1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type); 27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 28 struct genl_info *info, 29 struct cfg80211_crypto_settings *settings, 30 int cipher_limit); 31 32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 33 struct genl_info *info); 34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 35 struct genl_info *info); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam = { 39 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 40 .name = "nl80211", /* have users key off the name instead */ 41 .hdrsize = 0, /* no private header */ 42 .version = 1, /* no particular meaning now */ 43 .maxattr = NL80211_ATTR_MAX, 44 .netnsok = true, 45 .pre_doit = nl80211_pre_doit, 46 .post_doit = nl80211_post_doit, 47 }; 48 49 /* internal helper: get rdev and dev */ 50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs, 51 struct cfg80211_registered_device **rdev, 52 struct net_device **dev) 53 { 54 int ifindex; 55 56 if (!attrs[NL80211_ATTR_IFINDEX]) 57 return -EINVAL; 58 59 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 60 *dev = dev_get_by_index(netns, ifindex); 61 if (!*dev) 62 return -ENODEV; 63 64 *rdev = cfg80211_get_dev_from_ifindex(netns, ifindex); 65 if (IS_ERR(*rdev)) { 66 dev_put(*dev); 67 return PTR_ERR(*rdev); 68 } 69 70 return 0; 71 } 72 73 /* policy for the attributes */ 74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 75 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 76 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 77 .len = 20-1 }, 78 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 79 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 80 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 81 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 82 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 83 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 84 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 85 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 86 87 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 88 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 89 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 90 91 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 92 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 93 94 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 95 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 96 .len = WLAN_MAX_KEY_LEN }, 97 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 98 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 99 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 100 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 101 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 102 103 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 104 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 105 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 106 .len = IEEE80211_MAX_DATA_LEN }, 107 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 108 .len = IEEE80211_MAX_DATA_LEN }, 109 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 110 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 111 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 112 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 113 .len = NL80211_MAX_SUPP_RATES }, 114 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 115 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 116 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 117 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 118 .len = IEEE80211_MAX_MESH_ID_LEN }, 119 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 120 121 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 122 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 123 124 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 125 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 126 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 127 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 128 .len = NL80211_MAX_SUPP_RATES }, 129 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 130 131 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 132 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 133 134 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 135 136 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 137 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 138 .len = IEEE80211_MAX_DATA_LEN }, 139 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 140 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 141 142 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 143 .len = IEEE80211_MAX_SSID_LEN }, 144 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 145 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 146 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 147 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 148 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 149 [NL80211_ATTR_STA_FLAGS2] = { 150 .len = sizeof(struct nl80211_sta_flag_update), 151 }, 152 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 153 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 154 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 156 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 157 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 158 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 159 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 160 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 161 .len = WLAN_PMKID_LEN }, 162 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 163 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 164 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 165 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 166 .len = IEEE80211_MAX_DATA_LEN }, 167 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 168 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 169 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 170 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 171 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 172 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 173 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 174 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 175 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 176 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 177 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 178 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 179 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 180 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 181 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 182 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 183 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 184 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 185 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 186 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 187 .len = IEEE80211_MAX_DATA_LEN }, 188 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 189 .len = IEEE80211_MAX_DATA_LEN }, 190 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 191 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 192 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 193 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 194 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 195 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 196 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 197 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 198 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 199 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 200 .len = IEEE80211_MAX_DATA_LEN }, 201 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 202 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 203 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 204 .len = NL80211_HT_CAPABILITY_LEN 205 }, 206 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 207 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 208 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 209 }; 210 211 /* policy for the key attributes */ 212 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 213 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 214 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 215 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 216 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 217 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 218 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 219 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 220 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 221 }; 222 223 /* policy for the key default flags */ 224 static const struct nla_policy 225 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 226 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 227 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 228 }; 229 230 /* policy for WoWLAN attributes */ 231 static const struct nla_policy 232 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 233 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 234 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 235 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 236 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 237 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 238 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 239 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 240 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 241 }; 242 243 /* policy for GTK rekey offload attributes */ 244 static const struct nla_policy 245 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 246 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 247 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 248 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 249 }; 250 251 static const struct nla_policy 252 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 253 [NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY, 254 .len = IEEE80211_MAX_SSID_LEN }, 255 }; 256 257 /* ifidx get helper */ 258 static int nl80211_get_ifidx(struct netlink_callback *cb) 259 { 260 int res; 261 262 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 263 nl80211_fam.attrbuf, nl80211_fam.maxattr, 264 nl80211_policy); 265 if (res) 266 return res; 267 268 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 269 return -EINVAL; 270 271 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 272 if (!res) 273 return -EINVAL; 274 return res; 275 } 276 277 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 278 struct netlink_callback *cb, 279 struct cfg80211_registered_device **rdev, 280 struct net_device **dev) 281 { 282 int ifidx = cb->args[0]; 283 int err; 284 285 if (!ifidx) 286 ifidx = nl80211_get_ifidx(cb); 287 if (ifidx < 0) 288 return ifidx; 289 290 cb->args[0] = ifidx; 291 292 rtnl_lock(); 293 294 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 295 if (!*dev) { 296 err = -ENODEV; 297 goto out_rtnl; 298 } 299 300 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 301 if (IS_ERR(*rdev)) { 302 err = PTR_ERR(*rdev); 303 goto out_rtnl; 304 } 305 306 return 0; 307 out_rtnl: 308 rtnl_unlock(); 309 return err; 310 } 311 312 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 313 { 314 cfg80211_unlock_rdev(rdev); 315 rtnl_unlock(); 316 } 317 318 /* IE validation */ 319 static bool is_valid_ie_attr(const struct nlattr *attr) 320 { 321 const u8 *pos; 322 int len; 323 324 if (!attr) 325 return true; 326 327 pos = nla_data(attr); 328 len = nla_len(attr); 329 330 while (len) { 331 u8 elemlen; 332 333 if (len < 2) 334 return false; 335 len -= 2; 336 337 elemlen = pos[1]; 338 if (elemlen > len) 339 return false; 340 341 len -= elemlen; 342 pos += 2 + elemlen; 343 } 344 345 return true; 346 } 347 348 /* message building helper */ 349 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 350 int flags, u8 cmd) 351 { 352 /* since there is no private header just add the generic one */ 353 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 354 } 355 356 static int nl80211_msg_put_channel(struct sk_buff *msg, 357 struct ieee80211_channel *chan) 358 { 359 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 360 chan->center_freq)) 361 goto nla_put_failure; 362 363 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 364 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 365 goto nla_put_failure; 366 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 367 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 368 goto nla_put_failure; 369 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 370 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 371 goto nla_put_failure; 372 if ((chan->flags & IEEE80211_CHAN_RADAR) && 373 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 374 goto nla_put_failure; 375 376 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 377 DBM_TO_MBM(chan->max_power))) 378 goto nla_put_failure; 379 380 return 0; 381 382 nla_put_failure: 383 return -ENOBUFS; 384 } 385 386 /* netlink command implementations */ 387 388 struct key_parse { 389 struct key_params p; 390 int idx; 391 int type; 392 bool def, defmgmt; 393 bool def_uni, def_multi; 394 }; 395 396 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 397 { 398 struct nlattr *tb[NL80211_KEY_MAX + 1]; 399 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 400 nl80211_key_policy); 401 if (err) 402 return err; 403 404 k->def = !!tb[NL80211_KEY_DEFAULT]; 405 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 406 407 if (k->def) { 408 k->def_uni = true; 409 k->def_multi = true; 410 } 411 if (k->defmgmt) 412 k->def_multi = true; 413 414 if (tb[NL80211_KEY_IDX]) 415 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 416 417 if (tb[NL80211_KEY_DATA]) { 418 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 419 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 420 } 421 422 if (tb[NL80211_KEY_SEQ]) { 423 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 424 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 425 } 426 427 if (tb[NL80211_KEY_CIPHER]) 428 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 429 430 if (tb[NL80211_KEY_TYPE]) { 431 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 432 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 433 return -EINVAL; 434 } 435 436 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 437 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 438 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 439 tb[NL80211_KEY_DEFAULT_TYPES], 440 nl80211_key_default_policy); 441 if (err) 442 return err; 443 444 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 445 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 446 } 447 448 return 0; 449 } 450 451 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 452 { 453 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 454 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 455 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 456 } 457 458 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 459 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 460 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 461 } 462 463 if (info->attrs[NL80211_ATTR_KEY_IDX]) 464 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 465 466 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 467 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 468 469 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 470 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 471 472 if (k->def) { 473 k->def_uni = true; 474 k->def_multi = true; 475 } 476 if (k->defmgmt) 477 k->def_multi = true; 478 479 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 480 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 481 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 482 return -EINVAL; 483 } 484 485 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 486 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 487 int err = nla_parse_nested( 488 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 489 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 490 nl80211_key_default_policy); 491 if (err) 492 return err; 493 494 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 495 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 496 } 497 498 return 0; 499 } 500 501 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 502 { 503 int err; 504 505 memset(k, 0, sizeof(*k)); 506 k->idx = -1; 507 k->type = -1; 508 509 if (info->attrs[NL80211_ATTR_KEY]) 510 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 511 else 512 err = nl80211_parse_key_old(info, k); 513 514 if (err) 515 return err; 516 517 if (k->def && k->defmgmt) 518 return -EINVAL; 519 520 if (k->defmgmt) { 521 if (k->def_uni || !k->def_multi) 522 return -EINVAL; 523 } 524 525 if (k->idx != -1) { 526 if (k->defmgmt) { 527 if (k->idx < 4 || k->idx > 5) 528 return -EINVAL; 529 } else if (k->def) { 530 if (k->idx < 0 || k->idx > 3) 531 return -EINVAL; 532 } else { 533 if (k->idx < 0 || k->idx > 5) 534 return -EINVAL; 535 } 536 } 537 538 return 0; 539 } 540 541 static struct cfg80211_cached_keys * 542 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 543 struct nlattr *keys) 544 { 545 struct key_parse parse; 546 struct nlattr *key; 547 struct cfg80211_cached_keys *result; 548 int rem, err, def = 0; 549 550 result = kzalloc(sizeof(*result), GFP_KERNEL); 551 if (!result) 552 return ERR_PTR(-ENOMEM); 553 554 result->def = -1; 555 result->defmgmt = -1; 556 557 nla_for_each_nested(key, keys, rem) { 558 memset(&parse, 0, sizeof(parse)); 559 parse.idx = -1; 560 561 err = nl80211_parse_key_new(key, &parse); 562 if (err) 563 goto error; 564 err = -EINVAL; 565 if (!parse.p.key) 566 goto error; 567 if (parse.idx < 0 || parse.idx > 4) 568 goto error; 569 if (parse.def) { 570 if (def) 571 goto error; 572 def = 1; 573 result->def = parse.idx; 574 if (!parse.def_uni || !parse.def_multi) 575 goto error; 576 } else if (parse.defmgmt) 577 goto error; 578 err = cfg80211_validate_key_settings(rdev, &parse.p, 579 parse.idx, false, NULL); 580 if (err) 581 goto error; 582 result->params[parse.idx].cipher = parse.p.cipher; 583 result->params[parse.idx].key_len = parse.p.key_len; 584 result->params[parse.idx].key = result->data[parse.idx]; 585 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 586 } 587 588 return result; 589 error: 590 kfree(result); 591 return ERR_PTR(err); 592 } 593 594 static int nl80211_key_allowed(struct wireless_dev *wdev) 595 { 596 ASSERT_WDEV_LOCK(wdev); 597 598 switch (wdev->iftype) { 599 case NL80211_IFTYPE_AP: 600 case NL80211_IFTYPE_AP_VLAN: 601 case NL80211_IFTYPE_P2P_GO: 602 case NL80211_IFTYPE_MESH_POINT: 603 break; 604 case NL80211_IFTYPE_ADHOC: 605 if (!wdev->current_bss) 606 return -ENOLINK; 607 break; 608 case NL80211_IFTYPE_STATION: 609 case NL80211_IFTYPE_P2P_CLIENT: 610 if (wdev->sme_state != CFG80211_SME_CONNECTED) 611 return -ENOLINK; 612 break; 613 default: 614 return -EINVAL; 615 } 616 617 return 0; 618 } 619 620 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 621 { 622 struct nlattr *nl_modes = nla_nest_start(msg, attr); 623 int i; 624 625 if (!nl_modes) 626 goto nla_put_failure; 627 628 i = 0; 629 while (ifmodes) { 630 if ((ifmodes & 1) && nla_put_flag(msg, i)) 631 goto nla_put_failure; 632 ifmodes >>= 1; 633 i++; 634 } 635 636 nla_nest_end(msg, nl_modes); 637 return 0; 638 639 nla_put_failure: 640 return -ENOBUFS; 641 } 642 643 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 644 struct sk_buff *msg) 645 { 646 struct nlattr *nl_combis; 647 int i, j; 648 649 nl_combis = nla_nest_start(msg, 650 NL80211_ATTR_INTERFACE_COMBINATIONS); 651 if (!nl_combis) 652 goto nla_put_failure; 653 654 for (i = 0; i < wiphy->n_iface_combinations; i++) { 655 const struct ieee80211_iface_combination *c; 656 struct nlattr *nl_combi, *nl_limits; 657 658 c = &wiphy->iface_combinations[i]; 659 660 nl_combi = nla_nest_start(msg, i + 1); 661 if (!nl_combi) 662 goto nla_put_failure; 663 664 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 665 if (!nl_limits) 666 goto nla_put_failure; 667 668 for (j = 0; j < c->n_limits; j++) { 669 struct nlattr *nl_limit; 670 671 nl_limit = nla_nest_start(msg, j + 1); 672 if (!nl_limit) 673 goto nla_put_failure; 674 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 675 c->limits[j].max)) 676 goto nla_put_failure; 677 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 678 c->limits[j].types)) 679 goto nla_put_failure; 680 nla_nest_end(msg, nl_limit); 681 } 682 683 nla_nest_end(msg, nl_limits); 684 685 if (c->beacon_int_infra_match && 686 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 687 goto nla_put_failure; 688 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 689 c->num_different_channels) || 690 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 691 c->max_interfaces)) 692 goto nla_put_failure; 693 694 nla_nest_end(msg, nl_combi); 695 } 696 697 nla_nest_end(msg, nl_combis); 698 699 return 0; 700 nla_put_failure: 701 return -ENOBUFS; 702 } 703 704 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 705 struct cfg80211_registered_device *dev) 706 { 707 void *hdr; 708 struct nlattr *nl_bands, *nl_band; 709 struct nlattr *nl_freqs, *nl_freq; 710 struct nlattr *nl_rates, *nl_rate; 711 struct nlattr *nl_cmds; 712 enum ieee80211_band band; 713 struct ieee80211_channel *chan; 714 struct ieee80211_rate *rate; 715 int i; 716 const struct ieee80211_txrx_stypes *mgmt_stypes = 717 dev->wiphy.mgmt_stypes; 718 719 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 720 if (!hdr) 721 return -1; 722 723 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 724 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) || 725 nla_put_u32(msg, NL80211_ATTR_GENERATION, 726 cfg80211_rdev_list_generation) || 727 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 728 dev->wiphy.retry_short) || 729 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 730 dev->wiphy.retry_long) || 731 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 732 dev->wiphy.frag_threshold) || 733 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 734 dev->wiphy.rts_threshold) || 735 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 736 dev->wiphy.coverage_class) || 737 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 738 dev->wiphy.max_scan_ssids) || 739 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 740 dev->wiphy.max_sched_scan_ssids) || 741 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 742 dev->wiphy.max_scan_ie_len) || 743 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 744 dev->wiphy.max_sched_scan_ie_len) || 745 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 746 dev->wiphy.max_match_sets)) 747 goto nla_put_failure; 748 749 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 750 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 751 goto nla_put_failure; 752 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 753 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 754 goto nla_put_failure; 755 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 756 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 757 goto nla_put_failure; 758 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 759 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 760 goto nla_put_failure; 761 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 762 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 763 goto nla_put_failure; 764 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 765 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 766 goto nla_put_failure; 767 768 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 769 sizeof(u32) * dev->wiphy.n_cipher_suites, 770 dev->wiphy.cipher_suites)) 771 goto nla_put_failure; 772 773 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 774 dev->wiphy.max_num_pmkids)) 775 goto nla_put_failure; 776 777 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 778 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 779 goto nla_put_failure; 780 781 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 782 dev->wiphy.available_antennas_tx) || 783 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 784 dev->wiphy.available_antennas_rx)) 785 goto nla_put_failure; 786 787 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 788 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 789 dev->wiphy.probe_resp_offload)) 790 goto nla_put_failure; 791 792 if ((dev->wiphy.available_antennas_tx || 793 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 794 u32 tx_ant = 0, rx_ant = 0; 795 int res; 796 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant); 797 if (!res) { 798 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, 799 tx_ant) || 800 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, 801 rx_ant)) 802 goto nla_put_failure; 803 } 804 } 805 806 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 807 dev->wiphy.interface_modes)) 808 goto nla_put_failure; 809 810 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 811 if (!nl_bands) 812 goto nla_put_failure; 813 814 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 815 if (!dev->wiphy.bands[band]) 816 continue; 817 818 nl_band = nla_nest_start(msg, band); 819 if (!nl_band) 820 goto nla_put_failure; 821 822 /* add HT info */ 823 if (dev->wiphy.bands[band]->ht_cap.ht_supported && 824 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 825 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 826 &dev->wiphy.bands[band]->ht_cap.mcs) || 827 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 828 dev->wiphy.bands[band]->ht_cap.cap) || 829 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 830 dev->wiphy.bands[band]->ht_cap.ampdu_factor) || 831 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 832 dev->wiphy.bands[band]->ht_cap.ampdu_density))) 833 goto nla_put_failure; 834 835 /* add frequencies */ 836 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 837 if (!nl_freqs) 838 goto nla_put_failure; 839 840 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 841 nl_freq = nla_nest_start(msg, i); 842 if (!nl_freq) 843 goto nla_put_failure; 844 845 chan = &dev->wiphy.bands[band]->channels[i]; 846 847 if (nl80211_msg_put_channel(msg, chan)) 848 goto nla_put_failure; 849 850 nla_nest_end(msg, nl_freq); 851 } 852 853 nla_nest_end(msg, nl_freqs); 854 855 /* add bitrates */ 856 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 857 if (!nl_rates) 858 goto nla_put_failure; 859 860 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 861 nl_rate = nla_nest_start(msg, i); 862 if (!nl_rate) 863 goto nla_put_failure; 864 865 rate = &dev->wiphy.bands[band]->bitrates[i]; 866 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 867 rate->bitrate)) 868 goto nla_put_failure; 869 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 870 nla_put_flag(msg, 871 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 872 goto nla_put_failure; 873 874 nla_nest_end(msg, nl_rate); 875 } 876 877 nla_nest_end(msg, nl_rates); 878 879 nla_nest_end(msg, nl_band); 880 } 881 nla_nest_end(msg, nl_bands); 882 883 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 884 if (!nl_cmds) 885 goto nla_put_failure; 886 887 i = 0; 888 #define CMD(op, n) \ 889 do { \ 890 if (dev->ops->op) { \ 891 i++; \ 892 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 893 goto nla_put_failure; \ 894 } \ 895 } while (0) 896 897 CMD(add_virtual_intf, NEW_INTERFACE); 898 CMD(change_virtual_intf, SET_INTERFACE); 899 CMD(add_key, NEW_KEY); 900 CMD(start_ap, START_AP); 901 CMD(add_station, NEW_STATION); 902 CMD(add_mpath, NEW_MPATH); 903 CMD(update_mesh_config, SET_MESH_CONFIG); 904 CMD(change_bss, SET_BSS); 905 CMD(auth, AUTHENTICATE); 906 CMD(assoc, ASSOCIATE); 907 CMD(deauth, DEAUTHENTICATE); 908 CMD(disassoc, DISASSOCIATE); 909 CMD(join_ibss, JOIN_IBSS); 910 CMD(join_mesh, JOIN_MESH); 911 CMD(set_pmksa, SET_PMKSA); 912 CMD(del_pmksa, DEL_PMKSA); 913 CMD(flush_pmksa, FLUSH_PMKSA); 914 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 915 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 916 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 917 CMD(mgmt_tx, FRAME); 918 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 919 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 920 i++; 921 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 922 goto nla_put_failure; 923 } 924 CMD(set_channel, SET_CHANNEL); 925 CMD(set_wds_peer, SET_WDS_PEER); 926 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 927 CMD(tdls_mgmt, TDLS_MGMT); 928 CMD(tdls_oper, TDLS_OPER); 929 } 930 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 931 CMD(sched_scan_start, START_SCHED_SCAN); 932 CMD(probe_client, PROBE_CLIENT); 933 CMD(set_noack_map, SET_NOACK_MAP); 934 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 935 i++; 936 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 937 goto nla_put_failure; 938 } 939 940 #ifdef CONFIG_NL80211_TESTMODE 941 CMD(testmode_cmd, TESTMODE); 942 #endif 943 944 #undef CMD 945 946 if (dev->ops->connect || dev->ops->auth) { 947 i++; 948 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 949 goto nla_put_failure; 950 } 951 952 if (dev->ops->disconnect || dev->ops->deauth) { 953 i++; 954 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 955 goto nla_put_failure; 956 } 957 958 nla_nest_end(msg, nl_cmds); 959 960 if (dev->ops->remain_on_channel && 961 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 962 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 963 dev->wiphy.max_remain_on_channel_duration)) 964 goto nla_put_failure; 965 966 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 967 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 968 goto nla_put_failure; 969 970 if (mgmt_stypes) { 971 u16 stypes; 972 struct nlattr *nl_ftypes, *nl_ifs; 973 enum nl80211_iftype ift; 974 975 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 976 if (!nl_ifs) 977 goto nla_put_failure; 978 979 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 980 nl_ftypes = nla_nest_start(msg, ift); 981 if (!nl_ftypes) 982 goto nla_put_failure; 983 i = 0; 984 stypes = mgmt_stypes[ift].tx; 985 while (stypes) { 986 if ((stypes & 1) && 987 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 988 (i << 4) | IEEE80211_FTYPE_MGMT)) 989 goto nla_put_failure; 990 stypes >>= 1; 991 i++; 992 } 993 nla_nest_end(msg, nl_ftypes); 994 } 995 996 nla_nest_end(msg, nl_ifs); 997 