1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type); 27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 28 struct genl_info *info, 29 struct cfg80211_crypto_settings *settings, 30 int cipher_limit); 31 32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 33 struct genl_info *info); 34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 35 struct genl_info *info); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam = { 39 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 40 .name = "nl80211", /* have users key off the name instead */ 41 .hdrsize = 0, /* no private header */ 42 .version = 1, /* no particular meaning now */ 43 .maxattr = NL80211_ATTR_MAX, 44 .netnsok = true, 45 .pre_doit = nl80211_pre_doit, 46 .post_doit = nl80211_post_doit, 47 }; 48 49 /* returns ERR_PTR values */ 50 static struct wireless_dev * 51 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 52 { 53 struct cfg80211_registered_device *rdev; 54 struct wireless_dev *result = NULL; 55 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 56 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 57 u64 wdev_id; 58 int wiphy_idx = -1; 59 int ifidx = -1; 60 61 assert_cfg80211_lock(); 62 63 if (!have_ifidx && !have_wdev_id) 64 return ERR_PTR(-EINVAL); 65 66 if (have_ifidx) 67 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 68 if (have_wdev_id) { 69 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 70 wiphy_idx = wdev_id >> 32; 71 } 72 73 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 74 struct wireless_dev *wdev; 75 76 if (wiphy_net(&rdev->wiphy) != netns) 77 continue; 78 79 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 80 continue; 81 82 mutex_lock(&rdev->devlist_mtx); 83 list_for_each_entry(wdev, &rdev->wdev_list, list) { 84 if (have_ifidx && wdev->netdev && 85 wdev->netdev->ifindex == ifidx) { 86 result = wdev; 87 break; 88 } 89 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 90 result = wdev; 91 break; 92 } 93 } 94 mutex_unlock(&rdev->devlist_mtx); 95 96 if (result) 97 break; 98 } 99 100 if (result) 101 return result; 102 return ERR_PTR(-ENODEV); 103 } 104 105 static struct cfg80211_registered_device * 106 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 107 { 108 struct cfg80211_registered_device *rdev = NULL, *tmp; 109 struct net_device *netdev; 110 111 assert_cfg80211_lock(); 112 113 if (!attrs[NL80211_ATTR_WIPHY] && 114 !attrs[NL80211_ATTR_IFINDEX] && 115 !attrs[NL80211_ATTR_WDEV]) 116 return ERR_PTR(-EINVAL); 117 118 if (attrs[NL80211_ATTR_WIPHY]) 119 rdev = cfg80211_rdev_by_wiphy_idx( 120 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 121 122 if (attrs[NL80211_ATTR_WDEV]) { 123 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 124 struct wireless_dev *wdev; 125 bool found = false; 126 127 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 128 if (tmp) { 129 /* make sure wdev exists */ 130 mutex_lock(&tmp->devlist_mtx); 131 list_for_each_entry(wdev, &tmp->wdev_list, list) { 132 if (wdev->identifier != (u32)wdev_id) 133 continue; 134 found = true; 135 break; 136 } 137 mutex_unlock(&tmp->devlist_mtx); 138 139 if (!found) 140 tmp = NULL; 141 142 if (rdev && tmp != rdev) 143 return ERR_PTR(-EINVAL); 144 rdev = tmp; 145 } 146 } 147 148 if (attrs[NL80211_ATTR_IFINDEX]) { 149 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 150 netdev = dev_get_by_index(netns, ifindex); 151 if (netdev) { 152 if (netdev->ieee80211_ptr) 153 tmp = wiphy_to_dev( 154 netdev->ieee80211_ptr->wiphy); 155 else 156 tmp = NULL; 157 158 dev_put(netdev); 159 160 /* not wireless device -- return error */ 161 if (!tmp) 162 return ERR_PTR(-EINVAL); 163 164 /* mismatch -- return error */ 165 if (rdev && tmp != rdev) 166 return ERR_PTR(-EINVAL); 167 168 rdev = tmp; 169 } 170 } 171 172 if (!rdev) 173 return ERR_PTR(-ENODEV); 174 175 if (netns != wiphy_net(&rdev->wiphy)) 176 return ERR_PTR(-ENODEV); 177 178 return rdev; 179 } 180 181 /* 182 * This function returns a pointer to the driver 183 * that the genl_info item that is passed refers to. 184 * If successful, it returns non-NULL and also locks 185 * the driver's mutex! 186 * 187 * This means that you need to call cfg80211_unlock_rdev() 188 * before being allowed to acquire &cfg80211_mutex! 189 * 190 * This is necessary because we need to lock the global 191 * mutex to get an item off the list safely, and then 192 * we lock the rdev mutex so it doesn't go away under us. 193 * 194 * We don't want to keep cfg80211_mutex locked 195 * for all the time in order to allow requests on 196 * other interfaces to go through at the same time. 197 * 198 * The result of this can be a PTR_ERR and hence must 199 * be checked with IS_ERR() for errors. 200 */ 201 static struct cfg80211_registered_device * 202 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 203 { 204 struct cfg80211_registered_device *rdev; 205 206 mutex_lock(&cfg80211_mutex); 207 rdev = __cfg80211_rdev_from_attrs(netns, info->attrs); 208 209 /* if it is not an error we grab the lock on 210 * it to assure it won't be going away while 211 * we operate on it */ 212 if (!IS_ERR(rdev)) 213 mutex_lock(&rdev->mtx); 214 215 mutex_unlock(&cfg80211_mutex); 216 217 return rdev; 218 } 219 220 /* policy for the attributes */ 221 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 222 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 223 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 224 .len = 20-1 }, 225 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 226 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 227 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 228 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 229 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 230 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 231 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 232 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 233 234 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 235 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 236 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 237 238 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 239 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 240 241 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 242 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 243 .len = WLAN_MAX_KEY_LEN }, 244 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 245 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 246 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 247 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 248 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 249 250 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 251 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 252 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 253 .len = IEEE80211_MAX_DATA_LEN }, 254 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 255 .len = IEEE80211_MAX_DATA_LEN }, 256 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 257 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 258 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 259 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 260 .len = NL80211_MAX_SUPP_RATES }, 261 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 262 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 263 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 264 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 265 .len = IEEE80211_MAX_MESH_ID_LEN }, 266 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 267 268 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 269 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 270 271 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 272 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 273 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 274 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 275 .len = NL80211_MAX_SUPP_RATES }, 276 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 277 278 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 279 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 280 281 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 282 283 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 284 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 285 .len = IEEE80211_MAX_DATA_LEN }, 286 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 287 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 288 289 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 290 .len = IEEE80211_MAX_SSID_LEN }, 291 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 292 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 293 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 294 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 295 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 296 [NL80211_ATTR_STA_FLAGS2] = { 297 .len = sizeof(struct nl80211_sta_flag_update), 298 }, 299 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 300 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 301 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 302 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 303 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 304 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 305 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 306 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 307 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 308 .len = WLAN_PMKID_LEN }, 309 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 310 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 311 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 312 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 313 .len = IEEE80211_MAX_DATA_LEN }, 314 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 315 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 316 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 317 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 318 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 319 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 320 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 321 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 322 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 323 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 324 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 325 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 326 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 327 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 328 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 329 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 330 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 331 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 332 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 333 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 334 .len = IEEE80211_MAX_DATA_LEN }, 335 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 336 .len = IEEE80211_MAX_DATA_LEN }, 337 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 338 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 339 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 340 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 341 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 342 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 343 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 344 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 345 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 346 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 347 .len = IEEE80211_MAX_DATA_LEN }, 348 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 349 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 350 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 351 .len = NL80211_HT_CAPABILITY_LEN 352 }, 353 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 354 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 355 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 356 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 357 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 358 }; 359 360 /* policy for the key attributes */ 361 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 362 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 363 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 364 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 365 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 366 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 367 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 368 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 369 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 370 }; 371 372 /* policy for the key default flags */ 373 static const struct nla_policy 374 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 375 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 376 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 377 }; 378 379 /* policy for WoWLAN attributes */ 380 static const struct nla_policy 381 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 382 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 383 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 384 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 385 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 386 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 387 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 388 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 389 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 390 }; 391 392 /* policy for GTK rekey offload attributes */ 393 static const struct nla_policy 394 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 395 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 396 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 397 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 398 }; 399 400 static const struct nla_policy 401 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 402 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 403 .len = IEEE80211_MAX_SSID_LEN }, 404 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 405 }; 406 407 /* ifidx get helper */ 408 static int nl80211_get_ifidx(struct netlink_callback *cb) 409 { 410 int res; 411 412 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 413 nl80211_fam.attrbuf, nl80211_fam.maxattr, 414 nl80211_policy); 415 if (res) 416 return res; 417 418 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 419 return -EINVAL; 420 421 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 422 if (!res) 423 return -EINVAL; 424 return res; 425 } 426 427 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 428 struct netlink_callback *cb, 429 struct cfg80211_registered_device **rdev, 430 struct net_device **dev) 431 { 432 int ifidx = cb->args[0]; 433 int err; 434 435 if (!ifidx) 436 ifidx = nl80211_get_ifidx(cb); 437 if (ifidx < 0) 438 return ifidx; 439 440 cb->args[0] = ifidx; 441 442 rtnl_lock(); 443 444 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 445 if (!*dev) { 446 err = -ENODEV; 447 goto out_rtnl; 448 } 449 450 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 451 if (IS_ERR(*rdev)) { 452 err = PTR_ERR(*rdev); 453 goto out_rtnl; 454 } 455 456 return 0; 457 out_rtnl: 458 rtnl_unlock(); 459 return err; 460 } 461 462 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 463 { 464 cfg80211_unlock_rdev(rdev); 465 rtnl_unlock(); 466 } 467 468 /* IE validation */ 469 static bool is_valid_ie_attr(const struct nlattr *attr) 470 { 471 const u8 *pos; 472 int len; 473 474 if (!attr) 475 return true; 476 477 pos = nla_data(attr); 478 len = nla_len(attr); 479 480 while (len) { 481 u8 elemlen; 482 483 if (len < 2) 484 return false; 485 len -= 2; 486 487 elemlen = pos[1]; 488 if (elemlen > len) 489 return false; 490 491 len -= elemlen; 492 pos += 2 + elemlen; 493 } 494 495 return true; 496 } 497 498 /* message building helper */ 499 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 500 int flags, u8 cmd) 501 { 502 /* since there is no private header just add the generic one */ 503 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 504 } 505 506 static int nl80211_msg_put_channel(struct sk_buff *msg, 507 struct ieee80211_channel *chan) 508 { 509 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 510 chan->center_freq)) 511 goto nla_put_failure; 512 513 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 514 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 515 goto nla_put_failure; 516 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 517 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 518 goto nla_put_failure; 519 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 520 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 521 goto nla_put_failure; 522 if ((chan->flags & IEEE80211_CHAN_RADAR) && 523 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 524 goto nla_put_failure; 525 526 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 527 DBM_TO_MBM(chan->max_power))) 528 goto nla_put_failure; 529 530 return 0; 531 532 nla_put_failure: 533 return -ENOBUFS; 534 } 535 536 /* netlink command implementations */ 537 538 struct key_parse { 539 struct key_params p; 540 int idx; 541 int type; 542 bool def, defmgmt; 543 bool def_uni, def_multi; 544 }; 545 546 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 547 { 548 struct nlattr *tb[NL80211_KEY_MAX + 1]; 549 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 550 nl80211_key_policy); 551 if (err) 552 return err; 553 554 k->def = !!tb[NL80211_KEY_DEFAULT]; 555 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 556 557 if (k->def) { 558 k->def_uni = true; 559 k->def_multi = true; 560 } 561 if (k->defmgmt) 562 k->def_multi = true; 563 564 if (tb[NL80211_KEY_IDX]) 565 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 566 567 if (tb[NL80211_KEY_DATA]) { 568 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 569 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 570 } 571 572 if (tb[NL80211_KEY_SEQ]) { 573 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 574 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 575 } 576 577 if (tb[NL80211_KEY_CIPHER]) 578 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 579 580 if (tb[NL80211_KEY_TYPE]) { 581 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 582 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 583 return -EINVAL; 584 } 585 586 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 587 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 588 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 589 tb[NL80211_KEY_DEFAULT_TYPES], 590 nl80211_key_default_policy); 591 if (err) 592 return err; 593 594 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 595 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 596 } 597 598 return 0; 599 } 600 601 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 602 { 603 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 604 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 605 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 606 } 607 608 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 609 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 610 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 611 } 612 613 if (info->attrs[NL80211_ATTR_KEY_IDX]) 614 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 615 616 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 617 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 618 619 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 620 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 621 622 if (k->def) { 623 k->def_uni = true; 624 k->def_multi = true; 625 } 626 if (k->defmgmt) 627 k->def_multi = true; 628 629 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 630 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 631 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 632 return -EINVAL; 633 } 634 635 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 636 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 637 int err = nla_parse_nested( 638 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 639 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 640 nl80211_key_default_policy); 641 if (err) 642 return err; 643 644 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 645 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 646 } 647 648 return 0; 649 } 650 651 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 652 { 653 int err; 654 655 memset(k, 0, sizeof(*k)); 656 k->idx = -1; 657 k->type = -1; 658 659 if (info->attrs[NL80211_ATTR_KEY]) 660 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 661 else 662 err = nl80211_parse_key_old(info, k); 663 664 if (err) 665 return err; 666 667 if (k->def && k->defmgmt) 668 return -EINVAL; 669 670 if (k->defmgmt) { 671 if (k->def_uni || !k->def_multi) 672 return -EINVAL; 673 } 674 675 if (k->idx != -1) { 676 if (k->defmgmt) { 677 if (k->idx < 4 || k->idx > 5) 678 return -EINVAL; 679 } else if (k->def) { 680 if (k->idx < 0 || k->idx > 3) 681 return -EINVAL; 682 } else { 683 if (k->idx < 0 || k->idx > 5) 684 return -EINVAL; 685 } 686 } 687 688 return 0; 689 } 690 691 static struct cfg80211_cached_keys * 692 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 693 struct nlattr *keys) 694 { 695 struct key_parse parse; 696 struct nlattr *key; 697 struct cfg80211_cached_keys *result; 698 int rem, err, def = 0; 699 700 result = kzalloc(sizeof(*result), GFP_KERNEL); 701 if (!result) 702 return ERR_PTR(-ENOMEM); 703 704 result->def = -1; 705 result->defmgmt = -1; 706 707 nla_for_each_nested(key, keys, rem) { 708 memset(&parse, 0, sizeof(parse)); 709 parse.idx = -1; 710 711 err = nl80211_parse_key_new(key, &parse); 712 if (err) 713 goto error; 714 err = -EINVAL; 715 if (!parse.p.key) 716 goto error; 717 if (parse.idx < 0 || parse.idx > 4) 718 goto error; 719 if (parse.def) { 720 if (def) 721 goto error; 722 def = 1; 723 result->def = parse.idx; 724 if (!parse.def_uni || !parse.def_multi) 725 goto error; 726 } else if (parse.defmgmt) 727 goto error; 728 err = cfg80211_validate_key_settings(rdev, &parse.p, 729 parse.idx, false, NULL); 730 if (err) 731 goto error; 732 result->params[parse.idx].cipher = parse.p.cipher; 733 result->params[parse.idx].key_len = parse.p.key_len; 734 result->params[parse.idx].key = result->data[parse.idx]; 735 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 736 } 737 738 return result; 739 error: 740 kfree(result); 741 return ERR_PTR(err); 742 } 743 744 static int nl80211_key_allowed(struct wireless_dev *wdev) 745 { 746 ASSERT_WDEV_LOCK(wdev); 747 748 switch (wdev->iftype) { 749 case NL80211_IFTYPE_AP: 750 case NL80211_IFTYPE_AP_VLAN: 751 case NL80211_IFTYPE_P2P_GO: 752 case NL80211_IFTYPE_MESH_POINT: 753 break; 754 case NL80211_IFTYPE_ADHOC: 755 if (!wdev->current_bss) 756 return -ENOLINK; 757 break; 758 case NL80211_IFTYPE_STATION: 759 case NL80211_IFTYPE_P2P_CLIENT: 760 if (wdev->sme_state != CFG80211_SME_CONNECTED) 761 return -ENOLINK; 762 break; 763 default: 764 return -EINVAL; 765 } 766 767 return 0; 768 } 769 770 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 771 { 772 struct nlattr *nl_modes = nla_nest_start(msg, attr); 773 int i; 774 775 if (!nl_modes) 776 goto nla_put_failure; 777 778 i = 0; 779 while (ifmodes) { 780 if ((ifmodes & 1) && nla_put_flag(msg, i)) 781 goto nla_put_failure; 782 ifmodes >>= 1; 783 i++; 784 } 785 786 nla_nest_end(msg, nl_modes); 787 return 0; 788 789 nla_put_failure: 790 return -ENOBUFS; 791 } 792 793 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 794 struct sk_buff *msg) 795 { 796 struct nlattr *nl_combis; 797 int i, j; 798 799 nl_combis = nla_nest_start(msg, 800 NL80211_ATTR_INTERFACE_COMBINATIONS); 801 if (!nl_combis) 802 goto nla_put_failure; 803 804 for (i = 0; i < wiphy->n_iface_combinations; i++) { 805 const struct ieee80211_iface_combination *c; 806 struct nlattr *nl_combi, *nl_limits; 807 808 c = &wiphy->iface_combinations[i]; 809 810 nl_combi = nla_nest_start(msg, i + 1); 811 if (!nl_combi) 812 goto nla_put_failure; 813 814 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 815 if (!nl_limits) 816 goto nla_put_failure; 817 818 for (j = 0; j < c->n_limits; j++) { 819 struct nlattr *nl_limit; 820 821 nl_limit = nla_nest_start(msg, j + 1); 822 if (!nl_limit) 823 goto nla_put_failure; 824 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 825 c->limits[j].max)) 826 goto nla_put_failure; 827 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 828 c->limits[j].types)) 829 goto nla_put_failure; 830 nla_nest_end(msg, nl_limit); 831 } 832 833 nla_nest_end(msg, nl_limits); 834 835 if (c->beacon_int_infra_match && 836 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 837 goto nla_put_failure; 838 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 839 c->num_different_channels) || 840 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 841 c->max_interfaces)) 842 goto nla_put_failure; 843 844 nla_nest_end(msg, nl_combi); 845 } 846 847 nla_nest_end(msg, nl_combis); 848 849 return 0; 850 nla_put_failure: 851 return -ENOBUFS; 852 } 853 854 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 855 struct cfg80211_registered_device *dev) 856 { 857 void *hdr; 858 struct nlattr *nl_bands, *nl_band; 859 struct nlattr *nl_freqs, *nl_freq; 860 struct nlattr *nl_rates, *nl_rate; 861 struct nlattr *nl_cmds; 862 enum ieee80211_band band; 863 struct ieee80211_channel *chan; 864 struct ieee80211_rate *rate; 865 int i; 866 const struct ieee80211_txrx_stypes *mgmt_stypes = 867 dev->wiphy.mgmt_stypes; 868 869 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 870 if (!hdr) 871 return -1; 872 873 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 874 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) || 875 nla_put_u32(msg, NL80211_ATTR_GENERATION, 876 cfg80211_rdev_list_generation) || 877 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 878 dev->wiphy.retry_short) || 879 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 880 dev->wiphy.retry_long) || 881 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 882 dev->wiphy.frag_threshold) || 883 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 884 dev->wiphy.rts_threshold) || 885 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 886 dev->wiphy.coverage_class) || 887 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 888 dev->wiphy.max_scan_ssids) || 889 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 890 dev->wiphy.max_sched_scan_ssids) || 891 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 892 dev->wiphy.max_scan_ie_len) || 893 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 894 dev->wiphy.max_sched_scan_ie_len) || 895 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 896 dev->wiphy.max_match_sets)) 897 goto nla_put_failure; 898 899 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 900 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 901 goto nla_put_failure; 902 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 903 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 904 goto nla_put_failure; 905 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 906 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 907 goto nla_put_failure; 908 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 909 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 910 goto nla_put_failure; 911 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 912 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 913 goto nla_put_failure; 914 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 915 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 916 goto nla_put_failure; 917 918 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 919 sizeof(u32) * dev->wiphy.n_cipher_suites, 920 dev->wiphy.cipher_suites)) 921 goto nla_put_failure; 922 923 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 924 dev->wiphy.max_num_pmkids)) 925 goto nla_put_failure; 926 927 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 928 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 929 goto nla_put_failure; 930 931 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 932 dev->wiphy.available_antennas_tx) || 933 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 934 dev->wiphy.available_antennas_rx)) 935 goto nla_put_failure; 936 937 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 938 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 939 dev->wiphy.probe_resp_offload)) 940 goto nla_put_failure; 941 942 if ((dev->wiphy.available_antennas_tx || 943 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 944 u32 tx_ant = 0, rx_ant = 0; 945 int res; 946 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant); 947 if (!res) { 948 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, 949 tx_ant) || 950 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, 951 rx_ant)) 952 goto nla_put_failure; 953 } 954 } 955 956 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 957 dev->wiphy.interface_modes)) 958 goto nla_put_failure; 959 960 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 961 if (!nl_bands) 962 goto nla_put_failure; 963 964 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 965 if (!dev->wiphy.bands[band]) 966 continue; 967 968 nl_band = nla_nest_start(msg, band); 969 if (!nl_band) 970 goto nla_put_failure; 971 972 /* add HT info */ 973 if (dev->wiphy.bands[band]->ht_cap.ht_supported && 974 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 975 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 976 &dev->wiphy.bands[band]->ht_cap.mcs) || 977 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 978 dev->wiphy.bands[band]->ht_cap.cap) || 979 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 980 dev->wiphy.bands[band]->ht_cap.ampdu_factor) || 981 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 982 dev->wiphy.bands[band]->ht_cap.ampdu_density))) 983 goto nla_put_failure; 984 985 /* add VHT info */ 986 if (dev->wiphy.bands[band]->vht_cap.vht_supported && 987 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 988 sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs), 989 &dev->wiphy.bands[band]->vht_cap.vht_mcs) || 990 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 