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7287 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7288 params->link_sta_params.ht_capa =
7289 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7290 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7291 params->link_sta_params.vht_capa =
7292 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7293 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7294 params->link_sta_params.he_capa =
7295 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7296 params->link_sta_params.he_capa_len =
7297 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7298
7299 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7300 params->link_sta_params.eht_capa =
7301 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7302 params->link_sta_params.eht_capa_len =
7303 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7304
7305 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
7306 (const u8 *)params->link_sta_params.eht_capa,
7307 params->link_sta_params.eht_capa_len,
7308 false))
7309 return -EINVAL;
7310 }
7311 }
7312
7313 err = nl80211_parse_sta_channel_info(info, params);
7314 if (err)
7315 return err;
7316
7317 return nl80211_parse_sta_wme(info, params);
7318 }
7319
nl80211_parse_sta_txpower_setting(struct genl_info * info,struct sta_txpwr * txpwr,bool * txpwr_set)7320 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
7321 struct sta_txpwr *txpwr,
7322 bool *txpwr_set)
7323 {
7324 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7325 int idx;
7326
7327 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
7328 if (!rdev->ops->set_tx_power ||
7329 !wiphy_ext_feature_isset(&rdev->wiphy,
7330 NL80211_EXT_FEATURE_STA_TX_PWR))
7331 return -EOPNOTSUPP;
7332
7333 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
7334 txpwr->type = nla_get_u8(info->attrs[idx]);
7335
7336 if (txpwr->type == NL80211_TX_POWER_LIMITED) {
7337 idx = NL80211_ATTR_STA_TX_POWER;
7338
7339 if (info->attrs[idx])
7340 txpwr->power = nla_get_s16(info->attrs[idx]);
7341 else
7342 return -EINVAL;
7343 }
7344
7345 *txpwr_set = true;
7346 } else {
7347 *txpwr_set = false;
7348 }
7349
7350 return 0;
7351 }
7352
nl80211_set_station(struct sk_buff * skb,struct genl_info * info)7353 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
7354 {
7355 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7356 struct net_device *dev = info->user_ptr[1];
7357 struct station_parameters params;
7358 u8 *mac_addr;
7359 int err;
7360
7361 memset(¶ms, 0, sizeof(params));
7362
7363 if (!rdev->ops->change_station)
7364 return -EOPNOTSUPP;
7365
7366 /*
7367 * AID and listen_interval properties can be set only for unassociated
7368 * station. Include these parameters here and will check them in
7369 * cfg80211_check_station_change().
7370 */
7371 if (info->attrs[NL80211_ATTR_STA_AID])
7372 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7373
7374 if (info->attrs[NL80211_ATTR_VLAN_ID])
7375 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7376
7377 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7378 params.listen_interval =
7379 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7380 else
7381 params.listen_interval = -1;
7382
7383 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
7384 params.support_p2p_ps =
7385 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7386 else
7387 params.support_p2p_ps = -1;
7388
7389 if (!info->attrs[NL80211_ATTR_MAC])
7390 return -EINVAL;
7391
7392 params.link_sta_params.link_id =
7393 nl80211_link_id_or_invalid(info->attrs);
7394
7395 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7396 /* If MLD_ADDR attribute is set then this is an MLD station
7397 * and the MLD_ADDR attribute holds the MLD address and the
7398 * MAC attribute holds for the LINK address.
7399 * In that case, the link_id is also expected to be valid.
7400 */
7401 if (params.link_sta_params.link_id < 0)
7402 return -EINVAL;
7403
7404 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7405 params.link_sta_params.mld_mac = mac_addr;
7406 params.link_sta_params.link_mac =
7407 nla_data(info->attrs[NL80211_ATTR_MAC]);
7408 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7409 return -EINVAL;
7410 } else {
7411 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7412 }
7413
7414
7415 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
7416 params.link_sta_params.supported_rates =
7417 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7418 params.link_sta_params.supported_rates_len =
7419 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7420 }
7421
7422 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7423 params.capability =
7424 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7425 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7426 }
7427
7428 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7429 params.ext_capab =
7430 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7431 params.ext_capab_len =
7432 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7433 }
7434
7435 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
7436 return -EINVAL;
7437
7438 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7439 params.plink_action =
7440 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7441
7442 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
7443 params.plink_state =
7444 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
7445 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
7446 params.peer_aid = nla_get_u16(
7447 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
7448 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
7449 }
7450
7451 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
7452 params.local_pm = nla_get_u32(
7453 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
7454
7455 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7456 params.link_sta_params.opmode_notif_used = true;
7457 params.link_sta_params.opmode_notif =
7458 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7459 }
7460
7461 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7462 params.link_sta_params.he_6ghz_capa =
7463 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7464
7465 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7466 params.airtime_weight =
7467 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7468
7469 if (params.airtime_weight &&
7470 !wiphy_ext_feature_isset(&rdev->wiphy,
7471 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7472 return -EOPNOTSUPP;
7473
7474 err = nl80211_parse_sta_txpower_setting(info,
7475 ¶ms.link_sta_params.txpwr,
7476 ¶ms.link_sta_params.txpwr_set);
7477 if (err)
7478 return err;
7479
7480 /* Include parameters for TDLS peer (will check later) */
7481 err = nl80211_set_station_tdls(info, ¶ms);
7482 if (err)
7483 return err;
7484
7485 params.vlan = get_vlan(info, rdev);
7486 if (IS_ERR(params.vlan))
7487 return PTR_ERR(params.vlan);
7488
7489 switch (dev->ieee80211_ptr->iftype) {
7490 case NL80211_IFTYPE_AP:
7491 case NL80211_IFTYPE_AP_VLAN:
7492 case NL80211_IFTYPE_P2P_GO:
7493 case NL80211_IFTYPE_P2P_CLIENT:
7494 case NL80211_IFTYPE_STATION:
7495 case NL80211_IFTYPE_ADHOC:
7496 case NL80211_IFTYPE_MESH_POINT:
7497 break;
7498 default:
7499 err = -EOPNOTSUPP;
7500 goto out_put_vlan;
7501 }
7502
7503 /* driver will call cfg80211_check_station_change() */
7504 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
7505
7506 out_put_vlan:
7507 dev_put(params.vlan);
7508
7509 return err;
7510 }
7511
nl80211_new_station(struct sk_buff * skb,struct genl_info * info)7512 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
7513 {
7514 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7515 int err;
7516 struct net_device *dev = info->user_ptr[1];
7517 struct wireless_dev *wdev = dev->ieee80211_ptr;
7518 struct station_parameters params;
7519 u8 *mac_addr = NULL;
7520 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7521 BIT(NL80211_STA_FLAG_ASSOCIATED);
7522
7523 memset(¶ms, 0, sizeof(params));
7524
7525 if (!rdev->ops->add_station)
7526 return -EOPNOTSUPP;
7527
7528 if (!info->attrs[NL80211_ATTR_MAC])
7529 return -EINVAL;
7530
7531 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7532 return -EINVAL;
7533
7534 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
7535 return -EINVAL;
7536
7537 if (!info->attrs[NL80211_ATTR_STA_AID] &&
7538 !info->attrs[NL80211_ATTR_PEER_AID])
7539 return -EINVAL;
7540
7541 params.link_sta_params.link_id =
7542 nl80211_link_id_or_invalid(info->attrs);
7543
7544 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7545 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7546 params.link_sta_params.mld_mac = mac_addr;
7547 params.link_sta_params.link_mac =
7548 nla_data(info->attrs[NL80211_ATTR_MAC]);
7549 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7550 return -EINVAL;
7551 } else {
7552 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7553 }
7554
7555 params.link_sta_params.supported_rates =
7556 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7557 params.link_sta_params.supported_rates_len =
7558 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7559 params.listen_interval =
7560 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7561
7562 if (info->attrs[NL80211_ATTR_VLAN_ID])
7563 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7564
7565 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
7566 params.support_p2p_ps =
7567 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7568 } else {
7569 /*
7570 * if not specified, assume it's supported for P2P GO interface,
7571 * and is NOT supported for AP interface
7572 */
7573 params.support_p2p_ps =
7574 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
7575 }
7576
7577 if (info->attrs[NL80211_ATTR_PEER_AID])
7578 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7579 else
7580 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7581
7582 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7583 params.capability =
7584 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7585 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7586 }
7587
7588 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7589 params.ext_capab =
7590 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7591 params.ext_capab_len =
7592 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7593 }
7594
7595 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7596 params.link_sta_params.ht_capa =
7597 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7598
7599 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7600 params.link_sta_params.vht_capa =
7601 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7602
7603 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7604 params.link_sta_params.he_capa =
7605 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7606 params.link_sta_params.he_capa_len =
7607 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7608
7609 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7610 params.link_sta_params.eht_capa =
7611 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7612 params.link_sta_params.eht_capa_len =
7613 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7614
7615 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
7616 (const u8 *)params.link_sta_params.eht_capa,
7617 params.link_sta_params.eht_capa_len,
7618 false))
7619 return -EINVAL;
7620 }
7621 }
7622
7623 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7624 params.link_sta_params.he_6ghz_capa =
7625 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7626
7627 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7628 params.link_sta_params.opmode_notif_used = true;
7629 params.link_sta_params.opmode_notif =
7630 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7631 }
7632
7633 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7634 params.plink_action =
7635 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7636
7637 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7638 params.airtime_weight =
7639 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7640
7641 if (params.airtime_weight &&
7642 !wiphy_ext_feature_isset(&rdev->wiphy,
7643 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7644 return -EOPNOTSUPP;
7645
7646 err = nl80211_parse_sta_txpower_setting(info,
7647 ¶ms.link_sta_params.txpwr,
7648 ¶ms.link_sta_params.txpwr_set);
7649 if (err)
7650 return err;
7651
7652 err = nl80211_parse_sta_channel_info(info, ¶ms);
7653 if (err)
7654 return err;
7655
7656 err = nl80211_parse_sta_wme(info, ¶ms);
7657 if (err)
7658 return err;
7659
7660 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
7661 return -EINVAL;
7662
7663 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
7664 * as userspace might just pass through the capabilities from the IEs
7665 * directly, rather than enforcing this restriction and returning an
7666 * error in this case.
7667 */
7668 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
7669 params.link_sta_params.ht_capa = NULL;
7670 params.link_sta_params.vht_capa = NULL;
7671
7672 /* HE and EHT require WME */
7673 if (params.link_sta_params.he_capa_len ||
7674 params.link_sta_params.he_6ghz_capa ||
7675 params.link_sta_params.eht_capa_len)
7676 return -EINVAL;
7677 }
7678
7679 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
7680 if (params.link_sta_params.he_6ghz_capa &&
7681 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
7682 return -EINVAL;
7683
7684 /* When you run into this, adjust the code below for the new flag */
7685 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7686
7687 switch (dev->ieee80211_ptr->iftype) {
7688 case NL80211_IFTYPE_AP:
7689 case NL80211_IFTYPE_AP_VLAN:
7690 case NL80211_IFTYPE_P2P_GO:
7691 /* ignore WME attributes if iface/sta is not capable */
7692 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
7693 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
7694 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7695
7696 /* TDLS peers cannot be added */
7697 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7698 info->attrs[NL80211_ATTR_PEER_AID])
7699 return -EINVAL;
7700 /* but don't bother the driver with it */
7701 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7702
7703 /* allow authenticated/associated only if driver handles it */
7704 if (!(rdev->wiphy.features &
7705 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7706 params.sta_flags_mask & auth_assoc)
7707 return -EINVAL;
7708
7709 if (!wiphy_ext_feature_isset(&rdev->wiphy,
7710 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
7711 params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7712 return -EINVAL;
7713
7714 /* Older userspace, or userspace wanting to be compatible with
7715 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
7716 * and assoc flags in the mask, but assumes the station will be
7717 * added as associated anyway since this was the required driver
7718 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
7719 * introduced.
7720 * In order to not bother drivers with this quirk in the API
7721 * set the flags in both the mask and set for new stations in
7722 * this case.
7723 */
7724 if (!(params.sta_flags_mask & auth_assoc)) {
7725 params.sta_flags_mask |= auth_assoc;
7726 params.sta_flags_set |= auth_assoc;
7727 }
7728
7729 /* must be last in here for error handling */
7730 params.vlan = get_vlan(info, rdev);
7731 if (IS_ERR(params.vlan))
7732 return PTR_ERR(params.vlan);
7733 break;
7734 case NL80211_IFTYPE_MESH_POINT:
7735 /* ignore uAPSD data */
7736 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7737
7738 /* associated is disallowed */
7739 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
7740 return -EINVAL;
7741 /* TDLS peers cannot be added */
7742 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7743 info->attrs[NL80211_ATTR_PEER_AID])
7744 return -EINVAL;
7745 break;
7746 case NL80211_IFTYPE_STATION:
7747 case NL80211_IFTYPE_P2P_CLIENT:
7748 /* ignore uAPSD data */
7749 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7750
7751 /* these are disallowed */
7752 if (params.sta_flags_mask &
7753 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
7754 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
7755 return -EINVAL;
7756 /* Only TDLS peers can be added */
7757 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7758 return -EINVAL;
7759 /* Can only add if TDLS ... */
7760 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
7761 return -EOPNOTSUPP;
7762 /* ... with external setup is supported */
7763 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
7764 return -EOPNOTSUPP;
7765 /*
7766 * Older wpa_supplicant versions always mark the TDLS peer
7767 * as authorized, but it shouldn't yet be.
7768 */
7769 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
7770 break;
7771 default:
7772 return -EOPNOTSUPP;
7773 }
7774
7775 /* be aware of params.vlan when changing code here */
7776
7777 if (wdev->valid_links) {
7778 if (params.link_sta_params.link_id < 0) {
7779 err = -EINVAL;
7780 goto out;
7781 }
7782 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
7783 err = -ENOLINK;
7784 goto out;
7785 }
7786 } else {
7787 if (params.link_sta_params.link_id >= 0) {
7788 err = -EINVAL;
7789 goto out;
7790 }
7791 }
7792 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
7793 out:
7794 dev_put(params.vlan);
7795 return err;
7796 }
7797
nl80211_del_station(struct sk_buff * skb,struct genl_info * info)7798 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
7799 {
7800 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7801 struct net_device *dev = info->user_ptr[1];
7802 struct wireless_dev *wdev = dev->ieee80211_ptr;
7803 struct station_del_parameters params;
7804 int link_id = nl80211_link_id_or_invalid(info->attrs);
7805
7806 memset(¶ms, 0, sizeof(params));
7807
7808 if (info->attrs[NL80211_ATTR_MAC])
7809 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
7810
7811 switch (wdev->iftype) {
7812 case NL80211_IFTYPE_AP:
7813 case NL80211_IFTYPE_AP_VLAN:
7814 case NL80211_IFTYPE_MESH_POINT:
7815 case NL80211_IFTYPE_P2P_GO:
7816 /* always accept these */
7817 break;
7818 case NL80211_IFTYPE_ADHOC:
7819 /* conditionally accept */
7820 if (wiphy_ext_feature_isset(&rdev->wiphy,
7821 NL80211_EXT_FEATURE_DEL_IBSS_STA))
7822 break;
7823 return -EINVAL;
7824 default:
7825 return -EINVAL;
7826 }
7827
7828 if (!rdev->ops->del_station)
7829 return -EOPNOTSUPP;
7830
7831 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
7832 params.subtype =
7833 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
7834 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
7835 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
7836 return -EINVAL;
7837 } else {
7838 /* Default to Deauthentication frame */
7839 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
7840 }
7841
7842 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
7843 params.reason_code =
7844 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7845 if (params.reason_code == 0)
7846 return -EINVAL; /* 0 is reserved */
7847 } else {
7848 /* Default to reason code 2 */
7849 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
7850 }
7851
7852 /* Link ID not expected in case of non-ML operation */
7853 if (!wdev->valid_links && link_id != -1)
7854 return -EINVAL;
7855
7856 /* If given, a valid link ID should be passed during MLO */
7857 if (wdev->valid_links && link_id >= 0 &&
7858 !(wdev->valid_links & BIT(link_id)))
7859 return -EINVAL;
7860
7861 params.link_id = link_id;
7862
7863 return rdev_del_station(rdev, dev, ¶ms);
7864 }
7865
nl80211_send_mpath(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,u8 * dst,u8 * next_hop,struct mpath_info * pinfo)7866 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
7867 int flags, struct net_device *dev,
7868 u8 *dst, u8 *next_hop,
7869 struct mpath_info *pinfo)
7870 {
7871 void *hdr;
7872 struct nlattr *pinfoattr;
7873
7874 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
7875 if (!hdr)
7876 return -1;
7877
7878 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7879 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
7880 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
7881 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
7882 goto nla_put_failure;
7883
7884 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
7885 if (!pinfoattr)
7886 goto nla_put_failure;
7887 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
7888 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
7889 pinfo->frame_qlen))
7890 goto nla_put_failure;
7891 if (((pinfo->filled & MPATH_INFO_SN) &&
7892 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
7893 ((pinfo->filled & MPATH_INFO_METRIC) &&
7894 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
7895 pinfo->metric)) ||
7896 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
7897 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
7898 pinfo->exptime)) ||
7899 ((pinfo->filled & MPATH_INFO_FLAGS) &&
7900 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
7901 pinfo->flags)) ||
7902 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
7903 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
7904 pinfo->discovery_timeout)) ||
7905 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
7906 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
7907 pinfo->discovery_retries)) ||
7908 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
7909 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
7910 pinfo->hop_count)) ||
7911 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
7912 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
7913 pinfo->path_change_count)))
7914 goto nla_put_failure;
7915
7916 nla_nest_end(msg, pinfoattr);
7917
7918 genlmsg_end(msg, hdr);
7919 return 0;
7920
7921 nla_put_failure:
7922 genlmsg_cancel(msg, hdr);
7923 return -EMSGSIZE;
7924 }
7925
nl80211_dump_mpath(struct sk_buff * skb,struct netlink_callback * cb)7926 static int nl80211_dump_mpath(struct sk_buff *skb,
7927 struct netlink_callback *cb)
7928 {
7929 struct mpath_info pinfo;
7930 struct cfg80211_registered_device *rdev;
7931 struct wireless_dev *wdev;
7932 u8 dst[ETH_ALEN];
7933 u8 next_hop[ETH_ALEN];
7934 int path_idx = cb->args[2];
7935 int err;
7936
7937 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
7938 if (err)
7939 return err;
7940 /* nl80211_prepare_wdev_dump acquired it in the successful case */
7941 __acquire(&rdev->wiphy.mtx);
7942
7943 if (!rdev->ops->dump_mpath) {
7944 err = -EOPNOTSUPP;
7945 goto out_err;
7946 }
7947
7948 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7949 err = -EOPNOTSUPP;
7950 goto out_err;
7951 }
7952
7953 while (1) {
7954 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
7955 next_hop, &pinfo);
7956 if (err == -ENOENT)
7957 break;
7958 if (err)
7959 goto out_err;
7960
7961 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7962 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7963 wdev->netdev, dst, next_hop,
7964 &pinfo) < 0)
7965 goto out;
7966
7967 path_idx++;
7968 }
7969
7970 out:
7971 cb->args[2] = path_idx;
7972 err = skb->len;
7973 out_err:
7974 wiphy_unlock(&rdev->wiphy);
7975 return err;
7976 }
7977
nl80211_get_mpath(struct sk_buff * skb,struct genl_info * info)7978 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
7979 {
7980 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7981 int err;
7982 struct net_device *dev = info->user_ptr[1];
7983 struct mpath_info pinfo;
7984 struct sk_buff *msg;
7985 u8 *dst = NULL;
7986 u8 next_hop[ETH_ALEN];
7987
7988 memset(&pinfo, 0, sizeof(pinfo));
7989
7990 if (!info->attrs[NL80211_ATTR_MAC])
7991 return -EINVAL;
7992
7993 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7994
7995 if (!rdev->ops->get_mpath)
7996 return -EOPNOTSUPP;
7997
7998 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7999 return -EOPNOTSUPP;
8000
8001 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
8002 if (err)
8003 return err;
8004
8005 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8006 if (!msg)
8007 return -ENOMEM;
8008
8009 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
8010 dev, dst, next_hop, &pinfo) < 0) {
8011 nlmsg_free(msg);
8012 return -ENOBUFS;
8013 }
8014
8015 return genlmsg_reply(msg, info);
8016 }
8017
nl80211_set_mpath(struct sk_buff * skb,struct genl_info * info)8018 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
8019 {
8020 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8021 struct net_device *dev = info->user_ptr[1];
8022 u8 *dst = NULL;
8023 u8 *next_hop = NULL;
8024
8025 if (!info->attrs[NL80211_ATTR_MAC])
8026 return -EINVAL;
8027
8028 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8029 return -EINVAL;
8030
8031 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8032 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8033
8034 if (!rdev->ops->change_mpath)
8035 return -EOPNOTSUPP;
8036
8037 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8038 return -EOPNOTSUPP;
8039
8040 return rdev_change_mpath(rdev, dev, dst, next_hop);
8041 }
8042
nl80211_new_mpath(struct sk_buff * skb,struct genl_info * info)8043 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
8044 {
8045 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8046 struct net_device *dev = info->user_ptr[1];
8047 u8 *dst = NULL;
8048 u8 *next_hop = NULL;
8049
8050 if (!info->attrs[NL80211_ATTR_MAC])
8051 return -EINVAL;
8052
8053 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8054 return -EINVAL;
8055
8056 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8057 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8058
8059 if (!rdev->ops->add_mpath)
8060 return -EOPNOTSUPP;
8061
8062 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8063 return -EOPNOTSUPP;
8064
8065 return rdev_add_mpath(rdev, dev, dst, next_hop);
8066 }
8067
nl80211_del_mpath(struct sk_buff * skb,struct genl_info * info)8068 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
8069 {
8070 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8071 struct net_device *dev = info->user_ptr[1];
8072 u8 *dst = NULL;
8073
8074 if (info->attrs[NL80211_ATTR_MAC])
8075 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8076
8077 if (!rdev->ops->del_mpath)
8078 return -EOPNOTSUPP;
8079
8080 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8081 return -EOPNOTSUPP;
8082
8083 return rdev_del_mpath(rdev, dev, dst);
8084 }
8085
nl80211_get_mpp(struct sk_buff * skb,struct genl_info * info)8086 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
8087 {
8088 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8089 int err;
8090 struct net_device *dev = info->user_ptr[1];
8091 struct mpath_info pinfo;
8092 struct sk_buff *msg;
8093 u8 *dst = NULL;
8094 u8 mpp[ETH_ALEN];
8095
8096 memset(&pinfo, 0, sizeof(pinfo));
8097
8098 if (!info->attrs[NL80211_ATTR_MAC])
8099 return -EINVAL;
8100
8101 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8102
8103 if (!rdev->ops->get_mpp)
8104 return -EOPNOTSUPP;
8105
8106 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8107 return -EOPNOTSUPP;
8108
8109 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
8110 if (err)
8111 return err;
8112
8113 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8114 if (!msg)
8115 return -ENOMEM;
8116
8117 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
8118 dev, dst, mpp, &pinfo) < 0) {
8119 nlmsg_free(msg);
8120 return -ENOBUFS;
8121 }
8122
8123 return genlmsg_reply(msg, info);
8124 }
8125
nl80211_dump_mpp(struct sk_buff * skb,struct netlink_callback * cb)8126 static int nl80211_dump_mpp(struct sk_buff *skb,
8127 struct netlink_callback *cb)
8128 {
8129 struct mpath_info pinfo;
8130 struct cfg80211_registered_device *rdev;
8131 struct wireless_dev *wdev;
8132 u8 dst[ETH_ALEN];
8133 u8 mpp[ETH_ALEN];
8134 int path_idx = cb->args[2];
8135 int err;
8136
8137 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
8138 if (err)
8139 return err;
8140 /* nl80211_prepare_wdev_dump acquired it in the successful case */
8141 __acquire(&rdev->wiphy.mtx);
8142
8143 if (!rdev->ops->dump_mpp) {
8144 err = -EOPNOTSUPP;
8145 goto out_err;
8146 }
8147
8148 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
8149 err = -EOPNOTSUPP;
8150 goto out_err;
8151 }
8152
8153 while (1) {
8154 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
8155 mpp, &pinfo);
8156 if (err == -ENOENT)
8157 break;
8158 if (err)
8159 goto out_err;
8160
8161 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
8162 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8163 wdev->netdev, dst, mpp,
8164 &pinfo) < 0)
8165 goto out;
8166
8167 path_idx++;
8168 }
8169
8170 out:
8171 cb->args[2] = path_idx;
8172 err = skb->len;
8173 out_err:
8174 wiphy_unlock(&rdev->wiphy);
8175 return err;
8176 }
8177
nl80211_set_bss(struct sk_buff * skb,struct genl_info * info)8178 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
8179 {
8180 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8181 struct net_device *dev = info->user_ptr[1];
8182 struct bss_parameters params;
8183
8184 memset(¶ms, 0, sizeof(params));
8185 params.link_id = nl80211_link_id_or_invalid(info->attrs);
8186 /* default to not changing parameters */
8187 params.use_cts_prot = -1;
8188 params.use_short_preamble = -1;
8189 params.use_short_slot_time = -1;
8190 params.ap_isolate = -1;
8191 params.ht_opmode = -1;
8192 params.p2p_ctwindow = -1;
8193 params.p2p_opp_ps = -1;
8194
8195 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
8196 params.use_cts_prot =
8197 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
8198 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
8199 params.use_short_preamble =
8200 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
8201 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
8202 params.use_short_slot_time =
8203 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
8204 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8205 params.basic_rates =
8206 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8207 params.basic_rates_len =
8208 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8209 }
8210 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
8211 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
8212 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
8213 params.ht_opmode =
8214 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
8215
8216 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
8217 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8218 return -EINVAL;
8219 params.p2p_ctwindow =
8220 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
8221 if (params.p2p_ctwindow != 0 &&
8222 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
8223 return -EINVAL;
8224 }
8225
8226 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
8227 u8 tmp;
8228
8229 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8230 return -EINVAL;
8231 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
8232 params.p2p_opp_ps = tmp;
8233 if (params.p2p_opp_ps &&
8234 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
8235 return -EINVAL;
8236 }
8237
8238 if (!rdev->ops->change_bss)
8239 return -EOPNOTSUPP;
8240
8241 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8242 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8243 return -EOPNOTSUPP;
8244
8245 return rdev_change_bss(rdev, dev, ¶ms);
8246 }
8247
nl80211_req_set_reg(struct sk_buff * skb,struct genl_info * info)8248 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
8249 {
8250 char *data = NULL;
8251 bool is_indoor;
8252 enum nl80211_user_reg_hint_type user_reg_hint_type;
8253 u32 owner_nlportid;
8254
8255 /*
8256 * You should only get this when cfg80211 hasn't yet initialized
8257 * completely when built-in to the kernel right between the time
8258 * window between nl80211_init() and regulatory_init(), if that is
8259 * even possible.
8260 */
8261 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
8262 return -EINPROGRESS;
8263
8264 user_reg_hint_type =
8265 nla_get_u32_default(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE],
8266 NL80211_USER_REG_HINT_USER);
8267
8268 switch (user_reg_hint_type) {
8269 case NL80211_USER_REG_HINT_USER:
8270 case NL80211_USER_REG_HINT_CELL_BASE:
8271 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8272 return -EINVAL;
8273
8274 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8275 return regulatory_hint_user(data, user_reg_hint_type);
8276 case NL80211_USER_REG_HINT_INDOOR:
8277 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8278 owner_nlportid = info->snd_portid;
8279 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
8280 } else {
8281 owner_nlportid = 0;
8282 is_indoor = true;
8283 }
8284
8285 regulatory_hint_indoor(is_indoor, owner_nlportid);
8286 return 0;
8287 default:
8288 return -EINVAL;
8289 }
8290 }
8291
nl80211_reload_regdb(struct sk_buff * skb,struct genl_info * info)8292 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
8293 {
8294 return reg_reload_regdb();
8295 }
8296
nl80211_get_mesh_config(struct sk_buff * skb,struct genl_info * info)8297 static int nl80211_get_mesh_config(struct sk_buff *skb,
8298 struct genl_info *info)
8299 {
8300 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8301 struct net_device *dev = info->user_ptr[1];
8302 struct wireless_dev *wdev = dev->ieee80211_ptr;
8303 struct mesh_config cur_params;
8304 int err = 0;
8305 void *hdr;
8306 struct nlattr *pinfoattr;
8307 struct sk_buff *msg;
8308
8309 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8310 return -EOPNOTSUPP;
8311
8312 if (!rdev->ops->get_mesh_config)
8313 return -EOPNOTSUPP;
8314
8315 /* If not connected, get default parameters */
8316 if (!wdev->u.mesh.id_len)
8317 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
8318 else
8319 err = rdev_get_mesh_config(rdev, dev, &cur_params);
8320
8321 if (err)
8322 return err;
8323
8324 /* Draw up a netlink message to send back */
8325 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8326 if (!msg)
8327 return -ENOMEM;
8328 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8329 NL80211_CMD_GET_MESH_CONFIG);
8330 if (!hdr)
8331 goto out;
8332 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
8333 if (!pinfoattr)
8334 goto nla_put_failure;
8335 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8336 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
8337 cur_params.dot11MeshRetryTimeout) ||
8338 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
8339 cur_params.dot11MeshConfirmTimeout) ||
8340 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
8341 cur_params.dot11MeshHoldingTimeout) ||
8342 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
8343 cur_params.dot11MeshMaxPeerLinks) ||
8344 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
8345 cur_params.dot11MeshMaxRetries) ||
8346 nla_put_u8(msg, NL80211_MESHCONF_TTL,
8347 cur_params.dot11MeshTTL) ||
8348 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
8349 cur_params.element_ttl) ||
8350 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8351 cur_params.auto_open_plinks) ||
8352 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8353 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
8354 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8355 cur_params.dot11MeshHWMPmaxPREQretries) ||
8356 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
8357 cur_params.path_refresh_time) ||
8358 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8359 cur_params.min_discovery_timeout) ||
8360 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8361 cur_params.dot11MeshHWMPactivePathTimeout) ||
8362 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8363 cur_params.dot11MeshHWMPpreqMinInterval) ||
8364 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8365 cur_params.dot11MeshHWMPperrMinInterval) ||
8366 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8367 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
8368 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
8369 cur_params.dot11MeshHWMPRootMode) ||
8370 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8371 cur_params.dot11MeshHWMPRannInterval) ||
8372 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8373 cur_params.dot11MeshGateAnnouncementProtocol) ||
8374 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
8375 cur_params.dot11MeshForwarding) ||
8376 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
8377 cur_params.rssi_threshold) ||
8378 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
8379 cur_params.ht_opmode) ||
8380 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8381 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
8382 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8383 cur_params.dot11MeshHWMProotInterval) ||
8384 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8385 cur_params.dot11MeshHWMPconfirmationInterval) ||
8386 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
8387 cur_params.power_mode) ||
8388 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
8389 cur_params.dot11MeshAwakeWindowDuration) ||
8390 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
8391 cur_params.plink_timeout) ||
8392 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
8393 cur_params.dot11MeshConnectedToMeshGate) ||
8394 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
8395 cur_params.dot11MeshNolearn) ||
8396 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
8397 cur_params.dot11MeshConnectedToAuthServer))
8398 goto nla_put_failure;
8399 nla_nest_end(msg, pinfoattr);
8400 genlmsg_end(msg, hdr);
8401 return genlmsg_reply(msg, info);
8402
8403 nla_put_failure:
8404 out:
8405 nlmsg_free(msg);
8406 return -ENOBUFS;
8407 }
8408
8409 static const struct nla_policy
8410 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
8411 [NL80211_MESHCONF_RETRY_TIMEOUT] =
8412 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8413 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
8414 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8415 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
8416 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8417 [NL80211_MESHCONF_MAX_PEER_LINKS] =
8418 NLA_POLICY_RANGE(NLA_U16, 0, 255),
8419 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
8420 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8421 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8422 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
8423 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
8424 NLA_POLICY_RANGE(NLA_U32, 1, 255),
8425 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
8426 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
8427 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
8428 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
8429 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
8430 NLA_POLICY_MIN(NLA_U16, 1),
8431 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
8432 NLA_POLICY_MIN(NLA_U16, 1),
8433 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
8434 NLA_POLICY_MIN(NLA_U16, 1),
8435 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
8436 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
8437 NLA_POLICY_MIN(NLA_U16, 1),
8438 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
8439 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
8440 [NL80211_MESHCONF_RSSI_THRESHOLD] =
8441 NLA_POLICY_RANGE(NLA_S32, -255, 0),
8442 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
8443 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
8444 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
8445 NLA_POLICY_MIN(NLA_U16, 1),
8446 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
8447 NLA_POLICY_MIN(NLA_U16, 1),
8448 [NL80211_MESHCONF_POWER_MODE] =
8449 NLA_POLICY_RANGE(NLA_U32,
8450 NL80211_MESH_POWER_ACTIVE,
8451 NL80211_MESH_POWER_MAX),
8452 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
8453 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
8454 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8455 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8456 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8457 };
8458
8459 static const struct nla_policy
8460 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
8461 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
8462 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
8463 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
8464 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
8465 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
8466 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
8467 [NL80211_MESH_SETUP_IE] =
8468 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
8469 IEEE80211_MAX_DATA_LEN),
8470 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
8471 };
8472
nl80211_parse_mesh_config(struct genl_info * info,struct mesh_config * cfg,u32 * mask_out)8473 static int nl80211_parse_mesh_config(struct genl_info *info,
8474 struct mesh_config *cfg,
8475 u32 *mask_out)
8476 {
8477 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
8478 u32 mask = 0;
8479 u16 ht_opmode;
8480
8481 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
8482 do { \
8483 if (tb[attr]) { \
8484 cfg->param = fn(tb[attr]); \
8485 mask |= BIT((attr) - 1); \
8486 } \
8487 } while (0)
8488
8489 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
8490 return -EINVAL;
8491 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
8492 return -EINVAL;
8493
8494 /* This makes sure that there aren't more than 32 mesh config
8495 * parameters (otherwise our bitfield scheme would not work.) */
8496 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
8497
8498 /* Fill in the params struct */
8499 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
8500 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
8501 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
8502 NL80211_MESHCONF_CONFIRM_TIMEOUT,
8503 nla_get_u16);
8504 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
8505 NL80211_MESHCONF_HOLDING_TIMEOUT,
8506 nla_get_u16);
8507 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
8508 NL80211_MESHCONF_MAX_PEER_LINKS,
8509 nla_get_u16);
8510 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
8511 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
8512 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
8513 NL80211_MESHCONF_TTL, nla_get_u8);
8514 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
8515 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
8516 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
8517 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8518 nla_get_u8);
8519 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
8520 mask,
8521 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8522 nla_get_u32);
8523 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
8524 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8525 nla_get_u8);
8526 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
8527 NL80211_MESHCONF_PATH_REFRESH_TIME,
8528 nla_get_u32);
8529 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
8530 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
8531 return -EINVAL;
8532 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
8533 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8534 nla_get_u16);
8535 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
8536 mask,
8537 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8538 nla_get_u32);
8539 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
8540 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
8541 cfg->dot11MeshHWMPactivePathTimeout > 65535))
8542 return -EINVAL;
8543 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
8544 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8545 nla_get_u16);
8546 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
8547 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8548 nla_get_u16);
8549 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8550 dot11MeshHWMPnetDiameterTraversalTime, mask,
8551 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8552 nla_get_u16);
8553 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
8554 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
8555 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
8556 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8557 nla_get_u16);
8558 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
8559 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8560 nla_get_u8);
8561 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
8562 NL80211_MESHCONF_FORWARDING, nla_get_u8);
8563 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
8564 NL80211_MESHCONF_RSSI_THRESHOLD,
8565 nla_get_s32);
8566 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
8567 NL80211_MESHCONF_CONNECTED_TO_GATE,
8568 nla_get_u8);
8569 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
8570 NL80211_MESHCONF_CONNECTED_TO_AS,
8571 nla_get_u8);
8572 /*
8573 * Check HT operation mode based on
8574 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
8575 */
8576 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
8577 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
8578
8579 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
8580 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
8581 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
8582 return -EINVAL;
8583
8584 /* NON_HT_STA bit is reserved, but some programs set it */
8585 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
8586
8587 cfg->ht_opmode = ht_opmode;
8588 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
8589 }
8590 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8591 dot11MeshHWMPactivePathToRootTimeout, mask,
8592 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8593 nla_get_u32);
8594 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
8595 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
8596 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
8597 return -EINVAL;
8598 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
8599 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8600 nla_get_u16);
8601 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
8602 mask,
8603 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8604 nla_get_u16);
8605 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
8606 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
8607 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
8608 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
8609 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
8610 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
8611 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
8612 NL80211_MESHCONF_NOLEARN, nla_get_u8);
8613 if (mask_out)
8614 *mask_out = mask;
8615
8616 return 0;
8617
8618 #undef FILL_IN_MESH_PARAM_IF_SET
8619 }
8620
nl80211_parse_mesh_setup(struct genl_info * info,struct mesh_setup * setup)8621 static int nl80211_parse_mesh_setup(struct genl_info *info,
8622 struct mesh_setup *setup)
8623 {
8624 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8625 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
8626
8627 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
8628 return -EINVAL;
8629 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
8630 return -EINVAL;
8631
8632 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
8633 setup->sync_method =
8634 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
8635 IEEE80211_SYNC_METHOD_VENDOR :
8636 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
8637
8638 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
8639 setup->path_sel_proto =
8640 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
8641 IEEE80211_PATH_PROTOCOL_VENDOR :
8642 IEEE80211_PATH_PROTOCOL_HWMP;
8643
8644 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
8645 setup->path_metric =
8646 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
8647 IEEE80211_PATH_METRIC_VENDOR :
8648 IEEE80211_PATH_METRIC_AIRTIME;
8649
8650 if (tb[NL80211_MESH_SETUP_IE]) {
8651 struct nlattr *ieattr =
8652 tb[NL80211_MESH_SETUP_IE];
8653 setup->ie = nla_data(ieattr);
8654 setup->ie_len = nla_len(ieattr);
8655 }
8656 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
8657 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
8658 return -EINVAL;
8659 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
8660 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
8661 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
8662 if (setup->is_secure)
8663 setup->user_mpm = true;
8664
8665 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
8666 if (!setup->user_mpm)
8667 return -EINVAL;
8668 setup->auth_id =
8669 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
8670 }
8671
8672 return 0;
8673 }
8674
nl80211_update_mesh_config(struct sk_buff * skb,struct genl_info * info)8675 static int nl80211_update_mesh_config(struct sk_buff *skb,
8676 struct genl_info *info)
8677 {
8678 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8679 struct net_device *dev = info->user_ptr[1];
8680 struct wireless_dev *wdev = dev->ieee80211_ptr;
8681 struct mesh_config cfg = {};
8682 u32 mask;
8683 int err;
8684
8685 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8686 return -EOPNOTSUPP;
8687
8688 if (!rdev->ops->update_mesh_config)
8689 return -EOPNOTSUPP;
8690
8691 err = nl80211_parse_mesh_config(info, &cfg, &mask);
8692 if (err)
8693 return err;
8694
8695 if (!wdev->u.mesh.id_len)
8696 err = -ENOLINK;
8697
8698 if (!err)
8699 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
8700
8701 return err;
8702 }
8703
nl80211_put_regdom(const struct ieee80211_regdomain * regdom,struct sk_buff * msg)8704 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
8705 struct sk_buff *msg)
8706 {
8707 struct nlattr *nl_reg_rules;
8708 unsigned int i;
8709
8710 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
8711 (regdom->dfs_region &&
8712 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
8713 goto nla_put_failure;
8714
8715 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
8716 if (!nl_reg_rules)
8717 goto nla_put_failure;
8718
8719 for (i = 0; i < regdom->n_reg_rules; i++) {
8720 struct nlattr *nl_reg_rule;
8721 const struct ieee80211_reg_rule *reg_rule;
8722 const struct ieee80211_freq_range *freq_range;
8723 const struct ieee80211_power_rule *power_rule;
8724 unsigned int max_bandwidth_khz;
8725
8726 reg_rule = ®dom->reg_rules[i];
8727 freq_range = ®_rule->freq_range;
8728 power_rule = ®_rule->power_rule;
8729
8730 nl_reg_rule = nla_nest_start_noflag(msg, i);
8731 if (!nl_reg_rule)
8732 goto nla_put_failure;
8733
8734 max_bandwidth_khz = freq_range->max_bandwidth_khz;
8735 if (!max_bandwidth_khz)
8736 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
8737 reg_rule);
8738
8739 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
8740 reg_rule->flags) ||
8741 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
8742 freq_range->start_freq_khz) ||
8743 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
8744 freq_range->end_freq_khz) ||
8745 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
8746 max_bandwidth_khz) ||
8747 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
8748 power_rule->max_antenna_gain) ||
8749 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
8750 power_rule->max_eirp) ||
8751 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
8752 reg_rule->dfs_cac_ms))
8753 goto nla_put_failure;
8754
8755 if ((reg_rule->flags & NL80211_RRF_PSD) &&
8756 nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
8757 reg_rule->psd))
8758 goto nla_put_failure;
8759
8760 nla_nest_end(msg, nl_reg_rule);
8761 }
8762
8763 nla_nest_end(msg, nl_reg_rules);
8764 return 0;
8765
8766 nla_put_failure:
8767 return -EMSGSIZE;
8768 }
8769
nl80211_get_reg_do(struct sk_buff * skb,struct genl_info * info)8770 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
8771 {
8772 const struct ieee80211_regdomain *regdom = NULL;
8773 struct cfg80211_registered_device *rdev;
8774 struct wiphy *wiphy = NULL;
8775 struct sk_buff *msg;
8776 int err = -EMSGSIZE;
8777 void *hdr;
8778
8779 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8780 if (!msg)
8781 return -ENOBUFS;
8782
8783 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8784 NL80211_CMD_GET_REG);
8785 if (!hdr)
8786 goto put_failure;
8787
8788 rtnl_lock();
8789
8790 if (info->attrs[NL80211_ATTR_WIPHY]) {
8791 bool self_managed;
8792
8793 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
8794 if (IS_ERR(rdev)) {
8795 err = PTR_ERR(rdev);
8796 goto nla_put_failure;
8797 }
8798
8799 wiphy = &rdev->wiphy;
8800 self_managed = wiphy->regulatory_flags &
8801 REGULATORY_WIPHY_SELF_MANAGED;
8802
8803 rcu_read_lock();
8804
8805 regdom = get_wiphy_regdom(wiphy);
8806
8807 /* a self-managed-reg device must have a private regdom */
8808 if (WARN_ON(!regdom && self_managed)) {
8809 err = -EINVAL;
8810 goto nla_put_failure_rcu;
8811 }
8812
8813 if (regdom &&
8814 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8815 goto nla_put_failure_rcu;
8816 } else {
8817 rcu_read_lock();
8818 }
8819
8820 if (!wiphy && reg_last_request_cell_base() &&
8821 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8822 NL80211_USER_REG_HINT_CELL_BASE))
8823 goto nla_put_failure_rcu;
8824
8825 if (!regdom)
8826 regdom = rcu_dereference(cfg80211_regdomain);
8827
8828 if (nl80211_put_regdom(regdom, msg))
8829 goto nla_put_failure_rcu;
8830
8831 rcu_read_unlock();
8832
8833 genlmsg_end(msg, hdr);
8834 rtnl_unlock();
8835 return genlmsg_reply(msg, info);
8836
8837 nla_put_failure_rcu:
8838 rcu_read_unlock();
8839 nla_put_failure:
8840 rtnl_unlock();
8841 put_failure:
8842 nlmsg_free(msg);
8843 return err;
8844 }
8845
nl80211_send_regdom(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct wiphy * wiphy,const struct ieee80211_regdomain * regdom)8846 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
8847 u32 seq, int flags, struct wiphy *wiphy,
8848 const struct ieee80211_regdomain *regdom)
8849 {
8850 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8851 NL80211_CMD_GET_REG);
8852
8853 if (!hdr)
8854 return -1;
8855
8856 genl_dump_check_consistent(cb, hdr);
8857
8858 if (nl80211_put_regdom(regdom, msg))
8859 goto nla_put_failure;
8860
8861 if (!wiphy && reg_last_request_cell_base() &&
8862 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8863 NL80211_USER_REG_HINT_CELL_BASE))
8864 goto nla_put_failure;
8865
8866 if (wiphy &&
8867 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8868 goto nla_put_failure;
8869
8870 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
8871 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
8872 goto nla_put_failure;
8873
8874 genlmsg_end(msg, hdr);
8875 return 0;
8876
8877 nla_put_failure:
8878 genlmsg_cancel(msg, hdr);
8879 return -EMSGSIZE;
8880 }
8881
nl80211_get_reg_dump(struct sk_buff * skb,struct netlink_callback * cb)8882 static int nl80211_get_reg_dump(struct sk_buff *skb,
8883 struct netlink_callback *cb)
8884 {
8885 const struct ieee80211_regdomain *regdom = NULL;
8886 struct cfg80211_registered_device *rdev;
8887 int err, reg_idx, start = cb->args[2];
8888
8889 rcu_read_lock();
8890
8891 if (cfg80211_regdomain && start == 0) {
8892 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8893 NLM_F_MULTI, NULL,
8894 rcu_dereference(cfg80211_regdomain));
8895 if (err < 0)
8896 goto out_err;
8897 }
8898
8899 /* the global regdom is idx 0 */
8900 reg_idx = 1;
8901 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
8902 regdom = get_wiphy_regdom(&rdev->wiphy);
8903 if (!regdom)
8904 continue;
8905
8906 if (++reg_idx <= start)
8907 continue;
8908
8909 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8910 NLM_F_MULTI, &rdev->wiphy, regdom);
8911 if (err < 0) {
8912 reg_idx--;
8913 break;
8914 }
8915 }
8916
8917 cb->args[2] = reg_idx;
8918 err = skb->len;
8919 out_err:
8920 rcu_read_unlock();
8921 return err;
8922 }
8923
8924 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
8925 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
8926 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
8927 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
8928 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
8929 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
8930 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
8931 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
8932 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
8933 };
8934
parse_reg_rule(struct nlattr * tb[],struct ieee80211_reg_rule * reg_rule)8935 static int parse_reg_rule(struct nlattr *tb[],
8936 struct ieee80211_reg_rule *reg_rule)
8937 {
8938 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
8939 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
8940
8941 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
8942 return -EINVAL;
8943 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
8944 return -EINVAL;
8945 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
8946 return -EINVAL;
8947 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
8948 return -EINVAL;
8949 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
8950 return -EINVAL;
8951
8952 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
8953
8954 freq_range->start_freq_khz =
8955 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
8956 freq_range->end_freq_khz =
8957 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
8958 freq_range->max_bandwidth_khz =
8959 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
8960
8961 power_rule->max_eirp =
8962 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
8963
8964 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
8965 power_rule->max_antenna_gain =
8966 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
8967
8968 if (tb[NL80211_ATTR_DFS_CAC_TIME])
8969 reg_rule->dfs_cac_ms =
8970 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
8971
8972 return 0;
8973 }
8974
nl80211_set_reg(struct sk_buff * skb,struct genl_info * info)8975 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
8976 {
8977 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
8978 struct nlattr *nl_reg_rule;
8979 char *alpha2;
8980 int rem_reg_rules, r;
8981 u32 num_rules = 0, rule_idx = 0;
8982 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
8983 struct ieee80211_regdomain *rd;
8984
8985 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8986 return -EINVAL;
8987
8988 if (!info->attrs[NL80211_ATTR_REG_RULES])
8989 return -EINVAL;
8990
8991 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8992
8993 if (info->attrs[NL80211_ATTR_DFS_REGION])
8994 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
8995
8996 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
8997 rem_reg_rules) {
8998 num_rules++;
8999 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
9000 return -EINVAL;
9001 }
9002
9003 rtnl_lock();
9004 if (!reg_is_valid_request(alpha2)) {
9005 r = -EINVAL;
9006 goto out;
9007 }
9008
9009 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
9010 if (!rd) {
9011 r = -ENOMEM;
9012 goto out;
9013 }
9014
9015 rd->n_reg_rules = num_rules;
9016 rd->alpha2[0] = alpha2[0];
9017 rd->alpha2[1] = alpha2[1];
9018
9019 /*
9020 * Disable DFS master mode if the DFS region was
9021 * not supported or known on this kernel.