998 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 999 if (!nl_ifs) 1000 goto nla_put_failure; 1001 1002 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1003 nl_ftypes = nla_nest_start(msg, ift); 1004 if (!nl_ftypes) 1005 goto nla_put_failure; 1006 i = 0; 1007 stypes = mgmt_stypes[ift].rx; 1008 while (stypes) { 1009 if ((stypes & 1) && 1010 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1011 (i << 4) | IEEE80211_FTYPE_MGMT)) 1012 goto nla_put_failure; 1013 stypes >>= 1; 1014 i++; 1015 } 1016 nla_nest_end(msg, nl_ftypes); 1017 } 1018 nla_nest_end(msg, nl_ifs); 1019 } 1020 1021 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 1022 struct nlattr *nl_wowlan; 1023 1024 nl_wowlan = nla_nest_start(msg, 1025 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1026 if (!nl_wowlan) 1027 goto nla_put_failure; 1028 1029 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) && 1030 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1031 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) && 1032 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1033 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) && 1034 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1035 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1036 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1037 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1038 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1039 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1040 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1041 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1042 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1043 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1044 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1045 goto nla_put_failure; 1046 if (dev->wiphy.wowlan.n_patterns) { 1047 struct nl80211_wowlan_pattern_support pat = { 1048 .max_patterns = dev->wiphy.wowlan.n_patterns, 1049 .min_pattern_len = 1050 dev->wiphy.wowlan.pattern_min_len, 1051 .max_pattern_len = 1052 dev->wiphy.wowlan.pattern_max_len, 1053 }; 1054 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1055 sizeof(pat), &pat)) 1056 goto nla_put_failure; 1057 } 1058 1059 nla_nest_end(msg, nl_wowlan); 1060 } 1061 1062 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1063 dev->wiphy.software_iftypes)) 1064 goto nla_put_failure; 1065 1066 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1067 goto nla_put_failure; 1068 1069 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1070 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1071 dev->wiphy.ap_sme_capa)) 1072 goto nla_put_failure; 1073 1074 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, 1075 dev->wiphy.features)) 1076 goto nla_put_failure; 1077 1078 if (dev->wiphy.ht_capa_mod_mask && 1079 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1080 sizeof(*dev->wiphy.ht_capa_mod_mask), 1081 dev->wiphy.ht_capa_mod_mask)) 1082 goto nla_put_failure; 1083 1084 return genlmsg_end(msg, hdr); 1085 1086 nla_put_failure: 1087 genlmsg_cancel(msg, hdr); 1088 return -EMSGSIZE; 1089 } 1090 1091 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1092 { 1093 int idx = 0; 1094 int start = cb->args[0]; 1095 struct cfg80211_registered_device *dev; 1096 1097 mutex_lock(&cfg80211_mutex); 1098 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1099 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1100 continue; 1101 if (++idx <= start) 1102 continue; 1103 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 1104 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1105 dev) < 0) { 1106 idx--; 1107 break; 1108 } 1109 } 1110 mutex_unlock(&cfg80211_mutex); 1111 1112 cb->args[0] = idx; 1113 1114 return skb->len; 1115 } 1116 1117 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1118 { 1119 struct sk_buff *msg; 1120 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1121 1122 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1123 if (!msg) 1124 return -ENOMEM; 1125 1126 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) { 1127 nlmsg_free(msg); 1128 return -ENOBUFS; 1129 } 1130 1131 return genlmsg_reply(msg, info); 1132 } 1133 1134 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1135 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1136 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1137 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1138 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1139 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1140 }; 1141 1142 static int parse_txq_params(struct nlattr *tb[], 1143 struct ieee80211_txq_params *txq_params) 1144 { 1145 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1146 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1147 !tb[NL80211_TXQ_ATTR_AIFS]) 1148 return -EINVAL; 1149 1150 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1151 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1152 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1153 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1154 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1155 1156 if (txq_params->ac >= NL80211_NUM_ACS) 1157 return -EINVAL; 1158 1159 return 0; 1160 } 1161 1162 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1163 { 1164 /* 1165 * You can only set the channel explicitly for AP, mesh 1166 * and WDS type interfaces; all others have their channel 1167 * managed via their respective "establish a connection" 1168 * command (connect, join, ...) 1169 * 1170 * Monitors are special as they are normally slaved to 1171 * whatever else is going on, so they behave as though 1172 * you tried setting the wiphy channel itself. 1173 */ 1174 return !wdev || 1175 wdev->iftype == NL80211_IFTYPE_AP || 1176 wdev->iftype == NL80211_IFTYPE_WDS || 1177 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1178 wdev->iftype == NL80211_IFTYPE_MONITOR || 1179 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1180 } 1181 1182 static bool nl80211_valid_channel_type(struct genl_info *info, 1183 enum nl80211_channel_type *channel_type) 1184 { 1185 enum nl80211_channel_type tmp; 1186 1187 if (!info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1188 return false; 1189 1190 tmp = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1191 if (tmp != NL80211_CHAN_NO_HT && 1192 tmp != NL80211_CHAN_HT20 && 1193 tmp != NL80211_CHAN_HT40PLUS && 1194 tmp != NL80211_CHAN_HT40MINUS) 1195 return false; 1196 1197 if (channel_type) 1198 *channel_type = tmp; 1199 1200 return true; 1201 } 1202 1203 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1204 struct wireless_dev *wdev, 1205 struct genl_info *info) 1206 { 1207 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 1208 u32 freq; 1209 int result; 1210 1211 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1212 return -EINVAL; 1213 1214 if (!nl80211_can_set_dev_channel(wdev)) 1215 return -EOPNOTSUPP; 1216 1217 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 1218 !nl80211_valid_channel_type(info, &channel_type)) 1219 return -EINVAL; 1220 1221 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1222 1223 mutex_lock(&rdev->devlist_mtx); 1224 if (wdev) { 1225 wdev_lock(wdev); 1226 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 1227 wdev_unlock(wdev); 1228 } else { 1229 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 1230 } 1231 mutex_unlock(&rdev->devlist_mtx); 1232 1233 return result; 1234 } 1235 1236 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1237 { 1238 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1239 struct net_device *netdev = info->user_ptr[1]; 1240 1241 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1242 } 1243 1244 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1245 { 1246 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1247 struct net_device *dev = info->user_ptr[1]; 1248 struct wireless_dev *wdev = dev->ieee80211_ptr; 1249 const u8 *bssid; 1250 1251 if (!info->attrs[NL80211_ATTR_MAC]) 1252 return -EINVAL; 1253 1254 if (netif_running(dev)) 1255 return -EBUSY; 1256 1257 if (!rdev->ops->set_wds_peer) 1258 return -EOPNOTSUPP; 1259 1260 if (wdev->iftype != NL80211_IFTYPE_WDS) 1261 return -EOPNOTSUPP; 1262 1263 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1264 return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid); 1265 } 1266 1267 1268 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1269 { 1270 struct cfg80211_registered_device *rdev; 1271 struct net_device *netdev = NULL; 1272 struct wireless_dev *wdev; 1273 int result = 0, rem_txq_params = 0; 1274 struct nlattr *nl_txq_params; 1275 u32 changed; 1276 u8 retry_short = 0, retry_long = 0; 1277 u32 frag_threshold = 0, rts_threshold = 0; 1278 u8 coverage_class = 0; 1279 1280 /* 1281 * Try to find the wiphy and netdev. Normally this 1282 * function shouldn't need the netdev, but this is 1283 * done for backward compatibility -- previously 1284 * setting the channel was done per wiphy, but now 1285 * it is per netdev. Previous userland like hostapd 1286 * also passed a netdev to set_wiphy, so that it is 1287 * possible to let that go to the right netdev! 1288 */ 1289 mutex_lock(&cfg80211_mutex); 1290 1291 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1292 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1293 1294 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1295 if (netdev && netdev->ieee80211_ptr) { 1296 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1297 mutex_lock(&rdev->mtx); 1298 } else 1299 netdev = NULL; 1300 } 1301 1302 if (!netdev) { 1303 rdev = __cfg80211_rdev_from_info(info); 1304 if (IS_ERR(rdev)) { 1305 mutex_unlock(&cfg80211_mutex); 1306 return PTR_ERR(rdev); 1307 } 1308 wdev = NULL; 1309 netdev = NULL; 1310 result = 0; 1311 1312 mutex_lock(&rdev->mtx); 1313 } else if (netif_running(netdev) && 1314 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 1315 wdev = netdev->ieee80211_ptr; 1316 else 1317 wdev = NULL; 1318 1319 /* 1320 * end workaround code, by now the rdev is available 1321 * and locked, and wdev may or may not be NULL. 1322 */ 1323 1324 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1325 result = cfg80211_dev_rename( 1326 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1327 1328 mutex_unlock(&cfg80211_mutex); 1329 1330 if (result) 1331 goto bad_res; 1332 1333 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1334 struct ieee80211_txq_params txq_params; 1335 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1336 1337 if (!rdev->ops->set_txq_params) { 1338 result = -EOPNOTSUPP; 1339 goto bad_res; 1340 } 1341 1342 if (!netdev) { 1343 result = -EINVAL; 1344 goto bad_res; 1345 } 1346 1347 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1348 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1349 result = -EINVAL; 1350 goto bad_res; 1351 } 1352 1353 if (!netif_running(netdev)) { 1354 result = -ENETDOWN; 1355 goto bad_res; 1356 } 1357 1358 nla_for_each_nested(nl_txq_params, 1359 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1360 rem_txq_params) { 1361 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1362 nla_data(nl_txq_params), 1363 nla_len(nl_txq_params), 1364 txq_params_policy); 1365 result = parse_txq_params(tb, &txq_params); 1366 if (result) 1367 goto bad_res; 1368 1369 result = rdev->ops->set_txq_params(&rdev->wiphy, 1370 netdev, 1371 &txq_params); 1372 if (result) 1373 goto bad_res; 1374 } 1375 } 1376 1377 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1378 result = __nl80211_set_channel(rdev, wdev, info); 1379 if (result) 1380 goto bad_res; 1381 } 1382 1383 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1384 enum nl80211_tx_power_setting type; 1385 int idx, mbm = 0; 1386 1387 if (!rdev->ops->set_tx_power) { 1388 result = -EOPNOTSUPP; 1389 goto bad_res; 1390 } 1391 1392 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1393 type = nla_get_u32(info->attrs[idx]); 1394 1395 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1396 (type != NL80211_TX_POWER_AUTOMATIC)) { 1397 result = -EINVAL; 1398 goto bad_res; 1399 } 1400 1401 if (type != NL80211_TX_POWER_AUTOMATIC) { 1402 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1403 mbm = nla_get_u32(info->attrs[idx]); 1404 } 1405 1406 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 1407 if (result) 1408 goto bad_res; 1409 } 1410 1411 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1412 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1413 u32 tx_ant, rx_ant; 1414 if ((!rdev->wiphy.available_antennas_tx && 1415 !rdev->wiphy.available_antennas_rx) || 1416 !rdev->ops->set_antenna) { 1417 result = -EOPNOTSUPP; 1418 goto bad_res; 1419 } 1420 1421 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1422 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1423 1424 /* reject antenna configurations which don't match the 1425 * available antenna masks, except for the "all" mask */ 1426 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1427 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1428 result = -EINVAL; 1429 goto bad_res; 1430 } 1431 1432 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1433 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1434 1435 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant); 1436 if (result) 1437 goto bad_res; 1438 } 1439 1440 changed = 0; 1441 1442 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1443 retry_short = nla_get_u8( 1444 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1445 if (retry_short == 0) { 1446 result = -EINVAL; 1447 goto bad_res; 1448 } 1449 changed |= WIPHY_PARAM_RETRY_SHORT; 1450 } 1451 1452 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1453 retry_long = nla_get_u8( 1454 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1455 if (retry_long == 0) { 1456 result = -EINVAL; 1457 goto bad_res; 1458 } 1459 changed |= WIPHY_PARAM_RETRY_LONG; 1460 } 1461 1462 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1463 frag_threshold = nla_get_u32( 1464 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1465 if (frag_threshold < 256) { 1466 result = -EINVAL; 1467 goto bad_res; 1468 } 1469 if (frag_threshold != (u32) -1) { 1470 /* 1471 * Fragments (apart from the last one) are required to 1472 * have even length. Make the fragmentation code 1473 * simpler by stripping LSB should someone try to use 1474 * odd threshold value. 1475 */ 1476 frag_threshold &= ~0x1; 1477 } 1478 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1479 } 1480 1481 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1482 rts_threshold = nla_get_u32( 1483 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1484 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1485 } 1486 1487 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1488 coverage_class = nla_get_u8( 1489 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1490 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1491 } 1492 1493 if (changed) { 1494 u8 old_retry_short, old_retry_long; 1495 u32 old_frag_threshold, old_rts_threshold; 1496 u8 old_coverage_class; 1497 1498 if (!rdev->ops->set_wiphy_params) { 1499 result = -EOPNOTSUPP; 1500 goto bad_res; 1501 } 1502 1503 old_retry_short = rdev->wiphy.retry_short; 1504 old_retry_long = rdev->wiphy.retry_long; 1505 old_frag_threshold = rdev->wiphy.frag_threshold; 1506 old_rts_threshold = rdev->wiphy.rts_threshold; 1507 old_coverage_class = rdev->wiphy.coverage_class; 1508 1509 if (changed & WIPHY_PARAM_RETRY_SHORT) 1510 rdev->wiphy.retry_short = retry_short; 1511 if (changed & WIPHY_PARAM_RETRY_LONG) 1512 rdev->wiphy.retry_long = retry_long; 1513 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1514 rdev->wiphy.frag_threshold = frag_threshold; 1515 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1516 rdev->wiphy.rts_threshold = rts_threshold; 1517 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1518 rdev->wiphy.coverage_class = coverage_class; 1519 1520 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 1521 if (result) { 1522 rdev->wiphy.retry_short = old_retry_short; 1523 rdev->wiphy.retry_long = old_retry_long; 1524 rdev->wiphy.frag_threshold = old_frag_threshold; 1525 rdev->wiphy.rts_threshold = old_rts_threshold; 1526 rdev->wiphy.coverage_class = old_coverage_class; 1527 } 1528 } 1529 1530 bad_res: 1531 mutex_unlock(&rdev->mtx); 1532 if (netdev) 1533 dev_put(netdev); 1534 return result; 1535 } 1536 1537 1538 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1539 struct cfg80211_registered_device *rdev, 1540 struct net_device *dev) 1541 { 1542 void *hdr; 1543 1544 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1545 if (!hdr) 1546 return -1; 1547 1548 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1549 nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1550 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) || 1551 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 1552 dev->ieee80211_ptr->iftype) || 1553 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1554 rdev->devlist_generation ^ 1555 (cfg80211_rdev_list_generation << 2))) 1556 goto nla_put_failure; 1557 1558 if (rdev->ops->get_channel) { 1559 struct ieee80211_channel *chan; 1560 enum nl80211_channel_type channel_type; 1561 1562 chan = rdev->ops->get_channel(&rdev->wiphy, &channel_type); 1563 if (chan && 1564 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1565 chan->center_freq) || 1566 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1567 channel_type))) 1568 goto nla_put_failure; 1569 } 1570 1571 return genlmsg_end(msg, hdr); 1572 1573 nla_put_failure: 1574 genlmsg_cancel(msg, hdr); 1575 return -EMSGSIZE; 1576 } 1577 1578 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1579 { 1580 int wp_idx = 0; 1581 int if_idx = 0; 1582 int wp_start = cb->args[0]; 1583 int if_start = cb->args[1]; 1584 struct cfg80211_registered_device *rdev; 1585 struct wireless_dev *wdev; 1586 1587 mutex_lock(&cfg80211_mutex); 1588 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1589 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1590 continue; 1591 if (wp_idx < wp_start) { 1592 wp_idx++; 1593 continue; 1594 } 1595 if_idx = 0; 1596 1597 mutex_lock(&rdev->devlist_mtx); 1598 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1599 if (if_idx < if_start) { 1600 if_idx++; 1601 continue; 1602 } 1603 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1604 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1605 rdev, wdev->netdev) < 0) { 1606 mutex_unlock(&rdev->devlist_mtx); 1607 goto out; 1608 } 1609 if_idx++; 1610 } 1611 mutex_unlock(&rdev->devlist_mtx); 1612 1613 wp_idx++; 1614 } 1615 out: 1616 mutex_unlock(&cfg80211_mutex); 1617 1618 cb->args[0] = wp_idx; 1619 cb->args[1] = if_idx; 1620 1621 return skb->len; 1622 } 1623 1624 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1625 { 1626 struct sk_buff *msg; 1627 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1628 struct net_device *netdev = info->user_ptr[1]; 1629 1630 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1631 if (!msg) 1632 return -ENOMEM; 1633 1634 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1635 dev, netdev) < 0) { 1636 nlmsg_free(msg); 1637 return -ENOBUFS; 1638 } 1639 1640 return genlmsg_reply(msg, info); 1641 } 1642 1643 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1644 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1645 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1646 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1647 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1648 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1649 }; 1650 1651 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1652 { 1653 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1654 int flag; 1655 1656 *mntrflags = 0; 1657 1658 if (!nla) 1659 return -EINVAL; 1660 1661 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1662 nla, mntr_flags_policy)) 1663 return -EINVAL; 1664 1665 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1666 if (flags[flag]) 1667 *mntrflags |= (1<<flag); 1668 1669 return 0; 1670 } 1671 1672 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1673 struct net_device *netdev, u8 use_4addr, 1674 enum nl80211_iftype iftype) 1675 { 1676 if (!use_4addr) { 1677 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1678 return -EBUSY; 1679 return 0; 1680 } 1681 1682 switch (iftype) { 1683 case NL80211_IFTYPE_AP_VLAN: 1684 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1685 return 0; 1686 break; 1687 case NL80211_IFTYPE_STATION: 1688 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1689 return 0; 1690 break; 1691 default: 1692 break; 1693 } 1694 1695 return -EOPNOTSUPP; 1696 } 1697 1698 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1699 { 1700 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1701 struct vif_params params; 1702 int err; 1703 enum nl80211_iftype otype, ntype; 1704 struct net_device *dev = info->user_ptr[1]; 1705 u32 _flags, *flags = NULL; 1706 bool change = false; 1707 1708 memset(¶ms, 0, sizeof(params)); 1709 1710 otype = ntype = dev->ieee80211_ptr->iftype; 1711 1712 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1713 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1714 if (otype != ntype) 1715 change = true; 1716 if (ntype > NL80211_IFTYPE_MAX) 1717 return -EINVAL; 1718 } 1719 1720 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1721 struct wireless_dev *wdev = dev->ieee80211_ptr; 1722 1723 if (ntype != NL80211_IFTYPE_MESH_POINT) 1724 return -EINVAL; 1725 if (netif_running(dev)) 1726 return -EBUSY; 1727 1728 wdev_lock(wdev); 1729 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1730 IEEE80211_MAX_MESH_ID_LEN); 1731 wdev->mesh_id_up_len = 1732 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1733 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1734 wdev->mesh_id_up_len); 1735 wdev_unlock(wdev); 1736 } 1737 1738 if (info->attrs[NL80211_ATTR_4ADDR]) { 1739 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1740 change = true; 1741 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1742 if (err) 1743 return err; 1744 } else { 1745 params.use_4addr = -1; 1746 } 1747 1748 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1749 if (ntype != NL80211_IFTYPE_MONITOR) 1750 return -EINVAL; 1751 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1752 &_flags); 1753 if (err) 1754 return err; 1755 1756 flags = &_flags; 1757 change = true; 1758 } 1759 1760 if (change) 1761 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1762 else 1763 err = 0; 1764 1765 if (!err && params.use_4addr != -1) 1766 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1767 1768 return err; 1769 } 1770 1771 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1772 { 1773 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1774 struct vif_params params; 1775 struct net_device *dev; 1776 int err; 1777 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1778 u32 flags; 1779 1780 memset(¶ms, 0, sizeof(params)); 1781 1782 if (!info->attrs[NL80211_ATTR_IFNAME]) 1783 return -EINVAL; 1784 1785 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1786 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1787 if (type > NL80211_IFTYPE_MAX) 1788 return -EINVAL; 1789 } 1790 1791 if (!rdev->ops->add_virtual_intf || 1792 !(rdev->wiphy.interface_modes & (1 << type))) 1793 return -EOPNOTSUPP; 1794 1795 if (info->attrs[NL80211_ATTR_4ADDR]) { 1796 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1797 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1798 if (err) 1799 return err; 1800 } 1801 1802 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1803 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1804 &flags); 1805 dev = rdev->ops->add_virtual_intf(&rdev->wiphy, 1806 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1807 type, err ? NULL : &flags, ¶ms); 1808 if (IS_ERR(dev)) 1809 return PTR_ERR(dev); 1810 1811 if (type == NL80211_IFTYPE_MESH_POINT && 1812 info->attrs[NL80211_ATTR_MESH_ID]) { 1813 struct wireless_dev *wdev = dev->ieee80211_ptr; 1814 1815 wdev_lock(wdev); 1816 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1817 IEEE80211_MAX_MESH_ID_LEN); 1818 wdev->mesh_id_up_len = 1819 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1820 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1821 wdev->mesh_id_up_len); 1822 wdev_unlock(wdev); 1823 } 1824 1825 return 0; 1826 } 1827 1828 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1829 { 1830 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1831 struct net_device *dev = info->user_ptr[1]; 1832 1833 if (!rdev->ops->del_virtual_intf) 1834 return -EOPNOTSUPP; 1835 1836 return rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1837 } 1838 1839 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 1840 { 1841 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1842 struct net_device *dev = info->user_ptr[1]; 1843 u16 noack_map; 1844 1845 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 1846 return -EINVAL; 1847 1848 if (!rdev->ops->set_noack_map) 1849 return -EOPNOTSUPP; 1850 1851 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 1852 1853 return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map); 1854 } 1855 1856 struct get_key_cookie { 1857 struct sk_buff *msg; 1858 int error; 1859 int idx; 1860 }; 1861 1862 static void get_key_callback(void *c, struct key_params *params) 1863 { 1864 struct nlattr *key; 1865 struct get_key_cookie *cookie = c; 1866 1867 if ((params->key && 1868 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 1869 params->key_len, params->key)) || 1870 (params->seq && 1871 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 1872 params->seq_len, params->seq)) || 1873 (params->cipher && 1874 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1875 params->cipher))) 1876 goto nla_put_failure; 1877 1878 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1879 if (!key) 1880 goto nla_put_failure; 1881 1882 if ((params->key && 1883 nla_put(cookie->msg, NL80211_KEY_DATA, 1884 params->key_len, params->key)) || 1885 (params->seq && 1886 nla_put(cookie->msg, NL80211_KEY_SEQ, 1887 params->seq_len, params->seq)) || 1888 (params->cipher && 1889 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 1890 params->cipher))) 1891 goto nla_put_failure; 1892 1893 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 1894 goto nla_put_failure; 1895 1896 nla_nest_end(cookie->msg, key); 1897 1898 return; 1899 nla_put_failure: 1900 cookie->error = 1; 1901 } 1902 1903 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1904 { 1905 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1906 int err; 1907 struct net_device *dev = info->user_ptr[1]; 1908 u8 key_idx = 0; 1909 const u8 *mac_addr = NULL; 1910 bool pairwise; 1911 struct get_key_cookie cookie = { 1912 .error = 0, 1913 }; 1914 void *hdr; 1915 struct sk_buff *msg; 1916 1917 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1918 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1919 1920 if (key_idx > 5) 1921 return -EINVAL; 1922 1923 if (info->attrs[NL80211_ATTR_MAC]) 1924 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1925 1926 pairwise = !!mac_addr; 1927 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 1928 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 1929 if (kt >= NUM_NL80211_KEYTYPES) 1930 return -EINVAL; 1931 if (kt != NL80211_KEYTYPE_GROUP && 1932 kt != NL80211_KEYTYPE_PAIRWISE) 1933 return -EINVAL; 1934 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 1935 } 1936 1937 if (!rdev->ops->get_key) 1938 return -EOPNOTSUPP; 1939 1940 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1941 if (!msg) 1942 return -ENOMEM; 1943 1944 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1945 NL80211_CMD_NEW_KEY); 1946 if (IS_ERR(hdr)) 1947 return PTR_ERR(hdr); 1948 1949 cookie.msg = msg; 1950 cookie.idx = key_idx; 1951 1952 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1953 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 1954 goto nla_put_failure; 1955 if (mac_addr && 1956 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 1957 goto nla_put_failure; 1958 1959 if (pairwise && mac_addr && 1960 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 1961 return -ENOENT; 1962 1963 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise, 1964 mac_addr, &cookie, get_key_callback); 1965 1966 if (err) 1967 goto free_msg; 1968 1969 if (cookie.error) 1970 goto nla_put_failure; 1971 1972 genlmsg_end(msg, hdr); 1973 return genlmsg_reply(msg, info); 1974 1975 nla_put_failure: 1976 err = -ENOBUFS; 1977 free_msg: 1978 nlmsg_free(msg); 1979 return err; 1980 } 1981 1982 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1983 { 1984 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1985 struct key_parse key; 1986 int err; 1987 struct net_device *dev = info->user_ptr[1]; 1988 1989 err = nl80211_parse_key(info, &key); 1990 if (err) 1991 return err; 1992 1993 if (key.idx < 0) 1994 return -EINVAL; 1995 1996 /* only support setting default key */ 1997 if (!key.def && !key.defmgmt) 1998 return -EINVAL; 1999 2000 wdev_lock(dev->ieee80211_ptr); 2001 2002 if (key.def) { 2003 if (!rdev->ops->set_default_key) { 2004 err = -EOPNOTSUPP; 2005 goto out; 2006 } 2007 2008 err = nl80211_key_allowed(dev->ieee80211_ptr); 2009 if (err) 2010 goto out; 2011 2012 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx, 2013 key.def_uni, key.def_multi); 2014 2015 if (err) 2016 goto out; 2017 2018 #ifdef CONFIG_CFG80211_WEXT 2019 dev->ieee80211_ptr->wext.default_key = key.idx; 2020 #endif 2021 } else { 2022 if (key.def_uni || !key.def_multi) { 2023 err = -EINVAL; 2024 goto out; 2025 } 2026 2027 if (!rdev->ops->set_default_mgmt_key) { 2028 err = -EOPNOTSUPP; 2029 goto out; 2030 } 2031 2032 err = nl80211_key_allowed(dev->ieee80211_ptr); 2033 if (err) 2034 goto out; 2035 2036 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy, 2037 dev, key.idx); 2038 if (err) 2039 goto out; 2040 2041 #ifdef CONFIG_CFG80211_WEXT 2042 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2043 #endif 2044 } 2045 2046 out: 2047 wdev_unlock(dev->ieee80211_ptr); 2048 2049 return err; 2050 } 2051 2052 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2053 { 2054 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2055 int err; 2056 struct net_device *dev = info->user_ptr[1]; 2057 struct key_parse key; 2058 const u8 *mac_addr = NULL; 2059 2060 err = nl80211_parse_key(info, &key); 2061 if (err) 2062 return err; 2063 2064 if (!key.p.key) 2065 return -EINVAL; 2066 