991 dev->wiphy.bands[band]->vht_cap.cap))) 992 goto nla_put_failure; 993 994 /* add frequencies */ 995 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 996 if (!nl_freqs) 997 goto nla_put_failure; 998 999 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 1000 nl_freq = nla_nest_start(msg, i); 1001 if (!nl_freq) 1002 goto nla_put_failure; 1003 1004 chan = &dev->wiphy.bands[band]->channels[i]; 1005 1006 if (nl80211_msg_put_channel(msg, chan)) 1007 goto nla_put_failure; 1008 1009 nla_nest_end(msg, nl_freq); 1010 } 1011 1012 nla_nest_end(msg, nl_freqs); 1013 1014 /* add bitrates */ 1015 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1016 if (!nl_rates) 1017 goto nla_put_failure; 1018 1019 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 1020 nl_rate = nla_nest_start(msg, i); 1021 if (!nl_rate) 1022 goto nla_put_failure; 1023 1024 rate = &dev->wiphy.bands[band]->bitrates[i]; 1025 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1026 rate->bitrate)) 1027 goto nla_put_failure; 1028 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1029 nla_put_flag(msg, 1030 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1031 goto nla_put_failure; 1032 1033 nla_nest_end(msg, nl_rate); 1034 } 1035 1036 nla_nest_end(msg, nl_rates); 1037 1038 nla_nest_end(msg, nl_band); 1039 } 1040 nla_nest_end(msg, nl_bands); 1041 1042 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1043 if (!nl_cmds) 1044 goto nla_put_failure; 1045 1046 i = 0; 1047 #define CMD(op, n) \ 1048 do { \ 1049 if (dev->ops->op) { \ 1050 i++; \ 1051 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1052 goto nla_put_failure; \ 1053 } \ 1054 } while (0) 1055 1056 CMD(add_virtual_intf, NEW_INTERFACE); 1057 CMD(change_virtual_intf, SET_INTERFACE); 1058 CMD(add_key, NEW_KEY); 1059 CMD(start_ap, START_AP); 1060 CMD(add_station, NEW_STATION); 1061 CMD(add_mpath, NEW_MPATH); 1062 CMD(update_mesh_config, SET_MESH_CONFIG); 1063 CMD(change_bss, SET_BSS); 1064 CMD(auth, AUTHENTICATE); 1065 CMD(assoc, ASSOCIATE); 1066 CMD(deauth, DEAUTHENTICATE); 1067 CMD(disassoc, DISASSOCIATE); 1068 CMD(join_ibss, JOIN_IBSS); 1069 CMD(join_mesh, JOIN_MESH); 1070 CMD(set_pmksa, SET_PMKSA); 1071 CMD(del_pmksa, DEL_PMKSA); 1072 CMD(flush_pmksa, FLUSH_PMKSA); 1073 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1074 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1075 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1076 CMD(mgmt_tx, FRAME); 1077 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1078 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1079 i++; 1080 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1081 goto nla_put_failure; 1082 } 1083 if (dev->ops->set_monitor_channel || dev->ops->start_ap || 1084 dev->ops->join_mesh) { 1085 i++; 1086 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1087 goto nla_put_failure; 1088 } 1089 CMD(set_wds_peer, SET_WDS_PEER); 1090 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1091 CMD(tdls_mgmt, TDLS_MGMT); 1092 CMD(tdls_oper, TDLS_OPER); 1093 } 1094 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 1095 CMD(sched_scan_start, START_SCHED_SCAN); 1096 CMD(probe_client, PROBE_CLIENT); 1097 CMD(set_noack_map, SET_NOACK_MAP); 1098 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1099 i++; 1100 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1101 goto nla_put_failure; 1102 } 1103 1104 #ifdef CONFIG_NL80211_TESTMODE 1105 CMD(testmode_cmd, TESTMODE); 1106 #endif 1107 1108 #undef CMD 1109 1110 if (dev->ops->connect || dev->ops->auth) { 1111 i++; 1112 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1113 goto nla_put_failure; 1114 } 1115 1116 if (dev->ops->disconnect || dev->ops->deauth) { 1117 i++; 1118 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1119 goto nla_put_failure; 1120 } 1121 1122 nla_nest_end(msg, nl_cmds); 1123 1124 if (dev->ops->remain_on_channel && 1125 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1126 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1127 dev->wiphy.max_remain_on_channel_duration)) 1128 goto nla_put_failure; 1129 1130 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1131 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1132 goto nla_put_failure; 1133 1134 if (mgmt_stypes) { 1135 u16 stypes; 1136 struct nlattr *nl_ftypes, *nl_ifs; 1137 enum nl80211_iftype ift; 1138 1139 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1140 if (!nl_ifs) 1141 goto nla_put_failure; 1142 1143 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1144 nl_ftypes = nla_nest_start(msg, ift); 1145 if (!nl_ftypes) 1146 goto nla_put_failure; 1147 i = 0; 1148 stypes = mgmt_stypes[ift].tx; 1149 while (stypes) { 1150 if ((stypes & 1) && 1151 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1152 (i << 4) | IEEE80211_FTYPE_MGMT)) 1153 goto nla_put_failure; 1154 stypes >>= 1; 1155 i++; 1156 } 1157 nla_nest_end(msg, nl_ftypes); 1158 } 1159 1160 nla_nest_end(msg, nl_ifs); 1161 1162 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1163 if (!nl_ifs) 1164 goto nla_put_failure; 1165 1166 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1167 nl_ftypes = nla_nest_start(msg, ift); 1168 if (!nl_ftypes) 1169 goto nla_put_failure; 1170 i = 0; 1171 stypes = mgmt_stypes[ift].rx; 1172 while (stypes) { 1173 if ((stypes & 1) && 1174 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1175 (i << 4) | IEEE80211_FTYPE_MGMT)) 1176 goto nla_put_failure; 1177 stypes >>= 1; 1178 i++; 1179 } 1180 nla_nest_end(msg, nl_ftypes); 1181 } 1182 nla_nest_end(msg, nl_ifs); 1183 } 1184 1185 #ifdef CONFIG_PM 1186 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 1187 struct nlattr *nl_wowlan; 1188 1189 nl_wowlan = nla_nest_start(msg, 1190 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1191 if (!nl_wowlan) 1192 goto nla_put_failure; 1193 1194 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) && 1195 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1196 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) && 1197 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1198 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) && 1199 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1200 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1201 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1202 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1203 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1204 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1205 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1206 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1207 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1208 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1209 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1210 goto nla_put_failure; 1211 if (dev->wiphy.wowlan.n_patterns) { 1212 struct nl80211_wowlan_pattern_support pat = { 1213 .max_patterns = dev->wiphy.wowlan.n_patterns, 1214 .min_pattern_len = 1215 dev->wiphy.wowlan.pattern_min_len, 1216 .max_pattern_len = 1217 dev->wiphy.wowlan.pattern_max_len, 1218 }; 1219 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1220 sizeof(pat), &pat)) 1221 goto nla_put_failure; 1222 } 1223 1224 nla_nest_end(msg, nl_wowlan); 1225 } 1226 #endif 1227 1228 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1229 dev->wiphy.software_iftypes)) 1230 goto nla_put_failure; 1231 1232 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1233 goto nla_put_failure; 1234 1235 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1236 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1237 dev->wiphy.ap_sme_capa)) 1238 goto nla_put_failure; 1239 1240 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, 1241 dev->wiphy.features)) 1242 goto nla_put_failure; 1243 1244 if (dev->wiphy.ht_capa_mod_mask && 1245 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1246 sizeof(*dev->wiphy.ht_capa_mod_mask), 1247 dev->wiphy.ht_capa_mod_mask)) 1248 goto nla_put_failure; 1249 1250 return genlmsg_end(msg, hdr); 1251 1252 nla_put_failure: 1253 genlmsg_cancel(msg, hdr); 1254 return -EMSGSIZE; 1255 } 1256 1257 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1258 { 1259 int idx = 0; 1260 int start = cb->args[0]; 1261 struct cfg80211_registered_device *dev; 1262 1263 mutex_lock(&cfg80211_mutex); 1264 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1265 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1266 continue; 1267 if (++idx <= start) 1268 continue; 1269 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 1270 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1271 dev) < 0) { 1272 idx--; 1273 break; 1274 } 1275 } 1276 mutex_unlock(&cfg80211_mutex); 1277 1278 cb->args[0] = idx; 1279 1280 return skb->len; 1281 } 1282 1283 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1284 { 1285 struct sk_buff *msg; 1286 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1287 1288 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1289 if (!msg) 1290 return -ENOMEM; 1291 1292 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) { 1293 nlmsg_free(msg); 1294 return -ENOBUFS; 1295 } 1296 1297 return genlmsg_reply(msg, info); 1298 } 1299 1300 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1301 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1302 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1303 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1304 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1305 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1306 }; 1307 1308 static int parse_txq_params(struct nlattr *tb[], 1309 struct ieee80211_txq_params *txq_params) 1310 { 1311 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1312 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1313 !tb[NL80211_TXQ_ATTR_AIFS]) 1314 return -EINVAL; 1315 1316 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1317 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1318 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1319 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1320 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1321 1322 if (txq_params->ac >= NL80211_NUM_ACS) 1323 return -EINVAL; 1324 1325 return 0; 1326 } 1327 1328 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1329 { 1330 /* 1331 * You can only set the channel explicitly for WDS interfaces, 1332 * all others have their channel managed via their respective 1333 * "establish a connection" command (connect, join, ...) 1334 * 1335 * For AP/GO and mesh mode, the channel can be set with the 1336 * channel userspace API, but is only stored and passed to the 1337 * low-level driver when the AP starts or the mesh is joined. 1338 * This is for backward compatibility, userspace can also give 1339 * the channel in the start-ap or join-mesh commands instead. 1340 * 1341 * Monitors are special as they are normally slaved to 1342 * whatever else is going on, so they have their own special 1343 * operation to set the monitor channel if possible. 1344 */ 1345 return !wdev || 1346 wdev->iftype == NL80211_IFTYPE_AP || 1347 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1348 wdev->iftype == NL80211_IFTYPE_MONITOR || 1349 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1350 } 1351 1352 static bool nl80211_valid_channel_type(struct genl_info *info, 1353 enum nl80211_channel_type *channel_type) 1354 { 1355 enum nl80211_channel_type tmp; 1356 1357 if (!info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1358 return false; 1359 1360 tmp = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1361 if (tmp != NL80211_CHAN_NO_HT && 1362 tmp != NL80211_CHAN_HT20 && 1363 tmp != NL80211_CHAN_HT40PLUS && 1364 tmp != NL80211_CHAN_HT40MINUS) 1365 return false; 1366 1367 if (channel_type) 1368 *channel_type = tmp; 1369 1370 return true; 1371 } 1372 1373 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1374 struct wireless_dev *wdev, 1375 struct genl_info *info) 1376 { 1377 struct ieee80211_channel *channel; 1378 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 1379 u32 freq; 1380 int result; 1381 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 1382 1383 if (wdev) 1384 iftype = wdev->iftype; 1385 1386 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1387 return -EINVAL; 1388 1389 if (!nl80211_can_set_dev_channel(wdev)) 1390 return -EOPNOTSUPP; 1391 1392 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 1393 !nl80211_valid_channel_type(info, &channel_type)) 1394 return -EINVAL; 1395 1396 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1397 1398 mutex_lock(&rdev->devlist_mtx); 1399 switch (iftype) { 1400 case NL80211_IFTYPE_AP: 1401 case NL80211_IFTYPE_P2P_GO: 1402 if (wdev->beacon_interval) { 1403 result = -EBUSY; 1404 break; 1405 } 1406 channel = rdev_freq_to_chan(rdev, freq, channel_type); 1407 if (!channel || !cfg80211_can_beacon_sec_chan(&rdev->wiphy, 1408 channel, 1409 channel_type)) { 1410 result = -EINVAL; 1411 break; 1412 } 1413 wdev->preset_chan = channel; 1414 wdev->preset_chantype = channel_type; 1415 result = 0; 1416 break; 1417 case NL80211_IFTYPE_MESH_POINT: 1418 result = cfg80211_set_mesh_freq(rdev, wdev, freq, channel_type); 1419 break; 1420 case NL80211_IFTYPE_MONITOR: 1421 result = cfg80211_set_monitor_channel(rdev, freq, channel_type); 1422 break; 1423 default: 1424 result = -EINVAL; 1425 } 1426 mutex_unlock(&rdev->devlist_mtx); 1427 1428 return result; 1429 } 1430 1431 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1432 { 1433 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1434 struct net_device *netdev = info->user_ptr[1]; 1435 1436 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1437 } 1438 1439 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1440 { 1441 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1442 struct net_device *dev = info->user_ptr[1]; 1443 struct wireless_dev *wdev = dev->ieee80211_ptr; 1444 const u8 *bssid; 1445 1446 if (!info->attrs[NL80211_ATTR_MAC]) 1447 return -EINVAL; 1448 1449 if (netif_running(dev)) 1450 return -EBUSY; 1451 1452 if (!rdev->ops->set_wds_peer) 1453 return -EOPNOTSUPP; 1454 1455 if (wdev->iftype != NL80211_IFTYPE_WDS) 1456 return -EOPNOTSUPP; 1457 1458 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1459 return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid); 1460 } 1461 1462 1463 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1464 { 1465 struct cfg80211_registered_device *rdev; 1466 struct net_device *netdev = NULL; 1467 struct wireless_dev *wdev; 1468 int result = 0, rem_txq_params = 0; 1469 struct nlattr *nl_txq_params; 1470 u32 changed; 1471 u8 retry_short = 0, retry_long = 0; 1472 u32 frag_threshold = 0, rts_threshold = 0; 1473 u8 coverage_class = 0; 1474 1475 /* 1476 * Try to find the wiphy and netdev. Normally this 1477 * function shouldn't need the netdev, but this is 1478 * done for backward compatibility -- previously 1479 * setting the channel was done per wiphy, but now 1480 * it is per netdev. Previous userland like hostapd 1481 * also passed a netdev to set_wiphy, so that it is 1482 * possible to let that go to the right netdev! 1483 */ 1484 mutex_lock(&cfg80211_mutex); 1485 1486 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1487 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1488 1489 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1490 if (netdev && netdev->ieee80211_ptr) { 1491 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1492 mutex_lock(&rdev->mtx); 1493 } else 1494 netdev = NULL; 1495 } 1496 1497 if (!netdev) { 1498 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 1499 info->attrs); 1500 if (IS_ERR(rdev)) { 1501 mutex_unlock(&cfg80211_mutex); 1502 return PTR_ERR(rdev); 1503 } 1504 wdev = NULL; 1505 netdev = NULL; 1506 result = 0; 1507 1508 mutex_lock(&rdev->mtx); 1509 } else if (nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 1510 wdev = netdev->ieee80211_ptr; 1511 else 1512 wdev = NULL; 1513 1514 /* 1515 * end workaround code, by now the rdev is available 1516 * and locked, and wdev may or may not be NULL. 1517 */ 1518 1519 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1520 result = cfg80211_dev_rename( 1521 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1522 1523 mutex_unlock(&cfg80211_mutex); 1524 1525 if (result) 1526 goto bad_res; 1527 1528 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1529 struct ieee80211_txq_params txq_params; 1530 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1531 1532 if (!rdev->ops->set_txq_params) { 1533 result = -EOPNOTSUPP; 1534 goto bad_res; 1535 } 1536 1537 if (!netdev) { 1538 result = -EINVAL; 1539 goto bad_res; 1540 } 1541 1542 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1543 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1544 result = -EINVAL; 1545 goto bad_res; 1546 } 1547 1548 if (!netif_running(netdev)) { 1549 result = -ENETDOWN; 1550 goto bad_res; 1551 } 1552 1553 nla_for_each_nested(nl_txq_params, 1554 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1555 rem_txq_params) { 1556 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1557 nla_data(nl_txq_params), 1558 nla_len(nl_txq_params), 1559 txq_params_policy); 1560 result = parse_txq_params(tb, &txq_params); 1561 if (result) 1562 goto bad_res; 1563 1564 result = rdev->ops->set_txq_params(&rdev->wiphy, 1565 netdev, 1566 &txq_params); 1567 if (result) 1568 goto bad_res; 1569 } 1570 } 1571 1572 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1573 result = __nl80211_set_channel(rdev, wdev, info); 1574 if (result) 1575 goto bad_res; 1576 } 1577 1578 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1579 enum nl80211_tx_power_setting type; 1580 int idx, mbm = 0; 1581 1582 if (!rdev->ops->set_tx_power) { 1583 result = -EOPNOTSUPP; 1584 goto bad_res; 1585 } 1586 1587 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1588 type = nla_get_u32(info->attrs[idx]); 1589 1590 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1591 (type != NL80211_TX_POWER_AUTOMATIC)) { 1592 result = -EINVAL; 1593 goto bad_res; 1594 } 1595 1596 if (type != NL80211_TX_POWER_AUTOMATIC) { 1597 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1598 mbm = nla_get_u32(info->attrs[idx]); 1599 } 1600 1601 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 1602 if (result) 1603 goto bad_res; 1604 } 1605 1606 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1607 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1608 u32 tx_ant, rx_ant; 1609 if ((!rdev->wiphy.available_antennas_tx && 1610 !rdev->wiphy.available_antennas_rx) || 1611 !rdev->ops->set_antenna) { 1612 result = -EOPNOTSUPP; 1613 goto bad_res; 1614 } 1615 1616 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1617 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1618 1619 /* reject antenna configurations which don't match the 1620 * available antenna masks, except for the "all" mask */ 1621 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1622 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1623 result = -EINVAL; 1624 goto bad_res; 1625 } 1626 1627 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1628 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1629 1630 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant); 1631 if (result) 1632 goto bad_res; 1633 } 1634 1635 changed = 0; 1636 1637 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1638 retry_short = nla_get_u8( 1639 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1640 if (retry_short == 0) { 1641 result = -EINVAL; 1642 goto bad_res; 1643 } 1644 changed |= WIPHY_PARAM_RETRY_SHORT; 1645 } 1646 1647 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1648 retry_long = nla_get_u8( 1649 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1650 if (retry_long == 0) { 1651 result = -EINVAL; 1652 goto bad_res; 1653 } 1654 changed |= WIPHY_PARAM_RETRY_LONG; 1655 } 1656 1657 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1658 frag_threshold = nla_get_u32( 1659 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1660 if (frag_threshold < 256) { 1661 result = -EINVAL; 1662 goto bad_res; 1663 } 1664 if (frag_threshold != (u32) -1) { 1665 /* 1666 * Fragments (apart from the last one) are required to 1667 * have even length. Make the fragmentation code 1668 * simpler by stripping LSB should someone try to use 1669 * odd threshold value. 1670 */ 1671 frag_threshold &= ~0x1; 1672 } 1673 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1674 } 1675 1676 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1677 rts_threshold = nla_get_u32( 1678 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1679 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1680 } 1681 1682 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1683 coverage_class = nla_get_u8( 1684 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1685 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1686 } 1687 1688 if (changed) { 1689 u8 old_retry_short, old_retry_long; 1690 u32 old_frag_threshold, old_rts_threshold; 1691 u8 old_coverage_class; 1692 1693 if (!rdev->ops->set_wiphy_params) { 1694 result = -EOPNOTSUPP; 1695 goto bad_res; 1696 } 1697 1698 old_retry_short = rdev->wiphy.retry_short; 1699 old_retry_long = rdev->wiphy.retry_long; 1700 old_frag_threshold = rdev->wiphy.frag_threshold; 1701 old_rts_threshold = rdev->wiphy.rts_threshold; 1702 old_coverage_class = rdev->wiphy.coverage_class; 1703 1704 if (changed & WIPHY_PARAM_RETRY_SHORT) 1705 rdev->wiphy.retry_short = retry_short; 1706 if (changed & WIPHY_PARAM_RETRY_LONG) 1707 rdev->wiphy.retry_long = retry_long; 1708 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1709 rdev->wiphy.frag_threshold = frag_threshold; 1710 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1711 rdev->wiphy.rts_threshold = rts_threshold; 1712 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1713 rdev->wiphy.coverage_class = coverage_class; 1714 1715 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 1716 if (result) { 1717 rdev->wiphy.retry_short = old_retry_short; 1718 rdev->wiphy.retry_long = old_retry_long; 1719 rdev->wiphy.frag_threshold = old_frag_threshold; 1720 rdev->wiphy.rts_threshold = old_rts_threshold; 1721 rdev->wiphy.coverage_class = old_coverage_class; 1722 } 1723 } 1724 1725 bad_res: 1726 mutex_unlock(&rdev->mtx); 1727 if (netdev) 1728 dev_put(netdev); 1729 return result; 1730 } 1731 1732 static inline u64 wdev_id(struct wireless_dev *wdev) 1733 { 1734 return (u64)wdev->identifier | 1735 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32); 1736 } 1737 1738 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1739 struct cfg80211_registered_device *rdev, 1740 struct wireless_dev *wdev) 1741 { 1742 struct net_device *dev = wdev->netdev; 1743 void *hdr; 1744 1745 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1746 if (!hdr) 1747 return -1; 1748 1749 if (dev && 1750 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1751 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) || 1752 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dev->dev_addr))) 1753 goto nla_put_failure; 1754 1755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1756 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 1757 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 1758 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1759 rdev->devlist_generation ^ 1760 (cfg80211_rdev_list_generation << 2))) 1761 goto nla_put_failure; 1762 1763 if (rdev->ops->get_channel) { 1764 struct ieee80211_channel *chan; 1765 enum nl80211_channel_type channel_type; 1766 1767 chan = rdev->ops->get_channel(&rdev->wiphy, wdev, 1768 &channel_type); 1769 if (chan && 1770 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1771 chan->center_freq) || 1772 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1773 channel_type))) 1774 goto nla_put_failure; 1775 } 1776 1777 return genlmsg_end(msg, hdr); 1778 1779 nla_put_failure: 1780 genlmsg_cancel(msg, hdr); 1781 return -EMSGSIZE; 1782 } 1783 1784 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1785 { 1786 int wp_idx = 0; 1787 int if_idx = 0; 1788 int wp_start = cb->args[0]; 1789 int if_start = cb->args[1]; 1790 struct cfg80211_registered_device *rdev; 1791 struct wireless_dev *wdev; 1792 1793 mutex_lock(&cfg80211_mutex); 1794 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1795 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1796 continue; 1797 if (wp_idx < wp_start) { 1798 wp_idx++; 1799 continue; 1800 } 1801 if_idx = 0; 1802 1803 mutex_lock(&rdev->devlist_mtx); 1804 list_for_each_entry(wdev, &rdev->wdev_list, list) { 1805 if (if_idx < if_start) { 1806 if_idx++; 1807 continue; 1808 } 1809 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1810 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1811 rdev, wdev) < 0) { 1812 mutex_unlock(&rdev->devlist_mtx); 1813 goto out; 1814 } 1815 if_idx++; 1816 } 1817 mutex_unlock(&rdev->devlist_mtx); 1818 1819 wp_idx++; 1820 } 1821 out: 1822 mutex_unlock(&cfg80211_mutex); 1823 1824 cb->args[0] = wp_idx; 1825 cb->args[1] = if_idx; 1826 1827 return skb->len; 1828 } 1829 1830 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1831 { 1832 struct sk_buff *msg; 1833 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1834 struct wireless_dev *wdev = info->user_ptr[1]; 1835 1836 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1837 if (!msg) 1838 return -ENOMEM; 1839 1840 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1841 dev, wdev) < 0) { 1842 nlmsg_free(msg); 1843 return -ENOBUFS; 1844 } 1845 1846 return genlmsg_reply(msg, info); 1847 } 1848 1849 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1850 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1851 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1852 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1853 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1854 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1855 }; 1856 1857 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1858 { 1859 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1860 int flag; 1861 1862 *mntrflags = 0; 1863 1864 if (!nla) 1865 return -EINVAL; 1866 1867 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1868 nla, mntr_flags_policy)) 1869 return -EINVAL; 1870 1871 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1872 if (flags[flag]) 1873 *mntrflags |= (1<<flag); 1874 1875 return 0; 1876 } 1877 1878 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1879 struct net_device *netdev, u8 use_4addr, 1880 enum nl80211_iftype iftype) 1881 { 1882 if (!use_4addr) { 1883 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1884 return -EBUSY; 1885 return 0; 1886 } 1887 1888 switch (iftype) { 1889 case NL80211_IFTYPE_AP_VLAN: 1890 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1891 return 0; 1892 break; 1893 case NL80211_IFTYPE_STATION: 1894 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1895 return 0; 1896 break; 1897 default: 1898 break; 1899 } 1900 1901 return -EOPNOTSUPP; 1902 } 1903 1904 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1905 { 1906 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1907 struct vif_params params; 1908 int err; 1909 enum nl80211_iftype otype, ntype; 1910 struct net_device *dev = info->user_ptr[1]; 1911 u32 _flags, *flags = NULL; 1912 bool change = false; 1913 1914 memset(¶ms, 0, sizeof(params)); 1915 1916 otype = ntype = dev->ieee80211_ptr->iftype; 1917 1918 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1919 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1920 if (otype != ntype) 1921 change = true; 1922 if (ntype > NL80211_IFTYPE_MAX) 1923 return -EINVAL; 1924 } 1925 1926 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1927 struct wireless_dev *wdev = dev->ieee80211_ptr; 1928 1929 if (ntype != NL80211_IFTYPE_MESH_POINT) 1930 return -EINVAL; 1931 if (netif_running(dev)) 1932 return -EBUSY; 1933 1934 wdev_lock(wdev); 1935 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1936 IEEE80211_MAX_MESH_ID_LEN); 1937 wdev->mesh_id_up_len = 1938 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1939 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1940 wdev->mesh_id_up_len); 1941 wdev_unlock(wdev); 1942 } 1943 1944 if (info->attrs[NL80211_ATTR_4ADDR]) { 1945 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1946 change = true; 1947 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1948 if (err) 1949 return err; 1950 } else { 1951 params.use_4addr = -1; 1952 } 1953 1954 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1955 if (ntype != NL80211_IFTYPE_MONITOR) 1956 return -EINVAL; 1957 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1958 &_flags); 1959 if (err) 1960 return err; 1961 1962 flags = &_flags; 1963 change = true; 1964 } 1965 1966 if (change) 1967 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1968 else 1969 err = 0; 1970 1971 if (!err && params.use_4addr != -1) 1972 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1973 1974 return err; 1975 } 1976 1977 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1978 { 1979 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1980 struct vif_params params; 1981 struct wireless_dev *wdev; 1982 struct sk_buff *msg; 1983 int err; 1984 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1985 u32 flags; 1986 1987 memset(¶ms, 0, sizeof(params)); 1988 1989 if (!info->attrs[NL80211_ATTR_IFNAME]) 1990 return -EINVAL; 1991 1992 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1993 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1994 if (type > NL80211_IFTYPE_MAX) 1995 return -EINVAL; 1996 } 1997 1998 if (!rdev->ops->add_virtual_intf || 1999 !