9022 */
9023 if (reg_supported_dfs_region(dfs_region))
9024 rd->dfs_region = dfs_region;
9025
9026 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
9027 rem_reg_rules) {
9028 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
9029 nl_reg_rule, reg_rule_policy,
9030 info->extack);
9031 if (r)
9032 goto bad_reg;
9033 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
9034 if (r)
9035 goto bad_reg;
9036
9037 rule_idx++;
9038
9039 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
9040 r = -EINVAL;
9041 goto bad_reg;
9042 }
9043 }
9044
9045 r = set_regdom(rd, REGD_SOURCE_CRDA);
9046 /* set_regdom takes ownership of rd */
9047 rd = NULL;
9048 bad_reg:
9049 kfree(rd);
9050 out:
9051 rtnl_unlock();
9052 return r;
9053 }
9054 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
9055
validate_scan_freqs(struct nlattr * freqs)9056 static int validate_scan_freqs(struct nlattr *freqs)
9057 {
9058 struct nlattr *attr1, *attr2;
9059 int n_channels = 0, tmp1, tmp2;
9060
9061 nla_for_each_nested(attr1, freqs, tmp1)
9062 if (nla_len(attr1) != sizeof(u32))
9063 return 0;
9064
9065 nla_for_each_nested(attr1, freqs, tmp1) {
9066 n_channels++;
9067 /*
9068 * Some hardware has a limited channel list for
9069 * scanning, and it is pretty much nonsensical
9070 * to scan for a channel twice, so disallow that
9071 * and don't require drivers to check that the
9072 * channel list they get isn't longer than what
9073 * they can scan, as long as they can scan all
9074 * the channels they registered at once.
9075 */
9076 nla_for_each_nested(attr2, freqs, tmp2)
9077 if (attr1 != attr2 &&
9078 nla_get_u32(attr1) == nla_get_u32(attr2))
9079 return 0;
9080 }
9081
9082 return n_channels;
9083 }
9084
is_band_valid(struct wiphy * wiphy,enum nl80211_band b)9085 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
9086 {
9087 return b < NUM_NL80211_BANDS && wiphy->bands[b];
9088 }
9089
parse_bss_select(struct nlattr * nla,struct wiphy * wiphy,struct cfg80211_bss_selection * bss_select)9090 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
9091 struct cfg80211_bss_selection *bss_select)
9092 {
9093 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
9094 struct nlattr *nest;
9095 int err;
9096 bool found = false;
9097 int i;
9098
9099 /* only process one nested attribute */
9100 nest = nla_data(nla);
9101 if (!nla_ok(nest, nla_len(nest)))
9102 return -EINVAL;
9103
9104 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
9105 nest, nl80211_bss_select_policy,
9106 NULL);
9107 if (err)
9108 return err;
9109
9110 /* only one attribute may be given */
9111 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
9112 if (attr[i]) {
9113 if (found)
9114 return -EINVAL;
9115 found = true;
9116 }
9117 }
9118
9119 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
9120
9121 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
9122 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
9123
9124 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
9125 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
9126 bss_select->param.band_pref =
9127 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
9128 if (!is_band_valid(wiphy, bss_select->param.band_pref))
9129 return -EINVAL;
9130 }
9131
9132 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
9133 struct nl80211_bss_select_rssi_adjust *adj_param;
9134
9135 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
9136 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
9137 bss_select->param.adjust.band = adj_param->band;
9138 bss_select->param.adjust.delta = adj_param->delta;
9139 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
9140 return -EINVAL;
9141 }
9142
9143 /* user-space did not provide behaviour attribute */
9144 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
9145 return -EINVAL;
9146
9147 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
9148 return -EINVAL;
9149
9150 return 0;
9151 }
9152
nl80211_parse_random_mac(struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask)9153 int nl80211_parse_random_mac(struct nlattr **attrs,
9154 u8 *mac_addr, u8 *mac_addr_mask)
9155 {
9156 int i;
9157
9158 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
9159 eth_zero_addr(mac_addr);
9160 eth_zero_addr(mac_addr_mask);
9161 mac_addr[0] = 0x2;
9162 mac_addr_mask[0] = 0x3;
9163
9164 return 0;
9165 }
9166
9167 /* need both or none */
9168 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
9169 return -EINVAL;
9170
9171 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
9172 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
9173
9174 /* don't allow or configure an mcast address */
9175 if (!is_multicast_ether_addr(mac_addr_mask) ||
9176 is_multicast_ether_addr(mac_addr))
9177 return -EINVAL;
9178
9179 /*
9180 * allow users to pass a MAC address that has bits set outside
9181 * of the mask, but don't bother drivers with having to deal
9182 * with such bits
9183 */
9184 for (i = 0; i < ETH_ALEN; i++)
9185 mac_addr[i] &= mac_addr_mask[i];
9186
9187 return 0;
9188 }
9189
cfg80211_off_channel_oper_allowed(struct wireless_dev * wdev,struct ieee80211_channel * chan)9190 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
9191 struct ieee80211_channel *chan)
9192 {
9193 unsigned int link_id;
9194 bool all_ok = true;
9195
9196 lockdep_assert_wiphy(wdev->wiphy);
9197
9198 if (!cfg80211_wdev_channel_allowed(wdev, chan))
9199 return false;
9200
9201 if (!cfg80211_beaconing_iface_active(wdev))
9202 return true;
9203
9204 /*
9205 * FIXME: check if we have a free HW resource/link for chan
9206 *
9207 * This, as well as the FIXME below, requires knowing the link
9208 * capabilities of the hardware.
9209 */
9210
9211 /* we cannot leave radar channels */
9212 for_each_valid_link(wdev, link_id) {
9213 struct cfg80211_chan_def *chandef;
9214
9215 chandef = wdev_chandef(wdev, link_id);
9216 if (!chandef || !chandef->chan)
9217 continue;
9218
9219 /*
9220 * FIXME: don't require all_ok, but rather check only the
9221 * correct HW resource/link onto which 'chan' falls,
9222 * as only that link leaves the channel for doing
9223 * the off-channel operation.
9224 */
9225
9226 if (chandef->chan->flags & IEEE80211_CHAN_RADAR)
9227 all_ok = false;
9228 }
9229
9230 if (all_ok)
9231 return true;
9232
9233 return regulatory_pre_cac_allowed(wdev->wiphy);
9234 }
9235
nl80211_check_scan_feat(struct wiphy * wiphy,u32 flags,u32 flag,enum nl80211_ext_feature_index feat)9236 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
9237 enum nl80211_ext_feature_index feat)
9238 {
9239 if (!(flags & flag))
9240 return true;
9241 if (wiphy_ext_feature_isset(wiphy, feat))
9242 return true;
9243 return false;
9244 }
9245
9246 static int
nl80211_check_scan_flags(struct wiphy * wiphy,struct wireless_dev * wdev,void * request,struct nlattr ** attrs,bool is_sched_scan)9247 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
9248 void *request, struct nlattr **attrs,
9249 bool is_sched_scan)
9250 {
9251 u8 *mac_addr, *mac_addr_mask;
9252 u32 *flags;
9253 enum nl80211_feature_flags randomness_flag;
9254
9255 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
9256 return 0;
9257
9258 if (is_sched_scan) {
9259 struct cfg80211_sched_scan_request *req = request;
9260
9261 randomness_flag = wdev ?
9262 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
9263 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
9264 flags = &req->flags;
9265 mac_addr = req->mac_addr;
9266 mac_addr_mask = req->mac_addr_mask;
9267 } else {
9268 struct cfg80211_scan_request *req = request;
9269
9270 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
9271 flags = &req->flags;
9272 mac_addr = req->mac_addr;
9273 mac_addr_mask = req->mac_addr_mask;
9274 }
9275
9276 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
9277
9278 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
9279 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
9280 !nl80211_check_scan_feat(wiphy, *flags,
9281 NL80211_SCAN_FLAG_LOW_SPAN,
9282 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
9283 !nl80211_check_scan_feat(wiphy, *flags,
9284 NL80211_SCAN_FLAG_LOW_POWER,
9285 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
9286 !nl80211_check_scan_feat(wiphy, *flags,
9287 NL80211_SCAN_FLAG_HIGH_ACCURACY,
9288 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
9289 !nl80211_check_scan_feat(wiphy, *flags,
9290 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
9291 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
9292 !nl80211_check_scan_feat(wiphy, *flags,
9293 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
9294 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
9295 !nl80211_check_scan_feat(wiphy, *flags,
9296 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
9297 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
9298 !nl80211_check_scan_feat(wiphy, *flags,
9299 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
9300 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
9301 !nl80211_check_scan_feat(wiphy, *flags,
9302 NL80211_SCAN_FLAG_RANDOM_SN,
9303 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
9304 !nl80211_check_scan_feat(wiphy, *flags,
9305 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
9306 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
9307 return -EOPNOTSUPP;
9308
9309 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
9310 int err;
9311
9312 if (!(wiphy->features & randomness_flag) ||
9313 (wdev && wdev->connected))
9314 return -EOPNOTSUPP;
9315
9316 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
9317 if (err)
9318 return err;
9319 }
9320
9321 return 0;
9322 }
9323
nl80211_trigger_scan(struct sk_buff * skb,struct genl_info * info)9324 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
9325 {
9326 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9327 struct wireless_dev *wdev = info->user_ptr[1];
9328 struct cfg80211_scan_request *request;
9329 struct nlattr *scan_freqs = NULL;
9330 bool scan_freqs_khz = false;
9331 struct nlattr *attr;
9332 struct wiphy *wiphy;
9333 int err, tmp, n_ssids = 0, n_channels, i;
9334 size_t ie_len, size;
9335 size_t ssids_offset, ie_offset;
9336
9337 wiphy = &rdev->wiphy;
9338
9339 if (wdev->iftype == NL80211_IFTYPE_NAN)
9340 return -EOPNOTSUPP;
9341
9342 if (!rdev->ops->scan)
9343 return -EOPNOTSUPP;
9344
9345 if (rdev->scan_req || rdev->scan_msg)
9346 return -EBUSY;
9347
9348 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
9349 if (!wiphy_ext_feature_isset(wiphy,
9350 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
9351 return -EOPNOTSUPP;
9352 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
9353 scan_freqs_khz = true;
9354 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
9355 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
9356
9357 if (scan_freqs) {
9358 n_channels = validate_scan_freqs(scan_freqs);
9359 if (!n_channels)
9360 return -EINVAL;
9361 } else {
9362 n_channels = ieee80211_get_num_supported_channels(wiphy);
9363 }
9364
9365 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
9366 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
9367 n_ssids++;
9368
9369 if (n_ssids > wiphy->max_scan_ssids)
9370 return -EINVAL;
9371
9372 if (info->attrs[NL80211_ATTR_IE])
9373 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9374 else
9375 ie_len = 0;
9376
9377 if (ie_len > wiphy->max_scan_ie_len)
9378 return -EINVAL;
9379
9380 size = struct_size(request, channels, n_channels);
9381 ssids_offset = size;
9382 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9383 ie_offset = size;
9384 size = size_add(size, ie_len);
9385 request = kzalloc(size, GFP_KERNEL);
9386 if (!request)
9387 return -ENOMEM;
9388 request->n_channels = n_channels;
9389
9390 if (n_ssids)
9391 request->ssids = (void *)request + ssids_offset;
9392 request->n_ssids = n_ssids;
9393 if (ie_len)
9394 request->ie = (void *)request + ie_offset;
9395
9396 i = 0;
9397 if (scan_freqs) {
9398 /* user specified, bail out if channel not found */
9399 nla_for_each_nested(attr, scan_freqs, tmp) {
9400 struct ieee80211_channel *chan;
9401 int freq = nla_get_u32(attr);
9402
9403 if (!scan_freqs_khz)
9404 freq = MHZ_TO_KHZ(freq);
9405
9406 chan = ieee80211_get_channel_khz(wiphy, freq);
9407 if (!chan) {
9408 err = -EINVAL;
9409 goto out_free;
9410 }
9411
9412 /* ignore disabled channels */
9413 if (chan->flags & IEEE80211_CHAN_DISABLED ||
9414 !cfg80211_wdev_channel_allowed(wdev, chan))
9415 continue;
9416
9417 request->channels[i] = chan;
9418 i++;
9419 }
9420 } else {
9421 enum nl80211_band band;
9422
9423 /* all channels */
9424 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9425 int j;
9426
9427 if (!wiphy->bands[band])
9428 continue;
9429 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9430 struct ieee80211_channel *chan;
9431
9432 chan = &wiphy->bands[band]->channels[j];
9433
9434 if (chan->flags & IEEE80211_CHAN_DISABLED ||
9435 !cfg80211_wdev_channel_allowed(wdev, chan))
9436 continue;
9437
9438 request->channels[i] = chan;
9439 i++;
9440 }
9441 }
9442 }
9443
9444 if (!i) {
9445 err = -EINVAL;
9446 goto out_free;
9447 }
9448
9449 request->n_channels = i;
9450
9451 for (i = 0; i < request->n_channels; i++) {
9452 struct ieee80211_channel *chan = request->channels[i];
9453
9454 /* if we can go off-channel to the target channel we're good */
9455 if (cfg80211_off_channel_oper_allowed(wdev, chan))
9456 continue;
9457
9458 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
9459 err = -EBUSY;
9460 goto out_free;
9461 }
9462 }
9463
9464 i = 0;
9465 if (n_ssids) {
9466 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
9467 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9468 err = -EINVAL;
9469 goto out_free;
9470 }
9471 request->ssids[i].ssid_len = nla_len(attr);
9472 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
9473 i++;
9474 }
9475 }
9476
9477 if (info->attrs[NL80211_ATTR_IE]) {
9478 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9479 memcpy((void *)request->ie,
9480 nla_data(info->attrs[NL80211_ATTR_IE]),
9481 request->ie_len);
9482 }
9483
9484 for (i = 0; i < NUM_NL80211_BANDS; i++)
9485 if (wiphy->bands[i])
9486 request->rates[i] =
9487 (1 << wiphy->bands[i]->n_bitrates) - 1;
9488
9489 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
9490 nla_for_each_nested(attr,
9491 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
9492 tmp) {
9493 enum nl80211_band band = nla_type(attr);
9494
9495 if (band < 0 || band >= NUM_NL80211_BANDS) {
9496 err = -EINVAL;
9497 goto out_free;
9498 }
9499
9500 if (!wiphy->bands[band])
9501 continue;
9502
9503 err = ieee80211_get_ratemask(wiphy->bands[band],
9504 nla_data(attr),
9505 nla_len(attr),
9506 &request->rates[band]);
9507 if (err)
9508 goto out_free;
9509 }
9510 }
9511
9512 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
9513 request->duration =
9514 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
9515 request->duration_mandatory =
9516 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
9517 }
9518
9519 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
9520 false);
9521 if (err)
9522 goto out_free;
9523
9524 request->no_cck =
9525 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9526
9527 /* Initial implementation used NL80211_ATTR_MAC to set the specific
9528 * BSSID to scan for. This was problematic because that same attribute
9529 * was already used for another purpose (local random MAC address). The
9530 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
9531 * compatibility with older userspace components, also use the
9532 * NL80211_ATTR_MAC value here if it can be determined to be used for
9533 * the specific BSSID use case instead of the random MAC address
9534 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
9535 */
9536 if (info->attrs[NL80211_ATTR_BSSID])
9537 memcpy(request->bssid,
9538 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
9539 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
9540 info->attrs[NL80211_ATTR_MAC])
9541 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
9542 ETH_ALEN);
9543 else
9544 eth_broadcast_addr(request->bssid);
9545
9546 request->tsf_report_link_id = nl80211_link_id_or_invalid(info->attrs);
9547 request->wdev = wdev;
9548 request->wiphy = &rdev->wiphy;
9549 request->scan_start = jiffies;
9550
9551 rdev->scan_req = request;
9552 err = cfg80211_scan(rdev);
9553
9554 if (err)
9555 goto out_free;
9556
9557 nl80211_send_scan_start(rdev, wdev);
9558 dev_hold(wdev->netdev);
9559
9560 return 0;
9561
9562 out_free:
9563 rdev->scan_req = NULL;
9564 kfree(request);
9565
9566 return err;
9567 }
9568
nl80211_abort_scan(struct sk_buff * skb,struct genl_info * info)9569 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
9570 {
9571 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9572 struct wireless_dev *wdev = info->user_ptr[1];
9573
9574 if (!rdev->ops->abort_scan)
9575 return -EOPNOTSUPP;
9576
9577 if (rdev->scan_msg)
9578 return 0;
9579
9580 if (!rdev->scan_req)
9581 return -ENOENT;
9582
9583 rdev_abort_scan(rdev, wdev);
9584 return 0;
9585 }
9586
9587 static int
nl80211_parse_sched_scan_plans(struct wiphy * wiphy,int n_plans,struct cfg80211_sched_scan_request * request,struct nlattr ** attrs)9588 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
9589 struct cfg80211_sched_scan_request *request,
9590 struct nlattr **attrs)
9591 {
9592 int tmp, err, i = 0;
9593 struct nlattr *attr;
9594
9595 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9596 u32 interval;
9597
9598 /*
9599 * If scan plans are not specified,
9600 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
9601 * case one scan plan will be set with the specified scan
9602 * interval and infinite number of iterations.
9603 */
9604 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
9605 if (!interval)
9606 return -EINVAL;
9607
9608 request->scan_plans[0].interval =
9609 DIV_ROUND_UP(interval, MSEC_PER_SEC);
9610 if (!request->scan_plans[0].interval)
9611 return -EINVAL;
9612
9613 if (request->scan_plans[0].interval >
9614 wiphy->max_sched_scan_plan_interval)
9615 request->scan_plans[0].interval =
9616 wiphy->max_sched_scan_plan_interval;
9617
9618 return 0;
9619 }
9620
9621 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
9622 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
9623
9624 if (WARN_ON(i >= n_plans))
9625 return -EINVAL;
9626
9627 err = nla_parse_nested_deprecated(plan,
9628 NL80211_SCHED_SCAN_PLAN_MAX,
9629 attr, nl80211_plan_policy,
9630 NULL);
9631 if (err)
9632 return err;
9633
9634 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
9635 return -EINVAL;
9636
9637 request->scan_plans[i].interval =
9638 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
9639 if (!request->scan_plans[i].interval ||
9640 request->scan_plans[i].interval >
9641 wiphy->max_sched_scan_plan_interval)
9642 return -EINVAL;
9643
9644 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
9645 request->scan_plans[i].iterations =
9646 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
9647 if (!request->scan_plans[i].iterations ||
9648 (request->scan_plans[i].iterations >
9649 wiphy->max_sched_scan_plan_iterations))
9650 return -EINVAL;
9651 } else if (i < n_plans - 1) {
9652 /*
9653 * All scan plans but the last one must specify
9654 * a finite number of iterations
9655 */
9656 return -EINVAL;
9657 }
9658
9659 i++;
9660 }
9661
9662 /*
9663 * The last scan plan must not specify the number of
9664 * iterations, it is supposed to run infinitely
9665 */
9666 if (request->scan_plans[n_plans - 1].iterations)
9667 return -EINVAL;
9668
9669 return 0;
9670 }
9671
9672 static struct cfg80211_sched_scan_request *
nl80211_parse_sched_scan(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,int max_match_sets)9673 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
9674 struct nlattr **attrs, int max_match_sets)
9675 {
9676 struct cfg80211_sched_scan_request *request;
9677 struct nlattr *attr;
9678 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
9679 enum nl80211_band band;
9680 size_t ie_len, size;
9681 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
9682 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
9683
9684 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9685 n_channels = validate_scan_freqs(
9686 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
9687 if (!n_channels)
9688 return ERR_PTR(-EINVAL);
9689 } else {
9690 n_channels = ieee80211_get_num_supported_channels(wiphy);
9691 }
9692
9693 if (attrs[NL80211_ATTR_SCAN_SSIDS])
9694 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9695 tmp)
9696 n_ssids++;
9697
9698 if (n_ssids > wiphy->max_sched_scan_ssids)
9699 return ERR_PTR(-EINVAL);
9700
9701 /*
9702 * First, count the number of 'real' matchsets. Due to an issue with
9703 * the old implementation, matchsets containing only the RSSI attribute
9704 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
9705 * RSSI for all matchsets, rather than their own matchset for reporting
9706 * all APs with a strong RSSI. This is needed to be compatible with
9707 * older userspace that treated a matchset with only the RSSI as the
9708 * global RSSI for all other matchsets - if there are other matchsets.
9709 */
9710 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9711 nla_for_each_nested(attr,
9712 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9713 tmp) {
9714 struct nlattr *rssi;
9715
9716 err = nla_parse_nested_deprecated(tb,
9717 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9718 attr,
9719 nl80211_match_policy,
9720 NULL);
9721 if (err)
9722 return ERR_PTR(err);
9723
9724 /* SSID and BSSID are mutually exclusive */
9725 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
9726 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
9727 return ERR_PTR(-EINVAL);
9728
9729 /* add other standalone attributes here */
9730 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
9731 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
9732 n_match_sets++;
9733 continue;
9734 }
9735 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9736 if (rssi)
9737 default_match_rssi = nla_get_s32(rssi);
9738 }
9739 }
9740
9741 /* However, if there's no other matchset, add the RSSI one */
9742 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
9743 n_match_sets = 1;
9744
9745 if (n_match_sets > max_match_sets)
9746 return ERR_PTR(-EINVAL);
9747
9748 if (attrs[NL80211_ATTR_IE])
9749 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
9750 else
9751 ie_len = 0;
9752
9753 if (ie_len > wiphy->max_sched_scan_ie_len)
9754 return ERR_PTR(-EINVAL);
9755
9756 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9757 /*
9758 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
9759 * each scan plan already specifies its own interval
9760 */
9761 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9762 return ERR_PTR(-EINVAL);
9763
9764 nla_for_each_nested(attr,
9765 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
9766 n_plans++;
9767 } else {
9768 /*
9769 * The scan interval attribute is kept for backward
9770 * compatibility. If no scan plans are specified and sched scan
9771 * interval is specified, one scan plan will be set with this
9772 * scan interval and infinite number of iterations.
9773 */
9774 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9775 return ERR_PTR(-EINVAL);
9776
9777 n_plans = 1;
9778 }
9779
9780 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
9781 return ERR_PTR(-EINVAL);
9782
9783 if (!wiphy_ext_feature_isset(
9784 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
9785 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
9786 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
9787 return ERR_PTR(-EINVAL);
9788
9789 size = struct_size(request, channels, n_channels);
9790 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9791 size = size_add(size, array_size(sizeof(*request->match_sets),
9792 n_match_sets));
9793 size = size_add(size, array_size(sizeof(*request->scan_plans),
9794 n_plans));
9795 size = size_add(size, ie_len);
9796 request = kzalloc(size, GFP_KERNEL);
9797 if (!request)
9798 return ERR_PTR(-ENOMEM);
9799 request->n_channels = n_channels;
9800
9801 if (n_ssids)
9802 request->ssids = (void *)request +
9803 struct_size(request, channels, n_channels);
9804 request->n_ssids = n_ssids;
9805 if (ie_len) {
9806 if (n_ssids)
9807 request->ie = (void *)(request->ssids + n_ssids);
9808 else
9809 request->ie = (void *)(request->channels + n_channels);
9810 }
9811
9812 if (n_match_sets) {
9813 if (request->ie)
9814 request->match_sets = (void *)(request->ie + ie_len);
9815 else if (n_ssids)
9816 request->match_sets =
9817 (void *)(request->ssids + n_ssids);
9818 else
9819 request->match_sets =
9820 (void *)(request->channels + n_channels);
9821 }
9822 request->n_match_sets = n_match_sets;
9823
9824 if (n_match_sets)
9825 request->scan_plans = (void *)(request->match_sets +
9826 n_match_sets);
9827 else if (request->ie)
9828 request->scan_plans = (void *)(request->ie + ie_len);
9829 else if (n_ssids)
9830 request->scan_plans = (void *)(request->ssids + n_ssids);
9831 else
9832 request->scan_plans = (void *)(request->channels + n_channels);
9833
9834 request->n_scan_plans = n_plans;
9835
9836 i = 0;
9837 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9838 /* user specified, bail out if channel not found */
9839 nla_for_each_nested(attr,
9840 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
9841 tmp) {
9842 struct ieee80211_channel *chan;
9843
9844 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
9845
9846 if (!chan) {
9847 err = -EINVAL;
9848 goto out_free;
9849 }
9850
9851 /* ignore disabled channels */
9852 if (chan->flags & IEEE80211_CHAN_DISABLED)
9853 continue;
9854
9855 request->channels[i] = chan;
9856 i++;
9857 }
9858 } else {
9859 /* all channels */
9860 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9861 int j;
9862
9863 if (!wiphy->bands[band])
9864 continue;
9865 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9866 struct ieee80211_channel *chan;
9867
9868 chan = &wiphy->bands[band]->channels[j];
9869
9870 if (chan->flags & IEEE80211_CHAN_DISABLED)
9871 continue;
9872
9873 request->channels[i] = chan;
9874 i++;
9875 }
9876 }
9877 }
9878
9879 if (!i) {
9880 err = -EINVAL;
9881 goto out_free;
9882 }
9883
9884 request->n_channels = i;
9885
9886 i = 0;
9887 if (n_ssids) {
9888 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9889 tmp) {
9890 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9891 err = -EINVAL;
9892 goto out_free;
9893 }
9894 request->ssids[i].ssid_len = nla_len(attr);
9895 memcpy(request->ssids[i].ssid, nla_data(attr),
9896 nla_len(attr));
9897 i++;
9898 }
9899 }
9900
9901 i = 0;
9902 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9903 nla_for_each_nested(attr,
9904 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9905 tmp) {
9906 struct nlattr *ssid, *bssid, *rssi;
9907
9908 err = nla_parse_nested_deprecated(tb,
9909 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9910 attr,
9911 nl80211_match_policy,
9912 NULL);
9913 if (err)
9914 goto out_free;
9915 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
9916 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
9917
9918 if (!ssid && !bssid) {
9919 i++;
9920 continue;
9921 }
9922
9923 if (WARN_ON(i >= n_match_sets)) {
9924 /* this indicates a programming error,
9925 * the loop above should have verified
9926 * things properly
9927 */
9928 err = -EINVAL;
9929 goto out_free;
9930 }
9931
9932 if (ssid) {
9933 memcpy(request->match_sets[i].ssid.ssid,
9934 nla_data(ssid), nla_len(ssid));
9935 request->match_sets[i].ssid.ssid_len =
9936 nla_len(ssid);
9937 }
9938 if (bssid)
9939 memcpy(request->match_sets[i].bssid,
9940 nla_data(bssid), ETH_ALEN);
9941
9942 /* special attribute - old implementation w/a */
9943 request->match_sets[i].rssi_thold = default_match_rssi;
9944 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9945 if (rssi)
9946 request->match_sets[i].rssi_thold =
9947 nla_get_s32(rssi);
9948 i++;
9949 }
9950
9951 /* there was no other matchset, so the RSSI one is alone */
9952 if (i == 0 && n_match_sets)
9953 request->match_sets[0].rssi_thold = default_match_rssi;
9954
9955 request->min_rssi_thold = INT_MAX;
9956 for (i = 0; i < n_match_sets; i++)
9957 request->min_rssi_thold =
9958 min(request->match_sets[i].rssi_thold,
9959 request->min_rssi_thold);
9960 } else {
9961 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
9962 }
9963
9964 if (ie_len) {
9965 request->ie_len = ie_len;
9966 memcpy((void *)request->ie,
9967 nla_data(attrs[NL80211_ATTR_IE]),
9968 request->ie_len);
9969 }
9970
9971 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
9972 if (err)
9973 goto out_free;
9974
9975 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
9976 request->delay =
9977 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
9978
9979 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
9980 request->relative_rssi = nla_get_s8(
9981 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
9982 request->relative_rssi_set = true;
9983 }
9984
9985 if (request->relative_rssi_set &&
9986 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
9987 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
9988
9989 rssi_adjust = nla_data(
9990 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
9991 request->rssi_adjust.band = rssi_adjust->band;
9992 request->rssi_adjust.delta = rssi_adjust->delta;
9993 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
9994 err = -EINVAL;
9995 goto out_free;
9996 }
9997 }
9998
9999 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
10000 if (err)
10001 goto out_free;
10002
10003 request->scan_start = jiffies;
10004
10005 return request;
10006
10007 out_free:
10008 kfree(request);
10009 return ERR_PTR(err);
10010 }
10011
nl80211_start_sched_scan(struct sk_buff * skb,struct genl_info * info)10012 static int nl80211_start_sched_scan(struct sk_buff *skb,
10013 struct genl_info *info)
10014 {
10015 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10016 struct net_device *dev = info->user_ptr[1];
10017 struct wireless_dev *wdev = dev->ieee80211_ptr;
10018 struct cfg80211_sched_scan_request *sched_scan_req;
10019 bool want_multi;
10020 int err;
10021
10022 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
10023 return -EOPNOTSUPP;
10024
10025 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
10026 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
10027 if (err)
10028 return err;
10029
10030 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
10031 info->attrs,
10032 rdev->wiphy.max_match_sets);
10033
10034 err = PTR_ERR_OR_ZERO(sched_scan_req);
10035 if (err)
10036 goto out_err;
10037
10038 /* leave request id zero for legacy request
10039 * or if driver does not support multi-scheduled scan
10040 */
10041 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
10042 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
10043
10044 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
10045 if (err)
10046 goto out_free;
10047
10048 sched_scan_req->dev = dev;
10049 sched_scan_req->wiphy = &rdev->wiphy;
10050
10051 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10052 sched_scan_req->owner_nlportid = info->snd_portid;
10053
10054 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
10055
10056 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
10057 return 0;
10058
10059 out_free:
10060 kfree(sched_scan_req);
10061 out_err:
10062 return err;
10063 }
10064
nl80211_stop_sched_scan(struct sk_buff * skb,struct genl_info * info)10065 static int nl80211_stop_sched_scan(struct sk_buff *skb,
10066 struct genl_info *info)
10067 {
10068 struct cfg80211_sched_scan_request *req;
10069 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10070 u64 cookie;
10071
10072 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
10073 return -EOPNOTSUPP;
10074
10075 if (info->attrs[NL80211_ATTR_COOKIE]) {
10076 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10077 return __cfg80211_stop_sched_scan(rdev, cookie, false);
10078 }
10079
10080 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
10081 struct cfg80211_sched_scan_request,
10082 list);
10083 if (!req || req->reqid ||
10084 (req->owner_nlportid &&
10085 req->owner_nlportid != info->snd_portid))
10086 return -ENOENT;
10087
10088 return cfg80211_stop_sched_scan_req(rdev, req, false);
10089 }
10090
nl80211_start_radar_detection(struct sk_buff * skb,struct genl_info * info)10091 static int nl80211_start_radar_detection(struct sk_buff *skb,
10092 struct genl_info *info)
10093 {
10094 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10095 struct net_device *dev = info->user_ptr[1];
10096 struct wireless_dev *wdev = dev->ieee80211_ptr;
10097 int link_id = nl80211_link_id(info->attrs);
10098 struct wiphy *wiphy = wdev->wiphy;
10099 struct cfg80211_chan_def chandef;
10100 enum nl80211_dfs_regions dfs_region;
10101 unsigned int cac_time_ms;
10102 int err;
10103
10104 flush_delayed_work(&rdev->dfs_update_channels_wk);
10105
10106 switch (wdev->iftype) {
10107 case NL80211_IFTYPE_AP:
10108 case NL80211_IFTYPE_P2P_GO:
10109 case NL80211_IFTYPE_MESH_POINT:
10110 case NL80211_IFTYPE_ADHOC:
10111 break;
10112 default:
10113 /* caution - see cfg80211_beaconing_iface_active() below */
10114 return -EINVAL;
10115 }
10116
10117 guard(wiphy)(wiphy);
10118
10119 dfs_region = reg_get_dfs_region(wiphy);
10120 if (dfs_region == NL80211_DFS_UNSET)
10121 return -EINVAL;
10122
10123 err = nl80211_parse_chandef(rdev, info, &chandef);
10124 if (err)
10125 return err;
10126
10127 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10128 if (err < 0)
10129 return err;
10130
10131 if (err == 0)
10132 return -EINVAL;
10133
10134 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
10135 return -EINVAL;
10136
10137 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND]))
10138 return cfg80211_start_background_radar_detection(rdev, wdev,
10139 &chandef);
10140
10141 if (cfg80211_beaconing_iface_active(wdev)) {
10142 /* During MLO other link(s) can beacon, only the current link
10143 * can not already beacon
10144 */
10145 if (wdev->valid_links &&
10146 !wdev->links[link_id].ap.beacon_interval) {
10147 /* nothing */
10148 } else {
10149 return -EBUSY;
10150 }
10151 }
10152
10153 if (wdev->links[link_id].cac_started)
10154 return -EBUSY;
10155
10156 /* CAC start is offloaded to HW and can't be started manually */
10157 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
10158 return -EOPNOTSUPP;
10159
10160 if (!rdev->ops->start_radar_detection)
10161 return -EOPNOTSUPP;
10162
10163 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
10164 if (WARN_ON(!cac_time_ms))
10165 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
10166
10167 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms,
10168 link_id);
10169 if (err)
10170 return err;
10171
10172 switch (wdev->iftype) {
10173 case NL80211_IFTYPE_AP:
10174 case NL80211_IFTYPE_P2P_GO:
10175 wdev->links[0].ap.chandef = chandef;
10176 break;
10177 case NL80211_IFTYPE_ADHOC:
10178 wdev->u.ibss.chandef = chandef;
10179 break;
10180 case NL80211_IFTYPE_MESH_POINT:
10181 wdev->u.mesh.chandef = chandef;
10182 break;
10183 default:
10184 break;
10185 }
10186 wdev->links[link_id].cac_started = true;
10187 wdev->links[link_id].cac_start_time = jiffies;
10188 wdev->links[link_id].cac_time_ms = cac_time_ms;
10189
10190 return 0;
10191 }
10192
nl80211_notify_radar_detection(struct sk_buff * skb,struct genl_info * info)10193 static int nl80211_notify_radar_detection(struct sk_buff *skb,
10194 struct genl_info *info)
10195 {
10196 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10197 struct net_device *dev = info->user_ptr[1];
10198 struct wireless_dev *wdev = dev->ieee80211_ptr;
10199 struct wiphy *wiphy = wdev->wiphy;
10200 struct cfg80211_chan_def chandef;
10201 enum nl80211_dfs_regions dfs_region;
10202 int err;
10203
10204 dfs_region = reg_get_dfs_region(wiphy);
10205 if (dfs_region == NL80211_DFS_UNSET) {
10206 GENL_SET_ERR_MSG(info,
10207 "DFS Region is not set. Unexpected Radar indication");
10208 return -EINVAL;
10209 }
10210
10211 err = nl80211_parse_chandef(rdev, info, &chandef);
10212 if (err) {
10213 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
10214 return err;
10215 }
10216
10217 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10218 if (err < 0) {
10219 GENL_SET_ERR_MSG(info, "chandef is invalid");
10220 return err;
10221 }
10222
10223 if (err == 0) {
10224 GENL_SET_ERR_MSG(info,
10225 "Unexpected Radar indication for chandef/iftype");
10226 return -EINVAL;
10227 }
10228
10229 /* Do not process this notification if radar is already detected
10230 * by kernel on this channel, and return success.
10231 */
10232 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
10233 return 0;
10234
10235 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
10236
10237 cfg80211_sched_dfs_chan_update(rdev);
10238
10239 rdev->radar_chandef = chandef;
10240
10241 /* Propagate this notification to other radios as well */
10242 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
10243
10244 return 0;
10245 }
10246
nl80211_parse_counter_offsets(struct cfg80211_registered_device * rdev,const u8 * data,size_t datalen,int first_count,struct nlattr * attr,const u16 ** offsets,unsigned int * n_offsets)10247 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
10248 const u8 *data, size_t datalen,
10249 int first_count, struct nlattr *attr,
10250 const u16 **offsets, unsigned int *n_offsets)
10251 {
10252 int i;
10253
10254 *n_offsets = 0;
10255
10256 if (!attr)
10257 return 0;
10258
10259 if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
10260 return -EINVAL;
10261
10262 *n_offsets = nla_len(attr) / sizeof(u16);
10263 if (rdev->wiphy.max_num_csa_counters &&
10264 (*n_offsets > rdev->wiphy.max_num_csa_counters))
10265 return -EINVAL;
10266
10267 *offsets = nla_data(attr);
10268
10269 /* sanity checks - counters should fit and be the same */
10270 for (i = 0; i < *n_offsets; i++) {
10271 u16 offset = (*offsets)[i];
10272
10273 if (offset >= datalen)
10274 return -EINVAL;
10275
10276 if (first_count != -1 && data[offset] != first_count)
10277 return -EINVAL;
10278 }
10279
10280 return 0;
10281 }
10282
nl80211_channel_switch(struct sk_buff * skb,struct genl_info * info)10283 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
10284 {
10285 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10286 unsigned int link_id = nl80211_link_id(info->attrs);
10287 struct net_device *dev = info->user_ptr[1];
10288 struct wireless_dev *wdev = dev->ieee80211_ptr;
10289 struct cfg80211_csa_settings params;
10290 struct nlattr **csa_attrs = NULL;
10291 int err;
10292 bool need_new_beacon = false;
10293 bool need_handle_dfs_flag = true;
10294 u32 cs_count;
10295
10296 if (!rdev->ops->channel_switch ||
10297 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
10298 return -EOPNOTSUPP;
10299
10300 switch (dev->ieee80211_ptr->iftype) {
10301 case NL80211_IFTYPE_AP:
10302 case NL80211_IFTYPE_P2P_GO:
10303 need_new_beacon = true;
10304 /* For all modes except AP the handle_dfs flag needs to be
10305 * supplied to tell the kernel that userspace will handle radar
10306 * events when they happen. Otherwise a switch to a channel
10307 * requiring DFS will be rejected.
10308 */
10309 need_handle_dfs_flag = false;
10310
10311 /* useless if AP is not running */
10312 if (!wdev->links[link_id].ap.beacon_interval)
10313 return -ENOTCONN;
10314 break;
10315 case NL80211_IFTYPE_ADHOC:
10316 if (!wdev->u.ibss.ssid_len)
10317 return -ENOTCONN;
10318 break;
10319 case NL80211_IFTYPE_MESH_POINT:
10320 if (!wdev->u.mesh.id_len)
10321 return -ENOTCONN;
10322 break;
10323 default:
10324 return -EOPNOTSUPP;
10325 }
10326
10327 memset(¶ms, 0, sizeof(params));
10328 params.beacon_csa.ftm_responder = -1;
10329
10330 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10331 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
10332 return -EINVAL;
10333
10334 /* only important for AP, IBSS and mesh create IEs internally */
10335 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
10336 return -EINVAL;
10337
10338 /* Even though the attribute is u32, the specification says
10339 * u8, so let's make sure we don't overflow.
10340 */
10341 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
10342 if (cs_count > 255)
10343 return -EINVAL;
10344
10345 params.count = cs_count;
10346
10347 if (!need_new_beacon)
10348 goto skip_beacons;
10349
10350 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after,
10351 info->extack);
10352 if (err)
10353 goto free;
10354
10355 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
10356 GFP_KERNEL);
10357 if (!csa_attrs) {
10358 err = -ENOMEM;
10359 goto free;
10360 }
10361
10362 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
10363 info->attrs[NL80211_ATTR_CSA_IES],
10364 nl80211_policy, info->extack);
10365 if (err)
10366 goto free;
10367
10368 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa,
10369 info->extack);
10370 if (err)
10371 goto free;
10372
10373 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
10374 err = -EINVAL;
10375 goto free;
10376 }
10377
10378 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
10379 params.beacon_csa.tail_len,
10380 params.count,
10381 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
10382 ¶ms.counter_offsets_beacon,
10383 ¶ms.n_counter_offsets_beacon);
10384 if (err)
10385 goto free;
10386
10387 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
10388 params.beacon_csa.probe_resp_len,
10389 params.count,
10390 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
10391 ¶ms.counter_offsets_presp,
10392 ¶ms.n_counter_offsets_presp);
10393 if (err)
10394 goto free;
10395
10396 skip_beacons:
10397 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
10398 if (err)
10399 goto free;
10400
10401 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
10402 wdev->iftype)) {
10403 err = -EINVAL;
10404 goto free;
10405 }
10406
10407 err = cfg80211_chandef_dfs_required(wdev->wiphy,
10408 ¶ms.chandef,
10409 wdev->iftype);
10410 if (err < 0)
10411 goto free;
10412
10413 if (err > 0) {
10414 params.radar_required = true;
10415 if (need_handle_dfs_flag &&
10416 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
10417 err = -EINVAL;
10418 goto free;
10419 }
10420 }
10421
10422 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
10423 params.block_tx = true;
10424
10425 params.link_id = link_id;
10426 err = rdev_channel_switch(rdev, dev, ¶ms);
10427
10428 free:
10429 kfree(params.beacon_after.mbssid_ies);
10430 kfree(params.beacon_csa.mbssid_ies);
10431 kfree(params.beacon_after.rnr_ies);
10432 kfree(params.beacon_csa.rnr_ies);
10433 kfree(csa_attrs);
10434 return err;
10435 }
10436
nl80211_send_bss(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct cfg80211_internal_bss * intbss)10437 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
10438 u32 seq, int flags,
10439 struct cfg80211_registered_device *rdev,
10440 struct wireless_dev *wdev,
10441 struct cfg80211_internal_bss *intbss)
10442 {
10443 struct cfg80211_bss *res = &intbss->pub;
10444 const struct cfg80211_bss_ies *ies;
10445 unsigned int link_id;
10446 void *hdr;
10447 struct nlattr *bss;
10448
10449 lockdep_assert_wiphy(wdev->wiphy);
10450
10451 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
10452 NL80211_CMD_NEW_SCAN_RESULTS);
10453 if (!hdr)
10454 return -1;
10455
10456 genl_dump_check_consistent(cb, hdr);
10457
10458 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
10459 goto nla_put_failure;
10460 if (wdev->netdev &&
10461 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
10462 goto nla_put_failure;
10463 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
10464 NL80211_ATTR_PAD))
10465 goto nla_put_failure;
10466
10467 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
10468 if (!bss)
10469 goto nla_put_failure;
10470 if ((!is_zero_ether_addr(res->bssid) &&
10471 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
10472 goto nla_put_failure;
10473
10474 rcu_read_lock();
10475 /* indicate whether we have probe response data or not */
10476 if (rcu_access_pointer(res->proberesp_ies) &&
10477 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
10478 goto fail_unlock_rcu;
10479
10480 /* this pointer prefers to be pointed to probe response data
10481 * but is always valid
10482 */
10483 ies = rcu_dereference(res->ies);
10484 if (ies) {
10485 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
10486 NL80211_BSS_PAD))
10487 goto fail_unlock_rcu;
10488 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
10489 ies->len, ies->data))
10490 goto fail_unlock_rcu;
10491 }
10492
10493 /* and this pointer is always (unless driver didn't know) beacon data */
10494 ies = rcu_dereference(res->beacon_ies);
10495 if (ies && ies->from_beacon) {
10496 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
10497 NL80211_BSS_PAD))
10498 goto fail_unlock_rcu;
10499 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
10500 ies->len, ies->data))
10501 goto fail_unlock_rcu;
10502 }
10503 rcu_read_unlock();
10504
10505 if (res->beacon_interval &&
10506 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
10507 goto nla_put_failure;
10508 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
10509 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
10510 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
10511 res->channel->freq_offset) ||
10512 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
10513 jiffies_to_msecs(jiffies - intbss->ts)))
10514 goto nla_put_failure;
10515
10516 if (intbss->parent_tsf &&
10517 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
10518 intbss->parent_tsf, NL80211_BSS_PAD) ||
10519 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
10520 intbss->parent_bssid)))
10521 goto nla_put_failure;
10522
10523 if (intbss->ts_boottime &&
10524 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
10525 intbss->ts_boottime, NL80211_BSS_PAD))
10526 goto nla_put_failure;
10527
10528 if (!nl80211_put_signal(msg, intbss->pub.chains,
10529 intbss->pub.chain_signal,
10530 NL80211_BSS_CHAIN_SIGNAL))
10531 goto nla_put_failure;
10532
10533 if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) {
10534 switch (rdev->wiphy.signal_type) {
10535 case CFG80211_SIGNAL_TYPE_MBM:
10536 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM,
10537 res->signal))
10538 goto nla_put_failure;
10539 break;
10540 case CFG80211_SIGNAL_TYPE_UNSPEC:
10541 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC,
10542 res->signal))
10543 goto nla_put_failure;
10544 break;
10545 default:
10546 break;
10547 }
10548 }
10549
10550 switch (wdev->iftype) {
10551 case NL80211_IFTYPE_P2P_CLIENT:
10552 case NL80211_IFTYPE_STATION:
10553 for_each_valid_link(wdev, link_id) {
10554 if (intbss == wdev->links[link_id].client.current_bss &&
10555 (nla_put_u32(msg, NL80211_BSS_STATUS,
10556 NL80211_BSS_STATUS_ASSOCIATED) ||
10557 (wdev->valid_links &&
10558 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
10559 link_id) ||
10560 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
10561 wdev->u.client.connected_addr)))))
10562 goto nla_put_failure;
10563 }
10564 break;
10565 case NL80211_IFTYPE_ADHOC:
10566 if (intbss == wdev->u.ibss.current_bss &&
10567 nla_put_u32(msg, NL80211_BSS_STATUS,
10568 NL80211_BSS_STATUS_IBSS_JOINED))
10569 goto nla_put_failure;
10570 break;
10571 default:
10572 break;
10573 }
10574
10575 if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
10576 goto nla_put_failure;
10577
10578 if (res->cannot_use_reasons &&
10579 nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
10580 res->cannot_use_reasons,
10581 NL80211_BSS_PAD))
10582 goto nla_put_failure;
10583
10584 nla_nest_end(msg, bss);
10585
10586 genlmsg_end(msg, hdr);
10587 return 0;
10588
10589 fail_unlock_rcu:
10590 rcu_read_unlock();
10591 nla_put_failure:
10592 genlmsg_cancel(msg, hdr);
10593 return -EMSGSIZE;
10594 }
10595
nl80211_dump_scan(struct sk_buff * skb,struct netlink_callback * cb)10596 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
10597 {
10598 struct cfg80211_registered_device *rdev;
10599 struct cfg80211_internal_bss *scan;
10600 struct wireless_dev *wdev;
10601 struct nlattr **attrbuf;
10602 int start = cb->args[2], idx = 0;
10603 bool dump_include_use_data;
10604 int err;
10605
10606 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10607 if (!attrbuf)
10608 return -ENOMEM;
10609
10610 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10611 if (err) {
10612 kfree(attrbuf);
10613 return err;
10614 }
10615 /* nl80211_prepare_wdev_dump acquired it in the successful case */
10616 __acquire(&rdev->wiphy.mtx);
10617
10618 dump_include_use_data =
10619 attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
10620 kfree(attrbuf);
10621
10622 spin_lock_bh(&rdev->bss_lock);
10623
10624 /*
10625 * dump_scan will be called multiple times to break up the scan results
10626 * into multiple messages. It is unlikely that any more bss-es will be
10627 * expired after the first call, so only call only call this on the
10628 * first dump_scan invocation.