2067 if (info->attrs[NL80211_ATTR_MAC]) 2068 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2069 2070 if (key.type == -1) { 2071 if (mac_addr) 2072 key.type = NL80211_KEYTYPE_PAIRWISE; 2073 else 2074 key.type = NL80211_KEYTYPE_GROUP; 2075 } 2076 2077 /* for now */ 2078 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2079 key.type != NL80211_KEYTYPE_GROUP) 2080 return -EINVAL; 2081 2082 if (!rdev->ops->add_key) 2083 return -EOPNOTSUPP; 2084 2085 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2086 key.type == NL80211_KEYTYPE_PAIRWISE, 2087 mac_addr)) 2088 return -EINVAL; 2089 2090 wdev_lock(dev->ieee80211_ptr); 2091 err = nl80211_key_allowed(dev->ieee80211_ptr); 2092 if (!err) 2093 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 2094 key.type == NL80211_KEYTYPE_PAIRWISE, 2095 mac_addr, &key.p); 2096 wdev_unlock(dev->ieee80211_ptr); 2097 2098 return err; 2099 } 2100 2101 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2102 { 2103 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2104 int err; 2105 struct net_device *dev = info->user_ptr[1]; 2106 u8 *mac_addr = NULL; 2107 struct key_parse key; 2108 2109 err = nl80211_parse_key(info, &key); 2110 if (err) 2111 return err; 2112 2113 if (info->attrs[NL80211_ATTR_MAC]) 2114 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2115 2116 if (key.type == -1) { 2117 if (mac_addr) 2118 key.type = NL80211_KEYTYPE_PAIRWISE; 2119 else 2120 key.type = NL80211_KEYTYPE_GROUP; 2121 } 2122 2123 /* for now */ 2124 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2125 key.type != NL80211_KEYTYPE_GROUP) 2126 return -EINVAL; 2127 2128 if (!rdev->ops->del_key) 2129 return -EOPNOTSUPP; 2130 2131 wdev_lock(dev->ieee80211_ptr); 2132 err = nl80211_key_allowed(dev->ieee80211_ptr); 2133 2134 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2135 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2136 err = -ENOENT; 2137 2138 if (!err) 2139 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, 2140 key.type == NL80211_KEYTYPE_PAIRWISE, 2141 mac_addr); 2142 2143 #ifdef CONFIG_CFG80211_WEXT 2144 if (!err) { 2145 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2146 dev->ieee80211_ptr->wext.default_key = -1; 2147 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2148 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2149 } 2150 #endif 2151 wdev_unlock(dev->ieee80211_ptr); 2152 2153 return err; 2154 } 2155 2156 static int nl80211_parse_beacon(struct genl_info *info, 2157 struct cfg80211_beacon_data *bcn) 2158 { 2159 bool haveinfo = false; 2160 2161 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2162 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2163 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2164 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2165 return -EINVAL; 2166 2167 memset(bcn, 0, sizeof(*bcn)); 2168 2169 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2170 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2171 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2172 if (!bcn->head_len) 2173 return -EINVAL; 2174 haveinfo = true; 2175 } 2176 2177 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2178 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2179 bcn->tail_len = 2180 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2181 haveinfo = true; 2182 } 2183 2184 if (!haveinfo) 2185 return -EINVAL; 2186 2187 if (info->attrs[NL80211_ATTR_IE]) { 2188 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2189 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2190 } 2191 2192 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2193 bcn->proberesp_ies = 2194 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2195 bcn->proberesp_ies_len = 2196 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2197 } 2198 2199 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2200 bcn->assocresp_ies = 2201 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2202 bcn->assocresp_ies_len = 2203 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2204 } 2205 2206 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2207 bcn->probe_resp = 2208 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2209 bcn->probe_resp_len = 2210 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2211 } 2212 2213 return 0; 2214 } 2215 2216 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2217 { 2218 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2219 struct net_device *dev = info->user_ptr[1]; 2220 struct wireless_dev *wdev = dev->ieee80211_ptr; 2221 struct cfg80211_ap_settings params; 2222 int err; 2223 2224 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2225 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2226 return -EOPNOTSUPP; 2227 2228 if (!rdev->ops->start_ap) 2229 return -EOPNOTSUPP; 2230 2231 if (wdev->beacon_interval) 2232 return -EALREADY; 2233 2234 memset(¶ms, 0, sizeof(params)); 2235 2236 /* these are required for START_AP */ 2237 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2238 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2239 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2240 return -EINVAL; 2241 2242 err = nl80211_parse_beacon(info, ¶ms.beacon); 2243 if (err) 2244 return err; 2245 2246 params.beacon_interval = 2247 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2248 params.dtim_period = 2249 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2250 2251 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2252 if (err) 2253 return err; 2254 2255 /* 2256 * In theory, some of these attributes should be required here 2257 * but since they were not used when the command was originally 2258 * added, keep them optional for old user space programs to let 2259 * them continue to work with drivers that do not need the 2260 * additional information -- drivers must check! 2261 */ 2262 if (info->attrs[NL80211_ATTR_SSID]) { 2263 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2264 params.ssid_len = 2265 nla_len(info->attrs[NL80211_ATTR_SSID]); 2266 if (params.ssid_len == 0 || 2267 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2268 return -EINVAL; 2269 } 2270 2271 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2272 params.hidden_ssid = nla_get_u32( 2273 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2274 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2275 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2276 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2277 return -EINVAL; 2278 } 2279 2280 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2281 2282 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2283 params.auth_type = nla_get_u32( 2284 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2285 if (!nl80211_valid_auth_type(params.auth_type)) 2286 return -EINVAL; 2287 } else 2288 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2289 2290 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2291 NL80211_MAX_NR_CIPHER_SUITES); 2292 if (err) 2293 return err; 2294 2295 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2296 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2297 return -EOPNOTSUPP; 2298 params.inactivity_timeout = nla_get_u16( 2299 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2300 } 2301 2302 err = rdev->ops->start_ap(&rdev->wiphy, dev, ¶ms); 2303 if (!err) 2304 wdev->beacon_interval = params.beacon_interval; 2305 return err; 2306 } 2307 2308 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2309 { 2310 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2311 struct net_device *dev = info->user_ptr[1]; 2312 struct wireless_dev *wdev = dev->ieee80211_ptr; 2313 struct cfg80211_beacon_data params; 2314 int err; 2315 2316 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2317 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2318 return -EOPNOTSUPP; 2319 2320 if (!rdev->ops->change_beacon) 2321 return -EOPNOTSUPP; 2322 2323 if (!wdev->beacon_interval) 2324 return -EINVAL; 2325 2326 err = nl80211_parse_beacon(info, ¶ms); 2327 if (err) 2328 return err; 2329 2330 return rdev->ops->change_beacon(&rdev->wiphy, dev, ¶ms); 2331 } 2332 2333 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2334 { 2335 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2336 struct net_device *dev = info->user_ptr[1]; 2337 struct wireless_dev *wdev = dev->ieee80211_ptr; 2338 int err; 2339 2340 if (!rdev->ops->stop_ap) 2341 return -EOPNOTSUPP; 2342 2343 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2344 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2345 return -EOPNOTSUPP; 2346 2347 if (!wdev->beacon_interval) 2348 return -ENOENT; 2349 2350 err = rdev->ops->stop_ap(&rdev->wiphy, dev); 2351 if (!err) 2352 wdev->beacon_interval = 0; 2353 return err; 2354 } 2355 2356 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2357 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2358 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2359 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2360 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2361 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2362 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2363 }; 2364 2365 static int parse_station_flags(struct genl_info *info, 2366 enum nl80211_iftype iftype, 2367 struct station_parameters *params) 2368 { 2369 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2370 struct nlattr *nla; 2371 int flag; 2372 2373 /* 2374 * Try parsing the new attribute first so userspace 2375 * can specify both for older kernels. 2376 */ 2377 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2378 if (nla) { 2379 struct nl80211_sta_flag_update *sta_flags; 2380 2381 sta_flags = nla_data(nla); 2382 params->sta_flags_mask = sta_flags->mask; 2383 params->sta_flags_set = sta_flags->set; 2384 if ((params->sta_flags_mask | 2385 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2386 return -EINVAL; 2387 return 0; 2388 } 2389 2390 /* if present, parse the old attribute */ 2391 2392 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2393 if (!nla) 2394 return 0; 2395 2396 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2397 nla, sta_flags_policy)) 2398 return -EINVAL; 2399 2400 /* 2401 * Only allow certain flags for interface types so that 2402 * other attributes are silently ignored. Remember that 2403 * this is backward compatibility code with old userspace 2404 * and shouldn't be hit in other cases anyway. 2405 */ 2406 switch (iftype) { 2407 case NL80211_IFTYPE_AP: 2408 case NL80211_IFTYPE_AP_VLAN: 2409 case NL80211_IFTYPE_P2P_GO: 2410 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2411 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2412 BIT(NL80211_STA_FLAG_WME) | 2413 BIT(NL80211_STA_FLAG_MFP); 2414 break; 2415 case NL80211_IFTYPE_P2P_CLIENT: 2416 case NL80211_IFTYPE_STATION: 2417 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2418 BIT(NL80211_STA_FLAG_TDLS_PEER); 2419 break; 2420 case NL80211_IFTYPE_MESH_POINT: 2421 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2422 BIT(NL80211_STA_FLAG_MFP) | 2423 BIT(NL80211_STA_FLAG_AUTHORIZED); 2424 default: 2425 return -EINVAL; 2426 } 2427 2428 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 2429 if (flags[flag]) { 2430 params->sta_flags_set |= (1<<flag); 2431 2432 /* no longer support new API additions in old API */ 2433 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 2434 return -EINVAL; 2435 } 2436 } 2437 2438 return 0; 2439 } 2440 2441 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 2442 int attr) 2443 { 2444 struct nlattr *rate; 2445 u16 bitrate; 2446 2447 rate = nla_nest_start(msg, attr); 2448 if (!rate) 2449 goto nla_put_failure; 2450 2451 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2452 bitrate = cfg80211_calculate_bitrate(info); 2453 if ((bitrate > 0 && 2454 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate)) || 2455 ((info->flags & RATE_INFO_FLAGS_MCS) && 2456 nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) || 2457 ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) && 2458 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) || 2459 ((info->flags & RATE_INFO_FLAGS_SHORT_GI) && 2460 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))) 2461 goto nla_put_failure; 2462 2463 nla_nest_end(msg, rate); 2464 return true; 2465 2466 nla_put_failure: 2467 return false; 2468 } 2469 2470 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 2471 int flags, 2472 struct cfg80211_registered_device *rdev, 2473 struct net_device *dev, 2474 const u8 *mac_addr, struct station_info *sinfo) 2475 { 2476 void *hdr; 2477 struct nlattr *sinfoattr, *bss_param; 2478 2479 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2480 if (!hdr) 2481 return -1; 2482 2483 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2484 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 2485 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 2486 goto nla_put_failure; 2487 2488 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2489 if (!sinfoattr) 2490 goto nla_put_failure; 2491 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 2492 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2493 sinfo->connected_time)) 2494 goto nla_put_failure; 2495 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 2496 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2497 sinfo->inactive_time)) 2498 goto nla_put_failure; 2499 if ((sinfo->filled & STATION_INFO_RX_BYTES) && 2500 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 2501 sinfo->rx_bytes)) 2502 goto nla_put_failure; 2503 if ((sinfo->filled & STATION_INFO_TX_BYTES) && 2504 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 2505 sinfo->tx_bytes)) 2506 goto nla_put_failure; 2507 if ((sinfo->filled & STATION_INFO_LLID) && 2508 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 2509 goto nla_put_failure; 2510 if ((sinfo->filled & STATION_INFO_PLID) && 2511 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 2512 goto nla_put_failure; 2513 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 2514 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 2515 sinfo->plink_state)) 2516 goto nla_put_failure; 2517 switch (rdev->wiphy.signal_type) { 2518 case CFG80211_SIGNAL_TYPE_MBM: 2519 if ((sinfo->filled & STATION_INFO_SIGNAL) && 2520 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 2521 sinfo->signal)) 2522 goto nla_put_failure; 2523 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 2524 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2525 sinfo->signal_avg)) 2526 goto nla_put_failure; 2527 break; 2528 default: 2529 break; 2530 } 2531 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 2532 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 2533 NL80211_STA_INFO_TX_BITRATE)) 2534 goto nla_put_failure; 2535 } 2536 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 2537 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 2538 NL80211_STA_INFO_RX_BITRATE)) 2539 goto nla_put_failure; 2540 } 2541 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 2542 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 2543 sinfo->rx_packets)) 2544 goto nla_put_failure; 2545 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 2546 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 2547 sinfo->tx_packets)) 2548 goto nla_put_failure; 2549 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 2550 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 2551 sinfo->tx_retries)) 2552 goto nla_put_failure; 2553 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 2554 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 2555 sinfo->tx_failed)) 2556 goto nla_put_failure; 2557 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 2558 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 2559 sinfo->beacon_loss_count)) 2560 goto nla_put_failure; 2561 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 2562 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 2563 if (!bss_param) 2564 goto nla_put_failure; 2565 2566 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 2567 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 2568 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 2569 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 2570 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 2571 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 2572 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 2573 sinfo->bss_param.dtim_period) || 2574 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 2575 sinfo->bss_param.beacon_interval)) 2576 goto nla_put_failure; 2577 2578 nla_nest_end(msg, bss_param); 2579 } 2580 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 2581 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 2582 sizeof(struct nl80211_sta_flag_update), 2583 &sinfo->sta_flags)) 2584 goto nla_put_failure; 2585 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 2586 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 2587 sinfo->t_offset)) 2588 goto nla_put_failure; 2589 nla_nest_end(msg, sinfoattr); 2590 2591 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 2592 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 2593 sinfo->assoc_req_ies)) 2594 goto nla_put_failure; 2595 2596 return genlmsg_end(msg, hdr); 2597 2598 nla_put_failure: 2599 genlmsg_cancel(msg, hdr); 2600 return -EMSGSIZE; 2601 } 2602 2603 static int nl80211_dump_station(struct sk_buff *skb, 2604 struct netlink_callback *cb) 2605 { 2606 struct station_info sinfo; 2607 struct cfg80211_registered_device *dev; 2608 struct net_device *netdev; 2609 u8 mac_addr[ETH_ALEN]; 2610 int sta_idx = cb->args[1]; 2611 int err; 2612 2613 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2614 if (err) 2615 return err; 2616 2617 if (!dev->ops->dump_station) { 2618 err = -EOPNOTSUPP; 2619 goto out_err; 2620 } 2621 2622 while (1) { 2623 memset(&sinfo, 0, sizeof(sinfo)); 2624 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 2625 mac_addr, &sinfo); 2626 if (err == -ENOENT) 2627 break; 2628 if (err) 2629 goto out_err; 2630 2631 if (nl80211_send_station(skb, 2632 NETLINK_CB(cb->skb).pid, 2633 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2634 dev, netdev, mac_addr, 2635 &sinfo) < 0) 2636 goto out; 2637 2638 sta_idx++; 2639 } 2640 2641 2642 out: 2643 cb->args[1] = sta_idx; 2644 err = skb->len; 2645 out_err: 2646 nl80211_finish_netdev_dump(dev); 2647 2648 return err; 2649 } 2650 2651 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 2652 { 2653 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2654 struct net_device *dev = info->user_ptr[1]; 2655 struct station_info sinfo; 2656 struct sk_buff *msg; 2657 u8 *mac_addr = NULL; 2658 int err; 2659 2660 memset(&sinfo, 0, sizeof(sinfo)); 2661 2662 if (!info->attrs[NL80211_ATTR_MAC]) 2663 return -EINVAL; 2664 2665 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2666 2667 if (!rdev->ops->get_station) 2668 return -EOPNOTSUPP; 2669 2670 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 2671 if (err) 2672 return err; 2673 2674 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2675 if (!msg) 2676 return -ENOMEM; 2677 2678 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 2679 rdev, dev, mac_addr, &sinfo) < 0) { 2680 nlmsg_free(msg); 2681 return -ENOBUFS; 2682 } 2683 2684 return genlmsg_reply(msg, info); 2685 } 2686 2687 /* 2688 * Get vlan interface making sure it is running and on the right wiphy. 2689 */ 2690 static struct net_device *get_vlan(struct genl_info *info, 2691 struct cfg80211_registered_device *rdev) 2692 { 2693 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 2694 struct net_device *v; 2695 int ret; 2696 2697 if (!vlanattr) 2698 return NULL; 2699 2700 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 2701 if (!v) 2702 return ERR_PTR(-ENODEV); 2703 2704 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 2705 ret = -EINVAL; 2706 goto error; 2707 } 2708 2709 if (!netif_running(v)) { 2710 ret = -ENETDOWN; 2711 goto error; 2712 } 2713 2714 return v; 2715 error: 2716 dev_put(v); 2717 return ERR_PTR(ret); 2718 } 2719 2720 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 2721 { 2722 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2723 int err; 2724 struct net_device *dev = info->user_ptr[1]; 2725 struct station_parameters params; 2726 u8 *mac_addr = NULL; 2727 2728 memset(¶ms, 0, sizeof(params)); 2729 2730 params.listen_interval = -1; 2731 params.plink_state = -1; 2732 2733 if (info->attrs[NL80211_ATTR_STA_AID]) 2734 return -EINVAL; 2735 2736 if (!info->attrs[NL80211_ATTR_MAC]) 2737 return -EINVAL; 2738 2739 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2740 2741 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2742 params.supported_rates = 2743 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2744 params.supported_rates_len = 2745 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2746 } 2747 2748 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2749 params.listen_interval = 2750 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2751 2752 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2753 params.ht_capa = 2754 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2755 2756 if (!rdev->ops->change_station) 2757 return -EOPNOTSUPP; 2758 2759 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2760 return -EINVAL; 2761 2762 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2763 params.plink_action = 2764 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2765 2766 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 2767 params.plink_state = 2768 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 2769 2770 switch (dev->ieee80211_ptr->iftype) { 2771 case NL80211_IFTYPE_AP: 2772 case NL80211_IFTYPE_AP_VLAN: 2773 case NL80211_IFTYPE_P2P_GO: 2774 /* disallow mesh-specific things */ 2775 if (params.plink_action) 2776 return -EINVAL; 2777 2778 /* TDLS can't be set, ... */ 2779 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2780 return -EINVAL; 2781 /* 2782 * ... but don't bother the driver with it. This works around 2783 * a hostapd/wpa_supplicant issue -- it always includes the 2784 * TLDS_PEER flag in the mask even for AP mode. 2785 */ 2786 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2787 2788 /* accept only the listed bits */ 2789 if (params.sta_flags_mask & 2790 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 2791 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2792 BIT(NL80211_STA_FLAG_WME) | 2793 BIT(NL80211_STA_FLAG_MFP))) 2794 return -EINVAL; 2795 2796 /* must be last in here for error handling */ 2797 params.vlan = get_vlan(info, rdev); 2798 if (IS_ERR(params.vlan)) 2799 return PTR_ERR(params.vlan); 2800 break; 2801 case NL80211_IFTYPE_P2P_CLIENT: 2802 case NL80211_IFTYPE_STATION: 2803 /* 2804 * Don't allow userspace to change the TDLS_PEER flag, 2805 * but silently ignore attempts to change it since we 2806 * don't have state here to verify that it doesn't try 2807 * to change the flag. 2808 */ 2809 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2810 /* fall through */ 2811 case NL80211_IFTYPE_ADHOC: 2812 /* disallow things sta doesn't support */ 2813 if (params.plink_action) 2814 return -EINVAL; 2815 if (params.ht_capa) 2816 return -EINVAL; 2817 if (params.listen_interval >= 0) 2818 return -EINVAL; 2819 /* reject any changes other than AUTHORIZED */ 2820 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2821 return -EINVAL; 2822 break; 2823 case NL80211_IFTYPE_MESH_POINT: 2824 /* disallow things mesh doesn't support */ 2825 if (params.vlan) 2826 return -EINVAL; 2827 if (params.ht_capa) 2828 return -EINVAL; 2829 if (params.listen_interval >= 0) 2830 return -EINVAL; 2831 /* 2832 * No special handling for TDLS here -- the userspace 2833 * mesh code doesn't have this bug. 2834 */ 2835 if (params.sta_flags_mask & 2836 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2837 BIT(NL80211_STA_FLAG_MFP) | 2838 BIT(NL80211_STA_FLAG_AUTHORIZED))) 2839 return -EINVAL; 2840 break; 2841 default: 2842 return -EOPNOTSUPP; 2843 } 2844 2845 /* be aware of params.vlan when changing code here */ 2846 2847 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2848 2849 if (params.vlan) 2850 dev_put(params.vlan); 2851 2852 return err; 2853 } 2854 2855 static struct nla_policy 2856 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 2857 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 2858 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 2859 }; 2860 2861 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2862 { 2863 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2864 int err; 2865 struct net_device *dev = info->user_ptr[1]; 2866 struct station_parameters params; 2867 u8 *mac_addr = NULL; 2868 2869 memset(¶ms, 0, sizeof(params)); 2870 2871 if (!info->attrs[NL80211_ATTR_MAC]) 2872 return -EINVAL; 2873 2874 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2875 return -EINVAL; 2876 2877 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2878 return -EINVAL; 2879 2880 if (!info->attrs[NL80211_ATTR_STA_AID]) 2881 return -EINVAL; 2882 2883 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2884 params.supported_rates = 2885 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2886 params.supported_rates_len = 2887 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2888 params.listen_interval = 2889 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2890 2891 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2892 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2893 return -EINVAL; 2894 2895 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2896 params.ht_capa = 2897 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2898 2899 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2900 params.plink_action = 2901 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2902 2903 if (!rdev->ops->add_station) 2904 return -EOPNOTSUPP; 2905 2906 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2907 return -EINVAL; 2908 2909 switch (dev->ieee80211_ptr->iftype) { 2910 case NL80211_IFTYPE_AP: 2911 case NL80211_IFTYPE_AP_VLAN: 2912 case NL80211_IFTYPE_P2P_GO: 2913 /* parse WME attributes if sta is WME capable */ 2914 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2915 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 2916 info->attrs[NL80211_ATTR_STA_WME]) { 2917 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 2918 struct nlattr *nla; 2919 2920 nla = info->attrs[NL80211_ATTR_STA_WME]; 2921 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 2922 nl80211_sta_wme_policy); 2923 if (err) 2924 return err; 2925 2926 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 2927 params.uapsd_queues = 2928 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 2929 if (params.uapsd_queues & 2930 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 2931 return -EINVAL; 2932 2933 if (tb[NL80211_STA_WME_MAX_SP]) 2934 params.max_sp = 2935 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 2936 2937 if (params.max_sp & 2938 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 2939 return -EINVAL; 2940 2941 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 2942 } 2943 /* TDLS peers cannot be added */ 2944 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2945 return -EINVAL; 2946 /* but don't bother the driver with it */ 2947 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2948 2949 /* must be last in here for error handling */ 2950 params.vlan = get_vlan(info, rdev); 2951 if (IS_ERR(params.vlan)) 2952 return PTR_ERR(params.vlan); 2953 break; 2954 case NL80211_IFTYPE_MESH_POINT: 2955 /* TDLS peers cannot be added */ 2956 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2957 return -EINVAL; 2958 break; 2959 case NL80211_IFTYPE_STATION: 2960 /* Only TDLS peers can be added */ 2961 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 2962 return -EINVAL; 2963 /* Can only add if TDLS ... */ 2964 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 2965 return -EOPNOTSUPP; 2966 /* ... with external setup is supported */ 2967 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 2968 return -EOPNOTSUPP; 2969 break; 2970 default: 2971 return -EOPNOTSUPP; 2972 } 2973 2974 /* be aware of params.vlan when changing code here */ 2975 2976 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2977 2978 if (params.vlan) 2979 dev_put(params.vlan); 2980 return err; 2981 } 2982 2983 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2984 { 2985 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2986 struct net_device *dev = info->user_ptr[1]; 2987 u8 *mac_addr = NULL; 2988 2989 if (info->attrs[NL80211_ATTR_MAC]) 2990 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2991 2992 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2993 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2994 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 2995 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2996 return -EINVAL; 2997 2998 if (!rdev->ops->del_station) 2999 return -EOPNOTSUPP; 3000 3001 return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 3002 } 3003 3004 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 3005 int flags, struct net_device *dev, 3006 u8 *dst, u8 *next_hop, 3007 struct mpath_info *pinfo) 3008 { 3009 void *hdr; 3010 struct nlattr *pinfoattr; 3011 3012 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 3013 if (!hdr) 3014 return -1; 3015 3016 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3017 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 3018 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 3019 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 3020 goto nla_put_failure; 3021 3022 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 3023 if (!pinfoattr) 3024 goto nla_put_failure; 3025 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 3026 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 3027 pinfo->frame_qlen)) 3028 goto nla_put_failure; 3029 if (((pinfo->filled & MPATH_INFO_SN) && 3030 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 3031 ((pinfo->filled & MPATH_INFO_METRIC) && 3032 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 3033 pinfo->metric)) || 3034 ((pinfo->filled & MPATH_INFO_EXPTIME) && 3035 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 3036 pinfo->exptime)) || 3037 ((pinfo->filled & MPATH_INFO_FLAGS) && 3038 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 3039 pinfo->flags)) || 3040 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 3041 