(rdev->wiphy.interface_modes & (1 << type))) 2000 return -EOPNOTSUPP; 2001 2002 if (info->attrs[NL80211_ATTR_4ADDR]) { 2003 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2004 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 2005 if (err) 2006 return err; 2007 } 2008 2009 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2010 if (!msg) 2011 return -ENOMEM; 2012 2013 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2014 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2015 &flags); 2016 wdev = rdev->ops->add_virtual_intf(&rdev->wiphy, 2017 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2018 type, err ? NULL : &flags, ¶ms); 2019 if (IS_ERR(wdev)) { 2020 nlmsg_free(msg); 2021 return PTR_ERR(wdev); 2022 } 2023 2024 if (type == NL80211_IFTYPE_MESH_POINT && 2025 info->attrs[NL80211_ATTR_MESH_ID]) { 2026 wdev_lock(wdev); 2027 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2028 IEEE80211_MAX_MESH_ID_LEN); 2029 wdev->mesh_id_up_len = 2030 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2031 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2032 wdev->mesh_id_up_len); 2033 wdev_unlock(wdev); 2034 } 2035 2036 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 2037 rdev, wdev) < 0) { 2038 nlmsg_free(msg); 2039 return -ENOBUFS; 2040 } 2041 2042 return genlmsg_reply(msg, info); 2043 } 2044 2045 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2046 { 2047 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2048 struct wireless_dev *wdev = info->user_ptr[1]; 2049 2050 if (!rdev->ops->del_virtual_intf) 2051 return -EOPNOTSUPP; 2052 2053 /* 2054 * If we remove a wireless device without a netdev then clear 2055 * user_ptr[1] so that nl80211_post_doit won't dereference it 2056 * to check if it needs to do dev_put(). Otherwise it crashes 2057 * since the wdev has been freed, unlike with a netdev where 2058 * we need the dev_put() for the netdev to really be freed. 2059 */ 2060 if (!wdev->netdev) 2061 info->user_ptr[1] = NULL; 2062 2063 return rdev->ops->del_virtual_intf(&rdev->wiphy, wdev); 2064 } 2065 2066 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2067 { 2068 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2069 struct net_device *dev = info->user_ptr[1]; 2070 u16 noack_map; 2071 2072 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 2073 return -EINVAL; 2074 2075 if (!rdev->ops->set_noack_map) 2076 return -EOPNOTSUPP; 2077 2078 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 2079 2080 return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map); 2081 } 2082 2083 struct get_key_cookie { 2084 struct sk_buff *msg; 2085 int error; 2086 int idx; 2087 }; 2088 2089 static void get_key_callback(void *c, struct key_params *params) 2090 { 2091 struct nlattr *key; 2092 struct get_key_cookie *cookie = c; 2093 2094 if ((params->key && 2095 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 2096 params->key_len, params->key)) || 2097 (params->seq && 2098 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 2099 params->seq_len, params->seq)) || 2100 (params->cipher && 2101 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 2102 params->cipher))) 2103 goto nla_put_failure; 2104 2105 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 2106 if (!key) 2107 goto nla_put_failure; 2108 2109 if ((params->key && 2110 nla_put(cookie->msg, NL80211_KEY_DATA, 2111 params->key_len, params->key)) || 2112 (params->seq && 2113 nla_put(cookie->msg, NL80211_KEY_SEQ, 2114 params->seq_len, params->seq)) || 2115 (params->cipher && 2116 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 2117 params->cipher))) 2118 goto nla_put_failure; 2119 2120 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 2121 goto nla_put_failure; 2122 2123 nla_nest_end(cookie->msg, key); 2124 2125 return; 2126 nla_put_failure: 2127 cookie->error = 1; 2128 } 2129 2130 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 2131 { 2132 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2133 int err; 2134 struct net_device *dev = info->user_ptr[1]; 2135 u8 key_idx = 0; 2136 const u8 *mac_addr = NULL; 2137 bool pairwise; 2138 struct get_key_cookie cookie = { 2139 .error = 0, 2140 }; 2141 void *hdr; 2142 struct sk_buff *msg; 2143 2144 if (info->attrs[NL80211_ATTR_KEY_IDX]) 2145 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 2146 2147 if (key_idx > 5) 2148 return -EINVAL; 2149 2150 if (info->attrs[NL80211_ATTR_MAC]) 2151 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2152 2153 pairwise = !!mac_addr; 2154 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 2155 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 2156 if (kt >= NUM_NL80211_KEYTYPES) 2157 return -EINVAL; 2158 if (kt != NL80211_KEYTYPE_GROUP && 2159 kt != NL80211_KEYTYPE_PAIRWISE) 2160 return -EINVAL; 2161 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 2162 } 2163 2164 if (!rdev->ops->get_key) 2165 return -EOPNOTSUPP; 2166 2167 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2168 if (!msg) 2169 return -ENOMEM; 2170 2171 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2172 NL80211_CMD_NEW_KEY); 2173 if (IS_ERR(hdr)) 2174 return PTR_ERR(hdr); 2175 2176 cookie.msg = msg; 2177 cookie.idx = key_idx; 2178 2179 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2180 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 2181 goto nla_put_failure; 2182 if (mac_addr && 2183 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 2184 goto nla_put_failure; 2185 2186 if (pairwise && mac_addr && 2187 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2188 return -ENOENT; 2189 2190 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise, 2191 mac_addr, &cookie, get_key_callback); 2192 2193 if (err) 2194 goto free_msg; 2195 2196 if (cookie.error) 2197 goto nla_put_failure; 2198 2199 genlmsg_end(msg, hdr); 2200 return genlmsg_reply(msg, info); 2201 2202 nla_put_failure: 2203 err = -ENOBUFS; 2204 free_msg: 2205 nlmsg_free(msg); 2206 return err; 2207 } 2208 2209 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 2210 { 2211 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2212 struct key_parse key; 2213 int err; 2214 struct net_device *dev = info->user_ptr[1]; 2215 2216 err = nl80211_parse_key(info, &key); 2217 if (err) 2218 return err; 2219 2220 if (key.idx < 0) 2221 return -EINVAL; 2222 2223 /* only support setting default key */ 2224 if (!key.def && !key.defmgmt) 2225 return -EINVAL; 2226 2227 wdev_lock(dev->ieee80211_ptr); 2228 2229 if (key.def) { 2230 if (!rdev->ops->set_default_key) { 2231 err = -EOPNOTSUPP; 2232 goto out; 2233 } 2234 2235 err = nl80211_key_allowed(dev->ieee80211_ptr); 2236 if (err) 2237 goto out; 2238 2239 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx, 2240 key.def_uni, key.def_multi); 2241 2242 if (err) 2243 goto out; 2244 2245 #ifdef CONFIG_CFG80211_WEXT 2246 dev->ieee80211_ptr->wext.default_key = key.idx; 2247 #endif 2248 } else { 2249 if (key.def_uni || !key.def_multi) { 2250 err = -EINVAL; 2251 goto out; 2252 } 2253 2254 if (!rdev->ops->set_default_mgmt_key) { 2255 err = -EOPNOTSUPP; 2256 goto out; 2257 } 2258 2259 err = nl80211_key_allowed(dev->ieee80211_ptr); 2260 if (err) 2261 goto out; 2262 2263 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy, 2264 dev, key.idx); 2265 if (err) 2266 goto out; 2267 2268 #ifdef CONFIG_CFG80211_WEXT 2269 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2270 #endif 2271 } 2272 2273 out: 2274 wdev_unlock(dev->ieee80211_ptr); 2275 2276 return err; 2277 } 2278 2279 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2280 { 2281 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2282 int err; 2283 struct net_device *dev = info->user_ptr[1]; 2284 struct key_parse key; 2285 const u8 *mac_addr = NULL; 2286 2287 err = nl80211_parse_key(info, &key); 2288 if (err) 2289 return err; 2290 2291 if (!key.p.key) 2292 return -EINVAL; 2293 2294 if (info->attrs[NL80211_ATTR_MAC]) 2295 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2296 2297 if (key.type == -1) { 2298 if (mac_addr) 2299 key.type = NL80211_KEYTYPE_PAIRWISE; 2300 else 2301 key.type = NL80211_KEYTYPE_GROUP; 2302 } 2303 2304 /* for now */ 2305 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2306 key.type != NL80211_KEYTYPE_GROUP) 2307 return -EINVAL; 2308 2309 if (!rdev->ops->add_key) 2310 return -EOPNOTSUPP; 2311 2312 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2313 key.type == NL80211_KEYTYPE_PAIRWISE, 2314 mac_addr)) 2315 return -EINVAL; 2316 2317 wdev_lock(dev->ieee80211_ptr); 2318 err = nl80211_key_allowed(dev->ieee80211_ptr); 2319 if (!err) 2320 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 2321 key.type == NL80211_KEYTYPE_PAIRWISE, 2322 mac_addr, &key.p); 2323 wdev_unlock(dev->ieee80211_ptr); 2324 2325 return err; 2326 } 2327 2328 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2329 { 2330 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2331 int err; 2332 struct net_device *dev = info->user_ptr[1]; 2333 u8 *mac_addr = NULL; 2334 struct key_parse key; 2335 2336 err = nl80211_parse_key(info, &key); 2337 if (err) 2338 return err; 2339 2340 if (info->attrs[NL80211_ATTR_MAC]) 2341 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2342 2343 if (key.type == -1) { 2344 if (mac_addr) 2345 key.type = NL80211_KEYTYPE_PAIRWISE; 2346 else 2347 key.type = NL80211_KEYTYPE_GROUP; 2348 } 2349 2350 /* for now */ 2351 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2352 key.type != NL80211_KEYTYPE_GROUP) 2353 return -EINVAL; 2354 2355 if (!rdev->ops->del_key) 2356 return -EOPNOTSUPP; 2357 2358 wdev_lock(dev->ieee80211_ptr); 2359 err = nl80211_key_allowed(dev->ieee80211_ptr); 2360 2361 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2362 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2363 err = -ENOENT; 2364 2365 if (!err) 2366 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, 2367 key.type == NL80211_KEYTYPE_PAIRWISE, 2368 mac_addr); 2369 2370 #ifdef CONFIG_CFG80211_WEXT 2371 if (!err) { 2372 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2373 dev->ieee80211_ptr->wext.default_key = -1; 2374 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2375 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2376 } 2377 #endif 2378 wdev_unlock(dev->ieee80211_ptr); 2379 2380 return err; 2381 } 2382 2383 static int nl80211_parse_beacon(struct genl_info *info, 2384 struct cfg80211_beacon_data *bcn) 2385 { 2386 bool haveinfo = false; 2387 2388 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2389 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2390 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2391 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2392 return -EINVAL; 2393 2394 memset(bcn, 0, sizeof(*bcn)); 2395 2396 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2397 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2398 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2399 if (!bcn->head_len) 2400 return -EINVAL; 2401 haveinfo = true; 2402 } 2403 2404 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2405 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2406 bcn->tail_len = 2407 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2408 haveinfo = true; 2409 } 2410 2411 if (!haveinfo) 2412 return -EINVAL; 2413 2414 if (info->attrs[NL80211_ATTR_IE]) { 2415 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2416 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2417 } 2418 2419 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2420 bcn->proberesp_ies = 2421 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2422 bcn->proberesp_ies_len = 2423 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2424 } 2425 2426 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2427 bcn->assocresp_ies = 2428 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2429 bcn->assocresp_ies_len = 2430 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2431 } 2432 2433 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2434 bcn->probe_resp = 2435 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2436 bcn->probe_resp_len = 2437 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2438 } 2439 2440 return 0; 2441 } 2442 2443 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 2444 struct cfg80211_ap_settings *params) 2445 { 2446 struct wireless_dev *wdev; 2447 bool ret = false; 2448 2449 mutex_lock(&rdev->devlist_mtx); 2450 2451 list_for_each_entry(wdev, &rdev->wdev_list, list) { 2452 if (wdev->iftype != NL80211_IFTYPE_AP && 2453 wdev->iftype != NL80211_IFTYPE_P2P_GO) 2454 continue; 2455 2456 if (!wdev->preset_chan) 2457 continue; 2458 2459 params->channel = wdev->preset_chan; 2460 params->channel_type = wdev->preset_chantype; 2461 ret = true; 2462 break; 2463 } 2464 2465 mutex_unlock(&rdev->devlist_mtx); 2466 2467 return ret; 2468 } 2469 2470 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2471 { 2472 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2473 struct net_device *dev = info->user_ptr[1]; 2474 struct wireless_dev *wdev = dev->ieee80211_ptr; 2475 struct cfg80211_ap_settings params; 2476 int err; 2477 2478 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2479 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2480 return -EOPNOTSUPP; 2481 2482 if (!rdev->ops->start_ap) 2483 return -EOPNOTSUPP; 2484 2485 if (wdev->beacon_interval) 2486 return -EALREADY; 2487 2488 memset(¶ms, 0, sizeof(params)); 2489 2490 /* these are required for START_AP */ 2491 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2492 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2493 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2494 return -EINVAL; 2495 2496 err = nl80211_parse_beacon(info, ¶ms.beacon); 2497 if (err) 2498 return err; 2499 2500 params.beacon_interval = 2501 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2502 params.dtim_period = 2503 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2504 2505 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2506 if (err) 2507 return err; 2508 2509 /* 2510 * In theory, some of these attributes should be required here 2511 * but since they were not used when the command was originally 2512 * added, keep them optional for old user space programs to let 2513 * them continue to work with drivers that do not need the 2514 * additional information -- drivers must check! 2515 */ 2516 if (info->attrs[NL80211_ATTR_SSID]) { 2517 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2518 params.ssid_len = 2519 nla_len(info->attrs[NL80211_ATTR_SSID]); 2520 if (params.ssid_len == 0 || 2521 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2522 return -EINVAL; 2523 } 2524 2525 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2526 params.hidden_ssid = nla_get_u32( 2527 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2528 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2529 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2530 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2531 return -EINVAL; 2532 } 2533 2534 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2535 2536 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2537 params.auth_type = nla_get_u32( 2538 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2539 if (!nl80211_valid_auth_type(params.auth_type)) 2540 return -EINVAL; 2541 } else 2542 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2543 2544 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2545 NL80211_MAX_NR_CIPHER_SUITES); 2546 if (err) 2547 return err; 2548 2549 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2550 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2551 return -EOPNOTSUPP; 2552 params.inactivity_timeout = nla_get_u16( 2553 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2554 } 2555 2556 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 2557 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 2558 2559 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 2560 !nl80211_valid_channel_type(info, &channel_type)) 2561 return -EINVAL; 2562 2563 params.channel = rdev_freq_to_chan(rdev, 2564 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 2565 channel_type); 2566 if (!params.channel) 2567 return -EINVAL; 2568 params.channel_type = channel_type; 2569 } else if (wdev->preset_chan) { 2570 params.channel = wdev->preset_chan; 2571 params.channel_type = wdev->preset_chantype; 2572 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 2573 return -EINVAL; 2574 2575 if (!cfg80211_can_beacon_sec_chan(&rdev->wiphy, params.channel, 2576 params.channel_type)) 2577 return -EINVAL; 2578 2579 mutex_lock(&rdev->devlist_mtx); 2580 err = cfg80211_can_use_chan(rdev, wdev, params.channel, 2581 CHAN_MODE_SHARED); 2582 mutex_unlock(&rdev->devlist_mtx); 2583 2584 if (err) 2585 return err; 2586 2587 err = rdev->ops->start_ap(&rdev->wiphy, dev, ¶ms); 2588 if (!err) { 2589 wdev->preset_chan = params.channel; 2590 wdev->preset_chantype = params.channel_type; 2591 wdev->beacon_interval = params.beacon_interval; 2592 wdev->channel = params.channel; 2593 } 2594 return err; 2595 } 2596 2597 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2598 { 2599 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2600 struct net_device *dev = info->user_ptr[1]; 2601 struct wireless_dev *wdev = dev->ieee80211_ptr; 2602 struct cfg80211_beacon_data params; 2603 int err; 2604 2605 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2606 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2607 return -EOPNOTSUPP; 2608 2609 if (!rdev->ops->change_beacon) 2610 return -EOPNOTSUPP; 2611 2612 if (!wdev->beacon_interval) 2613 return -EINVAL; 2614 2615 err = nl80211_parse_beacon(info, ¶ms); 2616 if (err) 2617 return err; 2618 2619 return rdev->ops->change_beacon(&rdev->wiphy, dev, ¶ms); 2620 } 2621 2622 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2623 { 2624 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2625 struct net_device *dev = info->user_ptr[1]; 2626 2627 return cfg80211_stop_ap(rdev, dev); 2628 } 2629 2630 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2631 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2632 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2633 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2634 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2635 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2636 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2637 }; 2638 2639 static int parse_station_flags(struct genl_info *info, 2640 enum nl80211_iftype iftype, 2641 struct station_parameters *params) 2642 { 2643 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2644 struct nlattr *nla; 2645 int flag; 2646 2647 /* 2648 * Try parsing the new attribute first so userspace 2649 * can specify both for older kernels. 2650 */ 2651 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2652 if (nla) { 2653 struct nl80211_sta_flag_update *sta_flags; 2654 2655 sta_flags = nla_data(nla); 2656 params->sta_flags_mask = sta_flags->mask; 2657 params->sta_flags_set = sta_flags->set; 2658 if ((params->sta_flags_mask | 2659 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2660 return -EINVAL; 2661 return 0; 2662 } 2663 2664 /* if present, parse the old attribute */ 2665 2666 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2667 if (!nla) 2668 return 0; 2669 2670 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2671 nla, sta_flags_policy)) 2672 return -EINVAL; 2673 2674 /* 2675 * Only allow certain flags for interface types so that 2676 * other attributes are silently ignored. Remember that 2677 * this is backward compatibility code with old userspace 2678 * and shouldn't be hit in other cases anyway. 2679 */ 2680 switch (iftype) { 2681 case NL80211_IFTYPE_AP: 2682 case NL80211_IFTYPE_AP_VLAN: 2683 case NL80211_IFTYPE_P2P_GO: 2684 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2685 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2686 BIT(NL80211_STA_FLAG_WME) | 2687 BIT(NL80211_STA_FLAG_MFP); 2688 break; 2689 case NL80211_IFTYPE_P2P_CLIENT: 2690 case NL80211_IFTYPE_STATION: 2691 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2692 BIT(NL80211_STA_FLAG_TDLS_PEER); 2693 break; 2694 case NL80211_IFTYPE_MESH_POINT: 2695 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2696 BIT(NL80211_STA_FLAG_MFP) | 2697 BIT(NL80211_STA_FLAG_AUTHORIZED); 2698 default: 2699 return -EINVAL; 2700 } 2701 2702 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 2703 if (flags[flag]) { 2704 params->sta_flags_set |= (1<<flag); 2705 2706 /* no longer support new API additions in old API */ 2707 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 2708 return -EINVAL; 2709 } 2710 } 2711 2712 return 0; 2713 } 2714 2715 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 2716 int attr) 2717 { 2718 struct nlattr *rate; 2719 u32 bitrate; 2720 u16 bitrate_compat; 2721 2722 rate = nla_nest_start(msg, attr); 2723 if (!rate) 2724 goto nla_put_failure; 2725 2726 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2727 bitrate = cfg80211_calculate_bitrate(info); 2728 /* report 16-bit bitrate only if we can */ 2729 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 2730 if ((bitrate > 0 && 2731 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) || 2732 (bitrate_compat > 0 && 2733 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) || 2734 ((info->flags & RATE_INFO_FLAGS_MCS) && 2735 nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) || 2736 ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) && 2737 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) || 2738 ((info->flags & RATE_INFO_FLAGS_SHORT_GI) && 2739 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))) 2740 goto nla_put_failure; 2741 2742 nla_nest_end(msg, rate); 2743 return true; 2744 2745 nla_put_failure: 2746 return false; 2747 } 2748 2749 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 2750 int flags, 2751 struct cfg80211_registered_device *rdev, 2752 struct net_device *dev, 2753 const u8 *mac_addr, struct station_info *sinfo) 2754 { 2755 void *hdr; 2756 struct nlattr *sinfoattr, *bss_param; 2757 2758 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2759 if (!hdr) 2760 return -1; 2761 2762 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2763 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 2764 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 2765 goto nla_put_failure; 2766 2767 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2768 if (!sinfoattr) 2769 goto nla_put_failure; 2770 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 2771 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2772 sinfo->connected_time)) 2773 goto nla_put_failure; 2774 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 2775 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2776 sinfo->inactive_time)) 2777 goto nla_put_failure; 2778 if ((sinfo->filled & STATION_INFO_RX_BYTES) && 2779 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 2780 sinfo->rx_bytes)) 2781 goto nla_put_failure; 2782 if ((sinfo->filled & STATION_INFO_TX_BYTES) && 2783 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 2784 sinfo->tx_bytes)) 2785 goto nla_put_failure; 2786 if ((sinfo->filled & STATION_INFO_LLID) && 2787 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 2788 goto nla_put_failure; 2789 if ((sinfo->filled & STATION_INFO_PLID) && 2790 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 2791 goto nla_put_failure; 2792 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 2793 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 2794 sinfo->plink_state)) 2795 goto nla_put_failure; 2796 switch (rdev->wiphy.signal_type) { 2797 case CFG80211_SIGNAL_TYPE_MBM: 2798 if ((sinfo->filled & STATION_INFO_SIGNAL) && 2799 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 2800 sinfo->signal)) 2801 goto nla_put_failure; 2802 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 2803 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2804 sinfo->signal_avg)) 2805 goto nla_put_failure; 2806 break; 2807 default: 2808 break; 2809 } 2810 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 2811 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 2812 NL80211_STA_INFO_TX_BITRATE)) 2813 goto nla_put_failure; 2814 } 2815 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 2816 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 2817 NL80211_STA_INFO_RX_BITRATE)) 2818 goto nla_put_failure; 2819 } 2820 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 2821 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 2822 sinfo->rx_packets)) 2823 goto nla_put_failure; 2824 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 2825 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 2826 sinfo->tx_packets)) 2827 goto nla_put_failure; 2828 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 2829 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 2830 sinfo->tx_retries)) 2831 goto nla_put_failure; 2832 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 2833 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 2834 sinfo->tx_failed)) 2835 goto nla_put_failure; 2836 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 2837 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 2838 sinfo->beacon_loss_count)) 2839 goto nla_put_failure; 2840 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 2841 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 2842 if (!bss_param) 2843 goto nla_put_failure; 2844 2845 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 2846 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 2847 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 2848 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 2849 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 2850 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 2851 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 2852 sinfo->bss_param.dtim_period) || 2853 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 2854 sinfo->bss_param.beacon_interval)) 2855 goto nla_put_failure; 2856 2857 nla_nest_end(msg, bss_param); 2858 } 2859 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 2860 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 2861 sizeof(struct nl80211_sta_flag_update), 2862 &sinfo->sta_flags)) 2863 goto nla_put_failure; 2864 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 2865 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 2866 sinfo->t_offset)) 2867 goto nla_put_failure; 2868 nla_nest_end(msg, sinfoattr); 2869 2870 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 2871 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 2872 sinfo->assoc_req_ies)) 2873 goto nla_put_failure; 2874 2875 return genlmsg_end(msg, hdr); 2876 2877 nla_put_failure: 2878 genlmsg_cancel(msg, hdr); 2879 return -EMSGSIZE; 2880 } 2881 2882 static int nl80211_dump_station(struct sk_buff *skb, 2883 struct netlink_callback *cb) 2884 { 2885 struct station_info sinfo; 2886 struct cfg80211_registered_device *dev; 2887 struct net_device *netdev; 2888 u8 mac_addr[ETH_ALEN]; 2889 int sta_idx = cb->args[1]; 2890 int err; 2891 2892 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2893 if (err) 2894 return err; 2895 2896 if (!dev->ops->dump_station) { 2897 err = -EOPNOTSUPP; 2898 goto out_err; 2899 } 2900 2901 while (1) { 2902 memset(&sinfo, 0, sizeof(sinfo)); 2903 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 2904 mac_addr, &sinfo); 2905 if (err == -ENOENT) 2906 break; 2907 if (err) 2908 goto out_err; 2909 2910 if (nl80211_send_station(skb, 2911 NETLINK_CB(cb->skb).pid, 2912 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2913 dev, netdev, mac_addr, 2914 &sinfo) < 0) 2915 goto out; 2916 2917 sta_idx++; 2918 } 2919 2920 2921 out: 2922 cb->args[1] = sta_idx; 2923 err = skb->len; 2924 out_err: 2925 nl80211_finish_netdev_dump(dev); 2926 2927 return err; 2928 } 2929 2930 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 2931 { 2932 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2933 struct net_device *dev = info->user_ptr[1]; 2934 struct station_info sinfo; 2935 struct sk_buff *msg; 2936 u8 *mac_addr = NULL; 2937 int err; 2938 2939 memset(&sinfo, 0, sizeof(sinfo)); 2940 2941 if (!info->attrs[NL80211_ATTR_MAC]) 2942 return -EINVAL; 2943 2944 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2945 2946 if (!rdev->ops->get_station) 2947 return -EOPNOTSUPP; 2948 2949 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 2950 if (err) 2951 return err; 2952 2953 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2954 if (!msg) 2955 return -ENOMEM; 2956 2957 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 2958 rdev, dev, mac_addr, &sinfo) < 0) { 2959 nlmsg_free(msg); 2960 return -ENOBUFS; 2961 } 2962 2963 return genlmsg_reply(msg, info); 2964 } 2965 2966 /* 2967 * Get vlan interface making sure it is running and on the right wiphy. 