10629 */
10630 if (start == 0)
10631 cfg80211_bss_expire(rdev);
10632
10633 cb->seq = rdev->bss_generation;
10634
10635 list_for_each_entry(scan, &rdev->bss_list, list) {
10636 if (++idx <= start)
10637 continue;
10638 if (!dump_include_use_data &&
10639 !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
10640 continue;
10641 if (nl80211_send_bss(skb, cb,
10642 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10643 rdev, wdev, scan) < 0) {
10644 idx--;
10645 break;
10646 }
10647 }
10648
10649 spin_unlock_bh(&rdev->bss_lock);
10650
10651 cb->args[2] = idx;
10652 wiphy_unlock(&rdev->wiphy);
10653
10654 return skb->len;
10655 }
10656
nl80211_send_survey(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,bool allow_radio_stats,struct survey_info * survey)10657 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
10658 int flags, struct net_device *dev,
10659 bool allow_radio_stats,
10660 struct survey_info *survey)
10661 {
10662 void *hdr;
10663 struct nlattr *infoattr;
10664
10665 /* skip radio stats if userspace didn't request them */
10666 if (!survey->channel && !allow_radio_stats)
10667 return 0;
10668
10669 hdr = nl80211hdr_put(msg, portid, seq, flags,
10670 NL80211_CMD_NEW_SURVEY_RESULTS);
10671 if (!hdr)
10672 return -ENOMEM;
10673
10674 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10675 goto nla_put_failure;
10676
10677 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
10678 if (!infoattr)
10679 goto nla_put_failure;
10680
10681 if (survey->channel &&
10682 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
10683 survey->channel->center_freq))
10684 goto nla_put_failure;
10685
10686 if (survey->channel && survey->channel->freq_offset &&
10687 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
10688 survey->channel->freq_offset))
10689 goto nla_put_failure;
10690
10691 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
10692 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
10693 goto nla_put_failure;
10694 if ((survey->filled & SURVEY_INFO_IN_USE) &&
10695 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
10696 goto nla_put_failure;
10697 if ((survey->filled & SURVEY_INFO_TIME) &&
10698 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
10699 survey->time, NL80211_SURVEY_INFO_PAD))
10700 goto nla_put_failure;
10701 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
10702 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
10703 survey->time_busy, NL80211_SURVEY_INFO_PAD))
10704 goto nla_put_failure;
10705 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
10706 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
10707 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
10708 goto nla_put_failure;
10709 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
10710 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
10711 survey->time_rx, NL80211_SURVEY_INFO_PAD))
10712 goto nla_put_failure;
10713 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
10714 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
10715 survey->time_tx, NL80211_SURVEY_INFO_PAD))
10716 goto nla_put_failure;
10717 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
10718 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
10719 survey->time_scan, NL80211_SURVEY_INFO_PAD))
10720 goto nla_put_failure;
10721 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
10722 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
10723 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
10724 goto nla_put_failure;
10725
10726 nla_nest_end(msg, infoattr);
10727
10728 genlmsg_end(msg, hdr);
10729 return 0;
10730
10731 nla_put_failure:
10732 genlmsg_cancel(msg, hdr);
10733 return -EMSGSIZE;
10734 }
10735
nl80211_dump_survey(struct sk_buff * skb,struct netlink_callback * cb)10736 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
10737 {
10738 struct nlattr **attrbuf;
10739 struct survey_info survey;
10740 struct cfg80211_registered_device *rdev;
10741 struct wireless_dev *wdev;
10742 int survey_idx = cb->args[2];
10743 int res;
10744 bool radio_stats;
10745
10746 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10747 if (!attrbuf)
10748 return -ENOMEM;
10749
10750 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10751 if (res) {
10752 kfree(attrbuf);
10753 return res;
10754 }
10755 /* nl80211_prepare_wdev_dump acquired it in the successful case */
10756 __acquire(&rdev->wiphy.mtx);
10757
10758 /* prepare_wdev_dump parsed the attributes */
10759 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
10760
10761 if (!wdev->netdev) {
10762 res = -EINVAL;
10763 goto out_err;
10764 }
10765
10766 if (!rdev->ops->dump_survey) {
10767 res = -EOPNOTSUPP;
10768 goto out_err;
10769 }
10770
10771 while (1) {
10772 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
10773 if (res == -ENOENT)
10774 break;
10775 if (res)
10776 goto out_err;
10777
10778 /* don't send disabled channels, but do send non-channel data */
10779 if (survey.channel &&
10780 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
10781 survey_idx++;
10782 continue;
10783 }
10784
10785 if (nl80211_send_survey(skb,
10786 NETLINK_CB(cb->skb).portid,
10787 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10788 wdev->netdev, radio_stats, &survey) < 0)
10789 goto out;
10790 survey_idx++;
10791 }
10792
10793 out:
10794 cb->args[2] = survey_idx;
10795 res = skb->len;
10796 out_err:
10797 kfree(attrbuf);
10798 wiphy_unlock(&rdev->wiphy);
10799 return res;
10800 }
10801
nl80211_authenticate(struct sk_buff * skb,struct genl_info * info)10802 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
10803 {
10804 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10805 struct net_device *dev = info->user_ptr[1];
10806 struct ieee80211_channel *chan;
10807 const u8 *bssid, *ssid;
10808 int err, ssid_len;
10809 enum nl80211_auth_type auth_type;
10810 struct key_parse key;
10811 bool local_state_change;
10812 struct cfg80211_auth_request req = {};
10813 u32 freq;
10814
10815 if (!info->attrs[NL80211_ATTR_MAC])
10816 return -EINVAL;
10817
10818 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
10819 return -EINVAL;
10820
10821 if (!info->attrs[NL80211_ATTR_SSID])
10822 return -EINVAL;
10823
10824 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10825 return -EINVAL;
10826
10827 err = nl80211_parse_key(info, &key);
10828 if (err)
10829 return err;
10830
10831 if (key.idx >= 0) {
10832 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
10833 return -EINVAL;
10834 if (!key.p.key || !key.p.key_len)
10835 return -EINVAL;
10836 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
10837 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
10838 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
10839 key.p.key_len != WLAN_KEY_LEN_WEP104))
10840 return -EINVAL;
10841 if (key.idx > 3)
10842 return -EINVAL;
10843 } else {
10844 key.p.key_len = 0;
10845 key.p.key = NULL;
10846 }
10847
10848 if (key.idx >= 0) {
10849 int i;
10850 bool ok = false;
10851
10852 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
10853 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
10854 ok = true;
10855 break;
10856 }
10857 }
10858 if (!ok)
10859 return -EINVAL;
10860 }
10861
10862 if (!rdev->ops->auth)
10863 return -EOPNOTSUPP;
10864
10865 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10866 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10867 return -EOPNOTSUPP;
10868
10869 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10870 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10871 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10872 freq +=
10873 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10874
10875 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
10876 if (!chan)
10877 return -EINVAL;
10878
10879 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10880 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10881
10882 if (info->attrs[NL80211_ATTR_IE]) {
10883 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10884 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10885 }
10886
10887 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
10888 req.supported_selectors =
10889 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
10890 req.supported_selectors_len =
10891 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
10892 }
10893
10894 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10895 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
10896 return -EINVAL;
10897
10898 if ((auth_type == NL80211_AUTHTYPE_SAE ||
10899 auth_type == NL80211_AUTHTYPE_FILS_SK ||
10900 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
10901 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
10902 !info->attrs[NL80211_ATTR_AUTH_DATA])
10903 return -EINVAL;
10904
10905 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
10906 if (auth_type != NL80211_AUTHTYPE_SAE &&
10907 auth_type != NL80211_AUTHTYPE_FILS_SK &&
10908 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
10909 auth_type != NL80211_AUTHTYPE_FILS_PK)
10910 return -EINVAL;
10911 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
10912 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
10913 }
10914
10915 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10916
10917 /*
10918 * Since we no longer track auth state, ignore
10919 * requests to only change local state.
10920 */
10921 if (local_state_change)
10922 return 0;
10923
10924 req.auth_type = auth_type;
10925 req.key = key.p.key;
10926 req.key_len = key.p.key_len;
10927 req.key_idx = key.idx;
10928 req.link_id = nl80211_link_id_or_invalid(info->attrs);
10929 if (req.link_id >= 0) {
10930 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
10931 return -EINVAL;
10932 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
10933 return -EINVAL;
10934 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
10935 if (!is_valid_ether_addr(req.ap_mld_addr))
10936 return -EINVAL;
10937 }
10938
10939 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
10940 IEEE80211_BSS_TYPE_ESS,
10941 IEEE80211_PRIVACY_ANY);
10942 if (!req.bss)
10943 return -ENOENT;
10944
10945 err = cfg80211_mlme_auth(rdev, dev, &req);
10946
10947 cfg80211_put_bss(&rdev->wiphy, req.bss);
10948
10949 return err;
10950 }
10951
validate_pae_over_nl80211(struct cfg80211_registered_device * rdev,struct genl_info * info)10952 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
10953 struct genl_info *info)
10954 {
10955 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10956 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
10957 return -EINVAL;
10958 }
10959
10960 if (!rdev->ops->tx_control_port ||
10961 !wiphy_ext_feature_isset(&rdev->wiphy,
10962 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
10963 return -EOPNOTSUPP;
10964
10965 return 0;
10966 }
10967
nl80211_crypto_settings(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_crypto_settings * settings,int cipher_limit)10968 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
10969 struct genl_info *info,
10970 struct cfg80211_crypto_settings *settings,
10971 int cipher_limit)
10972 {
10973 memset(settings, 0, sizeof(*settings));
10974
10975 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
10976
10977 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
10978 u16 proto;
10979
10980 proto = nla_get_u16(
10981 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
10982 settings->control_port_ethertype = cpu_to_be16(proto);
10983 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
10984 proto != ETH_P_PAE)
10985 return -EINVAL;
10986 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
10987 settings->control_port_no_encrypt = true;
10988 } else
10989 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
10990
10991 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10992 int r = validate_pae_over_nl80211(rdev, info);
10993
10994 if (r < 0)
10995 return r;
10996
10997 settings->control_port_over_nl80211 = true;
10998
10999 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
11000 settings->control_port_no_preauth = true;
11001 }
11002
11003 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
11004 void *data;
11005 int len, i;
11006
11007 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
11008 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
11009 settings->n_ciphers_pairwise = len / sizeof(u32);
11010
11011 if (len % sizeof(u32))
11012 return -EINVAL;
11013
11014 if (settings->n_ciphers_pairwise > cipher_limit)
11015 return -EINVAL;
11016
11017 memcpy(settings->ciphers_pairwise, data, len);
11018
11019 for (i = 0; i < settings->n_ciphers_pairwise; i++)
11020 if (!cfg80211_supported_cipher_suite(
11021 &rdev->wiphy,
11022 settings->ciphers_pairwise[i]))
11023 return -EINVAL;
11024 }
11025
11026 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
11027 settings->cipher_group =
11028 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
11029 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
11030 settings->cipher_group))
11031 return -EINVAL;
11032 }
11033
11034 if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
11035 settings->wpa_versions =
11036 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
11037
11038 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
11039 void *data;
11040 int len;
11041
11042 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
11043 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
11044 settings->n_akm_suites = len / sizeof(u32);
11045
11046 if (len % sizeof(u32))
11047 return -EINVAL;
11048
11049 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
11050 return -EINVAL;
11051
11052 memcpy(settings->akm_suites, data, len);
11053 }
11054
11055 if (info->attrs[NL80211_ATTR_PMK]) {
11056 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
11057 return -EINVAL;
11058 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11059 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
11060 !wiphy_ext_feature_isset(&rdev->wiphy,
11061 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
11062 return -EINVAL;
11063 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11064 }
11065
11066 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
11067 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11068 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
11069 !wiphy_ext_feature_isset(&rdev->wiphy,
11070 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
11071 return -EINVAL;
11072 settings->sae_pwd =
11073 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11074 settings->sae_pwd_len =
11075 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11076 }
11077
11078 settings->sae_pwe =
11079 nla_get_u8_default(info->attrs[NL80211_ATTR_SAE_PWE],
11080 NL80211_SAE_PWE_UNSPECIFIED);
11081
11082 return 0;
11083 }
11084
nl80211_assoc_bss(struct cfg80211_registered_device * rdev,const u8 * ssid,int ssid_len,struct nlattr ** attrs,int assoc_link_id,int link_id)11085 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
11086 const u8 *ssid, int ssid_len,
11087 struct nlattr **attrs,
11088 int assoc_link_id, int link_id)
11089 {
11090 struct ieee80211_channel *chan;
11091 struct cfg80211_bss *bss;
11092 const u8 *bssid;
11093 u32 freq, use_for = 0;
11094
11095 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
11096 return ERR_PTR(-EINVAL);
11097
11098 bssid = nla_data(attrs[NL80211_ATTR_MAC]);
11099
11100 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
11101 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
11102 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
11103
11104 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
11105 if (!chan)
11106 return ERR_PTR(-EINVAL);
11107
11108 if (assoc_link_id >= 0)
11109 use_for = NL80211_BSS_USE_FOR_MLD_LINK;
11110 if (assoc_link_id == link_id)
11111 use_for |= NL80211_BSS_USE_FOR_NORMAL;
11112
11113 bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
11114 ssid, ssid_len,
11115 IEEE80211_BSS_TYPE_ESS,
11116 IEEE80211_PRIVACY_ANY,
11117 use_for);
11118 if (!bss)
11119 return ERR_PTR(-ENOENT);
11120
11121 return bss;
11122 }
11123
nl80211_process_links(struct cfg80211_registered_device * rdev,struct cfg80211_assoc_link * links,int assoc_link_id,const u8 * ssid,int ssid_len,struct genl_info * info)11124 static int nl80211_process_links(struct cfg80211_registered_device *rdev,
11125 struct cfg80211_assoc_link *links,
11126 int assoc_link_id,
11127 const u8 *ssid, int ssid_len,
11128 struct genl_info *info)
11129 {
11130 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(struct nlattr *);
11131 struct nlattr **attrs __free(kfree) = kzalloc(attrsize, GFP_KERNEL);
11132 struct nlattr *link;
11133 unsigned int link_id;
11134 int rem, err;
11135
11136 if (!attrs)
11137 return -ENOMEM;
11138
11139 nla_for_each_nested(link, info->attrs[NL80211_ATTR_MLO_LINKS], rem) {
11140 memset(attrs, 0, attrsize);
11141
11142 nla_parse_nested(attrs, NL80211_ATTR_MAX, link, NULL, NULL);
11143
11144 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
11145 NL_SET_BAD_ATTR(info->extack, link);
11146 return -EINVAL;
11147 }
11148
11149 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
11150 /* cannot use the same link ID again */
11151 if (links[link_id].bss) {
11152 NL_SET_BAD_ATTR(info->extack, link);
11153 return -EINVAL;
11154 }
11155 links[link_id].bss =
11156 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
11157 assoc_link_id, link_id);
11158 if (IS_ERR(links[link_id].bss)) {
11159 err = PTR_ERR(links[link_id].bss);
11160 links[link_id].bss = NULL;
11161 NL_SET_ERR_MSG_ATTR(info->extack, link,
11162 "Error fetching BSS for link");
11163 return err;
11164 }
11165
11166 if (attrs[NL80211_ATTR_IE]) {
11167 links[link_id].elems = nla_data(attrs[NL80211_ATTR_IE]);
11168 links[link_id].elems_len =
11169 nla_len(attrs[NL80211_ATTR_IE]);
11170
11171 if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
11172 links[link_id].elems,
11173 links[link_id].elems_len)) {
11174 NL_SET_ERR_MSG_ATTR(info->extack,
11175 attrs[NL80211_ATTR_IE],
11176 "cannot deal with fragmentation");
11177 return -EINVAL;
11178 }
11179
11180 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11181 links[link_id].elems,
11182 links[link_id].elems_len)) {
11183 NL_SET_ERR_MSG_ATTR(info->extack,
11184 attrs[NL80211_ATTR_IE],
11185 "cannot deal with non-inheritance");
11186 return -EINVAL;
11187 }
11188 }
11189
11190 links[link_id].disabled =
11191 nla_get_flag(attrs[NL80211_ATTR_MLO_LINK_DISABLED]);
11192 }
11193
11194 return 0;
11195 }
11196
nl80211_associate(struct sk_buff * skb,struct genl_info * info)11197 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
11198 {
11199 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11200 struct net_device *dev = info->user_ptr[1];
11201 struct cfg80211_assoc_request req = {};
11202 const u8 *ap_addr, *ssid;
11203 unsigned int link_id;
11204 int err, ssid_len;
11205
11206 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11207 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11208 return -EPERM;
11209
11210 if (!info->attrs[NL80211_ATTR_SSID])
11211 return -EINVAL;
11212
11213 if (!rdev->ops->assoc)
11214 return -EOPNOTSUPP;
11215
11216 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11217 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11218 return -EOPNOTSUPP;
11219
11220 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11221 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11222
11223 if (info->attrs[NL80211_ATTR_IE]) {
11224 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11225 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11226
11227 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11228 req.ie, req.ie_len)) {
11229 NL_SET_ERR_MSG_ATTR(info->extack,
11230 info->attrs[NL80211_ATTR_IE],
11231 "non-inheritance makes no sense");
11232 return -EINVAL;
11233 }
11234 }
11235
11236 if (info->attrs[NL80211_ATTR_USE_MFP]) {
11237 enum nl80211_mfp mfp =
11238 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
11239 if (mfp == NL80211_MFP_REQUIRED)
11240 req.use_mfp = true;
11241 else if (mfp != NL80211_MFP_NO)
11242 return -EINVAL;
11243 }
11244
11245 if (info->attrs[NL80211_ATTR_PREV_BSSID])
11246 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
11247
11248 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
11249 req.supported_selectors =
11250 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
11251 req.supported_selectors_len =
11252 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
11253 }
11254
11255 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
11256 req.flags |= ASSOC_REQ_DISABLE_HT;
11257
11258 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11259 memcpy(&req.ht_capa_mask,
11260 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11261 sizeof(req.ht_capa_mask));
11262
11263 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11264 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11265 return -EINVAL;
11266 memcpy(&req.ht_capa,
11267 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11268 sizeof(req.ht_capa));
11269 }
11270
11271 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
11272 req.flags |= ASSOC_REQ_DISABLE_VHT;
11273
11274 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
11275 req.flags |= ASSOC_REQ_DISABLE_HE;
11276
11277 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
11278 req.flags |= ASSOC_REQ_DISABLE_EHT;
11279
11280 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11281 memcpy(&req.vht_capa_mask,
11282 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
11283 sizeof(req.vht_capa_mask));
11284
11285 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
11286 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11287 return -EINVAL;
11288 memcpy(&req.vht_capa,
11289 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
11290 sizeof(req.vht_capa));
11291 }
11292
11293 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
11294 if (!((rdev->wiphy.features &
11295 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
11296 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
11297 !wiphy_ext_feature_isset(&rdev->wiphy,
11298 NL80211_EXT_FEATURE_RRM))
11299 return -EINVAL;
11300 req.flags |= ASSOC_REQ_USE_RRM;
11301 }
11302
11303 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
11304 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
11305 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
11306 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
11307 return -EINVAL;
11308 req.fils_nonces =
11309 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
11310 }
11311
11312 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
11313 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
11314 return -EINVAL;
11315 memcpy(&req.s1g_capa_mask,
11316 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
11317 sizeof(req.s1g_capa_mask));
11318 }
11319
11320 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
11321 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
11322 return -EINVAL;
11323 memcpy(&req.s1g_capa,
11324 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
11325 sizeof(req.s1g_capa));
11326 }
11327
11328 if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
11329 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11330 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
11331 GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
11332 return -EINVAL;
11333 }
11334 req.flags |= ASSOC_REQ_SPP_AMSDU;
11335 }
11336
11337 req.link_id = nl80211_link_id_or_invalid(info->attrs);
11338
11339 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11340 if (req.link_id < 0)
11341 return -EINVAL;
11342
11343 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
11344 return -EINVAL;
11345
11346 if (info->attrs[NL80211_ATTR_MAC] ||
11347 info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11348 !info->attrs[NL80211_ATTR_MLD_ADDR])
11349 return -EINVAL;
11350
11351 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
11352 ap_addr = req.ap_mld_addr;
11353
11354 err = nl80211_process_links(rdev, req.links, req.link_id,
11355 ssid, ssid_len, info);
11356 if (err)
11357 goto free;
11358
11359 if (!req.links[req.link_id].bss) {
11360 err = -EINVAL;
11361 goto free;
11362 }
11363
11364 if (req.links[req.link_id].elems_len) {
11365 GENL_SET_ERR_MSG(info,
11366 "cannot have per-link elems on assoc link");
11367 err = -EINVAL;
11368 goto free;
11369 }
11370
11371 if (req.links[req.link_id].disabled) {
11372 GENL_SET_ERR_MSG(info,
11373 "cannot have assoc link disabled");
11374 err = -EINVAL;
11375 goto free;
11376 }
11377 } else {
11378 if (req.link_id >= 0)
11379 return -EINVAL;
11380
11381 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
11382 -1, -1);
11383 if (IS_ERR(req.bss))
11384 return PTR_ERR(req.bss);
11385 ap_addr = req.bss->bssid;
11386 }
11387
11388 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
11389 if (!err) {
11390 struct nlattr *link;
11391 int rem = 0;
11392
11393 err = cfg80211_mlme_assoc(rdev, dev, &req,
11394 info->extack);
11395
11396 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
11397 dev->ieee80211_ptr->conn_owner_nlportid =
11398 info->snd_portid;
11399 memcpy(dev->ieee80211_ptr->disconnect_bssid,
11400 ap_addr, ETH_ALEN);
11401 }
11402
11403 /* Report error from first problematic link */
11404 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11405 nla_for_each_nested(link,
11406 info->attrs[NL80211_ATTR_MLO_LINKS],
11407 rem) {
11408 struct nlattr *link_id_attr =
11409 nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
11410
11411 if (!link_id_attr)
11412 continue;
11413
11414 link_id = nla_get_u8(link_id_attr);
11415
11416 if (link_id == req.link_id)
11417 continue;
11418
11419 if (!req.links[link_id].error ||
11420 WARN_ON(req.links[link_id].error > 0))
11421 continue;
11422
11423 WARN_ON(err >= 0);
11424
11425 NL_SET_BAD_ATTR(info->extack, link);
11426 err = req.links[link_id].error;
11427 break;
11428 }
11429 }
11430 }
11431
11432 free:
11433 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
11434 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
11435 cfg80211_put_bss(&rdev->wiphy, req.bss);
11436
11437 return err;
11438 }
11439
nl80211_deauthenticate(struct sk_buff * skb,struct genl_info * info)11440 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
11441 {
11442 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11443 struct net_device *dev = info->user_ptr[1];
11444 const u8 *ie = NULL, *bssid;
11445 int ie_len = 0;
11446 u16 reason_code;
11447 bool local_state_change;
11448
11449 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11450 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11451 return -EPERM;
11452
11453 if (!info->attrs[NL80211_ATTR_MAC])
11454 return -EINVAL;
11455
11456 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11457 return -EINVAL;
11458
11459 if (!rdev->ops->deauth)
11460 return -EOPNOTSUPP;
11461
11462 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11463 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11464 return -EOPNOTSUPP;
11465
11466 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11467
11468 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11469 if (reason_code == 0) {
11470 /* Reason Code 0 is reserved */
11471 return -EINVAL;
11472 }
11473
11474 if (info->attrs[NL80211_ATTR_IE]) {
11475 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11476 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11477 }
11478
11479 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11480
11481 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
11482 local_state_change);
11483 }
11484
nl80211_disassociate(struct sk_buff * skb,struct genl_info * info)11485 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
11486 {
11487 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11488 struct net_device *dev = info->user_ptr[1];
11489 const u8 *ie = NULL, *bssid;
11490 int ie_len = 0;
11491 u16 reason_code;
11492 bool local_state_change;
11493
11494 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11495 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11496 return -EPERM;
11497
11498 if (!info->attrs[NL80211_ATTR_MAC])
11499 return -EINVAL;
11500
11501 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11502 return -EINVAL;
11503
11504 if (!rdev->ops->disassoc)
11505 return -EOPNOTSUPP;
11506
11507 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11508 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11509 return -EOPNOTSUPP;
11510
11511 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11512
11513 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11514 if (reason_code == 0) {
11515 /* Reason Code 0 is reserved */
11516 return -EINVAL;
11517 }
11518
11519 if (info->attrs[NL80211_ATTR_IE]) {
11520 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11521 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11522 }
11523
11524 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11525
11526 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
11527 local_state_change);
11528 }
11529
11530 static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device * rdev,int mcast_rate[NUM_NL80211_BANDS],int rateval)11531 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
11532 int mcast_rate[NUM_NL80211_BANDS],
11533 int rateval)
11534 {
11535 struct wiphy *wiphy = &rdev->wiphy;
11536 bool found = false;
11537 int band, i;
11538
11539 for (band = 0; band < NUM_NL80211_BANDS; band++) {
11540 struct ieee80211_supported_band *sband;
11541
11542 sband = wiphy->bands[band];
11543 if (!sband)
11544 continue;
11545
11546 for (i = 0; i < sband->n_bitrates; i++) {
11547 if (sband->bitrates[i].bitrate == rateval) {
11548 mcast_rate[band] = i + 1;
11549 found = true;
11550 break;
11551 }
11552 }
11553 }
11554
11555 return found;
11556 }
11557
nl80211_join_ibss(struct sk_buff * skb,struct genl_info * info)11558 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
11559 {
11560 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11561 struct net_device *dev = info->user_ptr[1];
11562 struct cfg80211_ibss_params ibss;
11563 struct wiphy *wiphy;
11564 struct cfg80211_cached_keys *connkeys = NULL;
11565 int err;
11566
11567 memset(&ibss, 0, sizeof(ibss));
11568
11569 if (!info->attrs[NL80211_ATTR_SSID] ||
11570 !nla_len(info->attrs[NL80211_ATTR_SSID]))
11571 return -EINVAL;
11572
11573 ibss.beacon_interval = 100;
11574
11575 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
11576 ibss.beacon_interval =
11577 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11578
11579 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
11580 ibss.beacon_interval);
11581 if (err)
11582 return err;
11583
11584 if (!rdev->ops->join_ibss)
11585 return -EOPNOTSUPP;
11586
11587 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11588 return -EOPNOTSUPP;
11589
11590 wiphy = &rdev->wiphy;
11591
11592 if (info->attrs[NL80211_ATTR_MAC]) {
11593 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11594
11595 if (!is_valid_ether_addr(ibss.bssid))
11596 return -EINVAL;
11597 }
11598 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11599 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11600
11601 if (info->attrs[NL80211_ATTR_IE]) {
11602 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11603 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11604 }
11605
11606 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
11607 if (err)
11608 return err;
11609
11610 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
11611 NL80211_IFTYPE_ADHOC))
11612 return -EINVAL;
11613
11614 switch (ibss.chandef.width) {
11615 case NL80211_CHAN_WIDTH_5:
11616 case NL80211_CHAN_WIDTH_10:
11617 case NL80211_CHAN_WIDTH_20_NOHT:
11618 break;
11619 case NL80211_CHAN_WIDTH_20:
11620 case NL80211_CHAN_WIDTH_40:
11621 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11622 return -EINVAL;
11623 break;
11624 case NL80211_CHAN_WIDTH_80:
11625 case NL80211_CHAN_WIDTH_80P80:
11626 case NL80211_CHAN_WIDTH_160:
11627 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11628 return -EINVAL;
11629 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11630 NL80211_EXT_FEATURE_VHT_IBSS))
11631 return -EINVAL;
11632 break;
11633 case NL80211_CHAN_WIDTH_320:
11634 return -EINVAL;
11635 default:
11636 return -EINVAL;
11637 }
11638
11639 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
11640 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
11641
11642 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11643 u8 *rates =
11644 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11645 int n_rates =
11646 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11647 struct ieee80211_supported_band *sband =
11648 wiphy->bands[ibss.chandef.chan->band];
11649
11650 err = ieee80211_get_ratemask(sband, rates, n_rates,
11651 &ibss.basic_rates);
11652 if (err)
11653 return err;
11654 }
11655
11656 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11657 memcpy(&ibss.ht_capa_mask,
11658 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11659 sizeof(ibss.ht_capa_mask));
11660
11661 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11662 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11663 return -EINVAL;
11664 memcpy(&ibss.ht_capa,
11665 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11666 sizeof(ibss.ht_capa));
11667 }
11668
11669 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11670 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
11671 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11672 return -EINVAL;
11673
11674 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
11675 bool no_ht = false;
11676
11677 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
11678 if (IS_ERR(connkeys))
11679 return PTR_ERR(connkeys);
11680
11681 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
11682 no_ht) {
11683 kfree_sensitive(connkeys);
11684 return -EINVAL;
11685 }
11686 }
11687
11688 ibss.control_port =
11689 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
11690
11691 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11692 int r = validate_pae_over_nl80211(rdev, info);
11693
11694 if (r < 0) {
11695 kfree_sensitive(connkeys);
11696 return r;
11697 }
11698
11699 ibss.control_port_over_nl80211 = true;
11700 }
11701
11702 ibss.userspace_handles_dfs =
11703 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11704
11705 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
11706 if (err)
11707 kfree_sensitive(connkeys);
11708 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
11709 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11710
11711 return err;
11712 }
11713
nl80211_leave_ibss(struct sk_buff * skb,struct genl_info * info)11714 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
11715 {
11716 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11717 struct net_device *dev = info->user_ptr[1];
11718
11719 if (!rdev->ops->leave_ibss)
11720 return -EOPNOTSUPP;
11721
11722 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11723 return -EOPNOTSUPP;
11724
11725 return cfg80211_leave_ibss(rdev, dev, false);
11726 }
11727
nl80211_set_mcast_rate(struct sk_buff * skb,struct genl_info * info)11728 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
11729 {
11730 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11731 struct net_device *dev = info->user_ptr[1];
11732 int mcast_rate[NUM_NL80211_BANDS];
11733 u32 nla_rate;
11734
11735 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
11736 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
11737 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
11738 return -EOPNOTSUPP;
11739
11740 if (!rdev->ops->set_mcast_rate)
11741 return -EOPNOTSUPP;
11742
11743 memset(mcast_rate, 0, sizeof(mcast_rate));
11744
11745 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
11746 return -EINVAL;
11747
11748 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
11749 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
11750 return -EINVAL;
11751
11752 return rdev_set_mcast_rate(rdev, dev, mcast_rate);
11753 }
11754
11755 static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,int approxlen,u32 portid,u32 seq,enum nl80211_commands cmd,enum nl80211_attrs attr,const struct nl80211_vendor_cmd_info * info,gfp_t gfp)11756 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
11757 struct wireless_dev *wdev, int approxlen,
11758 u32 portid, u32 seq, enum nl80211_commands cmd,
11759 enum nl80211_attrs attr,
11760 const struct nl80211_vendor_cmd_info *info,
11761 gfp_t gfp)
11762 {
11763 struct sk_buff *skb;
11764 void *hdr;
11765 struct nlattr *data;
11766
11767 skb = nlmsg_new(approxlen + 100, gfp);
11768 if (!skb)
11769 return NULL;
11770
11771 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
11772 if (!hdr) {
11773 kfree_skb(skb);
11774 return NULL;
11775 }
11776
11777 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11778 goto nla_put_failure;
11779
11780 if (info) {
11781 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
11782 info->vendor_id))
11783 goto nla_put_failure;
11784 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
11785 info->subcmd))
11786 goto nla_put_failure;
11787 }
11788
11789 if (wdev) {
11790 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
11791 wdev_id(wdev), NL80211_ATTR_PAD))
11792 goto nla_put_failure;
11793 if (wdev->netdev &&
11794 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
11795 wdev->netdev->ifindex))
11796 goto nla_put_failure;
11797 }
11798
11799 data = nla_nest_start_noflag(skb, attr);
11800 if (!data)
11801 goto nla_put_failure;
11802
11803 ((void **)skb->cb)[0] = rdev;
11804 ((void **)skb->cb)[1] = hdr;
11805 ((void **)skb->cb)[2] = data;
11806
11807 return skb;
11808
11809 nla_put_failure:
11810 kfree_skb(skb);
11811 return NULL;
11812 }
11813
__cfg80211_alloc_event_skb(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_commands cmd,enum nl80211_attrs attr,unsigned int portid,int vendor_event_idx,int approxlen,gfp_t gfp)11814 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
11815 struct wireless_dev *wdev,
11816 enum nl80211_commands cmd,
11817 enum nl80211_attrs attr,
11818 unsigned int portid,
11819 int vendor_event_idx,
11820 int approxlen, gfp_t gfp)
11821 {
11822 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11823 const struct nl80211_vendor_cmd_info *info;
11824
11825 switch (cmd) {
11826 case NL80211_CMD_TESTMODE:
11827 if (WARN_ON(vendor_event_idx != -1))
11828 return NULL;
11829 info = NULL;
11830 break;
11831 case NL80211_CMD_VENDOR:
11832 if (WARN_ON(vendor_event_idx < 0 ||
11833 vendor_event_idx >= wiphy->n_vendor_events))
11834 return NULL;
11835 info = &wiphy->vendor_events[vendor_event_idx];
11836 break;
11837 default:
11838 WARN_ON(1);
11839 return NULL;
11840 }
11841
11842 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
11843 cmd, attr, info, gfp);
11844 }
11845 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
11846
__cfg80211_send_event_skb(struct sk_buff * skb,gfp_t gfp)11847 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
11848 {
11849 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
11850 void *hdr = ((void **)skb->cb)[1];
11851 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
11852 struct nlattr *data = ((void **)skb->cb)[2];
11853 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
11854
11855 /* clear CB data for netlink core to own from now on */
11856 memset(skb->cb, 0, sizeof(skb->cb));
11857
11858 nla_nest_end(skb, data);
11859 genlmsg_end(skb, hdr);
11860
11861 if (nlhdr->nlmsg_pid) {
11862 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
11863 nlhdr->nlmsg_pid);
11864 } else {
11865 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
11866 mcgrp = NL80211_MCGRP_VENDOR;
11867
11868 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11869 skb, 0, mcgrp, gfp);
11870 }
11871 }
11872 EXPORT_SYMBOL(__cfg80211_send_event_skb);
11873
11874 #ifdef CONFIG_NL80211_TESTMODE
nl80211_testmode_do(struct sk_buff * skb,struct genl_info * info)11875 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
11876 {
11877 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11878 struct wireless_dev *wdev;
11879 int err;
11880
11881 lockdep_assert_held(&rdev->wiphy.mtx);
11882
11883 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
11884 info->attrs);
11885
11886 if (!rdev->ops->testmode_cmd)
11887 return -EOPNOTSUPP;
11888
11889 if (IS_ERR(wdev)) {
11890 err = PTR_ERR(wdev);
11891 if (err != -EINVAL)
11892 return err;
11893 wdev = NULL;
11894 } else if (wdev->wiphy != &rdev->wiphy) {
11895 return -EINVAL;
11896 }
11897
11898 if (!info->attrs[NL80211_ATTR_TESTDATA])
11899 return -EINVAL;
11900
11901 rdev->cur_cmd_info = info;
11902 err = rdev_testmode_cmd(rdev, wdev,
11903 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
11904 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
11905 rdev->cur_cmd_info = NULL;
11906
11907 return err;
11908 }
11909
nl80211_testmode_dump(struct sk_buff * skb,struct netlink_callback * cb)11910 static int nl80211_testmode_dump(struct sk_buff *skb,
11911 struct netlink_callback *cb)
11912 {
11913 struct cfg80211_registered_device *rdev;
11914 struct nlattr **attrbuf = NULL;
11915 int err;
11916 long phy_idx;
11917 void *data = NULL;
11918 int data_len = 0;
11919
11920 rtnl_lock();
11921
11922 if (cb->args[0]) {
11923 /*
11924 * 0 is a valid index, but not valid for args[0],
11925 * so we need to offset by 1.
11926 */
11927 phy_idx = cb->args[0] - 1;
11928
11929 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
11930 if (!rdev) {
11931 err = -ENOENT;
11932 goto out_err;
11933 }
11934 } else {
11935 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
11936 GFP_KERNEL);
11937 if (!attrbuf) {
11938 err = -ENOMEM;
11939 goto out_err;
11940 }
11941
11942 err = nlmsg_parse_deprecated(cb->nlh,
11943 GENL_HDRLEN + nl80211_fam.hdrsize,
11944 attrbuf, nl80211_fam.maxattr,
11945 nl80211_policy, NULL);
11946 if (err)
11947 goto out_err;
11948
11949 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11950 if (IS_ERR(rdev)) {
11951 err = PTR_ERR(rdev);
11952 goto out_err;
11953 }
11954 phy_idx = rdev->wiphy_idx;
11955
11956 if (attrbuf[NL80211_ATTR_TESTDATA])
11957 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
11958 }
11959
11960 if (cb->args[1]) {
11961 data = nla_data((void *)cb->args[1]);
11962 data_len = nla_len((void *)cb->args[1]);
11963 }
11964
11965 if (!rdev->ops->testmode_dump) {
11966 err = -EOPNOTSUPP;
11967 goto out_err;
11968 }
11969
11970 while (1) {
11971 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
11972 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11973 NL80211_CMD_TESTMODE);
11974 struct nlattr *tmdata;
11975
11976 if (!hdr)
11977 break;
11978
11979 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
11980 genlmsg_cancel(skb, hdr);
11981 break;
11982 }
11983
11984 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
11985 if (!tmdata) {
11986 genlmsg_cancel(skb, hdr);
11987 break;
11988 }
11989 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
11990 nla_nest_end(skb, tmdata);
11991
11992 if (err == -ENOBUFS || err == -ENOENT) {
11993 genlmsg_cancel(skb, hdr);
11994 break;
11995 } else if (err) {
11996 genlmsg_cancel(skb, hdr);
11997 goto out_err;
11998 }
11999
12000 genlmsg_end(skb, hdr);
12001 }
12002
12003 err = skb->len;
12004 /* see above */
12005 cb->args[0] = phy_idx + 1;
12006 out_err:
12007 kfree(attrbuf);
12008 rtnl_unlock();
12009 return err;
12010 }
12011 #endif
12012
nl80211_connect(struct sk_buff * skb,struct genl_info * info)12013 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
12014 {
12015 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12016 struct net_device *dev = info->user_ptr[1];
12017 struct cfg80211_connect_params connect;
12018 struct wiphy *wiphy;
12019 struct cfg80211_cached_keys *connkeys = NULL;
12020 u32 freq = 0;
12021 int err;
12022
12023 memset(&connect, 0, sizeof(connect));
12024
12025 if (!info->attrs[NL80211_ATTR_SSID] ||
12026 !nla_len(info->attrs[NL80211_ATTR_SSID]))
12027 return -EINVAL;
12028
12029 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12030 connect.auth_type =
12031 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12032 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
12033 NL80211_CMD_CONNECT))
12034 return -EINVAL;
12035 } else
12036 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
12037
12038 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
12039
12040 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
12041 !wiphy_ext_feature_isset(&rdev->wiphy,
12042 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12043 return -EINVAL;
12044 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
12045
12046 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
12047 NL80211_MAX_NR_CIPHER_SUITES);
12048 if (err)
12049 return err;
12050
12051 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12052 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12053 return -EOPNOTSUPP;
12054
12055 wiphy = &rdev->wiphy;
12056
12057 connect.bg_scan_period = -1;
12058 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
12059 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
12060 connect.bg_scan_period =
12061 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
12062 }
12063
12064 if (info->attrs[NL80211_ATTR_MAC])
12065 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12066 else if (info->attrs[NL80211_ATTR_MAC_HINT])
12067 connect.bssid_hint =
12068 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
12069 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12070 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12071
12072 if (info->attrs[NL80211_ATTR_IE]) {
12073 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12074 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12075 }
12076
12077 if (info->attrs[NL80211_ATTR_USE_MFP]) {
12078 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
12079 if (connect.mfp == NL80211_MFP_OPTIONAL &&
12080 !wiphy_ext_feature_isset(&rdev->wiphy,
12081 NL80211_EXT_FEATURE_MFP_OPTIONAL))
12082 return -EOPNOTSUPP;
12083 } else {
12084 connect.mfp = NL80211_MFP_NO;
12085 }
12086
12087 if (info->attrs[NL80211_ATTR_PREV_BSSID])
12088 connect.prev_bssid =
12089 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
12090
12091 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
12092 freq = MHZ_TO_KHZ(nla_get_u32(
12093 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
12094 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12095 freq +=
12096 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12097
12098 if (freq) {
12099 connect.channel = nl80211_get_valid_chan(wiphy, freq);
12100 if (!connect.channel)
12101 return -EINVAL;
12102 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
12103 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
12104 freq = MHZ_TO_KHZ(freq);
12105 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
12106 if (!connect.channel_hint)
12107 return -EINVAL;
12108 }
12109
12110 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
12111 connect.edmg.channels =
12112 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
12113
12114 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
12115 connect.edmg.bw_config =
12116 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
12117 }
12118
12119 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
12120 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
12121 if (IS_ERR(connkeys))
12122 return PTR_ERR(connkeys);
12123 }
12124
12125 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
12126 connect.flags |= ASSOC_REQ_DISABLE_HT;
12127
12128 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12129 memcpy(&connect.ht_capa_mask,
12130 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12131 sizeof(connect.ht_capa_mask));
12132
12133 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12134 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
12135 kfree_sensitive(connkeys);
12136 return -EINVAL;
12137 }
12138 memcpy(&connect.ht_capa,
12139 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12140 sizeof(connect.ht_capa));
12141 }
12142
12143 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
12144 connect.flags |= ASSOC_REQ_DISABLE_VHT;
12145
12146 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
12147 connect.flags |= ASSOC_REQ_DISABLE_HE;
12148
12149 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
12150 connect.flags |= ASSOC_REQ_DISABLE_EHT;
12151
12152 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12153 memcpy(&connect.vht_capa_mask,
12154 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
12155 sizeof(connect.vht_capa_mask));
12156
12157 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
12158 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
12159 kfree_sensitive(connkeys);
12160 return -EINVAL;
12161 }
12162 memcpy(&connect.vht_capa,
12163 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
12164 sizeof(connect.vht_capa));
12165 }
12166
12167 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
12168 if (!((rdev->wiphy.features &
12169 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
12170 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
12171 !wiphy_ext_feature_isset(&rdev->wiphy,
12172 NL80211_EXT_FEATURE_RRM)) {
12173 kfree_sensitive(connkeys);
12174 return -EINVAL;
12175 }
12176 connect.flags |= ASSOC_REQ_USE_RRM;
12177 }
12178
12179 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
12180 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
12181 kfree_sensitive(connkeys);
12182 return -EOPNOTSUPP;
12183 }
12184
12185 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
12186 /* bss selection makes no sense if bssid is set */
12187 if (connect.bssid) {
12188 kfree_sensitive(connkeys);
12189 return -EINVAL;
12190 }
12191
12192 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
12193 wiphy, &connect.bss_select);
12194 if (err) {
12195 kfree_sensitive(connkeys);
12196 return err;
12197 }
12198 }
12199
12200 if (wiphy_ext_feature_isset(&rdev->wiphy,
12201 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
12202 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12203 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12204 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12205 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12206 connect.fils_erp_username =
12207 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12208 connect.fils_erp_username_len =
12209 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12210 connect.fils_erp_realm =
12211 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12212 connect.fils_erp_realm_len =
12213 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12214 connect.fils_erp_next_seq_num =
12215 nla_get_u16(
12216 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12217 connect.fils_erp_rrk =
12218 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12219 connect.fils_erp_rrk_len =
12220 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12221 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12222 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12223 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12224 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12225 kfree_sensitive(connkeys);
12226 return -EINVAL;
12227 }
12228
12229 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
12230 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12231 kfree_sensitive(connkeys);
12232 GENL_SET_ERR_MSG(info,
12233 "external auth requires connection ownership");
12234 return -EINVAL;
12235 }
12236 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
12237 }
12238
12239 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
12240 connect.flags |= CONNECT_REQ_MLO_SUPPORT;
12241
12242 err = cfg80211_connect(rdev, dev, &connect, connkeys,
12243 connect.prev_bssid);
12244 if (err)
12245 kfree_sensitive(connkeys);
12246
12247 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12248 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
12249 if (connect.bssid)
12250 memcpy(dev->ieee80211_ptr->disconnect_bssid,
12251 connect.bssid, ETH_ALEN);
12252 else
12253 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
12254 }
12255
12256 return err;
12257 }
12258
nl80211_update_connect_params(struct sk_buff * skb,struct genl_info * info)12259 static int nl80211_update_connect_params(struct sk_buff *skb,
12260 struct genl_info *info)
12261 {
12262 struct cfg80211_connect_params connect = {};
12263 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12264 struct net_device *dev = info->user_ptr[1];
12265 struct wireless_dev *wdev = dev->ieee80211_ptr;
12266 bool fils_sk_offload;
12267 u32 auth_type;
12268 u32 changed = 0;
12269
12270 if (!rdev->ops->update_connect_params)
12271 return -EOPNOTSUPP;
12272
12273 if (info->attrs[NL80211_ATTR_IE]) {
12274 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12275 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12276 changed |= UPDATE_ASSOC_IES;
12277 }
12278
12279 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
12280 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
12281
12282 /*
12283 * when driver supports fils-sk offload all attributes must be
12284 * provided. So the else covers "fils-sk-not-all" and
12285 * "no-fils-sk-any".