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 3042 pinfo->discovery_timeout)) || 3043 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 3044 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 3045 pinfo->discovery_retries))) 3046 goto nla_put_failure; 3047 3048 nla_nest_end(msg, pinfoattr); 3049 3050 return genlmsg_end(msg, hdr); 3051 3052 nla_put_failure: 3053 genlmsg_cancel(msg, hdr); 3054 return -EMSGSIZE; 3055 } 3056 3057 static int nl80211_dump_mpath(struct sk_buff *skb, 3058 struct netlink_callback *cb) 3059 { 3060 struct mpath_info pinfo; 3061 struct cfg80211_registered_device *dev; 3062 struct net_device *netdev; 3063 u8 dst[ETH_ALEN]; 3064 u8 next_hop[ETH_ALEN]; 3065 int path_idx = cb->args[1]; 3066 int err; 3067 3068 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3069 if (err) 3070 return err; 3071 3072 if (!dev->ops->dump_mpath) { 3073 err = -EOPNOTSUPP; 3074 goto out_err; 3075 } 3076 3077 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 3078 err = -EOPNOTSUPP; 3079 goto out_err; 3080 } 3081 3082 while (1) { 3083 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 3084 dst, next_hop, &pinfo); 3085 if (err == -ENOENT) 3086 break; 3087 if (err) 3088 goto out_err; 3089 3090 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 3091 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3092 netdev, dst, next_hop, 3093 &pinfo) < 0) 3094 goto out; 3095 3096 path_idx++; 3097 } 3098 3099 3100 out: 3101 cb->args[1] = path_idx; 3102 err = skb->len; 3103 out_err: 3104 nl80211_finish_netdev_dump(dev); 3105 return err; 3106 } 3107 3108 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3109 { 3110 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3111 int err; 3112 struct net_device *dev = info->user_ptr[1]; 3113 struct mpath_info pinfo; 3114 struct sk_buff *msg; 3115 u8 *dst = NULL; 3116 u8 next_hop[ETH_ALEN]; 3117 3118 memset(&pinfo, 0, sizeof(pinfo)); 3119 3120 if (!info->attrs[NL80211_ATTR_MAC]) 3121 return -EINVAL; 3122 3123 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3124 3125 if (!rdev->ops->get_mpath) 3126 return -EOPNOTSUPP; 3127 3128 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3129 return -EOPNOTSUPP; 3130 3131 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 3132 if (err) 3133 return err; 3134 3135 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3136 if (!msg) 3137 return -ENOMEM; 3138 3139 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 3140 dev, dst, next_hop, &pinfo) < 0) { 3141 nlmsg_free(msg); 3142 return -ENOBUFS; 3143 } 3144 3145 return genlmsg_reply(msg, info); 3146 } 3147 3148 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3149 { 3150 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3151 struct net_device *dev = info->user_ptr[1]; 3152 u8 *dst = NULL; 3153 u8 *next_hop = NULL; 3154 3155 if (!info->attrs[NL80211_ATTR_MAC]) 3156 return -EINVAL; 3157 3158 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3159 return -EINVAL; 3160 3161 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3162 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3163 3164 if (!rdev->ops->change_mpath) 3165 return -EOPNOTSUPP; 3166 3167 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3168 return -EOPNOTSUPP; 3169 3170 return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 3171 } 3172 3173 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3174 { 3175 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3176 struct net_device *dev = info->user_ptr[1]; 3177 u8 *dst = NULL; 3178 u8 *next_hop = NULL; 3179 3180 if (!info->attrs[NL80211_ATTR_MAC]) 3181 return -EINVAL; 3182 3183 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3184 return -EINVAL; 3185 3186 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3187 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3188 3189 if (!rdev->ops->add_mpath) 3190 return -EOPNOTSUPP; 3191 3192 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3193 return -EOPNOTSUPP; 3194 3195 return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 3196 } 3197 3198 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3199 { 3200 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3201 struct net_device *dev = info->user_ptr[1]; 3202 u8 *dst = NULL; 3203 3204 if (info->attrs[NL80211_ATTR_MAC]) 3205 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3206 3207 if (!rdev->ops->del_mpath) 3208 return -EOPNOTSUPP; 3209 3210 return rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 3211 } 3212 3213 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3214 { 3215 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3216 struct net_device *dev = info->user_ptr[1]; 3217 struct bss_parameters params; 3218 3219 memset(¶ms, 0, sizeof(params)); 3220 /* default to not changing parameters */ 3221 params.use_cts_prot = -1; 3222 params.use_short_preamble = -1; 3223 params.use_short_slot_time = -1; 3224 params.ap_isolate = -1; 3225 params.ht_opmode = -1; 3226 3227 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 3228 params.use_cts_prot = 3229 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 3230 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 3231 params.use_short_preamble = 3232 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 3233 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 3234 params.use_short_slot_time = 3235 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 3236 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3237 params.basic_rates = 3238 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3239 params.basic_rates_len = 3240 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3241 } 3242 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 3243 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 3244 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 3245 params.ht_opmode = 3246 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 3247 3248 if (!rdev->ops->change_bss) 3249 return -EOPNOTSUPP; 3250 3251 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3252 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3253 return -EOPNOTSUPP; 3254 3255 return rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 3256 } 3257 3258 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 3259 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3260 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3261 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3262 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3263 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3264 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3265 }; 3266 3267 static int parse_reg_rule(struct nlattr *tb[], 3268 struct ieee80211_reg_rule *reg_rule) 3269 { 3270 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 3271 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 3272 3273 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 3274 return -EINVAL; 3275 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 3276 return -EINVAL; 3277 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 3278 return -EINVAL; 3279 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 3280 return -EINVAL; 3281 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 3282 return -EINVAL; 3283 3284 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 3285 3286 freq_range->start_freq_khz = 3287 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 3288 freq_range->end_freq_khz = 3289 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 3290 freq_range->max_bandwidth_khz = 3291 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 3292 3293 power_rule->max_eirp = 3294 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 3295 3296 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 3297 power_rule->max_antenna_gain = 3298 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 3299 3300 return 0; 3301 } 3302 3303 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 3304 { 3305 int r; 3306 char *data = NULL; 3307 3308 /* 3309 * You should only get this when cfg80211 hasn't yet initialized 3310 * completely when built-in to the kernel right between the time 3311 * window between nl80211_init() and regulatory_init(), if that is 3312 * even possible. 3313 */ 3314 mutex_lock(&cfg80211_mutex); 3315 if (unlikely(!cfg80211_regdomain)) { 3316 mutex_unlock(&cfg80211_mutex); 3317 return -EINPROGRESS; 3318 } 3319 mutex_unlock(&cfg80211_mutex); 3320 3321 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3322 return -EINVAL; 3323 3324 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3325 3326 r = regulatory_hint_user(data); 3327 3328 return r; 3329 } 3330 3331 static int nl80211_get_mesh_config(struct sk_buff *skb, 3332 struct genl_info *info) 3333 { 3334 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3335 struct net_device *dev = info->user_ptr[1]; 3336 struct wireless_dev *wdev = dev->ieee80211_ptr; 3337 struct mesh_config cur_params; 3338 int err = 0; 3339 void *hdr; 3340 struct nlattr *pinfoattr; 3341 struct sk_buff *msg; 3342 3343 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3344 return -EOPNOTSUPP; 3345 3346 if (!rdev->ops->get_mesh_config) 3347 return -EOPNOTSUPP; 3348 3349 wdev_lock(wdev); 3350 /* If not connected, get default parameters */ 3351 if (!wdev->mesh_id_len) 3352 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 3353 else 3354 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev, 3355 &cur_params); 3356 wdev_unlock(wdev); 3357 3358 if (err) 3359 return err; 3360 3361 /* Draw up a netlink message to send back */ 3362 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3363 if (!msg) 3364 return -ENOMEM; 3365 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3366 NL80211_CMD_GET_MESH_CONFIG); 3367 if (!hdr) 3368 goto out; 3369 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3370 if (!pinfoattr) 3371 goto nla_put_failure; 3372 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3373 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3374 cur_params.dot11MeshRetryTimeout) || 3375 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3376 cur_params.dot11MeshConfirmTimeout) || 3377 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3378 cur_params.dot11MeshHoldingTimeout) || 3379 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3380 cur_params.dot11MeshMaxPeerLinks) || 3381 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 3382 cur_params.dot11MeshMaxRetries) || 3383 nla_put_u8(msg, NL80211_MESHCONF_TTL, 3384 cur_params.dot11MeshTTL) || 3385 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3386 cur_params.element_ttl) || 3387 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3388 cur_params.auto_open_plinks) || 3389 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3390 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 3391 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3392 cur_params.dot11MeshHWMPmaxPREQretries) || 3393 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3394 cur_params.path_refresh_time) || 3395 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3396 cur_params.min_discovery_timeout) || 3397 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3398 cur_params.dot11MeshHWMPactivePathTimeout) || 3399 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3400 cur_params.dot11MeshHWMPpreqMinInterval) || 3401 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3402 cur_params.dot11MeshHWMPperrMinInterval) || 3403 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3404 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 3405 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3406 cur_params.dot11MeshHWMPRootMode) || 3407 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3408 cur_params.dot11MeshHWMPRannInterval) || 3409 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3410 cur_params.dot11MeshGateAnnouncementProtocol) || 3411 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 3412 cur_params.dot11MeshForwarding) || 3413 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3414 cur_params.rssi_threshold) || 3415 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 3416 cur_params.ht_opmode)) 3417 goto nla_put_failure; 3418 nla_nest_end(msg, pinfoattr); 3419 genlmsg_end(msg, hdr); 3420 return genlmsg_reply(msg, info); 3421 3422 nla_put_failure: 3423 genlmsg_cancel(msg, hdr); 3424 out: 3425 nlmsg_free(msg); 3426 return -ENOBUFS; 3427 } 3428 3429 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 3430 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 3431 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 3432 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 3433 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 3434 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 3435 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 3436 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 3437 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 3438 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 3439 3440 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 3441 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 3442 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 3443 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 3444 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 3445 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 3446 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 3447 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 3448 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 3449 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 3450 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 3451 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32}, 3452 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16}, 3453 }; 3454 3455 static const struct nla_policy 3456 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 3457 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 3458 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 3459 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 3460 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 3461 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 3462 .len = IEEE80211_MAX_DATA_LEN }, 3463 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 3464 }; 3465 3466 static int nl80211_parse_mesh_config(struct genl_info *info, 3467 struct mesh_config *cfg, 3468 u32 *mask_out) 3469 { 3470 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 3471 u32 mask = 0; 3472 3473 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 3474 do {\ 3475 if (table[attr_num]) {\ 3476 cfg->param = nla_fn(table[attr_num]); \ 3477 mask |= (1 << (attr_num - 1)); \ 3478 } \ 3479 } while (0);\ 3480 3481 3482 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 3483 return -EINVAL; 3484 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 3485 info->attrs[NL80211_ATTR_MESH_CONFIG], 3486 nl80211_meshconf_params_policy)) 3487 return -EINVAL; 3488 3489 /* This makes sure that there aren't more than 32 mesh config 3490 * parameters (otherwise our bitfield scheme would not work.) */ 3491 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 3492 3493 /* Fill in the params struct */ 3494 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 3495 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 3496 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 3497 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 3498 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 3499 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 3500 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 3501 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 3502 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 3503 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 3504 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 3505 mask, NL80211_MESHCONF_TTL, nla_get_u8); 3506 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 3507 mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8); 3508 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 3509 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 3510 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 3511 mask, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3512 nla_get_u32); 3513 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 3514 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3515 nla_get_u8); 3516 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 3517 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 3518 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 3519 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3520 nla_get_u16); 3521 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 3522 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3523 nla_get_u32); 3524 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 3525 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3526 nla_get_u16); 3527 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 3528 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3529 nla_get_u16); 3530 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3531 dot11MeshHWMPnetDiameterTraversalTime, 3532 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3533 nla_get_u16); 3534 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3535 dot11MeshHWMPRootMode, mask, 3536 NL80211_MESHCONF_HWMP_ROOTMODE, 3537 nla_get_u8); 3538 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3539 dot11MeshHWMPRannInterval, mask, 3540 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3541 nla_get_u16); 3542 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3543 dot11MeshGateAnnouncementProtocol, mask, 3544 NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3545 nla_get_u8); 3546 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 3547 mask, NL80211_MESHCONF_FORWARDING, nla_get_u8); 3548 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 3549 mask, NL80211_MESHCONF_RSSI_THRESHOLD, nla_get_u32); 3550 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 3551 mask, NL80211_MESHCONF_HT_OPMODE, nla_get_u16); 3552 if (mask_out) 3553 *mask_out = mask; 3554 3555 return 0; 3556 3557 #undef FILL_IN_MESH_PARAM_IF_SET 3558 } 3559 3560 static int nl80211_parse_mesh_setup(struct genl_info *info, 3561 struct mesh_setup *setup) 3562 { 3563 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 3564 3565 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 3566 return -EINVAL; 3567 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 3568 info->attrs[NL80211_ATTR_MESH_SETUP], 3569 nl80211_mesh_setup_params_policy)) 3570 return -EINVAL; 3571 3572 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 3573 setup->sync_method = 3574 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 3575 IEEE80211_SYNC_METHOD_VENDOR : 3576 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 3577 3578 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 3579 setup->path_sel_proto = 3580 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 3581 IEEE80211_PATH_PROTOCOL_VENDOR : 3582 IEEE80211_PATH_PROTOCOL_HWMP; 3583 3584 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 3585 setup->path_metric = 3586 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 3587 IEEE80211_PATH_METRIC_VENDOR : 3588 IEEE80211_PATH_METRIC_AIRTIME; 3589 3590 3591 if (tb[NL80211_MESH_SETUP_IE]) { 3592 struct nlattr *ieattr = 3593 tb[NL80211_MESH_SETUP_IE]; 3594 if (!is_valid_ie_attr(ieattr)) 3595 return -EINVAL; 3596 setup->ie = nla_data(ieattr); 3597 setup->ie_len = nla_len(ieattr); 3598 } 3599 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 3600 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 3601 3602 return 0; 3603 } 3604 3605 static int nl80211_update_mesh_config(struct sk_buff *skb, 3606 struct genl_info *info) 3607 { 3608 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3609 struct net_device *dev = info->user_ptr[1]; 3610 struct wireless_dev *wdev = dev->ieee80211_ptr; 3611 struct mesh_config cfg; 3612 u32 mask; 3613 int err; 3614 3615 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3616 return -EOPNOTSUPP; 3617 3618 if (!rdev->ops->update_mesh_config) 3619 return -EOPNOTSUPP; 3620 3621 err = nl80211_parse_mesh_config(info, &cfg, &mask); 3622 if (err) 3623 return err; 3624 3625 wdev_lock(wdev); 3626 if (!wdev->mesh_id_len) 3627 err = -ENOLINK; 3628 3629 if (!err) 3630 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev, 3631 mask, &cfg); 3632 3633 wdev_unlock(wdev); 3634 3635 return err; 3636 } 3637 3638 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 3639 { 3640 struct sk_buff *msg; 3641 void *hdr = NULL; 3642 struct nlattr *nl_reg_rules; 3643 unsigned int i; 3644 int err = -EINVAL; 3645 3646 mutex_lock(&cfg80211_mutex); 3647 3648 if (!cfg80211_regdomain) 3649 goto out; 3650 3651 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3652 if (!msg) { 3653 err = -ENOBUFS; 3654 goto out; 3655 } 3656 3657 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3658 NL80211_CMD_GET_REG); 3659 if (!hdr) 3660 goto put_failure; 3661 3662 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 3663 cfg80211_regdomain->alpha2) || 3664 (cfg80211_regdomain->dfs_region && 3665 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, 3666 cfg80211_regdomain->dfs_region))) 3667 goto nla_put_failure; 3668 3669 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 3670 if (!nl_reg_rules) 3671 goto nla_put_failure; 3672 3673 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 3674 struct nlattr *nl_reg_rule; 3675 const struct ieee80211_reg_rule *reg_rule; 3676 const struct ieee80211_freq_range *freq_range; 3677 const struct ieee80211_power_rule *power_rule; 3678 3679 reg_rule = &cfg80211_regdomain->reg_rules[i]; 3680 freq_range = ®_rule->freq_range; 3681 power_rule = ®_rule->power_rule; 3682 3683 nl_reg_rule = nla_nest_start(msg, i); 3684 if (!nl_reg_rule) 3685 goto nla_put_failure; 3686 3687 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 3688 reg_rule->flags) || 3689 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 3690 freq_range->start_freq_khz) || 3691 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 3692 freq_range->end_freq_khz) || 3693 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 3694 freq_range->max_bandwidth_khz) || 3695 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 3696 power_rule->max_antenna_gain) || 3697 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 3698 power_rule->max_eirp)) 3699 goto nla_put_failure; 3700 3701 nla_nest_end(msg, nl_reg_rule); 3702 } 3703 3704 nla_nest_end(msg, nl_reg_rules); 3705 3706 genlmsg_end(msg, hdr); 3707 err = genlmsg_reply(msg, info); 3708 goto out; 3709 3710 nla_put_failure: 3711 genlmsg_cancel(msg, hdr); 3712 put_failure: 3713 nlmsg_free(msg); 3714 err = -EMSGSIZE; 3715 out: 3716 mutex_unlock(&cfg80211_mutex); 3717 return err; 3718 } 3719 3720 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 3721 { 3722 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 3723 struct nlattr *nl_reg_rule; 3724 char *alpha2 = NULL; 3725 int rem_reg_rules = 0, r = 0; 3726 u32 num_rules = 0, rule_idx = 0, size_of_regd; 3727 u8 dfs_region = 0; 3728 struct ieee80211_regdomain *rd = NULL; 3729 3730 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3731 return -EINVAL; 3732 3733 if (!info->attrs[NL80211_ATTR_REG_RULES]) 3734 return -EINVAL; 3735 3736 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3737 3738 if (info->attrs[NL80211_ATTR_DFS_REGION]) 3739 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 3740 3741 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3742 rem_reg_rules) { 3743 num_rules++; 3744 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 3745 return -EINVAL; 3746 } 3747 3748 mutex_lock(&cfg80211_mutex); 3749 3750 if (!reg_is_valid_request(alpha2)) { 3751 r = -EINVAL; 3752 goto bad_reg; 3753 } 3754 3755 size_of_regd = sizeof(struct ieee80211_regdomain) + 3756 (num_rules * sizeof(struct ieee80211_reg_rule)); 3757 3758 rd = kzalloc(size_of_regd, GFP_KERNEL); 3759 if (!rd) { 3760 r = -ENOMEM; 3761 goto bad_reg; 3762 } 3763 3764 rd->n_reg_rules = num_rules; 3765 rd->alpha2[0] = alpha2[0]; 3766 rd->alpha2[1] = alpha2[1]; 3767 3768 /* 3769 * Disable DFS master mode if the DFS region was 3770 * not supported or known on this kernel. 3771 */ 3772 if (reg_supported_dfs_region(dfs_region)) 3773 rd->dfs_region = dfs_region; 3774 3775 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3776 rem_reg_rules) { 3777 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 3778 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 3779 reg_rule_policy); 3780 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 3781 if (r) 3782 goto bad_reg; 3783 3784 rule_idx++; 3785 3786 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 3787 r = -EINVAL; 3788 goto bad_reg; 3789 } 3790 } 3791 3792 BUG_ON(rule_idx != num_rules); 3793 3794 r = set_regdom(rd); 3795 3796 mutex_unlock(&cfg80211_mutex); 3797 3798 return r; 3799 3800 bad_reg: 3801 mutex_unlock(&cfg80211_mutex); 3802 kfree(rd); 3803 return r; 3804 } 3805 3806 static int validate_scan_freqs(struct nlattr *freqs) 3807 { 3808 struct nlattr *attr1, *attr2; 3809 int n_channels = 0, tmp1, tmp2; 3810 3811 nla_for_each_nested(attr1, freqs, tmp1) { 3812 n_channels++; 3813 /* 3814 * Some hardware has a limited channel list for 3815 * scanning, and it is pretty much nonsensical 3816 * to scan for a channel twice, so disallow that 3817 * and don't require drivers to check that the 3818 * channel list they get isn't longer than what 3819 * they can scan, as long as they can scan all 3820 * the channels they registered at once. 3821 */ 3822 nla_for_each_nested(attr2, freqs, tmp2) 3823 if (attr1 != attr2 && 3824 nla_get_u32(attr1) == nla_get_u32(attr2)) 3825 return 0; 3826 } 3827 3828 return n_channels; 3829 } 3830 3831 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3832 { 3833 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3834 struct net_device *dev = info->user_ptr[1]; 3835 struct cfg80211_scan_request *request; 3836 struct nlattr *attr; 3837 struct wiphy *wiphy; 3838 int err, tmp, n_ssids = 0, n_channels, i; 3839 size_t ie_len; 3840 3841 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3842 return -EINVAL; 3843 3844 wiphy = &rdev->wiphy; 3845 3846 if (!rdev->ops->scan) 3847 return -EOPNOTSUPP; 3848 3849 if (rdev->scan_req) 3850 return -EBUSY; 3851 3852 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3853 n_channels = validate_scan_freqs( 3854 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3855 if (!n_channels) 3856 return -EINVAL; 3857 } else { 3858 enum ieee80211_band band; 3859 n_channels = 0; 3860 3861 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3862 if (wiphy->bands[band]) 3863 n_channels += wiphy->bands[band]->n_channels; 3864 } 3865 3866 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3867 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3868 n_ssids++; 3869 3870 if (n_ssids > wiphy->max_scan_ssids) 3871 return -EINVAL; 3872 3873 if (info->attrs[NL80211_ATTR_IE]) 3874 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3875 else 3876 ie_len = 0; 3877 3878 if (ie_len > wiphy->max_scan_ie_len) 3879 return -EINVAL; 3880 3881 request = kzalloc(sizeof(*request) 3882 + sizeof(*request->ssids) * n_ssids 3883 + sizeof(*request->channels) * n_channels 3884 + ie_len, GFP_KERNEL); 3885 if (!request) 3886 return -ENOMEM; 3887 3888 if (n_ssids) 3889 request->ssids = (void *)&request->channels[n_channels]; 3890 request->n_ssids = n_ssids; 3891 if (ie_len) { 3892 if (request->ssids) 3893 request->ie = (void *)(request->ssids + n_ssids); 3894 else 3895 request->ie = (void *)(request->channels + n_channels); 3896 } 3897 3898 i = 0; 3899 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3900 /* user specified, bail out if channel not found */ 3901 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3902 struct ieee80211_channel *chan; 3903 3904 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3905 3906 if (!chan) { 3907 err = -EINVAL; 3908 goto out_free; 3909 } 3910 3911 /* ignore disabled channels */ 3912 if (chan->flags & IEEE80211_CHAN_DISABLED) 3913 continue; 3914 3915 request->channels[i] = chan; 3916 i++; 3917 } 3918 } else { 3919 enum ieee80211_band band; 3920 3921 /* all channels */ 3922 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3923 int j; 3924 if (!wiphy->bands[band]) 3925 continue; 3926 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3927 struct ieee80211_channel *chan; 3928 3929 chan = &wiphy->bands[band]->channels[j]; 3930 3931 if (chan->flags & IEEE80211_CHAN_DISABLED) 3932 continue; 3933 3934 request->channels[i] = chan; 3935 i++; 3936 } 3937 } 3938 } 3939 3940 if (!i) { 3941 err = -EINVAL; 3942 goto out_free; 3943 } 3944 3945 request->n_channels = i; 3946 3947 i = 0; 3948 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3949 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3950 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 3951 err = -EINVAL; 3952 goto out_free; 3953 } 3954 request->ssids[i].ssid_len = nla_len(attr); 3955 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3956 i++; 3957 } 3958 } 3959 3960 if (info->attrs[NL80211_ATTR_IE]) { 3961 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3962 memcpy((void *)request->ie, 3963 nla_data(info->attrs[NL80211_ATTR_IE]), 3964 request->ie_len); 3965 } 3966 3967 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 3968 if (wiphy->bands[i]) 3969 request->rates[i] = 3970 (1 << wiphy->bands[i]->n_bitrates) - 1; 3971 3972 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 3973 nla_for_each_nested(attr, 3974 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 3975 tmp) { 3976 enum ieee80211_band band = nla_type(attr); 3977 3978 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 3979 err = -EINVAL; 3980 goto out_free; 3981 } 3982 err = ieee80211_get_ratemask(wiphy->bands[band], 3983 nla_data(attr), 3984 nla_len(attr), 3985 &request->rates[band]); 3986 if (err) 3987 goto out_free; 3988 } 3989 } 3990 3991 request->no_cck = 3992 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 3993 3994 request->dev = dev; 3995 request->wiphy = &rdev->wiphy; 3996 3997 rdev->scan_req = request; 3998 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3999 4000 if (!err) { 4001 nl80211_send_scan_start(rdev, dev); 4002 dev_hold(dev); 4003 } else { 4004 out_free: 4005 rdev->scan_req = NULL; 4006 kfree(request); 4007 } 4008 4009 return err; 4010 } 4011 4012 