2968 */ 2969 static struct net_device *get_vlan(struct genl_info *info, 2970 struct cfg80211_registered_device *rdev) 2971 { 2972 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 2973 struct net_device *v; 2974 int ret; 2975 2976 if (!vlanattr) 2977 return NULL; 2978 2979 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 2980 if (!v) 2981 return ERR_PTR(-ENODEV); 2982 2983 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 2984 ret = -EINVAL; 2985 goto error; 2986 } 2987 2988 if (!netif_running(v)) { 2989 ret = -ENETDOWN; 2990 goto error; 2991 } 2992 2993 return v; 2994 error: 2995 dev_put(v); 2996 return ERR_PTR(ret); 2997 } 2998 2999 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 3000 { 3001 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3002 int err; 3003 struct net_device *dev = info->user_ptr[1]; 3004 struct station_parameters params; 3005 u8 *mac_addr = NULL; 3006 3007 memset(¶ms, 0, sizeof(params)); 3008 3009 params.listen_interval = -1; 3010 params.plink_state = -1; 3011 3012 if (info->attrs[NL80211_ATTR_STA_AID]) 3013 return -EINVAL; 3014 3015 if (!info->attrs[NL80211_ATTR_MAC]) 3016 return -EINVAL; 3017 3018 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3019 3020 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 3021 params.supported_rates = 3022 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3023 params.supported_rates_len = 3024 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3025 } 3026 3027 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3028 params.listen_interval = 3029 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3030 3031 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3032 params.ht_capa = 3033 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3034 3035 if (!rdev->ops->change_station) 3036 return -EOPNOTSUPP; 3037 3038 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3039 return -EINVAL; 3040 3041 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3042 params.plink_action = 3043 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3044 3045 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 3046 params.plink_state = 3047 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 3048 3049 switch (dev->ieee80211_ptr->iftype) { 3050 case NL80211_IFTYPE_AP: 3051 case NL80211_IFTYPE_AP_VLAN: 3052 case NL80211_IFTYPE_P2P_GO: 3053 /* disallow mesh-specific things */ 3054 if (params.plink_action) 3055 return -EINVAL; 3056 3057 /* TDLS can't be set, ... */ 3058 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3059 return -EINVAL; 3060 /* 3061 * ... but don't bother the driver with it. This works around 3062 * a hostapd/wpa_supplicant issue -- it always includes the 3063 * TLDS_PEER flag in the mask even for AP mode. 3064 */ 3065 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3066 3067 /* accept only the listed bits */ 3068 if (params.sta_flags_mask & 3069 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3070 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 3071 BIT(NL80211_STA_FLAG_WME) | 3072 BIT(NL80211_STA_FLAG_MFP))) 3073 return -EINVAL; 3074 3075 /* must be last in here for error handling */ 3076 params.vlan = get_vlan(info, rdev); 3077 if (IS_ERR(params.vlan)) 3078 return PTR_ERR(params.vlan); 3079 break; 3080 case NL80211_IFTYPE_P2P_CLIENT: 3081 case NL80211_IFTYPE_STATION: 3082 /* 3083 * Don't allow userspace to change the TDLS_PEER flag, 3084 * but silently ignore attempts to change it since we 3085 * don't have state here to verify that it doesn't try 3086 * to change the flag. 3087 */ 3088 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3089 /* fall through */ 3090 case NL80211_IFTYPE_ADHOC: 3091 /* disallow things sta doesn't support */ 3092 if (params.plink_action) 3093 return -EINVAL; 3094 if (params.ht_capa) 3095 return -EINVAL; 3096 if (params.listen_interval >= 0) 3097 return -EINVAL; 3098 /* reject any changes other than AUTHORIZED */ 3099 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 3100 return -EINVAL; 3101 break; 3102 case NL80211_IFTYPE_MESH_POINT: 3103 /* disallow things mesh doesn't support */ 3104 if (params.vlan) 3105 return -EINVAL; 3106 if (params.ht_capa) 3107 return -EINVAL; 3108 if (params.listen_interval >= 0) 3109 return -EINVAL; 3110 /* 3111 * No special handling for TDLS here -- the userspace 3112 * mesh code doesn't have this bug. 3113 */ 3114 if (params.sta_flags_mask & 3115 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3116 BIT(NL80211_STA_FLAG_MFP) | 3117 BIT(NL80211_STA_FLAG_AUTHORIZED))) 3118 return -EINVAL; 3119 break; 3120 default: 3121 return -EOPNOTSUPP; 3122 } 3123 3124 /* be aware of params.vlan when changing code here */ 3125 3126 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 3127 3128 if (params.vlan) 3129 dev_put(params.vlan); 3130 3131 return err; 3132 } 3133 3134 static struct nla_policy 3135 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 3136 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 3137 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 3138 }; 3139 3140 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 3141 { 3142 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3143 int err; 3144 struct net_device *dev = info->user_ptr[1]; 3145 struct station_parameters params; 3146 u8 *mac_addr = NULL; 3147 3148 memset(¶ms, 0, sizeof(params)); 3149 3150 if (!info->attrs[NL80211_ATTR_MAC]) 3151 return -EINVAL; 3152 3153 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3154 return -EINVAL; 3155 3156 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 3157 return -EINVAL; 3158 3159 if (!info->attrs[NL80211_ATTR_STA_AID]) 3160 return -EINVAL; 3161 3162 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3163 params.supported_rates = 3164 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3165 params.supported_rates_len = 3166 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3167 params.listen_interval = 3168 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3169 3170 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 3171 if (!params.aid || params.aid > IEEE80211_MAX_AID) 3172 return -EINVAL; 3173 3174 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3175 params.ht_capa = 3176 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3177 3178 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3179 params.plink_action = 3180 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3181 3182 if (!rdev->ops->add_station) 3183 return -EOPNOTSUPP; 3184 3185 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3186 return -EINVAL; 3187 3188 switch (dev->ieee80211_ptr->iftype) { 3189 case NL80211_IFTYPE_AP: 3190 case NL80211_IFTYPE_AP_VLAN: 3191 case NL80211_IFTYPE_P2P_GO: 3192 /* parse WME attributes if sta is WME capable */ 3193 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 3194 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 3195 info->attrs[NL80211_ATTR_STA_WME]) { 3196 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3197 struct nlattr *nla; 3198 3199 nla = info->attrs[NL80211_ATTR_STA_WME]; 3200 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3201 nl80211_sta_wme_policy); 3202 if (err) 3203 return err; 3204 3205 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3206 params.uapsd_queues = 3207 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 3208 if (params.uapsd_queues & 3209 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3210 return -EINVAL; 3211 3212 if (tb[NL80211_STA_WME_MAX_SP]) 3213 params.max_sp = 3214 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3215 3216 if (params.max_sp & 3217 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3218 return -EINVAL; 3219 3220 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3221 } 3222 /* TDLS peers cannot be added */ 3223 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3224 return -EINVAL; 3225 /* but don't bother the driver with it */ 3226 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3227 3228 /* must be last in here for error handling */ 3229 params.vlan = get_vlan(info, rdev); 3230 if (IS_ERR(params.vlan)) 3231 return PTR_ERR(params.vlan); 3232 break; 3233 case NL80211_IFTYPE_MESH_POINT: 3234 /* TDLS peers cannot be added */ 3235 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3236 return -EINVAL; 3237 break; 3238 case NL80211_IFTYPE_STATION: 3239 /* Only TDLS peers can be added */ 3240 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 3241 return -EINVAL; 3242 /* Can only add if TDLS ... */ 3243 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 3244 return -EOPNOTSUPP; 3245 /* ... with external setup is supported */ 3246 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 3247 return -EOPNOTSUPP; 3248 break; 3249 default: 3250 return -EOPNOTSUPP; 3251 } 3252 3253 /* be aware of params.vlan when changing code here */ 3254 3255 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 3256 3257 if (params.vlan) 3258 dev_put(params.vlan); 3259 return err; 3260 } 3261 3262 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 3263 { 3264 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3265 struct net_device *dev = info->user_ptr[1]; 3266 u8 *mac_addr = NULL; 3267 3268 if (info->attrs[NL80211_ATTR_MAC]) 3269 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3270 3271 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3272 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 3273 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 3274 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3275 return -EINVAL; 3276 3277 if (!rdev->ops->del_station) 3278 return -EOPNOTSUPP; 3279 3280 return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 3281 } 3282 3283 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 3284 int flags, struct net_device *dev, 3285 u8 *dst, u8 *next_hop, 3286 struct mpath_info *pinfo) 3287 { 3288 void *hdr; 3289 struct nlattr *pinfoattr; 3290 3291 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 3292 if (!hdr) 3293 return -1; 3294 3295 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3296 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 3297 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 3298 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 3299 goto nla_put_failure; 3300 3301 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 3302 if (!pinfoattr) 3303 goto nla_put_failure; 3304 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 3305 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 3306 pinfo->frame_qlen)) 3307 goto nla_put_failure; 3308 if (((pinfo->filled & MPATH_INFO_SN) && 3309 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 3310 ((pinfo->filled & MPATH_INFO_METRIC) && 3311 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 3312 pinfo->metric)) || 3313 ((pinfo->filled & MPATH_INFO_EXPTIME) && 3314 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 3315 pinfo->exptime)) || 3316 ((pinfo->filled & MPATH_INFO_FLAGS) && 3317 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 3318 pinfo->flags)) || 3319 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 3320 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 3321 pinfo->discovery_timeout)) || 3322 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 3323 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 3324 pinfo->discovery_retries))) 3325 goto nla_put_failure; 3326 3327 nla_nest_end(msg, pinfoattr); 3328 3329 return genlmsg_end(msg, hdr); 3330 3331 nla_put_failure: 3332 genlmsg_cancel(msg, hdr); 3333 return -EMSGSIZE; 3334 } 3335 3336 static int nl80211_dump_mpath(struct sk_buff *skb, 3337 struct netlink_callback *cb) 3338 { 3339 struct mpath_info pinfo; 3340 struct cfg80211_registered_device *dev; 3341 struct net_device *netdev; 3342 u8 dst[ETH_ALEN]; 3343 u8 next_hop[ETH_ALEN]; 3344 int path_idx = cb->args[1]; 3345 int err; 3346 3347 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3348 if (err) 3349 return err; 3350 3351 if (!dev->ops->dump_mpath) { 3352 err = -EOPNOTSUPP; 3353 goto out_err; 3354 } 3355 3356 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 3357 err = -EOPNOTSUPP; 3358 goto out_err; 3359 } 3360 3361 while (1) { 3362 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 3363 dst, next_hop, &pinfo); 3364 if (err == -ENOENT) 3365 break; 3366 if (err) 3367 goto out_err; 3368 3369 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 3370 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3371 netdev, dst, next_hop, 3372 &pinfo) < 0) 3373 goto out; 3374 3375 path_idx++; 3376 } 3377 3378 3379 out: 3380 cb->args[1] = path_idx; 3381 err = skb->len; 3382 out_err: 3383 nl80211_finish_netdev_dump(dev); 3384 return err; 3385 } 3386 3387 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3388 { 3389 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3390 int err; 3391 struct net_device *dev = info->user_ptr[1]; 3392 struct mpath_info pinfo; 3393 struct sk_buff *msg; 3394 u8 *dst = NULL; 3395 u8 next_hop[ETH_ALEN]; 3396 3397 memset(&pinfo, 0, sizeof(pinfo)); 3398 3399 if (!info->attrs[NL80211_ATTR_MAC]) 3400 return -EINVAL; 3401 3402 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3403 3404 if (!rdev->ops->get_mpath) 3405 return -EOPNOTSUPP; 3406 3407 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3408 return -EOPNOTSUPP; 3409 3410 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 3411 if (err) 3412 return err; 3413 3414 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3415 if (!msg) 3416 return -ENOMEM; 3417 3418 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 3419 dev, dst, next_hop, &pinfo) < 0) { 3420 nlmsg_free(msg); 3421 return -ENOBUFS; 3422 } 3423 3424 return genlmsg_reply(msg, info); 3425 } 3426 3427 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3428 { 3429 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3430 struct net_device *dev = info->user_ptr[1]; 3431 u8 *dst = NULL; 3432 u8 *next_hop = NULL; 3433 3434 if (!info->attrs[NL80211_ATTR_MAC]) 3435 return -EINVAL; 3436 3437 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3438 return -EINVAL; 3439 3440 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3441 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3442 3443 if (!rdev->ops->change_mpath) 3444 return -EOPNOTSUPP; 3445 3446 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3447 return -EOPNOTSUPP; 3448 3449 return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 3450 } 3451 3452 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3453 { 3454 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3455 struct net_device *dev = info->user_ptr[1]; 3456 u8 *dst = NULL; 3457 u8 *next_hop = NULL; 3458 3459 if (!info->attrs[NL80211_ATTR_MAC]) 3460 return -EINVAL; 3461 3462 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3463 return -EINVAL; 3464 3465 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3466 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3467 3468 if (!rdev->ops->add_mpath) 3469 return -EOPNOTSUPP; 3470 3471 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3472 return -EOPNOTSUPP; 3473 3474 return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 3475 } 3476 3477 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3478 { 3479 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3480 struct net_device *dev = info->user_ptr[1]; 3481 u8 *dst = NULL; 3482 3483 if (info->attrs[NL80211_ATTR_MAC]) 3484 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3485 3486 if (!rdev->ops->del_mpath) 3487 return -EOPNOTSUPP; 3488 3489 return rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 3490 } 3491 3492 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3493 { 3494 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3495 struct net_device *dev = info->user_ptr[1]; 3496 struct bss_parameters params; 3497 3498 memset(¶ms, 0, sizeof(params)); 3499 /* default to not changing parameters */ 3500 params.use_cts_prot = -1; 3501 params.use_short_preamble = -1; 3502 params.use_short_slot_time = -1; 3503 params.ap_isolate = -1; 3504 params.ht_opmode = -1; 3505 3506 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 3507 params.use_cts_prot = 3508 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 3509 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 3510 params.use_short_preamble = 3511 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 3512 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 3513 params.use_short_slot_time = 3514 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 3515 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3516 params.basic_rates = 3517 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3518 params.basic_rates_len = 3519 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3520 } 3521 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 3522 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 3523 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 3524 params.ht_opmode = 3525 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 3526 3527 if (!rdev->ops->change_bss) 3528 return -EOPNOTSUPP; 3529 3530 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3531 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3532 return -EOPNOTSUPP; 3533 3534 return rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 3535 } 3536 3537 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 3538 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3539 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3540 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3541 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3542 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3543 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3544 }; 3545 3546 static int parse_reg_rule(struct nlattr *tb[], 3547 struct ieee80211_reg_rule *reg_rule) 3548 { 3549 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 3550 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 3551 3552 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 3553 return -EINVAL; 3554 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 3555 return -EINVAL; 3556 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 3557 return -EINVAL; 3558 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 3559 return -EINVAL; 3560 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 3561 return -EINVAL; 3562 3563 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 3564 3565 freq_range->start_freq_khz = 3566 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 3567 freq_range->end_freq_khz = 3568 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 3569 freq_range->max_bandwidth_khz = 3570 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 3571 3572 power_rule->max_eirp = 3573 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 3574 3575 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 3576 power_rule->max_antenna_gain = 3577 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 3578 3579 return 0; 3580 } 3581 3582 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 3583 { 3584 int r; 3585 char *data = NULL; 3586 enum nl80211_user_reg_hint_type user_reg_hint_type; 3587 3588 /* 3589 * You should only get this when cfg80211 hasn't yet initialized 3590 * completely when built-in to the kernel right between the time 3591 * window between nl80211_init() and regulatory_init(), if that is 3592 * even possible. 3593 */ 3594 mutex_lock(&cfg80211_mutex); 3595 if (unlikely(!cfg80211_regdomain)) { 3596 mutex_unlock(&cfg80211_mutex); 3597 return -EINPROGRESS; 3598 } 3599 mutex_unlock(&cfg80211_mutex); 3600 3601 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3602 return -EINVAL; 3603 3604 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3605 3606 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 3607 user_reg_hint_type = 3608 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 3609 else 3610 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 3611 3612 switch (user_reg_hint_type) { 3613 case NL80211_USER_REG_HINT_USER: 3614 case NL80211_USER_REG_HINT_CELL_BASE: 3615 break; 3616 default: 3617 return -EINVAL; 3618 } 3619 3620 r = regulatory_hint_user(data, user_reg_hint_type); 3621 3622 return r; 3623 } 3624 3625 static int nl80211_get_mesh_config(struct sk_buff *skb, 3626 struct genl_info *info) 3627 { 3628 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3629 struct net_device *dev = info->user_ptr[1]; 3630 struct wireless_dev *wdev = dev->ieee80211_ptr; 3631 struct mesh_config cur_params; 3632 int err = 0; 3633 void *hdr; 3634 struct nlattr *pinfoattr; 3635 struct sk_buff *msg; 3636 3637 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3638 return -EOPNOTSUPP; 3639 3640 if (!rdev->ops->get_mesh_config) 3641 return -EOPNOTSUPP; 3642 3643 wdev_lock(wdev); 3644 /* If not connected, get default parameters */ 3645 if (!wdev->mesh_id_len) 3646 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 3647 else 3648 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev, 3649 &cur_params); 3650 wdev_unlock(wdev); 3651 3652 if (err) 3653 return err; 3654 3655 /* Draw up a netlink message to send back */ 3656 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3657 if (!msg) 3658 return -ENOMEM; 3659 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3660 NL80211_CMD_GET_MESH_CONFIG); 3661 if (!hdr) 3662 goto out; 3663 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3664 if (!pinfoattr) 3665 goto nla_put_failure; 3666 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3667 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3668 cur_params.dot11MeshRetryTimeout) || 3669 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3670 cur_params.dot11MeshConfirmTimeout) || 3671 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3672 cur_params.dot11MeshHoldingTimeout) || 3673 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3674 cur_params.dot11MeshMaxPeerLinks) || 3675 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 3676 cur_params.dot11MeshMaxRetries) || 3677 nla_put_u8(msg, NL80211_MESHCONF_TTL, 3678 cur_params.dot11MeshTTL) || 3679 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3680 cur_params.element_ttl) || 3681 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3682 cur_params.auto_open_plinks) || 3683 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3684 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 3685 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3686 cur_params.dot11MeshHWMPmaxPREQretries) || 3687 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3688 cur_params.path_refresh_time) || 3689 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3690 cur_params.min_discovery_timeout) || 3691 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3692 cur_params.dot11MeshHWMPactivePathTimeout) || 3693 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3694 cur_params.dot11MeshHWMPpreqMinInterval) || 3695 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3696 cur_params.dot11MeshHWMPperrMinInterval) || 3697 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3698 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 3699 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3700 cur_params.dot11MeshHWMPRootMode) || 3701 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3702 cur_params.dot11MeshHWMPRannInterval) || 3703 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3704 cur_params.dot11MeshGateAnnouncementProtocol) || 3705 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 3706 cur_params.dot11MeshForwarding) || 3707 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3708 cur_params.rssi_threshold) || 3709 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 3710 cur_params.ht_opmode) || 3711 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 3712 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 3713 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 3714 cur_params.dot11MeshHWMProotInterval) || 3715 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 3716 cur_params.dot11MeshHWMPconfirmationInterval)) 3717 goto nla_put_failure; 3718 nla_nest_end(msg, pinfoattr); 3719 genlmsg_end(msg, hdr); 3720 return genlmsg_reply(msg, info); 3721 3722 nla_put_failure: 3723 genlmsg_cancel(msg, hdr); 3724 out: 3725 nlmsg_free(msg); 3726 return -ENOBUFS; 3727 } 3728 3729 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 3730 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 3731 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 3732 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 3733 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 3734 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 3735 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 3736 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 3737 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 3738 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 3739 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 3740 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 3741 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 3742 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 3743 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 3744 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 3745 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 3746 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 3747 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 3748 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 3749 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 3750 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 3751 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 3752 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 3753 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 3754 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 3755 }; 3756 3757 static const struct nla_policy 3758 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 3759 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 3760 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 3761 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 3762 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 3763 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 3764 .len = IEEE80211_MAX_DATA_LEN }, 3765 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 3766 }; 3767 3768 static int nl80211_parse_mesh_config(struct genl_info *info, 3769 struct mesh_config *cfg, 3770 u32 *mask_out) 3771 { 3772 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 3773 u32 mask = 0; 3774 3775 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 3776 do {\ 3777 if (table[attr_num]) {\ 3778 cfg->param = nla_fn(table[attr_num]); \ 3779 mask |= (1 << (attr_num - 1)); \ 3780 } \ 3781 } while (0);\ 3782 3783 3784 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 3785 return -EINVAL; 3786 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 3787 info->attrs[NL80211_ATTR_MESH_CONFIG], 3788 nl80211_meshconf_params_policy)) 3789 return -EINVAL; 3790 3791 /* This makes sure that there aren't more than 32 mesh config 3792 * parameters (otherwise our bitfield scheme would not work.) */ 3793 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 3794 3795 /* Fill in the params struct */ 3796 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 3797 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 3798 nla_get_u16); 3799 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 3800 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3801 nla_get_u16); 3802 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 3803 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 3804 nla_get_u16); 3805 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 3806 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 3807 nla_get_u16); 3808 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 3809 mask, NL80211_MESHCONF_MAX_RETRIES, 3810 nla_get_u8); 3811 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 3812 mask, NL80211_MESHCONF_TTL, nla_get_u8); 3813 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 3814 mask, NL80211_MESHCONF_ELEMENT_TTL, 3815 nla_get_u8); 3816 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 3817 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3818 nla_get_u8); 3819 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, mask, 3820 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3821 nla_get_u32); 3822 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 3823 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3824 nla_get_u8); 3825 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 3826 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 3827 nla_get_u32); 3828 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 3829 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3830 nla_get_u16); 3831 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, mask, 3832 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3833 nla_get_u32); 3834 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 3835 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3836 nla_get_u16); 3837 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 3838 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3839 nla_get_u16); 3840 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3841 dot11MeshHWMPnetDiameterTraversalTime, mask, 3842 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3843 nla_get_u16); 3844 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask, 3845 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8); 3846 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask, 3847 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3848 nla_get_u16); 3849 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3850 dot11MeshGateAnnouncementProtocol, mask, 3851 NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3852 nla_get_u8); 3853 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 3854 mask, NL80211_MESHCONF_FORWARDING, 3855 nla_get_u8); 3856 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 3857 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 3858 nla_get_u32); 3859 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 3860 mask, NL80211_MESHCONF_HT_OPMODE, 3861 nla_get_u16); 3862 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 3863 mask, 3864 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 3865 nla_get_u32); 3866 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 3867 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 3868 nla_get_u16); 3869 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3870 dot11MeshHWMPconfirmationInterval, mask, 3871 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 3872 nla_get_u16); 3873 if (mask_out) 3874 *mask_out = mask; 3875 3876 return 0; 3877 3878 #undef FILL_IN_MESH_PARAM_IF_SET 3879 } 3880 3881 static int nl80211_parse_mesh_setup(struct genl_info *info, 3882 struct mesh_setup *setup) 3883 { 3884 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 3885 3886 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 3887 return -EINVAL; 3888 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 3889 info->attrs[NL80211_ATTR_MESH_SETUP], 3890 nl80211_mesh_setup_params_policy)) 3891 return -EINVAL; 3892 3893 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 3894 setup->sync_method = 3895 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 3896 IEEE80211_SYNC_METHOD_VENDOR : 3897 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 3898 3899 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 3900 setup->path_sel_proto = 3901 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 3902 IEEE80211_PATH_PROTOCOL_VENDOR : 3903 IEEE80211_PATH_PROTOCOL_HWMP; 3904 3905 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 3906 setup->path_metric = 3907 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 3908 IEEE80211_PATH_METRIC_VENDOR : 3909 IEEE80211_PATH_METRIC_AIRTIME; 3910 3911 3912 if (tb[NL80211_MESH_SETUP_IE]) { 3913 struct nlattr *ieattr = 3914 tb[NL80211_MESH_SETUP_IE]; 3915 if (!is_valid_ie_attr(ieattr)) 3916 return -EINVAL; 3917 setup->ie = nla_data(ieattr); 3918 setup->ie_len = nla_len(ieattr); 3919 } 3920 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 3921 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 3922 3923 return 0; 3924 } 3925 3926 static int nl80211_update_mesh_config(struct sk_buff *skb, 3927 struct genl_info *info) 3928 { 3929 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3930 struct net_device *dev = info->user_ptr[1]; 3931 struct wireless_dev *wdev = dev->ieee80211_ptr; 3932 struct mesh_config cfg; 3933 u32 mask; 3934 int err; 3935 3936 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3937 return -EOPNOTSUPP; 3938 3939 if (!rdev->ops->update_mesh_config) 3940 return -EOPNOTSUPP; 3941 3942 err = nl80211_parse_mesh_config(info, &cfg, &mask); 3943 if (err) 3944 return err; 3945 3946 wdev_lock(wdev); 3947 if (!wdev->mesh_id_len) 3948 err = -ENOLINK; 3949 3950 if (!err) 3951 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev, 3952 mask, &cfg); 3953 3954 wdev_unlock(wdev); 3955 3956 return err; 3957 } 3958 3959 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 3960 { 3961 struct sk_buff *msg; 3962 void *hdr = NULL; 3963 struct nlattr *nl_reg_rules; 3964 unsigned int i; 3965 int err = -EINVAL; 3966 3967 mutex_lock(&cfg80211_mutex); 3968 3969 if (!cfg80211_regdomain) 3970 goto out; 3971 3972 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3973 if (!msg) { 3974 err = -ENOBUFS; 3975 goto out; 3976 } 3977 3978 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3979 NL80211_CMD_GET_REG); 3980 if (!hdr) 3981 goto put_failure; 3982 3983 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 3984 cfg80211_regdomain->alpha2) || 3985 (cfg80211_regdomain->dfs_region && 3986 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, 3987 cfg80211_regdomain->dfs_region))) 3988 goto nla_put_failure; 3989 3990 if (reg_last_request_cell_base() && 3991 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 3992 NL80211_USER_REG_HINT_CELL_BASE)) 3993 goto nla_put_failure; 3994 3995 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 3996 if (!nl_reg_rules) 3997 goto nla_put_failure; 3998 3999 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 4000 struct nlattr *nl_reg_rule; 4001 const struct ieee80211_reg_rule *reg_rule; 4002 const struct ieee80211_freq_range *freq_range; 4003 const struct ieee80211_power_rule *power_rule; 4004 4005 reg_rule = &cfg80211_regdomain->reg_rules[i]; 4006 freq_range = ®_rule->freq_range; 4007 power_rule = ®_rule->power_rule; 4008 4009 nl_reg_rule = nla_nest_start(msg, i); 4010 if (!nl_reg_rule) 4011 goto nla_put_failure; 4012 4013 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 4014 reg_rule->flags) || 4015 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 4016 freq_range->start_freq_khz) || 4017 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 4018 freq_range->end_freq_khz) || 4019 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 4020 freq_range->max_bandwidth_khz) || 4021 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 4022 power_rule->max_antenna_gain) || 4023 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 4024 power_rule->max_eirp)) 4025 goto nla_put_failure; 4026 4027 nla_nest_end(msg, nl_reg_rule); 4028 } 4029 4030 nla_nest_end(msg, nl_reg_rules); 4031 4032 genlmsg_end(msg, hdr); 4033 err = genlmsg_reply(msg, info); 4034 goto out; 4035 4036 nla_put_failure: 4037 genlmsg_cancel(msg, hdr); 4038 put_failure: 4039 nlmsg_free(msg); 4040 err = -EMSGSIZE; 4041 out: 4042 mutex_unlock(&cfg80211_mutex); 4043 return err; 4044 } 4045 4046 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 4047 { 4048 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 4049 struct nlattr *nl_reg_rule; 4050 char *alpha2 = NULL; 4051 int rem_reg_rules = 0, r = 0; 4052 u32 num_rules = 0, rule_idx = 0, size_of_regd; 4053 u8 dfs_region = 0; 4054 struct ieee80211_regdomain *rd = NULL; 4055 4056 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4057 return -EINVAL; 4058 4059 if (!info->attrs[NL80211_ATTR_REG_RULES]) 4060 return -EINVAL; 4061 4062 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4063 4064 if (info->attrs[NL80211_ATTR_DFS_REGION]) 4065 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 4066 4067 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4068 rem_reg_rules) { 4069 num_rules++; 4070 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 4071 return -EINVAL; 4072 } 4073 4074 mutex_lock(&cfg80211_mutex); 4075 4076 if (!reg_is_valid_request(alpha2)) { 4077 r = -EINVAL; 4078 goto bad_reg; 4079 } 4080 4081 size_of_regd = sizeof(struct ieee80211_regdomain) + 4082 (num_rules * sizeof(struct ieee80211_reg_rule)); 4083 4084 rd = kzalloc(size_of_regd, GFP_KERNEL); 4085 if (!rd) { 4086 r = -ENOMEM; 4087 goto bad_reg; 4088 } 4089 4090 rd->n_reg_rules = num_rules; 4091 rd->alpha2[0] = alpha2[0]; 4092 rd->alpha2[1] = alpha2[1]; 4093 4094 /* 4095 * Disable DFS master mode if the DFS region was 4096 * not supported or known on this kernel. 4097 */ 4098 if (reg_supported_dfs_region(dfs_region)) 4099 rd->dfs_region = dfs_region; 4100 4101 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4102 rem_reg_rules) { 4103 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 4104 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 4105 reg_rule_policy); 4106 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 4107 if (r) 4108 goto bad_reg; 4109 4110 rule_idx++; 4111 4112 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 4113 r = -EINVAL; 4114 goto bad_reg; 4115 } 4116 } 4117 4118 BUG_ON(rule_idx != num_rules); 4119 4120 r = set_regdom(rd); 4121 4122 mutex_unlock(&cfg80211_mutex); 4123 4124 return r; 4125 4126 bad_reg: 4127 mutex_unlock(&cfg80211_mutex); 4128 kfree(rd); 4129 return r; 4130 } 4131 4132 static int validate_scan_freqs(struct nlattr *freqs) 4133 { 4134 struct nlattr *attr1, *attr2; 4135 int n_channels = 0, tmp1, tmp2; 4136 4137 nla_for_each_nested(attr1, freqs, tmp1) { 4138 n_channels++; 4139 /* 4140 * Some hardware has a limited channel list for 4141 * scanning, and it is pretty much nonsensical 4142 * to scan for a channel twice, so disallow that 4143 * and don't require drivers to check that the 4144 * channel list they get isn't longer than what 4145 * they can scan, as long as they can scan all 4146 * the channels they registered at once. 4147 */ 4148 nla_for_each_nested(attr2, freqs, tmp2) 4149 if (attr1 != attr2 && 4150 nla_get_u32(attr1) == nla_get_u32(attr2)) 4151 return 0; 4152 } 4153 4154 return n_channels; 4155 } 4156 4157 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 4158 { 4159 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4160 struct wireless_dev *wdev = info->user_ptr[1]; 4161 struct cfg80211_scan_request *request; 4162 struct nlattr *attr; 4163 struct wiphy *wiphy; 4164 int err, tmp, n_ssids = 0, n_channels, i; 4165 size_t ie_len; 4166 4167 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4168 return -EINVAL; 4169 4170 wiphy = &rdev->wiphy; 4171 4172 if (!rdev->ops->scan) 4173 return -EOPNOTSUPP; 4174 4175 if (rdev->scan_req) 4176 return -EBUSY; 4177 4178 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4179 n_channels = validate_scan_freqs( 4180 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4181 if (!n_channels) 4182 return -EINVAL; 4183 } else { 4184 enum ieee80211_band band; 4185 n_channels = 0; 4186 4187 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4188 if (wiphy->bands[band]) 4189 n_channels += wiphy->bands[band]->n_channels; 4190 } 4191 4192 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4193 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 4194 n_ssids++; 4195 4196 if (n_ssids > wiphy->max_scan_ssids) 4197 return -EINVAL; 4198 4199 if (info->attrs[NL80211_ATTR_IE]) 4200 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4201 else 4202 ie_len = 0; 4203 4204 if (ie_len > wiphy->max_scan_ie_len) 4205 return -EINVAL; 4206 4207 request = kzalloc(sizeof(*request) 4208 + sizeof(*request->ssids) * n_ssids 4209 + sizeof(*request->channels) * n_channels 4210 + ie_len, GFP_KERNEL); 4211 if (!request) 4212 return -ENOMEM; 4213 4214 if (n_ssids) 4215 request->ssids = (void *)&request->channels[n_channels]; 4216 request->n_ssids = n_ssids; 4217 if (ie_len) { 4218 if (request->ssids) 4219 request->ie = (void *)(request->ssids + n_ssids); 4220 else 4221 request->ie = (void *)(request->channels + n_channels); 4222 } 4223 4224 i = 0; 4225 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4226 /* user specified, bail out if channel not found */ 4227 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 4228 struct ieee80211_channel *chan; 4229 4230 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4231 4232 if (!chan) { 4233 err = -EINVAL; 4234 goto out_free; 4235 } 4236 4237 /* ignore disabled channels */ 4238 if (chan->flags & IEEE80211_CHAN_DISABLED) 4239 continue; 4240 4241 request->channels[i] = chan; 4242 i++; 4243 } 4244 } else { 4245 enum ieee80211_band band; 4246 4247 /* all channels */ 4248 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4249 int j; 4250 if (!wiphy->bands[band]) 4251 continue; 4252 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4253 struct ieee80211_channel *chan; 4254 4255 chan = &wiphy->bands[band]->channels[j]; 4256 4257 if (chan->flags & IEEE80211_CHAN_DISABLED) 4258 continue; 4259 4260 request->channels[i] = chan; 4261 i++; 4262 } 4263 } 4264 } 4265 4266 if (!i) { 4267 err = -EINVAL; 4268 goto out_free; 4269 } 4270 4271 request->n_channels = i; 4272 4273 i = 0; 4274 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4275 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 4276 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4277 err = -EINVAL; 4278 goto out_free; 4279 } 4280 request->ssids[i].ssid_len = nla_len(attr); 4281 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 4282 i++; 4283 } 4284 } 4285 4286 if (info->attrs[NL80211_ATTR_IE]) { 4287 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4288 memcpy((void *)request->ie, 4289 nla_data(info->attrs[NL80211_ATTR_IE]), 4290 request->ie_len); 4291 } 4292 4293 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 4294 if (wiphy->bands[i]) 4295 request->rates[i] = 4296 (1 << wiphy->bands[i]->n_bitrates) - 1; 4297 4298 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 4299 nla_for_each_nested(attr, 4300 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 4301 tmp) { 4302 enum ieee80211_band band = nla_type(attr); 4303 4304 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4305 err = -EINVAL; 4306 goto out_free; 4307 } 4308 err = ieee80211_get_ratemask(wiphy->bands[band], 4309 nla_data(attr), 4310 nla_len(attr), 4311 &request->rates[band]); 4312 if (err) 4313 goto out_free; 4314 } 4315 } 4316 4317 request->no_cck = 4318 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 4319 4320 request->wdev = wdev; 4321 request->wiphy = &rdev->wiphy; 4322 4323 rdev->scan_req = request; 4324 err = rdev->ops->scan(&rdev->wiphy, request); 4325 4326 if (!err) { 4327 nl80211_send_scan_start(rdev, wdev); 4328 if (wdev->netdev) 4329 dev_hold(wdev->netdev); 4330 } else { 4331 out_free: 4332 rdev->scan_req = NULL; 4333 kfree(request); 4334 } 4335 4336 return err; 4337 } 4338 4339 static int nl80211_start_sched_scan(struct sk_buff *skb, 4340 struct genl_info *info) 4341 { 4342 struct cfg80211_sched_scan_request *request; 4343 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4344 struct net_device *dev = info->user_ptr[1]; 4345 struct nlattr *attr; 4346 struct wiphy *wiphy; 4347 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 4348 u32 interval; 4349 enum ieee80211_band band; 4350 size_t ie_len; 4351 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 4352 4353 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4354 !rdev->ops->sched_scan_start) 4355 return -EOPNOTSUPP; 4356 4357 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4358 return -EINVAL; 4359 4360 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 4361 return -EINVAL; 4362 4363 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 4364 if (interval == 0) 4365 return -EINVAL; 4366 4367 wiphy = &rdev->wiphy; 4368 4369 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4370 n_channels = validate_scan_freqs( 4371 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4372 if (!n_channels) 4373 return -EINVAL; 4374 } else { 4375 n_channels = 0; 4376 4377 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4378 if (wiphy->bands[band]) 4379 n_channels += wiphy->bands[band]->n_channels; 4380 } 4381 4382 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4383 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4384 tmp) 4385 n_ssids++; 4386 4387 if (n_ssids > wiphy->max_sched_scan_ssids) 4388 return -EINVAL; 4389 4390 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 4391 nla_for_each_nested(attr, 4392 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4393 tmp) 4394 n_match_sets++; 4395 4396 if (n_match_sets > wiphy->max_match_sets) 4397 return -EINVAL; 4398 4399 if (info->attrs[NL80211_ATTR_IE]) 4400 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4401 else 4402 ie_len = 0; 4403 4404 if (ie_len > wiphy->max_sched_scan_ie_len) 4405 return -EINVAL; 4406 4407 mutex_lock(&rdev->sched_scan_mtx); 4408 4409 if (rdev->sched_scan_req) { 4410 err = -EINPROGRESS; 4411 goto out; 4412 } 4413 4414 request = kzalloc(sizeof(*request) 4415 + sizeof(*request->ssids) * n_ssids 4416 + sizeof(*request->match_sets) * n_match_sets 4417 + sizeof(*request->channels) * n_channels 4418 + ie_len, GFP_KERNEL); 4419 if (!request) { 4420 err = -ENOMEM; 4421 goto out; 4422 } 4423 4424 if (n_ssids) 4425 request->ssids = (void *)&request->channels[n_channels]; 4426 request->n_ssids = n_ssids; 4427 if (ie_len) { 4428 if (request->ssids) 4429 request->ie = (void *)(request->ssids + n_ssids); 4430 else 4431 request->ie = (void *)(request->channels + n_channels); 4432 } 4433 4434 if (n_match_sets) { 4435 if (request->ie) 4436 request->match_sets = (void *)(request->ie + ie_len); 4437 else if (request->ssids) 4438 request->match_sets = 4439 (void *)(request->ssids + n_ssids); 4440 else 4441 request->match_sets = 4442 (void *)(request->channels + n_channels); 4443 } 4444 request->n_match_sets = n_match_sets; 4445 4446 i = 0; 4447 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4448 /* user specified, bail out if channel not found */ 4449 nla_for_each_nested(attr, 4450 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4451 tmp) { 4452 struct ieee80211_channel *chan; 4453 4454 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4455 4456 if (!chan) { 4457 err = -EINVAL; 4458 goto out_free; 4459 } 4460 4461 /* ignore disabled channels */ 4462 if (chan->flags & IEEE80211_CHAN_DISABLED) 4463 continue; 4464 4465 request->channels[i] = chan; 4466 i++; 4467 } 4468 } else { 4469 /* all channels */ 4470 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4471 int j; 4472 if (!wiphy->bands[band]) 4473 continue; 4474 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4475 struct ieee80211_channel *chan; 4476 4477 chan = &wiphy->bands[band]->channels[j]; 4478 4479 if (chan->flags & IEEE80211_CHAN_DISABLED) 4480 continue; 4481 4482 request->channels[i] = chan; 4483 i++; 4484 } 4485 } 4486 } 4487 4488 if (!i) { 4489 err = -EINVAL; 4490 goto out_free; 4491 } 4492 4493 request->n_channels = i; 4494 4495 i = 0; 4496 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4497 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4498 tmp) { 4499 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4500 err = -EINVAL; 4501 goto out_free; 4502 } 4503 request->ssids[i].ssid_len = nla_len(attr); 4504 memcpy(request->ssids[i].ssid, nla_data(attr), 4505 nla_len(attr)); 4506 i++; 4507 } 4508 } 4509 4510 i = 0; 4511 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 4512 nla_for_each_nested(attr, 4513 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4514 tmp) { 4515 struct nlattr *ssid, *rssi; 4516 4517 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 4518 nla_data(attr), nla_len(attr), 4519 nl80211_match_policy); 4520 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 4521 if (ssid) { 4522 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 4523 err = -EINVAL; 4524 goto out_free; 4525 } 4526 memcpy(request->match_sets[i].ssid.ssid, 4527 nla_data(ssid), nla_len(ssid)); 4528 request->match_sets[i].ssid.ssid_len = 4529 nla_len(ssid); 4530 } 4531 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 4532 if (rssi) 4533 request->rssi_thold = nla_get_u32(rssi); 4534 else 4535 request->rssi_thold = 4536 NL80211_SCAN_RSSI_THOLD_OFF; 4537 i++; 4538 } 4539 } 4540 4541 if (info->attrs[NL80211_ATTR_IE]) { 4542 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4543 memcpy((void *)request->ie, 4544 nla_data(info->attrs[NL80211_ATTR_IE]), 4545 request->ie_len); 4546 } 4547 4548 request->dev = dev; 4549 request->wiphy = &rdev->wiphy; 4550 request->interval = interval; 4551 4552 err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request); 4553 if (!err) { 4554 rdev->sched_scan_req = request; 4555 nl80211_send_sched_scan(rdev, dev, 4556 NL80211_CMD_START_SCHED_SCAN); 4557 goto out; 4558 } 4559 4560 out_free: 4561 kfree(request); 4562 out: 4563 mutex_unlock(&rdev->sched_scan_mtx); 4564 return err; 4565 } 4566 4567 static int nl80211_stop_sched_scan(struct sk_buff *skb, 4568 struct genl_info *info) 4569 { 4570 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4571 int err; 4572 4573 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4574 !rdev->ops->sched_scan_stop) 4575 return -EOPNOTSUPP; 4576 4577 mutex_lock(&rdev->sched_scan_mtx); 4578 err = __cfg80211_stop_sched_scan(rdev, false); 4579 mutex_unlock(&rdev->sched_scan_mtx); 4580 4581 return err; 4582 } 4583 4584 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 4585 u32 seq, int flags, 4586 struct cfg80211_registered_device *rdev, 4587 struct wireless_dev *wdev, 4588 struct cfg80211_internal_bss *intbss) 4589 { 4590 struct cfg80211_bss *res = &intbss->pub; 4591 void *hdr; 4592 struct nlattr *bss; 4593 4594 ASSERT_WDEV_LOCK(wdev); 4595 4596 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags, 4597 NL80211_CMD_NEW_SCAN_RESULTS); 4598 if (!hdr) 4599 return -1; 4600 4601 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4602 4603 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 4604 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 4605 goto nla_put_failure; 4606 4607 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4608 if (!bss) 4609 goto nla_put_failure; 4610 if ((!is_zero_ether_addr(res->bssid) && 4611 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) || 4612 (res->information_elements && res->len_information_elements && 4613 nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4614 res->len_information_elements, 4615 res->information_elements)) || 4616 (res->beacon_ies && res->len_beacon_ies && 4617 res->beacon_ies != res->information_elements && 4618 nla_put(msg, NL80211_BSS_BEACON_IES, 4619 res->len_beacon_ies, res->beacon_ies))) 4620 goto nla_put_failure; 4621 if (res->tsf && 4622 nla_put_u64(msg, NL80211_BSS_TSF, res->tsf)) 4623 goto nla_put_failure; 4624 if (res->beacon_interval && 4625 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 4626 goto nla_put_failure; 4627 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 4628 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 4629 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 4630 jiffies_to_msecs(jiffies - intbss->ts))) 4631 goto nla_put_failure; 4632 4633 switch (rdev->wiphy.signal_type) { 4634 case CFG80211_SIGNAL_TYPE_MBM: 4635 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 4636 goto nla_put_failure; 4637 break; 4638 case CFG80211_SIGNAL_TYPE_UNSPEC: 4639 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 4640 goto nla_put_failure; 4641 break; 4642 default: 4643 break; 4644 } 4645 4646 switch (wdev->iftype) { 4647 case NL80211_IFTYPE_P2P_CLIENT: 4648 case NL80211_IFTYPE_STATION: 4649 if (intbss == wdev->current_bss && 4650 nla_put_u32(msg, NL80211_BSS_STATUS, 4651 NL80211_BSS_STATUS_ASSOCIATED)) 4652 goto nla_put_failure; 4653 break; 4654 case NL80211_IFTYPE_ADHOC: 4655 if (intbss == wdev->current_bss && 4656 nla_put_u32(msg, NL80211_BSS_STATUS, 4657 NL80211_BSS_STATUS_IBSS_JOINED)) 4658 goto nla_put_failure; 4659 break; 4660 default: 4661 break; 4662 } 4663 4664 nla_nest_end(msg, bss); 4665 4666 return genlmsg_end(msg, hdr); 4667 4668 nla_put_failure: 4669 genlmsg_cancel(msg, hdr); 4670 return -EMSGSIZE; 4671 } 4672 4673 static int nl80211_dump_scan(struct sk_buff *skb, 4674 struct netlink_callback *cb) 4675 { 4676 struct cfg80211_registered_device *rdev; 4677 struct net_device *dev; 4678 struct cfg80211_internal_bss *scan; 4679 struct wireless_dev *wdev; 4680 int start = cb->args[1], idx = 0; 4681 int err; 4682 4683 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 4684 if (err) 4685 return err; 4686 4687 wdev = dev->ieee80211_ptr; 4688 4689 wdev_lock(wdev); 4690 spin_lock_bh(&rdev->bss_lock); 4691 cfg80211_bss_expire(rdev); 4692 4693 cb->seq = rdev->bss_generation; 4694 4695 list_for_each_entry(scan, &rdev->bss_list, list) { 4696 if (++idx <= start) 4697 continue; 4698 if (nl80211_send_bss(skb, cb, 4699 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4700 rdev, wdev, scan) < 0) { 4701 idx--; 4702 break; 4703 } 4704 } 4705 4706 spin_unlock_bh(&rdev->bss_lock); 4707 wdev_unlock(wdev); 4708 4709 cb->args[1] = idx; 4710 nl80211_finish_netdev_dump(rdev); 4711 4712 return skb->len; 4713 } 4714 4715 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 4716 int flags, struct net_device *dev, 4717 struct survey_info *survey) 4718 { 4719 void *hdr; 4720 struct nlattr *infoattr; 4721 4722 hdr = nl80211hdr_put(msg, pid, seq, flags, 4723 NL80211_CMD_NEW_SURVEY_RESULTS); 4724 if (!hdr) 4725 return -ENOMEM; 4726 4727 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 4728 goto nla_put_failure; 4729 4730 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4731 if (!infoattr) 4732 goto nla_put_failure; 4733 4734 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4735 survey->channel->center_freq)) 4736 goto nla_put_failure; 4737 4738 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 4739 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 4740 goto nla_put_failure; 4741 if ((survey->filled & SURVEY_INFO_IN_USE) && 4742 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 4743 goto nla_put_failure; 4744 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 4745 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4746 survey->channel_time)) 4747 goto nla_put_failure; 4748 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 4749 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4750 survey->channel_time_busy)) 4751 goto nla_put_failure; 4752 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 4753 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4754 survey->channel_time_ext_busy)) 4755 goto nla_put_failure; 4756 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 4757 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4758 survey->channel_time_rx)) 4759 goto nla_put_failure; 4760 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 4761 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4762 survey->channel_time_tx)) 4763 goto nla_put_failure; 4764 4765 nla_nest_end(msg, infoattr); 4766 4767 return genlmsg_end(msg, hdr); 4768 4769 nla_put_failure: 4770 genlmsg_cancel(msg, hdr); 4771 return -EMSGSIZE; 4772 } 4773 4774 static int nl80211_dump_survey(struct sk_buff *skb, 4775 struct netlink_callback *cb) 4776 { 4777 struct survey_info survey; 4778 struct cfg80211_registered_device *dev; 4779 struct net_device *netdev; 4780 int survey_idx = cb->args[1]; 4781 int res; 4782 4783 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4784 if (res) 4785 return res; 4786 4787 if (!dev->ops->dump_survey) { 4788 res = -EOPNOTSUPP; 4789 goto out_err; 4790 } 4791 4792 while (1) { 4793 struct ieee80211_channel *chan; 4794 4795 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 4796 &survey); 4797 if (res == -ENOENT) 4798 break; 4799 if (res) 4800 goto out_err; 4801 4802 /* Survey without a channel doesn't make sense */ 4803 if (!survey.channel) { 4804 res = -EINVAL; 4805 goto out; 4806 } 4807 4808 chan = ieee80211_get_channel(&dev->wiphy, 4809 survey.channel->center_freq); 4810 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 4811 survey_idx++; 4812 continue; 4813 } 4814 4815 if (nl80211_send_survey(skb, 4816 NETLINK_CB(cb->skb).pid, 4817 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4818 netdev, 4819 &survey) < 0) 4820 goto out; 4821 survey_idx++; 4822 } 4823 4824 out: 4825 cb->args[1] = survey_idx; 4826 res = skb->len; 4827 out_err: 4828 nl80211_finish_netdev_dump(dev); 4829 return res; 4830 } 4831 4832 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 4833 { 4834 return auth_type <= NL80211_AUTHTYPE_MAX; 4835 } 4836 4837 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 4838 { 4839 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 4840 NL80211_WPA_VERSION_2)); 4841 } 4842 4843 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 4844 { 4845 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4846 struct net_device *dev = info->user_ptr[1]; 4847 struct ieee80211_channel *chan; 4848 const u8 *bssid, *ssid, *ie = NULL; 4849 int err, ssid_len, ie_len = 0; 4850 enum nl80211_auth_type auth_type; 4851 struct key_parse key; 4852 bool local_state_change; 4853 4854 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4855 return -EINVAL; 4856 4857 if (!info->attrs[NL80211_ATTR_MAC]) 4858 return -EINVAL; 4859 4860 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 4861 return -EINVAL; 4862 4863 if (!info->attrs[NL80211_ATTR_SSID]) 4864 return -EINVAL; 4865 4866 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4867 return -EINVAL; 4868 4869 err = nl80211_parse_key(info, &key); 4870 if (err) 4871 return err; 4872 4873 if (key.idx >= 0) { 4874 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 4875 return -EINVAL; 4876 if (!key.p.key || !key.p.key_len) 4877 return -EINVAL; 4878 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 4879 key.p.key_len != WLAN_KEY_LEN_WEP40) && 4880 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 4881 key.p.key_len != WLAN_KEY_LEN_WEP104)) 4882 return -EINVAL; 4883 if (key.idx > 4) 4884 return -EINVAL; 4885 } else { 4886 key.p.key_len = 0; 4887 key.p.key = NULL; 4888 } 4889 4890 if (key.idx >= 0) { 4891 int i; 4892 bool ok = false; 4893 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 4894 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 4895 ok = true; 4896 break; 4897 } 4898 } 4899 if (!ok) 4900 return -EINVAL; 4901 } 4902 4903 if (!rdev->ops->auth) 4904 return -EOPNOTSUPP; 4905 4906 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4907 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4908 return -EOPNOTSUPP; 4909 4910 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4911 chan = ieee80211_get_channel(&rdev->wiphy, 4912 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4913 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4914 return -EINVAL; 4915 4916 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4917 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4918 4919 if (info->attrs[NL80211_ATTR_IE]) { 4920 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4921 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4922 } 4923 4924 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4925 if (!nl80211_valid_auth_type(auth_type)) 4926 return -EINVAL; 4927 4928 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4929 4930 /* 4931 * Since we no longer track auth state, ignore 4932 * requests to only change local state. 