12286 */
12287 if (fils_sk_offload &&
12288 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12289 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12290 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12291 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12292 connect.fils_erp_username =
12293 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12294 connect.fils_erp_username_len =
12295 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12296 connect.fils_erp_realm =
12297 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12298 connect.fils_erp_realm_len =
12299 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12300 connect.fils_erp_next_seq_num =
12301 nla_get_u16(
12302 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12303 connect.fils_erp_rrk =
12304 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12305 connect.fils_erp_rrk_len =
12306 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12307 changed |= UPDATE_FILS_ERP_INFO;
12308 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12309 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12310 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12311 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12312 return -EINVAL;
12313 }
12314
12315 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12316 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12317 if (!nl80211_valid_auth_type(rdev, auth_type,
12318 NL80211_CMD_CONNECT))
12319 return -EINVAL;
12320
12321 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
12322 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
12323 return -EINVAL;
12324
12325 connect.auth_type = auth_type;
12326 changed |= UPDATE_AUTH_TYPE;
12327 }
12328
12329 if (!wdev->connected)
12330 return -ENOLINK;
12331
12332 return rdev_update_connect_params(rdev, dev, &connect, changed);
12333 }
12334
nl80211_disconnect(struct sk_buff * skb,struct genl_info * info)12335 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
12336 {
12337 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12338 struct net_device *dev = info->user_ptr[1];
12339 u16 reason;
12340
12341 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12342 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12343 return -EPERM;
12344
12345 reason = nla_get_u16_default(info->attrs[NL80211_ATTR_REASON_CODE],
12346 WLAN_REASON_DEAUTH_LEAVING);
12347
12348 if (reason == 0)
12349 return -EINVAL;
12350
12351 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12352 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12353 return -EOPNOTSUPP;
12354
12355 return cfg80211_disconnect(rdev, dev, reason, true);
12356 }
12357
nl80211_wiphy_netns(struct sk_buff * skb,struct genl_info * info)12358 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
12359 {
12360 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12361 struct net *net;
12362 int err;
12363
12364 if (info->attrs[NL80211_ATTR_PID]) {
12365 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
12366
12367 net = get_net_ns_by_pid(pid);
12368 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
12369 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
12370
12371 net = get_net_ns_by_fd(fd);
12372 } else {
12373 return -EINVAL;
12374 }
12375
12376 if (IS_ERR(net))
12377 return PTR_ERR(net);
12378
12379 err = 0;
12380
12381 /* check if anything to do */
12382 if (!net_eq(wiphy_net(&rdev->wiphy), net))
12383 err = cfg80211_switch_netns(rdev, net);
12384
12385 put_net(net);
12386 return err;
12387 }
12388
nl80211_set_pmksa(struct sk_buff * skb,struct genl_info * info)12389 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
12390 {
12391 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12392 struct net_device *dev = info->user_ptr[1];
12393 struct cfg80211_pmksa pmksa;
12394 bool ap_pmksa_caching_support = false;
12395
12396 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12397
12398 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12399 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12400
12401 if (!info->attrs[NL80211_ATTR_PMKID])
12402 return -EINVAL;
12403
12404 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12405
12406 if (info->attrs[NL80211_ATTR_MAC]) {
12407 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12408 } else if (info->attrs[NL80211_ATTR_SSID] &&
12409 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12410 info->attrs[NL80211_ATTR_PMK]) {
12411 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12412 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12413 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12414 } else {
12415 return -EINVAL;
12416 }
12417
12418 if (info->attrs[NL80211_ATTR_PMK]) {
12419 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12420 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12421 }
12422
12423 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
12424 pmksa.pmk_lifetime =
12425 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
12426
12427 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
12428 pmksa.pmk_reauth_threshold =
12429 nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
12430
12431 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12432 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12433 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12434 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12435 ap_pmksa_caching_support))
12436 return -EOPNOTSUPP;
12437
12438 if (!rdev->ops->set_pmksa)
12439 return -EOPNOTSUPP;
12440
12441 return rdev_set_pmksa(rdev, dev, &pmksa);
12442 }
12443
nl80211_del_pmksa(struct sk_buff * skb,struct genl_info * info)12444 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
12445 {
12446 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12447 struct net_device *dev = info->user_ptr[1];
12448 struct cfg80211_pmksa pmksa;
12449 bool sae_offload_support = false;
12450 bool owe_offload_support = false;
12451 bool ap_pmksa_caching_support = false;
12452
12453 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12454
12455 sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12456 NL80211_EXT_FEATURE_SAE_OFFLOAD);
12457 owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12458 NL80211_EXT_FEATURE_OWE_OFFLOAD);
12459 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12460 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12461
12462 if (info->attrs[NL80211_ATTR_PMKID])
12463 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12464
12465 if (info->attrs[NL80211_ATTR_MAC]) {
12466 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12467 } else if (info->attrs[NL80211_ATTR_SSID]) {
12468 /* SSID based pmksa flush supported only for FILS,
12469 * OWE/SAE OFFLOAD cases
12470 */
12471 if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12472 info->attrs[NL80211_ATTR_PMK]) {
12473 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12474 } else if (!sae_offload_support && !owe_offload_support) {
12475 return -EINVAL;
12476 }
12477 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12478 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12479 } else {
12480 return -EINVAL;
12481 }
12482
12483 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12484 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12485 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12486 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12487 ap_pmksa_caching_support))
12488 return -EOPNOTSUPP;
12489
12490 if (!rdev->ops->del_pmksa)
12491 return -EOPNOTSUPP;
12492
12493 return rdev_del_pmksa(rdev, dev, &pmksa);
12494 }
12495
nl80211_flush_pmksa(struct sk_buff * skb,struct genl_info * info)12496 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
12497 {
12498 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12499 struct net_device *dev = info->user_ptr[1];
12500
12501 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12502 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12503 return -EOPNOTSUPP;
12504
12505 if (!rdev->ops->flush_pmksa)
12506 return -EOPNOTSUPP;
12507
12508 return rdev_flush_pmksa(rdev, dev);
12509 }
12510
nl80211_tdls_mgmt(struct sk_buff * skb,struct genl_info * info)12511 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
12512 {
12513 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12514 struct net_device *dev = info->user_ptr[1];
12515 u8 action_code, dialog_token;
12516 u32 peer_capability = 0;
12517 u16 status_code;
12518 u8 *peer;
12519 int link_id;
12520 bool initiator;
12521
12522 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12523 !rdev->ops->tdls_mgmt)
12524 return -EOPNOTSUPP;
12525
12526 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
12527 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
12528 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
12529 !info->attrs[NL80211_ATTR_IE] ||
12530 !info->attrs[NL80211_ATTR_MAC])
12531 return -EINVAL;
12532
12533 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12534 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
12535 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
12536 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
12537 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
12538 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
12539 peer_capability =
12540 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
12541 link_id = nl80211_link_id_or_invalid(info->attrs);
12542
12543 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
12544 dialog_token, status_code, peer_capability,
12545 initiator,
12546 nla_data(info->attrs[NL80211_ATTR_IE]),
12547 nla_len(info->attrs[NL80211_ATTR_IE]));
12548 }
12549
nl80211_tdls_oper(struct sk_buff * skb,struct genl_info * info)12550 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
12551 {
12552 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12553 struct net_device *dev = info->user_ptr[1];
12554 enum nl80211_tdls_operation operation;
12555 u8 *peer;
12556
12557 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12558 !rdev->ops->tdls_oper)
12559 return -EOPNOTSUPP;
12560
12561 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
12562 !info->attrs[NL80211_ATTR_MAC])
12563 return -EINVAL;
12564
12565 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
12566 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12567
12568 return rdev_tdls_oper(rdev, dev, peer, operation);
12569 }
12570
nl80211_remain_on_channel(struct sk_buff * skb,struct genl_info * info)12571 static int nl80211_remain_on_channel(struct sk_buff *skb,
12572 struct genl_info *info)
12573 {
12574 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12575 unsigned int link_id = nl80211_link_id(info->attrs);
12576 struct wireless_dev *wdev = info->user_ptr[1];
12577 struct cfg80211_chan_def chandef;
12578 struct sk_buff *msg;
12579 void *hdr;
12580 u64 cookie;
12581 u32 duration;
12582 int err;
12583
12584 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12585 !info->attrs[NL80211_ATTR_DURATION])
12586 return -EINVAL;
12587
12588 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12589
12590 if (!rdev->ops->remain_on_channel ||
12591 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
12592 return -EOPNOTSUPP;
12593
12594 /*
12595 * We should be on that channel for at least a minimum amount of
12596 * time (10ms) but no longer than the driver supports.
12597 */
12598 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12599 duration > rdev->wiphy.max_remain_on_channel_duration)
12600 return -EINVAL;
12601
12602 err = nl80211_parse_chandef(rdev, info, &chandef);
12603 if (err)
12604 return err;
12605
12606 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
12607 const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
12608
12609 oper_chandef = wdev_chandef(wdev, link_id);
12610
12611 if (WARN_ON(!oper_chandef)) {
12612 /* cannot happen since we must beacon to get here */
12613 WARN_ON(1);
12614 return -EBUSY;
12615 }
12616
12617 /* note: returns first one if identical chandefs */
12618 compat_chandef = cfg80211_chandef_compatible(&chandef,
12619 oper_chandef);
12620
12621 if (compat_chandef != &chandef)
12622 return -EBUSY;
12623 }
12624
12625 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12626 if (!msg)
12627 return -ENOMEM;
12628
12629 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12630 NL80211_CMD_REMAIN_ON_CHANNEL);
12631 if (!hdr) {
12632 err = -ENOBUFS;
12633 goto free_msg;
12634 }
12635
12636 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
12637 duration, &cookie);
12638
12639 if (err)
12640 goto free_msg;
12641
12642 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12643 NL80211_ATTR_PAD))
12644 goto nla_put_failure;
12645
12646 genlmsg_end(msg, hdr);
12647
12648 return genlmsg_reply(msg, info);
12649
12650 nla_put_failure:
12651 err = -ENOBUFS;
12652 free_msg:
12653 nlmsg_free(msg);
12654 return err;
12655 }
12656
nl80211_cancel_remain_on_channel(struct sk_buff * skb,struct genl_info * info)12657 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
12658 struct genl_info *info)
12659 {
12660 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12661 struct wireless_dev *wdev = info->user_ptr[1];
12662 u64 cookie;
12663
12664 if (!info->attrs[NL80211_ATTR_COOKIE])
12665 return -EINVAL;
12666
12667 if (!rdev->ops->cancel_remain_on_channel)
12668 return -EOPNOTSUPP;
12669
12670 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12671
12672 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
12673 }
12674
nl80211_set_tx_bitrate_mask(struct sk_buff * skb,struct genl_info * info)12675 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
12676 struct genl_info *info)
12677 {
12678 struct cfg80211_bitrate_mask mask;
12679 unsigned int link_id = nl80211_link_id(info->attrs);
12680 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12681 struct net_device *dev = info->user_ptr[1];
12682 int err;
12683
12684 if (!rdev->ops->set_bitrate_mask)
12685 return -EOPNOTSUPP;
12686
12687 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
12688 NL80211_ATTR_TX_RATES, &mask,
12689 dev, true, link_id);
12690 if (err)
12691 return err;
12692
12693 return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
12694 }
12695
nl80211_register_mgmt(struct sk_buff * skb,struct genl_info * info)12696 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
12697 {
12698 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12699 struct wireless_dev *wdev = info->user_ptr[1];
12700 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
12701
12702 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
12703 return -EINVAL;
12704
12705 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
12706 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
12707
12708 switch (wdev->iftype) {
12709 case NL80211_IFTYPE_STATION:
12710 case NL80211_IFTYPE_ADHOC:
12711 case NL80211_IFTYPE_P2P_CLIENT:
12712 case NL80211_IFTYPE_AP:
12713 case NL80211_IFTYPE_AP_VLAN:
12714 case NL80211_IFTYPE_MESH_POINT:
12715 case NL80211_IFTYPE_P2P_GO:
12716 case NL80211_IFTYPE_P2P_DEVICE:
12717 break;
12718 case NL80211_IFTYPE_NAN:
12719 if (!wiphy_ext_feature_isset(wdev->wiphy,
12720 NL80211_EXT_FEATURE_SECURE_NAN))
12721 return -EOPNOTSUPP;
12722 break;
12723 default:
12724 return -EOPNOTSUPP;
12725 }
12726
12727 /* not much point in registering if we can't reply */
12728 if (!rdev->ops->mgmt_tx)
12729 return -EOPNOTSUPP;
12730
12731 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
12732 !wiphy_ext_feature_isset(&rdev->wiphy,
12733 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
12734 GENL_SET_ERR_MSG(info,
12735 "multicast RX registrations are not supported");
12736 return -EOPNOTSUPP;
12737 }
12738
12739 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
12740 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12741 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12742 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
12743 info->extack);
12744 }
12745
nl80211_tx_mgmt(struct sk_buff * skb,struct genl_info * info)12746 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
12747 {
12748 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12749 struct wireless_dev *wdev = info->user_ptr[1];
12750 struct cfg80211_chan_def chandef;
12751 int err;
12752 void *hdr = NULL;
12753 u64 cookie;
12754 struct sk_buff *msg = NULL;
12755 struct cfg80211_mgmt_tx_params params = {
12756 .dont_wait_for_ack =
12757 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
12758 };
12759
12760 if (!info->attrs[NL80211_ATTR_FRAME])
12761 return -EINVAL;
12762
12763 if (!rdev->ops->mgmt_tx)
12764 return -EOPNOTSUPP;
12765
12766 switch (wdev->iftype) {
12767 case NL80211_IFTYPE_P2P_DEVICE:
12768 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
12769 return -EINVAL;
12770 break;
12771 case NL80211_IFTYPE_STATION:
12772 case NL80211_IFTYPE_ADHOC:
12773 case NL80211_IFTYPE_P2P_CLIENT:
12774 case NL80211_IFTYPE_AP:
12775 case NL80211_IFTYPE_AP_VLAN:
12776 case NL80211_IFTYPE_MESH_POINT:
12777 case NL80211_IFTYPE_P2P_GO:
12778 break;
12779 case NL80211_IFTYPE_NAN:
12780 if (!wiphy_ext_feature_isset(wdev->wiphy,
12781 NL80211_EXT_FEATURE_SECURE_NAN))
12782 return -EOPNOTSUPP;
12783 break;
12784 default:
12785 return -EOPNOTSUPP;
12786 }
12787
12788 if (info->attrs[NL80211_ATTR_DURATION]) {
12789 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12790 return -EINVAL;
12791 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12792
12793 /*
12794 * We should wait on the channel for at least a minimum amount
12795 * of time (10ms) but no longer than the driver supports.
12796 */
12797 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12798 params.wait > rdev->wiphy.max_remain_on_channel_duration)
12799 return -EINVAL;
12800 }
12801
12802 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
12803
12804 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12805 return -EINVAL;
12806
12807 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
12808
12809 /* get the channel if any has been specified, otherwise pass NULL to
12810 * the driver. The latter will use the current one
12811 */
12812 chandef.chan = NULL;
12813 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
12814 err = nl80211_parse_chandef(rdev, info, &chandef);
12815 if (err)
12816 return err;
12817 }
12818
12819 if (!chandef.chan && params.offchan)
12820 return -EINVAL;
12821
12822 if (params.offchan &&
12823 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
12824 return -EBUSY;
12825
12826 params.link_id = nl80211_link_id_or_invalid(info->attrs);
12827 /*
12828 * This now races due to the unlock, but we cannot check
12829 * the valid links for the _station_ anyway, so that's up
12830 * to the driver.
12831 */
12832 if (params.link_id >= 0 &&
12833 !(wdev->valid_links & BIT(params.link_id)))
12834 return -EINVAL;
12835
12836 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
12837 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
12838
12839 err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
12840 info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
12841 ¶ms.csa_offsets,
12842 ¶ms.n_csa_offsets);
12843 if (err)
12844 return err;
12845
12846 if (!params.dont_wait_for_ack) {
12847 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12848 if (!msg)
12849 return -ENOMEM;
12850
12851 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12852 NL80211_CMD_FRAME);
12853 if (!hdr) {
12854 err = -ENOBUFS;
12855 goto free_msg;
12856 }
12857 }
12858
12859 params.chan = chandef.chan;
12860 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
12861 if (err)
12862 goto free_msg;
12863
12864 if (msg) {
12865 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12866 NL80211_ATTR_PAD))
12867 goto nla_put_failure;
12868
12869 genlmsg_end(msg, hdr);
12870 return genlmsg_reply(msg, info);
12871 }
12872
12873 return 0;
12874
12875 nla_put_failure:
12876 err = -ENOBUFS;
12877 free_msg:
12878 nlmsg_free(msg);
12879 return err;
12880 }
12881
nl80211_tx_mgmt_cancel_wait(struct sk_buff * skb,struct genl_info * info)12882 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
12883 {
12884 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12885 struct wireless_dev *wdev = info->user_ptr[1];
12886 u64 cookie;
12887
12888 if (!info->attrs[NL80211_ATTR_COOKIE])
12889 return -EINVAL;
12890
12891 if (!rdev->ops->mgmt_tx_cancel_wait)
12892 return -EOPNOTSUPP;
12893
12894 switch (wdev->iftype) {
12895 case NL80211_IFTYPE_STATION:
12896 case NL80211_IFTYPE_ADHOC:
12897 case NL80211_IFTYPE_P2P_CLIENT:
12898 case NL80211_IFTYPE_AP:
12899 case NL80211_IFTYPE_AP_VLAN:
12900 case NL80211_IFTYPE_P2P_GO:
12901 case NL80211_IFTYPE_P2P_DEVICE:
12902 break;
12903 case NL80211_IFTYPE_NAN:
12904 if (!wiphy_ext_feature_isset(wdev->wiphy,
12905 NL80211_EXT_FEATURE_SECURE_NAN))
12906 return -EOPNOTSUPP;
12907 break;
12908 default:
12909 return -EOPNOTSUPP;
12910 }
12911
12912 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12913
12914 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
12915 }
12916
nl80211_set_power_save(struct sk_buff * skb,struct genl_info * info)12917 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
12918 {
12919 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12920 struct wireless_dev *wdev;
12921 struct net_device *dev = info->user_ptr[1];
12922 u8 ps_state;
12923 bool state;
12924 int err;
12925
12926 if (!info->attrs[NL80211_ATTR_PS_STATE])
12927 return -EINVAL;
12928
12929 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
12930
12931 wdev = dev->ieee80211_ptr;
12932
12933 if (!rdev->ops->set_power_mgmt)
12934 return -EOPNOTSUPP;
12935
12936 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
12937
12938 if (state == wdev->ps)
12939 return 0;
12940
12941 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
12942 if (!err)
12943 wdev->ps = state;
12944 return err;
12945 }
12946
nl80211_get_power_save(struct sk_buff * skb,struct genl_info * info)12947 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
12948 {
12949 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12950 enum nl80211_ps_state ps_state;
12951 struct wireless_dev *wdev;
12952 struct net_device *dev = info->user_ptr[1];
12953 struct sk_buff *msg;
12954 void *hdr;
12955 int err;
12956
12957 wdev = dev->ieee80211_ptr;
12958
12959 if (!rdev->ops->set_power_mgmt)
12960 return -EOPNOTSUPP;
12961
12962 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12963 if (!msg)
12964 return -ENOMEM;
12965
12966 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12967 NL80211_CMD_GET_POWER_SAVE);
12968 if (!hdr) {
12969 err = -ENOBUFS;
12970 goto free_msg;
12971 }
12972
12973 if (wdev->ps)
12974 ps_state = NL80211_PS_ENABLED;
12975 else
12976 ps_state = NL80211_PS_DISABLED;
12977
12978 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
12979 goto nla_put_failure;
12980
12981 genlmsg_end(msg, hdr);
12982 return genlmsg_reply(msg, info);
12983
12984 nla_put_failure:
12985 err = -ENOBUFS;
12986 free_msg:
12987 nlmsg_free(msg);
12988 return err;
12989 }
12990
12991 static const struct nla_policy
12992 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
12993 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
12994 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
12995 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
12996 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
12997 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
12998 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
12999 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
13000 };
13001
nl80211_set_cqm_txe(struct genl_info * info,u32 rate,u32 pkts,u32 intvl)13002 static int nl80211_set_cqm_txe(struct genl_info *info,
13003 u32 rate, u32 pkts, u32 intvl)
13004 {
13005 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13006 struct net_device *dev = info->user_ptr[1];
13007 struct wireless_dev *wdev = dev->ieee80211_ptr;
13008
13009 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
13010 return -EINVAL;
13011
13012 if (!rdev->ops->set_cqm_txe_config)
13013 return -EOPNOTSUPP;
13014
13015 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13016 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13017 return -EOPNOTSUPP;
13018
13019 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
13020 }
13021
cfg80211_cqm_rssi_update(struct cfg80211_registered_device * rdev,struct net_device * dev,struct cfg80211_cqm_config * cqm_config)13022 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
13023 struct net_device *dev,
13024 struct cfg80211_cqm_config *cqm_config)
13025 {
13026 struct wireless_dev *wdev = dev->ieee80211_ptr;
13027 s32 last, low, high;
13028 u32 hyst;
13029 int i, n, low_index;
13030 int err;
13031
13032 /*
13033 * Obtain current RSSI value if possible, if not and no RSSI threshold
13034 * event has been received yet, we should receive an event after a
13035 * connection is established and enough beacons received to calculate
13036 * the average.
13037 */
13038 if (!cqm_config->last_rssi_event_value &&
13039 wdev->links[0].client.current_bss &&
13040 rdev->ops->get_station) {
13041 struct station_info sinfo = {};
13042 u8 *mac_addr;
13043
13044 mac_addr = wdev->links[0].client.current_bss->pub.bssid;
13045
13046 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
13047 if (err)
13048 return err;
13049
13050 cfg80211_sinfo_release_content(&sinfo);
13051 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
13052 cqm_config->last_rssi_event_value =
13053 (s8) sinfo.rx_beacon_signal_avg;
13054 }
13055
13056 last = cqm_config->last_rssi_event_value;
13057 hyst = cqm_config->rssi_hyst;
13058 n = cqm_config->n_rssi_thresholds;
13059
13060 for (i = 0; i < n; i++) {
13061 i = array_index_nospec(i, n);
13062 if (last < cqm_config->rssi_thresholds[i])
13063 break;
13064 }
13065
13066 low_index = i - 1;
13067 if (low_index >= 0) {
13068 low_index = array_index_nospec(low_index, n);
13069 low = cqm_config->rssi_thresholds[low_index] - hyst;
13070 } else {
13071 low = S32_MIN;
13072 }
13073 if (i < n) {
13074 i = array_index_nospec(i, n);
13075 high = cqm_config->rssi_thresholds[i] + hyst - 1;
13076 } else {
13077 high = S32_MAX;
13078 }
13079
13080 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
13081 }
13082
nl80211_set_cqm_rssi(struct genl_info * info,const s32 * thresholds,int n_thresholds,u32 hysteresis)13083 static int nl80211_set_cqm_rssi(struct genl_info *info,
13084 const s32 *thresholds, int n_thresholds,
13085 u32 hysteresis)
13086 {
13087 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13088 struct cfg80211_cqm_config *cqm_config = NULL, *old;
13089 struct net_device *dev = info->user_ptr[1];
13090 struct wireless_dev *wdev = dev->ieee80211_ptr;
13091 s32 prev = S32_MIN;
13092 int i, err;
13093
13094 /* Check all values negative and sorted */
13095 for (i = 0; i < n_thresholds; i++) {
13096 if (thresholds[i] > 0 || thresholds[i] <= prev)
13097 return -EINVAL;
13098
13099 prev = thresholds[i];
13100 }
13101
13102 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13103 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13104 return -EOPNOTSUPP;
13105
13106 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
13107 n_thresholds = 0;
13108
13109 old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
13110
13111 /* if already disabled just succeed */
13112 if (!n_thresholds && !old)
13113 return 0;
13114
13115 if (n_thresholds > 1) {
13116 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13117 NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
13118 !rdev->ops->set_cqm_rssi_range_config)
13119 return -EOPNOTSUPP;
13120 } else {
13121 if (!rdev->ops->set_cqm_rssi_config)
13122 return -EOPNOTSUPP;
13123 }
13124
13125 if (n_thresholds) {
13126 cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds,
13127 n_thresholds),
13128 GFP_KERNEL);
13129 if (!cqm_config)
13130 return -ENOMEM;
13131
13132 cqm_config->rssi_hyst = hysteresis;
13133 cqm_config->n_rssi_thresholds = n_thresholds;
13134 memcpy(cqm_config->rssi_thresholds, thresholds,
13135 flex_array_size(cqm_config, rssi_thresholds,
13136 n_thresholds));
13137 cqm_config->use_range_api = n_thresholds > 1 ||
13138 !rdev->ops->set_cqm_rssi_config;
13139
13140 rcu_assign_pointer(wdev->cqm_config, cqm_config);
13141
13142 if (cqm_config->use_range_api)
13143 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
13144 else
13145 err = rdev_set_cqm_rssi_config(rdev, dev,
13146 thresholds[0],
13147 hysteresis);
13148 } else {
13149 RCU_INIT_POINTER(wdev->cqm_config, NULL);
13150 /* if enabled as range also disable via range */
13151 if (old->use_range_api)
13152 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
13153 else
13154 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
13155 }
13156
13157 if (err) {
13158 rcu_assign_pointer(wdev->cqm_config, old);
13159 kfree_rcu(cqm_config, rcu_head);
13160 } else {
13161 kfree_rcu(old, rcu_head);
13162 }
13163
13164 return err;
13165 }
13166
nl80211_set_cqm(struct sk_buff * skb,struct genl_info * info)13167 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
13168 {
13169 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
13170 struct nlattr *cqm;
13171 int err;
13172
13173 cqm = info->attrs[NL80211_ATTR_CQM];
13174 if (!cqm)
13175 return -EINVAL;
13176
13177 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
13178 nl80211_attr_cqm_policy,
13179 info->extack);
13180 if (err)
13181 return err;
13182
13183 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
13184 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
13185 const s32 *thresholds =
13186 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13187 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13188 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
13189
13190 if (len % 4)
13191 return -EINVAL;
13192
13193 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
13194 hysteresis);
13195 }
13196
13197 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
13198 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
13199 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
13200 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
13201 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
13202 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
13203
13204 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
13205 }
13206
13207 return -EINVAL;
13208 }
13209
nl80211_join_ocb(struct sk_buff * skb,struct genl_info * info)13210 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
13211 {
13212 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13213 struct net_device *dev = info->user_ptr[1];
13214 struct ocb_setup setup = {};
13215 int err;
13216
13217 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13218 if (err)
13219 return err;
13220
13221 return cfg80211_join_ocb(rdev, dev, &setup);
13222 }
13223
nl80211_leave_ocb(struct sk_buff * skb,struct genl_info * info)13224 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
13225 {
13226 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13227 struct net_device *dev = info->user_ptr[1];
13228
13229 return cfg80211_leave_ocb(rdev, dev);
13230 }
13231
nl80211_join_mesh(struct sk_buff * skb,struct genl_info * info)13232 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
13233 {
13234 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13235 struct net_device *dev = info->user_ptr[1];
13236 struct mesh_config cfg;
13237 struct mesh_setup setup;
13238 int err;
13239
13240 /* start with default */
13241 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
13242 memcpy(&setup, &default_mesh_setup, sizeof(setup));
13243
13244 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
13245 /* and parse parameters if given */
13246 err = nl80211_parse_mesh_config(info, &cfg, NULL);
13247 if (err)
13248 return err;
13249 }
13250
13251 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
13252 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
13253 return -EINVAL;
13254
13255 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
13256 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
13257
13258 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
13259 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
13260 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
13261 return -EINVAL;
13262
13263 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
13264 setup.beacon_interval =
13265 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
13266
13267 err = cfg80211_validate_beacon_int(rdev,
13268 NL80211_IFTYPE_MESH_POINT,
13269 setup.beacon_interval);
13270 if (err)
13271 return err;
13272 }
13273
13274 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
13275 setup.dtim_period =
13276 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
13277 if (setup.dtim_period < 1 || setup.dtim_period > 100)
13278 return -EINVAL;
13279 }
13280
13281 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
13282 /* parse additional setup parameters if given */
13283 err = nl80211_parse_mesh_setup(info, &setup);
13284 if (err)
13285 return err;
13286 }
13287
13288 if (setup.user_mpm)
13289 cfg.auto_open_plinks = false;
13290
13291 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
13292 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13293 if (err)
13294 return err;
13295 } else {
13296 /* __cfg80211_join_mesh() will sort it out */
13297 setup.chandef.chan = NULL;
13298 }
13299
13300 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
13301 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13302 int n_rates =
13303 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13304 struct ieee80211_supported_band *sband;
13305
13306 if (!setup.chandef.chan)
13307 return -EINVAL;
13308
13309 sband = rdev->wiphy.bands[setup.chandef.chan->band];
13310
13311 err = ieee80211_get_ratemask(sband, rates, n_rates,
13312 &setup.basic_rates);
13313 if (err)
13314 return err;
13315 }
13316
13317 if (info->attrs[NL80211_ATTR_TX_RATES]) {
13318 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
13319 NL80211_ATTR_TX_RATES,
13320 &setup.beacon_rate,
13321 dev, false, 0);
13322 if (err)
13323 return err;
13324
13325 if (!setup.chandef.chan)
13326 return -EINVAL;
13327
13328 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
13329 &setup.beacon_rate);
13330 if (err)
13331 return err;
13332 }
13333
13334 setup.userspace_handles_dfs =
13335 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
13336
13337 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
13338 int r = validate_pae_over_nl80211(rdev, info);
13339
13340 if (r < 0)
13341 return r;
13342
13343 setup.control_port_over_nl80211 = true;
13344 }
13345
13346 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
13347 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
13348 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13349
13350 return err;
13351 }
13352
nl80211_leave_mesh(struct sk_buff * skb,struct genl_info * info)13353 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
13354 {
13355 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13356 struct net_device *dev = info->user_ptr[1];
13357
13358 return cfg80211_leave_mesh(rdev, dev);
13359 }
13360
13361 #ifdef CONFIG_PM
nl80211_send_wowlan_patterns(struct sk_buff * msg,struct cfg80211_registered_device * rdev)13362 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
13363 struct cfg80211_registered_device *rdev)
13364 {
13365 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
13366 struct nlattr *nl_pats, *nl_pat;
13367 int i, pat_len;
13368
13369 if (!wowlan->n_patterns)
13370 return 0;
13371
13372 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
13373 if (!nl_pats)
13374 return -ENOBUFS;
13375
13376 for (i = 0; i < wowlan->n_patterns; i++) {
13377 nl_pat = nla_nest_start_noflag(msg, i + 1);
13378 if (!nl_pat)
13379 return -ENOBUFS;
13380 pat_len = wowlan->patterns[i].pattern_len;
13381 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
13382 wowlan->patterns[i].mask) ||
13383 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
13384 wowlan->patterns[i].pattern) ||
13385 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
13386 wowlan->patterns[i].pkt_offset))
13387 return -ENOBUFS;
13388 nla_nest_end(msg, nl_pat);
13389 }
13390 nla_nest_end(msg, nl_pats);
13391
13392 return 0;
13393 }
13394
nl80211_send_wowlan_tcp(struct sk_buff * msg,struct cfg80211_wowlan_tcp * tcp)13395 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
13396 struct cfg80211_wowlan_tcp *tcp)
13397 {
13398 struct nlattr *nl_tcp;
13399
13400 if (!tcp)
13401 return 0;
13402
13403 nl_tcp = nla_nest_start_noflag(msg,
13404 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
13405 if (!nl_tcp)
13406 return -ENOBUFS;
13407
13408 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
13409 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
13410 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
13411 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
13412 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
13413 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
13414 tcp->payload_len, tcp->payload) ||
13415 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
13416 tcp->data_interval) ||
13417 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
13418 tcp->wake_len, tcp->wake_data) ||
13419 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
13420 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
13421 return -ENOBUFS;
13422
13423 if (tcp->payload_seq.len &&
13424 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
13425 sizeof(tcp->payload_seq), &tcp->payload_seq))
13426 return -ENOBUFS;
13427
13428 if (tcp->payload_tok.len &&
13429 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
13430 sizeof(tcp->payload_tok) + tcp->tokens_size,
13431 &tcp->payload_tok))
13432 return -ENOBUFS;
13433
13434 nla_nest_end(msg, nl_tcp);
13435
13436 return 0;
13437 }
13438
nl80211_send_wowlan_nd(struct sk_buff * msg,struct cfg80211_sched_scan_request * req)13439 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
13440 struct cfg80211_sched_scan_request *req)
13441 {
13442 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
13443 int i;
13444
13445 if (!req)
13446 return 0;
13447
13448 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
13449 if (!nd)
13450 return -ENOBUFS;
13451
13452 if (req->n_scan_plans == 1 &&
13453 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
13454 req->scan_plans[0].interval * 1000))
13455 return -ENOBUFS;
13456
13457 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
13458 return -ENOBUFS;
13459
13460 if (req->relative_rssi_set) {
13461 struct nl80211_bss_select_rssi_adjust rssi_adjust;
13462
13463 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
13464 req->relative_rssi))
13465 return -ENOBUFS;
13466
13467 rssi_adjust.band = req->rssi_adjust.band;
13468 rssi_adjust.delta = req->rssi_adjust.delta;
13469 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
13470 sizeof(rssi_adjust), &rssi_adjust))
13471 return -ENOBUFS;
13472 }
13473
13474 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13475 if (!freqs)
13476 return -ENOBUFS;
13477
13478 for (i = 0; i < req->n_channels; i++) {
13479 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13480 return -ENOBUFS;
13481 }
13482
13483 nla_nest_end(msg, freqs);
13484
13485 if (req->n_match_sets) {
13486 matches = nla_nest_start_noflag(msg,
13487 NL80211_ATTR_SCHED_SCAN_MATCH);
13488 if (!matches)
13489 return -ENOBUFS;
13490
13491 for (i = 0; i < req->n_match_sets; i++) {
13492 match = nla_nest_start_noflag(msg, i);
13493 if (!match)
13494 return -ENOBUFS;
13495
13496 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
13497 req->match_sets[i].ssid.ssid_len,
13498 req->match_sets[i].ssid.ssid))
13499 return -ENOBUFS;
13500 nla_nest_end(msg, match);
13501 }
13502 nla_nest_end(msg, matches);
13503 }
13504
13505 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
13506 if (!scan_plans)
13507 return -ENOBUFS;
13508
13509 for (i = 0; i < req->n_scan_plans; i++) {
13510 scan_plan = nla_nest_start_noflag(msg, i + 1);
13511 if (!scan_plan)
13512 return -ENOBUFS;
13513
13514 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
13515 req->scan_plans[i].interval) ||
13516 (req->scan_plans[i].iterations &&
13517 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
13518 req->scan_plans[i].iterations)))
13519 return -ENOBUFS;
13520 nla_nest_end(msg, scan_plan);
13521 }
13522 nla_nest_end(msg, scan_plans);
13523
13524 nla_nest_end(msg, nd);
13525
13526 return 0;
13527 }
13528
nl80211_get_wowlan(struct sk_buff * skb,struct genl_info * info)13529 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
13530 {
13531 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13532 struct sk_buff *msg;
13533 void *hdr;
13534 u32 size = NLMSG_DEFAULT_SIZE;
13535
13536 if (!rdev->wiphy.wowlan)
13537 return -EOPNOTSUPP;
13538
13539 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
13540 /* adjust size to have room for all the data */
13541 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
13542 rdev->wiphy.wowlan_config->tcp->payload_len +
13543 rdev->wiphy.wowlan_config->tcp->wake_len +
13544 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
13545 }
13546
13547 msg = nlmsg_new(size, GFP_KERNEL);
13548 if (!msg)
13549 return -ENOMEM;
13550
13551 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13552 NL80211_CMD_GET_WOWLAN);
13553 if (!hdr)
13554 goto nla_put_failure;
13555
13556 if (rdev->wiphy.wowlan_config) {
13557 struct nlattr *nl_wowlan;
13558
13559 nl_wowlan = nla_nest_start_noflag(msg,
13560 NL80211_ATTR_WOWLAN_TRIGGERS);
13561 if (!nl_wowlan)
13562 goto nla_put_failure;
13563
13564 if ((rdev->wiphy.wowlan_config->any &&
13565 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
13566 (rdev->wiphy.wowlan_config->disconnect &&
13567 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
13568 (rdev->wiphy.wowlan_config->magic_pkt &&
13569 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
13570 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
13571 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
13572 (rdev->wiphy.wowlan_config->eap_identity_req &&
13573 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
13574 (rdev->wiphy.wowlan_config->four_way_handshake &&
13575 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
13576 (rdev->wiphy.wowlan_config->rfkill_release &&
13577 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
13578 goto nla_put_failure;
13579
13580 if (nl80211_send_wowlan_patterns(msg, rdev))
13581 goto nla_put_failure;
13582
13583 if (nl80211_send_wowlan_tcp(msg,
13584 rdev->wiphy.wowlan_config->tcp))
13585 goto nla_put_failure;
13586
13587 if (nl80211_send_wowlan_nd(
13588 msg,
13589 rdev->wiphy.wowlan_config->nd_config))
13590 goto nla_put_failure;
13591
13592 nla_nest_end(msg, nl_wowlan);
13593 }
13594
13595 genlmsg_end(msg, hdr);
13596 return genlmsg_reply(msg, info);
13597
13598 nla_put_failure:
13599 nlmsg_free(msg);
13600 return -ENOBUFS;
13601 }
13602
nl80211_parse_wowlan_tcp(struct cfg80211_registered_device * rdev,struct nlattr * attr,struct cfg80211_wowlan * trig)13603 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
13604 struct nlattr *attr,
13605 struct cfg80211_wowlan *trig)
13606 {
13607 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
13608 struct cfg80211_wowlan_tcp *cfg;
13609 struct nl80211_wowlan_tcp_data_token *tok = NULL;
13610 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
13611 u32 size;
13612 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
13613 int err, port;
13614
13615 if (!rdev->wiphy.wowlan->tcp)
13616 return -EINVAL;
13617
13618 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
13619 nl80211_wowlan_tcp_policy, NULL);
13620 if (err)
13621 return err;
13622
13623 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
13624 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
13625 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
13626 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
13627 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
13628 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
13629 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
13630 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
13631 return -EINVAL;
13632
13633 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
13634 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
13635 return -EINVAL;
13636
13637 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
13638 rdev->wiphy.wowlan->tcp->data_interval_max ||
13639 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
13640 return -EINVAL;
13641
13642 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
13643 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
13644 return -EINVAL;
13645
13646 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
13647 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
13648 return -EINVAL;
13649
13650 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
13651 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13652
13653 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13654 tokens_size = tokln - sizeof(*tok);
13655
13656 if (!tok->len || tokens_size % tok->len)
13657 return -EINVAL;
13658 if (!rdev->wiphy.wowlan->tcp->tok)
13659 return -EINVAL;
13660 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
13661 return -EINVAL;
13662 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
13663 return -EINVAL;
13664 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
13665 return -EINVAL;
13666 if (tok->offset + tok->len > data_size)
13667 return -EINVAL;
13668 }
13669
13670 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
13671 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
13672 if (!rdev->wiphy.wowlan->tcp->seq)
13673 return -EINVAL;
13674 if (seq->len == 0 || seq->len > 4)
13675 return -EINVAL;
13676 if (seq->len + seq->offset > data_size)
13677 return -EINVAL;
13678 }
13679
13680 size = sizeof(*cfg);
13681 size += data_size;
13682 size += wake_size + wake_mask_size;
13683 size += tokens_size;
13684
13685 cfg = kzalloc(size, GFP_KERNEL);
13686 if (!cfg)
13687 return -ENOMEM;
13688 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
13689 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
13690 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
13691 ETH_ALEN);
13692 port = nla_get_u16_default(tb[NL80211_WOWLAN_TCP_SRC_PORT], 0);
13693 #ifdef CONFIG_INET
13694 /* allocate a socket and port for it and use it */
13695 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
13696 IPPROTO_TCP, &cfg->sock, 1);
13697 if (err) {
13698 kfree(cfg);
13699 return err;
13700 }
13701 if (inet_csk_get_port(cfg->sock->sk, port)) {
13702 sock_release(cfg->sock);
13703 kfree(cfg);
13704 return -EADDRINUSE;
13705 }
13706 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
13707 #else
13708 if (!port) {
13709 kfree(cfg);
13710 return -EINVAL;
13711 }
13712 cfg->src_port = port;
13713 #endif
13714
13715 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
13716 cfg->payload_len = data_size;
13717 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
13718 memcpy((void *)cfg->payload,
13719 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
13720 data_size);
13721 if (seq)
13722 cfg->payload_seq = *seq;
13723 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
13724 cfg->wake_len = wake_size;
13725 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
13726 memcpy((void *)cfg->wake_data,
13727 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
13728 wake_size);
13729 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
13730 data_size + wake_size;
13731 memcpy((void *)cfg->wake_mask,
13732 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
13733 wake_mask_size);
13734 if (tok) {
13735 cfg->tokens_size = tokens_size;
13736 cfg->payload_tok = *tok;
13737 memcpy(cfg->payload_tok.token_stream, tok->token_stream,
13738 tokens_size);
13739 }
13740
13741 trig->tcp = cfg;
13742
13743 return 0;
13744 }
13745
nl80211_parse_wowlan_nd(struct cfg80211_registered_device * rdev,const struct wiphy_wowlan_support * wowlan,struct nlattr * attr,struct cfg80211_wowlan * trig)13746 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
13747 const struct wiphy_wowlan_support *wowlan,
13748 struct nlattr *attr,
13749 struct cfg80211_wowlan *trig)
13750 {
13751 struct nlattr **tb;
13752 int err;
13753
13754 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
13755 if (!tb)
13756 return -ENOMEM;
13757
13758 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
13759 err = -EOPNOTSUPP;
13760 goto out;
13761 }
13762
13763 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
13764 nl80211_policy, NULL);
13765 if (err)
13766 goto out;
13767
13768 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
13769 wowlan->max_nd_match_sets);
13770 err = PTR_ERR_OR_ZERO(trig->nd_config);
13771 if (err)
13772 trig->nd_config = NULL;
13773
13774 out:
13775 kfree(tb);
13776 return err;
13777 }
13778
nl80211_set_wowlan(struct sk_buff * skb,struct genl_info * info)13779 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
13780 {
13781 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13782 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
13783 struct cfg80211_wowlan new_triggers = {};
13784 struct cfg80211_wowlan *ntrig;
13785 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
13786 int err, i;
13787 bool prev_enabled = rdev->wiphy.wowlan_config;
13788 bool regular = false;
13789
13790 if (!wowlan)
13791 return -EOPNOTSUPP;
13792
13793 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
13794 cfg80211_rdev_free_wowlan(rdev);
13795 rdev->wiphy.wowlan_config = NULL;
13796 goto set_wakeup;
13797 }
13798
13799 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
13800 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
13801 nl80211_wowlan_policy, info->extack);
13802 if (err)
13803 return err;
13804
13805 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
13806 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
13807 return -EINVAL;
13808 new_triggers.any = true;
13809 }
13810
13811 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
13812 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
13813 return -EINVAL;
13814 new_triggers.disconnect = true;
13815 regular = true;
13816 }
13817
13818 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
13819 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
13820 return -EINVAL;
13821 new_triggers.magic_pkt = true;
13822 regular = true;
13823 }
13824
13825 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
13826 return -EINVAL;
13827
13828 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
13829 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
13830 return -EINVAL;
13831 new_triggers.gtk_rekey_failure = true;
13832 regular = true;
13833 }
13834
13835 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
13836 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
13837 return -EINVAL;
13838 new_triggers.eap_identity_req = true;
13839 regular = true;
13840 }
13841
13842 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
13843 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
13844 return -EINVAL;
13845 new_triggers.four_way_handshake = true;
13846 regular = true;
13847 }
13848
13849 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
13850 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
13851 return -EINVAL;
13852 new_triggers.rfkill_release = true;
13853 regular = true;
13854 }
13855
13856 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
13857 struct nlattr *pat;
13858 int n_patterns = 0;
13859 int rem, pat_len, mask_len, pkt_offset;
13860 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
13861
13862 regular = true;
13863
13864 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13865 rem)
13866 n_patterns++;
13867 if (n_patterns > wowlan->n_patterns)
13868 return -EINVAL;
13869
13870 new_triggers.patterns = kcalloc(n_patterns,
13871 sizeof(new_triggers.patterns[0]),
13872 GFP_KERNEL);
13873 if (!new_triggers.patterns)
13874 return -ENOMEM;
13875
13876 new_triggers.n_patterns = n_patterns;
13877 i = 0;
13878
13879 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13880 rem) {
13881 u8 *mask_pat;
13882
13883 err = nla_parse_nested_deprecated(pat_tb,
13884 MAX_NL80211_PKTPAT,
13885 pat,
13886 nl80211_packet_pattern_policy,
13887 info->extack);
13888 if (err)
13889 goto error;
13890
13891 err = -EINVAL;
13892 if (!pat_tb[NL80211_PKTPAT_MASK] ||
13893 !pat_tb[NL80211_PKTPAT_PATTERN])
13894 goto error;
13895 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
13896 mask_len = DIV_ROUND_UP(pat_len, 8);
13897 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
13898 goto error;
13899 if (pat_len > wowlan->pattern_max_len ||
13900 pat_len < wowlan->pattern_min_len)
13901 goto error;
13902
13903 pkt_offset =
13904 nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
13905 0);
13906 if (pkt_offset > wowlan->max_pkt_offset)
13907 goto error;
13908 new_triggers.patterns[i].pkt_offset = pkt_offset;
13909
13910 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
13911 if (!mask_pat) {
13912 err = -ENOMEM;
13913 goto error;
13914 }
13915 new_triggers.patterns[i].mask = mask_pat;
13916 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
13917 mask_len);
13918 mask_pat += mask_len;
13919 new_triggers.patterns[i].pattern = mask_pat;
13920 new_triggers.patterns[i].pattern_len = pat_len;
13921 memcpy(mask_pat,
13922 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
13923 pat_len);
13924 i++;
13925 }
13926 }
13927
13928 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
13929 regular = true;
13930 err = nl80211_parse_wowlan_tcp(
13931 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
13932 &new_triggers);
13933 if (err)
13934 goto error;
13935 }
13936
13937 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
13938 regular = true;
13939 err = nl80211_parse_wowlan_nd(
13940 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
13941 &new_triggers);
13942 if (err)
13943 goto error;
13944 }
13945
13946 /* The 'any' trigger means the device continues operating more or less
13947 * as in its normal operation mode and wakes up the host on most of the
13948 * normal interrupts (like packet RX, ...)
13949 * It therefore makes little sense to combine with the more constrained
13950 * wakeup trigger modes.