static int nl80211_start_sched_scan(struct sk_buff *skb, 4013 struct genl_info *info) 4014 { 4015 struct cfg80211_sched_scan_request *request; 4016 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4017 struct net_device *dev = info->user_ptr[1]; 4018 struct nlattr *attr; 4019 struct wiphy *wiphy; 4020 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 4021 u32 interval; 4022 enum ieee80211_band band; 4023 size_t ie_len; 4024 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 4025 4026 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4027 !rdev->ops->sched_scan_start) 4028 return -EOPNOTSUPP; 4029 4030 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4031 return -EINVAL; 4032 4033 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 4034 return -EINVAL; 4035 4036 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 4037 if (interval == 0) 4038 return -EINVAL; 4039 4040 wiphy = &rdev->wiphy; 4041 4042 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4043 n_channels = validate_scan_freqs( 4044 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4045 if (!n_channels) 4046 return -EINVAL; 4047 } else { 4048 n_channels = 0; 4049 4050 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4051 if (wiphy->bands[band]) 4052 n_channels += wiphy->bands[band]->n_channels; 4053 } 4054 4055 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4056 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4057 tmp) 4058 n_ssids++; 4059 4060 if (n_ssids > wiphy->max_sched_scan_ssids) 4061 return -EINVAL; 4062 4063 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 4064 nla_for_each_nested(attr, 4065 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4066 tmp) 4067 n_match_sets++; 4068 4069 if (n_match_sets > wiphy->max_match_sets) 4070 return -EINVAL; 4071 4072 if (info->attrs[NL80211_ATTR_IE]) 4073 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4074 else 4075 ie_len = 0; 4076 4077 if (ie_len > wiphy->max_sched_scan_ie_len) 4078 return -EINVAL; 4079 4080 mutex_lock(&rdev->sched_scan_mtx); 4081 4082 if (rdev->sched_scan_req) { 4083 err = -EINPROGRESS; 4084 goto out; 4085 } 4086 4087 request = kzalloc(sizeof(*request) 4088 + sizeof(*request->ssids) * n_ssids 4089 + sizeof(*request->match_sets) * n_match_sets 4090 + sizeof(*request->channels) * n_channels 4091 + ie_len, GFP_KERNEL); 4092 if (!request) { 4093 err = -ENOMEM; 4094 goto out; 4095 } 4096 4097 if (n_ssids) 4098 request->ssids = (void *)&request->channels[n_channels]; 4099 request->n_ssids = n_ssids; 4100 if (ie_len) { 4101 if (request->ssids) 4102 request->ie = (void *)(request->ssids + n_ssids); 4103 else 4104 request->ie = (void *)(request->channels + n_channels); 4105 } 4106 4107 if (n_match_sets) { 4108 if (request->ie) 4109 request->match_sets = (void *)(request->ie + ie_len); 4110 else if (request->ssids) 4111 request->match_sets = 4112 (void *)(request->ssids + n_ssids); 4113 else 4114 request->match_sets = 4115 (void *)(request->channels + n_channels); 4116 } 4117 request->n_match_sets = n_match_sets; 4118 4119 i = 0; 4120 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4121 /* user specified, bail out if channel not found */ 4122 nla_for_each_nested(attr, 4123 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4124 tmp) { 4125 struct ieee80211_channel *chan; 4126 4127 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4128 4129 if (!chan) { 4130 err = -EINVAL; 4131 goto out_free; 4132 } 4133 4134 /* ignore disabled channels */ 4135 if (chan->flags & IEEE80211_CHAN_DISABLED) 4136 continue; 4137 4138 request->channels[i] = chan; 4139 i++; 4140 } 4141 } else { 4142 /* all channels */ 4143 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4144 int j; 4145 if (!wiphy->bands[band]) 4146 continue; 4147 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4148 struct ieee80211_channel *chan; 4149 4150 chan = &wiphy->bands[band]->channels[j]; 4151 4152 if (chan->flags & IEEE80211_CHAN_DISABLED) 4153 continue; 4154 4155 request->channels[i] = chan; 4156 i++; 4157 } 4158 } 4159 } 4160 4161 if (!i) { 4162 err = -EINVAL; 4163 goto out_free; 4164 } 4165 4166 request->n_channels = i; 4167 4168 i = 0; 4169 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4170 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4171 tmp) { 4172 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4173 err = -EINVAL; 4174 goto out_free; 4175 } 4176 request->ssids[i].ssid_len = nla_len(attr); 4177 memcpy(request->ssids[i].ssid, nla_data(attr), 4178 nla_len(attr)); 4179 i++; 4180 } 4181 } 4182 4183 i = 0; 4184 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 4185 nla_for_each_nested(attr, 4186 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4187 tmp) { 4188 struct nlattr *ssid; 4189 4190 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 4191 nla_data(attr), nla_len(attr), 4192 nl80211_match_policy); 4193 ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID]; 4194 if (ssid) { 4195 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 4196 err = -EINVAL; 4197 goto out_free; 4198 } 4199 memcpy(request->match_sets[i].ssid.ssid, 4200 nla_data(ssid), nla_len(ssid)); 4201 request->match_sets[i].ssid.ssid_len = 4202 nla_len(ssid); 4203 } 4204 i++; 4205 } 4206 } 4207 4208 if (info->attrs[NL80211_ATTR_IE]) { 4209 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4210 memcpy((void *)request->ie, 4211 nla_data(info->attrs[NL80211_ATTR_IE]), 4212 request->ie_len); 4213 } 4214 4215 request->dev = dev; 4216 request->wiphy = &rdev->wiphy; 4217 request->interval = interval; 4218 4219 err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request); 4220 if (!err) { 4221 rdev->sched_scan_req = request; 4222 nl80211_send_sched_scan(rdev, dev, 4223 NL80211_CMD_START_SCHED_SCAN); 4224 goto out; 4225 } 4226 4227 out_free: 4228 kfree(request); 4229 out: 4230 mutex_unlock(&rdev->sched_scan_mtx); 4231 return err; 4232 } 4233 4234 static int nl80211_stop_sched_scan(struct sk_buff *skb, 4235 struct genl_info *info) 4236 { 4237 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4238 int err; 4239 4240 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4241 !rdev->ops->sched_scan_stop) 4242 return -EOPNOTSUPP; 4243 4244 mutex_lock(&rdev->sched_scan_mtx); 4245 err = __cfg80211_stop_sched_scan(rdev, false); 4246 mutex_unlock(&rdev->sched_scan_mtx); 4247 4248 return err; 4249 } 4250 4251 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 4252 u32 seq, int flags, 4253 struct cfg80211_registered_device *rdev, 4254 struct wireless_dev *wdev, 4255 struct cfg80211_internal_bss *intbss) 4256 { 4257 struct cfg80211_bss *res = &intbss->pub; 4258 void *hdr; 4259 struct nlattr *bss; 4260 4261 ASSERT_WDEV_LOCK(wdev); 4262 4263 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags, 4264 NL80211_CMD_NEW_SCAN_RESULTS); 4265 if (!hdr) 4266 return -1; 4267 4268 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4269 4270 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 4271 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 4272 goto nla_put_failure; 4273 4274 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4275 if (!bss) 4276 goto nla_put_failure; 4277 if ((!is_zero_ether_addr(res->bssid) && 4278 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) || 4279 (res->information_elements && res->len_information_elements && 4280 nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4281 res->len_information_elements, 4282 res->information_elements)) || 4283 (res->beacon_ies && res->len_beacon_ies && 4284 res->beacon_ies != res->information_elements && 4285 nla_put(msg, NL80211_BSS_BEACON_IES, 4286 res->len_beacon_ies, res->beacon_ies))) 4287 goto nla_put_failure; 4288 if (res->tsf && 4289 nla_put_u64(msg, NL80211_BSS_TSF, res->tsf)) 4290 goto nla_put_failure; 4291 if (res->beacon_interval && 4292 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 4293 goto nla_put_failure; 4294 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 4295 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 4296 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 4297 jiffies_to_msecs(jiffies - intbss->ts))) 4298 goto nla_put_failure; 4299 4300 switch (rdev->wiphy.signal_type) { 4301 case CFG80211_SIGNAL_TYPE_MBM: 4302 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 4303 goto nla_put_failure; 4304 break; 4305 case CFG80211_SIGNAL_TYPE_UNSPEC: 4306 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 4307 goto nla_put_failure; 4308 break; 4309 default: 4310 break; 4311 } 4312 4313 switch (wdev->iftype) { 4314 case NL80211_IFTYPE_P2P_CLIENT: 4315 case NL80211_IFTYPE_STATION: 4316 if (intbss == wdev->current_bss && 4317 nla_put_u32(msg, NL80211_BSS_STATUS, 4318 NL80211_BSS_STATUS_ASSOCIATED)) 4319 goto nla_put_failure; 4320 break; 4321 case NL80211_IFTYPE_ADHOC: 4322 if (intbss == wdev->current_bss && 4323 nla_put_u32(msg, NL80211_BSS_STATUS, 4324 NL80211_BSS_STATUS_IBSS_JOINED)) 4325 goto nla_put_failure; 4326 break; 4327 default: 4328 break; 4329 } 4330 4331 nla_nest_end(msg, bss); 4332 4333 return genlmsg_end(msg, hdr); 4334 4335 nla_put_failure: 4336 genlmsg_cancel(msg, hdr); 4337 return -EMSGSIZE; 4338 } 4339 4340 static int nl80211_dump_scan(struct sk_buff *skb, 4341 struct netlink_callback *cb) 4342 { 4343 struct cfg80211_registered_device *rdev; 4344 struct net_device *dev; 4345 struct cfg80211_internal_bss *scan; 4346 struct wireless_dev *wdev; 4347 int start = cb->args[1], idx = 0; 4348 int err; 4349 4350 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 4351 if (err) 4352 return err; 4353 4354 wdev = dev->ieee80211_ptr; 4355 4356 wdev_lock(wdev); 4357 spin_lock_bh(&rdev->bss_lock); 4358 cfg80211_bss_expire(rdev); 4359 4360 cb->seq = rdev->bss_generation; 4361 4362 list_for_each_entry(scan, &rdev->bss_list, list) { 4363 if (++idx <= start) 4364 continue; 4365 if (nl80211_send_bss(skb, cb, 4366 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4367 rdev, wdev, scan) < 0) { 4368 idx--; 4369 break; 4370 } 4371 } 4372 4373 spin_unlock_bh(&rdev->bss_lock); 4374 wdev_unlock(wdev); 4375 4376 cb->args[1] = idx; 4377 nl80211_finish_netdev_dump(rdev); 4378 4379 return skb->len; 4380 } 4381 4382 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 4383 int flags, struct net_device *dev, 4384 struct survey_info *survey) 4385 { 4386 void *hdr; 4387 struct nlattr *infoattr; 4388 4389 hdr = nl80211hdr_put(msg, pid, seq, flags, 4390 NL80211_CMD_NEW_SURVEY_RESULTS); 4391 if (!hdr) 4392 return -ENOMEM; 4393 4394 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 4395 goto nla_put_failure; 4396 4397 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4398 if (!infoattr) 4399 goto nla_put_failure; 4400 4401 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4402 survey->channel->center_freq)) 4403 goto nla_put_failure; 4404 4405 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 4406 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 4407 goto nla_put_failure; 4408 if ((survey->filled & SURVEY_INFO_IN_USE) && 4409 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 4410 goto nla_put_failure; 4411 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 4412 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4413 survey->channel_time)) 4414 goto nla_put_failure; 4415 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 4416 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4417 survey->channel_time_busy)) 4418 goto nla_put_failure; 4419 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 4420 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4421 survey->channel_time_ext_busy)) 4422 goto nla_put_failure; 4423 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 4424 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4425 survey->channel_time_rx)) 4426 goto nla_put_failure; 4427 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 4428 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4429 survey->channel_time_tx)) 4430 goto nla_put_failure; 4431 4432 nla_nest_end(msg, infoattr); 4433 4434 return genlmsg_end(msg, hdr); 4435 4436 nla_put_failure: 4437 genlmsg_cancel(msg, hdr); 4438 return -EMSGSIZE; 4439 } 4440 4441 static int nl80211_dump_survey(struct sk_buff *skb, 4442 struct netlink_callback *cb) 4443 { 4444 struct survey_info survey; 4445 struct cfg80211_registered_device *dev; 4446 struct net_device *netdev; 4447 int survey_idx = cb->args[1]; 4448 int res; 4449 4450 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4451 if (res) 4452 return res; 4453 4454 if (!dev->ops->dump_survey) { 4455 res = -EOPNOTSUPP; 4456 goto out_err; 4457 } 4458 4459 while (1) { 4460 struct ieee80211_channel *chan; 4461 4462 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 4463 &survey); 4464 if (res == -ENOENT) 4465 break; 4466 if (res) 4467 goto out_err; 4468 4469 /* Survey without a channel doesn't make sense */ 4470 if (!survey.channel) { 4471 res = -EINVAL; 4472 goto out; 4473 } 4474 4475 chan = ieee80211_get_channel(&dev->wiphy, 4476 survey.channel->center_freq); 4477 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 4478 survey_idx++; 4479 continue; 4480 } 4481 4482 if (nl80211_send_survey(skb, 4483 NETLINK_CB(cb->skb).pid, 4484 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4485 netdev, 4486 &survey) < 0) 4487 goto out; 4488 survey_idx++; 4489 } 4490 4491 out: 4492 cb->args[1] = survey_idx; 4493 res = skb->len; 4494 out_err: 4495 nl80211_finish_netdev_dump(dev); 4496 return res; 4497 } 4498 4499 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 4500 { 4501 return auth_type <= NL80211_AUTHTYPE_MAX; 4502 } 4503 4504 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 4505 { 4506 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 4507 NL80211_WPA_VERSION_2)); 4508 } 4509 4510 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 4511 { 4512 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4513 struct net_device *dev = info->user_ptr[1]; 4514 struct ieee80211_channel *chan; 4515 const u8 *bssid, *ssid, *ie = NULL; 4516 int err, ssid_len, ie_len = 0; 4517 enum nl80211_auth_type auth_type; 4518 struct key_parse key; 4519 bool local_state_change; 4520 4521 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4522 return -EINVAL; 4523 4524 if (!info->attrs[NL80211_ATTR_MAC]) 4525 return -EINVAL; 4526 4527 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 4528 return -EINVAL; 4529 4530 if (!info->attrs[NL80211_ATTR_SSID]) 4531 return -EINVAL; 4532 4533 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4534 return -EINVAL; 4535 4536 err = nl80211_parse_key(info, &key); 4537 if (err) 4538 return err; 4539 4540 if (key.idx >= 0) { 4541 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 4542 return -EINVAL; 4543 if (!key.p.key || !key.p.key_len) 4544 return -EINVAL; 4545 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 4546 key.p.key_len != WLAN_KEY_LEN_WEP40) && 4547 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 4548 key.p.key_len != WLAN_KEY_LEN_WEP104)) 4549 return -EINVAL; 4550 if (key.idx > 4) 4551 return -EINVAL; 4552 } else { 4553 key.p.key_len = 0; 4554 key.p.key = NULL; 4555 } 4556 4557 if (key.idx >= 0) { 4558 int i; 4559 bool ok = false; 4560 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 4561 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 4562 ok = true; 4563 break; 4564 } 4565 } 4566 if (!ok) 4567 return -EINVAL; 4568 } 4569 4570 if (!rdev->ops->auth) 4571 return -EOPNOTSUPP; 4572 4573 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4574 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4575 return -EOPNOTSUPP; 4576 4577 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4578 chan = ieee80211_get_channel(&rdev->wiphy, 4579 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4580 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4581 return -EINVAL; 4582 4583 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4584 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4585 4586 if (info->attrs[NL80211_ATTR_IE]) { 4587 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4588 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4589 } 4590 4591 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4592 if (!nl80211_valid_auth_type(auth_type)) 4593 return -EINVAL; 4594 4595 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4596 4597 /* 4598 * Since we no longer track auth state, ignore 4599 * requests to only change local state. 4600 */ 4601 if (local_state_change) 4602 return 0; 4603 4604 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 4605 ssid, ssid_len, ie, ie_len, 4606 key.p.key, key.p.key_len, key.idx); 4607 } 4608 4609 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 4610 struct genl_info *info, 4611 struct cfg80211_crypto_settings *settings, 4612 int cipher_limit) 4613 { 4614 memset(settings, 0, sizeof(*settings)); 4615 4616 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 4617 4618 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 4619 u16 proto; 4620 proto = nla_get_u16( 4621 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 4622 settings->control_port_ethertype = cpu_to_be16(proto); 4623 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 4624 proto != ETH_P_PAE) 4625 return -EINVAL; 4626 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 4627 settings->control_port_no_encrypt = true; 4628 } else 4629 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 4630 4631 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 4632 void *data; 4633 int len, i; 4634 4635 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4636 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4637 settings->n_ciphers_pairwise = len / sizeof(u32); 4638 4639 if (len % sizeof(u32)) 4640 return -EINVAL; 4641 4642 if (settings->n_ciphers_pairwise > cipher_limit) 4643 return -EINVAL; 4644 4645 memcpy(settings->ciphers_pairwise, data, len); 4646 4647 for (i = 0; i < settings->n_ciphers_pairwise; i++) 4648 if (!cfg80211_supported_cipher_suite( 4649 &rdev->wiphy, 4650 settings->ciphers_pairwise[i])) 4651 return -EINVAL; 4652 } 4653 4654 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 4655 settings->cipher_group = 4656 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 4657 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 4658 settings->cipher_group)) 4659 return -EINVAL; 4660 } 4661 4662 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 4663 settings->wpa_versions = 4664 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 4665 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 4666 return -EINVAL; 4667 } 4668 4669 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 4670 void *data; 4671 int len; 4672 4673 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 4674 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 4675 settings->n_akm_suites = len / sizeof(u32); 4676 4677 if (len % sizeof(u32)) 4678 return -EINVAL; 4679 4680 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 4681 return -EINVAL; 4682 4683 memcpy(settings->akm_suites, data, len); 4684 } 4685 4686 return 0; 4687 } 4688 4689 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 4690 { 4691 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4692 struct net_device *dev = info->user_ptr[1]; 4693 struct cfg80211_crypto_settings crypto; 4694 struct ieee80211_channel *chan; 4695 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 4696 int err, ssid_len, ie_len = 0; 4697 bool use_mfp = false; 4698 u32 flags = 0; 4699 struct ieee80211_ht_cap *ht_capa = NULL; 4700 struct ieee80211_ht_cap *ht_capa_mask = NULL; 4701 4702 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4703 return -EINVAL; 4704 4705 if (!info->attrs[NL80211_ATTR_MAC] || 4706 !info->attrs[NL80211_ATTR_SSID] || 4707 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4708 return -EINVAL; 4709 4710 if (!rdev->ops->assoc) 4711 return -EOPNOTSUPP; 4712 4713 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4714 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4715 return -EOPNOTSUPP; 4716 4717 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4718 4719 chan = ieee80211_get_channel(&rdev->wiphy, 4720 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4721 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4722 return -EINVAL; 4723 4724 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4725 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4726 4727 if (info->attrs[NL80211_ATTR_IE]) { 4728 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4729 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4730 } 4731 4732 if (info->attrs[NL80211_ATTR_USE_MFP]) { 4733 enum nl80211_mfp mfp = 4734 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 4735 if (mfp == NL80211_MFP_REQUIRED) 4736 use_mfp = true; 4737 else if (mfp != NL80211_MFP_NO) 4738 return -EINVAL; 4739 } 4740 4741 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 4742 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 4743 4744 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 4745 flags |= ASSOC_REQ_DISABLE_HT; 4746 4747 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 4748 ht_capa_mask = 4749 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 4750 4751 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 4752 if (!ht_capa_mask) 4753 return -EINVAL; 4754 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 4755 } 4756 4757 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 4758 if (!err) 4759 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 4760 ssid, ssid_len, ie, ie_len, use_mfp, 4761 &crypto, flags, ht_capa, 4762 ht_capa_mask); 4763 4764 return err; 4765 } 4766 4767 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 4768 { 4769 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4770 struct net_device *dev = info->user_ptr[1]; 4771 const u8 *ie = NULL, *bssid; 4772 int ie_len = 0; 4773 u16 reason_code; 4774 bool local_state_change; 4775 4776 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4777 return -EINVAL; 4778 4779 if (!info->attrs[NL80211_ATTR_MAC]) 4780 return -EINVAL; 4781 4782 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4783 return -EINVAL; 4784 4785 if (!rdev->ops->deauth) 4786 return -EOPNOTSUPP; 4787 4788 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4789 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4790 return -EOPNOTSUPP; 4791 4792 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4793 4794 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4795 if (reason_code == 0) { 4796 /* Reason Code 0 is reserved */ 4797 return -EINVAL; 4798 } 4799 4800 if (info->attrs[NL80211_ATTR_IE]) { 4801 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4802 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4803 } 4804 4805 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4806 4807 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 4808 local_state_change); 4809 } 4810 4811 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 4812 { 4813 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4814 struct net_device *dev = info->user_ptr[1]; 4815 const u8 *ie = NULL, *bssid; 4816 int ie_len = 0; 4817 u16 reason_code; 4818 bool local_state_change; 4819 4820 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4821 return -EINVAL; 4822 4823 if (!info->attrs[NL80211_ATTR_MAC]) 4824 return -EINVAL; 4825 4826 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4827 return -EINVAL; 4828 4829 if (!rdev->ops->disassoc) 4830 return -EOPNOTSUPP; 4831 4832 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4833 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4834 return -EOPNOTSUPP; 4835 4836 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4837 4838 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4839 if (reason_code == 0) { 4840 /* Reason Code 0 is reserved */ 4841 return -EINVAL; 4842 } 4843 4844 if (info->attrs[NL80211_ATTR_IE]) { 4845 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4846 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4847 } 4848 4849 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4850 4851 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 4852 local_state_change); 4853 } 4854 4855 static bool 4856 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 4857 int mcast_rate[IEEE80211_NUM_BANDS], 4858 int rateval) 4859 { 4860 struct wiphy *wiphy = &rdev->wiphy; 4861 bool found = false; 4862 int band, i; 4863 4864 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4865 struct ieee80211_supported_band *sband; 4866 4867 sband = wiphy->bands[band]; 4868 if (!sband) 4869 continue; 4870 4871 for (i = 0; i < sband->n_bitrates; i++) { 4872 if (sband->bitrates[i].bitrate == rateval) { 4873 mcast_rate[band] = i + 1; 4874 found = true; 4875 break; 4876 } 4877 } 4878 } 4879 4880 return found; 4881 } 4882 4883 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 4884 { 4885 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4886 struct net_device *dev = info->user_ptr[1]; 4887 struct cfg80211_ibss_params ibss; 4888 struct wiphy *wiphy; 4889 struct cfg80211_cached_keys *connkeys = NULL; 4890 int err; 4891 4892 memset(&ibss, 0, sizeof(ibss)); 4893 4894 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4895 return -EINVAL; 4896 4897 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4898 !info->attrs[NL80211_ATTR_SSID] || 4899 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4900 return -EINVAL; 4901 4902 ibss.beacon_interval = 100; 4903 4904 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 4905 ibss.beacon_interval = 4906 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 4907 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 4908 return -EINVAL; 4909 } 4910 4911 if (!rdev->ops->join_ibss) 4912 return -EOPNOTSUPP; 4913 4914 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 4915 return -EOPNOTSUPP; 4916 4917 wiphy = &rdev->wiphy; 4918 4919 if (info->attrs[NL80211_ATTR_MAC]) { 4920 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4921 4922 if (!is_valid_ether_addr(ibss.bssid)) 4923 return -EINVAL; 4924 } 4925 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4926 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4927 4928 if (info->attrs[NL80211_ATTR_IE]) { 4929 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4930 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4931 } 4932 4933 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4934 enum nl80211_channel_type channel_type; 4935 4936 if (!nl80211_valid_channel_type(info, &channel_type)) 4937 return -EINVAL; 4938 4939 if (channel_type != NL80211_CHAN_NO_HT && 4940 !(wiphy->features & NL80211_FEATURE_HT_IBSS)) 4941 return -EINVAL; 4942 4943 ibss.channel_type = channel_type; 4944 } else { 4945 ibss.channel_type = NL80211_CHAN_NO_HT; 4946 } 4947 4948 ibss.channel = rdev_freq_to_chan(rdev, 4949 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 4950 ibss.channel_type); 4951 if (!ibss.channel || 4952 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 4953 ibss.channel->flags & IEEE80211_CHAN_DISABLED) 4954 return -EINVAL; 4955 4956 /* Both channels should be able to initiate communication */ 4957 if ((ibss.channel_type == NL80211_CHAN_HT40PLUS || 4958 ibss.channel_type == NL80211_CHAN_HT40MINUS) && 4959 !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel, 4960 ibss.channel_type)) 4961 return -EINVAL; 4962 4963 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 4964 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 4965 4966 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 4967 u8 *rates = 4968 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4969 int n_rates = 4970 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4971 struct ieee80211_supported_band *sband = 4972 wiphy->bands[ibss.channel->band]; 4973 4974 err = ieee80211_get_ratemask(sband, rates, n_rates, 4975 &ibss.basic_rates); 4976 if (err) 4977 return err; 4978 } 4979 4980 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 4981 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 4982 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 4983 return -EINVAL; 4984 4985 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4986 connkeys = nl80211_parse_connkeys(rdev, 4987 info->attrs[NL80211_ATTR_KEYS]); 4988 if (IS_ERR(connkeys)) 4989 return PTR_ERR(connkeys); 4990 } 4991 4992 ibss.control_port = 4993 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 4994 4995 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 4996 if (err) 4997 kfree(connkeys); 4998 return err; 4999 } 5000 5001 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 5002 { 5003 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5004 struct net_device *dev = info->user_ptr[1]; 5005 5006 if (!rdev->ops->leave_ibss) 5007 return -EOPNOTSUPP; 5008 5009 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5010 return -EOPNOTSUPP; 5011 5012 return cfg80211_leave_ibss(rdev, dev, false); 5013 } 5014 5015 #ifdef CONFIG_NL80211_TESTMODE 5016 static struct genl_multicast_group nl80211_testmode_mcgrp = { 5017 .name = "testmode", 5018 }; 5019 5020 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 5021 { 5022 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5023 int err; 5024 5025 if (!info->attrs[NL80211_ATTR_TESTDATA]) 5026 return -EINVAL; 5027 5028 err = -EOPNOTSUPP; 5029 if (rdev->ops->testmode_cmd) { 5030 rdev->testmode_info = info; 5031 err = rdev->ops->testmode_cmd(&rdev->wiphy, 5032 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 5033 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 5034 rdev->testmode_info = NULL; 5035 } 5036 5037 return err; 5038 } 5039 5040 static int nl80211_testmode_dump(struct sk_buff *skb, 5041 struct netlink_callback *cb) 5042 { 5043 struct cfg80211_registered_device *rdev; 5044 int err; 5045 long phy_idx; 5046 void *data = NULL; 5047 int data_len = 0; 5048 5049 if (cb->args[0]) { 5050 /* 5051 * 0 is a valid index, but not valid for args[0], 5052 * so we need to offset by 1. 