4933 */ 4934 if (local_state_change) 4935 return 0; 4936 4937 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 4938 ssid, ssid_len, ie, ie_len, 4939 key.p.key, key.p.key_len, key.idx); 4940 } 4941 4942 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 4943 struct genl_info *info, 4944 struct cfg80211_crypto_settings *settings, 4945 int cipher_limit) 4946 { 4947 memset(settings, 0, sizeof(*settings)); 4948 4949 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 4950 4951 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 4952 u16 proto; 4953 proto = nla_get_u16( 4954 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 4955 settings->control_port_ethertype = cpu_to_be16(proto); 4956 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 4957 proto != ETH_P_PAE) 4958 return -EINVAL; 4959 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 4960 settings->control_port_no_encrypt = true; 4961 } else 4962 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 4963 4964 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 4965 void *data; 4966 int len, i; 4967 4968 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4969 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4970 settings->n_ciphers_pairwise = len / sizeof(u32); 4971 4972 if (len % sizeof(u32)) 4973 return -EINVAL; 4974 4975 if (settings->n_ciphers_pairwise > cipher_limit) 4976 return -EINVAL; 4977 4978 memcpy(settings->ciphers_pairwise, data, len); 4979 4980 for (i = 0; i < settings->n_ciphers_pairwise; i++) 4981 if (!cfg80211_supported_cipher_suite( 4982 &rdev->wiphy, 4983 settings->ciphers_pairwise[i])) 4984 return -EINVAL; 4985 } 4986 4987 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 4988 settings->cipher_group = 4989 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 4990 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 4991 settings->cipher_group)) 4992 return -EINVAL; 4993 } 4994 4995 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 4996 settings->wpa_versions = 4997 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 4998 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 4999 return -EINVAL; 5000 } 5001 5002 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 5003 void *data; 5004 int len; 5005 5006 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 5007 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 5008 settings->n_akm_suites = len / sizeof(u32); 5009 5010 if (len % sizeof(u32)) 5011 return -EINVAL; 5012 5013 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 5014 return -EINVAL; 5015 5016 memcpy(settings->akm_suites, data, len); 5017 } 5018 5019 return 0; 5020 } 5021 5022 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 5023 { 5024 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5025 struct net_device *dev = info->user_ptr[1]; 5026 struct cfg80211_crypto_settings crypto; 5027 struct ieee80211_channel *chan; 5028 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 5029 int err, ssid_len, ie_len = 0; 5030 bool use_mfp = false; 5031 u32 flags = 0; 5032 struct ieee80211_ht_cap *ht_capa = NULL; 5033 struct ieee80211_ht_cap *ht_capa_mask = NULL; 5034 5035 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5036 return -EINVAL; 5037 5038 if (!info->attrs[NL80211_ATTR_MAC] || 5039 !info->attrs[NL80211_ATTR_SSID] || 5040 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5041 return -EINVAL; 5042 5043 if (!rdev->ops->assoc) 5044 return -EOPNOTSUPP; 5045 5046 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5047 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5048 return -EOPNOTSUPP; 5049 5050 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5051 5052 chan = ieee80211_get_channel(&rdev->wiphy, 5053 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5054 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5055 return -EINVAL; 5056 5057 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5058 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5059 5060 if (info->attrs[NL80211_ATTR_IE]) { 5061 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5062 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5063 } 5064 5065 if (info->attrs[NL80211_ATTR_USE_MFP]) { 5066 enum nl80211_mfp mfp = 5067 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 5068 if (mfp == NL80211_MFP_REQUIRED) 5069 use_mfp = true; 5070 else if (mfp != NL80211_MFP_NO) 5071 return -EINVAL; 5072 } 5073 5074 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 5075 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 5076 5077 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5078 flags |= ASSOC_REQ_DISABLE_HT; 5079 5080 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5081 ht_capa_mask = 5082 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 5083 5084 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5085 if (!ht_capa_mask) 5086 return -EINVAL; 5087 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 5088 } 5089 5090 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 5091 if (!err) 5092 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 5093 ssid, ssid_len, ie, ie_len, use_mfp, 5094 &crypto, flags, ht_capa, 5095 ht_capa_mask); 5096 5097 return err; 5098 } 5099 5100 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 5101 { 5102 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5103 struct net_device *dev = info->user_ptr[1]; 5104 const u8 *ie = NULL, *bssid; 5105 int ie_len = 0; 5106 u16 reason_code; 5107 bool local_state_change; 5108 5109 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5110 return -EINVAL; 5111 5112 if (!info->attrs[NL80211_ATTR_MAC]) 5113 return -EINVAL; 5114 5115 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5116 return -EINVAL; 5117 5118 if (!rdev->ops->deauth) 5119 return -EOPNOTSUPP; 5120 5121 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5122 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5123 return -EOPNOTSUPP; 5124 5125 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5126 5127 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5128 if (reason_code == 0) { 5129 /* Reason Code 0 is reserved */ 5130 return -EINVAL; 5131 } 5132 5133 if (info->attrs[NL80211_ATTR_IE]) { 5134 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5135 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5136 } 5137 5138 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5139 5140 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 5141 local_state_change); 5142 } 5143 5144 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 5145 { 5146 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5147 struct net_device *dev = info->user_ptr[1]; 5148 const u8 *ie = NULL, *bssid; 5149 int ie_len = 0; 5150 u16 reason_code; 5151 bool local_state_change; 5152 5153 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5154 return -EINVAL; 5155 5156 if (!info->attrs[NL80211_ATTR_MAC]) 5157 return -EINVAL; 5158 5159 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5160 return -EINVAL; 5161 5162 if (!rdev->ops->disassoc) 5163 return -EOPNOTSUPP; 5164 5165 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5166 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5167 return -EOPNOTSUPP; 5168 5169 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5170 5171 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5172 if (reason_code == 0) { 5173 /* Reason Code 0 is reserved */ 5174 return -EINVAL; 5175 } 5176 5177 if (info->attrs[NL80211_ATTR_IE]) { 5178 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5179 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5180 } 5181 5182 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5183 5184 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 5185 local_state_change); 5186 } 5187 5188 static bool 5189 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 5190 int mcast_rate[IEEE80211_NUM_BANDS], 5191 int rateval) 5192 { 5193 struct wiphy *wiphy = &rdev->wiphy; 5194 bool found = false; 5195 int band, i; 5196 5197 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5198 struct ieee80211_supported_band *sband; 5199 5200 sband = wiphy->bands[band]; 5201 if (!sband) 5202 continue; 5203 5204 for (i = 0; i < sband->n_bitrates; i++) { 5205 if (sband->bitrates[i].bitrate == rateval) { 5206 mcast_rate[band] = i + 1; 5207 found = true; 5208 break; 5209 } 5210 } 5211 } 5212 5213 return found; 5214 } 5215 5216 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 5217 { 5218 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5219 struct net_device *dev = info->user_ptr[1]; 5220 struct cfg80211_ibss_params ibss; 5221 struct wiphy *wiphy; 5222 struct cfg80211_cached_keys *connkeys = NULL; 5223 int err; 5224 5225 memset(&ibss, 0, sizeof(ibss)); 5226 5227 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5228 return -EINVAL; 5229 5230 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5231 !info->attrs[NL80211_ATTR_SSID] || 5232 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5233 return -EINVAL; 5234 5235 ibss.beacon_interval = 100; 5236 5237 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 5238 ibss.beacon_interval = 5239 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 5240 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 5241 return -EINVAL; 5242 } 5243 5244 if (!rdev->ops->join_ibss) 5245 return -EOPNOTSUPP; 5246 5247 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5248 return -EOPNOTSUPP; 5249 5250 wiphy = &rdev->wiphy; 5251 5252 if (info->attrs[NL80211_ATTR_MAC]) { 5253 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5254 5255 if (!is_valid_ether_addr(ibss.bssid)) 5256 return -EINVAL; 5257 } 5258 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5259 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5260 5261 if (info->attrs[NL80211_ATTR_IE]) { 5262 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5263 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5264 } 5265 5266 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5267 enum nl80211_channel_type channel_type; 5268 5269 if (!nl80211_valid_channel_type(info, &channel_type)) 5270 return -EINVAL; 5271 5272 if (channel_type != NL80211_CHAN_NO_HT && 5273 !(wiphy->features & NL80211_FEATURE_HT_IBSS)) 5274 return -EINVAL; 5275 5276 ibss.channel_type = channel_type; 5277 } else { 5278 ibss.channel_type = NL80211_CHAN_NO_HT; 5279 } 5280 5281 ibss.channel = rdev_freq_to_chan(rdev, 5282 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 5283 ibss.channel_type); 5284 if (!ibss.channel || 5285 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 5286 ibss.channel->flags & IEEE80211_CHAN_DISABLED) 5287 return -EINVAL; 5288 5289 /* Both channels should be able to initiate communication */ 5290 if ((ibss.channel_type == NL80211_CHAN_HT40PLUS || 5291 ibss.channel_type == NL80211_CHAN_HT40MINUS) && 5292 !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel, 5293 ibss.channel_type)) 5294 return -EINVAL; 5295 5296 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 5297 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 5298 5299 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 5300 u8 *rates = 5301 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5302 int n_rates = 5303 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5304 struct ieee80211_supported_band *sband = 5305 wiphy->bands[ibss.channel->band]; 5306 5307 err = ieee80211_get_ratemask(sband, rates, n_rates, 5308 &ibss.basic_rates); 5309 if (err) 5310 return err; 5311 } 5312 5313 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 5314 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 5315 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 5316 return -EINVAL; 5317 5318 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5319 connkeys = nl80211_parse_connkeys(rdev, 5320 info->attrs[NL80211_ATTR_KEYS]); 5321 if (IS_ERR(connkeys)) 5322 return PTR_ERR(connkeys); 5323 } 5324 5325 ibss.control_port = 5326 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 5327 5328 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 5329 if (err) 5330 kfree(connkeys); 5331 return err; 5332 } 5333 5334 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 5335 { 5336 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5337 struct net_device *dev = info->user_ptr[1]; 5338 5339 if (!rdev->ops->leave_ibss) 5340 return -EOPNOTSUPP; 5341 5342 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5343 return -EOPNOTSUPP; 5344 5345 return cfg80211_leave_ibss(rdev, dev, false); 5346 } 5347 5348 #ifdef CONFIG_NL80211_TESTMODE 5349 static struct genl_multicast_group nl80211_testmode_mcgrp = { 5350 .name = "testmode", 5351 }; 5352 5353 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 5354 { 5355 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5356 int err; 5357 5358 if (!info->attrs[NL80211_ATTR_TESTDATA]) 5359 return -EINVAL; 5360 5361 err = -EOPNOTSUPP; 5362 if (rdev->ops->testmode_cmd) { 5363 rdev->testmode_info = info; 5364 err = rdev->ops->testmode_cmd(&rdev->wiphy, 5365 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 5366 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 5367 rdev->testmode_info = NULL; 5368 } 5369 5370 return err; 5371 } 5372 5373 static int nl80211_testmode_dump(struct sk_buff *skb, 5374 struct netlink_callback *cb) 5375 { 5376 struct cfg80211_registered_device *rdev; 5377 int err; 5378 long phy_idx; 5379 void *data = NULL; 5380 int data_len = 0; 5381 5382 if (cb->args[0]) { 5383 /* 5384 * 0 is a valid index, but not valid for args[0], 5385 * so we need to offset by 1. 5386 */ 5387 phy_idx = cb->args[0] - 1; 5388 } else { 5389 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 5390 nl80211_fam.attrbuf, nl80211_fam.maxattr, 5391 nl80211_policy); 5392 if (err) 5393 return err; 5394 5395 mutex_lock(&cfg80211_mutex); 5396 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 5397 nl80211_fam.attrbuf); 5398 if (IS_ERR(rdev)) { 5399 mutex_unlock(&cfg80211_mutex); 5400 return PTR_ERR(rdev); 5401 } 5402 phy_idx = rdev->wiphy_idx; 5403 rdev = NULL; 5404 mutex_unlock(&cfg80211_mutex); 5405 5406 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 5407 cb->args[1] = 5408 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 5409 } 5410 5411 if (cb->args[1]) { 5412 data = nla_data((void *)cb->args[1]); 5413 data_len = nla_len((void *)cb->args[1]); 5414 } 5415 5416 mutex_lock(&cfg80211_mutex); 5417 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 5418 if (!rdev) { 5419 mutex_unlock(&cfg80211_mutex); 5420 return -ENOENT; 5421 } 5422 cfg80211_lock_rdev(rdev); 5423 mutex_unlock(&cfg80211_mutex); 5424 5425 if (!rdev->ops->testmode_dump) { 5426 err = -EOPNOTSUPP; 5427 goto out_err; 5428 } 5429 5430 while (1) { 5431 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid, 5432 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5433 NL80211_CMD_TESTMODE); 5434 struct nlattr *tmdata; 5435 5436 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 5437 genlmsg_cancel(skb, hdr); 5438 break; 5439 } 5440 5441 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5442 if (!tmdata) { 5443 genlmsg_cancel(skb, hdr); 5444 break; 5445 } 5446 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb, 5447 data, data_len); 5448 nla_nest_end(skb, tmdata); 5449 5450 if (err == -ENOBUFS || err == -ENOENT) { 5451 genlmsg_cancel(skb, hdr); 5452 break; 5453 } else if (err) { 5454 genlmsg_cancel(skb, hdr); 5455 goto out_err; 5456 } 5457 5458 genlmsg_end(skb, hdr); 5459 } 5460 5461 err = skb->len; 5462 /* see above */ 5463 cb->args[0] = phy_idx + 1; 5464 out_err: 5465 cfg80211_unlock_rdev(rdev); 5466 return err; 5467 } 5468 5469 static struct sk_buff * 5470 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 5471 int approxlen, u32 pid, u32 seq, gfp_t gfp) 5472 { 5473 struct sk_buff *skb; 5474 void *hdr; 5475 struct nlattr *data; 5476 5477 skb = nlmsg_new(approxlen + 100, gfp); 5478 if (!skb) 5479 return NULL; 5480 5481 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 5482 if (!hdr) { 5483 kfree_skb(skb); 5484 return NULL; 5485 } 5486 5487 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 5488 goto nla_put_failure; 5489 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5490 5491 ((void **)skb->cb)[0] = rdev; 5492 ((void **)skb->cb)[1] = hdr; 5493 ((void **)skb->cb)[2] = data; 5494 5495 return skb; 5496 5497 nla_put_failure: 5498 kfree_skb(skb); 5499 return NULL; 5500 } 5501 5502 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 5503 int approxlen) 5504 { 5505 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5506 5507 if (WARN_ON(!rdev->testmode_info)) 5508 return NULL; 5509 5510 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 5511 rdev->testmode_info->snd_pid, 5512 rdev->testmode_info->snd_seq, 5513 GFP_KERNEL); 5514 } 5515 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 5516 5517 int cfg80211_testmode_reply(struct sk_buff *skb) 5518 { 5519 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 5520 void *hdr = ((void **)skb->cb)[1]; 5521 struct nlattr *data = ((void **)skb->cb)[2]; 5522 5523 if (WARN_ON(!rdev->testmode_info)) { 5524 kfree_skb(skb); 5525 return -EINVAL; 5526 } 5527 5528 nla_nest_end(skb, data); 5529 genlmsg_end(skb, hdr); 5530 return genlmsg_reply(skb, rdev->testmode_info); 5531 } 5532 EXPORT_SYMBOL(cfg80211_testmode_reply); 5533 5534 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 5535 int approxlen, gfp_t gfp) 5536 { 5537 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5538 5539 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 5540 } 5541 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 5542 5543 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 5544 { 5545 void *hdr = ((void **)skb->cb)[1]; 5546 struct nlattr *data = ((void **)skb->cb)[2]; 5547 5548 nla_nest_end(skb, data); 5549 genlmsg_end(skb, hdr); 5550 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 5551 } 5552 EXPORT_SYMBOL(cfg80211_testmode_event); 5553 #endif 5554 5555 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 5556 { 5557 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5558 struct net_device *dev = info->user_ptr[1]; 5559 struct cfg80211_connect_params connect; 5560 struct wiphy *wiphy; 5561 struct cfg80211_cached_keys *connkeys = NULL; 5562 int err; 5563 5564 memset(&connect, 0, sizeof(connect)); 5565 5566 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5567 return -EINVAL; 5568 5569 if (!info->attrs[NL80211_ATTR_SSID] || 5570 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5571 return -EINVAL; 5572 5573 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5574 connect.auth_type = 5575 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5576 if (!nl80211_valid_auth_type(connect.auth_type)) 5577 return -EINVAL; 5578 } else 5579 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5580 5581 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 5582 5583 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 5584 NL80211_MAX_NR_CIPHER_SUITES); 5585 if (err) 5586 return err; 5587 5588 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5589 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5590 return -EOPNOTSUPP; 5591 5592 wiphy = &rdev->wiphy; 5593 5594 connect.bg_scan_period = -1; 5595 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 5596 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 5597 connect.bg_scan_period = 5598 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 5599 } 5600 5601 if (info->attrs[NL80211_ATTR_MAC]) 5602 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5603 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5604 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5605 5606 if (info->attrs[NL80211_ATTR_IE]) { 5607 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5608 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5609 } 5610 5611 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5612 connect.channel = 5613 ieee80211_get_channel(wiphy, 5614 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5615 if (!connect.channel || 5616 connect.channel->flags & IEEE80211_CHAN_DISABLED) 5617 return -EINVAL; 5618 } 5619 5620 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5621 connkeys = nl80211_parse_connkeys(rdev, 5622 info->attrs[NL80211_ATTR_KEYS]); 5623 if (IS_ERR(connkeys)) 5624 return PTR_ERR(connkeys); 5625 } 5626 5627 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5628 connect.flags |= ASSOC_REQ_DISABLE_HT; 5629 5630 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5631 memcpy(&connect.ht_capa_mask, 5632 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 5633 sizeof(connect.ht_capa_mask)); 5634 5635 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5636 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 5637 kfree(connkeys); 5638 return -EINVAL; 5639 } 5640 memcpy(&connect.ht_capa, 5641 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 5642 sizeof(connect.ht_capa)); 5643 } 5644 5645 err = cfg80211_connect(rdev, dev, &connect, connkeys); 5646 if (err) 5647 kfree(connkeys); 5648 return err; 5649 } 5650 5651 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 5652 { 5653 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5654 struct net_device *dev = info->user_ptr[1]; 5655 u16 reason; 5656 5657 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5658 reason = WLAN_REASON_DEAUTH_LEAVING; 5659 else 5660 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5661 5662 if (reason == 0) 5663 return -EINVAL; 5664 5665 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5666 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5667 return -EOPNOTSUPP; 5668 5669 return cfg80211_disconnect(rdev, dev, reason, true); 5670 } 5671 5672 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 5673 { 5674 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5675 struct net *net; 5676 int err; 5677 u32 pid; 5678 5679 if (!info->attrs[NL80211_ATTR_PID]) 5680 return -EINVAL; 5681 5682 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 5683 5684 net = get_net_ns_by_pid(pid); 5685 if (IS_ERR(net)) 5686 return PTR_ERR(net); 5687 5688 err = 0; 5689 5690 /* check if anything to do */ 5691 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 5692 err = cfg80211_switch_netns(rdev, net); 5693 5694 put_net(net); 5695 return err; 5696 } 5697 5698 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 5699 { 5700 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5701 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 5702 struct cfg80211_pmksa *pmksa) = NULL; 5703 struct net_device *dev = info->user_ptr[1]; 5704 struct cfg80211_pmksa pmksa; 5705 5706 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 5707 5708 if (!info->attrs[NL80211_ATTR_MAC]) 5709 return -EINVAL; 5710 5711 if (!info->attrs[NL80211_ATTR_PMKID]) 5712 return -EINVAL; 5713 5714 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 5715 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5716 5717 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5718 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5719 return -EOPNOTSUPP; 5720 5721 switch (info->genlhdr->cmd) { 5722 case NL80211_CMD_SET_PMKSA: 5723 rdev_ops = rdev->ops->set_pmksa; 5724 break; 5725 case NL80211_CMD_DEL_PMKSA: 5726 rdev_ops = rdev->ops->del_pmksa; 5727 break; 5728 default: 5729 WARN_ON(1); 5730 break; 5731 } 5732 5733 if (!rdev_ops) 5734 return -EOPNOTSUPP; 5735 5736 return rdev_ops(&rdev->wiphy, dev, &pmksa); 5737 } 5738 5739 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 5740 { 5741 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5742 struct net_device *dev = info->user_ptr[1]; 5743 5744 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5745 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5746 return -EOPNOTSUPP; 5747 5748 if (!rdev->ops->flush_pmksa) 5749 return -EOPNOTSUPP; 5750 5751 return rdev->ops->flush_pmksa(&rdev->wiphy, dev); 5752 } 5753 5754 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 5755 { 5756 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5757 struct net_device *dev = info->user_ptr[1]; 5758 u8 action_code, dialog_token; 5759 u16 status_code; 5760 u8 *peer; 5761 5762 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5763 !rdev->ops->tdls_mgmt) 5764 return -EOPNOTSUPP; 5765 5766 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 5767 !info->attrs[NL80211_ATTR_STATUS_CODE] || 5768 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 5769 !info->attrs[NL80211_ATTR_IE] || 5770 !info->attrs[NL80211_ATTR_MAC]) 5771 return -EINVAL; 5772 5773 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5774 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 5775 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 5776 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 5777 5778 return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code, 5779 dialog_token, status_code, 5780 nla_data(info->attrs[NL80211_ATTR_IE]), 5781 nla_len(info->attrs[NL80211_ATTR_IE])); 5782 } 5783 5784 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 5785 { 5786 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5787 struct net_device *dev = info->user_ptr[1]; 5788 enum nl80211_tdls_operation operation; 5789 u8 *peer; 5790 5791 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5792 !rdev->ops->tdls_oper) 5793 return -EOPNOTSUPP; 5794 5795 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 5796 !info->attrs[NL80211_ATTR_MAC]) 5797 return -EINVAL; 5798 5799 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 5800 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5801 5802 return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation); 5803 } 5804 5805 static int nl80211_remain_on_channel(struct sk_buff *skb, 5806 struct genl_info *info) 5807 { 5808 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5809 struct wireless_dev *wdev = info->user_ptr[1]; 5810 struct ieee80211_channel *chan; 5811 struct sk_buff *msg; 5812 void *hdr; 5813 u64 cookie; 5814 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5815 u32 freq, duration; 5816 int err; 5817 5818 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5819 !info->attrs[NL80211_ATTR_DURATION]) 5820 return -EINVAL; 5821 5822 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5823 5824 if (!rdev->ops->remain_on_channel || 5825 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 5826 return -EOPNOTSUPP; 5827 5828 /* 5829 * We should be on that channel for at least a minimum amount of 5830 * time (10ms) but no longer than the driver supports. 5831 */ 5832 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 5833 duration > rdev->wiphy.max_remain_on_channel_duration) 5834 return -EINVAL; 5835 5836 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 5837 !nl80211_valid_channel_type(info, &channel_type)) 5838 return -EINVAL; 5839 5840 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5841 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5842 if (chan == NULL) 5843 return -EINVAL; 5844 5845 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5846 if (!msg) 5847 return -ENOMEM; 5848 5849 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5850 NL80211_CMD_REMAIN_ON_CHANNEL); 5851 5852 if (IS_ERR(hdr)) { 5853 err = PTR_ERR(hdr); 5854 goto free_msg; 5855 } 5856 5857 err = rdev->ops->remain_on_channel(&rdev->wiphy, wdev, chan, 5858 channel_type, duration, &cookie); 5859 5860 if (err) 5861 goto free_msg; 5862 5863 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 5864 goto nla_put_failure; 5865 5866 genlmsg_end(msg, hdr); 5867 5868 return genlmsg_reply(msg, info); 5869 5870 nla_put_failure: 5871 err = -ENOBUFS; 5872 free_msg: 5873 nlmsg_free(msg); 5874 return err; 5875 } 5876 5877 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 5878 struct genl_info *info) 5879 { 5880 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5881 struct wireless_dev *wdev = info->user_ptr[1]; 5882 u64 cookie; 5883 5884 if (!info->attrs[NL80211_ATTR_COOKIE]) 5885 return -EINVAL; 5886 5887 if (!rdev->ops->cancel_remain_on_channel) 5888 return -EOPNOTSUPP; 5889 5890 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5891 5892 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, wdev, cookie); 5893 } 5894 5895 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5896 u8 *rates, u8 rates_len) 5897 { 5898 u8 i; 5899 u32 mask = 0; 5900 5901 for (i = 0; i < rates_len; i++) { 5902 int rate = (rates[i] & 0x7f) * 5; 5903 int ridx; 5904 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 5905 struct ieee80211_rate *srate = 5906 &sband->bitrates[ridx]; 5907 if (rate == srate->bitrate) { 5908 mask |= 1 << ridx; 5909 break; 5910 } 5911 } 5912 if (ridx == sband->n_bitrates) 5913 return 0; /* rate not found */ 5914 } 5915 5916 return mask; 5917 } 5918 5919 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 5920 u8 *rates, u8 rates_len, 5921 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 5922 { 5923 u8 i; 5924 5925 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 5926 5927 for (i = 0; i < rates_len; i++) { 5928 int ridx, rbit; 5929 5930 ridx = rates[i] / 8; 5931 rbit = BIT(rates[i] % 8); 5932 5933 /* check validity */ 5934 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 5935 return false; 5936 5937 /* check availability */ 5938 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 5939 mcs[ridx] |= rbit; 5940 else 5941 return false; 5942 } 5943 5944 return true; 5945 } 5946 5947 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 5948 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 5949 .len = NL80211_MAX_SUPP_RATES }, 5950 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 5951 .len = NL80211_MAX_SUPP_HT_RATES }, 5952 }; 5953 5954 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 5955 struct genl_info *info) 5956 { 5957 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5958 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5959 struct cfg80211_bitrate_mask mask; 5960 int rem, i; 5961 struct net_device *dev = info->user_ptr[1]; 5962 struct nlattr *tx_rates; 5963 struct ieee80211_supported_band *sband; 5964 5965 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 5966 return -EINVAL; 5967 5968 if (!rdev->ops->set_bitrate_mask) 5969 return -EOPNOTSUPP; 5970 5971 memset(&mask, 0, sizeof(mask)); 5972 /* Default to all rates enabled */ 5973 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 5974 sband = rdev->wiphy.bands[i]; 5975 mask.control[i].legacy = 5976 sband ? (1 << sband->n_bitrates) - 1 : 0; 5977 if (sband) 5978 memcpy(mask.control[i].mcs, 5979 sband->ht_cap.mcs.rx_mask, 5980 sizeof(mask.control[i].mcs)); 5981 else 5982 memset(mask.control[i].mcs, 0, 5983 sizeof(mask.control[i].mcs)); 5984 } 5985 5986 /* 5987 * The nested attribute uses enum nl80211_band as the index. This maps 5988 * directly to the enum ieee80211_band values used in cfg80211. 5989 */ 5990 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 5991 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 5992 { 5993 enum ieee80211_band band = nla_type(tx_rates); 5994 if (band < 0 || band >= IEEE80211_NUM_BANDS) 5995 return -EINVAL; 5996 sband = rdev->wiphy.bands[band]; 5997 if (sband == NULL) 5998 return -EINVAL; 5999 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 6000 nla_len(tx_rates), nl80211_txattr_policy); 6001 if (tb[NL80211_TXRATE_LEGACY]) { 6002 mask.control[band].legacy = rateset_to_mask( 6003 sband, 6004 nla_data(tb[NL80211_TXRATE_LEGACY]), 6005 nla_len(tb[NL80211_TXRATE_LEGACY])); 6006 if ((mask.control[band].legacy == 0) && 6007 nla_len(tb[NL80211_TXRATE_LEGACY])) 6008 return -EINVAL; 6009 } 6010 if (tb[NL80211_TXRATE_MCS]) { 6011 if (!ht_rateset_to_mask( 6012 sband, 6013 nla_data(tb[NL80211_TXRATE_MCS]), 6014 nla_len(tb[NL80211_TXRATE_MCS]), 6015 mask.control[band].mcs)) 6016 return -EINVAL; 6017 } 6018 6019 if (mask.control[band].legacy == 0) { 6020 /* don't allow empty legacy rates if HT 6021 * is not even supported. */ 6022 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 6023 return -EINVAL; 6024 6025 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 6026 if (mask.control[band].mcs[i]) 6027 break; 6028 6029 /* legacy and mcs rates may not be both empty */ 6030 if (i == IEEE80211_HT_MCS_MASK_LEN) 6031 return -EINVAL; 6032 } 6033 } 6034 6035 return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 6036 } 6037 6038 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 6039 { 6040 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6041 struct wireless_dev *wdev = info->user_ptr[1]; 6042 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 6043 6044 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 6045 return -EINVAL; 6046 6047 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 6048 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 6049 6050 switch (wdev->iftype) { 6051 case NL80211_IFTYPE_STATION: 6052 case NL80211_IFTYPE_ADHOC: 6053 case NL80211_IFTYPE_P2P_CLIENT: 6054 case NL80211_IFTYPE_AP: 6055 case NL80211_IFTYPE_AP_VLAN: 6056 case NL80211_IFTYPE_MESH_POINT: 6057 case NL80211_IFTYPE_P2P_GO: 6058 break; 6059 default: 6060 return -EOPNOTSUPP; 6061 } 6062 6063 /* not much point in registering if we can't reply */ 6064 if (!rdev->ops->mgmt_tx) 6065 return -EOPNOTSUPP; 6066 6067 return cfg80211_mlme_register_mgmt(wdev, info->snd_pid, frame_type, 6068 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 6069 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 6070 } 6071 6072 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 6073 { 6074 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6075 struct wireless_dev *wdev = info->user_ptr[1]; 6076 struct ieee80211_channel *chan; 6077 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 6078 bool channel_type_valid = false; 6079 u32 freq; 6080 int err; 6081 void *hdr = NULL; 6082 u64 cookie; 6083 struct sk_buff *msg = NULL; 6084 unsigned int wait = 0; 6085 bool offchan, no_cck, dont_wait_for_ack; 6086 6087 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 6088 6089 if (!info->attrs[NL80211_ATTR_FRAME] || 6090 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 6091 return -EINVAL; 6092 6093 if (!rdev->ops->mgmt_tx) 6094 return -EOPNOTSUPP; 6095 6096 switch (wdev->iftype) { 6097 case NL80211_IFTYPE_STATION: 6098 case NL80211_IFTYPE_ADHOC: 6099 case NL80211_IFTYPE_P2P_CLIENT: 6100 case NL80211_IFTYPE_AP: 6101 case NL80211_IFTYPE_AP_VLAN: 6102 case NL80211_IFTYPE_MESH_POINT: 6103 case NL80211_IFTYPE_P2P_GO: 6104 break; 6105 default: 6106 return -EOPNOTSUPP; 6107 } 6108 6109 if (info->attrs[NL80211_ATTR_DURATION]) { 6110 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6111 return -EINVAL; 6112 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6113 6114 /* 6115 * We should wait on the channel for at least a minimum amount 6116 * of time (10ms) but no longer than the driver supports. 