13951 */
13952 if (new_triggers.any && regular) {
13953 err = -EINVAL;
13954 goto error;
13955 }
13956
13957 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
13958 if (!ntrig) {
13959 err = -ENOMEM;
13960 goto error;
13961 }
13962 cfg80211_rdev_free_wowlan(rdev);
13963 rdev->wiphy.wowlan_config = ntrig;
13964
13965 set_wakeup:
13966 if (rdev->ops->set_wakeup &&
13967 prev_enabled != !!rdev->wiphy.wowlan_config)
13968 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
13969
13970 return 0;
13971 error:
13972 for (i = 0; i < new_triggers.n_patterns; i++)
13973 kfree(new_triggers.patterns[i].mask);
13974 kfree(new_triggers.patterns);
13975 if (new_triggers.tcp && new_triggers.tcp->sock)
13976 sock_release(new_triggers.tcp->sock);
13977 kfree(new_triggers.tcp);
13978 kfree(new_triggers.nd_config);
13979 return err;
13980 }
13981 #endif
13982
nl80211_send_coalesce_rules(struct sk_buff * msg,struct cfg80211_registered_device * rdev)13983 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
13984 struct cfg80211_registered_device *rdev)
13985 {
13986 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
13987 int i, j, pat_len;
13988 struct cfg80211_coalesce_rules *rule;
13989
13990 if (!rdev->coalesce->n_rules)
13991 return 0;
13992
13993 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
13994 if (!nl_rules)
13995 return -ENOBUFS;
13996
13997 for (i = 0; i < rdev->coalesce->n_rules; i++) {
13998 nl_rule = nla_nest_start_noflag(msg, i + 1);
13999 if (!nl_rule)
14000 return -ENOBUFS;
14001
14002 rule = &rdev->coalesce->rules[i];
14003 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
14004 rule->delay))
14005 return -ENOBUFS;
14006
14007 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
14008 rule->condition))
14009 return -ENOBUFS;
14010
14011 nl_pats = nla_nest_start_noflag(msg,
14012 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
14013 if (!nl_pats)
14014 return -ENOBUFS;
14015
14016 for (j = 0; j < rule->n_patterns; j++) {
14017 nl_pat = nla_nest_start_noflag(msg, j + 1);
14018 if (!nl_pat)
14019 return -ENOBUFS;
14020 pat_len = rule->patterns[j].pattern_len;
14021 if (nla_put(msg, NL80211_PKTPAT_MASK,
14022 DIV_ROUND_UP(pat_len, 8),
14023 rule->patterns[j].mask) ||
14024 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
14025 rule->patterns[j].pattern) ||
14026 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
14027 rule->patterns[j].pkt_offset))
14028 return -ENOBUFS;
14029 nla_nest_end(msg, nl_pat);
14030 }
14031 nla_nest_end(msg, nl_pats);
14032 nla_nest_end(msg, nl_rule);
14033 }
14034 nla_nest_end(msg, nl_rules);
14035
14036 return 0;
14037 }
14038
nl80211_get_coalesce(struct sk_buff * skb,struct genl_info * info)14039 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
14040 {
14041 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14042 struct sk_buff *msg;
14043 void *hdr;
14044
14045 if (!rdev->wiphy.coalesce)
14046 return -EOPNOTSUPP;
14047
14048 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14049 if (!msg)
14050 return -ENOMEM;
14051
14052 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14053 NL80211_CMD_GET_COALESCE);
14054 if (!hdr)
14055 goto nla_put_failure;
14056
14057 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
14058 goto nla_put_failure;
14059
14060 genlmsg_end(msg, hdr);
14061 return genlmsg_reply(msg, info);
14062
14063 nla_put_failure:
14064 nlmsg_free(msg);
14065 return -ENOBUFS;
14066 }
14067
cfg80211_free_coalesce(struct cfg80211_coalesce * coalesce)14068 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce)
14069 {
14070 int i, j;
14071 struct cfg80211_coalesce_rules *rule;
14072
14073 if (!coalesce)
14074 return;
14075
14076 for (i = 0; i < coalesce->n_rules; i++) {
14077 rule = &coalesce->rules[i];
14078 for (j = 0; j < rule->n_patterns; j++)
14079 kfree(rule->patterns[j].mask);
14080 kfree(rule->patterns);
14081 }
14082 kfree(coalesce);
14083 }
14084
nl80211_parse_coalesce_rule(struct cfg80211_registered_device * rdev,struct nlattr * rule,struct cfg80211_coalesce_rules * new_rule)14085 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
14086 struct nlattr *rule,
14087 struct cfg80211_coalesce_rules *new_rule)
14088 {
14089 int err, i;
14090 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14091 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
14092 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
14093 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
14094
14095 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
14096 rule, nl80211_coalesce_policy, NULL);
14097 if (err)
14098 return err;
14099
14100 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
14101 new_rule->delay =
14102 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
14103 if (new_rule->delay > coalesce->max_delay)
14104 return -EINVAL;
14105
14106 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
14107 new_rule->condition =
14108 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
14109
14110 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
14111 return -EINVAL;
14112
14113 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14114 rem)
14115 n_patterns++;
14116 if (n_patterns > coalesce->n_patterns)
14117 return -EINVAL;
14118
14119 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
14120 GFP_KERNEL);
14121 if (!new_rule->patterns)
14122 return -ENOMEM;
14123
14124 new_rule->n_patterns = n_patterns;
14125 i = 0;
14126
14127 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14128 rem) {
14129 u8 *mask_pat;
14130
14131 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
14132 pat,
14133 nl80211_packet_pattern_policy,
14134 NULL);
14135 if (err)
14136 return err;
14137
14138 if (!pat_tb[NL80211_PKTPAT_MASK] ||
14139 !pat_tb[NL80211_PKTPAT_PATTERN])
14140 return -EINVAL;
14141 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
14142 mask_len = DIV_ROUND_UP(pat_len, 8);
14143 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
14144 return -EINVAL;
14145 if (pat_len > coalesce->pattern_max_len ||
14146 pat_len < coalesce->pattern_min_len)
14147 return -EINVAL;
14148
14149 pkt_offset = nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
14150 0);
14151 if (pkt_offset > coalesce->max_pkt_offset)
14152 return -EINVAL;
14153 new_rule->patterns[i].pkt_offset = pkt_offset;
14154
14155 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
14156 if (!mask_pat)
14157 return -ENOMEM;
14158
14159 new_rule->patterns[i].mask = mask_pat;
14160 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
14161 mask_len);
14162
14163 mask_pat += mask_len;
14164 new_rule->patterns[i].pattern = mask_pat;
14165 new_rule->patterns[i].pattern_len = pat_len;
14166 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
14167 pat_len);
14168 i++;
14169 }
14170
14171 return 0;
14172 }
14173
nl80211_set_coalesce(struct sk_buff * skb,struct genl_info * info)14174 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
14175 {
14176 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14177 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14178 struct cfg80211_coalesce *new_coalesce;
14179 int err, rem_rule, n_rules = 0, i;
14180 struct nlattr *rule;
14181
14182 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
14183 return -EOPNOTSUPP;
14184
14185 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
14186 cfg80211_free_coalesce(rdev->coalesce);
14187 rdev->coalesce = NULL;
14188 rdev_set_coalesce(rdev, NULL);
14189 return 0;
14190 }
14191
14192 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14193 rem_rule)
14194 n_rules++;
14195 if (n_rules > coalesce->n_rules)
14196 return -EINVAL;
14197
14198 new_coalesce = kzalloc(struct_size(new_coalesce, rules, n_rules),
14199 GFP_KERNEL);
14200 if (!new_coalesce)
14201 return -ENOMEM;
14202
14203 new_coalesce->n_rules = n_rules;
14204 i = 0;
14205
14206 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14207 rem_rule) {
14208 err = nl80211_parse_coalesce_rule(rdev, rule,
14209 &new_coalesce->rules[i]);
14210 if (err)
14211 goto error;
14212
14213 i++;
14214 }
14215
14216 err = rdev_set_coalesce(rdev, new_coalesce);
14217 if (err)
14218 goto error;
14219
14220 cfg80211_free_coalesce(rdev->coalesce);
14221 rdev->coalesce = new_coalesce;
14222
14223 return 0;
14224 error:
14225 cfg80211_free_coalesce(new_coalesce);
14226
14227 return err;
14228 }
14229
nl80211_set_rekey_data(struct sk_buff * skb,struct genl_info * info)14230 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
14231 {
14232 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14233 struct net_device *dev = info->user_ptr[1];
14234 struct wireless_dev *wdev = dev->ieee80211_ptr;
14235 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
14236 struct cfg80211_gtk_rekey_data rekey_data = {};
14237 int err;
14238
14239 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
14240 return -EINVAL;
14241
14242 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
14243 info->attrs[NL80211_ATTR_REKEY_DATA],
14244 nl80211_rekey_policy, info->extack);
14245 if (err)
14246 return err;
14247
14248 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
14249 !tb[NL80211_REKEY_DATA_KCK])
14250 return -EINVAL;
14251 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
14252 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14253 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
14254 return -ERANGE;
14255 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
14256 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14257 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
14258 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
14259 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
14260 return -ERANGE;
14261
14262 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
14263 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
14264 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
14265 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
14266 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
14267 if (tb[NL80211_REKEY_DATA_AKM])
14268 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
14269
14270 if (!wdev->connected)
14271 return -ENOTCONN;
14272
14273 if (!rdev->ops->set_rekey_data)
14274 return -EOPNOTSUPP;
14275
14276 return rdev_set_rekey_data(rdev, dev, &rekey_data);
14277 }
14278
nl80211_register_unexpected_frame(struct sk_buff * skb,struct genl_info * info)14279 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
14280 struct genl_info *info)
14281 {
14282 struct net_device *dev = info->user_ptr[1];
14283 struct wireless_dev *wdev = dev->ieee80211_ptr;
14284
14285 if (wdev->iftype != NL80211_IFTYPE_AP &&
14286 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14287 return -EINVAL;
14288
14289 if (wdev->ap_unexpected_nlportid)
14290 return -EBUSY;
14291
14292 wdev->ap_unexpected_nlportid = info->snd_portid;
14293 return 0;
14294 }
14295
nl80211_probe_client(struct sk_buff * skb,struct genl_info * info)14296 static int nl80211_probe_client(struct sk_buff *skb,
14297 struct genl_info *info)
14298 {
14299 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14300 struct net_device *dev = info->user_ptr[1];
14301 struct wireless_dev *wdev = dev->ieee80211_ptr;
14302 struct sk_buff *msg;
14303 void *hdr;
14304 const u8 *addr;
14305 u64 cookie;
14306 int err;
14307
14308 if (wdev->iftype != NL80211_IFTYPE_AP &&
14309 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14310 return -EOPNOTSUPP;
14311
14312 if (!info->attrs[NL80211_ATTR_MAC])
14313 return -EINVAL;
14314
14315 if (!rdev->ops->probe_client)
14316 return -EOPNOTSUPP;
14317
14318 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14319 if (!msg)
14320 return -ENOMEM;
14321
14322 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14323 NL80211_CMD_PROBE_CLIENT);
14324 if (!hdr) {
14325 err = -ENOBUFS;
14326 goto free_msg;
14327 }
14328
14329 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14330
14331 err = rdev_probe_client(rdev, dev, addr, &cookie);
14332 if (err)
14333 goto free_msg;
14334
14335 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14336 NL80211_ATTR_PAD))
14337 goto nla_put_failure;
14338
14339 genlmsg_end(msg, hdr);
14340
14341 return genlmsg_reply(msg, info);
14342
14343 nla_put_failure:
14344 err = -ENOBUFS;
14345 free_msg:
14346 nlmsg_free(msg);
14347 return err;
14348 }
14349
nl80211_register_beacons(struct sk_buff * skb,struct genl_info * info)14350 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
14351 {
14352 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14353 struct cfg80211_beacon_registration *reg, *nreg;
14354 int rv;
14355
14356 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
14357 return -EOPNOTSUPP;
14358
14359 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
14360 if (!nreg)
14361 return -ENOMEM;
14362
14363 /* First, check if already registered. */
14364 spin_lock_bh(&rdev->beacon_registrations_lock);
14365 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14366 if (reg->nlportid == info->snd_portid) {
14367 rv = -EALREADY;
14368 goto out_err;
14369 }
14370 }
14371 /* Add it to the list */
14372 nreg->nlportid = info->snd_portid;
14373 list_add(&nreg->list, &rdev->beacon_registrations);
14374
14375 spin_unlock_bh(&rdev->beacon_registrations_lock);
14376
14377 return 0;
14378 out_err:
14379 spin_unlock_bh(&rdev->beacon_registrations_lock);
14380 kfree(nreg);
14381 return rv;
14382 }
14383
nl80211_start_p2p_device(struct sk_buff * skb,struct genl_info * info)14384 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
14385 {
14386 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14387 struct wireless_dev *wdev = info->user_ptr[1];
14388 int err;
14389
14390 if (!rdev->ops->start_p2p_device)
14391 return -EOPNOTSUPP;
14392
14393 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14394 return -EOPNOTSUPP;
14395
14396 if (wdev_running(wdev))
14397 return 0;
14398
14399 if (rfkill_blocked(rdev->wiphy.rfkill))
14400 return -ERFKILL;
14401
14402 err = rdev_start_p2p_device(rdev, wdev);
14403 if (err)
14404 return err;
14405
14406 wdev->is_running = true;
14407 rdev->opencount++;
14408
14409 return 0;
14410 }
14411
nl80211_stop_p2p_device(struct sk_buff * skb,struct genl_info * info)14412 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
14413 {
14414 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14415 struct wireless_dev *wdev = info->user_ptr[1];
14416
14417 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14418 return -EOPNOTSUPP;
14419
14420 if (!rdev->ops->stop_p2p_device)
14421 return -EOPNOTSUPP;
14422
14423 cfg80211_stop_p2p_device(rdev, wdev);
14424
14425 return 0;
14426 }
14427
nl80211_start_nan(struct sk_buff * skb,struct genl_info * info)14428 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
14429 {
14430 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14431 struct wireless_dev *wdev = info->user_ptr[1];
14432 struct cfg80211_nan_conf conf = {};
14433 int err;
14434
14435 if (wdev->iftype != NL80211_IFTYPE_NAN)
14436 return -EOPNOTSUPP;
14437
14438 if (wdev_running(wdev))
14439 return -EEXIST;
14440
14441 if (rfkill_blocked(rdev->wiphy.rfkill))
14442 return -ERFKILL;
14443
14444 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
14445 return -EINVAL;
14446
14447 conf.master_pref =
14448 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14449
14450 if (info->attrs[NL80211_ATTR_BANDS]) {
14451 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14452
14453 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14454 return -EOPNOTSUPP;
14455
14456 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14457 return -EINVAL;
14458
14459 conf.bands = bands;
14460 }
14461
14462 err = rdev_start_nan(rdev, wdev, &conf);
14463 if (err)
14464 return err;
14465
14466 wdev->is_running = true;
14467 rdev->opencount++;
14468
14469 return 0;
14470 }
14471
nl80211_stop_nan(struct sk_buff * skb,struct genl_info * info)14472 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
14473 {
14474 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14475 struct wireless_dev *wdev = info->user_ptr[1];
14476
14477 if (wdev->iftype != NL80211_IFTYPE_NAN)
14478 return -EOPNOTSUPP;
14479
14480 cfg80211_stop_nan(rdev, wdev);
14481
14482 return 0;
14483 }
14484
validate_nan_filter(struct nlattr * filter_attr)14485 static int validate_nan_filter(struct nlattr *filter_attr)
14486 {
14487 struct nlattr *attr;
14488 int len = 0, n_entries = 0, rem;
14489
14490 nla_for_each_nested(attr, filter_attr, rem) {
14491 len += nla_len(attr);
14492 n_entries++;
14493 }
14494
14495 if (len >= U8_MAX)
14496 return -EINVAL;
14497
14498 return n_entries;
14499 }
14500
handle_nan_filter(struct nlattr * attr_filter,struct cfg80211_nan_func * func,bool tx)14501 static int handle_nan_filter(struct nlattr *attr_filter,
14502 struct cfg80211_nan_func *func,
14503 bool tx)
14504 {
14505 struct nlattr *attr;
14506 int n_entries, rem, i;
14507 struct cfg80211_nan_func_filter *filter;
14508
14509 n_entries = validate_nan_filter(attr_filter);
14510 if (n_entries < 0)
14511 return n_entries;
14512
14513 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
14514
14515 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
14516 if (!filter)
14517 return -ENOMEM;
14518
14519 i = 0;
14520 nla_for_each_nested(attr, attr_filter, rem) {
14521 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
14522 if (!filter[i].filter)
14523 goto err;
14524
14525 filter[i].len = nla_len(attr);
14526 i++;
14527 }
14528 if (tx) {
14529 func->num_tx_filters = n_entries;
14530 func->tx_filters = filter;
14531 } else {
14532 func->num_rx_filters = n_entries;
14533 func->rx_filters = filter;
14534 }
14535
14536 return 0;
14537
14538 err:
14539 i = 0;
14540 nla_for_each_nested(attr, attr_filter, rem) {
14541 kfree(filter[i].filter);
14542 i++;
14543 }
14544 kfree(filter);
14545 return -ENOMEM;
14546 }
14547
nl80211_nan_add_func(struct sk_buff * skb,struct genl_info * info)14548 static int nl80211_nan_add_func(struct sk_buff *skb,
14549 struct genl_info *info)
14550 {
14551 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14552 struct wireless_dev *wdev = info->user_ptr[1];
14553 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
14554 struct cfg80211_nan_func *func;
14555 struct sk_buff *msg = NULL;
14556 void *hdr = NULL;
14557 int err = 0;
14558
14559 if (wdev->iftype != NL80211_IFTYPE_NAN)
14560 return -EOPNOTSUPP;
14561
14562 if (!wdev_running(wdev))
14563 return -ENOTCONN;
14564
14565 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
14566 return -EINVAL;
14567
14568 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
14569 info->attrs[NL80211_ATTR_NAN_FUNC],
14570 nl80211_nan_func_policy,
14571 info->extack);
14572 if (err)
14573 return err;
14574
14575 func = kzalloc(sizeof(*func), GFP_KERNEL);
14576 if (!func)
14577 return -ENOMEM;
14578
14579 func->cookie = cfg80211_assign_cookie(rdev);
14580
14581 if (!tb[NL80211_NAN_FUNC_TYPE]) {
14582 err = -EINVAL;
14583 goto out;
14584 }
14585
14586
14587 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
14588
14589 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
14590 err = -EINVAL;
14591 goto out;
14592 }
14593
14594 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
14595 sizeof(func->service_id));
14596
14597 func->close_range =
14598 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
14599
14600 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
14601 func->serv_spec_info_len =
14602 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
14603 func->serv_spec_info =
14604 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
14605 func->serv_spec_info_len,
14606 GFP_KERNEL);
14607 if (!func->serv_spec_info) {
14608 err = -ENOMEM;
14609 goto out;
14610 }
14611 }
14612
14613 if (tb[NL80211_NAN_FUNC_TTL])
14614 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
14615
14616 switch (func->type) {
14617 case NL80211_NAN_FUNC_PUBLISH:
14618 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
14619 err = -EINVAL;
14620 goto out;
14621 }
14622
14623 func->publish_type =
14624 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
14625 func->publish_bcast =
14626 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
14627
14628 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
14629 func->publish_bcast) {
14630 err = -EINVAL;
14631 goto out;
14632 }
14633 break;
14634 case NL80211_NAN_FUNC_SUBSCRIBE:
14635 func->subscribe_active =
14636 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
14637 break;
14638 case NL80211_NAN_FUNC_FOLLOW_UP:
14639 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
14640 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
14641 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
14642 err = -EINVAL;
14643 goto out;
14644 }
14645
14646 func->followup_id =
14647 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
14648 func->followup_reqid =
14649 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
14650 memcpy(func->followup_dest.addr,
14651 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
14652 sizeof(func->followup_dest.addr));
14653 if (func->ttl) {
14654 err = -EINVAL;
14655 goto out;
14656 }
14657 break;
14658 default:
14659 err = -EINVAL;
14660 goto out;
14661 }
14662
14663 if (tb[NL80211_NAN_FUNC_SRF]) {
14664 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
14665
14666 err = nla_parse_nested_deprecated(srf_tb,
14667 NL80211_NAN_SRF_ATTR_MAX,
14668 tb[NL80211_NAN_FUNC_SRF],
14669 nl80211_nan_srf_policy,
14670 info->extack);
14671 if (err)
14672 goto out;
14673
14674 func->srf_include =
14675 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
14676
14677 if (srf_tb[NL80211_NAN_SRF_BF]) {
14678 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
14679 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
14680 err = -EINVAL;
14681 goto out;
14682 }
14683
14684 func->srf_bf_len =
14685 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
14686 func->srf_bf =
14687 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
14688 func->srf_bf_len, GFP_KERNEL);
14689 if (!func->srf_bf) {
14690 err = -ENOMEM;
14691 goto out;
14692 }
14693
14694 func->srf_bf_idx =
14695 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
14696 } else {
14697 struct nlattr *attr, *mac_attr =
14698 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
14699 int n_entries, rem, i = 0;
14700
14701 if (!mac_attr) {
14702 err = -EINVAL;
14703 goto out;
14704 }
14705
14706 n_entries = validate_acl_mac_addrs(mac_attr);
14707 if (n_entries <= 0) {
14708 err = -EINVAL;
14709 goto out;
14710 }
14711
14712 func->srf_num_macs = n_entries;
14713 func->srf_macs =
14714 kcalloc(n_entries, sizeof(*func->srf_macs),
14715 GFP_KERNEL);
14716 if (!func->srf_macs) {
14717 err = -ENOMEM;
14718 goto out;
14719 }
14720
14721 nla_for_each_nested(attr, mac_attr, rem)
14722 memcpy(func->srf_macs[i++].addr, nla_data(attr),
14723 sizeof(*func->srf_macs));
14724 }
14725 }
14726
14727 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
14728 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
14729 func, true);
14730 if (err)
14731 goto out;
14732 }
14733
14734 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
14735 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
14736 func, false);
14737 if (err)
14738 goto out;
14739 }
14740
14741 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14742 if (!msg) {
14743 err = -ENOMEM;
14744 goto out;
14745 }
14746
14747 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14748 NL80211_CMD_ADD_NAN_FUNCTION);
14749 /* This can't really happen - we just allocated 4KB */
14750 if (WARN_ON(!hdr)) {
14751 err = -ENOMEM;
14752 goto out;
14753 }
14754
14755 err = rdev_add_nan_func(rdev, wdev, func);
14756 out:
14757 if (err < 0) {
14758 cfg80211_free_nan_func(func);
14759 nlmsg_free(msg);
14760 return err;
14761 }
14762
14763 /* propagate the instance id and cookie to userspace */
14764 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
14765 NL80211_ATTR_PAD))
14766 goto nla_put_failure;
14767
14768 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14769 if (!func_attr)
14770 goto nla_put_failure;
14771
14772 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
14773 func->instance_id))
14774 goto nla_put_failure;
14775
14776 nla_nest_end(msg, func_attr);
14777
14778 genlmsg_end(msg, hdr);
14779 return genlmsg_reply(msg, info);
14780
14781 nla_put_failure:
14782 nlmsg_free(msg);
14783 return -ENOBUFS;
14784 }
14785
nl80211_nan_del_func(struct sk_buff * skb,struct genl_info * info)14786 static int nl80211_nan_del_func(struct sk_buff *skb,
14787 struct genl_info *info)
14788 {
14789 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14790 struct wireless_dev *wdev = info->user_ptr[1];
14791 u64 cookie;
14792
14793 if (wdev->iftype != NL80211_IFTYPE_NAN)
14794 return -EOPNOTSUPP;
14795
14796 if (!wdev_running(wdev))
14797 return -ENOTCONN;
14798
14799 if (!info->attrs[NL80211_ATTR_COOKIE])
14800 return -EINVAL;
14801
14802 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14803
14804 rdev_del_nan_func(rdev, wdev, cookie);
14805
14806 return 0;
14807 }
14808
nl80211_nan_change_config(struct sk_buff * skb,struct genl_info * info)14809 static int nl80211_nan_change_config(struct sk_buff *skb,
14810 struct genl_info *info)
14811 {
14812 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14813 struct wireless_dev *wdev = info->user_ptr[1];
14814 struct cfg80211_nan_conf conf = {};
14815 u32 changed = 0;
14816
14817 if (wdev->iftype != NL80211_IFTYPE_NAN)
14818 return -EOPNOTSUPP;
14819
14820 if (!wdev_running(wdev))
14821 return -ENOTCONN;
14822
14823 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
14824 conf.master_pref =
14825 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14826 if (conf.master_pref <= 1 || conf.master_pref == 255)
14827 return -EINVAL;
14828
14829 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
14830 }
14831
14832 if (info->attrs[NL80211_ATTR_BANDS]) {
14833 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14834
14835 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14836 return -EOPNOTSUPP;
14837
14838 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14839 return -EINVAL;
14840
14841 conf.bands = bands;
14842 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
14843 }
14844
14845 if (!changed)
14846 return -EINVAL;
14847
14848 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
14849 }
14850
cfg80211_nan_match(struct wireless_dev * wdev,struct cfg80211_nan_match_params * match,gfp_t gfp)14851 void cfg80211_nan_match(struct wireless_dev *wdev,
14852 struct cfg80211_nan_match_params *match, gfp_t gfp)
14853 {
14854 struct wiphy *wiphy = wdev->wiphy;
14855 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14856 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
14857 struct sk_buff *msg;
14858 void *hdr;
14859
14860 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
14861 return;
14862
14863 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14864 if (!msg)
14865 return;
14866
14867 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
14868 if (!hdr) {
14869 nlmsg_free(msg);
14870 return;
14871 }
14872
14873 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14874 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14875 wdev->netdev->ifindex)) ||
14876 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14877 NL80211_ATTR_PAD))
14878 goto nla_put_failure;
14879
14880 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
14881 NL80211_ATTR_PAD) ||
14882 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
14883 goto nla_put_failure;
14884
14885 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
14886 if (!match_attr)
14887 goto nla_put_failure;
14888
14889 local_func_attr = nla_nest_start_noflag(msg,
14890 NL80211_NAN_MATCH_FUNC_LOCAL);
14891 if (!local_func_attr)
14892 goto nla_put_failure;
14893
14894 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
14895 goto nla_put_failure;
14896
14897 nla_nest_end(msg, local_func_attr);
14898
14899 peer_func_attr = nla_nest_start_noflag(msg,
14900 NL80211_NAN_MATCH_FUNC_PEER);
14901 if (!peer_func_attr)
14902 goto nla_put_failure;
14903
14904 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
14905 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
14906 goto nla_put_failure;
14907
14908 if (match->info && match->info_len &&
14909 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
14910 match->info))
14911 goto nla_put_failure;
14912
14913 nla_nest_end(msg, peer_func_attr);
14914 nla_nest_end(msg, match_attr);
14915 genlmsg_end(msg, hdr);
14916
14917 if (!wdev->owner_nlportid)
14918 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14919 msg, 0, NL80211_MCGRP_NAN, gfp);
14920 else
14921 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14922 wdev->owner_nlportid);
14923
14924 return;
14925
14926 nla_put_failure:
14927 nlmsg_free(msg);
14928 }
14929 EXPORT_SYMBOL(cfg80211_nan_match);
14930
cfg80211_nan_func_terminated(struct wireless_dev * wdev,u8 inst_id,enum nl80211_nan_func_term_reason reason,u64 cookie,gfp_t gfp)14931 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
14932 u8 inst_id,
14933 enum nl80211_nan_func_term_reason reason,
14934 u64 cookie, gfp_t gfp)
14935 {
14936 struct wiphy *wiphy = wdev->wiphy;
14937 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14938 struct sk_buff *msg;
14939 struct nlattr *func_attr;
14940 void *hdr;
14941
14942 if (WARN_ON(!inst_id))
14943 return;
14944
14945 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14946 if (!msg)
14947 return;
14948
14949 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
14950 if (!hdr) {
14951 nlmsg_free(msg);
14952 return;
14953 }
14954
14955 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14956 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14957 wdev->netdev->ifindex)) ||
14958 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14959 NL80211_ATTR_PAD))
14960 goto nla_put_failure;
14961
14962 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14963 NL80211_ATTR_PAD))
14964 goto nla_put_failure;
14965
14966 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14967 if (!func_attr)
14968 goto nla_put_failure;
14969
14970 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
14971 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
14972 goto nla_put_failure;
14973
14974 nla_nest_end(msg, func_attr);
14975 genlmsg_end(msg, hdr);
14976
14977 if (!wdev->owner_nlportid)
14978 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14979 msg, 0, NL80211_MCGRP_NAN, gfp);
14980 else
14981 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14982 wdev->owner_nlportid);
14983
14984 return;
14985
14986 nla_put_failure:
14987 nlmsg_free(msg);
14988 }
14989 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
14990
nl80211_get_protocol_features(struct sk_buff * skb,struct genl_info * info)14991 static int nl80211_get_protocol_features(struct sk_buff *skb,
14992 struct genl_info *info)
14993 {
14994 void *hdr;
14995 struct sk_buff *msg;
14996
14997 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14998 if (!msg)
14999 return -ENOMEM;
15000
15001 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15002 NL80211_CMD_GET_PROTOCOL_FEATURES);
15003 if (!hdr)
15004 goto nla_put_failure;
15005
15006 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
15007 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
15008 goto nla_put_failure;
15009
15010 genlmsg_end(msg, hdr);
15011 return genlmsg_reply(msg, info);
15012
15013 nla_put_failure:
15014 kfree_skb(msg);
15015 return -ENOBUFS;
15016 }
15017
nl80211_update_ft_ies(struct sk_buff * skb,struct genl_info * info)15018 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
15019 {
15020 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15021 struct cfg80211_update_ft_ies_params ft_params;
15022 struct net_device *dev = info->user_ptr[1];
15023
15024 if (!rdev->ops->update_ft_ies)
15025 return -EOPNOTSUPP;
15026
15027 if (!info->attrs[NL80211_ATTR_MDID] ||
15028 !info->attrs[NL80211_ATTR_IE])
15029 return -EINVAL;
15030
15031 memset(&ft_params, 0, sizeof(ft_params));
15032 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
15033 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15034 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15035
15036 return rdev_update_ft_ies(rdev, dev, &ft_params);
15037 }
15038
nl80211_crit_protocol_start(struct sk_buff * skb,struct genl_info * info)15039 static int nl80211_crit_protocol_start(struct sk_buff *skb,
15040 struct genl_info *info)
15041 {
15042 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15043 struct wireless_dev *wdev = info->user_ptr[1];
15044 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
15045 u16 duration;
15046 int ret;
15047
15048 if (!rdev->ops->crit_proto_start)
15049 return -EOPNOTSUPP;
15050
15051 if (WARN_ON(!rdev->ops->crit_proto_stop))
15052 return -EINVAL;
15053
15054 if (rdev->crit_proto_nlportid)
15055 return -EBUSY;
15056
15057 /* determine protocol if provided */
15058 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
15059 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
15060
15061 if (proto >= NUM_NL80211_CRIT_PROTO)
15062 return -EINVAL;
15063
15064 /* timeout must be provided */
15065 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
15066 return -EINVAL;
15067
15068 duration =
15069 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
15070
15071 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
15072 if (!ret)
15073 rdev->crit_proto_nlportid = info->snd_portid;
15074
15075 return ret;
15076 }
15077
nl80211_crit_protocol_stop(struct sk_buff * skb,struct genl_info * info)15078 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
15079 struct genl_info *info)
15080 {
15081 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15082 struct wireless_dev *wdev = info->user_ptr[1];
15083
15084 if (!rdev->ops->crit_proto_stop)
15085 return -EOPNOTSUPP;
15086
15087 if (rdev->crit_proto_nlportid) {
15088 rdev->crit_proto_nlportid = 0;
15089 rdev_crit_proto_stop(rdev, wdev);
15090 }
15091 return 0;
15092 }
15093
nl80211_vendor_check_policy(const struct wiphy_vendor_command * vcmd,struct nlattr * attr,struct netlink_ext_ack * extack)15094 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
15095 struct nlattr *attr,
15096 struct netlink_ext_ack *extack)
15097 {
15098 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
15099 if (attr->nla_type & NLA_F_NESTED) {
15100 NL_SET_ERR_MSG_ATTR(extack, attr,
15101 "unexpected nested data");
15102 return -EINVAL;
15103 }
15104
15105 return 0;
15106 }
15107
15108 if (!(attr->nla_type & NLA_F_NESTED)) {
15109 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
15110 return -EINVAL;
15111 }
15112
15113 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
15114 }
15115
nl80211_vendor_cmd(struct sk_buff * skb,struct genl_info * info)15116 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
15117 {
15118 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15119 struct wireless_dev *wdev =
15120 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
15121 info->attrs);
15122 int i, err;
15123 u32 vid, subcmd;
15124
15125 if (!rdev->wiphy.vendor_commands)
15126 return -EOPNOTSUPP;
15127
15128 if (IS_ERR(wdev)) {
15129 err = PTR_ERR(wdev);
15130 if (err != -EINVAL)
15131 return err;
15132 wdev = NULL;
15133 } else if (wdev->wiphy != &rdev->wiphy) {
15134 return -EINVAL;
15135 }
15136
15137 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
15138 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
15139 return -EINVAL;
15140
15141 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
15142 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
15143 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
15144 const struct wiphy_vendor_command *vcmd;
15145 void *data = NULL;
15146 int len = 0;
15147
15148 vcmd = &rdev->wiphy.vendor_commands[i];
15149
15150 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15151 continue;
15152
15153 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15154 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15155 if (!wdev)
15156 return -EINVAL;
15157 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15158 !wdev->netdev)
15159 return -EINVAL;
15160
15161 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15162 if (!wdev_running(wdev))
15163 return -ENETDOWN;
15164 }
15165 } else {
15166 wdev = NULL;
15167 }
15168
15169 if (!vcmd->doit)
15170 return -EOPNOTSUPP;
15171
15172 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
15173 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15174 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15175
15176 err = nl80211_vendor_check_policy(vcmd,
15177 info->attrs[NL80211_ATTR_VENDOR_DATA],
15178 info->extack);
15179 if (err)
15180 return err;
15181 }
15182
15183 rdev->cur_cmd_info = info;
15184 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
15185 rdev->cur_cmd_info = NULL;
15186 return err;
15187 }
15188
15189 return -EOPNOTSUPP;
15190 }
15191
nl80211_prepare_vendor_dump(struct sk_buff * skb,struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)15192 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
15193 struct netlink_callback *cb,
15194 struct cfg80211_registered_device **rdev,
15195 struct wireless_dev **wdev)
15196 {
15197 struct nlattr **attrbuf;
15198 u32 vid, subcmd;
15199 unsigned int i;
15200 int vcmd_idx = -1;
15201 int err;
15202 void *data = NULL;
15203 unsigned int data_len = 0;
15204
15205 if (cb->args[0]) {
15206 /* subtract the 1 again here */
15207 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
15208 struct wireless_dev *tmp;
15209
15210 if (!wiphy)
15211 return -ENODEV;
15212 *rdev = wiphy_to_rdev(wiphy);
15213 *wdev = NULL;
15214
15215 if (cb->args[1]) {
15216 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
15217 if (tmp->identifier == cb->args[1] - 1) {
15218 *wdev = tmp;
15219 break;
15220 }
15221 }
15222 }
15223
15224 /* keep rtnl locked in successful case */
15225 return 0;
15226 }
15227
15228 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
15229 if (!attrbuf)
15230 return -ENOMEM;
15231
15232 err = nlmsg_parse_deprecated(cb->nlh,
15233 GENL_HDRLEN + nl80211_fam.hdrsize,
15234 attrbuf, nl80211_fam.maxattr,
15235 nl80211_policy, NULL);
15236 if (err)
15237 goto out;
15238
15239 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
15240 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
15241 err = -EINVAL;
15242 goto out;
15243 }
15244
15245 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
15246 if (IS_ERR(*wdev))
15247 *wdev = NULL;
15248
15249 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
15250 if (IS_ERR(*rdev)) {
15251 err = PTR_ERR(*rdev);
15252 goto out;
15253 }
15254
15255 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
15256 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
15257
15258 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
15259 const struct wiphy_vendor_command *vcmd;
15260
15261 vcmd = &(*rdev)->wiphy.vendor_commands[i];
15262
15263 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15264 continue;
15265
15266 if (!vcmd->dumpit) {
15267 err = -EOPNOTSUPP;
15268 goto out;
15269 }
15270
15271 vcmd_idx = i;
15272 break;
15273 }
15274
15275 if (vcmd_idx < 0) {
15276 err = -EOPNOTSUPP;
15277 goto out;
15278 }
15279
15280 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
15281 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15282 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15283
15284 err = nl80211_vendor_check_policy(
15285 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
15286 attrbuf[NL80211_ATTR_VENDOR_DATA],
15287 cb->extack);
15288 if (err)
15289 goto out;
15290 }
15291
15292 /* 0 is the first index - add 1 to parse only once */
15293 cb->args[0] = (*rdev)->wiphy_idx + 1;
15294 /* add 1 to know if it was NULL */
15295 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
15296 cb->args[2] = vcmd_idx;
15297 cb->args[3] = (unsigned long)data;
15298 cb->args[4] = data_len;
15299
15300 /* keep rtnl locked in successful case */
15301 err = 0;
15302 out:
15303 kfree(attrbuf);
15304 return err;
15305 }
15306
nl80211_vendor_cmd_dump(struct sk_buff * skb,struct netlink_callback * cb)15307 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
15308 struct netlink_callback *cb)
15309 {
15310 struct cfg80211_registered_device *rdev;
15311 struct wireless_dev *wdev;
15312 unsigned int vcmd_idx;
15313 const struct wiphy_vendor_command *vcmd;
15314 void *data;
15315 int data_len;
15316 int err;
15317 struct nlattr *vendor_data;
15318
15319 rtnl_lock();
15320 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
15321 if (err)
15322 goto out;
15323
15324 vcmd_idx = cb->args[2];
15325 data = (void *)cb->args[3];
15326 data_len = cb->args[4];
15327 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
15328
15329 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15330 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15331 if (!wdev) {
15332 err = -EINVAL;
15333 goto out;
15334 }
15335 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15336 !wdev->netdev) {
15337 err = -EINVAL;
15338 goto out;
15339 }
15340
15341 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15342 if (!wdev_running(wdev)) {
15343 err = -ENETDOWN;
15344 goto out;
15345 }
15346 }
15347 }
15348
15349 while (1) {
15350 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
15351 cb->nlh->nlmsg_seq, NLM_F_MULTI,
15352 NL80211_CMD_VENDOR);
15353 if (!hdr)
15354 break;
15355
15356 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15357 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
15358 wdev_id(wdev),
15359 NL80211_ATTR_PAD))) {
15360 genlmsg_cancel(skb, hdr);
15361 break;
15362 }
15363
15364 vendor_data = nla_nest_start_noflag(skb,
15365 NL80211_ATTR_VENDOR_DATA);
15366 if (!vendor_data) {
15367 genlmsg_cancel(skb, hdr);
15368 break;
15369 }
15370
15371 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
15372 (unsigned long *)&cb->args[5]);
15373 nla_nest_end(skb, vendor_data);
15374
15375 if (err == -ENOBUFS || err == -ENOENT) {
15376 genlmsg_cancel(skb, hdr);
15377 break;
15378 } else if (err <= 0) {
15379 genlmsg_cancel(skb, hdr);
15380 goto out;
15381 }
15382
15383 genlmsg_end(skb, hdr);
15384 }
15385
15386 err = skb->len;
15387 out:
15388 rtnl_unlock();
15389 return err;
15390 }
15391
__cfg80211_alloc_reply_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int approxlen)15392 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
15393 enum nl80211_commands cmd,
15394 enum nl80211_attrs attr,
15395 int approxlen)
15396 {
15397 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15398
15399 if (WARN_ON(!rdev->cur_cmd_info))
15400 return NULL;
15401
15402 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
15403 rdev->cur_cmd_info->snd_portid,
15404 rdev->cur_cmd_info->snd_seq,
15405 cmd, attr, NULL, GFP_KERNEL);
15406 }
15407 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
15408
cfg80211_vendor_cmd_reply(struct sk_buff * skb)15409 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
15410 {
15411 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
15412 void *hdr = ((void **)skb->cb)[1];
15413 struct nlattr *data = ((void **)skb->cb)[2];
15414
15415 /* clear CB data for netlink core to own from now on */
15416 memset(skb->cb, 0, sizeof(skb->cb));
15417
15418 if (WARN_ON(!rdev->cur_cmd_info)) {
15419 kfree_skb(skb);
15420 return -EINVAL;
15421 }
15422
15423 nla_nest_end(skb, data);
15424 genlmsg_end(skb, hdr);
15425 return genlmsg_reply(skb, rdev->cur_cmd_info);
15426 }
15427 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
15428
cfg80211_vendor_cmd_get_sender(struct wiphy * wiphy)15429 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
15430 {
15431 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15432
15433 if (WARN_ON(!rdev->cur_cmd_info))
15434 return 0;
15435
15436 return rdev->cur_cmd_info->snd_portid;
15437 }
15438 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
15439
nl80211_set_qos_map(struct sk_buff * skb,struct genl_info * info)15440 static int nl80211_set_qos_map(struct sk_buff *skb,
15441 struct genl_info *info)
15442 {
15443 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15444 struct cfg80211_qos_map *qos_map = NULL;
15445 struct net_device *dev = info->user_ptr[1];
15446 u8 *pos, len, num_des, des_len, des;
15447 int ret;
15448
15449 if (!rdev->ops->set_qos_map)
15450 return -EOPNOTSUPP;
15451
15452 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
15453 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
15454 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
15455
15456 if (len % 2)
15457 return -EINVAL;
15458
15459 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
15460 if (!qos_map)
15461 return -ENOMEM;
15462
15463 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
15464 if (num_des) {
15465 des_len = num_des *
15466 sizeof(struct cfg80211_dscp_exception);
15467 memcpy(qos_map->dscp_exception, pos, des_len);
15468 qos_map->num_des = num_des;
15469 for (des = 0; des < num_des; des++) {
15470 if (qos_map->dscp_exception[des].up > 7) {
15471 kfree(qos_map);
15472 return -EINVAL;
15473 }
15474 }
15475 pos += des_len;
15476 }
15477 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
15478 }
15479
15480 ret = nl80211_key_allowed(dev->ieee80211_ptr);
15481 if (!ret)
15482 ret = rdev_set_qos_map(rdev, dev, qos_map);
15483
15484 kfree(qos_map);
15485 return ret;
15486 }
15487
nl80211_add_tx_ts(struct sk_buff * skb,struct genl_info * info)15488 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
15489 {
15490 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15491 struct net_device *dev = info->user_ptr[1];
15492 struct wireless_dev *wdev = dev->ieee80211_ptr;
15493 const u8 *peer;
15494 u8 tsid, up;
15495 u16 admitted_time = 0;
15496
15497 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
15498 return -EOPNOTSUPP;
15499
15500 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
15501 !info->attrs[NL80211_ATTR_USER_PRIO])
15502 return -EINVAL;
15503
15504 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15505 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
15506
15507 /* WMM uses TIDs 0-7 even for TSPEC */
15508 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
15509 /* TODO: handle 802.11 TSPEC/admission control
15510 * need more attributes for that (e.g. BA session requirement);
15511 * change the WMM admission test above to allow both then
15512 */
15513 return -EINVAL;
15514 }
15515
15516 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15517
15518 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
15519 admitted_time =
15520 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
15521 if (!admitted_time)
15522 return -EINVAL;
15523 }
15524
15525 switch (wdev->iftype) {
15526 case NL80211_IFTYPE_STATION:
15527 case NL80211_IFTYPE_P2P_CLIENT:
15528 if (wdev->connected)
15529 break;
15530 return -ENOTCONN;
15531 default:
15532 return -EOPNOTSUPP;
15533 }
15534
15535 return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
15536 }
15537
nl80211_del_tx_ts(struct sk_buff * skb,struct genl_info * info)15538 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
15539 {
15540 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15541 struct net_device *dev = info->user_ptr[1];
15542 const u8 *peer;
15543 u8 tsid;
15544
15545 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
15546 return -EINVAL;
15547
15548 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15549 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15550
15551 return rdev_del_tx_ts(rdev, dev, tsid, peer);
15552 }
15553
nl80211_tdls_channel_switch(struct sk_buff * skb,struct genl_info * info)15554 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
15555 struct genl_info *info)
15556 {
15557 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15558 struct net_device *dev = info->user_ptr[1];
15559 struct wireless_dev *wdev = dev->ieee80211_ptr;
15560 struct cfg80211_chan_def chandef = {};
15561 const u8 *addr;
15562 u8 oper_class;
15563 int err;
15564
15565 if (!rdev->ops->tdls_channel_switch ||
15566 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15567 return -EOPNOTSUPP;
15568
15569 switch (dev->ieee80211_ptr->iftype) {
15570 case NL80211_IFTYPE_STATION:
15571 case NL80211_IFTYPE_P2P_CLIENT:
15572 break;
15573 default:
15574 return -EOPNOTSUPP;
15575 }
15576
15577 if (!info->attrs[NL80211_ATTR_MAC] ||
15578 !info->attrs[NL80211_ATTR_OPER_CLASS])
15579 return -EINVAL;
15580
15581 err = nl80211_parse_chandef(rdev, info, &chandef);
15582 if (err)
15583 return err;
15584
15585 /*
15586 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
15587 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
15588 * specification is not defined for them.