5053 */ 5054 phy_idx = cb->args[0] - 1; 5055 } else { 5056 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 5057 nl80211_fam.attrbuf, nl80211_fam.maxattr, 5058 nl80211_policy); 5059 if (err) 5060 return err; 5061 if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) { 5062 phy_idx = nla_get_u32( 5063 nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]); 5064 } else { 5065 struct net_device *netdev; 5066 5067 err = get_rdev_dev_by_ifindex(sock_net(skb->sk), 5068 nl80211_fam.attrbuf, 5069 &rdev, &netdev); 5070 if (err) 5071 return err; 5072 dev_put(netdev); 5073 phy_idx = rdev->wiphy_idx; 5074 cfg80211_unlock_rdev(rdev); 5075 } 5076 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 5077 cb->args[1] = 5078 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 5079 } 5080 5081 if (cb->args[1]) { 5082 data = nla_data((void *)cb->args[1]); 5083 data_len = nla_len((void *)cb->args[1]); 5084 } 5085 5086 mutex_lock(&cfg80211_mutex); 5087 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 5088 if (!rdev) { 5089 mutex_unlock(&cfg80211_mutex); 5090 return -ENOENT; 5091 } 5092 cfg80211_lock_rdev(rdev); 5093 mutex_unlock(&cfg80211_mutex); 5094 5095 if (!rdev->ops->testmode_dump) { 5096 err = -EOPNOTSUPP; 5097 goto out_err; 5098 } 5099 5100 while (1) { 5101 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid, 5102 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5103 NL80211_CMD_TESTMODE); 5104 struct nlattr *tmdata; 5105 5106 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 5107 genlmsg_cancel(skb, hdr); 5108 break; 5109 } 5110 5111 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5112 if (!tmdata) { 5113 genlmsg_cancel(skb, hdr); 5114 break; 5115 } 5116 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb, 5117 data, data_len); 5118 nla_nest_end(skb, tmdata); 5119 5120 if (err == -ENOBUFS || err == -ENOENT) { 5121 genlmsg_cancel(skb, hdr); 5122 break; 5123 } else if (err) { 5124 genlmsg_cancel(skb, hdr); 5125 goto out_err; 5126 } 5127 5128 genlmsg_end(skb, hdr); 5129 } 5130 5131 err = skb->len; 5132 /* see above */ 5133 cb->args[0] = phy_idx + 1; 5134 out_err: 5135 cfg80211_unlock_rdev(rdev); 5136 return err; 5137 } 5138 5139 static struct sk_buff * 5140 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 5141 int approxlen, u32 pid, u32 seq, gfp_t gfp) 5142 { 5143 struct sk_buff *skb; 5144 void *hdr; 5145 struct nlattr *data; 5146 5147 skb = nlmsg_new(approxlen + 100, gfp); 5148 if (!skb) 5149 return NULL; 5150 5151 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 5152 if (!hdr) { 5153 kfree_skb(skb); 5154 return NULL; 5155 } 5156 5157 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 5158 goto nla_put_failure; 5159 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5160 5161 ((void **)skb->cb)[0] = rdev; 5162 ((void **)skb->cb)[1] = hdr; 5163 ((void **)skb->cb)[2] = data; 5164 5165 return skb; 5166 5167 nla_put_failure: 5168 kfree_skb(skb); 5169 return NULL; 5170 } 5171 5172 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 5173 int approxlen) 5174 { 5175 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5176 5177 if (WARN_ON(!rdev->testmode_info)) 5178 return NULL; 5179 5180 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 5181 rdev->testmode_info->snd_pid, 5182 rdev->testmode_info->snd_seq, 5183 GFP_KERNEL); 5184 } 5185 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 5186 5187 int cfg80211_testmode_reply(struct sk_buff *skb) 5188 { 5189 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 5190 void *hdr = ((void **)skb->cb)[1]; 5191 struct nlattr *data = ((void **)skb->cb)[2]; 5192 5193 if (WARN_ON(!rdev->testmode_info)) { 5194 kfree_skb(skb); 5195 return -EINVAL; 5196 } 5197 5198 nla_nest_end(skb, data); 5199 genlmsg_end(skb, hdr); 5200 return genlmsg_reply(skb, rdev->testmode_info); 5201 } 5202 EXPORT_SYMBOL(cfg80211_testmode_reply); 5203 5204 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 5205 int approxlen, gfp_t gfp) 5206 { 5207 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5208 5209 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 5210 } 5211 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 5212 5213 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 5214 { 5215 void *hdr = ((void **)skb->cb)[1]; 5216 struct nlattr *data = ((void **)skb->cb)[2]; 5217 5218 nla_nest_end(skb, data); 5219 genlmsg_end(skb, hdr); 5220 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 5221 } 5222 EXPORT_SYMBOL(cfg80211_testmode_event); 5223 #endif 5224 5225 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 5226 { 5227 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5228 struct net_device *dev = info->user_ptr[1]; 5229 struct cfg80211_connect_params connect; 5230 struct wiphy *wiphy; 5231 struct cfg80211_cached_keys *connkeys = NULL; 5232 int err; 5233 5234 memset(&connect, 0, sizeof(connect)); 5235 5236 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5237 return -EINVAL; 5238 5239 if (!info->attrs[NL80211_ATTR_SSID] || 5240 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5241 return -EINVAL; 5242 5243 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5244 connect.auth_type = 5245 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5246 if (!nl80211_valid_auth_type(connect.auth_type)) 5247 return -EINVAL; 5248 } else 5249 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5250 5251 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 5252 5253 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 5254 NL80211_MAX_NR_CIPHER_SUITES); 5255 if (err) 5256 return err; 5257 5258 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5259 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5260 return -EOPNOTSUPP; 5261 5262 wiphy = &rdev->wiphy; 5263 5264 connect.bg_scan_period = -1; 5265 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 5266 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 5267 connect.bg_scan_period = 5268 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 5269 } 5270 5271 if (info->attrs[NL80211_ATTR_MAC]) 5272 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5273 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5274 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5275 5276 if (info->attrs[NL80211_ATTR_IE]) { 5277 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5278 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5279 } 5280 5281 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5282 connect.channel = 5283 ieee80211_get_channel(wiphy, 5284 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5285 if (!connect.channel || 5286 connect.channel->flags & IEEE80211_CHAN_DISABLED) 5287 return -EINVAL; 5288 } 5289 5290 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5291 connkeys = nl80211_parse_connkeys(rdev, 5292 info->attrs[NL80211_ATTR_KEYS]); 5293 if (IS_ERR(connkeys)) 5294 return PTR_ERR(connkeys); 5295 } 5296 5297 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5298 connect.flags |= ASSOC_REQ_DISABLE_HT; 5299 5300 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5301 memcpy(&connect.ht_capa_mask, 5302 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 5303 sizeof(connect.ht_capa_mask)); 5304 5305 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5306 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5307 return -EINVAL; 5308 memcpy(&connect.ht_capa, 5309 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 5310 sizeof(connect.ht_capa)); 5311 } 5312 5313 err = cfg80211_connect(rdev, dev, &connect, connkeys); 5314 if (err) 5315 kfree(connkeys); 5316 return err; 5317 } 5318 5319 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 5320 { 5321 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5322 struct net_device *dev = info->user_ptr[1]; 5323 u16 reason; 5324 5325 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5326 reason = WLAN_REASON_DEAUTH_LEAVING; 5327 else 5328 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5329 5330 if (reason == 0) 5331 return -EINVAL; 5332 5333 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5334 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5335 return -EOPNOTSUPP; 5336 5337 return cfg80211_disconnect(rdev, dev, reason, true); 5338 } 5339 5340 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 5341 { 5342 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5343 struct net *net; 5344 int err; 5345 u32 pid; 5346 5347 if (!info->attrs[NL80211_ATTR_PID]) 5348 return -EINVAL; 5349 5350 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 5351 5352 net = get_net_ns_by_pid(pid); 5353 if (IS_ERR(net)) 5354 return PTR_ERR(net); 5355 5356 err = 0; 5357 5358 /* check if anything to do */ 5359 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 5360 err = cfg80211_switch_netns(rdev, net); 5361 5362 put_net(net); 5363 return err; 5364 } 5365 5366 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 5367 { 5368 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5369 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 5370 struct cfg80211_pmksa *pmksa) = NULL; 5371 struct net_device *dev = info->user_ptr[1]; 5372 struct cfg80211_pmksa pmksa; 5373 5374 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 5375 5376 if (!info->attrs[NL80211_ATTR_MAC]) 5377 return -EINVAL; 5378 5379 if (!info->attrs[NL80211_ATTR_PMKID]) 5380 return -EINVAL; 5381 5382 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 5383 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5384 5385 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5386 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5387 return -EOPNOTSUPP; 5388 5389 switch (info->genlhdr->cmd) { 5390 case NL80211_CMD_SET_PMKSA: 5391 rdev_ops = rdev->ops->set_pmksa; 5392 break; 5393 case NL80211_CMD_DEL_PMKSA: 5394 rdev_ops = rdev->ops->del_pmksa; 5395 break; 5396 default: 5397 WARN_ON(1); 5398 break; 5399 } 5400 5401 if (!rdev_ops) 5402 return -EOPNOTSUPP; 5403 5404 return rdev_ops(&rdev->wiphy, dev, &pmksa); 5405 } 5406 5407 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 5408 { 5409 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5410 struct net_device *dev = info->user_ptr[1]; 5411 5412 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5413 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5414 return -EOPNOTSUPP; 5415 5416 if (!rdev->ops->flush_pmksa) 5417 return -EOPNOTSUPP; 5418 5419 return rdev->ops->flush_pmksa(&rdev->wiphy, dev); 5420 } 5421 5422 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 5423 { 5424 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5425 struct net_device *dev = info->user_ptr[1]; 5426 u8 action_code, dialog_token; 5427 u16 status_code; 5428 u8 *peer; 5429 5430 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5431 !rdev->ops->tdls_mgmt) 5432 return -EOPNOTSUPP; 5433 5434 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 5435 !info->attrs[NL80211_ATTR_STATUS_CODE] || 5436 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 5437 !info->attrs[NL80211_ATTR_IE] || 5438 !info->attrs[NL80211_ATTR_MAC]) 5439 return -EINVAL; 5440 5441 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5442 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 5443 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 5444 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 5445 5446 return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code, 5447 dialog_token, status_code, 5448 nla_data(info->attrs[NL80211_ATTR_IE]), 5449 nla_len(info->attrs[NL80211_ATTR_IE])); 5450 } 5451 5452 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 5453 { 5454 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5455 struct net_device *dev = info->user_ptr[1]; 5456 enum nl80211_tdls_operation operation; 5457 u8 *peer; 5458 5459 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5460 !rdev->ops->tdls_oper) 5461 return -EOPNOTSUPP; 5462 5463 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 5464 !info->attrs[NL80211_ATTR_MAC]) 5465 return -EINVAL; 5466 5467 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 5468 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5469 5470 return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation); 5471 } 5472 5473 static int nl80211_remain_on_channel(struct sk_buff *skb, 5474 struct genl_info *info) 5475 { 5476 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5477 struct net_device *dev = info->user_ptr[1]; 5478 struct ieee80211_channel *chan; 5479 struct sk_buff *msg; 5480 void *hdr; 5481 u64 cookie; 5482 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5483 u32 freq, duration; 5484 int err; 5485 5486 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5487 !info->attrs[NL80211_ATTR_DURATION]) 5488 return -EINVAL; 5489 5490 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5491 5492 /* 5493 * We should be on that channel for at least one jiffie, 5494 * and more than 5 seconds seems excessive. 5495 */ 5496 if (!duration || !msecs_to_jiffies(duration) || 5497 duration > rdev->wiphy.max_remain_on_channel_duration) 5498 return -EINVAL; 5499 5500 if (!rdev->ops->remain_on_channel || 5501 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 5502 return -EOPNOTSUPP; 5503 5504 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 5505 !nl80211_valid_channel_type(info, &channel_type)) 5506 return -EINVAL; 5507 5508 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5509 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5510 if (chan == NULL) 5511 return -EINVAL; 5512 5513 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5514 if (!msg) 5515 return -ENOMEM; 5516 5517 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5518 NL80211_CMD_REMAIN_ON_CHANNEL); 5519 5520 if (IS_ERR(hdr)) { 5521 err = PTR_ERR(hdr); 5522 goto free_msg; 5523 } 5524 5525 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 5526 channel_type, duration, &cookie); 5527 5528 if (err) 5529 goto free_msg; 5530 5531 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 5532 goto nla_put_failure; 5533 5534 genlmsg_end(msg, hdr); 5535 5536 return genlmsg_reply(msg, info); 5537 5538 nla_put_failure: 5539 err = -ENOBUFS; 5540 free_msg: 5541 nlmsg_free(msg); 5542 return err; 5543 } 5544 5545 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 5546 struct genl_info *info) 5547 { 5548 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5549 struct net_device *dev = info->user_ptr[1]; 5550 u64 cookie; 5551 5552 if (!info->attrs[NL80211_ATTR_COOKIE]) 5553 return -EINVAL; 5554 5555 if (!rdev->ops->cancel_remain_on_channel) 5556 return -EOPNOTSUPP; 5557 5558 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5559 5560 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 5561 } 5562 5563 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5564 u8 *rates, u8 rates_len) 5565 { 5566 u8 i; 5567 u32 mask = 0; 5568 5569 for (i = 0; i < rates_len; i++) { 5570 int rate = (rates[i] & 0x7f) * 5; 5571 int ridx; 5572 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 5573 struct ieee80211_rate *srate = 5574 &sband->bitrates[ridx]; 5575 if (rate == srate->bitrate) { 5576 mask |= 1 << ridx; 5577 break; 5578 } 5579 } 5580 if (ridx == sband->n_bitrates) 5581 return 0; /* rate not found */ 5582 } 5583 5584 return mask; 5585 } 5586 5587 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 5588 u8 *rates, u8 rates_len, 5589 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 5590 { 5591 u8 i; 5592 5593 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 5594 5595 for (i = 0; i < rates_len; i++) { 5596 int ridx, rbit; 5597 5598 ridx = rates[i] / 8; 5599 rbit = BIT(rates[i] % 8); 5600 5601 /* check validity */ 5602 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 5603 return false; 5604 5605 /* check availability */ 5606 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 5607 mcs[ridx] |= rbit; 5608 else 5609 return false; 5610 } 5611 5612 return true; 5613 } 5614 5615 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 5616 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 5617 .len = NL80211_MAX_SUPP_RATES }, 5618 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 5619 .len = NL80211_MAX_SUPP_HT_RATES }, 5620 }; 5621 5622 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 5623 struct genl_info *info) 5624 { 5625 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5626 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5627 struct cfg80211_bitrate_mask mask; 5628 int rem, i; 5629 struct net_device *dev = info->user_ptr[1]; 5630 struct nlattr *tx_rates; 5631 struct ieee80211_supported_band *sband; 5632 5633 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 5634 return -EINVAL; 5635 5636 if (!rdev->ops->set_bitrate_mask) 5637 return -EOPNOTSUPP; 5638 5639 memset(&mask, 0, sizeof(mask)); 5640 /* Default to all rates enabled */ 5641 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 5642 sband = rdev->wiphy.bands[i]; 5643 mask.control[i].legacy = 5644 sband ? (1 << sband->n_bitrates) - 1 : 0; 5645 if (sband) 5646 memcpy(mask.control[i].mcs, 5647 sband->ht_cap.mcs.rx_mask, 5648 sizeof(mask.control[i].mcs)); 5649 else 5650 memset(mask.control[i].mcs, 0, 5651 sizeof(mask.control[i].mcs)); 5652 } 5653 5654 /* 5655 * The nested attribute uses enum nl80211_band as the index. This maps 5656 * directly to the enum ieee80211_band values used in cfg80211. 5657 */ 5658 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 5659 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 5660 { 5661 enum ieee80211_band band = nla_type(tx_rates); 5662 if (band < 0 || band >= IEEE80211_NUM_BANDS) 5663 return -EINVAL; 5664 sband = rdev->wiphy.bands[band]; 5665 if (sband == NULL) 5666 return -EINVAL; 5667 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 5668 nla_len(tx_rates), nl80211_txattr_policy); 5669 if (tb[NL80211_TXRATE_LEGACY]) { 5670 mask.control[band].legacy = rateset_to_mask( 5671 sband, 5672 nla_data(tb[NL80211_TXRATE_LEGACY]), 5673 nla_len(tb[NL80211_TXRATE_LEGACY])); 5674 if ((mask.control[band].legacy == 0) && 5675 nla_len(tb[NL80211_TXRATE_LEGACY])) 5676 return -EINVAL; 5677 } 5678 if (tb[NL80211_TXRATE_MCS]) { 5679 if (!ht_rateset_to_mask( 5680 sband, 5681 nla_data(tb[NL80211_TXRATE_MCS]), 5682 nla_len(tb[NL80211_TXRATE_MCS]), 5683 mask.control[band].mcs)) 5684 return -EINVAL; 5685 } 5686 5687 if (mask.control[band].legacy == 0) { 5688 /* don't allow empty legacy rates if HT 5689 * is not even supported. */ 5690 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 5691 return -EINVAL; 5692 5693 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 5694 if (mask.control[band].mcs[i]) 5695 break; 5696 5697 /* legacy and mcs rates may not be both empty */ 5698 if (i == IEEE80211_HT_MCS_MASK_LEN) 5699 return -EINVAL; 5700 } 5701 } 5702 5703 return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 5704 } 5705 5706 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 5707 { 5708 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5709 struct net_device *dev = info->user_ptr[1]; 5710 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 5711 5712 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 5713 return -EINVAL; 5714 5715 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 5716 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 5717 5718 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5719 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5720 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5721 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5722 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5723 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5724 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5725 return -EOPNOTSUPP; 5726 5727 /* not much point in registering if we can't reply */ 5728 if (!rdev->ops->mgmt_tx) 5729 return -EOPNOTSUPP; 5730 5731 return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid, 5732 frame_type, 5733 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 5734 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 5735 } 5736 5737 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 5738 { 5739 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5740 struct net_device *dev = info->user_ptr[1]; 5741 struct ieee80211_channel *chan; 5742 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5743 bool channel_type_valid = false; 5744 u32 freq; 5745 int err; 5746 void *hdr = NULL; 5747 u64 cookie; 5748 struct sk_buff *msg = NULL; 5749 unsigned int wait = 0; 5750 bool offchan, no_cck, dont_wait_for_ack; 5751 5752 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 5753 5754 if (!info->attrs[NL80211_ATTR_FRAME] || 5755 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5756 return -EINVAL; 5757 5758 if (!rdev->ops->mgmt_tx) 5759 return -EOPNOTSUPP; 5760 5761 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5762 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5763 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5764 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5765 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5766 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5767 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5768 return -EOPNOTSUPP; 5769 5770 if (info->attrs[NL80211_ATTR_DURATION]) { 5771 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5772 return -EINVAL; 5773 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5774 } 5775 5776 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5777 if (!nl80211_valid_channel_type(info, &channel_type)) 5778 return -EINVAL; 5779 channel_type_valid = true; 5780 } 5781 5782 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 5783 5784 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5785 return -EINVAL; 5786 5787 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 5788 5789 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5790 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5791 if (chan == NULL) 5792 return -EINVAL; 5793 5794 if (!dont_wait_for_ack) { 5795 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5796 if (!msg) 5797 return -ENOMEM; 5798 5799 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5800 NL80211_CMD_FRAME); 5801 5802 if (IS_ERR(hdr)) { 5803 err = PTR_ERR(hdr); 5804 goto free_msg; 5805 } 5806 } 5807 5808 err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type, 5809 channel_type_valid, wait, 5810 nla_data(info->attrs[NL80211_ATTR_FRAME]), 5811 nla_len(info->attrs[NL80211_ATTR_FRAME]), 5812 no_cck, dont_wait_for_ack, &cookie); 5813 if (err) 5814 goto free_msg; 5815 5816 if (msg) { 5817 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 5818 goto nla_put_failure; 5819 5820 genlmsg_end(msg, hdr); 5821 return genlmsg_reply(msg, info); 5822 } 5823 5824 return 0; 5825 5826 nla_put_failure: 5827 err = -ENOBUFS; 5828 free_msg: 5829 nlmsg_free(msg); 5830 return err; 5831 } 5832 5833 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 5834 { 5835 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5836 struct net_device *dev = info->user_ptr[1]; 5837 u64 cookie; 5838 5839 if (!info->attrs[NL80211_ATTR_COOKIE]) 5840 return -EINVAL; 5841 5842 if (!rdev->ops->mgmt_tx_cancel_wait) 5843 return -EOPNOTSUPP; 5844 5845 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5846 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5847 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5848 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5849 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5850 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5851 return -EOPNOTSUPP; 5852 5853 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5854 5855 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie); 5856 } 5857 5858 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 5859 { 5860 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5861 struct wireless_dev *wdev; 5862 struct net_device *dev = info->user_ptr[1]; 5863 u8 ps_state; 5864 bool state; 5865 int err; 5866 5867 if (!info->attrs[NL80211_ATTR_PS_STATE]) 5868 return -EINVAL; 5869 5870 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 5871 5872 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 5873 return -EINVAL; 5874 5875 wdev = dev->ieee80211_ptr; 5876 5877 if (!rdev->ops->set_power_mgmt) 5878 return -EOPNOTSUPP; 5879 5880 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 5881 5882 if (state == wdev->ps) 5883 return 0; 5884 5885 err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state, 5886 wdev->ps_timeout); 5887 if (!err) 5888 wdev->ps = state; 5889 return err; 5890 } 5891 5892 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 5893 { 5894 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5895 enum nl80211_ps_state ps_state; 5896 struct wireless_dev *wdev; 5897 struct net_device *dev = info->user_ptr[1]; 5898 struct sk_buff *msg; 5899 void *hdr; 5900 int err; 5901 5902 wdev = dev->ieee80211_ptr; 5903 5904 if (!rdev->ops->set_power_mgmt) 5905 return -EOPNOTSUPP; 5906 5907 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5908 if (!msg) 5909 return -ENOMEM; 5910 5911 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5912 NL80211_CMD_GET_POWER_SAVE); 5913 if (!hdr) { 5914 err = -ENOBUFS; 5915 goto free_msg; 5916 } 5917 5918 if (wdev->ps) 5919 ps_state = NL80211_PS_ENABLED; 5920 else 5921 ps_state = NL80211_PS_DISABLED; 5922 5923 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 5924 goto nla_put_failure; 5925 5926 genlmsg_end(msg, hdr); 5927 return genlmsg_reply(msg, info); 5928 5929 nla_put_failure: 5930 err = -ENOBUFS; 5931 free_msg: 5932 nlmsg_free(msg); 5933 return err; 5934 } 5935 5936 static struct nla_policy 5937 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 5938 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 5939 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 5940 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 5941 }; 5942 5943 static int nl80211_set_cqm_rssi(struct genl_info *info, 5944 s32 threshold, u32 hysteresis) 5945 { 5946 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5947 struct wireless_dev *wdev; 5948 struct net_device *dev = info->user_ptr[1]; 5949 5950 if (threshold > 0) 5951 return -EINVAL; 5952 5953 wdev = dev->ieee80211_ptr; 5954 5955 if (!rdev->ops->set_cqm_rssi_config) 5956 return -EOPNOTSUPP; 5957 5958 if (wdev->iftype != NL80211_IFTYPE_STATION && 5959 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 5960 return -EOPNOTSUPP; 5961 5962 return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 5963 threshold, hysteresis); 5964 } 5965 5966 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 5967 { 5968 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 5969 struct nlattr *cqm; 5970 int err; 5971 5972 cqm = info->attrs[NL80211_ATTR_CQM]; 5973 if (!cqm) { 5974 err = -EINVAL; 5975 goto out; 5976 } 5977 5978 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 5979 nl80211_attr_cqm_policy); 5980 if (err) 5981 goto out; 5982 5983 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 5984 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 5985 s32 threshold; 5986 u32 hysteresis; 5987 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 5988 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 5989 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 5990 } else 5991 err = -EINVAL; 5992 5993 out: 5994 return err; 5995 } 5996 5997 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 5998 { 5999 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6000 struct net_device *dev = info->user_ptr[1]; 6001 struct mesh_config cfg; 6002 struct mesh_setup setup; 6003 int err; 6004 6005 /* start with default */ 6006 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 6007 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 6008 6009 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 6010 /* and parse parameters if given */ 6011 err = nl80211_parse_mesh_config(info, &cfg, NULL); 6012 if (err) 6013 return err; 6014 } 6015 6016 if (!info->attrs[NL80211_ATTR_MESH_ID] || 6017 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 6018 return -EINVAL; 6019 6020 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 6021 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 6022 6023 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 6024 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 6025 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 6026 return -EINVAL; 6027 6028 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 6029 /* parse additional setup parameters if given */ 6030 err = nl80211_parse_mesh_setup(info, &setup); 6031 if (err) 6032 return err; 6033 } 6034 6035 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 6036 } 6037 6038 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 6039 { 6040 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6041 struct net_device *dev = info->user_ptr[1]; 6042 6043 return cfg80211_leave_mesh(rdev, dev); 6044 } 6045 6046 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 6047 { 6048 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6049 struct sk_buff *msg; 6050 void *hdr; 6051 6052 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6053 return -EOPNOTSUPP; 6054 6055 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6056 if (!msg) 6057 return -ENOMEM; 6058 6059 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6060 NL80211_CMD_GET_WOWLAN); 6061 if (!hdr) 6062 goto nla_put_failure; 6063 6064 if (rdev->wowlan) { 6065 struct nlattr *nl_wowlan; 6066 6067 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 6068 if (!nl_wowlan) 6069 goto nla_put_failure; 6070 6071 if ((rdev->wowlan->any && 6072 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 6073 (rdev->wowlan->disconnect && 6074 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 6075 (rdev->wowlan->magic_pkt && 6076 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 6077 (rdev->wowlan->gtk_rekey_failure && 6078 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 6079 (rdev->wowlan->eap_identity_req && 6080 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 6081 (rdev->wowlan->four_way_handshake && 6082 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 6083 (rdev->wowlan->rfkill_release && 6084 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 6085 goto nla_put_failure; 6086 if (rdev->wowlan->n_patterns) { 6087 struct nlattr *nl_pats, *nl_pat; 6088 int i, pat_len; 6089 6090 nl_pats = nla_nest_start(msg, 6091 NL80211_WOWLAN_TRIG_PKT_PATTERN); 6092 if (!nl_pats) 6093 goto nla_put_failure; 6094 6095 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 6096 nl_pat = nla_nest_start(msg, i + 1); 6097 if (!nl_pat) 6098 goto nla_put_failure; 6099 pat_len = rdev->wowlan->patterns[i].pattern_len; 6100 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 6101 DIV_ROUND_UP(pat_len, 8), 6102 rdev->wowlan->patterns[i].mask) || 6103 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 6104 pat_len, 6105 rdev->wowlan->patterns[i].pattern)) 6106 goto nla_put_failure; 6107 nla_nest_end(msg, nl_pat); 6108 } 6109 nla_nest_end(msg, nl_pats); 6110 } 6111 6112 nla_nest_end(msg, nl_wowlan); 6113 } 6114 6115 genlmsg_end(msg, hdr); 6116 return genlmsg_reply(msg, info); 6117 6118 nla_put_failure: 6119 nlmsg_free(msg); 6120 return -ENOBUFS; 6121 } 6122 6123 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 6124 { 6125 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6126 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 6127 struct cfg80211_wowlan no_triggers = {}; 6128 struct cfg80211_wowlan new_triggers = {}; 6129 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 6130 int err, i; 6131 bool prev_enabled = rdev->wowlan; 6132 6133 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6134 return -EOPNOTSUPP; 6135 6136 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) 6137 goto no_triggers; 6138 6139 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6140 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6141 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6142 nl80211_wowlan_policy); 6143 if (err) 6144 return err; 6145 6146 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 6147 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 6148 return -EINVAL; 6149 new_triggers.any = true; 6150 } 6151 6152 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 6153 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 6154 return -EINVAL; 6155 new_triggers.disconnect = true; 6156 } 6157 6158 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 6159 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 6160 return -EINVAL; 6161 new_triggers.magic_pkt = true; 6162 } 6163 6164 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 6165 return -EINVAL; 6166 6167 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 6168 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 6169 return -EINVAL; 6170 new_triggers.gtk_rekey_failure = true; 6171 } 6172 6173 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 6174 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 6175 return -EINVAL; 6176 new_triggers.eap_identity_req = true; 6177 } 6178 6179 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 6180 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 6181 return -EINVAL; 6182 new_triggers.four_way_handshake = true; 6183 } 6184 6185 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 6186 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 6187 return -EINVAL; 6188 new_triggers.rfkill_release = true; 6189 } 6190 6191 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 6192 struct nlattr *pat; 6193 int n_patterns = 0; 6194 int rem, pat_len, mask_len; 6195 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 6196 6197 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6198 rem) 6199 n_patterns++; 6200 if (n_patterns > wowlan->n_patterns) 6201 return -EINVAL; 6202 6203 new_triggers.patterns = kcalloc(n_patterns, 6204 sizeof(new_triggers.patterns[0]), 6205 GFP_KERNEL); 6206 if (!new_triggers.patterns) 6207 return -ENOMEM; 6208 6209 new_triggers.n_patterns = n_patterns; 6210 i = 0; 6211 6212 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6213 rem) { 6214 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 6215 nla_data(pat), nla_len(pat), NULL); 6216 err = -EINVAL; 6217 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 6218 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 6219 goto error; 6220 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 6221 mask_len = DIV_ROUND_UP(pat_len, 8); 6222 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 6223 mask_len) 6224 goto error; 6225 if (pat_len > wowlan->pattern_max_len || 6226 pat_len < wowlan->pattern_min_len) 6227 goto error; 6228 6229 new_triggers.patterns[i].mask = 6230 kmalloc(mask_len + pat_len, GFP_KERNEL); 6231 if (!new_triggers.patterns[i].mask) { 6232 err = -ENOMEM; 6233 goto error; 6234 } 6235 new_triggers.patterns[i].pattern = 6236 new_triggers.patterns[i].mask + mask_len; 6237 memcpy(new_triggers.patterns[i].mask, 6238 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 6239 mask_len); 6240 new_triggers.patterns[i].pattern_len = pat_len; 6241 memcpy(new_triggers.patterns[i].pattern, 6242 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 6243 pat_len); 6244 i++; 6245 } 6246 } 6247 6248 if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) { 6249 struct cfg80211_wowlan *ntrig; 6250 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), 6251 GFP_KERNEL); 6252 if (!ntrig) { 6253 err = -ENOMEM; 6254 goto error; 6255 } 6256 cfg80211_rdev_free_wowlan(rdev); 6257 rdev->wowlan = ntrig; 6258 } else { 6259 no_triggers: 6260 cfg80211_rdev_free_wowlan(rdev); 6261 rdev->wowlan = NULL; 6262 } 6263 6264 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 6265 rdev->ops->set_wakeup(&rdev->wiphy, rdev->wowlan); 6266 6267 return 0; 6268 error: 6269 for (i = 0; i < new_triggers.n_patterns; i++) 6270 kfree(new_triggers.patterns[i].mask); 6271 kfree(new_triggers.patterns); 6272 return err; 6273 } 6274 6275 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 6276 { 6277 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6278 struct net_device *dev = info->user_ptr[1]; 6279 struct wireless_dev *wdev = dev->ieee80211_ptr; 6280 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 6281 struct cfg80211_gtk_rekey_data rekey_data; 6282 int err; 6283 6284 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 6285 return -EINVAL; 6286 6287 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 6288 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 6289 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 6290 nl80211_rekey_policy); 6291 if (err) 6292 return err; 6293 6294 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 6295 return -ERANGE; 6296 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 6297 return -ERANGE; 6298 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 6299 return -ERANGE; 6300 6301 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 6302 NL80211_KEK_LEN); 6303 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 6304 NL80211_KCK_LEN); 6305 memcpy(rekey_data.replay_ctr, 6306 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 6307 NL80211_REPLAY_CTR_LEN); 6308 6309 wdev_lock(wdev); 6310 if (!wdev->current_bss) { 6311 err = -ENOTCONN; 6312 goto out; 6313 } 6314 6315 if (!rdev->ops->set_rekey_data) { 6316 err = -EOPNOTSUPP; 6317 goto out; 6318 } 6319 6320 err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data); 6321 out: 6322 wdev_unlock(wdev); 6323 return err; 6324 } 6325 6326 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 6327 struct genl_info *info) 6328 { 6329 struct net_device *dev = info->user_ptr[1]; 6330 struct wireless_dev *wdev = dev->ieee80211_ptr; 6331 6332 if (wdev->iftype != NL80211_IFTYPE_AP && 6333 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6334 return -EINVAL; 6335 6336 if (wdev->ap_unexpected_nlpid) 6337 return -EBUSY; 6338 6339 wdev->ap_unexpected_nlpid = info->snd_pid; 6340 return 0; 6341 } 6342 6343 static int nl80211_probe_client(struct sk_buff *skb, 6344 struct genl_info *info) 6345 { 6346 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6347 struct net_device *dev = info->user_ptr[1]; 6348 struct wireless_dev *wdev = dev->ieee80211_ptr; 6349 struct sk_buff *msg; 6350 void *hdr; 6351 const u8 *addr; 6352 u64 cookie; 6353 int err; 6354 6355 if (wdev->iftype != NL80211_IFTYPE_AP && 6356 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6357 return -EOPNOTSUPP; 6358 6359 if (!info->attrs[NL80211_ATTR_MAC]) 6360 return -EINVAL; 6361 6362 if (!rdev->ops->probe_client) 6363 return -EOPNOTSUPP; 6364 6365 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6366 if (!msg) 6367 return -ENOMEM; 6368 6369 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6370 NL80211_CMD_PROBE_CLIENT); 6371 6372 if (IS_ERR(hdr)) { 6373 err = PTR_ERR(hdr); 6374 goto free_msg; 6375 } 6376 6377 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6378 6379 err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie); 6380 if (err) 6381 goto free_msg; 6382 6383 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6384 goto nla_put_failure; 6385 6386 genlmsg_end(msg, hdr); 6387 6388 return genlmsg_reply(msg, info); 6389 6390 nla_put_failure: 6391 err = -ENOBUFS; 6392 free_msg: 6393 nlmsg_free(msg); 6394 return err; 6395 } 6396 6397 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 6398 { 6399 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6400 6401 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 6402 return -EOPNOTSUPP; 6403 6404 if (rdev->ap_beacons_nlpid) 6405 return -EBUSY; 6406 6407 rdev->ap_beacons_nlpid = info->snd_pid; 6408 6409 return 0; 6410 } 6411 6412 #define NL80211_FLAG_NEED_WIPHY 0x01 6413 #define NL80211_FLAG_NEED_NETDEV 0x02 6414 #define NL80211_FLAG_NEED_RTNL 0x04 6415 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 6416 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6417 NL80211_FLAG_CHECK_NETDEV_UP) 6418 6419 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 6420 struct genl_info *info) 6421 { 6422 struct cfg80211_registered_device *rdev; 6423 struct net_device *dev; 6424 int err; 6425 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 6426 6427 if (rtnl) 6428 rtnl_lock(); 6429 6430 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 6431 rdev = cfg80211_get_dev_from_info(info); 6432 if (IS_ERR(rdev)) { 6433 if (rtnl) 6434 rtnl_unlock(); 6435 return PTR_ERR(rdev); 6436 } 6437 info->user_ptr[0] = rdev; 6438 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 6439 err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs, 6440 &rdev, &dev); 6441 if (err) { 6442 if (rtnl) 6443 rtnl_unlock(); 6444 return err; 6445 } 6446 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 6447 !netif_running(dev)) { 6448 cfg80211_unlock_rdev(rdev); 6449 dev_put(dev); 6450 if (rtnl) 6451 rtnl_unlock(); 6452 return -ENETDOWN; 6453 } 6454 info->user_ptr[0] = rdev; 6455 info->user_ptr[1] = dev; 6456 } 6457 6458 return 0; 6459 } 6460 6461 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 6462 struct genl_info *info) 6463 { 6464 if (info->user_ptr[0]) 6465 cfg80211_unlock_rdev(info->user_ptr[0]); 6466 if (info->user_ptr[1]) 6467 dev_put(info->user_ptr[1]); 6468 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 6469 rtnl_unlock(); 6470 } 6471 6472 static struct genl_ops nl80211_ops[] = { 6473 { 6474 .cmd = NL80211_CMD_GET_WIPHY, 6475 .doit = nl80211_get_wiphy, 6476 .dumpit = nl80211_dump_wiphy, 6477 .policy = nl80211_policy, 6478 /* can be retrieved by unprivileged users */ 6479 .internal_flags = NL80211_FLAG_NEED_WIPHY, 6480 }, 6481 { 6482 .cmd = NL80211_CMD_SET_WIPHY, 6483 .doit = nl80211_set_wiphy, 6484 .policy = nl80211_policy, 6485 .flags = GENL_ADMIN_PERM, 6486 .internal_flags = NL80211_FLAG_NEED_RTNL, 6487 }, 6488 { 6489 .cmd = NL80211_CMD_GET_INTERFACE, 6490 .doit = nl80211_get_interface, 6491 .dumpit = nl80211_dump_interface, 6492 .policy = nl80211_policy, 6493 /* can be retrieved by unprivileged users */ 6494 .internal_flags = NL80211_FLAG_NEED_NETDEV, 6495 }, 6496 { 6497 .cmd = NL80211_CMD_SET_INTERFACE, 6498 .doit = nl80211_set_interface, 6499 .policy = nl80211_policy, 6500 .flags = GENL_ADMIN_PERM, 6501 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6502 NL80211_FLAG_NEED_RTNL, 6503 }, 6504 { 6505 .cmd = NL80211_CMD_NEW_INTERFACE, 6506 .doit = nl80211_new_interface, 6507 .policy = nl80211_policy, 6508 .flags = GENL_ADMIN_PERM, 6509 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6510 NL80211_FLAG_NEED_RTNL, 6511 }, 6512 { 6513 .cmd = NL80211_CMD_DEL_INTERFACE, 6514 .doit = nl80211_del_interface, 6515 .policy = nl80211_policy, 6516 .flags = GENL_ADMIN_PERM, 6517 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6518 NL80211_FLAG_NEED_RTNL, 6519 }, 6520 { 6521 .cmd = NL80211_CMD_GET_KEY, 6522 .doit = nl80211_get_key, 6523 .policy = nl80211_policy, 6524 .flags = GENL_ADMIN_PERM, 6525 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6526 NL80211_FLAG_NEED_RTNL, 6527 }, 6528 { 6529 .cmd = NL80211_CMD_SET_KEY, 6530 .doit = nl80211_set_key, 6531 .policy = nl80211_policy, 6532 .flags = GENL_ADMIN_PERM, 6533 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6534 NL80211_FLAG_NEED_RTNL, 6535 }, 6536 { 6537 .cmd = NL80211_CMD_NEW_KEY, 6538 .doit = nl80211_new_key, 6539 .policy = nl80211_policy, 6540 .flags = GENL_ADMIN_PERM, 6541 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6542 NL80211_FLAG_NEED_RTNL, 6543 }, 6544 { 6545 .cmd = NL80211_CMD_DEL_KEY, 6546 .doit = nl80211_del_key, 6547 .policy = nl80211_policy, 6548 .flags = GENL_ADMIN_PERM, 6549 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6550 NL80211_FLAG_NEED_RTNL, 6551 }, 6552 { 6553 .cmd = NL80211_CMD_SET_BEACON, 6554 .policy = nl80211_policy, 6555 .flags = GENL_ADMIN_PERM, 6556 .doit = nl80211_set_beacon, 6557 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6558 NL80211_FLAG_NEED_RTNL, 6559 }, 6560 { 6561 .cmd = NL80211_CMD_START_AP, 6562 .policy = nl80211_policy, 6563 .flags = GENL_ADMIN_PERM, 6564 .doit = nl80211_start_ap, 6565 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6566 NL80211_FLAG_NEED_RTNL, 6567 }, 6568 { 6569 .cmd = NL80211_CMD_STOP_AP, 6570 .policy = nl80211_policy, 6571 .flags = GENL_ADMIN_PERM, 6572 .doit = nl80211_stop_ap, 6573 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6574 NL80211_FLAG_NEED_RTNL, 6575 }, 6576 { 6577 .cmd = NL80211_CMD_GET_STATION, 6578 .doit = nl80211_get_station, 6579 .dumpit = nl80211_dump_station, 6580 .policy = nl80211_policy, 6581 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6582 NL80211_FLAG_NEED_RTNL, 6583 }, 6584 { 6585 .cmd = NL80211_CMD_SET_STATION, 6586 .doit = nl80211_set_station, 6587 .policy = nl80211_policy, 6588 .flags = GENL_ADMIN_PERM, 6589 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6590 NL80211_FLAG_NEED_RTNL, 6591 }, 6592 { 6593 .cmd = NL80211_CMD_NEW_STATION, 6594 .doit = nl80211_new_station, 6595 .policy = nl80211_policy, 6596 .flags = GENL_ADMIN_PERM, 6597 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6598 NL80211_FLAG_NEED_RTNL, 6599 }, 6600 { 6601 .cmd = NL80211_CMD_DEL_STATION, 6602 .doit = nl80211_del_station, 6603 .policy = nl80211_policy, 6604 .flags = GENL_ADMIN_PERM, 6605 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6606 NL80211_FLAG_NEED_RTNL, 6607 }, 6608 { 6609 .cmd = NL80211_CMD_GET_MPATH, 6610 .doit = nl80211_get_mpath, 6611 .dumpit = nl80211_dump_mpath, 6612 .policy = nl80211_policy, 6613 .flags = GENL_ADMIN_PERM, 6614 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6615 NL80211_FLAG_NEED_RTNL, 6616 }, 6617 { 6618 .cmd = NL80211_CMD_SET_MPATH, 6619 .doit = nl80211_set_mpath, 6620 .policy = nl80211_policy, 6621 .flags = GENL_ADMIN_PERM, 6622 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6623 NL80211_FLAG_NEED_RTNL, 6624 }, 6625 { 6626 .cmd = NL80211_CMD_NEW_MPATH, 6627 .doit = nl80211_new_mpath, 6628 .policy = nl80211_policy, 6629 .flags = GENL_ADMIN_PERM, 6630 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6631 NL80211_FLAG_NEED_RTNL, 6632 }, 6633 { 6634 .cmd = NL80211_CMD_DEL_MPATH, 6635 .doit = nl80211_del_mpath, 6636 .policy = nl80211_policy, 6637 .flags = GENL_ADMIN_PERM, 6638 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6639 NL80211_FLAG_NEED_RTNL, 6640 }, 6641 { 6642 .cmd = NL80211_CMD_SET_BSS, 6643 .doit = nl80211_set_bss, 6644 .policy = nl80211_policy, 6645 .flags = GENL_ADMIN_PERM, 6646 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6647 NL80211_FLAG_NEED_RTNL, 6648 }, 6649 { 6650 .cmd = NL80211_CMD_GET_REG, 6651 .doit = nl80211_get_reg, 6652 .policy = nl80211_policy, 6653 /* can be retrieved by unprivileged users */ 6654 }, 6655 { 6656 .cmd = NL80211_CMD_SET_REG, 6657 .doit = nl80211_set_reg, 6658 .policy = nl80211_policy, 6659 .flags = GENL_ADMIN_PERM, 6660 }, 6661 { 6662 .cmd = NL80211_CMD_REQ_SET_REG, 6663 .doit = nl80211_req_set_reg, 6664 .policy = nl80211_policy, 6665 .flags = GENL_ADMIN_PERM, 6666 }, 6667 { 6668 .cmd = NL80211_CMD_GET_MESH_CONFIG, 6669 .doit = nl80211_get_mesh_config, 6670 .policy = nl80211_policy, 6671 /* can be retrieved by unprivileged users */ 6672 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6673 NL80211_FLAG_NEED_RTNL, 6674 }, 6675 { 6676 .cmd = NL80211_CMD_SET_MESH_CONFIG, 6677 .doit = nl80211_update_mesh_config, 6678 .policy = nl80211_policy, 6679 .flags = GENL_ADMIN_PERM, 6680 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6681 NL80211_FLAG_NEED_RTNL, 6682 }, 6683 { 6684 .cmd = NL80211_CMD_TRIGGER_SCAN, 6685 .doit = nl80211_trigger_scan, 6686 .policy = nl80211_policy, 6687 .flags = GENL_ADMIN_PERM, 6688 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6689 NL80211_FLAG_NEED_RTNL, 6690 }, 6691 { 6692 .cmd = NL80211_CMD_GET_SCAN, 6693 .policy = nl80211_policy, 6694 .dumpit = nl80211_dump_scan, 6695 }, 6696 { 6697 .cmd = NL80211_CMD_START_SCHED_SCAN, 6698 .doit = nl80211_start_sched_scan, 6699 .policy = nl80211_policy, 6700 .flags = GENL_ADMIN_PERM, 6701 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6702 NL80211_FLAG_NEED_RTNL, 6703 }, 6704 { 6705 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 6706 .doit = nl80211_stop_sched_scan, 6707 .policy = nl80211_policy, 6708 .flags = GENL_ADMIN_PERM, 6709 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6710 NL80211_FLAG_NEED_RTNL, 6711 }, 6712 { 6713 .cmd = NL80211_CMD_AUTHENTICATE, 6714 .doit = nl80211_authenticate, 6715 .policy = nl80211_policy, 6716 .flags = GENL_ADMIN_PERM, 6717 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6718 NL80211_FLAG_NEED_RTNL, 6719 }, 6720 { 6721 .cmd = NL80211_CMD_ASSOCIATE, 6722 .doit = nl80211_associate, 6723 .policy = nl80211_policy, 6724 .flags = GENL_ADMIN_PERM, 6725 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6726 NL80211_FLAG_NEED_RTNL, 6727 }, 6728 { 6729 .cmd = NL80211_CMD_DEAUTHENTICATE, 6730 .doit = nl80211_deauthenticate, 6731 .policy = nl80211_policy, 6732 .flags = GENL_ADMIN_PERM, 6733 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6734 NL80211_FLAG_NEED_RTNL, 6735 }, 6736 { 6737 .cmd = NL80211_CMD_DISASSOCIATE, 6738 .doit = nl80211_disassociate, 6739 .policy = nl80211_policy, 6740 .flags = GENL_ADMIN_PERM, 6741 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6742 NL80211_FLAG_NEED_RTNL, 6743 }, 6744 { 6745 .cmd = NL80211_CMD_JOIN_IBSS, 6746 .doit = nl80211_join_ibss, 6747 .policy = nl80211_policy, 6748 .flags = GENL_ADMIN_PERM, 6749 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6750 NL80211_FLAG_NEED_RTNL, 6751 }, 6752 { 6753 .cmd = NL80211_CMD_LEAVE_IBSS, 6754 .doit = nl80211_leave_ibss, 6755 .policy = nl80211_policy, 6756 .flags = GENL_ADMIN_PERM, 6757 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6758 NL80211_FLAG_NEED_RTNL, 6759 }, 6760 #ifdef CONFIG_NL80211_TESTMODE 6761 { 6762 .cmd = NL80211_CMD_TESTMODE, 6763 .doit = nl80211_testmode_do, 6764 .dumpit = nl80211_testmode_dump, 6765 .policy = nl80211_policy, 6766 .flags = GENL_ADMIN_PERM, 6767 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6768 NL80211_FLAG_NEED_RTNL, 6769 }, 6770 #endif 6771 { 6772 .cmd = NL80211_CMD_CONNECT, 6773 .doit = nl80211_connect, 6774 .policy = nl80211_policy, 6775 .flags = GENL_ADMIN_PERM, 6776 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6777 NL80211_FLAG_NEED_RTNL, 6778 }, 6779 { 6780 .cmd = NL80211_CMD_DISCONNECT, 6781 .doit = nl80211_disconnect, 6782 .policy = nl80211_policy, 6783 .flags = GENL_ADMIN_PERM, 6784 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6785 NL80211_FLAG_NEED_RTNL, 6786 }, 6787 { 6788 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 6789 .doit = nl80211_wiphy_netns, 6790 .policy = nl80211_policy, 6791 .flags = GENL_ADMIN_PERM, 6792 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6793 NL80211_FLAG_NEED_RTNL, 6794 }, 6795 { 6796 .cmd = NL80211_CMD_GET_SURVEY, 6797 .policy = nl80211_policy, 6798 .dumpit = nl80211_dump_survey, 6799 }, 6800 { 6801 .cmd = NL80211_CMD_SET_PMKSA, 6802 .doit = nl80211_setdel_pmksa, 6803 .policy = nl80211_policy, 6804 .flags = GENL_ADMIN_PERM, 6805 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6806 NL80211_FLAG_NEED_RTNL, 6807 }, 6808 { 6809 .cmd = NL80211_CMD_DEL_PMKSA, 6810 .doit = nl80211_setdel_pmksa, 6811 .policy = nl80211_policy, 6812 .flags = GENL_ADMIN_PERM, 6813 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6814 NL80211_FLAG_NEED_RTNL, 6815 }, 6816 { 6817 .cmd = NL80211_CMD_FLUSH_PMKSA, 6818 .doit = nl80211_flush_pmksa, 6819 .policy = nl80211_policy, 6820 .flags = GENL_ADMIN_PERM, 6821 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6822 NL80211_FLAG_NEED_RTNL, 6823 }, 6824 { 6825 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 6826 .doit = nl80211_remain_on_channel, 6827 .policy = nl80211_policy, 6828 .flags = GENL_ADMIN_PERM, 6829 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6830 NL80211_FLAG_NEED_RTNL, 6831 }, 6832 { 6833 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 6834 .doit = nl80211_cancel_remain_on_channel, 6835 .policy = nl80211_policy, 6836 .flags = GENL_ADMIN_PERM, 6837 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6838 NL80211_FLAG_NEED_RTNL, 6839 }, 6840 { 6841 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 6842 .doit = nl80211_set_tx_bitrate_mask, 6843 .policy = nl80211_policy, 6844 .flags = GENL_ADMIN_PERM, 6845 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6846 NL80211_FLAG_NEED_RTNL, 6847 }, 6848 { 6849 .cmd = NL80211_CMD_REGISTER_FRAME, 6850 .doit = nl80211_register_mgmt, 6851 .policy = nl80211_policy, 6852 .flags = GENL_ADMIN_PERM, 6853 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6854 NL80211_FLAG_NEED_RTNL, 6855 }, 6856 { 6857 .cmd = NL80211_CMD_FRAME, 6858 .doit = nl80211_tx_mgmt, 6859 .policy = nl80211_policy, 6860 .flags = GENL_ADMIN_PERM, 6861 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6862 NL80211_FLAG_NEED_RTNL, 6863 }, 6864 { 6865 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 6866 .doit = nl80211_tx_mgmt_cancel_wait, 6867 .policy = nl80211_policy, 6868 .flags = GENL_ADMIN_PERM, 6869 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6870 NL80211_FLAG_NEED_RTNL, 6871 }, 6872 { 6873 .cmd = NL80211_CMD_SET_POWER_SAVE, 6874 .doit = nl80211_set_power_save, 6875 .policy = nl80211_policy, 6876 .flags = GENL_ADMIN_PERM, 6877 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6878 NL80211_FLAG_NEED_RTNL, 6879 }, 6880 { 6881 .cmd = NL80211_CMD_GET_POWER_SAVE, 6882 .doit = nl80211_get_power_save, 6883 .policy = nl80211_policy, 6884 /* can be retrieved by unprivileged users */ 6885 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6886 NL80211_FLAG_NEED_RTNL, 6887 }, 6888 { 6889 .cmd = NL80211_CMD_SET_CQM, 6890 .doit = nl80211_set_cqm, 6891 .policy = nl80211_policy, 6892 .flags = GENL_ADMIN_PERM, 6893 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6894 NL80211_FLAG_NEED_RTNL, 6895 }, 6896 { 6897 .cmd = NL80211_CMD_SET_CHANNEL, 6898 .doit = nl80211_set_channel, 6899 .policy = nl80211_policy, 6900 .flags = GENL_ADMIN_PERM, 6901 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6902 NL80211_FLAG_NEED_RTNL, 6903 }, 6904 { 6905 .cmd = NL80211_CMD_SET_WDS_PEER, 6906 .doit = nl80211_set_wds_peer, 6907 .policy = nl80211_policy, 6908 .flags = GENL_ADMIN_PERM, 6909 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6910 NL80211_FLAG_NEED_RTNL, 6911 }, 6912 { 6913 .cmd = NL80211_CMD_JOIN_MESH, 6914 .doit = nl80211_join_mesh, 6915 .policy = nl80211_policy, 6916 .flags = GENL_ADMIN_PERM, 6917 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6918 NL80211_FLAG_NEED_RTNL, 6919 }, 6920 { 6921 .cmd = NL80211_CMD_LEAVE_MESH, 6922 .doit = nl80211_leave_mesh, 6923 .policy = nl80211_policy, 6924 .flags = GENL_ADMIN_PERM, 6925 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6926 NL80211_FLAG_NEED_RTNL, 6927 }, 6928 { 6929 .cmd = NL80211_CMD_GET_WOWLAN, 6930 .doit = nl80211_get_wowlan, 6931 .policy = nl80211_policy, 6932 /* can be retrieved by unprivileged users */ 6933 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6934 NL80211_FLAG_NEED_RTNL, 6935 }, 6936 { 6937 .cmd = NL80211_CMD_SET_WOWLAN, 6938 .doit = nl80211_set_wowlan, 6939 .policy = nl80211_policy, 6940 .flags = GENL_ADMIN_PERM, 6941 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6942 NL80211_FLAG_NEED_RTNL, 6943 }, 6944 { 6945 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 6946 .doit = nl80211_set_rekey_data, 6947 .policy = nl80211_policy, 6948 .flags = GENL_ADMIN_PERM, 6949 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6950 NL80211_FLAG_NEED_RTNL, 6951 }, 6952 { 6953 .cmd = NL80211_CMD_TDLS_MGMT, 6954 .doit = nl80211_tdls_mgmt, 6955 .policy = nl80211_policy, 6956 .flags = GENL_ADMIN_PERM, 6957 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6958 NL80211_FLAG_NEED_RTNL, 6959 }, 6960 { 6961 .cmd = NL80211_CMD_TDLS_OPER, 6962 .doit = nl80211_tdls_oper, 6963 .policy = nl80211_policy, 6964 .flags = GENL_ADMIN_PERM, 6965 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6966 NL80211_FLAG_NEED_RTNL, 6967 }, 6968 { 6969 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 6970 .doit = nl80211_register_unexpected_frame, 6971 .policy = nl80211_policy, 6972 .flags = GENL_ADMIN_PERM, 6973 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6974 NL80211_FLAG_NEED_RTNL, 6975 }, 6976 { 6977 .cmd = NL80211_CMD_PROBE_CLIENT, 6978 .doit = nl80211_probe_client, 6979 .policy = nl80211_policy, 6980 .flags = GENL_ADMIN_PERM, 6981 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6982 NL80211_FLAG_NEED_RTNL, 6983 }, 6984 { 6985 .cmd = NL80211_CMD_REGISTER_BEACONS, 6986 .doit = nl80211_register_beacons, 6987 .policy = nl80211_policy, 6988 .flags = GENL_ADMIN_PERM, 6989 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6990 NL80211_FLAG_NEED_RTNL, 6991 }, 6992 { 6993 .cmd = NL80211_CMD_SET_NOACK_MAP, 6994 .doit = nl80211_set_noack_map, 6995 .policy = nl80211_policy, 6996 .flags = GENL_ADMIN_PERM, 6997 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6998 NL80211_FLAG_NEED_RTNL, 6999 }, 7000 7001 }; 7002 7003 static struct genl_multicast_group nl80211_mlme_mcgrp = { 7004 .name = "mlme", 7005 }; 7006 7007 /* multicast groups */ 7008 static struct genl_multicast_group nl80211_config_mcgrp = { 7009 .name = "config", 7010 }; 7011 static struct genl_multicast_group nl80211_scan_mcgrp = { 7012 .name = "scan", 7013 }; 7014 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 7015 .name = "regulatory", 7016 }; 7017 7018 /* notification functions */ 7019 7020 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 7021 { 7022 struct sk_buff *msg; 7023 7024 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7025 if (!msg) 7026 return; 7027 7028 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 7029 nlmsg_free(msg); 7030 return; 7031 } 7032 7033 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7034 nl80211_config_mcgrp.id, GFP_KERNEL); 7035 } 7036 7037 static int nl80211_add_scan_req(struct sk_buff *msg, 7038 struct cfg80211_registered_device *rdev) 7039 { 7040 struct cfg80211_scan_request *req = rdev->scan_req; 7041 struct nlattr *nest; 7042 int i; 7043 7044 ASSERT_RDEV_LOCK(rdev); 7045 7046 if (WARN_ON(!req)) 7047 return 0; 7048 7049 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 7050 if (!nest) 7051 goto nla_put_failure; 7052 for (i = 0; i < req->n_ssids; i++) { 7053 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 7054 goto nla_put_failure; 7055 } 7056 nla_nest_end(msg, nest); 7057 7058 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 7059 if (!nest) 7060 goto nla_put_failure; 7061 for (i = 0; i < req->n_channels; i++) { 7062 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 7063 goto nla_put_failure; 7064 } 7065 nla_nest_end(msg, nest); 7066 7067 if (req->ie && 7068 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 7069 goto nla_put_failure; 7070 7071 return 0; 7072 nla_put_failure: 7073 return -ENOBUFS; 7074 } 7075 7076 static int nl80211_send_scan_msg(struct sk_buff *msg, 7077 struct cfg80211_registered_device *rdev, 7078 struct net_device *netdev, 7079 u32 pid, u32 seq, int flags, 7080 u32 cmd) 7081 { 7082 void *hdr; 7083 7084 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 7085 if (!hdr) 7086 return -1; 7087 7088 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7089 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7090 goto nla_put_failure; 7091 7092 /* ignore errors and send incomplete event anyway */ 7093 nl80211_add_scan_req(msg, rdev); 7094 7095 return genlmsg_end(msg, hdr); 7096 7097 nla_put_failure: 7098 genlmsg_cancel(msg, hdr); 7099 return -EMSGSIZE; 7100 } 7101 7102 static int 7103 nl80211_send_sched_scan_msg(struct sk_buff *msg, 7104 struct cfg80211_registered_device *rdev, 7105 struct net_device *netdev, 7106 u32 pid, u32 seq, int flags, u32 cmd) 7107 { 7108 void *hdr; 7109 7110 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 7111 if (!hdr) 7112 return -1; 7113 7114 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7115 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7116 goto nla_put_failure; 7117 7118 return genlmsg_end(msg, hdr); 7119 7120 nla_put_failure: 7121 genlmsg_cancel(msg, hdr); 7122 return -EMSGSIZE; 7123 } 7124 7125 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 7126 struct net_device *netdev) 7127 { 7128 struct sk_buff *msg; 7129 7130 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7131 if (!msg) 7132 return; 7133 7134 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7135 NL80211_CMD_TRIGGER_SCAN) < 0) { 7136 nlmsg_free(msg); 7137 return; 7138 } 7139 7140 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7141 nl80211_scan_mcgrp.id, GFP_KERNEL); 7142 } 7143 7144 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7145 struct net_device *netdev) 7146 { 7147 struct sk_buff *msg; 7148 7149 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7150 if (!msg) 7151 return; 7152 7153 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7154 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7155 nlmsg_free(msg); 7156 return; 7157 } 7158 7159 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7160 nl80211_scan_mcgrp.id, GFP_KERNEL); 7161 } 7162 7163 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7164 struct net_device *netdev) 7165 { 7166 struct sk_buff *msg; 7167 7168 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7169 if (!msg) 7170 return; 7171 7172 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7173 NL80211_CMD_SCAN_ABORTED) < 0) { 7174 nlmsg_free(msg); 7175 return; 7176 } 7177 7178 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7179 nl80211_scan_mcgrp.id, GFP_KERNEL); 7180 } 7181 7182 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 7183 struct net_device *netdev) 7184 { 7185 struct sk_buff *msg; 7186 7187 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7188 if (!msg) 7189 return; 7190 7191 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 7192 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 7193 nlmsg_free(msg); 7194 return; 7195 } 7196 7197 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7198 nl80211_scan_mcgrp.id, GFP_KERNEL); 7199 } 7200 7201 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 7202 struct net_device *netdev, u32 cmd) 7203 { 7204 struct sk_buff *msg; 7205 7206 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7207 if (!msg) 7208 return; 7209 7210 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 7211 nlmsg_free(msg); 7212 return; 7213 } 7214 7215 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7216 nl80211_scan_mcgrp.id, GFP_KERNEL); 7217 } 7218 7219 /* 7220 * This can happen on global regulatory changes or device specific settings 7221 * based on custom world regulatory domains. 