15589 */
15590 if (chandef.chan->band == NL80211_BAND_2GHZ &&
15591 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
15592 chandef.width != NL80211_CHAN_WIDTH_20)
15593 return -EINVAL;
15594
15595 /* we will be active on the TDLS link */
15596 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
15597 wdev->iftype))
15598 return -EINVAL;
15599
15600 /* don't allow switching to DFS channels */
15601 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
15602 return -EINVAL;
15603
15604 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15605 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
15606
15607 return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
15608 }
15609
nl80211_tdls_cancel_channel_switch(struct sk_buff * skb,struct genl_info * info)15610 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
15611 struct genl_info *info)
15612 {
15613 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15614 struct net_device *dev = info->user_ptr[1];
15615 const u8 *addr;
15616
15617 if (!rdev->ops->tdls_channel_switch ||
15618 !rdev->ops->tdls_cancel_channel_switch ||
15619 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15620 return -EOPNOTSUPP;
15621
15622 switch (dev->ieee80211_ptr->iftype) {
15623 case NL80211_IFTYPE_STATION:
15624 case NL80211_IFTYPE_P2P_CLIENT:
15625 break;
15626 default:
15627 return -EOPNOTSUPP;
15628 }
15629
15630 if (!info->attrs[NL80211_ATTR_MAC])
15631 return -EINVAL;
15632
15633 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15634
15635 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
15636
15637 return 0;
15638 }
15639
nl80211_set_multicast_to_unicast(struct sk_buff * skb,struct genl_info * info)15640 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
15641 struct genl_info *info)
15642 {
15643 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15644 struct net_device *dev = info->user_ptr[1];
15645 struct wireless_dev *wdev = dev->ieee80211_ptr;
15646 const struct nlattr *nla;
15647 bool enabled;
15648
15649 if (!rdev->ops->set_multicast_to_unicast)
15650 return -EOPNOTSUPP;
15651
15652 if (wdev->iftype != NL80211_IFTYPE_AP &&
15653 wdev->iftype != NL80211_IFTYPE_P2P_GO)
15654 return -EOPNOTSUPP;
15655
15656 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
15657 enabled = nla_get_flag(nla);
15658
15659 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
15660 }
15661
nl80211_set_pmk(struct sk_buff * skb,struct genl_info * info)15662 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
15663 {
15664 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15665 struct net_device *dev = info->user_ptr[1];
15666 struct wireless_dev *wdev = dev->ieee80211_ptr;
15667 struct cfg80211_pmk_conf pmk_conf = {};
15668
15669 if (wdev->iftype != NL80211_IFTYPE_STATION &&
15670 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15671 return -EOPNOTSUPP;
15672
15673 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15674 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15675 return -EOPNOTSUPP;
15676
15677 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
15678 return -EINVAL;
15679
15680 if (!wdev->connected)
15681 return -ENOTCONN;
15682
15683 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15684 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
15685 return -EINVAL;
15686
15687 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
15688 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
15689 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
15690 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
15691 return -EINVAL;
15692
15693 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
15694 pmk_conf.pmk_r0_name =
15695 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
15696
15697 return rdev_set_pmk(rdev, dev, &pmk_conf);
15698 }
15699
nl80211_del_pmk(struct sk_buff * skb,struct genl_info * info)15700 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
15701 {
15702 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15703 struct net_device *dev = info->user_ptr[1];
15704 struct wireless_dev *wdev = dev->ieee80211_ptr;
15705 const u8 *aa;
15706
15707 if (wdev->iftype != NL80211_IFTYPE_STATION &&
15708 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15709 return -EOPNOTSUPP;
15710
15711 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15712 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15713 return -EOPNOTSUPP;
15714
15715 if (!info->attrs[NL80211_ATTR_MAC])
15716 return -EINVAL;
15717
15718 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15719 return rdev_del_pmk(rdev, dev, aa);
15720 }
15721
nl80211_external_auth(struct sk_buff * skb,struct genl_info * info)15722 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
15723 {
15724 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15725 struct net_device *dev = info->user_ptr[1];
15726 struct cfg80211_external_auth_params params;
15727
15728 if (!rdev->ops->external_auth)
15729 return -EOPNOTSUPP;
15730
15731 if (!info->attrs[NL80211_ATTR_SSID] &&
15732 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
15733 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
15734 return -EINVAL;
15735
15736 if (!info->attrs[NL80211_ATTR_BSSID])
15737 return -EINVAL;
15738
15739 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
15740 return -EINVAL;
15741
15742 memset(¶ms, 0, sizeof(params));
15743
15744 if (info->attrs[NL80211_ATTR_SSID]) {
15745 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
15746 if (params.ssid.ssid_len == 0)
15747 return -EINVAL;
15748 memcpy(params.ssid.ssid,
15749 nla_data(info->attrs[NL80211_ATTR_SSID]),
15750 params.ssid.ssid_len);
15751 }
15752
15753 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
15754 ETH_ALEN);
15755
15756 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15757
15758 if (info->attrs[NL80211_ATTR_PMKID])
15759 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
15760
15761 return rdev_external_auth(rdev, dev, ¶ms);
15762 }
15763
nl80211_tx_control_port(struct sk_buff * skb,struct genl_info * info)15764 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
15765 {
15766 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
15767 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15768 struct net_device *dev = info->user_ptr[1];
15769 struct wireless_dev *wdev = dev->ieee80211_ptr;
15770 const u8 *buf;
15771 size_t len;
15772 u8 *dest;
15773 u16 proto;
15774 bool noencrypt;
15775 u64 cookie = 0;
15776 int link_id;
15777 int err;
15778
15779 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15780 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
15781 return -EOPNOTSUPP;
15782
15783 if (!rdev->ops->tx_control_port)
15784 return -EOPNOTSUPP;
15785
15786 if (!info->attrs[NL80211_ATTR_FRAME] ||
15787 !info->attrs[NL80211_ATTR_MAC] ||
15788 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
15789 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
15790 return -EINVAL;
15791 }
15792
15793 switch (wdev->iftype) {
15794 case NL80211_IFTYPE_AP:
15795 case NL80211_IFTYPE_P2P_GO:
15796 case NL80211_IFTYPE_MESH_POINT:
15797 break;
15798 case NL80211_IFTYPE_ADHOC:
15799 if (wdev->u.ibss.current_bss)
15800 break;
15801 return -ENOTCONN;
15802 case NL80211_IFTYPE_STATION:
15803 case NL80211_IFTYPE_P2P_CLIENT:
15804 if (wdev->connected)
15805 break;
15806 return -ENOTCONN;
15807 default:
15808 return -EOPNOTSUPP;
15809 }
15810
15811 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15812 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15813 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15814 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
15815 noencrypt =
15816 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
15817
15818 link_id = nl80211_link_id_or_invalid(info->attrs);
15819
15820 err = rdev_tx_control_port(rdev, dev, buf, len,
15821 dest, cpu_to_be16(proto), noencrypt, link_id,
15822 dont_wait_for_ack ? NULL : &cookie);
15823 if (!err && !dont_wait_for_ack)
15824 nl_set_extack_cookie_u64(info->extack, cookie);
15825 return err;
15826 }
15827
nl80211_get_ftm_responder_stats(struct sk_buff * skb,struct genl_info * info)15828 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
15829 struct genl_info *info)
15830 {
15831 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15832 struct net_device *dev = info->user_ptr[1];
15833 struct wireless_dev *wdev = dev->ieee80211_ptr;
15834 struct cfg80211_ftm_responder_stats ftm_stats = {};
15835 unsigned int link_id = nl80211_link_id(info->attrs);
15836 struct sk_buff *msg;
15837 void *hdr;
15838 struct nlattr *ftm_stats_attr;
15839 int err;
15840
15841 if (wdev->iftype != NL80211_IFTYPE_AP ||
15842 !wdev->links[link_id].ap.beacon_interval)
15843 return -EOPNOTSUPP;
15844
15845 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
15846 if (err)
15847 return err;
15848
15849 if (!ftm_stats.filled)
15850 return -ENODATA;
15851
15852 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15853 if (!msg)
15854 return -ENOMEM;
15855
15856 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15857 NL80211_CMD_GET_FTM_RESPONDER_STATS);
15858 if (!hdr)
15859 goto nla_put_failure;
15860
15861 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15862 goto nla_put_failure;
15863
15864 ftm_stats_attr = nla_nest_start_noflag(msg,
15865 NL80211_ATTR_FTM_RESPONDER_STATS);
15866 if (!ftm_stats_attr)
15867 goto nla_put_failure;
15868
15869 #define SET_FTM(field, name, type) \
15870 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15871 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
15872 ftm_stats.field)) \
15873 goto nla_put_failure; } while (0)
15874 #define SET_FTM_U64(field, name) \
15875 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15876 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
15877 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
15878 goto nla_put_failure; } while (0)
15879
15880 SET_FTM(success_num, SUCCESS_NUM, u32);
15881 SET_FTM(partial_num, PARTIAL_NUM, u32);
15882 SET_FTM(failed_num, FAILED_NUM, u32);
15883 SET_FTM(asap_num, ASAP_NUM, u32);
15884 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
15885 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
15886 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
15887 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
15888 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
15889 #undef SET_FTM
15890
15891 nla_nest_end(msg, ftm_stats_attr);
15892
15893 genlmsg_end(msg, hdr);
15894 return genlmsg_reply(msg, info);
15895
15896 nla_put_failure:
15897 nlmsg_free(msg);
15898 return -ENOBUFS;
15899 }
15900
nl80211_update_owe_info(struct sk_buff * skb,struct genl_info * info)15901 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
15902 {
15903 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15904 struct cfg80211_update_owe_info owe_info;
15905 struct net_device *dev = info->user_ptr[1];
15906
15907 if (!rdev->ops->update_owe_info)
15908 return -EOPNOTSUPP;
15909
15910 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
15911 !info->attrs[NL80211_ATTR_MAC])
15912 return -EINVAL;
15913
15914 memset(&owe_info, 0, sizeof(owe_info));
15915 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15916 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
15917
15918 if (info->attrs[NL80211_ATTR_IE]) {
15919 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15920 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15921 }
15922
15923 return rdev_update_owe_info(rdev, dev, &owe_info);
15924 }
15925
nl80211_probe_mesh_link(struct sk_buff * skb,struct genl_info * info)15926 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
15927 {
15928 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15929 struct net_device *dev = info->user_ptr[1];
15930 struct wireless_dev *wdev = dev->ieee80211_ptr;
15931 struct station_info sinfo = {};
15932 const u8 *buf;
15933 size_t len;
15934 u8 *dest;
15935 int err;
15936
15937 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
15938 return -EOPNOTSUPP;
15939
15940 if (!info->attrs[NL80211_ATTR_MAC] ||
15941 !info->attrs[NL80211_ATTR_FRAME]) {
15942 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
15943 return -EINVAL;
15944 }
15945
15946 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
15947 return -EOPNOTSUPP;
15948
15949 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15950 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15951 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15952
15953 if (len < sizeof(struct ethhdr))
15954 return -EINVAL;
15955
15956 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
15957 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
15958 return -EINVAL;
15959
15960 err = rdev_get_station(rdev, dev, dest, &sinfo);
15961 if (err)
15962 return err;
15963
15964 cfg80211_sinfo_release_content(&sinfo);
15965
15966 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
15967 }
15968
parse_tid_conf(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct net_device * dev,struct cfg80211_tid_cfg * tid_conf,struct genl_info * info,const u8 * peer,unsigned int link_id)15969 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
15970 struct nlattr *attrs[], struct net_device *dev,
15971 struct cfg80211_tid_cfg *tid_conf,
15972 struct genl_info *info, const u8 *peer,
15973 unsigned int link_id)
15974 {
15975 struct netlink_ext_ack *extack = info->extack;
15976 u64 mask;
15977 int err;
15978
15979 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
15980 return -EINVAL;
15981
15982 tid_conf->config_override =
15983 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
15984 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
15985
15986 if (tid_conf->config_override) {
15987 if (rdev->ops->reset_tid_config) {
15988 err = rdev_reset_tid_config(rdev, dev, peer,
15989 tid_conf->tids);
15990 if (err)
15991 return err;
15992 } else {
15993 return -EINVAL;
15994 }
15995 }
15996
15997 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
15998 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
15999 tid_conf->noack =
16000 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
16001 }
16002
16003 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
16004 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
16005 tid_conf->retry_short =
16006 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
16007
16008 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
16009 return -EINVAL;
16010 }
16011
16012 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
16013 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
16014 tid_conf->retry_long =
16015 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
16016
16017 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
16018 return -EINVAL;
16019 }
16020
16021 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
16022 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
16023 tid_conf->ampdu =
16024 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
16025 }
16026
16027 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
16028 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
16029 tid_conf->rtscts =
16030 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
16031 }
16032
16033 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
16034 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
16035 tid_conf->amsdu =
16036 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
16037 }
16038
16039 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
16040 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
16041
16042 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
16043
16044 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
16045 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
16046 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
16047 &tid_conf->txrate_mask, dev,
16048 true, link_id);
16049 if (err)
16050 return err;
16051
16052 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
16053 }
16054 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
16055 }
16056
16057 if (peer)
16058 mask = rdev->wiphy.tid_config_support.peer;
16059 else
16060 mask = rdev->wiphy.tid_config_support.vif;
16061
16062 if (tid_conf->mask & ~mask) {
16063 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
16064 return -EOPNOTSUPP;
16065 }
16066
16067 return 0;
16068 }
16069
nl80211_set_tid_config(struct sk_buff * skb,struct genl_info * info)16070 static int nl80211_set_tid_config(struct sk_buff *skb,
16071 struct genl_info *info)
16072 {
16073 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16074 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
16075 unsigned int link_id = nl80211_link_id(info->attrs);
16076 struct net_device *dev = info->user_ptr[1];
16077 struct cfg80211_tid_config *tid_config;
16078 struct nlattr *tid;
16079 int conf_idx = 0, rem_conf;
16080 int ret = -EINVAL;
16081 u32 num_conf = 0;
16082
16083 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
16084 return -EINVAL;
16085
16086 if (!rdev->ops->set_tid_config)
16087 return -EOPNOTSUPP;
16088
16089 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16090 rem_conf)
16091 num_conf++;
16092
16093 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
16094 GFP_KERNEL);
16095 if (!tid_config)
16096 return -ENOMEM;
16097
16098 tid_config->n_tid_conf = num_conf;
16099
16100 if (info->attrs[NL80211_ATTR_MAC])
16101 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16102
16103 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16104 rem_conf) {
16105 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
16106 tid, NULL, NULL);
16107
16108 if (ret)
16109 goto bad_tid_conf;
16110
16111 ret = parse_tid_conf(rdev, attrs, dev,
16112 &tid_config->tid_conf[conf_idx],
16113 info, tid_config->peer, link_id);
16114 if (ret)
16115 goto bad_tid_conf;
16116
16117 conf_idx++;
16118 }
16119
16120 ret = rdev_set_tid_config(rdev, dev, tid_config);
16121
16122 bad_tid_conf:
16123 kfree(tid_config);
16124 return ret;
16125 }
16126
nl80211_color_change(struct sk_buff * skb,struct genl_info * info)16127 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
16128 {
16129 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16130 struct cfg80211_color_change_settings params = {};
16131 struct net_device *dev = info->user_ptr[1];
16132 struct wireless_dev *wdev = dev->ieee80211_ptr;
16133 struct nlattr **tb;
16134 u16 offset;
16135 int err;
16136
16137 if (!rdev->ops->color_change)
16138 return -EOPNOTSUPP;
16139
16140 if (!wiphy_ext_feature_isset(&rdev->wiphy,
16141 NL80211_EXT_FEATURE_BSS_COLOR))
16142 return -EOPNOTSUPP;
16143
16144 if (wdev->iftype != NL80211_IFTYPE_AP)
16145 return -EOPNOTSUPP;
16146
16147 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
16148 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
16149 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
16150 return -EINVAL;
16151
16152 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
16153 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
16154
16155 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next,
16156 info->extack);
16157 if (err)
16158 return err;
16159
16160 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
16161 if (!tb)
16162 return -ENOMEM;
16163
16164 err = nla_parse_nested(tb, NL80211_ATTR_MAX,
16165 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
16166 nl80211_policy, info->extack);
16167 if (err)
16168 goto out;
16169
16170 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change,
16171 info->extack);
16172 if (err)
16173 goto out;
16174
16175 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
16176 err = -EINVAL;
16177 goto out;
16178 }
16179
16180 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
16181 err = -EINVAL;
16182 goto out;
16183 }
16184
16185 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
16186 if (offset >= params.beacon_color_change.tail_len) {
16187 err = -EINVAL;
16188 goto out;
16189 }
16190
16191 if (params.beacon_color_change.tail[offset] != params.count) {
16192 err = -EINVAL;
16193 goto out;
16194 }
16195
16196 params.counter_offset_beacon = offset;
16197
16198 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
16199 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
16200 sizeof(u16)) {
16201 err = -EINVAL;
16202 goto out;
16203 }
16204
16205 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
16206 if (offset >= params.beacon_color_change.probe_resp_len) {
16207 err = -EINVAL;
16208 goto out;
16209 }
16210
16211 if (params.beacon_color_change.probe_resp[offset] !=
16212 params.count) {
16213 err = -EINVAL;
16214 goto out;
16215 }
16216
16217 params.counter_offset_presp = offset;
16218 }
16219
16220 params.link_id = nl80211_link_id(info->attrs);
16221 err = rdev_color_change(rdev, dev, ¶ms);
16222
16223 out:
16224 kfree(params.beacon_next.mbssid_ies);
16225 kfree(params.beacon_color_change.mbssid_ies);
16226 kfree(params.beacon_next.rnr_ies);
16227 kfree(params.beacon_color_change.rnr_ies);
16228 kfree(tb);
16229 return err;
16230 }
16231
nl80211_set_fils_aad(struct sk_buff * skb,struct genl_info * info)16232 static int nl80211_set_fils_aad(struct sk_buff *skb,
16233 struct genl_info *info)
16234 {
16235 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16236 struct net_device *dev = info->user_ptr[1];
16237 struct cfg80211_fils_aad fils_aad = {};
16238 u8 *nonces;
16239
16240 if (!info->attrs[NL80211_ATTR_MAC] ||
16241 !info->attrs[NL80211_ATTR_FILS_KEK] ||
16242 !info->attrs[NL80211_ATTR_FILS_NONCES])
16243 return -EINVAL;
16244
16245 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16246 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
16247 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
16248 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
16249 fils_aad.snonce = nonces;
16250 fils_aad.anonce = nonces + FILS_NONCE_LEN;
16251
16252 return rdev_set_fils_aad(rdev, dev, &fils_aad);
16253 }
16254
nl80211_add_link(struct sk_buff * skb,struct genl_info * info)16255 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
16256 {
16257 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16258 unsigned int link_id = nl80211_link_id(info->attrs);
16259 struct net_device *dev = info->user_ptr[1];
16260 struct wireless_dev *wdev = dev->ieee80211_ptr;
16261 int ret;
16262
16263 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
16264 return -EINVAL;
16265
16266 switch (wdev->iftype) {
16267 case NL80211_IFTYPE_AP:
16268 break;
16269 default:
16270 return -EINVAL;
16271 }
16272
16273 if (!info->attrs[NL80211_ATTR_MAC] ||
16274 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
16275 return -EINVAL;
16276
16277 wdev->valid_links |= BIT(link_id);
16278 ether_addr_copy(wdev->links[link_id].addr,
16279 nla_data(info->attrs[NL80211_ATTR_MAC]));
16280
16281 ret = rdev_add_intf_link(rdev, wdev, link_id);
16282 if (ret) {
16283 wdev->valid_links &= ~BIT(link_id);
16284 eth_zero_addr(wdev->links[link_id].addr);
16285 }
16286
16287 return ret;
16288 }
16289
nl80211_remove_link(struct sk_buff * skb,struct genl_info * info)16290 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
16291 {
16292 unsigned int link_id = nl80211_link_id(info->attrs);
16293 struct net_device *dev = info->user_ptr[1];
16294 struct wireless_dev *wdev = dev->ieee80211_ptr;
16295
16296 /* cannot remove if there's no link */
16297 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16298 return -EINVAL;
16299
16300 switch (wdev->iftype) {
16301 case NL80211_IFTYPE_AP:
16302 break;
16303 default:
16304 return -EINVAL;
16305 }
16306
16307 cfg80211_remove_link(wdev, link_id);
16308
16309 return 0;
16310 }
16311
16312 static int
nl80211_add_mod_link_station(struct sk_buff * skb,struct genl_info * info,bool add)16313 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
16314 bool add)
16315 {
16316 struct link_station_parameters params = {};
16317 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16318 struct net_device *dev = info->user_ptr[1];
16319 int err;
16320
16321 if ((add && !rdev->ops->add_link_station) ||
16322 (!add && !rdev->ops->mod_link_station))
16323 return -EOPNOTSUPP;
16324
16325 if (add && !info->attrs[NL80211_ATTR_MAC])
16326 return -EINVAL;
16327
16328 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
16329 return -EINVAL;
16330
16331 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
16332 return -EINVAL;
16333
16334 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16335
16336 if (info->attrs[NL80211_ATTR_MAC]) {
16337 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
16338 if (!is_valid_ether_addr(params.link_mac))
16339 return -EINVAL;
16340 }
16341
16342 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16343 return -EINVAL;
16344
16345 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16346
16347 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
16348 params.supported_rates =
16349 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16350 params.supported_rates_len =
16351 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16352 }
16353
16354 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
16355 params.ht_capa =
16356 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
16357
16358 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
16359 params.vht_capa =
16360 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
16361
16362 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
16363 params.he_capa =
16364 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16365 params.he_capa_len =
16366 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16367
16368 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
16369 params.eht_capa =
16370 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16371 params.eht_capa_len =
16372 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16373
16374 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
16375 (const u8 *)params.eht_capa,
16376 params.eht_capa_len,
16377 false))
16378 return -EINVAL;
16379 }
16380 }
16381
16382 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
16383 params.he_6ghz_capa =
16384 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
16385
16386 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
16387 params.opmode_notif_used = true;
16388 params.opmode_notif =
16389 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
16390 }
16391
16392 err = nl80211_parse_sta_txpower_setting(info, ¶ms.txpwr,
16393 ¶ms.txpwr_set);
16394 if (err)
16395 return err;
16396
16397 if (add)
16398 return rdev_add_link_station(rdev, dev, ¶ms);
16399
16400 return rdev_mod_link_station(rdev, dev, ¶ms);
16401 }
16402
16403 static int
nl80211_add_link_station(struct sk_buff * skb,struct genl_info * info)16404 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
16405 {
16406 return nl80211_add_mod_link_station(skb, info, true);
16407 }
16408
16409 static int
nl80211_modify_link_station(struct sk_buff * skb,struct genl_info * info)16410 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
16411 {
16412 return nl80211_add_mod_link_station(skb, info, false);
16413 }
16414
16415 static int
nl80211_remove_link_station(struct sk_buff * skb,struct genl_info * info)16416 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
16417 {
16418 struct link_station_del_parameters params = {};
16419 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16420 struct net_device *dev = info->user_ptr[1];
16421
16422 if (!rdev->ops->del_link_station)
16423 return -EOPNOTSUPP;
16424
16425 if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
16426 !info->attrs[NL80211_ATTR_MLO_LINK_ID])
16427 return -EINVAL;
16428
16429 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16430 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16431
16432 return rdev_del_link_station(rdev, dev, ¶ms);
16433 }
16434
nl80211_set_hw_timestamp(struct sk_buff * skb,struct genl_info * info)16435 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
16436 struct genl_info *info)
16437 {
16438 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16439 struct net_device *dev = info->user_ptr[1];
16440 struct cfg80211_set_hw_timestamp hwts = {};
16441
16442 if (!rdev->wiphy.hw_timestamp_max_peers)
16443 return -EOPNOTSUPP;
16444
16445 if (!info->attrs[NL80211_ATTR_MAC] &&
16446 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
16447 return -EOPNOTSUPP;
16448
16449 if (info->attrs[NL80211_ATTR_MAC])
16450 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16451
16452 hwts.enable =
16453 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
16454
16455 return rdev_set_hw_timestamp(rdev, dev, &hwts);
16456 }
16457
16458 static int
nl80211_set_ttlm(struct sk_buff * skb,struct genl_info * info)16459 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
16460 {
16461 struct cfg80211_ttlm_params params = {};
16462 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16463 struct net_device *dev = info->user_ptr[1];
16464 struct wireless_dev *wdev = dev->ieee80211_ptr;
16465
16466 if (wdev->iftype != NL80211_IFTYPE_STATION &&
16467 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
16468 return -EOPNOTSUPP;
16469
16470 if (!wdev->connected)
16471 return -ENOLINK;
16472
16473 if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
16474 !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
16475 return -EINVAL;
16476
16477 nla_memcpy(params.dlink,
16478 info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
16479 sizeof(params.dlink));
16480 nla_memcpy(params.ulink,
16481 info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
16482 sizeof(params.ulink));
16483
16484 return rdev_set_ttlm(rdev, dev, ¶ms);
16485 }
16486
nl80211_assoc_ml_reconf(struct sk_buff * skb,struct genl_info * info)16487 static int nl80211_assoc_ml_reconf(struct sk_buff *skb, struct genl_info *info)
16488 {
16489 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16490 struct net_device *dev = info->user_ptr[1];
16491 struct wireless_dev *wdev = dev->ieee80211_ptr;
16492 struct cfg80211_assoc_link links[IEEE80211_MLD_MAX_NUM_LINKS] = {};
16493 unsigned int link_id;
16494 u16 add_links, rem_links;
16495 int err;
16496
16497 if (!wdev->valid_links)
16498 return -EINVAL;
16499
16500 if (dev->ieee80211_ptr->conn_owner_nlportid &&
16501 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
16502 return -EPERM;
16503
16504 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
16505 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
16506 return -EOPNOTSUPP;
16507
16508 add_links = 0;
16509 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
16510 err = nl80211_process_links(rdev, links,
16511 /* mark as MLO, but not assoc */
16512 IEEE80211_MLD_MAX_NUM_LINKS,
16513 NULL, 0, info);
16514 if (err)
16515 return err;
16516
16517 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
16518 link_id++) {
16519 if (!links[link_id].bss)
16520 continue;
16521 add_links |= BIT(link_id);
16522 }
16523 }
16524
16525 if (info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS])
16526 rem_links =
16527 nla_get_u16(info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS]);
16528 else
16529 rem_links = 0;
16530
16531 /* Validate that existing links are not added, removed links are valid
16532 * and don't allow adding and removing the same links
16533 */
16534 if ((add_links & rem_links) || !(add_links | rem_links) ||
16535 (wdev->valid_links & add_links) ||
16536 ((wdev->valid_links & rem_links) != rem_links)) {
16537 err = -EINVAL;
16538 goto out;
16539 }
16540
16541 err = -EOPNOTSUPP;
16542
16543 out:
16544 for (link_id = 0; link_id < ARRAY_SIZE(links); link_id++)
16545 cfg80211_put_bss(&rdev->wiphy, links[link_id].bss);
16546
16547 return err;
16548 }
16549
16550 static int
nl80211_epcs_cfg(struct sk_buff * skb,struct genl_info * info)16551 nl80211_epcs_cfg(struct sk_buff *skb, struct genl_info *info)
16552 {
16553 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16554 struct net_device *dev = info->user_ptr[1];
16555 struct wireless_dev *wdev = dev->ieee80211_ptr;
16556 bool val;
16557
16558 if (wdev->iftype != NL80211_IFTYPE_STATION &&
16559 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
16560 return -EOPNOTSUPP;
16561
16562 if (!wdev->connected)
16563 return -ENOLINK;
16564
16565 val = nla_get_flag(info->attrs[NL80211_ATTR_EPCS]);
16566
16567 return rdev_set_epcs(rdev, dev, val);
16568 }
16569
16570 #define NL80211_FLAG_NEED_WIPHY 0x01
16571 #define NL80211_FLAG_NEED_NETDEV 0x02
16572 #define NL80211_FLAG_NEED_RTNL 0x04
16573 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
16574 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
16575 NL80211_FLAG_CHECK_NETDEV_UP)
16576 #define NL80211_FLAG_NEED_WDEV 0x10
16577 /* If a netdev is associated, it must be UP, P2P must be started */
16578 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
16579 NL80211_FLAG_CHECK_NETDEV_UP)
16580 #define NL80211_FLAG_CLEAR_SKB 0x20
16581 #define NL80211_FLAG_NO_WIPHY_MTX 0x40
16582 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80
16583 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100
16584
16585 #define INTERNAL_FLAG_SELECTORS(__sel) \
16586 SELECTOR(__sel, NONE, 0) /* must be first */ \
16587 SELECTOR(__sel, WIPHY, \
16588 NL80211_FLAG_NEED_WIPHY) \
16589 SELECTOR(__sel, WDEV, \
16590 NL80211_FLAG_NEED_WDEV) \
16591 SELECTOR(__sel, NETDEV, \
16592 NL80211_FLAG_NEED_NETDEV) \
16593 SELECTOR(__sel, NETDEV_LINK, \
16594 NL80211_FLAG_NEED_NETDEV | \
16595 NL80211_FLAG_MLO_VALID_LINK_ID) \
16596 SELECTOR(__sel, NETDEV_NO_MLO, \
16597 NL80211_FLAG_NEED_NETDEV | \
16598 NL80211_FLAG_MLO_UNSUPPORTED) \
16599 SELECTOR(__sel, WIPHY_RTNL, \
16600 NL80211_FLAG_NEED_WIPHY | \
16601 NL80211_FLAG_NEED_RTNL) \
16602 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \
16603 NL80211_FLAG_NEED_WIPHY | \
16604 NL80211_FLAG_NEED_RTNL | \
16605 NL80211_FLAG_NO_WIPHY_MTX) \
16606 SELECTOR(__sel, WDEV_RTNL, \
16607 NL80211_FLAG_NEED_WDEV | \
16608 NL80211_FLAG_NEED_RTNL) \
16609 SELECTOR(__sel, NETDEV_RTNL, \
16610 NL80211_FLAG_NEED_NETDEV | \
16611 NL80211_FLAG_NEED_RTNL) \
16612 SELECTOR(__sel, NETDEV_UP, \
16613 NL80211_FLAG_NEED_NETDEV_UP) \
16614 SELECTOR(__sel, NETDEV_UP_LINK, \
16615 NL80211_FLAG_NEED_NETDEV_UP | \
16616 NL80211_FLAG_MLO_VALID_LINK_ID) \
16617 SELECTOR(__sel, NETDEV_UP_NO_MLO, \
16618 NL80211_FLAG_NEED_NETDEV_UP | \
16619 NL80211_FLAG_MLO_UNSUPPORTED) \
16620 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \
16621 NL80211_FLAG_NEED_NETDEV_UP | \
16622 NL80211_FLAG_CLEAR_SKB | \
16623 NL80211_FLAG_MLO_UNSUPPORTED) \
16624 SELECTOR(__sel, NETDEV_UP_NOTMX, \
16625 NL80211_FLAG_NEED_NETDEV_UP | \
16626 NL80211_FLAG_NO_WIPHY_MTX) \
16627 SELECTOR(__sel, NETDEV_UP_NOTMX_MLO, \
16628 NL80211_FLAG_NEED_NETDEV_UP | \
16629 NL80211_FLAG_NO_WIPHY_MTX | \
16630 NL80211_FLAG_MLO_VALID_LINK_ID) \
16631 SELECTOR(__sel, NETDEV_UP_CLEAR, \
16632 NL80211_FLAG_NEED_NETDEV_UP | \
16633 NL80211_FLAG_CLEAR_SKB) \
16634 SELECTOR(__sel, WDEV_UP, \
16635 NL80211_FLAG_NEED_WDEV_UP) \
16636 SELECTOR(__sel, WDEV_UP_LINK, \
16637 NL80211_FLAG_NEED_WDEV_UP | \
16638 NL80211_FLAG_MLO_VALID_LINK_ID) \
16639 SELECTOR(__sel, WDEV_UP_RTNL, \
16640 NL80211_FLAG_NEED_WDEV_UP | \
16641 NL80211_FLAG_NEED_RTNL) \
16642 SELECTOR(__sel, WIPHY_CLEAR, \
16643 NL80211_FLAG_NEED_WIPHY | \
16644 NL80211_FLAG_CLEAR_SKB)
16645
16646 enum nl80211_internal_flags_selector {
16647 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name,
16648 INTERNAL_FLAG_SELECTORS(_)
16649 #undef SELECTOR
16650 };
16651
16652 static u32 nl80211_internal_flags[] = {
16653 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value,
16654 INTERNAL_FLAG_SELECTORS(_)
16655 #undef SELECTOR
16656 };
16657
nl80211_pre_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)16658 static int nl80211_pre_doit(const struct genl_split_ops *ops,
16659 struct sk_buff *skb,
16660 struct genl_info *info)
16661 {
16662 struct cfg80211_registered_device *rdev = NULL;
16663 struct wireless_dev *wdev = NULL;
16664 struct net_device *dev = NULL;
16665 u32 internal_flags;
16666 int err;
16667
16668 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
16669 return -EINVAL;
16670
16671 internal_flags = nl80211_internal_flags[ops->internal_flags];
16672
16673 rtnl_lock();
16674 if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
16675 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
16676 if (IS_ERR(rdev)) {
16677 err = PTR_ERR(rdev);
16678 goto out_unlock;
16679 }
16680 info->user_ptr[0] = rdev;
16681 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
16682 internal_flags & NL80211_FLAG_NEED_WDEV) {
16683 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
16684 info->attrs);
16685 if (IS_ERR(wdev)) {
16686 err = PTR_ERR(wdev);
16687 goto out_unlock;
16688 }
16689
16690 dev = wdev->netdev;
16691 dev_hold(dev);
16692 rdev = wiphy_to_rdev(wdev->wiphy);
16693
16694 if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
16695 if (!dev) {
16696 err = -EINVAL;
16697 goto out_unlock;
16698 }
16699
16700 info->user_ptr[1] = dev;
16701 } else {
16702 info->user_ptr[1] = wdev;
16703 }
16704
16705 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
16706 !wdev_running(wdev)) {
16707 err = -ENETDOWN;
16708 goto out_unlock;
16709 }
16710
16711 info->user_ptr[0] = rdev;
16712 }
16713
16714 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
16715 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
16716
16717 if (!wdev) {
16718 err = -EINVAL;
16719 goto out_unlock;
16720 }
16721
16722 /* MLO -> require valid link ID */
16723 if (wdev->valid_links &&
16724 (!link_id ||
16725 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
16726 err = -EINVAL;
16727 goto out_unlock;
16728 }
16729
16730 /* non-MLO -> no link ID attribute accepted */
16731 if (!wdev->valid_links && link_id) {
16732 err = -EINVAL;
16733 goto out_unlock;
16734 }
16735 }
16736
16737 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
16738 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
16739 (wdev && wdev->valid_links)) {
16740 err = -EINVAL;
16741 goto out_unlock;
16742 }
16743 }
16744
16745 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16746 wiphy_lock(&rdev->wiphy);
16747 /* we keep the mutex locked until post_doit */
16748 __release(&rdev->wiphy.mtx);
16749 }
16750 if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
16751 rtnl_unlock();
16752
16753 return 0;
16754 out_unlock:
16755 rtnl_unlock();
16756 dev_put(dev);
16757 return err;
16758 }
16759
nl80211_post_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)16760 static void nl80211_post_doit(const struct genl_split_ops *ops,
16761 struct sk_buff *skb,
16762 struct genl_info *info)
16763 {
16764 u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
16765
16766 if (info->user_ptr[1]) {
16767 if (internal_flags & NL80211_FLAG_NEED_WDEV) {
16768 struct wireless_dev *wdev = info->user_ptr[1];
16769
16770 dev_put(wdev->netdev);
16771 } else {
16772 dev_put(info->user_ptr[1]);
16773 }
16774 }
16775
16776 if (info->user_ptr[0] &&
16777 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16778 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16779
16780 /* we kept the mutex locked since pre_doit */
16781 __acquire(&rdev->wiphy.mtx);
16782 wiphy_unlock(&rdev->wiphy);
16783 }
16784
16785 if (internal_flags & NL80211_FLAG_NEED_RTNL)
16786 rtnl_unlock();
16787
16788 /* If needed, clear the netlink message payload from the SKB
16789 * as it might contain key data that shouldn't stick around on
16790 * the heap after the SKB is freed. The netlink message header
16791 * is still needed for further processing, so leave it intact.
16792 */
16793 if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
16794 struct nlmsghdr *nlh = nlmsg_hdr(skb);
16795
16796 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
16797 }
16798 }
16799
nl80211_set_sar_sub_specs(struct cfg80211_registered_device * rdev,struct cfg80211_sar_specs * sar_specs,struct nlattr * spec[],int index)16800 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
16801 struct cfg80211_sar_specs *sar_specs,
16802 struct nlattr *spec[], int index)
16803 {
16804 u32 range_index, i;
16805
16806 if (!sar_specs || !spec)
16807 return -EINVAL;
16808
16809 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
16810 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
16811 return -EINVAL;
16812
16813 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
16814
16815 /* check if range_index exceeds num_freq_ranges */
16816 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
16817 return -EINVAL;
16818
16819 /* check if range_index duplicates */
16820 for (i = 0; i < index; i++) {
16821 if (sar_specs->sub_specs[i].freq_range_index == range_index)
16822 return -EINVAL;
16823 }
16824
16825 sar_specs->sub_specs[index].power =
16826 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
16827
16828 sar_specs->sub_specs[index].freq_range_index = range_index;
16829
16830 return 0;
16831 }
16832
nl80211_set_sar_specs(struct sk_buff * skb,struct genl_info * info)16833 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
16834 {
16835 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16836 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
16837 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
16838 struct cfg80211_sar_specs *sar_spec;
16839 enum nl80211_sar_type type;
16840 struct nlattr *spec_list;
16841 u32 specs;
16842 int rem, err;
16843
16844 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
16845 return -EOPNOTSUPP;
16846
16847 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
16848 return -EINVAL;
16849
16850 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
16851 info->attrs[NL80211_ATTR_SAR_SPEC],
16852 NULL, NULL);
16853
16854 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
16855 return -EINVAL;
16856
16857 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
16858 if (type != rdev->wiphy.sar_capa->type)
16859 return -EINVAL;
16860
16861 specs = 0;
16862 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
16863 specs++;
16864
16865 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
16866 return -EINVAL;
16867
16868 sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL);
16869 if (!sar_spec)
16870 return -ENOMEM;
16871
16872 sar_spec->type = type;
16873 specs = 0;
16874 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
16875 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
16876 spec_list, NULL, NULL);
16877
16878 switch (type) {
16879 case NL80211_SAR_TYPE_POWER:
16880 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
16881 spec, specs)) {
16882 err = -EINVAL;
16883 goto error;
16884 }
16885 break;
16886 default:
16887 err = -EINVAL;
16888 goto error;
16889 }
16890 specs++;
16891 }
16892
16893 sar_spec->num_sub_specs = specs;
16894
16895 rdev->cur_cmd_info = info;
16896 err = rdev_set_sar_specs(rdev, sar_spec);
16897 rdev->cur_cmd_info = NULL;
16898 error:
16899 kfree(sar_spec);
16900 return err;
16901 }
16902
16903 #define SELECTOR(__sel, name, value) \
16904 ((__sel) == (value)) ? NL80211_IFL_SEL_##name :
16905 int __missing_selector(void);
16906 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
16907
16908 static const struct genl_ops nl80211_ops[] = {
16909 {
16910 .cmd = NL80211_CMD_GET_WIPHY,
16911 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16912 .doit = nl80211_get_wiphy,
16913 .dumpit = nl80211_dump_wiphy,
16914 .done = nl80211_dump_wiphy_done,
16915 /* can be retrieved by unprivileged users */
16916 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
16917 },
16918 };
16919
16920 static const struct genl_small_ops nl80211_small_ops[] = {
16921 {
16922 .cmd = NL80211_CMD_SET_WIPHY,
16923 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16924 .doit = nl80211_set_wiphy,
16925 .flags = GENL_UNS_ADMIN_PERM,
16926 },
16927 {
16928 .cmd = NL80211_CMD_GET_INTERFACE,
16929 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16930 .doit = nl80211_get_interface,
16931 .dumpit = nl80211_dump_interface,
16932 /* can be retrieved by unprivileged users */
16933 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
16934 },
16935 {
16936 .cmd = NL80211_CMD_SET_INTERFACE,
16937 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16938 .doit = nl80211_set_interface,
16939 .flags = GENL_UNS_ADMIN_PERM,
16940 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
16941 NL80211_FLAG_NEED_RTNL),
16942 },
16943 {
16944 .cmd = NL80211_CMD_NEW_INTERFACE,
16945 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16946 .doit = nl80211_new_interface,
16947 .flags = GENL_UNS_ADMIN_PERM,
16948 .internal_flags =
16949 IFLAGS(NL80211_FLAG_NEED_WIPHY |
16950 NL80211_FLAG_NEED_RTNL |
16951 /* we take the wiphy mutex later ourselves */
16952 NL80211_FLAG_NO_WIPHY_MTX),
16953 },
16954 {
16955 .cmd = NL80211_CMD_DEL_INTERFACE,
16956 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16957 .doit = nl80211_del_interface,
16958 .flags = GENL_UNS_ADMIN_PERM,
16959 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
16960 NL80211_FLAG_NEED_RTNL),
16961 },
16962 {
16963 .cmd = NL80211_CMD_GET_KEY,
16964 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16965 .doit = nl80211_get_key,
16966 .flags = GENL_UNS_ADMIN_PERM,
16967 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16968 },
16969 {
16970 .cmd = NL80211_CMD_SET_KEY,
16971 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16972 .doit = nl80211_set_key,
16973 .flags = GENL_UNS_ADMIN_PERM,
16974 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
16975 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16976 NL80211_FLAG_CLEAR_SKB),
16977 },
16978 {
16979 .cmd = NL80211_CMD_NEW_KEY,
16980 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16981 .doit = nl80211_new_key,
16982 .flags = GENL_UNS_ADMIN_PERM,
16983 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16984 NL80211_FLAG_CLEAR_SKB),
16985 },
16986 {
16987 .cmd = NL80211_CMD_DEL_KEY,
16988 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16989 .doit = nl80211_del_key,
16990 .flags = GENL_UNS_ADMIN_PERM,
16991 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16992 },
16993 {
16994 .cmd = NL80211_CMD_SET_BEACON,
16995 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16996 .flags = GENL_UNS_ADMIN_PERM,
16997 .doit = nl80211_set_beacon,
16998 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16999 NL80211_FLAG_MLO_VALID_LINK_ID),
17000 },
17001 {
17002 .cmd = NL80211_CMD_START_AP,
17003 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17004 .flags = GENL_UNS_ADMIN_PERM,
17005 .doit = nl80211_start_ap,
17006 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17007 NL80211_FLAG_MLO_VALID_LINK_ID),
17008 },
17009 {
17010 .cmd = NL80211_CMD_STOP_AP,
17011 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17012 .flags = GENL_UNS_ADMIN_PERM,
17013 .doit = nl80211_stop_ap,
17014 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17015 NL80211_FLAG_MLO_VALID_LINK_ID),
17016 },
17017 {
17018 .cmd = NL80211_CMD_GET_STATION,
17019 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17020 .doit = nl80211_get_station,
17021 .dumpit = nl80211_dump_station,
17022 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17023 },
17024 {
17025 .cmd = NL80211_CMD_SET_STATION,
17026 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17027 .doit = nl80211_set_station,
17028 .flags = GENL_UNS_ADMIN_PERM,
17029 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17030 },
17031 {
17032 .cmd = NL80211_CMD_NEW_STATION,
17033 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17034 .doit = nl80211_new_station,
17035 .flags = GENL_UNS_ADMIN_PERM,
17036 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17037 },
17038 {
17039 .cmd = NL80211_CMD_DEL_STATION,
17040 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17041 .doit = nl80211_del_station,
17042 .flags = GENL_UNS_ADMIN_PERM,
17043 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
17044 * whether MAC address is passed or not. If MAC address is
17045 * passed, then even during MLO, link ID is not required.
17046 */
17047 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17048 },
17049 {
17050 .cmd = NL80211_CMD_GET_MPATH,
17051 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17052 .doit = nl80211_get_mpath,
17053 .dumpit = nl80211_dump_mpath,
17054 .flags = GENL_UNS_ADMIN_PERM,
17055 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17056 },
17057 {
17058 .cmd = NL80211_CMD_GET_MPP,
17059 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17060 .doit = nl80211_get_mpp,
17061 .dumpit = nl80211_dump_mpp,
17062 .flags = GENL_UNS_ADMIN_PERM,
17063 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17064 },
17065 {
17066 .cmd = NL80211_CMD_SET_MPATH,
17067 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17068 .doit = nl80211_set_mpath,
17069 .flags = GENL_UNS_ADMIN_PERM,
17070 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17071 },
17072 {
17073 .cmd = NL80211_CMD_NEW_MPATH,
17074 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17075 .doit = nl80211_new_mpath,
17076 .flags = GENL_UNS_ADMIN_PERM,
17077 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17078 },
17079 {
17080 .cmd = NL80211_CMD_DEL_MPATH,
17081 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17082 .doit = nl80211_del_mpath,
17083 .flags = GENL_UNS_ADMIN_PERM,
17084 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17085 },
17086 {
17087 .cmd = NL80211_CMD_SET_BSS,
17088 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17089 .doit = nl80211_set_bss,
17090 .flags = GENL_UNS_ADMIN_PERM,
17091 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17092 NL80211_FLAG_MLO_VALID_LINK_ID),
17093 },
17094 {
17095 .cmd = NL80211_CMD_GET_REG,
17096 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17097 .doit = nl80211_get_reg_do,
17098 .dumpit = nl80211_get_reg_dump,
17099 /* can be retrieved by unprivileged users */
17100 },
17101 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
17102 {
17103 .cmd = NL80211_CMD_SET_REG,
17104 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17105 .doit = nl80211_set_reg,
17106 .flags = GENL_ADMIN_PERM,
17107 },
17108 #endif
17109 {
17110 .cmd = NL80211_CMD_REQ_SET_REG,
17111 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17112 .doit = nl80211_req_set_reg,
17113 .flags = GENL_ADMIN_PERM,
17114 },
17115 {
17116 .cmd = NL80211_CMD_RELOAD_REGDB,
17117 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17118 .doit = nl80211_reload_regdb,
17119 .flags = GENL_ADMIN_PERM,
17120 },
17121 {
17122 .cmd = NL80211_CMD_GET_MESH_CONFIG,
17123 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17124 .doit = nl80211_get_mesh_config,
17125 /* can be retrieved by unprivileged users */
17126 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17127 },
17128 {
17129 .cmd = NL80211_CMD_SET_MESH_CONFIG,
17130 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17131 .doit = nl80211_update_mesh_config,
17132 .flags = GENL_UNS_ADMIN_PERM,
17133 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17134 },
17135 {
17136 .cmd = NL80211_CMD_TRIGGER_SCAN,
17137 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17138 .doit = nl80211_trigger_scan,
17139 .flags = GENL_UNS_ADMIN_PERM,
17140 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17141 },
17142 {
17143 .cmd = NL80211_CMD_ABORT_SCAN,
17144 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17145 .doit = nl80211_abort_scan,
17146 .flags = GENL_UNS_ADMIN_PERM,
17147 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17148 },
17149 {
17150 .cmd = NL80211_CMD_GET_SCAN,
17151 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17152 .dumpit = nl80211_dump_scan,
17153 },
17154 {
17155 .cmd = NL80211_CMD_START_SCHED_SCAN,
17156 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17157 .doit = nl80211_start_sched_scan,
17158 .flags = GENL_UNS_ADMIN_PERM,
17159 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17160 },
17161 {
17162 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
17163 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17164 .doit = nl80211_stop_sched_scan,
17165 .flags = GENL_UNS_ADMIN_PERM,
17166 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17167 },
17168 {
17169 .cmd = NL80211_CMD_AUTHENTICATE,
17170 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17171 .doit = nl80211_authenticate,
17172 .flags = GENL_UNS_ADMIN_PERM,
17173 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17174 NL80211_FLAG_CLEAR_SKB),
17175 },
17176 {
17177 .cmd = NL80211_CMD_ASSOCIATE,
17178 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17179 .doit = nl80211_associate,
17180 .flags = GENL_UNS_ADMIN_PERM,
17181 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17182 NL80211_FLAG_CLEAR_SKB),
17183 },
17184 {
17185 .cmd = NL80211_CMD_DEAUTHENTICATE,
17186 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17187 .doit = nl80211_deauthenticate,
17188 .flags = GENL_UNS_ADMIN_PERM,
17189 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17190 },
17191 {
17192 .cmd = NL80211_CMD_DISASSOCIATE,
17193 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17194 .doit = nl80211_disassociate,
17195 .flags = GENL_UNS_ADMIN_PERM,
17196 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17197 },
17198 {
17199 .cmd = NL80211_CMD_JOIN_IBSS,
17200 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17201 .doit = nl80211_join_ibss,
17202 .flags = GENL_UNS_ADMIN_PERM,
17203 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17204 },
17205 {
17206 .cmd = NL80211_CMD_LEAVE_IBSS,
17207 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17208 .doit = nl80211_leave_ibss,
17209 .flags = GENL_UNS_ADMIN_PERM,
17210 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17211 },
17212 #ifdef CONFIG_NL80211_TESTMODE
17213 {
17214 .cmd = NL80211_CMD_TESTMODE,
17215 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17216 .doit = nl80211_testmode_do,
17217 .dumpit = nl80211_testmode_dump,
17218 .flags = GENL_UNS_ADMIN_PERM,
17219 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17220 },
17221 #endif
17222 {
17223 .cmd = NL80211_CMD_CONNECT,
17224 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17225 .doit = nl80211_connect,
17226 .flags = GENL_UNS_ADMIN_PERM,
17227 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17228 NL80211_FLAG_CLEAR_SKB),
17229 },
17230 {
17231 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
17232 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17233 .doit = nl80211_update_connect_params,
17234 .flags = GENL_ADMIN_PERM,
17235 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17236 NL80211_FLAG_CLEAR_SKB),
17237 },
17238 {
17239 .cmd = NL80211_CMD_DISCONNECT,
17240 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17241 .doit = nl80211_disconnect,
17242 .flags = GENL_UNS_ADMIN_PERM,
17243 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17244 },
17245 {
17246 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
17247 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17248 .doit = nl80211_wiphy_netns,
17249 .flags = GENL_UNS_ADMIN_PERM,
17250 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17251 NL80211_FLAG_NEED_RTNL |
17252 NL80211_FLAG_NO_WIPHY_MTX),
17253 },
17254 {
17255 .cmd = NL80211_CMD_GET_SURVEY,
17256 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17257 .dumpit = nl80211_dump_survey,
17258 },
17259 {
17260 .cmd = NL80211_CMD_SET_PMKSA,
17261 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17262 .doit = nl80211_set_pmksa,
17263 .flags = GENL_UNS_ADMIN_PERM,
17264 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17265 NL80211_FLAG_CLEAR_SKB),
17266 },
17267 {
17268 .cmd = NL80211_CMD_DEL_PMKSA,
17269 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17270 .doit = nl80211_del_pmksa,
17271 .flags = GENL_UNS_ADMIN_PERM,
17272 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17273 },
17274 {
17275 .cmd = NL80211_CMD_FLUSH_PMKSA,
17276 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17277 .doit = nl80211_flush_pmksa,
17278 .flags = GENL_UNS_ADMIN_PERM,
17279 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17280 },
17281 {
17282 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
17283 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17284 .doit = nl80211_remain_on_channel,
17285 .flags = GENL_UNS_ADMIN_PERM,
17286 /* FIXME: requiring a link ID here is probably not good */
17287 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17288 NL80211_FLAG_MLO_VALID_LINK_ID),
17289 },
17290 {
17291 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
17292 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17293 .doit = nl80211_cancel_remain_on_channel,
17294 .flags = GENL_UNS_ADMIN_PERM,
17295 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17296 },
17297 {
17298 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
17299 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17300 .doit = nl80211_set_tx_bitrate_mask,
17301 .flags = GENL_UNS_ADMIN_PERM,
17302 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17303 NL80211_FLAG_MLO_VALID_LINK_ID),
17304 },
17305 {
17306 .cmd = NL80211_CMD_REGISTER_FRAME,
17307 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17308 .doit = nl80211_register_mgmt,
17309 .flags = GENL_UNS_ADMIN_PERM,
17310 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
17311 },
17312 {
17313 .cmd = NL80211_CMD_FRAME,
17314 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17315 .doit = nl80211_tx_mgmt,
17316 .flags = GENL_UNS_ADMIN_PERM,
17317 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17318 },
17319 {
17320 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
17321 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17322 .doit = nl80211_tx_mgmt_cancel_wait,
17323 .flags = GENL_UNS_ADMIN_PERM,
17324 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17325 },
17326 {
17327 .cmd = NL80211_CMD_SET_POWER_SAVE,
17328 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17329 .doit = nl80211_set_power_save,
17330 .flags = GENL_UNS_ADMIN_PERM,
17331 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17332 },
17333 {
17334 .cmd = NL80211_CMD_GET_POWER_SAVE,
17335 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17336 .doit = nl80211_get_power_save,
17337 /* can be retrieved by unprivileged users */
17338 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17339 },
17340 {
17341 .cmd = NL80211_CMD_SET_CQM,
17342 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17343 .doit = nl80211_set_cqm,
17344 .flags = GENL_UNS_ADMIN_PERM,
17345 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17346 },
17347 {
17348 .cmd = NL80211_CMD_SET_CHANNEL,
17349 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17350 .doit = nl80211_set_channel,
17351 .flags = GENL_UNS_ADMIN_PERM,
17352 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17353 NL80211_FLAG_MLO_VALID_LINK_ID),
17354 },
17355 {
17356 .cmd = NL80211_CMD_JOIN_MESH,
17357 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17358 .doit = nl80211_join_mesh,
17359 .flags = GENL_UNS_ADMIN_PERM,
17360 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17361 },
17362 {
17363 .cmd = NL80211_CMD_LEAVE_MESH,
17364 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17365 .doit = nl80211_leave_mesh,
17366 .flags = GENL_UNS_ADMIN_PERM,
17367 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17368 },
17369 {
17370 .cmd = NL80211_CMD_JOIN_OCB,
17371 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17372 .doit = nl80211_join_ocb,
17373 .flags = GENL_UNS_ADMIN_PERM,
17374 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17375 },
17376 {
17377 .cmd = NL80211_CMD_LEAVE_OCB,
17378 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17379 .doit = nl80211_leave_ocb,
17380 .flags = GENL_UNS_ADMIN_PERM,
17381 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17382 },
17383 #ifdef CONFIG_PM
17384 {
17385 .cmd = NL80211_CMD_GET_WOWLAN,
17386 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17387 .doit = nl80211_get_wowlan,
17388 /* can be retrieved by unprivileged users */
17389 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17390 },
17391 {
17392 .cmd = NL80211_CMD_SET_WOWLAN,
17393 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17394 .doit = nl80211_set_wowlan,
17395 .flags = GENL_UNS_ADMIN_PERM,
17396 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17397 },
17398 #endif
17399 {
17400 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
17401 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17402 .doit = nl80211_set_rekey_data,
17403 .flags = GENL_UNS_ADMIN_PERM,
17404 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17405 NL80211_FLAG_CLEAR_SKB),
17406 },
17407 {
17408 .cmd = NL80211_CMD_TDLS_MGMT,
17409 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17410 .doit = nl80211_tdls_mgmt,
17411 .flags = GENL_UNS_ADMIN_PERM,
17412 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17413 NL80211_FLAG_MLO_VALID_LINK_ID),
17414 },
17415 {
17416 .cmd = NL80211_CMD_TDLS_OPER,
17417 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17418 .doit = nl80211_tdls_oper,
17419 .flags = GENL_UNS_ADMIN_PERM,
17420 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17421 },
17422 {
17423 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
17424 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17425 .doit = nl80211_register_unexpected_frame,
17426 .flags = GENL_UNS_ADMIN_PERM,
17427 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17428 },
17429 {
17430 .cmd = NL80211_CMD_PROBE_CLIENT,
17431 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17432 .doit = nl80211_probe_client,
17433 .flags = GENL_UNS_ADMIN_PERM,
17434 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17435 },
17436 {
17437 .cmd = NL80211_CMD_REGISTER_BEACONS,
17438 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17439 .doit = nl80211_register_beacons,
17440 .flags = GENL_UNS_ADMIN_PERM,
17441 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17442 },
17443 {
17444 .cmd = NL80211_CMD_SET_NOACK_MAP,
17445 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17446 .doit = nl80211_set_noack_map,
17447 .flags = GENL_UNS_ADMIN_PERM,
17448 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17449 },
17450 {
17451 .cmd = NL80211_CMD_START_P2P_DEVICE,
17452 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17453 .doit = nl80211_start_p2p_device,
17454 .flags = GENL_UNS_ADMIN_PERM,
17455 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17456 NL80211_FLAG_NEED_RTNL),
17457 },
17458 {
17459 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
17460 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17461 .doit = nl80211_stop_p2p_device,
17462 .flags = GENL_UNS_ADMIN_PERM,
17463 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17464 NL80211_FLAG_NEED_RTNL),
17465 },
17466 {
17467 .cmd = NL80211_CMD_START_NAN,
17468 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17469 .doit = nl80211_start_nan,
17470 .flags = GENL_ADMIN_PERM,
17471 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17472 NL80211_FLAG_NEED_RTNL),
17473 },
17474 {
17475 .cmd = NL80211_CMD_STOP_NAN,
17476 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17477 .doit = nl80211_stop_nan,
17478 .flags = GENL_ADMIN_PERM,
17479 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17480 NL80211_FLAG_NEED_RTNL),
17481 },
17482 {
17483 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
17484 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17485 .doit = nl80211_nan_add_func,
17486 .flags = GENL_ADMIN_PERM,
17487 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17488 },
17489 {
17490 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
17491 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17492 .doit = nl80211_nan_del_func,
17493 .flags = GENL_ADMIN_PERM,
17494 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17495 },
17496 {
17497 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
17498 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17499 .doit = nl80211_nan_change_config,
17500 .flags = GENL_ADMIN_PERM,
17501 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17502 },
17503 {
17504 .cmd = NL80211_CMD_SET_MCAST_RATE,
17505 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17506 .doit = nl80211_set_mcast_rate,
17507 .flags = GENL_UNS_ADMIN_PERM,
17508 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17509 },
17510 {
17511 .cmd = NL80211_CMD_SET_MAC_ACL,
17512 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17513 .doit = nl80211_set_mac_acl,
17514 .flags = GENL_UNS_ADMIN_PERM,
17515 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17516 NL80211_FLAG_MLO_UNSUPPORTED),
17517 },
17518 {
17519 .cmd = NL80211_CMD_RADAR_DETECT,
17520 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17521 .doit = nl80211_start_radar_detection,
17522 .flags = GENL_UNS_ADMIN_PERM,
17523 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17524 NL80211_FLAG_NO_WIPHY_MTX |
17525 NL80211_FLAG_MLO_VALID_LINK_ID),
17526 },
17527 {
17528 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
17529 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17530 .doit = nl80211_get_protocol_features,
17531 },
17532 {
17533 .cmd = NL80211_CMD_UPDATE_FT_IES,
17534 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17535 .doit = nl80211_update_ft_ies,
17536 .flags = GENL_UNS_ADMIN_PERM,
17537 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17538 },
17539 {
17540 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
17541 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17542 .doit = nl80211_crit_protocol_start,
17543 .flags = GENL_UNS_ADMIN_PERM,
17544 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17545 },
17546 {
17547 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
17548 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17549 .doit = nl80211_crit_protocol_stop,
17550 .flags = GENL_UNS_ADMIN_PERM,
17551 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17552 },
17553 {
17554 .cmd = NL80211_CMD_GET_COALESCE,
17555 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17556 .doit = nl80211_get_coalesce,
17557 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17558 },
17559 {
17560 .cmd = NL80211_CMD_SET_COALESCE,
17561 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17562 .doit = nl80211_set_coalesce,
17563 .flags = GENL_UNS_ADMIN_PERM,
17564 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17565 },
17566 {
17567 .cmd = NL80211_CMD_CHANNEL_SWITCH,
17568 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17569 .doit = nl80211_channel_switch,
17570 .flags = GENL_UNS_ADMIN_PERM,
17571 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17572 NL80211_FLAG_MLO_VALID_LINK_ID),
17573 },
17574 {
17575 .cmd = NL80211_CMD_VENDOR,
17576 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17577 .doit = nl80211_vendor_cmd,
17578 .dumpit = nl80211_vendor_cmd_dump,
17579 .flags = GENL_UNS_ADMIN_PERM,
17580 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17581 NL80211_FLAG_CLEAR_SKB),
17582 },
17583 {
17584 .cmd = NL80211_CMD_SET_QOS_MAP,
17585 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17586 .doit = nl80211_set_qos_map,
17587 .flags = GENL_UNS_ADMIN_PERM,
17588 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17589 },
17590 {
17591 .cmd = NL80211_CMD_ADD_TX_TS,
17592 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17593 .doit = nl80211_add_tx_ts,
17594 .flags = GENL_UNS_ADMIN_PERM,
17595 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17596 NL80211_FLAG_MLO_UNSUPPORTED),
17597 },
17598 {
17599 .cmd = NL80211_CMD_DEL_TX_TS,
17600 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17601 .doit = nl80211_del_tx_ts,
17602 .flags = GENL_UNS_ADMIN_PERM,
17603 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17604 },
17605 {
17606 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
17607 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17608 .doit = nl80211_tdls_channel_switch,
17609 .flags = GENL_UNS_ADMIN_PERM,
17610 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17611 },
17612 {
17613 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
17614 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17615 .doit = nl80211_tdls_cancel_channel_switch,
17616 .flags = GENL_UNS_ADMIN_PERM,
17617 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17618 },
17619 {
17620 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
17621 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17622 .doit = nl80211_set_multicast_to_unicast,
17623 .flags = GENL_UNS_ADMIN_PERM,
17624 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17625 },
17626 {
17627 .cmd = NL80211_CMD_SET_PMK,
17628 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17629 .doit = nl80211_set_pmk,
17630 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17631 NL80211_FLAG_CLEAR_SKB),
17632 },
17633 {
17634 .cmd = NL80211_CMD_DEL_PMK,
17635 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17636 .doit = nl80211_del_pmk,
17637 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17638 },
17639 {
17640 .cmd = NL80211_CMD_EXTERNAL_AUTH,
17641 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17642 .doit = nl80211_external_auth,
17643 .flags = GENL_ADMIN_PERM,
17644 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17645 },
17646 {
17647 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
17648 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17649 .doit = nl80211_tx_control_port,
17650 .flags = GENL_UNS_ADMIN_PERM,
17651 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17652 },
17653 {
17654 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
17655 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17656 .doit = nl80211_get_ftm_responder_stats,
17657 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17658 NL80211_FLAG_MLO_VALID_LINK_ID),
17659 },
17660 {
17661 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
17662 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17663 .doit = nl80211_pmsr_start,
17664 .flags = GENL_UNS_ADMIN_PERM,
17665 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17666 },
17667 {
17668 .cmd = NL80211_CMD_NOTIFY_RADAR,
17669 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17670 .doit = nl80211_notify_radar_detection,
17671 .flags = GENL_UNS_ADMIN_PERM,
17672 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17673 },
17674 {
17675 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
17676 .doit = nl80211_update_owe_info,
17677 .flags = GENL_ADMIN_PERM,
17678 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17679 },
17680 {
17681 .cmd = NL80211_CMD_PROBE_MESH_LINK,
17682 .doit = nl80211_probe_mesh_link,
17683 .flags = GENL_UNS_ADMIN_PERM,
17684 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17685 },
17686 {
17687 .cmd = NL80211_CMD_SET_TID_CONFIG,
17688 .doit = nl80211_set_tid_config,
17689 .flags = GENL_UNS_ADMIN_PERM,
17690 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17691 NL80211_FLAG_MLO_VALID_LINK_ID),
17692 },
17693 {
17694 .cmd = NL80211_CMD_SET_SAR_SPECS,
17695 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17696 .doit = nl80211_set_sar_specs,
17697 .flags = GENL_UNS_ADMIN_PERM,
17698 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17699 NL80211_FLAG_NEED_RTNL),
17700 },
17701 {
17702 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
17703 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17704 .doit = nl80211_color_change,
17705 .flags = GENL_UNS_ADMIN_PERM,
17706 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17707 NL80211_FLAG_MLO_VALID_LINK_ID),
17708 },
17709 {
17710 .cmd = NL80211_CMD_SET_FILS_AAD,
17711 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17712 .doit = nl80211_set_fils_aad,
17713 .flags = GENL_UNS_ADMIN_PERM,
17714 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17715 },
17716 {
17717 .cmd = NL80211_CMD_ADD_LINK,
17718 .doit = nl80211_add_link,
17719 .flags = GENL_UNS_ADMIN_PERM,
17720 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17721 },
17722 {
17723 .cmd = NL80211_CMD_REMOVE_LINK,
17724 .doit = nl80211_remove_link,
17725 .flags = GENL_UNS_ADMIN_PERM,
17726 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17727 NL80211_FLAG_MLO_VALID_LINK_ID),
17728 },
17729 {
17730 .cmd = NL80211_CMD_ADD_LINK_STA,
17731 .doit = nl80211_add_link_station,
17732 .flags = GENL_UNS_ADMIN_PERM,
17733 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17734 NL80211_FLAG_MLO_VALID_LINK_ID),
17735 },
17736 {
17737 .cmd = NL80211_CMD_MODIFY_LINK_STA,
17738 .doit = nl80211_modify_link_station,
17739 .flags = GENL_UNS_ADMIN_PERM,
17740 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17741 NL80211_FLAG_MLO_VALID_LINK_ID),
17742 },
17743 {
17744 .cmd = NL80211_CMD_REMOVE_LINK_STA,
17745 .doit = nl80211_remove_link_station,
17746 .flags = GENL_UNS_ADMIN_PERM,
17747 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17748 NL80211_FLAG_MLO_VALID_LINK_ID),
17749 },
17750 {
17751 .cmd = NL80211_CMD_SET_HW_TIMESTAMP,
17752 .doit = nl80211_set_hw_timestamp,
17753 .flags = GENL_UNS_ADMIN_PERM,
17754 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17755 },
17756 {
17757 .cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
17758 .doit = nl80211_set_ttlm,
17759 .flags = GENL_UNS_ADMIN_PERM,
17760 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17761 },
17762 {
17763 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
17764 .doit = nl80211_assoc_ml_reconf,
17765 .flags = GENL_UNS_ADMIN_PERM,
17766 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17767 },
17768 {
17769 .cmd = NL80211_CMD_EPCS_CFG,
17770 .doit = nl80211_epcs_cfg,
17771 .flags = GENL_UNS_ADMIN_PERM,
17772 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17773 },
17774 };
17775
17776 static struct genl_family nl80211_fam __ro_after_init = {
17777 .name = NL80211_GENL_NAME, /* have users key off the name instead */
17778 .hdrsize = 0, /* no private header */
17779 .version = 1, /* no particular meaning now */
17780 .maxattr = NL80211_ATTR_MAX,
17781 .policy = nl80211_policy,
17782 .netnsok = true,
17783 .pre_doit = nl80211_pre_doit,
17784 .post_doit = nl80211_post_doit,
17785 .module = THIS_MODULE,
17786 .ops = nl80211_ops,
17787 .n_ops = ARRAY_SIZE(nl80211_ops),
17788 .small_ops = nl80211_small_ops,
17789 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
17790 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
17791 .mcgrps = nl80211_mcgrps,
17792 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
17793 .parallel_ops = true,
17794 };
17795
17796 /* notification functions */
17797
nl80211_notify_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd)17798 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
17799 enum nl80211_commands cmd)
17800 {
17801 struct sk_buff *msg;
17802 struct nl80211_dump_wiphy_state state = {};
17803
17804 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
17805 cmd != NL80211_CMD_DEL_WIPHY);
17806
17807 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17808 if (!msg)
17809 return;
17810
17811 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
17812 nlmsg_free(msg);
17813 return;
17814 }
17815
17816 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17817 NL80211_MCGRP_CONFIG, GFP_KERNEL);
17818 }
17819
nl80211_notify_iface(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)17820 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
17821 struct wireless_dev *wdev,
17822 enum nl80211_commands cmd)
17823 {
17824 struct sk_buff *msg;
17825
17826 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17827 if (!msg)
17828 return;
17829
17830 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
17831 nlmsg_free(msg);
17832 return;
17833 }
17834
17835 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17836 NL80211_MCGRP_CONFIG, GFP_KERNEL);
17837 }
17838
nl80211_add_scan_req(struct sk_buff * msg,struct cfg80211_registered_device * rdev)17839 static int nl80211_add_scan_req(struct sk_buff *msg,
17840 struct cfg80211_registered_device *rdev)
17841 {
17842 struct cfg80211_scan_request *req = rdev->scan_req;
17843 struct nlattr *nest;
17844 int i;
17845 struct cfg80211_scan_info *info;
17846
17847 if (WARN_ON(!req))
17848 return 0;
17849
17850 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
17851 if (!nest)
17852 goto nla_put_failure;
17853 for (i = 0; i < req->n_ssids; i++) {
17854 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
17855 goto nla_put_failure;
17856 }
17857 nla_nest_end(msg, nest);
17858
17859 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
17860 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
17861 if (!nest)
17862 goto nla_put_failure;
17863 for (i = 0; i < req->n_channels; i++) {
17864 if (nla_put_u32(msg, i,
17865 ieee80211_channel_to_khz(req->channels[i])))
17866 goto nla_put_failure;
17867 }
17868 nla_nest_end(msg, nest);
17869 } else {
17870 nest = nla_nest_start_noflag(msg,
17871 NL80211_ATTR_SCAN_FREQUENCIES);
17872 if (!nest)
17873 goto nla_put_failure;
17874 for (i = 0; i < req->n_channels; i++) {
17875 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
17876 goto nla_put_failure;
17877 }
17878 nla_nest_end(msg, nest);
17879 }
17880
17881 if (req->ie &&
17882 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
17883 goto nla_put_failure;
17884
17885 if (req->flags &&
17886 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
17887 goto nla_put_failure;
17888
17889 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
17890 &rdev->scan_req->info;
17891 if (info->scan_start_tsf &&
17892 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
17893 info->scan_start_tsf, NL80211_BSS_PAD) ||
17894 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
17895 info->tsf_bssid)))
17896 goto nla_put_failure;
17897
17898 return 0;
17899 nla_put_failure:
17900 return -ENOBUFS;
17901 }
17902
nl80211_prep_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 portid,u32 seq,int flags,u32 cmd)17903 static int nl80211_prep_scan_msg(struct sk_buff *msg,
17904 struct cfg80211_registered_device *rdev,
17905 struct wireless_dev *wdev,
17906 u32 portid, u32 seq, int flags,
17907 u32 cmd)
17908 {
17909 void *hdr;
17910
17911 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
17912 if (!hdr)
17913 return -1;
17914
17915 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17916 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17917 wdev->netdev->ifindex)) ||
17918 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17919 NL80211_ATTR_PAD))
17920 goto nla_put_failure;
17921
17922 /* ignore errors and send incomplete event anyway */
17923 nl80211_add_scan_req(msg, rdev);
17924
17925 genlmsg_end(msg, hdr);
17926 return 0;
17927
17928 nla_put_failure:
17929 genlmsg_cancel(msg, hdr);
17930 return -EMSGSIZE;
17931 }
17932
17933 static int
nl80211_prep_sched_scan_msg(struct sk_buff * msg,struct cfg80211_sched_scan_request * req,u32 cmd)17934 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
17935 struct cfg80211_sched_scan_request *req, u32 cmd)
17936 {
17937 void *hdr;
17938
17939 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
17940 if (!hdr)
17941 return -1;
17942
17943 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
17944 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
17945 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
17946 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
17947 NL80211_ATTR_PAD))
17948 goto nla_put_failure;
17949
17950 genlmsg_end(msg, hdr);
17951 return 0;
17952
17953 nla_put_failure:
17954 genlmsg_cancel(msg, hdr);
17955 return -EMSGSIZE;
17956 }
17957
nl80211_send_scan_start(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)17958 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
17959 struct wireless_dev *wdev)
17960 {
17961 struct sk_buff *msg;
17962
17963 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17964 if (!msg)
17965 return;
17966
17967 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17968 NL80211_CMD_TRIGGER_SCAN) < 0) {
17969 nlmsg_free(msg);
17970 return;
17971 }
17972
17973 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17974 NL80211_MCGRP_SCAN, GFP_KERNEL);
17975 }
17976
nl80211_build_scan_msg(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,bool aborted)17977 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
17978 struct wireless_dev *wdev, bool aborted)
17979 {
17980 struct sk_buff *msg;
17981
17982 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17983 if (!msg)
17984 return NULL;
17985
17986 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17987 aborted ? NL80211_CMD_SCAN_ABORTED :
17988 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
17989 nlmsg_free(msg);
17990 return NULL;
17991 }
17992
17993 return msg;
17994 }
17995
17996 /* send message created by nl80211_build_scan_msg() */
nl80211_send_scan_msg(struct cfg80211_registered_device * rdev,struct sk_buff * msg)17997 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
17998 struct sk_buff *msg)
17999 {
18000 if (!msg)
18001 return;
18002
18003 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18004 NL80211_MCGRP_SCAN, GFP_KERNEL);
18005 }
18006
nl80211_send_sched_scan(struct cfg80211_sched_scan_request * req,u32 cmd)18007 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
18008 {
18009 struct sk_buff *msg;
18010
18011 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18012 if (!msg)
18013 return;
18014
18015 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
18016 nlmsg_free(msg);
18017 return;
18018 }
18019
18020 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
18021 NL80211_MCGRP_SCAN, GFP_KERNEL);
18022 }
18023
nl80211_reg_change_event_fill(struct sk_buff * msg,struct regulatory_request * request)18024 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
18025 struct regulatory_request *request)
18026 {
18027 /* Userspace can always count this one always being set */
18028 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
18029 goto nla_put_failure;
18030
18031 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
18032 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18033 NL80211_REGDOM_TYPE_WORLD))
18034 goto nla_put_failure;
18035 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
18036 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18037 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
18038 goto nla_put_failure;
18039 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
18040 request->intersect) {
18041 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18042 NL80211_REGDOM_TYPE_INTERSECTION))
18043 goto nla_put_failure;
18044 } else {
18045 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
18046 NL80211_REGDOM_TYPE_COUNTRY) ||
18047 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
18048 request->alpha2))
18049 goto nla_put_failure;
18050 }
18051
18052 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
18053 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
18054
18055 if (wiphy &&
18056 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
18057 goto nla_put_failure;
18058
18059 if (wiphy &&
18060 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
18061 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
18062 goto nla_put_failure;
18063 }
18064
18065 return true;
18066
18067 nla_put_failure:
18068 return false;
18069 }
18070
18071 /*
18072 * This can happen on global regulatory changes or device specific settings
18073 * based on custom regulatory domains.
18074 */
nl80211_common_reg_change_event(enum nl80211_commands cmd_id,struct regulatory_request * request)18075 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
18076 struct regulatory_request *request)
18077 {
18078 struct sk_buff *msg;
18079 void *hdr;
18080
18081 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18082 if (!msg)
18083 return;
18084
18085 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
18086 if (!hdr)
18087 goto nla_put_failure;
18088
18089 if (!nl80211_reg_change_event_fill(msg, request))
18090 goto nla_put_failure;
18091
18092 genlmsg_end(msg, hdr);
18093
18094 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
18095 NL80211_MCGRP_REGULATORY);
18096
18097 return;
18098
18099 nla_put_failure:
18100 nlmsg_free(msg);
18101 }
18102
18103 struct nl80211_mlme_event {
18104 enum nl80211_commands cmd;
18105 const u8 *buf;
18106 size_t buf_len;
18107 int uapsd_queues;
18108 const u8 *req_ies;
18109 size_t req_ies_len;
18110 bool reconnect;
18111 };
18112
nl80211_send_mlme_event(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct nl80211_mlme_event * event,gfp_t gfp)18113 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
18114 struct net_device *netdev,
18115 const struct nl80211_mlme_event *event,
18116 gfp_t gfp)
18117 {
18118 struct sk_buff *msg;
18119 void *hdr;
18120
18121 msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
18122 if (!msg)
18123 return;
18124
18125 hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
18126 if (!hdr) {
18127 nlmsg_free(msg);
18128 return;
18129 }
18130
18131 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18132 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18133 nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
18134 (event->req_ies &&
18135 nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
18136 event->req_ies)))
18137 goto nla_put_failure;
18138
18139 if (event->reconnect &&
18140 nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
18141 goto nla_put_failure;
18142
18143 if (event->uapsd_queues >= 0) {
18144 struct nlattr *nla_wmm =
18145 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
18146 if (!nla_wmm)
18147 goto nla_put_failure;
18148
18149 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
18150 event->uapsd_queues))
18151 goto nla_put_failure;
18152
18153 nla_nest_end(msg, nla_wmm);
18154 }
18155
18156 genlmsg_end(msg, hdr);
18157
18158 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18159 NL80211_MCGRP_MLME, gfp);
18160 return;
18161
18162 nla_put_failure:
18163 nlmsg_free(msg);
18164 }
18165
nl80211_send_rx_auth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)18166 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
18167 struct net_device *netdev, const u8 *buf,
18168 size_t len, gfp_t gfp)
18169 {
18170 struct nl80211_mlme_event event = {
18171 .cmd = NL80211_CMD_AUTHENTICATE,
18172 .buf = buf,
18173 .buf_len = len,
18174 .uapsd_queues = -1,
18175 };
18176
18177 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18178 }
18179
nl80211_send_rx_assoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct cfg80211_rx_assoc_resp_data * data)18180 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
18181 struct net_device *netdev,
18182 const struct cfg80211_rx_assoc_resp_data *data)
18183 {
18184 struct nl80211_mlme_event event = {
18185 .cmd = NL80211_CMD_ASSOCIATE,
18186 .buf = data->buf,
18187 .buf_len = data->len,
18188 .uapsd_queues = data->uapsd_queues,
18189 .req_ies = data->req_ies,
18190 .req_ies_len = data->req_ies_len,
18191 };
18192
18193 nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
18194 }
18195
nl80211_send_deauth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)18196 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
18197 struct net_device *netdev, const u8 *buf,
18198 size_t len, bool reconnect, gfp_t gfp)
18199 {
18200 struct nl80211_mlme_event event = {
18201 .cmd = NL80211_CMD_DEAUTHENTICATE,
18202 .buf = buf,
18203 .buf_len = len,
18204 .reconnect = reconnect,
18205 .uapsd_queues = -1,
18206 };
18207
18208 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18209 }
18210
nl80211_send_disassoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)18211 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
18212 struct net_device *netdev, const u8 *buf,
18213 size_t len, bool reconnect, gfp_t gfp)
18214 {
18215 struct nl80211_mlme_event event = {
18216 .cmd = NL80211_CMD_DISASSOCIATE,
18217 .buf = buf,
18218 .buf_len = len,
18219 .reconnect = reconnect,
18220 .uapsd_queues = -1,
18221 };
18222
18223 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18224 }
18225
cfg80211_rx_unprot_mlme_mgmt(struct net_device * dev,const u8 * buf,size_t len)18226 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
18227 size_t len)
18228 {
18229 struct wireless_dev *wdev = dev->ieee80211_ptr;
18230 struct wiphy *wiphy = wdev->wiphy;
18231 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18232 const struct ieee80211_mgmt *mgmt = (void *)buf;
18233 struct nl80211_mlme_event event = {
18234 .buf = buf,
18235 .buf_len = len,
18236 .uapsd_queues = -1,
18237 };
18238
18239 if (WARN_ON(len < 2))
18240 return;
18241
18242 if (ieee80211_is_deauth(mgmt->frame_control)) {
18243 event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
18244 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
18245 event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
18246 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
18247 if (wdev->unprot_beacon_reported &&
18248 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
18249 return;
18250 event.cmd = NL80211_CMD_UNPROT_BEACON;
18251 wdev->unprot_beacon_reported = jiffies;
18252 } else {
18253 return;
18254 }
18255
18256 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
18257 nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
18258 }
18259 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
18260
nl80211_send_mlme_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,int cmd,const u8 * addr,gfp_t gfp)18261 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
18262 struct net_device *netdev, int cmd,
18263 const u8 *addr, gfp_t gfp)
18264 {
18265 struct sk_buff *msg;
18266 void *hdr;
18267
18268 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18269 if (!msg)
18270 return;
18271
18272 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18273 if (!hdr) {
18274 nlmsg_free(msg);
18275 return;
18276 }
18277
18278 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18279 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18280 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18281 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18282 goto nla_put_failure;
18283
18284 genlmsg_end(msg, hdr);
18285
18286 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18287 NL80211_MCGRP_MLME, gfp);
18288 return;
18289
18290 nla_put_failure:
18291 nlmsg_free(msg);
18292 }
18293
nl80211_send_auth_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)18294 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
18295 struct net_device *netdev, const u8 *addr,
18296 gfp_t gfp)
18297 {
18298 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
18299 addr, gfp);
18300 }
18301
nl80211_send_assoc_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)18302 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
18303 struct net_device *netdev, const u8 *addr,
18304 gfp_t gfp)
18305 {
18306 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
18307 addr, gfp);
18308 }
18309
nl80211_send_connect_result(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_connect_resp_params * cr,gfp_t gfp)18310 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
18311 struct net_device *netdev,
18312 struct cfg80211_connect_resp_params *cr,
18313 gfp_t gfp)
18314 {
18315 struct sk_buff *msg;
18316 void *hdr;
18317 unsigned int link;
18318 size_t link_info_size = 0;
18319 const u8 *connected_addr = cr->valid_links ?
18320 cr->ap_mld_addr : cr->links[0].bssid;
18321
18322 if (cr->valid_links) {
18323 for_each_valid_link(cr, link) {
18324 /* Nested attribute header */
18325 link_info_size += NLA_HDRLEN;
18326 /* Link ID */
18327 link_info_size += nla_total_size(sizeof(u8));
18328 link_info_size += cr->links[link].addr ?
18329 nla_total_size(ETH_ALEN) : 0;
18330 link_info_size += (cr->links[link].bssid ||
18331 cr->links[link].bss) ?
18332 nla_total_size(ETH_ALEN) : 0;
18333 link_info_size += nla_total_size(sizeof(u16));
18334 }
18335 }
18336
18337 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
18338 cr->fils.kek_len + cr->fils.pmk_len +
18339 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
18340 gfp);
18341 if (!msg)
18342 return;
18343
18344 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
18345 if (!hdr) {
18346 nlmsg_free(msg);
18347 return;
18348 }
18349
18350 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18351 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18352 (connected_addr &&
18353 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
18354 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18355 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
18356 cr->status) ||
18357 (cr->status < 0 &&
18358 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18359 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
18360 cr->timeout_reason))) ||
18361 (cr->req_ie &&
18362 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
18363 (cr->resp_ie &&
18364 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
18365 cr->resp_ie)) ||
18366 (cr->fils.update_erp_next_seq_num &&
18367 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18368 cr->fils.erp_next_seq_num)) ||
18369 (cr->status == WLAN_STATUS_SUCCESS &&
18370 ((cr->fils.kek &&
18371 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
18372 cr->fils.kek)) ||
18373 (cr->fils.pmk &&
18374 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
18375 (cr->fils.pmkid &&
18376 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
18377 goto nla_put_failure;
18378
18379 if (cr->valid_links) {
18380 int i = 1;
18381 struct nlattr *nested;
18382
18383 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18384 if (!nested)
18385 goto nla_put_failure;
18386
18387 for_each_valid_link(cr, link) {
18388 struct nlattr *nested_mlo_links;
18389 const u8 *bssid = cr->links[link].bss ?
18390 cr->links[link].bss->bssid :
18391 cr->links[link].bssid;
18392
18393 nested_mlo_links = nla_nest_start(msg, i);
18394 if (!nested_mlo_links)
18395 goto nla_put_failure;
18396
18397 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18398 (bssid &&
18399 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18400 (cr->links[link].addr &&
18401 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18402 cr->links[link].addr)) ||
18403 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18404 cr->links[link].status))
18405 goto nla_put_failure;
18406
18407 nla_nest_end(msg, nested_mlo_links);
18408 i++;
18409 }
18410 nla_nest_end(msg, nested);
18411 }
18412
18413 genlmsg_end(msg, hdr);
18414
18415 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18416 NL80211_MCGRP_MLME, gfp);
18417 return;
18418
18419 nla_put_failure:
18420 nlmsg_free(msg);
18421 }
18422
nl80211_send_roamed(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_roam_info * info,gfp_t gfp)18423 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
18424 struct net_device *netdev,
18425 struct cfg80211_roam_info *info, gfp_t gfp)
18426 {
18427 struct sk_buff *msg;
18428 void *hdr;
18429 size_t link_info_size = 0;
18430 unsigned int link;
18431 const u8 *connected_addr = info->ap_mld_addr ?
18432 info->ap_mld_addr :
18433 (info->links[0].bss ?
18434 info->links[0].bss->bssid :
18435 info->links[0].bssid);
18436
18437 if (info->valid_links) {
18438 for_each_valid_link(info, link) {
18439 /* Nested attribute header */
18440 link_info_size += NLA_HDRLEN;
18441 /* Link ID */
18442 link_info_size += nla_total_size(sizeof(u8));
18443 link_info_size += info->links[link].addr ?
18444 nla_total_size(ETH_ALEN) : 0;
18445 link_info_size += (info->links[link].bssid ||
18446 info->links[link].bss) ?
18447 nla_total_size(ETH_ALEN) : 0;
18448 }
18449 }
18450
18451 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
18452 info->fils.kek_len + info->fils.pmk_len +
18453 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
18454 link_info_size, gfp);
18455 if (!msg)
18456 return;
18457
18458 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
18459 if (!hdr) {
18460 nlmsg_free(msg);
18461 return;
18462 }
18463
18464 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18465 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18466 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
18467 (info->req_ie &&
18468 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
18469 info->req_ie)) ||
18470 (info->resp_ie &&
18471 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
18472 info->resp_ie)) ||
18473 (info->fils.update_erp_next_seq_num &&
18474 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18475 info->fils.erp_next_seq_num)) ||
18476 (info->fils.kek &&
18477 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
18478 info->fils.kek)) ||
18479 (info->fils.pmk &&
18480 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
18481 (info->fils.pmkid &&
18482 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
18483 goto nla_put_failure;
18484
18485 if (info->valid_links) {
18486 int i = 1;
18487 struct nlattr *nested;
18488
18489 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18490 if (!nested)
18491 goto nla_put_failure;
18492
18493 for_each_valid_link(info, link) {
18494 struct nlattr *nested_mlo_links;
18495 const u8 *bssid = info->links[link].bss ?