7222 */ 7223 void nl80211_send_reg_change_event(struct regulatory_request *request) 7224 { 7225 struct sk_buff *msg; 7226 void *hdr; 7227 7228 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7229 if (!msg) 7230 return; 7231 7232 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 7233 if (!hdr) { 7234 nlmsg_free(msg); 7235 return; 7236 } 7237 7238 /* Userspace can always count this one always being set */ 7239 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 7240 goto nla_put_failure; 7241 7242 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 7243 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7244 NL80211_REGDOM_TYPE_WORLD)) 7245 goto nla_put_failure; 7246 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 7247 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7248 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 7249 goto nla_put_failure; 7250 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 7251 request->intersect) { 7252 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7253 NL80211_REGDOM_TYPE_INTERSECTION)) 7254 goto nla_put_failure; 7255 } else { 7256 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7257 NL80211_REGDOM_TYPE_COUNTRY) || 7258 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 7259 request->alpha2)) 7260 goto nla_put_failure; 7261 } 7262 7263 if (wiphy_idx_valid(request->wiphy_idx) && 7264 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 7265 goto nla_put_failure; 7266 7267 genlmsg_end(msg, hdr); 7268 7269 rcu_read_lock(); 7270 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7271 GFP_ATOMIC); 7272 rcu_read_unlock(); 7273 7274 return; 7275 7276 nla_put_failure: 7277 genlmsg_cancel(msg, hdr); 7278 nlmsg_free(msg); 7279 } 7280 7281 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 7282 struct net_device *netdev, 7283 const u8 *buf, size_t len, 7284 enum nl80211_commands cmd, gfp_t gfp) 7285 { 7286 struct sk_buff *msg; 7287 void *hdr; 7288 7289 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7290 if (!msg) 7291 return; 7292 7293 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7294 if (!hdr) { 7295 nlmsg_free(msg); 7296 return; 7297 } 7298 7299 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7300 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7301 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 7302 goto nla_put_failure; 7303 7304 genlmsg_end(msg, hdr); 7305 7306 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7307 nl80211_mlme_mcgrp.id, gfp); 7308 return; 7309 7310 nla_put_failure: 7311 genlmsg_cancel(msg, hdr); 7312 nlmsg_free(msg); 7313 } 7314 7315 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 7316 struct net_device *netdev, const u8 *buf, 7317 size_t len, gfp_t gfp) 7318 { 7319 nl80211_send_mlme_event(rdev, netdev, buf, len, 7320 NL80211_CMD_AUTHENTICATE, gfp); 7321 } 7322 7323 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 7324 struct net_device *netdev, const u8 *buf, 7325 size_t len, gfp_t gfp) 7326 { 7327 nl80211_send_mlme_event(rdev, netdev, buf, len, 7328 NL80211_CMD_ASSOCIATE, gfp); 7329 } 7330 7331 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 7332 struct net_device *netdev, const u8 *buf, 7333 size_t len, gfp_t gfp) 7334 { 7335 nl80211_send_mlme_event(rdev, netdev, buf, len, 7336 NL80211_CMD_DEAUTHENTICATE, gfp); 7337 } 7338 7339 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 7340 struct net_device *netdev, const u8 *buf, 7341 size_t len, gfp_t gfp) 7342 { 7343 nl80211_send_mlme_event(rdev, netdev, buf, len, 7344 NL80211_CMD_DISASSOCIATE, gfp); 7345 } 7346 7347 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 7348 struct net_device *netdev, const u8 *buf, 7349 size_t len, gfp_t gfp) 7350 { 7351 nl80211_send_mlme_event(rdev, netdev, buf, len, 7352 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 7353 } 7354 7355 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 7356 struct net_device *netdev, const u8 *buf, 7357 size_t len, gfp_t gfp) 7358 { 7359 nl80211_send_mlme_event(rdev, netdev, buf, len, 7360 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 7361 } 7362 7363 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 7364 struct net_device *netdev, int cmd, 7365 const u8 *addr, gfp_t gfp) 7366 { 7367 struct sk_buff *msg; 7368 void *hdr; 7369 7370 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7371 if (!msg) 7372 return; 7373 7374 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7375 if (!hdr) { 7376 nlmsg_free(msg); 7377 return; 7378 } 7379 7380 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7381 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7382 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 7383 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 7384 goto nla_put_failure; 7385 7386 genlmsg_end(msg, hdr); 7387 7388 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7389 nl80211_mlme_mcgrp.id, gfp); 7390 return; 7391 7392 nla_put_failure: 7393 genlmsg_cancel(msg, hdr); 7394 nlmsg_free(msg); 7395 } 7396 7397 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 7398 struct net_device *netdev, const u8 *addr, 7399 gfp_t gfp) 7400 { 7401 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 7402 addr, gfp); 7403 } 7404 7405 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 7406 struct net_device *netdev, const u8 *addr, 7407 gfp_t gfp) 7408 { 7409 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 7410 addr, gfp); 7411 } 7412 7413 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 7414 struct net_device *netdev, const u8 *bssid, 7415 const u8 *req_ie, size_t req_ie_len, 7416 const u8 *resp_ie, size_t resp_ie_len, 7417 u16 status, gfp_t gfp) 7418 { 7419 struct sk_buff *msg; 7420 void *hdr; 7421 7422 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7423 if (!msg) 7424 return; 7425 7426 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 7427 if (!hdr) { 7428 nlmsg_free(msg); 7429 return; 7430 } 7431 7432 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7433 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7434 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 7435 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 7436 (req_ie && 7437 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 7438 (resp_ie && 7439 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 7440 goto nla_put_failure; 7441 7442 genlmsg_end(msg, hdr); 7443 7444 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7445 nl80211_mlme_mcgrp.id, gfp); 7446 return; 7447 7448 nla_put_failure: 7449 genlmsg_cancel(msg, hdr); 7450 nlmsg_free(msg); 7451 7452 } 7453 7454 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 7455 struct net_device *netdev, const u8 *bssid, 7456 const u8 *req_ie, size_t req_ie_len, 7457 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 7458 { 7459 struct sk_buff *msg; 7460 void *hdr; 7461 7462 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7463 if (!msg) 7464 return; 7465 7466 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 7467 if (!hdr) { 7468 nlmsg_free(msg); 7469 return; 7470 } 7471 7472 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7473 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7474 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 7475 (req_ie && 7476 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 7477 (resp_ie && 7478 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 7479 goto nla_put_failure; 7480 7481 genlmsg_end(msg, hdr); 7482 7483 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7484 nl80211_mlme_mcgrp.id, gfp); 7485 return; 7486 7487 nla_put_failure: 7488 genlmsg_cancel(msg, hdr); 7489 nlmsg_free(msg); 7490 7491 } 7492 7493 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 7494 struct net_device *netdev, u16 reason, 7495 const u8 *ie, size_t ie_len, bool from_ap) 7496 { 7497 struct sk_buff *msg; 7498 void *hdr; 7499 7500 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7501 if (!msg) 7502 return; 7503 7504 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 7505 if (!hdr) { 7506 nlmsg_free(msg); 7507 return; 7508 } 7509 7510 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7511 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7512 (from_ap && reason && 7513 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 7514 (from_ap && 7515 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 7516 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 7517 goto nla_put_failure; 7518 7519 genlmsg_end(msg, hdr); 7520 7521 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7522 nl80211_mlme_mcgrp.id, GFP_KERNEL); 7523 return; 7524 7525 nla_put_failure: 7526 genlmsg_cancel(msg, hdr); 7527 nlmsg_free(msg); 7528 7529 } 7530 7531 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 7532 struct net_device *netdev, const u8 *bssid, 7533 gfp_t gfp) 7534 { 7535 struct sk_buff *msg; 7536 void *hdr; 7537 7538 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7539 if (!msg) 7540 return; 7541 7542 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 7543 if (!hdr) { 7544 nlmsg_free(msg); 7545 return; 7546 } 7547 7548 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7549 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7550 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 7551 goto nla_put_failure; 7552 7553 genlmsg_end(msg, hdr); 7554 7555 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7556 nl80211_mlme_mcgrp.id, gfp); 7557 return; 7558 7559 nla_put_failure: 7560 genlmsg_cancel(msg, hdr); 7561 nlmsg_free(msg); 7562 } 7563 7564 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 7565 struct net_device *netdev, 7566 const u8 *macaddr, const u8* ie, u8 ie_len, 7567 gfp_t gfp) 7568 { 7569 struct sk_buff *msg; 7570 void *hdr; 7571 7572 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7573 if (!msg) 7574 return; 7575 7576 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 7577 if (!hdr) { 7578 nlmsg_free(msg); 7579 return; 7580 } 7581 7582 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7583 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7584 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) || 7585 (ie_len && ie && 7586 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 7587 goto nla_put_failure; 7588 7589 genlmsg_end(msg, hdr); 7590 7591 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7592 nl80211_mlme_mcgrp.id, gfp); 7593 return; 7594 7595 nla_put_failure: 7596 genlmsg_cancel(msg, hdr); 7597 nlmsg_free(msg); 7598 } 7599 7600 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 7601 struct net_device *netdev, const u8 *addr, 7602 enum nl80211_key_type key_type, int key_id, 7603 const u8 *tsc, gfp_t gfp) 7604 { 7605 struct sk_buff *msg; 7606 void *hdr; 7607 7608 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7609 if (!msg) 7610 return; 7611 7612 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 7613 if (!hdr) { 7614 nlmsg_free(msg); 7615 return; 7616 } 7617 7618 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7619 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7620 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 7621 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 7622 (key_id != -1 && 7623 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 7624 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 7625 goto nla_put_failure; 7626 7627 genlmsg_end(msg, hdr); 7628 7629 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7630 nl80211_mlme_mcgrp.id, gfp); 7631 return; 7632 7633 nla_put_failure: 7634 genlmsg_cancel(msg, hdr); 7635 nlmsg_free(msg); 7636 } 7637 7638 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 7639 struct ieee80211_channel *channel_before, 7640 struct ieee80211_channel *channel_after) 7641 { 7642 struct sk_buff *msg; 7643 void *hdr; 7644 struct nlattr *nl_freq; 7645 7646 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 7647 if (!msg) 7648 return; 7649 7650 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 7651 if (!hdr) { 7652 nlmsg_free(msg); 7653 return; 7654 } 7655 7656 /* 7657 * Since we are applying the beacon hint to a wiphy we know its 7658 * wiphy_idx is valid 7659 */ 7660 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 7661 goto nla_put_failure; 7662 7663 /* Before */ 7664 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 7665 if (!nl_freq) 7666 goto nla_put_failure; 7667 if (nl80211_msg_put_channel(msg, channel_before)) 7668 goto nla_put_failure; 7669 nla_nest_end(msg, nl_freq); 7670 7671 /* After */ 7672 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 7673 if (!nl_freq) 7674 goto nla_put_failure; 7675 if (nl80211_msg_put_channel(msg, channel_after)) 7676 goto nla_put_failure; 7677 nla_nest_end(msg, nl_freq); 7678 7679 genlmsg_end(msg, hdr); 7680 7681 rcu_read_lock(); 7682 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7683 GFP_ATOMIC); 7684 rcu_read_unlock(); 7685 7686 return; 7687 7688 nla_put_failure: 7689 genlmsg_cancel(msg, hdr); 7690 nlmsg_free(msg); 7691 } 7692 7693 static void nl80211_send_remain_on_chan_event( 7694 int cmd, struct cfg80211_registered_device *rdev, 7695 struct net_device *netdev, u64 cookie, 7696 struct ieee80211_channel *chan, 7697 enum nl80211_channel_type channel_type, 7698 unsigned int duration, gfp_t gfp) 7699 { 7700 struct sk_buff *msg; 7701 void *hdr; 7702 7703 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7704 if (!msg) 7705 return; 7706 7707 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7708 if (!hdr) { 7709 nlmsg_free(msg); 7710 return; 7711 } 7712 7713 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7714 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7715 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 7716 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) || 7717 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 7718 goto nla_put_failure; 7719 7720 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 7721 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 7722 goto nla_put_failure; 7723 7724 genlmsg_end(msg, hdr); 7725 7726 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7727 nl80211_mlme_mcgrp.id, gfp); 7728 return; 7729 7730 nla_put_failure: 7731 genlmsg_cancel(msg, hdr); 7732 nlmsg_free(msg); 7733 } 7734 7735 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 7736 struct net_device *netdev, u64 cookie, 7737 struct ieee80211_channel *chan, 7738 enum nl80211_channel_type channel_type, 7739 unsigned int duration, gfp_t gfp) 7740 { 7741 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 7742 rdev, netdev, cookie, chan, 7743 channel_type, duration, gfp); 7744 } 7745 7746 void nl80211_send_remain_on_channel_cancel( 7747 struct cfg80211_registered_device *rdev, struct net_device *netdev, 7748 u64 cookie, struct ieee80211_channel *chan, 7749 enum nl80211_channel_type channel_type, gfp_t gfp) 7750 { 7751 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 7752 rdev, netdev, cookie, chan, 7753 channel_type, 0, gfp); 7754 } 7755 7756 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 7757 struct net_device *dev, const u8 *mac_addr, 7758 struct station_info *sinfo, gfp_t gfp) 7759 { 7760 struct sk_buff *msg; 7761 7762 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7763 if (!msg) 7764 return; 7765 7766 if (nl80211_send_station(msg, 0, 0, 0, 7767 rdev, dev, mac_addr, sinfo) < 0) { 7768 nlmsg_free(msg); 7769 return; 7770 } 7771 7772 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7773 nl80211_mlme_mcgrp.id, gfp); 7774 } 7775 7776 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 7777 struct net_device *dev, const u8 *mac_addr, 7778 gfp_t gfp) 7779 { 7780 struct sk_buff *msg; 7781 void *hdr; 7782 7783 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7784 if (!msg) 7785 return; 7786 7787 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 7788 if (!hdr) { 7789 nlmsg_free(msg); 7790 return; 7791 } 7792 7793 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7794 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 7795 goto nla_put_failure; 7796 7797 genlmsg_end(msg, hdr); 7798 7799 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7800 nl80211_mlme_mcgrp.id, gfp); 7801 return; 7802 7803 nla_put_failure: 7804 genlmsg_cancel(msg, hdr); 7805 nlmsg_free(msg); 7806 } 7807 7808 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 7809 const u8 *addr, gfp_t gfp) 7810 { 7811 struct wireless_dev *wdev = dev->ieee80211_ptr; 7812 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 7813 struct sk_buff *msg; 7814 void *hdr; 7815 int err; 7816 u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid); 7817 7818 if (!nlpid) 7819 return false; 7820 7821 msg = nlmsg_new(100, gfp); 7822 if (!msg) 7823 return true; 7824 7825 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7826 if (!hdr) { 7827 nlmsg_free(msg); 7828 return true; 7829 } 7830 7831 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7832 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7833 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 7834 goto nla_put_failure; 7835 7836 err = genlmsg_end(msg, hdr); 7837 if (err < 0) { 7838 nlmsg_free(msg); 7839 return true; 7840 } 7841 7842 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7843 return true; 7844 7845 nla_put_failure: 7846 genlmsg_cancel(msg, hdr); 7847 nlmsg_free(msg); 7848 return true; 7849 } 7850 7851 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 7852 { 7853 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 7854 addr, gfp); 7855 } 7856 7857 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 7858 const u8 *addr, gfp_t gfp) 7859 { 7860 return __nl80211_unexpected_frame(dev, 7861 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 7862 addr, gfp); 7863 } 7864 7865 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 7866 struct net_device *netdev, u32 nlpid, 7867 int freq, int sig_dbm, 7868 const u8 *buf, size_t len, gfp_t gfp) 7869 { 7870 struct sk_buff *msg; 7871 void *hdr; 7872 7873 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7874 if (!msg) 7875 return -ENOMEM; 7876 7877 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 7878 if (!hdr) { 7879 nlmsg_free(msg); 7880 return -ENOMEM; 7881 } 7882 7883 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7884 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7885 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 7886 (sig_dbm && 7887 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 7888 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 7889 goto nla_put_failure; 7890 7891 genlmsg_end(msg, hdr); 7892 7893 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7894 7895 nla_put_failure: 7896 genlmsg_cancel(msg, hdr); 7897 nlmsg_free(msg); 7898 return -ENOBUFS; 7899 } 7900 7901 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 7902 struct net_device *netdev, u64 cookie, 7903 const u8 *buf, size_t len, bool ack, 7904 gfp_t gfp) 7905 { 7906 struct sk_buff *msg; 7907 void *hdr; 7908 7909 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7910 if (!msg) 7911 return; 7912 7913 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 7914 if (!hdr) { 7915 nlmsg_free(msg); 7916 return; 7917 } 7918 7919 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7920 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7921 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 7922 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 7923 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 7924 goto nla_put_failure; 7925 7926 genlmsg_end(msg, hdr); 7927 7928 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 7929 return; 7930 7931 nla_put_failure: 7932 genlmsg_cancel(msg, hdr); 7933 nlmsg_free(msg); 7934 } 7935 7936 void 7937 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 7938 struct net_device *netdev, 7939 enum nl80211_cqm_rssi_threshold_event rssi_event, 7940 gfp_t gfp) 7941 { 7942 struct sk_buff *msg; 7943 struct nlattr *pinfoattr; 7944 void *hdr; 7945 7946 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7947 if (!msg) 7948 return; 7949 7950 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 7951 if (!hdr) { 7952 nlmsg_free(msg); 7953 return; 7954 } 7955 7956 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7957 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7958 goto nla_put_failure; 7959 7960 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 7961 if (!pinfoattr) 7962 goto nla_put_failure; 7963 7964 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 7965 rssi_event)) 7966 goto nla_put_failure; 7967 7968 nla_nest_end(msg, pinfoattr); 7969 7970 genlmsg_end(msg, hdr); 7971 7972 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7973 nl80211_mlme_mcgrp.id, gfp); 7974 return; 7975 7976 nla_put_failure: 7977 genlmsg_cancel(msg, hdr); 7978 nlmsg_free(msg); 7979 } 7980 7981 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 7982 struct net_device *netdev, const u8 *bssid, 7983 const u8 *replay_ctr, gfp_t gfp) 7984 { 7985 struct sk_buff *msg; 7986 struct nlattr *rekey_attr; 7987 void *hdr; 7988 7989 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7990 if (!msg) 7991 return; 7992 7993 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 7994 if (!hdr) { 7995 nlmsg_free(msg); 7996 return; 7997 } 7998 7999 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8000 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8001 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 8002 goto nla_put_failure; 8003 8004 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 8005 if (!rekey_attr) 8006 goto nla_put_failure; 8007 8008 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 8009 NL80211_REPLAY_CTR_LEN, replay_ctr)) 8010 goto nla_put_failure; 8011 8012 nla_nest_end(msg, rekey_attr); 8013 8014 genlmsg_end(msg, hdr); 8015 8016 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8017 nl80211_mlme_mcgrp.id, gfp); 8018 return; 8019 8020 nla_put_failure: 8021 genlmsg_cancel(msg, hdr); 8022 nlmsg_free(msg); 8023 } 8024 8025 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 8026 struct net_device *netdev, int index, 8027 const u8 *bssid, bool preauth, gfp_t gfp) 8028 { 8029 struct sk_buff *msg; 8030 struct nlattr *attr; 8031 void *hdr; 8032 8033 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8034 if (!msg) 8035 return; 8036 8037 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 8038 if (!hdr) { 8039 nlmsg_free(msg); 8040 return; 8041 } 8042 8043 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8044 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8045 goto nla_put_failure; 8046 8047 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 8048 if (!attr) 8049 goto nla_put_failure; 8050 8051 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 8052 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 8053 (preauth && 8054 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 8055 goto nla_put_failure; 8056 8057 nla_nest_end(msg, attr); 8058 8059 genlmsg_end(msg, hdr); 8060 8061 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8062 nl80211_mlme_mcgrp.id, gfp); 8063 return; 8064 8065 nla_put_failure: 8066 genlmsg_cancel(msg, hdr); 8067 nlmsg_free(msg); 8068 } 8069 8070 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 8071 struct net_device *netdev, int freq, 8072 enum nl80211_channel_type type, gfp_t gfp) 8073 { 8074 struct sk_buff *msg; 8075 void *hdr; 8076 8077 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8078 if (!msg) 8079 return; 8080 8081 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 8082 if (!hdr) { 8083 nlmsg_free(msg); 8084 return; 8085 } 8086 8087 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8088 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8089 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, type)) 8090 goto nla_put_failure; 8091 8092 genlmsg_end(msg, hdr); 8093 8094 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8095 nl80211_mlme_mcgrp.id, gfp); 8096 return; 8097 8098 nla_put_failure: 8099 genlmsg_cancel(msg, hdr); 8100 nlmsg_free(msg); 8101 } 8102 8103 void 8104 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 8105 struct net_device *netdev, const u8 *peer, 8106 u32 num_packets, gfp_t gfp) 8107 { 8108 struct sk_buff *msg; 8109 struct nlattr *pinfoattr; 8110 void *hdr; 8111 8112 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8113 if (!msg) 8114 return; 8115 8116 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8117 if (!hdr) { 8118 nlmsg_free(msg); 8119 return; 8120 } 8121 8122 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8123 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8124 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 8125 goto nla_put_failure; 8126 8127 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8128 if (!pinfoattr) 8129 goto nla_put_failure; 8130 8131 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 8132 goto nla_put_failure; 8133 8134 nla_nest_end(msg, pinfoattr); 8135 8136 genlmsg_end(msg, hdr); 8137 8138 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8139 nl80211_mlme_mcgrp.id, gfp); 8140 return; 8141 8142 nla_put_failure: 8143 genlmsg_cancel(msg, hdr); 8144 nlmsg_free(msg); 8145 } 8146 8147 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 8148 u64 cookie, bool acked, gfp_t gfp) 8149 { 8150 struct wireless_dev *wdev = dev->ieee80211_ptr; 8151 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 8152 struct sk_buff *msg; 8153 void *hdr; 8154 int err; 8155 8156 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8157 if (!msg) 8158 return; 8159 8160 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 8161 if (!hdr) { 8162 nlmsg_free(msg); 8163 return; 8164 } 8165 8166 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8167 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8168 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 8169 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8170 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 8171 goto nla_put_failure; 8172 8173 err = genlmsg_end(msg, hdr); 8174 if (err < 0) { 8175 nlmsg_free(msg); 8176 return; 8177 } 8178 8179 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8180 nl80211_mlme_mcgrp.id, gfp); 8181 return; 8182 8183 nla_put_failure: 8184 genlmsg_cancel(msg, hdr); 8185 nlmsg_free(msg); 8186 } 8187 EXPORT_SYMBOL(cfg80211_probe_status); 8188 8189 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 8190 const u8 *frame, size_t len, 8191 int freq, int sig_dbm, gfp_t gfp) 8192 { 8193 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 8194 struct sk_buff *msg; 8195 void *hdr; 8196 u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid); 8197 8198 if (!nlpid) 8199 return; 8200 8201 msg = nlmsg_new(len + 100, gfp); 8202 if (!msg) 8203 return; 8204 8205 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8206 if (!hdr) { 8207 nlmsg_free(msg); 8208 return; 8209 } 8210 8211 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8212 (freq && 8213 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 8214 (sig_dbm && 8215 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8216 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 8217 goto nla_put_failure; 8218 8219 genlmsg_end(msg, hdr); 8220 8221 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 8222 return; 8223 8224 nla_put_failure: 8225 genlmsg_cancel(msg, hdr); 8226 nlmsg_free(msg); 8227 } 8228 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 8229 8230 static int nl80211_netlink_notify(struct notifier_block * nb, 8231 unsigned long state, 8232 void *_notify) 8233 { 8234 struct netlink_notify *notify = _notify; 8235 struct cfg80211_registered_device *rdev; 8236 struct wireless_dev *wdev; 8237 8238 if (state != NETLINK_URELEASE) 8239 return NOTIFY_DONE; 8240 8241 rcu_read_lock(); 8242 8243 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8244 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 8245 cfg80211_mlme_unregister_socket(wdev, notify->pid); 8246 if (rdev->ap_beacons_nlpid == notify->pid) 8247 rdev->ap_beacons_nlpid = 0; 8248 } 8249 8250 rcu_read_unlock(); 8251 8252 return NOTIFY_DONE; 8253 } 8254 8255 static struct notifier_block nl80211_netlink_notifier = { 8256 .notifier_call = nl80211_netlink_notify, 8257 }; 8258 8259 /* initialisation/exit functions */ 8260 8261 int nl80211_init(void) 8262 { 8263 int err; 8264 8265 err = genl_register_family_with_ops(&nl80211_fam, 8266 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 8267 if (err) 8268 return err; 8269 8270 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 8271 if (err) 8272 goto err_out; 8273 8274 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 8275 if (err) 8276 goto err_out; 8277 8278 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 8279 if (err) 8280 goto err_out; 8281 8282 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 8283 if (err) 8284 goto err_out; 8285 8286 #ifdef CONFIG_NL80211_TESTMODE 8287 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 8288 if (err) 8289 goto err_out; 8290 #endif 8291 8292 err = netlink_register_notifier(&nl80211_netlink_notifier); 8293 if (err) 8294 goto err_out; 8295 8296 return 0; 8297 err_out: 8298 genl_unregister_family(&nl80211_fam); 8299 return err; 8300 } 8301 8302 void nl80211_exit(void) 8303 { 8304 netlink_unregister_notifier(&nl80211_netlink_notifier); 8305 genl_unregister_family(&nl80211_fam); 8306 } 8307