18496 info->links[link].bss->bssid :
18497 info->links[link].bssid;
18498
18499 nested_mlo_links = nla_nest_start(msg, i);
18500 if (!nested_mlo_links)
18501 goto nla_put_failure;
18502
18503 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18504 (bssid &&
18505 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18506 (info->links[link].addr &&
18507 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18508 info->links[link].addr)))
18509 goto nla_put_failure;
18510
18511 nla_nest_end(msg, nested_mlo_links);
18512 i++;
18513 }
18514 nla_nest_end(msg, nested);
18515 }
18516
18517 genlmsg_end(msg, hdr);
18518
18519 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18520 NL80211_MCGRP_MLME, gfp);
18521 return;
18522
18523 nla_put_failure:
18524 nlmsg_free(msg);
18525 }
18526
nl80211_send_port_authorized(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * peer_addr,const u8 * td_bitmap,u8 td_bitmap_len)18527 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
18528 struct net_device *netdev, const u8 *peer_addr,
18529 const u8 *td_bitmap, u8 td_bitmap_len)
18530 {
18531 struct sk_buff *msg;
18532 void *hdr;
18533
18534 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18535 if (!msg)
18536 return;
18537
18538 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
18539 if (!hdr) {
18540 nlmsg_free(msg);
18541 return;
18542 }
18543
18544 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18545 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18546 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
18547 goto nla_put_failure;
18548
18549 if (td_bitmap_len > 0 && td_bitmap &&
18550 nla_put(msg, NL80211_ATTR_TD_BITMAP, td_bitmap_len, td_bitmap))
18551 goto nla_put_failure;
18552
18553 genlmsg_end(msg, hdr);
18554
18555 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18556 NL80211_MCGRP_MLME, GFP_KERNEL);
18557 return;
18558
18559 nla_put_failure:
18560 nlmsg_free(msg);
18561 }
18562
nl80211_send_disconnected(struct cfg80211_registered_device * rdev,struct net_device * netdev,u16 reason,const u8 * ie,size_t ie_len,bool from_ap)18563 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
18564 struct net_device *netdev, u16 reason,
18565 const u8 *ie, size_t ie_len, bool from_ap)
18566 {
18567 struct sk_buff *msg;
18568 void *hdr;
18569
18570 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
18571 if (!msg)
18572 return;
18573
18574 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
18575 if (!hdr) {
18576 nlmsg_free(msg);
18577 return;
18578 }
18579
18580 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18581 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18582 (reason &&
18583 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
18584 (from_ap &&
18585 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
18586 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
18587 goto nla_put_failure;
18588
18589 genlmsg_end(msg, hdr);
18590
18591 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18592 NL80211_MCGRP_MLME, GFP_KERNEL);
18593 return;
18594
18595 nla_put_failure:
18596 nlmsg_free(msg);
18597 }
18598
cfg80211_links_removed(struct net_device * dev,u16 link_mask)18599 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
18600 {
18601 struct wireless_dev *wdev = dev->ieee80211_ptr;
18602 struct wiphy *wiphy = wdev->wiphy;
18603 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18604 struct sk_buff *msg;
18605 struct nlattr *links;
18606 void *hdr;
18607
18608 lockdep_assert_wiphy(wdev->wiphy);
18609 trace_cfg80211_links_removed(dev, link_mask);
18610
18611 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
18612 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
18613 return;
18614
18615 if (WARN_ON(!wdev->valid_links || !link_mask ||
18616 (wdev->valid_links & link_mask) != link_mask ||
18617 wdev->valid_links == link_mask))
18618 return;
18619
18620 cfg80211_wdev_release_link_bsses(wdev, link_mask);
18621 wdev->valid_links &= ~link_mask;
18622
18623 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18624 if (!msg)
18625 return;
18626
18627 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
18628 if (!hdr) {
18629 nlmsg_free(msg);
18630 return;
18631 }
18632
18633 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18634 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
18635 goto nla_put_failure;
18636
18637 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18638 if (!links)
18639 goto nla_put_failure;
18640
18641 while (link_mask) {
18642 struct nlattr *link;
18643 int link_id = __ffs(link_mask);
18644
18645 link = nla_nest_start(msg, link_id + 1);
18646 if (!link)
18647 goto nla_put_failure;
18648
18649 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
18650 goto nla_put_failure;
18651
18652 nla_nest_end(msg, link);
18653 link_mask &= ~(1 << link_id);
18654 }
18655
18656 nla_nest_end(msg, links);
18657
18658 genlmsg_end(msg, hdr);
18659
18660 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18661 NL80211_MCGRP_MLME, GFP_KERNEL);
18662 return;
18663
18664 nla_put_failure:
18665 nlmsg_free(msg);
18666 }
18667 EXPORT_SYMBOL(cfg80211_links_removed);
18668
nl80211_mlo_reconf_add_done(struct net_device * dev,struct cfg80211_mlo_reconf_done_data * data)18669 void nl80211_mlo_reconf_add_done(struct net_device *dev,
18670 struct cfg80211_mlo_reconf_done_data *data)
18671 {
18672 struct wireless_dev *wdev = dev->ieee80211_ptr;
18673 struct wiphy *wiphy = wdev->wiphy;
18674 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18675 struct nl80211_mlme_event event = {
18676 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
18677 .buf = data->buf,
18678 .buf_len = data->len,
18679 .uapsd_queues = -1,
18680 };
18681
18682 nl80211_send_mlme_event(rdev, dev, &event, GFP_KERNEL);
18683 }
18684 EXPORT_SYMBOL(nl80211_mlo_reconf_add_done);
18685
nl80211_send_ibss_bssid(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,gfp_t gfp)18686 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
18687 struct net_device *netdev, const u8 *bssid,
18688 gfp_t gfp)
18689 {
18690 struct sk_buff *msg;
18691 void *hdr;
18692
18693 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18694 if (!msg)
18695 return;
18696
18697 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
18698 if (!hdr) {
18699 nlmsg_free(msg);
18700 return;
18701 }
18702
18703 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18704 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18705 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
18706 goto nla_put_failure;
18707
18708 genlmsg_end(msg, hdr);
18709
18710 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18711 NL80211_MCGRP_MLME, gfp);
18712 return;
18713
18714 nla_put_failure:
18715 nlmsg_free(msg);
18716 }
18717
cfg80211_notify_new_peer_candidate(struct net_device * dev,const u8 * addr,const u8 * ie,u8 ie_len,int sig_dbm,gfp_t gfp)18718 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
18719 const u8 *ie, u8 ie_len,
18720 int sig_dbm, gfp_t gfp)
18721 {
18722 struct wireless_dev *wdev = dev->ieee80211_ptr;
18723 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18724 struct sk_buff *msg;
18725 void *hdr;
18726
18727 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
18728 return;
18729
18730 trace_cfg80211_notify_new_peer_candidate(dev, addr);
18731
18732 msg = nlmsg_new(100 + ie_len, gfp);
18733 if (!msg)
18734 return;
18735
18736 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
18737 if (!hdr) {
18738 nlmsg_free(msg);
18739 return;
18740 }
18741
18742 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18743 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18744 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
18745 (ie_len && ie &&
18746 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
18747 (sig_dbm &&
18748 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
18749 goto nla_put_failure;
18750
18751 genlmsg_end(msg, hdr);
18752
18753 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18754 NL80211_MCGRP_MLME, gfp);
18755 return;
18756
18757 nla_put_failure:
18758 nlmsg_free(msg);
18759 }
18760 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
18761
nl80211_michael_mic_failure(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,enum nl80211_key_type key_type,int key_id,const u8 * tsc,gfp_t gfp)18762 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
18763 struct net_device *netdev, const u8 *addr,
18764 enum nl80211_key_type key_type, int key_id,
18765 const u8 *tsc, gfp_t gfp)
18766 {
18767 struct sk_buff *msg;
18768 void *hdr;
18769
18770 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18771 if (!msg)
18772 return;
18773
18774 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
18775 if (!hdr) {
18776 nlmsg_free(msg);
18777 return;
18778 }
18779
18780 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18781 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18782 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
18783 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
18784 (key_id != -1 &&
18785 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
18786 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
18787 goto nla_put_failure;
18788
18789 genlmsg_end(msg, hdr);
18790
18791 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18792 NL80211_MCGRP_MLME, gfp);
18793 return;
18794
18795 nla_put_failure:
18796 nlmsg_free(msg);
18797 }
18798
nl80211_send_beacon_hint_event(struct wiphy * wiphy,struct ieee80211_channel * channel_before,struct ieee80211_channel * channel_after)18799 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
18800 struct ieee80211_channel *channel_before,
18801 struct ieee80211_channel *channel_after)
18802 {
18803 struct sk_buff *msg;
18804 void *hdr;
18805 struct nlattr *nl_freq;
18806
18807 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
18808 if (!msg)
18809 return;
18810
18811 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
18812 if (!hdr) {
18813 nlmsg_free(msg);
18814 return;
18815 }
18816
18817 /*
18818 * Since we are applying the beacon hint to a wiphy we know its
18819 * wiphy_idx is valid
18820 */
18821 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
18822 goto nla_put_failure;
18823
18824 /* Before */
18825 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
18826 if (!nl_freq)
18827 goto nla_put_failure;
18828
18829 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
18830 goto nla_put_failure;
18831 nla_nest_end(msg, nl_freq);
18832
18833 /* After */
18834 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
18835 if (!nl_freq)
18836 goto nla_put_failure;
18837
18838 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
18839 goto nla_put_failure;
18840 nla_nest_end(msg, nl_freq);
18841
18842 genlmsg_end(msg, hdr);
18843
18844 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
18845 NL80211_MCGRP_REGULATORY);
18846
18847 return;
18848
18849 nla_put_failure:
18850 nlmsg_free(msg);
18851 }
18852
nl80211_send_remain_on_chan_event(int cmd,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)18853 static void nl80211_send_remain_on_chan_event(
18854 int cmd, struct cfg80211_registered_device *rdev,
18855 struct wireless_dev *wdev, u64 cookie,
18856 struct ieee80211_channel *chan,
18857 unsigned int duration, gfp_t gfp)
18858 {
18859 struct sk_buff *msg;
18860 void *hdr;
18861
18862 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18863 if (!msg)
18864 return;
18865
18866 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18867 if (!hdr) {
18868 nlmsg_free(msg);
18869 return;
18870 }
18871
18872 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18873 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
18874 wdev->netdev->ifindex)) ||
18875 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18876 NL80211_ATTR_PAD) ||
18877 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
18878 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
18879 NL80211_CHAN_NO_HT) ||
18880 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
18881 NL80211_ATTR_PAD))
18882 goto nla_put_failure;
18883
18884 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
18885 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
18886 goto nla_put_failure;
18887
18888 genlmsg_end(msg, hdr);
18889
18890 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18891 NL80211_MCGRP_MLME, gfp);
18892 return;
18893
18894 nla_put_failure:
18895 nlmsg_free(msg);
18896 }
18897
cfg80211_assoc_comeback(struct net_device * netdev,const u8 * ap_addr,u32 timeout)18898 void cfg80211_assoc_comeback(struct net_device *netdev,
18899 const u8 *ap_addr, u32 timeout)
18900 {
18901 struct wireless_dev *wdev = netdev->ieee80211_ptr;
18902 struct wiphy *wiphy = wdev->wiphy;
18903 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18904 struct sk_buff *msg;
18905 void *hdr;
18906
18907 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
18908
18909 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18910 if (!msg)
18911 return;
18912
18913 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
18914 if (!hdr) {
18915 nlmsg_free(msg);
18916 return;
18917 }
18918
18919 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18920 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18921 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
18922 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
18923 goto nla_put_failure;
18924
18925 genlmsg_end(msg, hdr);
18926
18927 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18928 NL80211_MCGRP_MLME, GFP_KERNEL);
18929 return;
18930
18931 nla_put_failure:
18932 nlmsg_free(msg);
18933 }
18934 EXPORT_SYMBOL(cfg80211_assoc_comeback);
18935
cfg80211_ready_on_channel(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)18936 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
18937 struct ieee80211_channel *chan,
18938 unsigned int duration, gfp_t gfp)
18939 {
18940 struct wiphy *wiphy = wdev->wiphy;
18941 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18942
18943 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
18944 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
18945 rdev, wdev, cookie, chan,
18946 duration, gfp);
18947 }
18948 EXPORT_SYMBOL(cfg80211_ready_on_channel);
18949
cfg80211_remain_on_channel_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)18950 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
18951 struct ieee80211_channel *chan,
18952 gfp_t gfp)
18953 {
18954 struct wiphy *wiphy = wdev->wiphy;
18955 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18956
18957 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
18958 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
18959 rdev, wdev, cookie, chan, 0, gfp);
18960 }
18961 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
18962
cfg80211_tx_mgmt_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)18963 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
18964 struct ieee80211_channel *chan,
18965 gfp_t gfp)
18966 {
18967 struct wiphy *wiphy = wdev->wiphy;
18968 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18969
18970 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
18971 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
18972 rdev, wdev, cookie, chan, 0, gfp);
18973 }
18974 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
18975
cfg80211_new_sta(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)18976 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
18977 struct station_info *sinfo, gfp_t gfp)
18978 {
18979 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18980 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18981 struct sk_buff *msg;
18982
18983 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
18984
18985 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18986 if (!msg)
18987 return;
18988
18989 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
18990 rdev, dev, mac_addr, sinfo) < 0) {
18991 nlmsg_free(msg);
18992 return;
18993 }
18994
18995 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18996 NL80211_MCGRP_MLME, gfp);
18997 }
18998 EXPORT_SYMBOL(cfg80211_new_sta);
18999
cfg80211_del_sta_sinfo(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)19000 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
19001 struct station_info *sinfo, gfp_t gfp)
19002 {
19003 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
19004 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19005 struct sk_buff *msg;
19006 struct station_info empty_sinfo = {};
19007
19008 if (!sinfo)
19009 sinfo = &empty_sinfo;
19010
19011 trace_cfg80211_del_sta(dev, mac_addr);
19012
19013 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19014 if (!msg) {
19015 cfg80211_sinfo_release_content(sinfo);
19016 return;
19017 }
19018
19019 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
19020 rdev, dev, mac_addr, sinfo) < 0) {
19021 nlmsg_free(msg);
19022 return;
19023 }
19024
19025 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19026 NL80211_MCGRP_MLME, gfp);
19027 }
19028 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
19029
cfg80211_conn_failed(struct net_device * dev,const u8 * mac_addr,enum nl80211_connect_failed_reason reason,gfp_t gfp)19030 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
19031 enum nl80211_connect_failed_reason reason,
19032 gfp_t gfp)
19033 {
19034 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
19035 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19036 struct sk_buff *msg;
19037 void *hdr;
19038
19039 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
19040 if (!msg)
19041 return;
19042
19043 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
19044 if (!hdr) {
19045 nlmsg_free(msg);
19046 return;
19047 }
19048
19049 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19050 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
19051 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
19052 goto nla_put_failure;
19053
19054 genlmsg_end(msg, hdr);
19055
19056 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19057 NL80211_MCGRP_MLME, gfp);
19058 return;
19059
19060 nla_put_failure:
19061 nlmsg_free(msg);
19062 }
19063 EXPORT_SYMBOL(cfg80211_conn_failed);
19064
__nl80211_unexpected_frame(struct net_device * dev,u8 cmd,const u8 * addr,gfp_t gfp)19065 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
19066 const u8 *addr, gfp_t gfp)
19067 {
19068 struct wireless_dev *wdev = dev->ieee80211_ptr;
19069 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19070 struct sk_buff *msg;
19071 void *hdr;
19072 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
19073
19074 if (!nlportid)
19075 return false;
19076
19077 msg = nlmsg_new(100, gfp);
19078 if (!msg)
19079 return true;
19080
19081 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19082 if (!hdr) {
19083 nlmsg_free(msg);
19084 return true;
19085 }
19086
19087 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19088 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19089 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
19090 goto nla_put_failure;
19091
19092 genlmsg_end(msg, hdr);
19093 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19094 return true;
19095
19096 nla_put_failure:
19097 nlmsg_free(msg);
19098 return true;
19099 }
19100
cfg80211_rx_spurious_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)19101 bool cfg80211_rx_spurious_frame(struct net_device *dev,
19102 const u8 *addr, gfp_t gfp)
19103 {
19104 struct wireless_dev *wdev = dev->ieee80211_ptr;
19105 bool ret;
19106
19107 trace_cfg80211_rx_spurious_frame(dev, addr);
19108
19109 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
19110 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
19111 trace_cfg80211_return_bool(false);
19112 return false;
19113 }
19114 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
19115 addr, gfp);
19116 trace_cfg80211_return_bool(ret);
19117 return ret;
19118 }
19119 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
19120
cfg80211_rx_unexpected_4addr_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)19121 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
19122 const u8 *addr, gfp_t gfp)
19123 {
19124 struct wireless_dev *wdev = dev->ieee80211_ptr;
19125 bool ret;
19126
19127 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
19128
19129 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
19130 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
19131 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
19132 trace_cfg80211_return_bool(false);
19133 return false;
19134 }
19135 ret = __nl80211_unexpected_frame(dev,
19136 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
19137 addr, gfp);
19138 trace_cfg80211_return_bool(ret);
19139 return ret;
19140 }
19141 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
19142
nl80211_send_mgmt(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 nlportid,struct cfg80211_rx_info * info,gfp_t gfp)19143 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
19144 struct wireless_dev *wdev, u32 nlportid,
19145 struct cfg80211_rx_info *info, gfp_t gfp)
19146 {
19147 struct net_device *netdev = wdev->netdev;
19148 struct sk_buff *msg;
19149 void *hdr;
19150
19151 msg = nlmsg_new(100 + info->len, gfp);
19152 if (!msg)
19153 return -ENOMEM;
19154
19155 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19156 if (!hdr) {
19157 nlmsg_free(msg);
19158 return -ENOMEM;
19159 }
19160
19161 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19162 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19163 netdev->ifindex)) ||
19164 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19165 NL80211_ATTR_PAD) ||
19166 (info->have_link_id &&
19167 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
19168 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
19169 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
19170 (info->sig_dbm &&
19171 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
19172 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
19173 (info->flags &&
19174 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
19175 (info->rx_tstamp && nla_put_u64_64bit(msg,
19176 NL80211_ATTR_RX_HW_TIMESTAMP,
19177 info->rx_tstamp,
19178 NL80211_ATTR_PAD)) ||
19179 (info->ack_tstamp && nla_put_u64_64bit(msg,
19180 NL80211_ATTR_TX_HW_TIMESTAMP,
19181 info->ack_tstamp,
19182 NL80211_ATTR_PAD)))
19183 goto nla_put_failure;
19184
19185 genlmsg_end(msg, hdr);
19186
19187 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19188
19189 nla_put_failure:
19190 nlmsg_free(msg);
19191 return -ENOBUFS;
19192 }
19193
nl80211_frame_tx_status(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp,enum nl80211_commands command)19194 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
19195 struct cfg80211_tx_status *status,
19196 gfp_t gfp, enum nl80211_commands command)
19197 {
19198 struct wiphy *wiphy = wdev->wiphy;
19199 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19200 struct net_device *netdev = wdev->netdev;
19201 struct sk_buff *msg;
19202 void *hdr;
19203
19204 if (command == NL80211_CMD_FRAME_TX_STATUS)
19205 trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
19206 status->ack);
19207 else
19208 trace_cfg80211_control_port_tx_status(wdev, status->cookie,
19209 status->ack);
19210
19211 msg = nlmsg_new(100 + status->len, gfp);
19212 if (!msg)
19213 return;
19214
19215 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
19216 if (!hdr) {
19217 nlmsg_free(msg);
19218 return;
19219 }
19220
19221 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19222 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19223 netdev->ifindex)) ||
19224 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19225 NL80211_ATTR_PAD) ||
19226 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
19227 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
19228 NL80211_ATTR_PAD) ||
19229 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19230 (status->tx_tstamp &&
19231 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
19232 status->tx_tstamp, NL80211_ATTR_PAD)) ||
19233 (status->ack_tstamp &&
19234 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
19235 status->ack_tstamp, NL80211_ATTR_PAD)))
19236 goto nla_put_failure;
19237
19238 genlmsg_end(msg, hdr);
19239
19240 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19241 NL80211_MCGRP_MLME, gfp);
19242 return;
19243
19244 nla_put_failure:
19245 nlmsg_free(msg);
19246 }
19247
cfg80211_control_port_tx_status(struct wireless_dev * wdev,u64 cookie,const u8 * buf,size_t len,bool ack,gfp_t gfp)19248 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
19249 const u8 *buf, size_t len, bool ack,
19250 gfp_t gfp)
19251 {
19252 struct cfg80211_tx_status status = {
19253 .cookie = cookie,
19254 .buf = buf,
19255 .len = len,
19256 .ack = ack
19257 };
19258
19259 nl80211_frame_tx_status(wdev, &status, gfp,
19260 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
19261 }
19262 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
19263
cfg80211_mgmt_tx_status_ext(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp)19264 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
19265 struct cfg80211_tx_status *status, gfp_t gfp)
19266 {
19267 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
19268 }
19269 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
19270
__nl80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id,gfp_t gfp)19271 static int __nl80211_rx_control_port(struct net_device *dev,
19272 struct sk_buff *skb,
19273 bool unencrypted,
19274 int link_id,
19275 gfp_t gfp)
19276 {
19277 struct wireless_dev *wdev = dev->ieee80211_ptr;
19278 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19279 struct ethhdr *ehdr = eth_hdr(skb);
19280 const u8 *addr = ehdr->h_source;
19281 u16 proto = be16_to_cpu(skb->protocol);
19282 struct sk_buff *msg;
19283 void *hdr;
19284 struct nlattr *frame;
19285
19286 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
19287
19288 if (!nlportid)
19289 return -ENOENT;
19290
19291 msg = nlmsg_new(100 + skb->len, gfp);
19292 if (!msg)
19293 return -ENOMEM;
19294
19295 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
19296 if (!hdr) {
19297 nlmsg_free(msg);
19298 return -ENOBUFS;
19299 }
19300
19301 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19302 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19303 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19304 NL80211_ATTR_PAD) ||
19305 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19306 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
19307 (link_id >= 0 &&
19308 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
19309 (unencrypted && nla_put_flag(msg,
19310 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
19311 goto nla_put_failure;
19312
19313 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
19314 if (!frame)
19315 goto nla_put_failure;
19316
19317 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
19318 genlmsg_end(msg, hdr);
19319
19320 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19321
19322 nla_put_failure:
19323 nlmsg_free(msg);
19324 return -ENOBUFS;
19325 }
19326
cfg80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id)19327 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
19328 bool unencrypted, int link_id)
19329 {
19330 int ret;
19331
19332 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
19333 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
19334 GFP_ATOMIC);
19335 trace_cfg80211_return_bool(ret == 0);
19336 return ret == 0;
19337 }
19338 EXPORT_SYMBOL(cfg80211_rx_control_port);
19339
cfg80211_prepare_cqm(struct net_device * dev,const char * mac,gfp_t gfp)19340 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
19341 const char *mac, gfp_t gfp)
19342 {
19343 struct wireless_dev *wdev = dev->ieee80211_ptr;
19344 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19345 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19346 void **cb;
19347
19348 if (!msg)
19349 return NULL;
19350
19351 cb = (void **)msg->cb;
19352
19353 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
19354 if (!cb[0]) {
19355 nlmsg_free(msg);
19356 return NULL;
19357 }
19358
19359 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19360 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19361 goto nla_put_failure;
19362
19363 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19364 goto nla_put_failure;
19365
19366 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
19367 if (!cb[1])
19368 goto nla_put_failure;
19369
19370 cb[2] = rdev;
19371
19372 return msg;
19373 nla_put_failure:
19374 nlmsg_free(msg);
19375 return NULL;
19376 }
19377
cfg80211_send_cqm(struct sk_buff * msg,gfp_t gfp)19378 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
19379 {
19380 void **cb = (void **)msg->cb;
19381 struct cfg80211_registered_device *rdev = cb[2];
19382
19383 nla_nest_end(msg, cb[1]);
19384 genlmsg_end(msg, cb[0]);
19385
19386 memset(msg->cb, 0, sizeof(msg->cb));
19387
19388 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19389 NL80211_MCGRP_MLME, gfp);
19390 }
19391
cfg80211_cqm_rssi_notify(struct net_device * dev,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)19392 void cfg80211_cqm_rssi_notify(struct net_device *dev,
19393 enum nl80211_cqm_rssi_threshold_event rssi_event,
19394 s32 rssi_level, gfp_t gfp)
19395 {
19396 struct wireless_dev *wdev = dev->ieee80211_ptr;
19397 struct cfg80211_cqm_config *cqm_config;
19398
19399 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
19400
19401 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
19402 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
19403 return;
19404
19405 rcu_read_lock();
19406 cqm_config = rcu_dereference(wdev->cqm_config);
19407 if (cqm_config) {
19408 cqm_config->last_rssi_event_value = rssi_level;
19409 cqm_config->last_rssi_event_type = rssi_event;
19410 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
19411 }
19412 rcu_read_unlock();
19413 }
19414 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
19415
cfg80211_cqm_rssi_notify_work(struct wiphy * wiphy,struct wiphy_work * work)19416 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
19417 {
19418 struct wireless_dev *wdev = container_of(work, struct wireless_dev,
19419 cqm_rssi_work);
19420 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19421 enum nl80211_cqm_rssi_threshold_event rssi_event;
19422 struct cfg80211_cqm_config *cqm_config;
19423 struct sk_buff *msg;
19424 s32 rssi_level;
19425
19426 cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
19427 if (!cqm_config)
19428 return;
19429
19430 if (cqm_config->use_range_api)
19431 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
19432
19433 rssi_level = cqm_config->last_rssi_event_value;
19434 rssi_event = cqm_config->last_rssi_event_type;
19435
19436 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
19437 if (!msg)
19438 return;
19439
19440 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
19441 rssi_event))
19442 goto nla_put_failure;
19443
19444 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
19445 rssi_level))
19446 goto nla_put_failure;
19447
19448 cfg80211_send_cqm(msg, GFP_KERNEL);
19449
19450 return;
19451
19452 nla_put_failure:
19453 nlmsg_free(msg);
19454 }
19455
cfg80211_cqm_txe_notify(struct net_device * dev,const u8 * peer,u32 num_packets,u32 rate,u32 intvl,gfp_t gfp)19456 void cfg80211_cqm_txe_notify(struct net_device *dev,
19457 const u8 *peer, u32 num_packets,
19458 u32 rate, u32 intvl, gfp_t gfp)
19459 {
19460 struct sk_buff *msg;
19461
19462 msg = cfg80211_prepare_cqm(dev, peer, gfp);
19463 if (!msg)
19464 return;
19465
19466 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
19467 goto nla_put_failure;
19468
19469 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
19470 goto nla_put_failure;
19471
19472 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
19473 goto nla_put_failure;
19474
19475 cfg80211_send_cqm(msg, gfp);
19476 return;
19477
19478 nla_put_failure:
19479 nlmsg_free(msg);
19480 }
19481 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
19482
cfg80211_cqm_pktloss_notify(struct net_device * dev,const u8 * peer,u32 num_packets,gfp_t gfp)19483 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
19484 const u8 *peer, u32 num_packets, gfp_t gfp)
19485 {
19486 struct sk_buff *msg;
19487
19488 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
19489
19490 msg = cfg80211_prepare_cqm(dev, peer, gfp);
19491 if (!msg)
19492 return;
19493
19494 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
19495 goto nla_put_failure;
19496
19497 cfg80211_send_cqm(msg, gfp);
19498 return;
19499
19500 nla_put_failure:
19501 nlmsg_free(msg);
19502 }
19503 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
19504
cfg80211_cqm_beacon_loss_notify(struct net_device * dev,gfp_t gfp)19505 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
19506 {
19507 struct sk_buff *msg;
19508
19509 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
19510 if (!msg)
19511 return;
19512
19513 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
19514 goto nla_put_failure;
19515
19516 cfg80211_send_cqm(msg, gfp);
19517 return;
19518
19519 nla_put_failure:
19520 nlmsg_free(msg);
19521 }
19522 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
19523
nl80211_gtk_rekey_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)19524 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
19525 struct net_device *netdev, const u8 *bssid,
19526 const u8 *replay_ctr, gfp_t gfp)
19527 {
19528 struct sk_buff *msg;
19529 struct nlattr *rekey_attr;
19530 void *hdr;
19531
19532 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19533 if (!msg)
19534 return;
19535
19536 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
19537 if (!hdr) {
19538 nlmsg_free(msg);
19539 return;
19540 }
19541
19542 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19543 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19544 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
19545 goto nla_put_failure;
19546
19547 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
19548 if (!rekey_attr)
19549 goto nla_put_failure;
19550
19551 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
19552 NL80211_REPLAY_CTR_LEN, replay_ctr))
19553 goto nla_put_failure;
19554
19555 nla_nest_end(msg, rekey_attr);
19556
19557 genlmsg_end(msg, hdr);
19558
19559 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19560 NL80211_MCGRP_MLME, gfp);
19561 return;
19562
19563 nla_put_failure:
19564 nlmsg_free(msg);
19565 }
19566
cfg80211_gtk_rekey_notify(struct net_device * dev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)19567 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
19568 const u8 *replay_ctr, gfp_t gfp)
19569 {
19570 struct wireless_dev *wdev = dev->ieee80211_ptr;
19571 struct wiphy *wiphy = wdev->wiphy;
19572 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19573
19574 trace_cfg80211_gtk_rekey_notify(dev, bssid);
19575 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
19576 }
19577 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
19578
19579 static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,int index,const u8 * bssid,bool preauth,gfp_t gfp)19580 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
19581 struct net_device *netdev, int index,
19582 const u8 *bssid, bool preauth, gfp_t gfp)
19583 {
19584 struct sk_buff *msg;
19585 struct nlattr *attr;
19586 void *hdr;
19587
19588 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19589 if (!msg)
19590 return;
19591
19592 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
19593 if (!hdr) {
19594 nlmsg_free(msg);
19595 return;
19596 }
19597
19598 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19599 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19600 goto nla_put_failure;
19601
19602 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
19603 if (!attr)
19604 goto nla_put_failure;
19605
19606 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
19607 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
19608 (preauth &&
19609 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
19610 goto nla_put_failure;
19611
19612 nla_nest_end(msg, attr);
19613
19614 genlmsg_end(msg, hdr);
19615
19616 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19617 NL80211_MCGRP_MLME, gfp);
19618 return;
19619
19620 nla_put_failure:
19621 nlmsg_free(msg);
19622 }
19623
cfg80211_pmksa_candidate_notify(struct net_device * dev,int index,const u8 * bssid,bool preauth,gfp_t gfp)19624 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
19625 const u8 *bssid, bool preauth, gfp_t gfp)
19626 {
19627 struct wireless_dev *wdev = dev->ieee80211_ptr;
19628 struct wiphy *wiphy = wdev->wiphy;
19629 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19630
19631 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
19632 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
19633 }
19634 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
19635
nl80211_ch_switch_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,unsigned int link_id,struct cfg80211_chan_def * chandef,gfp_t gfp,enum nl80211_commands notif,u8 count,bool quiet)19636 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
19637 struct net_device *netdev,
19638 unsigned int link_id,
19639 struct cfg80211_chan_def *chandef,
19640 gfp_t gfp,
19641 enum nl80211_commands notif,
19642 u8 count, bool quiet)
19643 {
19644 struct wireless_dev *wdev = netdev->ieee80211_ptr;
19645 struct sk_buff *msg;
19646 void *hdr;
19647
19648 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19649 if (!msg)
19650 return;
19651
19652 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
19653 if (!hdr) {
19654 nlmsg_free(msg);
19655 return;
19656 }
19657
19658 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19659 goto nla_put_failure;
19660
19661 if (wdev->valid_links &&
19662 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19663 goto nla_put_failure;
19664
19665 if (nl80211_send_chandef(msg, chandef))
19666 goto nla_put_failure;
19667
19668 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
19669 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
19670 goto nla_put_failure;
19671 if (quiet &&
19672 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
19673 goto nla_put_failure;
19674 }
19675
19676 genlmsg_end(msg, hdr);
19677
19678 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19679 NL80211_MCGRP_MLME, gfp);
19680 return;
19681
19682 nla_put_failure:
19683 nlmsg_free(msg);
19684 }
19685
cfg80211_ch_switch_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id)19686 void cfg80211_ch_switch_notify(struct net_device *dev,
19687 struct cfg80211_chan_def *chandef,
19688 unsigned int link_id)
19689 {
19690 struct wireless_dev *wdev = dev->ieee80211_ptr;
19691 struct wiphy *wiphy = wdev->wiphy;
19692 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19693
19694 lockdep_assert_wiphy(wdev->wiphy);
19695 WARN_INVALID_LINK_ID(wdev, link_id);
19696
19697 trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
19698
19699 switch (wdev->iftype) {
19700 case NL80211_IFTYPE_STATION:
19701 case NL80211_IFTYPE_P2P_CLIENT:
19702 if (!WARN_ON(!wdev->links[link_id].client.current_bss))
19703 cfg80211_update_assoc_bss_entry(wdev, link_id,
19704 chandef->chan);
19705 break;
19706 case NL80211_IFTYPE_MESH_POINT:
19707 wdev->u.mesh.chandef = *chandef;
19708 wdev->u.mesh.preset_chandef = *chandef;
19709 break;
19710 case NL80211_IFTYPE_AP:
19711 case NL80211_IFTYPE_P2P_GO:
19712 wdev->links[link_id].ap.chandef = *chandef;
19713 break;
19714 case NL80211_IFTYPE_ADHOC:
19715 wdev->u.ibss.chandef = *chandef;
19716 break;
19717 default:
19718 WARN_ON(1);
19719 break;
19720 }
19721
19722 cfg80211_schedule_channels_check(wdev);
19723 cfg80211_sched_dfs_chan_update(rdev);
19724
19725 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19726 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
19727 }
19728 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
19729
cfg80211_ch_switch_started_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id,u8 count,bool quiet)19730 void cfg80211_ch_switch_started_notify(struct net_device *dev,
19731 struct cfg80211_chan_def *chandef,
19732 unsigned int link_id, u8 count,
19733 bool quiet)
19734 {
19735 struct wireless_dev *wdev = dev->ieee80211_ptr;
19736 struct wiphy *wiphy = wdev->wiphy;
19737 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19738
19739 lockdep_assert_wiphy(wdev->wiphy);
19740 WARN_INVALID_LINK_ID(wdev, link_id);
19741
19742 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
19743
19744
19745 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19746 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
19747 count, quiet);
19748 }
19749 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
19750
cfg80211_bss_color_notify(struct net_device * dev,enum nl80211_commands cmd,u8 count,u64 color_bitmap,u8 link_id)19751 int cfg80211_bss_color_notify(struct net_device *dev,
19752 enum nl80211_commands cmd, u8 count,
19753 u64 color_bitmap, u8 link_id)
19754 {
19755 struct wireless_dev *wdev = dev->ieee80211_ptr;
19756 struct wiphy *wiphy = wdev->wiphy;
19757 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19758 struct sk_buff *msg;
19759 void *hdr;
19760
19761 lockdep_assert_wiphy(wdev->wiphy);
19762
19763 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
19764
19765 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19766 if (!msg)
19767 return -ENOMEM;
19768
19769 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19770 if (!hdr)
19771 goto nla_put_failure;
19772
19773 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19774 goto nla_put_failure;
19775
19776 if (wdev->valid_links &&
19777 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19778 goto nla_put_failure;
19779
19780 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
19781 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
19782 goto nla_put_failure;
19783
19784 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
19785 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
19786 color_bitmap, NL80211_ATTR_PAD))
19787 goto nla_put_failure;
19788
19789 genlmsg_end(msg, hdr);
19790
19791 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
19792 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
19793
19794 nla_put_failure:
19795 nlmsg_free(msg);
19796 return -EINVAL;
19797 }
19798 EXPORT_SYMBOL(cfg80211_bss_color_notify);
19799
19800 void
nl80211_radar_notify(struct cfg80211_registered_device * rdev,const struct cfg80211_chan_def * chandef,enum nl80211_radar_event event,struct net_device * netdev,gfp_t gfp)19801 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
19802 const struct cfg80211_chan_def *chandef,
19803 enum nl80211_radar_event event,
19804 struct net_device *netdev, gfp_t gfp)
19805 {
19806 struct sk_buff *msg;
19807 void *hdr;
19808
19809 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19810 if (!msg)
19811 return;
19812
19813 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
19814 if (!hdr) {
19815 nlmsg_free(msg);
19816 return;
19817 }
19818
19819 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19820 goto nla_put_failure;
19821
19822 /* NOP and radar events don't need a netdev parameter */
19823 if (netdev) {
19824 struct wireless_dev *wdev = netdev->ieee80211_ptr;
19825
19826 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19827 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19828 NL80211_ATTR_PAD))
19829 goto nla_put_failure;
19830 }
19831
19832 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
19833 goto nla_put_failure;
19834
19835 if (nl80211_send_chandef(msg, chandef))
19836 goto nla_put_failure;
19837
19838 genlmsg_end(msg, hdr);
19839
19840 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19841 NL80211_MCGRP_MLME, gfp);
19842 return;
19843
19844 nla_put_failure:
19845 nlmsg_free(msg);
19846 }
19847
cfg80211_sta_opmode_change_notify(struct net_device * dev,const u8 * mac,struct sta_opmode_info * sta_opmode,gfp_t gfp)19848 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
19849 struct sta_opmode_info *sta_opmode,
19850 gfp_t gfp)
19851 {
19852 struct sk_buff *msg;
19853 struct wireless_dev *wdev = dev->ieee80211_ptr;
19854 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19855 void *hdr;
19856
19857 if (WARN_ON(!mac))
19858 return;
19859
19860 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19861 if (!msg)
19862 return;
19863
19864 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
19865 if (!hdr) {
19866 nlmsg_free(msg);
19867 return;
19868 }
19869
19870 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19871 goto nla_put_failure;
19872
19873 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19874 goto nla_put_failure;
19875
19876 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19877 goto nla_put_failure;
19878
19879 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
19880 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
19881 goto nla_put_failure;
19882
19883 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
19884 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
19885 goto nla_put_failure;
19886
19887 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
19888 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
19889 goto nla_put_failure;
19890
19891 genlmsg_end(msg, hdr);
19892
19893 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19894 NL80211_MCGRP_MLME, gfp);
19895
19896 return;
19897
19898 nla_put_failure:
19899 nlmsg_free(msg);
19900 }
19901 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
19902
cfg80211_probe_status(struct net_device * dev,const u8 * addr,u64 cookie,bool acked,s32 ack_signal,bool is_valid_ack_signal,gfp_t gfp)19903 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
19904 u64 cookie, bool acked, s32 ack_signal,
19905 bool is_valid_ack_signal, gfp_t gfp)
19906 {
19907 struct wireless_dev *wdev = dev->ieee80211_ptr;
19908 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19909 struct sk_buff *msg;
19910 void *hdr;
19911
19912 trace_cfg80211_probe_status(dev, addr, cookie, acked);
19913
19914 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19915
19916 if (!msg)
19917 return;
19918
19919 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
19920 if (!hdr) {
19921 nlmsg_free(msg);
19922 return;
19923 }
19924
19925 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19926 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19927 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19928 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
19929 NL80211_ATTR_PAD) ||
19930 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19931 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
19932 ack_signal)))
19933 goto nla_put_failure;
19934
19935 genlmsg_end(msg, hdr);
19936
19937 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19938 NL80211_MCGRP_MLME, gfp);
19939 return;
19940
19941 nla_put_failure:
19942 nlmsg_free(msg);
19943 }
19944 EXPORT_SYMBOL(cfg80211_probe_status);
19945
cfg80211_report_obss_beacon_khz(struct wiphy * wiphy,const u8 * frame,size_t len,int freq,int sig_dbm)19946 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
19947 size_t len, int freq, int sig_dbm)
19948 {
19949 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19950 struct sk_buff *msg;
19951 void *hdr;
19952 struct cfg80211_beacon_registration *reg;
19953
19954 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
19955
19956 spin_lock_bh(&rdev->beacon_registrations_lock);
19957 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
19958 msg = nlmsg_new(len + 100, GFP_ATOMIC);
19959 if (!msg) {
19960 spin_unlock_bh(&rdev->beacon_registrations_lock);
19961 return;
19962 }
19963
19964 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19965 if (!hdr)
19966 goto nla_put_failure;
19967
19968 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19969 (freq &&
19970 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
19971 KHZ_TO_MHZ(freq)) ||
19972 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
19973 freq % 1000))) ||
19974 (sig_dbm &&
19975 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
19976 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
19977 goto nla_put_failure;
19978
19979 genlmsg_end(msg, hdr);
19980
19981 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
19982 }
19983 spin_unlock_bh(&rdev->beacon_registrations_lock);
19984 return;
19985
19986 nla_put_failure:
19987 spin_unlock_bh(&rdev->beacon_registrations_lock);
19988 nlmsg_free(msg);
19989 }
19990 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
19991
19992 #ifdef CONFIG_PM
cfg80211_net_detect_results(struct sk_buff * msg,struct cfg80211_wowlan_wakeup * wakeup)19993 static int cfg80211_net_detect_results(struct sk_buff *msg,
19994 struct cfg80211_wowlan_wakeup *wakeup)
19995 {
19996 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
19997 struct nlattr *nl_results, *nl_match, *nl_freqs;
19998 int i, j;
19999
20000 nl_results = nla_nest_start_noflag(msg,
20001 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
20002 if (!nl_results)
20003 return -EMSGSIZE;
20004
20005 for (i = 0; i < nd->n_matches; i++) {
20006 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
20007
20008 nl_match = nla_nest_start_noflag(msg, i);
20009 if (!nl_match)
20010 break;
20011
20012 /* The SSID attribute is optional in nl80211, but for
20013 * simplicity reasons it's always present in the
20014 * cfg80211 structure. If a driver can't pass the
20015 * SSID, that needs to be changed. A zero length SSID
20016 * is still a valid SSID (wildcard), so it cannot be
20017 * used for this purpose.
20018 */
20019 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
20020 match->ssid.ssid)) {
20021 nla_nest_cancel(msg, nl_match);
20022 goto out;
20023 }
20024
20025 if (match->n_channels) {
20026 nl_freqs = nla_nest_start_noflag(msg,
20027 NL80211_ATTR_SCAN_FREQUENCIES);
20028 if (!nl_freqs) {
20029 nla_nest_cancel(msg, nl_match);
20030 goto out;
20031 }
20032
20033 for (j = 0; j < match->n_channels; j++) {
20034 if (nla_put_u32(msg, j, match->channels[j])) {
20035 nla_nest_cancel(msg, nl_freqs);
20036 nla_nest_cancel(msg, nl_match);
20037 goto out;
20038 }
20039 }
20040
20041 nla_nest_end(msg, nl_freqs);
20042 }
20043
20044 nla_nest_end(msg, nl_match);
20045 }
20046
20047 out:
20048 nla_nest_end(msg, nl_results);
20049 return 0;
20050 }
20051
cfg80211_report_wowlan_wakeup(struct wireless_dev * wdev,struct cfg80211_wowlan_wakeup * wakeup,gfp_t gfp)20052 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
20053 struct cfg80211_wowlan_wakeup *wakeup,
20054 gfp_t gfp)
20055 {
20056 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20057 struct sk_buff *msg;
20058 void *hdr;
20059 int size = 200;
20060
20061 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
20062
20063 if (wakeup)
20064 size += wakeup->packet_present_len;
20065
20066 msg = nlmsg_new(size, gfp);
20067 if (!msg)
20068 return;
20069
20070 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
20071 if (!hdr)
20072 goto free_msg;
20073
20074 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20075 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20076 NL80211_ATTR_PAD))
20077 goto free_msg;
20078
20079 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
20080 wdev->netdev->ifindex))
20081 goto free_msg;
20082
20083 if (wakeup) {
20084 struct nlattr *reasons;
20085
20086 reasons = nla_nest_start_noflag(msg,
20087 NL80211_ATTR_WOWLAN_TRIGGERS);
20088 if (!reasons)
20089 goto free_msg;
20090
20091 if (wakeup->disconnect &&
20092 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
20093 goto free_msg;
20094 if (wakeup->magic_pkt &&
20095 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
20096 goto free_msg;
20097 if (wakeup->gtk_rekey_failure &&
20098 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
20099 goto free_msg;
20100 if (wakeup->eap_identity_req &&
20101 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
20102 goto free_msg;
20103 if (wakeup->four_way_handshake &&
20104 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
20105 goto free_msg;
20106 if (wakeup->rfkill_release &&
20107 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
20108 goto free_msg;
20109
20110 if (wakeup->pattern_idx >= 0 &&
20111 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
20112 wakeup->pattern_idx))
20113 goto free_msg;
20114
20115 if (wakeup->tcp_match &&
20116 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
20117 goto free_msg;
20118
20119 if (wakeup->tcp_connlost &&
20120 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
20121 goto free_msg;
20122
20123 if (wakeup->tcp_nomoretokens &&
20124 nla_put_flag(msg,
20125 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
20126 goto free_msg;
20127
20128 if (wakeup->unprot_deauth_disassoc &&
20129 nla_put_flag(msg,
20130 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
20131 goto free_msg;
20132
20133 if (wakeup->packet) {
20134 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
20135 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
20136
20137 if (!wakeup->packet_80211) {
20138 pkt_attr =
20139 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
20140 len_attr =
20141 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
20142 }
20143
20144 if (wakeup->packet_len &&
20145 nla_put_u32(msg, len_attr, wakeup->packet_len))
20146 goto free_msg;
20147
20148 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
20149 wakeup->packet))
20150 goto free_msg;
20151 }
20152
20153 if (wakeup->net_detect &&
20154 cfg80211_net_detect_results(msg, wakeup))
20155 goto free_msg;
20156
20157 nla_nest_end(msg, reasons);
20158 }
20159
20160 genlmsg_end(msg, hdr);
20161
20162 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20163 NL80211_MCGRP_MLME, gfp);
20164 return;
20165
20166 free_msg:
20167 nlmsg_free(msg);
20168 }
20169 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
20170 #endif
20171
cfg80211_tdls_oper_request(struct net_device * dev,const u8 * peer,enum nl80211_tdls_operation oper,u16 reason_code,gfp_t gfp)20172 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
20173 enum nl80211_tdls_operation oper,
20174 u16 reason_code, gfp_t gfp)
20175 {
20176 struct wireless_dev *wdev = dev->ieee80211_ptr;
20177 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20178 struct sk_buff *msg;
20179 void *hdr;
20180
20181 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
20182 reason_code);
20183
20184 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20185 if (!msg)
20186 return;
20187
20188 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
20189 if (!hdr) {
20190 nlmsg_free(msg);
20191 return;
20192 }
20193
20194 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20195 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20196 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
20197 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
20198 (reason_code > 0 &&
20199 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
20200 goto nla_put_failure;
20201
20202 genlmsg_end(msg, hdr);
20203
20204 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20205 NL80211_MCGRP_MLME, gfp);
20206 return;
20207
20208 nla_put_failure:
20209 nlmsg_free(msg);
20210 }
20211 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
20212
nl80211_netlink_notify(struct notifier_block * nb,unsigned long state,void * _notify)20213 static int nl80211_netlink_notify(struct notifier_block * nb,
20214 unsigned long state,
20215 void *_notify)
20216 {
20217 struct netlink_notify *notify = _notify;
20218 struct cfg80211_registered_device *rdev;
20219 struct wireless_dev *wdev;
20220 struct cfg80211_beacon_registration *reg, *tmp;
20221
20222 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
20223 return NOTIFY_DONE;
20224
20225 rcu_read_lock();
20226
20227 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
20228 struct cfg80211_sched_scan_request *sched_scan_req;
20229
20230 list_for_each_entry_rcu(sched_scan_req,
20231 &rdev->sched_scan_req_list,
20232 list) {
20233 if (sched_scan_req->owner_nlportid == notify->portid) {
20234 sched_scan_req->nl_owner_dead = true;
20235 wiphy_work_queue(&rdev->wiphy,
20236 &rdev->sched_scan_stop_wk);
20237 }
20238 }
20239
20240 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
20241 cfg80211_mlme_unregister_socket(wdev, notify->portid);
20242
20243 if (wdev->owner_nlportid == notify->portid) {
20244 wdev->nl_owner_dead = true;
20245 schedule_work(&rdev->destroy_work);
20246 } else if (wdev->conn_owner_nlportid == notify->portid) {
20247 schedule_work(&wdev->disconnect_wk);
20248 }
20249
20250 cfg80211_release_pmsr(wdev, notify->portid);
20251 }
20252
20253 spin_lock_bh(&rdev->beacon_registrations_lock);
20254 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
20255 list) {
20256 if (reg->nlportid == notify->portid) {
20257 list_del(®->list);
20258 kfree(reg);
20259 break;
20260 }
20261 }
20262 spin_unlock_bh(&rdev->beacon_registrations_lock);
20263 }
20264
20265 rcu_read_unlock();
20266
20267 /*
20268 * It is possible that the user space process that is controlling the
20269 * indoor setting disappeared, so notify the regulatory core.
20270 */
20271 regulatory_netlink_notify(notify->portid);
20272 return NOTIFY_OK;
20273 }
20274
20275 static struct notifier_block nl80211_netlink_notifier = {
20276 .notifier_call = nl80211_netlink_notify,
20277 };
20278
cfg80211_ft_event(struct net_device * netdev,struct cfg80211_ft_event_params * ft_event)20279 void cfg80211_ft_event(struct net_device *netdev,
20280 struct cfg80211_ft_event_params *ft_event)
20281 {
20282 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20283 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20284 struct sk_buff *msg;
20285 void *hdr;
20286
20287 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
20288
20289 if (!ft_event->target_ap)
20290 return;
20291
20292 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
20293 GFP_KERNEL);
20294 if (!msg)
20295 return;
20296
20297 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
20298 if (!hdr)
20299 goto out;
20300
20301 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20302 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20303 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
20304 goto out;
20305
20306 if (ft_event->ies &&
20307 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
20308 goto out;
20309 if (ft_event->ric_ies &&
20310 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
20311 ft_event->ric_ies))
20312 goto out;
20313
20314 genlmsg_end(msg, hdr);
20315
20316 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20317 NL80211_MCGRP_MLME, GFP_KERNEL);
20318 return;
20319 out:
20320 nlmsg_free(msg);
20321 }
20322 EXPORT_SYMBOL(cfg80211_ft_event);
20323
cfg80211_crit_proto_stopped(struct wireless_dev * wdev,gfp_t gfp)20324 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
20325 {
20326 struct cfg80211_registered_device *rdev;
20327 struct sk_buff *msg;
20328 void *hdr;
20329 u32 nlportid;
20330
20331 rdev = wiphy_to_rdev(wdev->wiphy);
20332 if (!rdev->crit_proto_nlportid)
20333 return;
20334
20335 nlportid = rdev->crit_proto_nlportid;
20336 rdev->crit_proto_nlportid = 0;
20337
20338 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20339 if (!msg)
20340 return;
20341
20342 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
20343 if (!hdr)
20344 goto nla_put_failure;
20345
20346 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20347 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20348 NL80211_ATTR_PAD))
20349 goto nla_put_failure;
20350
20351 genlmsg_end(msg, hdr);
20352
20353 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20354 return;
20355
20356 nla_put_failure:
20357 nlmsg_free(msg);
20358 }
20359 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
20360
nl80211_send_ap_stopped(struct wireless_dev * wdev,unsigned int link_id)20361 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
20362 {
20363 struct wiphy *wiphy = wdev->wiphy;
20364 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20365 struct sk_buff *msg;
20366 void *hdr;
20367
20368 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20369 if (!msg)
20370 return;
20371
20372 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
20373 if (!hdr)
20374 goto out;
20375
20376 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20377 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
20378 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20379 NL80211_ATTR_PAD) ||
20380 (wdev->valid_links &&
20381 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
20382 goto out;
20383
20384 genlmsg_end(msg, hdr);
20385
20386 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
20387 NL80211_MCGRP_MLME, GFP_KERNEL);
20388 return;
20389 out:
20390 nlmsg_free(msg);
20391 }
20392
cfg80211_external_auth_request(struct net_device * dev,struct cfg80211_external_auth_params * params,gfp_t gfp)20393 int cfg80211_external_auth_request(struct net_device *dev,
20394 struct cfg80211_external_auth_params *params,
20395 gfp_t gfp)
20396 {
20397 struct wireless_dev *wdev = dev->ieee80211_ptr;
20398 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20399 struct sk_buff *msg;
20400 void *hdr;
20401
20402 if (!wdev->conn_owner_nlportid)
20403 return -EINVAL;
20404
20405 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20406 if (!msg)
20407 return -ENOMEM;
20408
20409 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
20410 if (!hdr)
20411 goto nla_put_failure;
20412
20413 /* Some historical mistakes in drivers <-> userspace interface (notably
20414 * between drivers and wpa_supplicant) led to a big-endian conversion
20415 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
20416 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
20417 * benefit of older wpa_supplicant versions, send this particular value
20418 * in big-endian. Note that newer wpa_supplicant will also detect this
20419 * particular value in big endian still, so it all continues to work.
20420 */
20421 if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
20422 if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
20423 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
20424 goto nla_put_failure;
20425 } else {
20426 if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
20427 params->key_mgmt_suite))
20428 goto nla_put_failure;
20429 }
20430
20431 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20432 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20433 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
20434 params->action) ||
20435 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
20436 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
20437 params->ssid.ssid) ||
20438 (!is_zero_ether_addr(params->mld_addr) &&
20439 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
20440 goto nla_put_failure;
20441
20442 genlmsg_end(msg, hdr);
20443 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
20444 wdev->conn_owner_nlportid);
20445 return 0;
20446
20447 nla_put_failure:
20448 nlmsg_free(msg);
20449 return -ENOBUFS;
20450 }
20451 EXPORT_SYMBOL(cfg80211_external_auth_request);
20452
cfg80211_update_owe_info_event(struct net_device * netdev,struct cfg80211_update_owe_info * owe_info,gfp_t gfp)20453 void cfg80211_update_owe_info_event(struct net_device *netdev,
20454 struct cfg80211_update_owe_info *owe_info,
20455 gfp_t gfp)
20456 {
20457 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20458 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20459 struct sk_buff *msg;
20460 void *hdr;
20461
20462 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
20463
20464 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20465 if (!msg)
20466 return;
20467
20468 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
20469 if (!hdr)
20470 goto nla_put_failure;
20471
20472 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20473 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20474 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
20475 goto nla_put_failure;
20476
20477 if (!owe_info->ie_len ||
20478 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
20479 goto nla_put_failure;
20480
20481 if (owe_info->assoc_link_id != -1) {
20482 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
20483 owe_info->assoc_link_id))
20484 goto nla_put_failure;
20485
20486 if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
20487 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
20488 owe_info->peer_mld_addr))
20489 goto nla_put_failure;
20490 }
20491
20492 genlmsg_end(msg, hdr);
20493
20494 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20495 NL80211_MCGRP_MLME, gfp);
20496 return;
20497
20498 nla_put_failure:
20499 genlmsg_cancel(msg, hdr);
20500 nlmsg_free(msg);
20501 }
20502 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
20503
cfg80211_schedule_channels_check(struct wireless_dev * wdev)20504 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
20505 {
20506 struct wiphy *wiphy = wdev->wiphy;
20507
20508 /* Schedule channels check if NO_IR or DFS relaxations are supported */
20509 if (wdev->iftype == NL80211_IFTYPE_STATION &&
20510 (wiphy_ext_feature_isset(wiphy,
20511 NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
20512 (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
20513 wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
20514 reg_check_channels();
20515 }
20516 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
20517
cfg80211_epcs_changed(struct net_device * netdev,bool enabled)20518 void cfg80211_epcs_changed(struct net_device *netdev, bool enabled)
20519 {
20520 struct wireless_dev *wdev = netdev->ieee80211_ptr;
20521 struct wiphy *wiphy = wdev->wiphy;
20522 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20523 struct sk_buff *msg;
20524 void *hdr;
20525
20526 trace_cfg80211_epcs_changed(wdev, enabled);
20527
20528 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20529 if (!msg)
20530 return;
20531
20532 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EPCS_CFG);
20533 if (!hdr) {
20534 nlmsg_free(msg);
20535 return;
20536 }
20537
20538 if (enabled && nla_put_flag(msg, NL80211_ATTR_EPCS))
20539 goto nla_put_failure;
20540
20541 genlmsg_end(msg, hdr);
20542 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20543 NL80211_MCGRP_MLME, GFP_KERNEL);
20544 return;
20545
20546 nla_put_failure:
20547 nlmsg_free(msg);
20548 }
20549 EXPORT_SYMBOL(cfg80211_epcs_changed);
20550
20551 /* initialisation/exit functions */
20552
nl80211_init(void)20553 int __init nl80211_init(void)
20554 {
20555 int err;
20556
20557 err = genl_register_family(&nl80211_fam);
20558 if (err)
20559 return err;
20560
20561 err = netlink_register_notifier(&nl80211_netlink_notifier);
20562 if (err)
20563 goto err_out;
20564
20565 return 0;
20566 err_out:
20567 genl_unregister_family(&nl80211_fam);
20568 return err;
20569 }
20570
nl80211_exit(void)20571 void nl80211_exit(void)
20572 {
20573 netlink_unregister_notifier(&nl80211_netlink_notifier);
20574 genl_unregister_family(&nl80211_fam);
20575 }
20576