6117 */ 6118 if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6119 wait > rdev->wiphy.max_remain_on_channel_duration) 6120 return -EINVAL; 6121 6122 } 6123 6124 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 6125 if (!nl80211_valid_channel_type(info, &channel_type)) 6126 return -EINVAL; 6127 channel_type_valid = true; 6128 } 6129 6130 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 6131 6132 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6133 return -EINVAL; 6134 6135 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 6136 6137 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 6138 chan = rdev_freq_to_chan(rdev, freq, channel_type); 6139 if (chan == NULL) 6140 return -EINVAL; 6141 6142 if (!dont_wait_for_ack) { 6143 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6144 if (!msg) 6145 return -ENOMEM; 6146 6147 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6148 NL80211_CMD_FRAME); 6149 6150 if (IS_ERR(hdr)) { 6151 err = PTR_ERR(hdr); 6152 goto free_msg; 6153 } 6154 } 6155 6156 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chan, offchan, channel_type, 6157 channel_type_valid, wait, 6158 nla_data(info->attrs[NL80211_ATTR_FRAME]), 6159 nla_len(info->attrs[NL80211_ATTR_FRAME]), 6160 no_cck, dont_wait_for_ack, &cookie); 6161 if (err) 6162 goto free_msg; 6163 6164 if (msg) { 6165 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6166 goto nla_put_failure; 6167 6168 genlmsg_end(msg, hdr); 6169 return genlmsg_reply(msg, info); 6170 } 6171 6172 return 0; 6173 6174 nla_put_failure: 6175 err = -ENOBUFS; 6176 free_msg: 6177 nlmsg_free(msg); 6178 return err; 6179 } 6180 6181 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 6182 { 6183 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6184 struct wireless_dev *wdev = info->user_ptr[1]; 6185 u64 cookie; 6186 6187 if (!info->attrs[NL80211_ATTR_COOKIE]) 6188 return -EINVAL; 6189 6190 if (!rdev->ops->mgmt_tx_cancel_wait) 6191 return -EOPNOTSUPP; 6192 6193 switch (wdev->iftype) { 6194 case NL80211_IFTYPE_STATION: 6195 case NL80211_IFTYPE_ADHOC: 6196 case NL80211_IFTYPE_P2P_CLIENT: 6197 case NL80211_IFTYPE_AP: 6198 case NL80211_IFTYPE_AP_VLAN: 6199 case NL80211_IFTYPE_P2P_GO: 6200 break; 6201 default: 6202 return -EOPNOTSUPP; 6203 } 6204 6205 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6206 6207 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, wdev, cookie); 6208 } 6209 6210 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 6211 { 6212 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6213 struct wireless_dev *wdev; 6214 struct net_device *dev = info->user_ptr[1]; 6215 u8 ps_state; 6216 bool state; 6217 int err; 6218 6219 if (!info->attrs[NL80211_ATTR_PS_STATE]) 6220 return -EINVAL; 6221 6222 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 6223 6224 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 6225 return -EINVAL; 6226 6227 wdev = dev->ieee80211_ptr; 6228 6229 if (!rdev->ops->set_power_mgmt) 6230 return -EOPNOTSUPP; 6231 6232 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 6233 6234 if (state == wdev->ps) 6235 return 0; 6236 6237 err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state, 6238 wdev->ps_timeout); 6239 if (!err) 6240 wdev->ps = state; 6241 return err; 6242 } 6243 6244 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 6245 { 6246 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6247 enum nl80211_ps_state ps_state; 6248 struct wireless_dev *wdev; 6249 struct net_device *dev = info->user_ptr[1]; 6250 struct sk_buff *msg; 6251 void *hdr; 6252 int err; 6253 6254 wdev = dev->ieee80211_ptr; 6255 6256 if (!rdev->ops->set_power_mgmt) 6257 return -EOPNOTSUPP; 6258 6259 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6260 if (!msg) 6261 return -ENOMEM; 6262 6263 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6264 NL80211_CMD_GET_POWER_SAVE); 6265 if (!hdr) { 6266 err = -ENOBUFS; 6267 goto free_msg; 6268 } 6269 6270 if (wdev->ps) 6271 ps_state = NL80211_PS_ENABLED; 6272 else 6273 ps_state = NL80211_PS_DISABLED; 6274 6275 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 6276 goto nla_put_failure; 6277 6278 genlmsg_end(msg, hdr); 6279 return genlmsg_reply(msg, info); 6280 6281 nla_put_failure: 6282 err = -ENOBUFS; 6283 free_msg: 6284 nlmsg_free(msg); 6285 return err; 6286 } 6287 6288 static struct nla_policy 6289 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 6290 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 6291 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 6292 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 6293 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 6294 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 6295 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 6296 }; 6297 6298 static int nl80211_set_cqm_txe(struct genl_info *info, 6299 u32 rate, u32 pkts, u32 intvl) 6300 { 6301 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6302 struct wireless_dev *wdev; 6303 struct net_device *dev = info->user_ptr[1]; 6304 6305 if ((rate < 0 || rate > 100) || 6306 (intvl < 0 || intvl > NL80211_CQM_TXE_MAX_INTVL)) 6307 return -EINVAL; 6308 6309 wdev = dev->ieee80211_ptr; 6310 6311 if (!rdev->ops->set_cqm_txe_config) 6312 return -EOPNOTSUPP; 6313 6314 if (wdev->iftype != NL80211_IFTYPE_STATION && 6315 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6316 return -EOPNOTSUPP; 6317 6318 return rdev->ops->set_cqm_txe_config(wdev->wiphy, dev, 6319 rate, pkts, intvl); 6320 } 6321 6322 static int nl80211_set_cqm_rssi(struct genl_info *info, 6323 s32 threshold, u32 hysteresis) 6324 { 6325 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6326 struct wireless_dev *wdev; 6327 struct net_device *dev = info->user_ptr[1]; 6328 6329 if (threshold > 0) 6330 return -EINVAL; 6331 6332 wdev = dev->ieee80211_ptr; 6333 6334 if (!rdev->ops->set_cqm_rssi_config) 6335 return -EOPNOTSUPP; 6336 6337 if (wdev->iftype != NL80211_IFTYPE_STATION && 6338 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6339 return -EOPNOTSUPP; 6340 6341 return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 6342 threshold, hysteresis); 6343 } 6344 6345 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 6346 { 6347 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 6348 struct nlattr *cqm; 6349 int err; 6350 6351 cqm = info->attrs[NL80211_ATTR_CQM]; 6352 if (!cqm) { 6353 err = -EINVAL; 6354 goto out; 6355 } 6356 6357 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 6358 nl80211_attr_cqm_policy); 6359 if (err) 6360 goto out; 6361 6362 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 6363 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 6364 s32 threshold; 6365 u32 hysteresis; 6366 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 6367 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 6368 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 6369 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 6370 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 6371 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 6372 u32 rate, pkts, intvl; 6373 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 6374 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 6375 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 6376 err = nl80211_set_cqm_txe(info, rate, pkts, intvl); 6377 } else 6378 err = -EINVAL; 6379 6380 out: 6381 return err; 6382 } 6383 6384 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 6385 { 6386 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6387 struct net_device *dev = info->user_ptr[1]; 6388 struct mesh_config cfg; 6389 struct mesh_setup setup; 6390 int err; 6391 6392 /* start with default */ 6393 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 6394 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 6395 6396 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 6397 /* and parse parameters if given */ 6398 err = nl80211_parse_mesh_config(info, &cfg, NULL); 6399 if (err) 6400 return err; 6401 } 6402 6403 if (!info->attrs[NL80211_ATTR_MESH_ID] || 6404 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 6405 return -EINVAL; 6406 6407 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 6408 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 6409 6410 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 6411 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 6412 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 6413 return -EINVAL; 6414 6415 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 6416 /* parse additional setup parameters if given */ 6417 err = nl80211_parse_mesh_setup(info, &setup); 6418 if (err) 6419 return err; 6420 } 6421 6422 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6423 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 6424 6425 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] && 6426 !nl80211_valid_channel_type(info, &channel_type)) 6427 return -EINVAL; 6428 6429 setup.channel = rdev_freq_to_chan(rdev, 6430 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 6431 channel_type); 6432 if (!setup.channel) 6433 return -EINVAL; 6434 setup.channel_type = channel_type; 6435 } else { 6436 /* cfg80211_join_mesh() will sort it out */ 6437 setup.channel = NULL; 6438 } 6439 6440 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 6441 } 6442 6443 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 6444 { 6445 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6446 struct net_device *dev = info->user_ptr[1]; 6447 6448 return cfg80211_leave_mesh(rdev, dev); 6449 } 6450 6451 #ifdef CONFIG_PM 6452 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 6453 { 6454 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6455 struct sk_buff *msg; 6456 void *hdr; 6457 6458 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6459 return -EOPNOTSUPP; 6460 6461 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6462 if (!msg) 6463 return -ENOMEM; 6464 6465 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6466 NL80211_CMD_GET_WOWLAN); 6467 if (!hdr) 6468 goto nla_put_failure; 6469 6470 if (rdev->wowlan) { 6471 struct nlattr *nl_wowlan; 6472 6473 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 6474 if (!nl_wowlan) 6475 goto nla_put_failure; 6476 6477 if ((rdev->wowlan->any && 6478 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 6479 (rdev->wowlan->disconnect && 6480 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 6481 (rdev->wowlan->magic_pkt && 6482 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 6483 (rdev->wowlan->gtk_rekey_failure && 6484 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 6485 (rdev->wowlan->eap_identity_req && 6486 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 6487 (rdev->wowlan->four_way_handshake && 6488 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 6489 (rdev->wowlan->rfkill_release && 6490 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 6491 goto nla_put_failure; 6492 if (rdev->wowlan->n_patterns) { 6493 struct nlattr *nl_pats, *nl_pat; 6494 int i, pat_len; 6495 6496 nl_pats = nla_nest_start(msg, 6497 NL80211_WOWLAN_TRIG_PKT_PATTERN); 6498 if (!nl_pats) 6499 goto nla_put_failure; 6500 6501 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 6502 nl_pat = nla_nest_start(msg, i + 1); 6503 if (!nl_pat) 6504 goto nla_put_failure; 6505 pat_len = rdev->wowlan->patterns[i].pattern_len; 6506 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 6507 DIV_ROUND_UP(pat_len, 8), 6508 rdev->wowlan->patterns[i].mask) || 6509 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 6510 pat_len, 6511 rdev->wowlan->patterns[i].pattern)) 6512 goto nla_put_failure; 6513 nla_nest_end(msg, nl_pat); 6514 } 6515 nla_nest_end(msg, nl_pats); 6516 } 6517 6518 nla_nest_end(msg, nl_wowlan); 6519 } 6520 6521 genlmsg_end(msg, hdr); 6522 return genlmsg_reply(msg, info); 6523 6524 nla_put_failure: 6525 nlmsg_free(msg); 6526 return -ENOBUFS; 6527 } 6528 6529 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 6530 { 6531 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6532 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 6533 struct cfg80211_wowlan new_triggers = {}; 6534 struct cfg80211_wowlan *ntrig; 6535 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 6536 int err, i; 6537 bool prev_enabled = rdev->wowlan; 6538 6539 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6540 return -EOPNOTSUPP; 6541 6542 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 6543 cfg80211_rdev_free_wowlan(rdev); 6544 rdev->wowlan = NULL; 6545 goto set_wakeup; 6546 } 6547 6548 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6549 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6550 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6551 nl80211_wowlan_policy); 6552 if (err) 6553 return err; 6554 6555 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 6556 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 6557 return -EINVAL; 6558 new_triggers.any = true; 6559 } 6560 6561 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 6562 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 6563 return -EINVAL; 6564 new_triggers.disconnect = true; 6565 } 6566 6567 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 6568 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 6569 return -EINVAL; 6570 new_triggers.magic_pkt = true; 6571 } 6572 6573 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 6574 return -EINVAL; 6575 6576 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 6577 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 6578 return -EINVAL; 6579 new_triggers.gtk_rekey_failure = true; 6580 } 6581 6582 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 6583 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 6584 return -EINVAL; 6585 new_triggers.eap_identity_req = true; 6586 } 6587 6588 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 6589 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 6590 return -EINVAL; 6591 new_triggers.four_way_handshake = true; 6592 } 6593 6594 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 6595 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 6596 return -EINVAL; 6597 new_triggers.rfkill_release = true; 6598 } 6599 6600 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 6601 struct nlattr *pat; 6602 int n_patterns = 0; 6603 int rem, pat_len, mask_len; 6604 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 6605 6606 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6607 rem) 6608 n_patterns++; 6609 if (n_patterns > wowlan->n_patterns) 6610 return -EINVAL; 6611 6612 new_triggers.patterns = kcalloc(n_patterns, 6613 sizeof(new_triggers.patterns[0]), 6614 GFP_KERNEL); 6615 if (!new_triggers.patterns) 6616 return -ENOMEM; 6617 6618 new_triggers.n_patterns = n_patterns; 6619 i = 0; 6620 6621 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6622 rem) { 6623 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 6624 nla_data(pat), nla_len(pat), NULL); 6625 err = -EINVAL; 6626 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 6627 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 6628 goto error; 6629 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 6630 mask_len = DIV_ROUND_UP(pat_len, 8); 6631 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 6632 mask_len) 6633 goto error; 6634 if (pat_len > wowlan->pattern_max_len || 6635 pat_len < wowlan->pattern_min_len) 6636 goto error; 6637 6638 new_triggers.patterns[i].mask = 6639 kmalloc(mask_len + pat_len, GFP_KERNEL); 6640 if (!new_triggers.patterns[i].mask) { 6641 err = -ENOMEM; 6642 goto error; 6643 } 6644 new_triggers.patterns[i].pattern = 6645 new_triggers.patterns[i].mask + mask_len; 6646 memcpy(new_triggers.patterns[i].mask, 6647 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 6648 mask_len); 6649 new_triggers.patterns[i].pattern_len = pat_len; 6650 memcpy(new_triggers.patterns[i].pattern, 6651 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 6652 pat_len); 6653 i++; 6654 } 6655 } 6656 6657 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 6658 if (!ntrig) { 6659 err = -ENOMEM; 6660 goto error; 6661 } 6662 cfg80211_rdev_free_wowlan(rdev); 6663 rdev->wowlan = ntrig; 6664 6665 set_wakeup: 6666 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 6667 rdev->ops->set_wakeup(&rdev->wiphy, rdev->wowlan); 6668 6669 return 0; 6670 error: 6671 for (i = 0; i < new_triggers.n_patterns; i++) 6672 kfree(new_triggers.patterns[i].mask); 6673 kfree(new_triggers.patterns); 6674 return err; 6675 } 6676 #endif 6677 6678 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 6679 { 6680 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6681 struct net_device *dev = info->user_ptr[1]; 6682 struct wireless_dev *wdev = dev->ieee80211_ptr; 6683 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 6684 struct cfg80211_gtk_rekey_data rekey_data; 6685 int err; 6686 6687 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 6688 return -EINVAL; 6689 6690 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 6691 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 6692 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 6693 nl80211_rekey_policy); 6694 if (err) 6695 return err; 6696 6697 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 6698 return -ERANGE; 6699 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 6700 return -ERANGE; 6701 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 6702 return -ERANGE; 6703 6704 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 6705 NL80211_KEK_LEN); 6706 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 6707 NL80211_KCK_LEN); 6708 memcpy(rekey_data.replay_ctr, 6709 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 6710 NL80211_REPLAY_CTR_LEN); 6711 6712 wdev_lock(wdev); 6713 if (!wdev->current_bss) { 6714 err = -ENOTCONN; 6715 goto out; 6716 } 6717 6718 if (!rdev->ops->set_rekey_data) { 6719 err = -EOPNOTSUPP; 6720 goto out; 6721 } 6722 6723 err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data); 6724 out: 6725 wdev_unlock(wdev); 6726 return err; 6727 } 6728 6729 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 6730 struct genl_info *info) 6731 { 6732 struct net_device *dev = info->user_ptr[1]; 6733 struct wireless_dev *wdev = dev->ieee80211_ptr; 6734 6735 if (wdev->iftype != NL80211_IFTYPE_AP && 6736 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6737 return -EINVAL; 6738 6739 if (wdev->ap_unexpected_nlpid) 6740 return -EBUSY; 6741 6742 wdev->ap_unexpected_nlpid = info->snd_pid; 6743 return 0; 6744 } 6745 6746 static int nl80211_probe_client(struct sk_buff *skb, 6747 struct genl_info *info) 6748 { 6749 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6750 struct net_device *dev = info->user_ptr[1]; 6751 struct wireless_dev *wdev = dev->ieee80211_ptr; 6752 struct sk_buff *msg; 6753 void *hdr; 6754 const u8 *addr; 6755 u64 cookie; 6756 int err; 6757 6758 if (wdev->iftype != NL80211_IFTYPE_AP && 6759 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6760 return -EOPNOTSUPP; 6761 6762 if (!info->attrs[NL80211_ATTR_MAC]) 6763 return -EINVAL; 6764 6765 if (!rdev->ops->probe_client) 6766 return -EOPNOTSUPP; 6767 6768 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6769 if (!msg) 6770 return -ENOMEM; 6771 6772 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6773 NL80211_CMD_PROBE_CLIENT); 6774 6775 if (IS_ERR(hdr)) { 6776 err = PTR_ERR(hdr); 6777 goto free_msg; 6778 } 6779 6780 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6781 6782 err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie); 6783 if (err) 6784 goto free_msg; 6785 6786 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6787 goto nla_put_failure; 6788 6789 genlmsg_end(msg, hdr); 6790 6791 return genlmsg_reply(msg, info); 6792 6793 nla_put_failure: 6794 err = -ENOBUFS; 6795 free_msg: 6796 nlmsg_free(msg); 6797 return err; 6798 } 6799 6800 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 6801 { 6802 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6803 6804 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 6805 return -EOPNOTSUPP; 6806 6807 if (rdev->ap_beacons_nlpid) 6808 return -EBUSY; 6809 6810 rdev->ap_beacons_nlpid = info->snd_pid; 6811 6812 return 0; 6813 } 6814 6815 #define NL80211_FLAG_NEED_WIPHY 0x01 6816 #define NL80211_FLAG_NEED_NETDEV 0x02 6817 #define NL80211_FLAG_NEED_RTNL 0x04 6818 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 6819 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6820 NL80211_FLAG_CHECK_NETDEV_UP) 6821 #define NL80211_FLAG_NEED_WDEV 0x10 6822 /* If a netdev is associated, it must be UP */ 6823 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 6824 NL80211_FLAG_CHECK_NETDEV_UP) 6825 6826 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 6827 struct genl_info *info) 6828 { 6829 struct cfg80211_registered_device *rdev; 6830 struct wireless_dev *wdev; 6831 struct net_device *dev; 6832 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 6833 6834 if (rtnl) 6835 rtnl_lock(); 6836 6837 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 6838 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 6839 if (IS_ERR(rdev)) { 6840 if (rtnl) 6841 rtnl_unlock(); 6842 return PTR_ERR(rdev); 6843 } 6844 info->user_ptr[0] = rdev; 6845 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 6846 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 6847 mutex_lock(&cfg80211_mutex); 6848 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 6849 info->attrs); 6850 if (IS_ERR(wdev)) { 6851 mutex_unlock(&cfg80211_mutex); 6852 if (rtnl) 6853 rtnl_unlock(); 6854 return PTR_ERR(wdev); 6855 } 6856 6857 dev = wdev->netdev; 6858 rdev = wiphy_to_dev(wdev->wiphy); 6859 6860 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 6861 if (!dev) { 6862 mutex_unlock(&cfg80211_mutex); 6863 if (rtnl) 6864 rtnl_unlock(); 6865 return -EINVAL; 6866 } 6867 6868 info->user_ptr[1] = dev; 6869 } else { 6870 info->user_ptr[1] = wdev; 6871 } 6872 6873 if (dev) { 6874 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 6875 !netif_running(dev)) { 6876 mutex_unlock(&cfg80211_mutex); 6877 if (rtnl) 6878 rtnl_unlock(); 6879 return -ENETDOWN; 6880 } 6881 6882 dev_hold(dev); 6883 } 6884 6885 cfg80211_lock_rdev(rdev); 6886 6887 mutex_unlock(&cfg80211_mutex); 6888 6889 info->user_ptr[0] = rdev; 6890 } 6891 6892 return 0; 6893 } 6894 6895 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 6896 struct genl_info *info) 6897 { 6898 if (info->user_ptr[0]) 6899 cfg80211_unlock_rdev(info->user_ptr[0]); 6900 if (info->user_ptr[1]) { 6901 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 6902 struct wireless_dev *wdev = info->user_ptr[1]; 6903 6904 if (wdev->netdev) 6905 dev_put(wdev->netdev); 6906 } else { 6907 dev_put(info->user_ptr[1]); 6908 } 6909 } 6910 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 6911 rtnl_unlock(); 6912 } 6913 6914 static struct genl_ops nl80211_ops[] = { 6915 { 6916 .cmd = NL80211_CMD_GET_WIPHY, 6917 .doit = nl80211_get_wiphy, 6918 .dumpit = nl80211_dump_wiphy, 6919 .policy = nl80211_policy, 6920 /* can be retrieved by unprivileged users */ 6921 .internal_flags = NL80211_FLAG_NEED_WIPHY, 6922 }, 6923 { 6924 .cmd = NL80211_CMD_SET_WIPHY, 6925 .doit = nl80211_set_wiphy, 6926 .policy = nl80211_policy, 6927 .flags = GENL_ADMIN_PERM, 6928 .internal_flags = NL80211_FLAG_NEED_RTNL, 6929 }, 6930 { 6931 .cmd = NL80211_CMD_GET_INTERFACE, 6932 .doit = nl80211_get_interface, 6933 .dumpit = nl80211_dump_interface, 6934 .policy = nl80211_policy, 6935 /* can be retrieved by unprivileged users */ 6936 .internal_flags = NL80211_FLAG_NEED_WDEV, 6937 }, 6938 { 6939 .cmd = NL80211_CMD_SET_INTERFACE, 6940 .doit = nl80211_set_interface, 6941 .policy = nl80211_policy, 6942 .flags = GENL_ADMIN_PERM, 6943 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6944 NL80211_FLAG_NEED_RTNL, 6945 }, 6946 { 6947 .cmd = NL80211_CMD_NEW_INTERFACE, 6948 .doit = nl80211_new_interface, 6949 .policy = nl80211_policy, 6950 .flags = GENL_ADMIN_PERM, 6951 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6952 NL80211_FLAG_NEED_RTNL, 6953 }, 6954 { 6955 .cmd = NL80211_CMD_DEL_INTERFACE, 6956 .doit = nl80211_del_interface, 6957 .policy = nl80211_policy, 6958 .flags = GENL_ADMIN_PERM, 6959 .internal_flags = NL80211_FLAG_NEED_WDEV | 6960 NL80211_FLAG_NEED_RTNL, 6961 }, 6962 { 6963 .cmd = NL80211_CMD_GET_KEY, 6964 .doit = nl80211_get_key, 6965 .policy = nl80211_policy, 6966 .flags = GENL_ADMIN_PERM, 6967 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6968 NL80211_FLAG_NEED_RTNL, 6969 }, 6970 { 6971 .cmd = NL80211_CMD_SET_KEY, 6972 .doit = nl80211_set_key, 6973 .policy = nl80211_policy, 6974 .flags = GENL_ADMIN_PERM, 6975 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6976 NL80211_FLAG_NEED_RTNL, 6977 }, 6978 { 6979 .cmd = NL80211_CMD_NEW_KEY, 6980 .doit = nl80211_new_key, 6981 .policy = nl80211_policy, 6982 .flags = GENL_ADMIN_PERM, 6983 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6984 NL80211_FLAG_NEED_RTNL, 6985 }, 6986 { 6987 .cmd = NL80211_CMD_DEL_KEY, 6988 .doit = nl80211_del_key, 6989 .policy = nl80211_policy, 6990 .flags = GENL_ADMIN_PERM, 6991 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6992 NL80211_FLAG_NEED_RTNL, 6993 }, 6994 { 6995 .cmd = NL80211_CMD_SET_BEACON, 6996 .policy = nl80211_policy, 6997 .flags = GENL_ADMIN_PERM, 6998 .doit = nl80211_set_beacon, 6999 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7000 NL80211_FLAG_NEED_RTNL, 7001 }, 7002 { 7003 .cmd = NL80211_CMD_START_AP, 7004 .policy = nl80211_policy, 7005 .flags = GENL_ADMIN_PERM, 7006 .doit = nl80211_start_ap, 7007 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7008 NL80211_FLAG_NEED_RTNL, 7009 }, 7010 { 7011 .cmd = NL80211_CMD_STOP_AP, 7012 .policy = nl80211_policy, 7013 .flags = GENL_ADMIN_PERM, 7014 .doit = nl80211_stop_ap, 7015 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7016 NL80211_FLAG_NEED_RTNL, 7017 }, 7018 { 7019 .cmd = NL80211_CMD_GET_STATION, 7020 .doit = nl80211_get_station, 7021 .dumpit = nl80211_dump_station, 7022 .policy = nl80211_policy, 7023 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7024 NL80211_FLAG_NEED_RTNL, 7025 }, 7026 { 7027 .cmd = NL80211_CMD_SET_STATION, 7028 .doit = nl80211_set_station, 7029 .policy = nl80211_policy, 7030 .flags = GENL_ADMIN_PERM, 7031 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7032 NL80211_FLAG_NEED_RTNL, 7033 }, 7034 { 7035 .cmd = NL80211_CMD_NEW_STATION, 7036 .doit = nl80211_new_station, 7037 .policy = nl80211_policy, 7038 .flags = GENL_ADMIN_PERM, 7039 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7040 NL80211_FLAG_NEED_RTNL, 7041 }, 7042 { 7043 .cmd = NL80211_CMD_DEL_STATION, 7044 .doit = nl80211_del_station, 7045 .policy = nl80211_policy, 7046 .flags = GENL_ADMIN_PERM, 7047 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7048 NL80211_FLAG_NEED_RTNL, 7049 }, 7050 { 7051 .cmd = NL80211_CMD_GET_MPATH, 7052 .doit = nl80211_get_mpath, 7053 .dumpit = nl80211_dump_mpath, 7054 .policy = nl80211_policy, 7055 .flags = GENL_ADMIN_PERM, 7056 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7057 NL80211_FLAG_NEED_RTNL, 7058 }, 7059 { 7060 .cmd = NL80211_CMD_SET_MPATH, 7061 .doit = nl80211_set_mpath, 7062 .policy = nl80211_policy, 7063 .flags = GENL_ADMIN_PERM, 7064 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7065 NL80211_FLAG_NEED_RTNL, 7066 }, 7067 { 7068 .cmd = NL80211_CMD_NEW_MPATH, 7069 .doit = nl80211_new_mpath, 7070 .policy = nl80211_policy, 7071 .flags = GENL_ADMIN_PERM, 7072 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7073 NL80211_FLAG_NEED_RTNL, 7074 }, 7075 { 7076 .cmd = NL80211_CMD_DEL_MPATH, 7077 .doit = nl80211_del_mpath, 7078 .policy = nl80211_policy, 7079 .flags = GENL_ADMIN_PERM, 7080 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7081 NL80211_FLAG_NEED_RTNL, 7082 }, 7083 { 7084 .cmd = NL80211_CMD_SET_BSS, 7085 .doit = nl80211_set_bss, 7086 .policy = nl80211_policy, 7087 .flags = GENL_ADMIN_PERM, 7088 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7089 NL80211_FLAG_NEED_RTNL, 7090 }, 7091 { 7092 .cmd = NL80211_CMD_GET_REG, 7093 .doit = nl80211_get_reg, 7094 .policy = nl80211_policy, 7095 /* can be retrieved by unprivileged users */ 7096 }, 7097 { 7098 .cmd = NL80211_CMD_SET_REG, 7099 .doit = nl80211_set_reg, 7100 .policy = nl80211_policy, 7101 .flags = GENL_ADMIN_PERM, 7102 }, 7103 { 7104 .cmd = NL80211_CMD_REQ_SET_REG, 7105 .doit = nl80211_req_set_reg, 7106 .policy = nl80211_policy, 7107 .flags = GENL_ADMIN_PERM, 7108 }, 7109 { 7110 .cmd = NL80211_CMD_GET_MESH_CONFIG, 7111 .doit = nl80211_get_mesh_config, 7112 .policy = nl80211_policy, 7113 /* can be retrieved by unprivileged users */ 7114 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7115 NL80211_FLAG_NEED_RTNL, 7116 }, 7117 { 7118 .cmd = NL80211_CMD_SET_MESH_CONFIG, 7119 .doit = nl80211_update_mesh_config, 7120 .policy = nl80211_policy, 7121 .flags = GENL_ADMIN_PERM, 7122 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7123 NL80211_FLAG_NEED_RTNL, 7124 }, 7125 { 7126 .cmd = NL80211_CMD_TRIGGER_SCAN, 7127 .doit = nl80211_trigger_scan, 7128 .policy = nl80211_policy, 7129 .flags = GENL_ADMIN_PERM, 7130 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7131 NL80211_FLAG_NEED_RTNL, 7132 }, 7133 { 7134 .cmd = NL80211_CMD_GET_SCAN, 7135 .policy = nl80211_policy, 7136 .dumpit = nl80211_dump_scan, 7137 }, 7138 { 7139 .cmd = NL80211_CMD_START_SCHED_SCAN, 7140 .doit = nl80211_start_sched_scan, 7141 .policy = nl80211_policy, 7142 .flags = GENL_ADMIN_PERM, 7143 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7144 NL80211_FLAG_NEED_RTNL, 7145 }, 7146 { 7147 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 7148 .doit = nl80211_stop_sched_scan, 7149 .policy = nl80211_policy, 7150 .flags = GENL_ADMIN_PERM, 7151 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7152 NL80211_FLAG_NEED_RTNL, 7153 }, 7154 { 7155 .cmd = NL80211_CMD_AUTHENTICATE, 7156 .doit = nl80211_authenticate, 7157 .policy = nl80211_policy, 7158 .flags = GENL_ADMIN_PERM, 7159 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7160 NL80211_FLAG_NEED_RTNL, 7161 }, 7162 { 7163 .cmd = NL80211_CMD_ASSOCIATE, 7164 .doit = nl80211_associate, 7165 .policy = nl80211_policy, 7166 .flags = GENL_ADMIN_PERM, 7167 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7168 NL80211_FLAG_NEED_RTNL, 7169 }, 7170 { 7171 .cmd = NL80211_CMD_DEAUTHENTICATE, 7172 .doit = nl80211_deauthenticate, 7173 .policy = nl80211_policy, 7174 .flags = GENL_ADMIN_PERM, 7175 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7176 NL80211_FLAG_NEED_RTNL, 7177 }, 7178 { 7179 .cmd = NL80211_CMD_DISASSOCIATE, 7180 .doit = nl80211_disassociate, 7181 .policy = nl80211_policy, 7182 .flags = GENL_ADMIN_PERM, 7183 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7184 NL80211_FLAG_NEED_RTNL, 7185 }, 7186 { 7187 .cmd = NL80211_CMD_JOIN_IBSS, 7188 .doit = nl80211_join_ibss, 7189 .policy = nl80211_policy, 7190 .flags = GENL_ADMIN_PERM, 7191 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7192 NL80211_FLAG_NEED_RTNL, 7193 }, 7194 { 7195 .cmd = NL80211_CMD_LEAVE_IBSS, 7196 .doit = nl80211_leave_ibss, 7197 .policy = nl80211_policy, 7198 .flags = GENL_ADMIN_PERM, 7199 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7200 NL80211_FLAG_NEED_RTNL, 7201 }, 7202 #ifdef CONFIG_NL80211_TESTMODE 7203 { 7204 .cmd = NL80211_CMD_TESTMODE, 7205 .doit = nl80211_testmode_do, 7206 .dumpit = nl80211_testmode_dump, 7207 .policy = nl80211_policy, 7208 .flags = GENL_ADMIN_PERM, 7209 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7210 NL80211_FLAG_NEED_RTNL, 7211 }, 7212 #endif 7213 { 7214 .cmd = NL80211_CMD_CONNECT, 7215 .doit = nl80211_connect, 7216 .policy = nl80211_policy, 7217 .flags = GENL_ADMIN_PERM, 7218 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7219 NL80211_FLAG_NEED_RTNL, 7220 }, 7221 { 7222 .cmd = NL80211_CMD_DISCONNECT, 7223 .doit = nl80211_disconnect, 7224 .policy = nl80211_policy, 7225 .flags = GENL_ADMIN_PERM, 7226 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7227 NL80211_FLAG_NEED_RTNL, 7228 }, 7229 { 7230 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 7231 .doit = nl80211_wiphy_netns, 7232 .policy = nl80211_policy, 7233 .flags = GENL_ADMIN_PERM, 7234 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7235 NL80211_FLAG_NEED_RTNL, 7236 }, 7237 { 7238 .cmd = NL80211_CMD_GET_SURVEY, 7239 .policy = nl80211_policy, 7240 .dumpit = nl80211_dump_survey, 7241 }, 7242 { 7243 .cmd = NL80211_CMD_SET_PMKSA, 7244 .doit = nl80211_setdel_pmksa, 7245 .policy = nl80211_policy, 7246 .flags = GENL_ADMIN_PERM, 7247 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7248 NL80211_FLAG_NEED_RTNL, 7249 }, 7250 { 7251 .cmd = NL80211_CMD_DEL_PMKSA, 7252 .doit = nl80211_setdel_pmksa, 7253 .policy = nl80211_policy, 7254 .flags = GENL_ADMIN_PERM, 7255 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7256 NL80211_FLAG_NEED_RTNL, 7257 }, 7258 { 7259 .cmd = NL80211_CMD_FLUSH_PMKSA, 7260 .doit = nl80211_flush_pmksa, 7261 .policy = nl80211_policy, 7262 .flags = GENL_ADMIN_PERM, 7263 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7264 NL80211_FLAG_NEED_RTNL, 7265 }, 7266 { 7267 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 7268 .doit = nl80211_remain_on_channel, 7269 .policy = nl80211_policy, 7270 .flags = GENL_ADMIN_PERM, 7271 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7272 NL80211_FLAG_NEED_RTNL, 7273 }, 7274 { 7275 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 7276 .doit = nl80211_cancel_remain_on_channel, 7277 .policy = nl80211_policy, 7278 .flags = GENL_ADMIN_PERM, 7279 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7280 NL80211_FLAG_NEED_RTNL, 7281 }, 7282 { 7283 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 7284 .doit = nl80211_set_tx_bitrate_mask, 7285 .policy = nl80211_policy, 7286 .flags = GENL_ADMIN_PERM, 7287 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7288 NL80211_FLAG_NEED_RTNL, 7289 }, 7290 { 7291 .cmd = NL80211_CMD_REGISTER_FRAME, 7292 .doit = nl80211_register_mgmt, 7293 .policy = nl80211_policy, 7294 .flags = GENL_ADMIN_PERM, 7295 .internal_flags = NL80211_FLAG_NEED_WDEV | 7296 NL80211_FLAG_NEED_RTNL, 7297 }, 7298 { 7299 .cmd = NL80211_CMD_FRAME, 7300 .doit = nl80211_tx_mgmt, 7301 .policy = nl80211_policy, 7302 .flags = GENL_ADMIN_PERM, 7303 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7304 NL80211_FLAG_NEED_RTNL, 7305 }, 7306 { 7307 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 7308 .doit = nl80211_tx_mgmt_cancel_wait, 7309 .policy = nl80211_policy, 7310 .flags = GENL_ADMIN_PERM, 7311 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 7312 NL80211_FLAG_NEED_RTNL, 7313 }, 7314 { 7315 .cmd = NL80211_CMD_SET_POWER_SAVE, 7316 .doit = nl80211_set_power_save, 7317 .policy = nl80211_policy, 7318 .flags = GENL_ADMIN_PERM, 7319 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7320 NL80211_FLAG_NEED_RTNL, 7321 }, 7322 { 7323 .cmd = NL80211_CMD_GET_POWER_SAVE, 7324 .doit = nl80211_get_power_save, 7325 .policy = nl80211_policy, 7326 /* can be retrieved by unprivileged users */ 7327 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7328 NL80211_FLAG_NEED_RTNL, 7329 }, 7330 { 7331 .cmd = NL80211_CMD_SET_CQM, 7332 .doit = nl80211_set_cqm, 7333 .policy = nl80211_policy, 7334 .flags = GENL_ADMIN_PERM, 7335 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7336 NL80211_FLAG_NEED_RTNL, 7337 }, 7338 { 7339 .cmd = NL80211_CMD_SET_CHANNEL, 7340 .doit = nl80211_set_channel, 7341 .policy = nl80211_policy, 7342 .flags = GENL_ADMIN_PERM, 7343 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7344 NL80211_FLAG_NEED_RTNL, 7345 }, 7346 { 7347 .cmd = NL80211_CMD_SET_WDS_PEER, 7348 .doit = nl80211_set_wds_peer, 7349 .policy = nl80211_policy, 7350 .flags = GENL_ADMIN_PERM, 7351 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7352 NL80211_FLAG_NEED_RTNL, 7353 }, 7354 { 7355 .cmd = NL80211_CMD_JOIN_MESH, 7356 .doit = nl80211_join_mesh, 7357 .policy = nl80211_policy, 7358 .flags = GENL_ADMIN_PERM, 7359 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7360 NL80211_FLAG_NEED_RTNL, 7361 }, 7362 { 7363 .cmd = NL80211_CMD_LEAVE_MESH, 7364 .doit = nl80211_leave_mesh, 7365 .policy = nl80211_policy, 7366 .flags = GENL_ADMIN_PERM, 7367 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7368 NL80211_FLAG_NEED_RTNL, 7369 }, 7370 #ifdef CONFIG_PM 7371 { 7372 .cmd = NL80211_CMD_GET_WOWLAN, 7373 .doit = nl80211_get_wowlan, 7374 .policy = nl80211_policy, 7375 /* can be retrieved by unprivileged users */ 7376 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7377 NL80211_FLAG_NEED_RTNL, 7378 }, 7379 { 7380 .cmd = NL80211_CMD_SET_WOWLAN, 7381 .doit = nl80211_set_wowlan, 7382 .policy = nl80211_policy, 7383 .flags = GENL_ADMIN_PERM, 7384 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7385 NL80211_FLAG_NEED_RTNL, 7386 }, 7387 #endif 7388 { 7389 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 7390 .doit = nl80211_set_rekey_data, 7391 .policy = nl80211_policy, 7392 .flags = GENL_ADMIN_PERM, 7393 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7394 NL80211_FLAG_NEED_RTNL, 7395 }, 7396 { 7397 .cmd = NL80211_CMD_TDLS_MGMT, 7398 .doit = nl80211_tdls_mgmt, 7399 .policy = nl80211_policy, 7400 .flags = GENL_ADMIN_PERM, 7401 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7402 NL80211_FLAG_NEED_RTNL, 7403 }, 7404 { 7405 .cmd = NL80211_CMD_TDLS_OPER, 7406 .doit = nl80211_tdls_oper, 7407 .policy = nl80211_policy, 7408 .flags = GENL_ADMIN_PERM, 7409 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7410 NL80211_FLAG_NEED_RTNL, 7411 }, 7412 { 7413 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 7414 .doit = nl80211_register_unexpected_frame, 7415 .policy = nl80211_policy, 7416 .flags = GENL_ADMIN_PERM, 7417 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7418 NL80211_FLAG_NEED_RTNL, 7419 }, 7420 { 7421 .cmd = NL80211_CMD_PROBE_CLIENT, 7422 .doit = nl80211_probe_client, 7423 .policy = nl80211_policy, 7424 .flags = GENL_ADMIN_PERM, 7425 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7426 NL80211_FLAG_NEED_RTNL, 7427 }, 7428 { 7429 .cmd = NL80211_CMD_REGISTER_BEACONS, 7430 .doit = nl80211_register_beacons, 7431 .policy = nl80211_policy, 7432 .flags = GENL_ADMIN_PERM, 7433 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7434 NL80211_FLAG_NEED_RTNL, 7435 }, 7436 { 7437 .cmd = NL80211_CMD_SET_NOACK_MAP, 7438 .doit = nl80211_set_noack_map, 7439 .policy = nl80211_policy, 7440 .flags = GENL_ADMIN_PERM, 7441 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7442 NL80211_FLAG_NEED_RTNL, 7443 }, 7444 7445 }; 7446 7447 static struct genl_multicast_group nl80211_mlme_mcgrp = { 7448 .name = "mlme", 7449 }; 7450 7451 /* multicast groups */ 7452 static struct genl_multicast_group nl80211_config_mcgrp = { 7453 .name = "config", 7454 }; 7455 static struct genl_multicast_group nl80211_scan_mcgrp = { 7456 .name = "scan", 7457 }; 7458 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 7459 .name = "regulatory", 7460 }; 7461 7462 /* notification functions */ 7463 7464 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 7465 { 7466 struct sk_buff *msg; 7467 7468 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7469 if (!msg) 7470 return; 7471 7472 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 7473 nlmsg_free(msg); 7474 return; 7475 } 7476 7477 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7478 nl80211_config_mcgrp.id, GFP_KERNEL); 7479 } 7480 7481 static int nl80211_add_scan_req(struct sk_buff *msg, 7482 struct cfg80211_registered_device *rdev) 7483 { 7484 struct cfg80211_scan_request *req = rdev->scan_req; 7485 struct nlattr *nest; 7486 int i; 7487 7488 ASSERT_RDEV_LOCK(rdev); 7489 7490 if (WARN_ON(!req)) 7491 return 0; 7492 7493 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 7494 if (!nest) 7495 goto nla_put_failure; 7496 for (i = 0; i < req->n_ssids; i++) { 7497 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 7498 goto nla_put_failure; 7499 } 7500 nla_nest_end(msg, nest); 7501 7502 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 7503 if (!nest) 7504 goto nla_put_failure; 7505 for (i = 0; i < req->n_channels; i++) { 7506 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 7507 goto nla_put_failure; 7508 } 7509 nla_nest_end(msg, nest); 7510 7511 if (req->ie && 7512 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 7513 goto nla_put_failure; 7514 7515 return 0; 7516 nla_put_failure: 7517 return -ENOBUFS; 7518 } 7519 7520 static int nl80211_send_scan_msg(struct sk_buff *msg, 7521 struct cfg80211_registered_device *rdev, 7522 struct wireless_dev *wdev, 7523 u32 pid, u32 seq, int flags, 7524 u32 cmd) 7525 { 7526 void *hdr; 7527 7528 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 7529 if (!hdr) 7530 return -1; 7531 7532 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7533 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 7534 wdev->netdev->ifindex)) || 7535 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 7536 goto nla_put_failure; 7537 7538 /* ignore errors and send incomplete event anyway */ 7539 nl80211_add_scan_req(msg, rdev); 7540 7541 return genlmsg_end(msg, hdr); 7542 7543 nla_put_failure: 7544 genlmsg_cancel(msg, hdr); 7545 return -EMSGSIZE; 7546 } 7547 7548 static int 7549 nl80211_send_sched_scan_msg(struct sk_buff *msg, 7550 struct cfg80211_registered_device *rdev, 7551 struct net_device *netdev, 7552 u32 pid, u32 seq, int flags, u32 cmd) 7553 { 7554 void *hdr; 7555 7556 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 7557 if (!hdr) 7558 return -1; 7559 7560 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7561 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7562 goto nla_put_failure; 7563 7564 return genlmsg_end(msg, hdr); 7565 7566 nla_put_failure: 7567 genlmsg_cancel(msg, hdr); 7568 return -EMSGSIZE; 7569 } 7570 7571 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 7572 struct wireless_dev *wdev) 7573 { 7574 struct sk_buff *msg; 7575 7576 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7577 if (!msg) 7578 return; 7579 7580 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7581 NL80211_CMD_TRIGGER_SCAN) < 0) { 7582 nlmsg_free(msg); 7583 return; 7584 } 7585 7586 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7587 nl80211_scan_mcgrp.id, GFP_KERNEL); 7588 } 7589 7590 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7591 struct wireless_dev *wdev) 7592 { 7593 struct sk_buff *msg; 7594 7595 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7596 if (!msg) 7597 return; 7598 7599 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7600 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7601 nlmsg_free(msg); 7602 return; 7603 } 7604 7605 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7606 nl80211_scan_mcgrp.id, GFP_KERNEL); 7607 } 7608 7609 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7610 struct wireless_dev *wdev) 7611 { 7612 struct sk_buff *msg; 7613 7614 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7615 if (!msg) 7616 return; 7617 7618 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 7619 NL80211_CMD_SCAN_ABORTED) < 0) { 7620 nlmsg_free(msg); 7621 return; 7622 } 7623 7624 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7625 nl80211_scan_mcgrp.id, GFP_KERNEL); 7626 } 7627 7628 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 7629 struct net_device *netdev) 7630 { 7631 struct sk_buff *msg; 7632 7633 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7634 if (!msg) 7635 return; 7636 7637 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 7638 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 7639 nlmsg_free(msg); 7640 return; 7641 } 7642 7643 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7644 nl80211_scan_mcgrp.id, GFP_KERNEL); 7645 } 7646 7647 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 7648 struct net_device *netdev, u32 cmd) 7649 { 7650 struct sk_buff *msg; 7651 7652 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7653 if (!msg) 7654 return; 7655 7656 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 7657 nlmsg_free(msg); 7658 return; 7659 } 7660 7661 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7662 nl80211_scan_mcgrp.id, GFP_KERNEL); 7663 } 7664 7665 /* 7666 * This can happen on global regulatory changes or device specific settings 7667 * based on custom world regulatory domains. 7668 */ 7669 void nl80211_send_reg_change_event(struct regulatory_request *request) 7670 { 7671 struct sk_buff *msg; 7672 void *hdr; 7673 7674 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7675 if (!msg) 7676 return; 7677 7678 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 7679 if (!hdr) { 7680 nlmsg_free(msg); 7681 return; 7682 } 7683 7684 /* Userspace can always count this one always being set */ 7685 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 7686 goto nla_put_failure; 7687 7688 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 7689 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7690 NL80211_REGDOM_TYPE_WORLD)) 7691 goto nla_put_failure; 7692 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 7693 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7694 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 7695 goto nla_put_failure; 7696 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 7697 request->intersect) { 7698 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7699 NL80211_REGDOM_TYPE_INTERSECTION)) 7700 goto nla_put_failure; 7701 } else { 7702 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7703 NL80211_REGDOM_TYPE_COUNTRY) || 7704 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 7705 request->alpha2)) 7706 goto nla_put_failure; 7707 } 7708 7709 if (wiphy_idx_valid(request->wiphy_idx) && 7710 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 7711 goto nla_put_failure; 7712 7713 genlmsg_end(msg, hdr); 7714 7715 rcu_read_lock(); 7716 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7717 GFP_ATOMIC); 7718 rcu_read_unlock(); 7719 7720 return; 7721 7722 nla_put_failure: 7723 genlmsg_cancel(msg, hdr); 7724 nlmsg_free(msg); 7725 } 7726 7727 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 7728 struct net_device *netdev, 7729 const u8 *buf, size_t len, 7730 enum nl80211_commands cmd, gfp_t gfp) 7731 { 7732 struct sk_buff *msg; 7733 void *hdr; 7734 7735 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7736 if (!msg) 7737 return; 7738 7739 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7740 if (!hdr) { 7741 nlmsg_free(msg); 7742 return; 7743 } 7744 7745 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7746 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7747 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 7748 goto nla_put_failure; 7749 7750 genlmsg_end(msg, hdr); 7751 7752 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7753 nl80211_mlme_mcgrp.id, gfp); 7754 return; 7755 7756 nla_put_failure: 7757 genlmsg_cancel(msg, hdr); 7758 nlmsg_free(msg); 7759 } 7760 7761 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 7762 struct net_device *netdev, const u8 *buf, 7763 size_t len, gfp_t gfp) 7764 { 7765 nl80211_send_mlme_event(rdev, netdev, buf, len, 7766 NL80211_CMD_AUTHENTICATE, gfp); 7767 } 7768 7769 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 7770 struct net_device *netdev, const u8 *buf, 7771 size_t len, gfp_t gfp) 7772 { 7773 nl80211_send_mlme_event(rdev, netdev, buf, len, 7774 NL80211_CMD_ASSOCIATE, gfp); 7775 } 7776 7777 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 7778 struct net_device *netdev, const u8 *buf, 7779 size_t len, gfp_t gfp) 7780 { 7781 nl80211_send_mlme_event(rdev, netdev, buf, len, 7782 NL80211_CMD_DEAUTHENTICATE, gfp); 7783 } 7784 7785 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 7786 struct net_device *netdev, const u8 *buf, 7787 size_t len, gfp_t gfp) 7788 { 7789 nl80211_send_mlme_event(rdev, netdev, buf, len, 7790 NL80211_CMD_DISASSOCIATE, gfp); 7791 } 7792 7793 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 7794 struct net_device *netdev, const u8 *buf, 7795 size_t len, gfp_t gfp) 7796 { 7797 nl80211_send_mlme_event(rdev, netdev, buf, len, 7798 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 7799 } 7800 7801 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 7802 struct net_device *netdev, const u8 *buf, 7803 size_t len, gfp_t gfp) 7804 { 7805 nl80211_send_mlme_event(rdev, netdev, buf, len, 7806 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 7807 } 7808 7809 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 7810 struct net_device *netdev, int cmd, 7811 const u8 *addr, gfp_t gfp) 7812 { 7813 struct sk_buff *msg; 7814 void *hdr; 7815 7816 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7817 if (!msg) 7818 return; 7819 7820 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7821 if (!hdr) { 7822 nlmsg_free(msg); 7823 return; 7824 } 7825 7826 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7827 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7828 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 7829 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 7830 goto nla_put_failure; 7831 7832 genlmsg_end(msg, hdr); 7833 7834 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7835 nl80211_mlme_mcgrp.id, gfp); 7836 return; 7837 7838 nla_put_failure: 7839 genlmsg_cancel(msg, hdr); 7840 nlmsg_free(msg); 7841 } 7842 7843 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 7844 struct net_device *netdev, const u8 *addr, 7845 gfp_t gfp) 7846 { 7847 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 7848 addr, gfp); 7849 } 7850 7851 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 7852 struct net_device *netdev, const u8 *addr, 7853 gfp_t gfp) 7854 { 7855 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 7856 addr, gfp); 7857 } 7858 7859 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 7860 struct net_device *netdev, const u8 *bssid, 7861 const u8 *req_ie, size_t req_ie_len, 7862 const u8 *resp_ie, size_t resp_ie_len, 7863 u16 status, gfp_t gfp) 7864 { 7865 struct sk_buff *msg; 7866 void *hdr; 7867 7868 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7869 if (!msg) 7870 return; 7871 7872 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 7873 if (!hdr) { 7874 nlmsg_free(msg); 7875 return; 7876 } 7877 7878 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7879 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7880 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 7881 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 7882 (req_ie && 7883 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 7884 (resp_ie && 7885 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 7886 goto nla_put_failure; 7887 7888 genlmsg_end(msg, hdr); 7889 7890 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7891 nl80211_mlme_mcgrp.id, gfp); 7892 return; 7893 7894 nla_put_failure: 7895 genlmsg_cancel(msg, hdr); 7896 nlmsg_free(msg); 7897 7898 } 7899 7900 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 7901 struct net_device *netdev, const u8 *bssid, 7902 const u8 *req_ie, size_t req_ie_len, 7903 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 7904 { 7905 struct sk_buff *msg; 7906 void *hdr; 7907 7908 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7909 if (!msg) 7910 return; 7911 7912 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 7913 if (!hdr) { 7914 nlmsg_free(msg); 7915 return; 7916 } 7917 7918 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7919 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7920 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 7921 (req_ie && 7922 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 7923 (resp_ie && 7924 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 7925 goto nla_put_failure; 7926 7927 genlmsg_end(msg, hdr); 7928 7929 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7930 nl80211_mlme_mcgrp.id, gfp); 7931 return; 7932 7933 nla_put_failure: 7934 genlmsg_cancel(msg, hdr); 7935 nlmsg_free(msg); 7936 7937 } 7938 7939 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 7940 struct net_device *netdev, u16 reason, 7941 const u8 *ie, size_t ie_len, bool from_ap) 7942 { 7943 struct sk_buff *msg; 7944 void *hdr; 7945 7946 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7947 if (!msg) 7948 return; 7949 7950 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 7951 if (!hdr) { 7952 nlmsg_free(msg); 7953 return; 7954 } 7955 7956 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7957 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7958 (from_ap && reason && 7959 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 7960 (from_ap && 7961 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 7962 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 7963 goto nla_put_failure; 7964 7965 genlmsg_end(msg, hdr); 7966 7967 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7968 nl80211_mlme_mcgrp.id, GFP_KERNEL); 7969 return; 7970 7971 nla_put_failure: 7972 genlmsg_cancel(msg, hdr); 7973 nlmsg_free(msg); 7974 7975 } 7976 7977 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 7978 struct net_device *netdev, const u8 *bssid, 7979 gfp_t gfp) 7980 { 7981 struct sk_buff *msg; 7982 void *hdr; 7983 7984 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7985 if (!msg) 7986 return; 7987 7988 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 7989 if (!hdr) { 7990 nlmsg_free(msg); 7991 return; 7992 } 7993 7994 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7995 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7996 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 7997 goto nla_put_failure; 7998 7999 genlmsg_end(msg, hdr); 8000 8001 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8002 nl80211_mlme_mcgrp.id, gfp); 8003 return; 8004 8005 nla_put_failure: 8006 genlmsg_cancel(msg, hdr); 8007 nlmsg_free(msg); 8008 } 8009 8010 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 8011 struct net_device *netdev, 8012 const u8 *macaddr, const u8* ie, u8 ie_len, 8013 gfp_t gfp) 8014 { 8015 struct sk_buff *msg; 8016 void *hdr; 8017 8018 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8019 if (!msg) 8020 return; 8021 8022 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 8023 if (!hdr) { 8024 nlmsg_free(msg); 8025 return; 8026 } 8027 8028 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8029 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8030 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) || 8031 (ie_len && ie && 8032 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 8033 goto nla_put_failure; 8034 8035 genlmsg_end(msg, hdr); 8036 8037 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8038 nl80211_mlme_mcgrp.id, gfp); 8039 return; 8040 8041 nla_put_failure: 8042 genlmsg_cancel(msg, hdr); 8043 nlmsg_free(msg); 8044 } 8045 8046 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 8047 struct net_device *netdev, const u8 *addr, 8048 enum nl80211_key_type key_type, int key_id, 8049 const u8 *tsc, gfp_t gfp) 8050 { 8051 struct sk_buff *msg; 8052 void *hdr; 8053 8054 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8055 if (!msg) 8056 return; 8057 8058 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 8059 if (!hdr) { 8060 nlmsg_free(msg); 8061 return; 8062 } 8063 8064 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8065 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8066 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 8067 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 8068 (key_id != -1 && 8069 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 8070 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 8071 goto nla_put_failure; 8072 8073 genlmsg_end(msg, hdr); 8074 8075 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8076 nl80211_mlme_mcgrp.id, gfp); 8077 return; 8078 8079 nla_put_failure: 8080 genlmsg_cancel(msg, hdr); 8081 nlmsg_free(msg); 8082 } 8083 8084 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 8085 struct ieee80211_channel *channel_before, 8086 struct ieee80211_channel *channel_after) 8087 { 8088 struct sk_buff *msg; 8089 void *hdr; 8090 struct nlattr *nl_freq; 8091 8092 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 8093 if (!msg) 8094 return; 8095 8096 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 8097 if (!hdr) { 8098 nlmsg_free(msg); 8099 return; 8100 } 8101 8102 /* 8103 * Since we are applying the beacon hint to a wiphy we know its 8104 * wiphy_idx is valid 8105 */ 8106 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8107 goto nla_put_failure; 8108 8109 /* Before */ 8110 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 8111 if (!nl_freq) 8112 goto nla_put_failure; 8113 if (nl80211_msg_put_channel(msg, channel_before)) 8114 goto nla_put_failure; 8115 nla_nest_end(msg, nl_freq); 8116 8117 /* After */ 8118 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 8119 if (!nl_freq) 8120 goto nla_put_failure; 8121 if (nl80211_msg_put_channel(msg, channel_after)) 8122 goto nla_put_failure; 8123 nla_nest_end(msg, nl_freq); 8124 8125 genlmsg_end(msg, hdr); 8126 8127 rcu_read_lock(); 8128 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 8129 GFP_ATOMIC); 8130 rcu_read_unlock(); 8131 8132 return; 8133 8134 nla_put_failure: 8135 genlmsg_cancel(msg, hdr); 8136 nlmsg_free(msg); 8137 } 8138 8139 static void nl80211_send_remain_on_chan_event( 8140 int cmd, struct cfg80211_registered_device *rdev, 8141 struct wireless_dev *wdev, u64 cookie, 8142 struct ieee80211_channel *chan, 8143 enum nl80211_channel_type channel_type, 8144 unsigned int duration, gfp_t gfp) 8145 { 8146 struct sk_buff *msg; 8147 void *hdr; 8148 8149 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8150 if (!msg) 8151 return; 8152 8153 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8154 if (!hdr) { 8155 nlmsg_free(msg); 8156 return; 8157 } 8158 8159 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8160 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8161 wdev->netdev->ifindex)) || 8162 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 8163 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 8164 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) || 8165 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 8166 goto nla_put_failure; 8167 8168 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 8169 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 8170 goto nla_put_failure; 8171 8172 genlmsg_end(msg, hdr); 8173 8174 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8175 nl80211_mlme_mcgrp.id, gfp); 8176 return; 8177 8178 nla_put_failure: 8179 genlmsg_cancel(msg, hdr); 8180 nlmsg_free(msg); 8181 } 8182 8183 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 8184 struct wireless_dev *wdev, u64 cookie, 8185 struct ieee80211_channel *chan, 8186 enum nl80211_channel_type channel_type, 8187 unsigned int duration, gfp_t gfp) 8188 { 8189 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 8190 rdev, wdev, cookie, chan, 8191 channel_type, duration, gfp); 8192 } 8193 8194 void nl80211_send_remain_on_channel_cancel( 8195 struct cfg80211_registered_device *rdev, 8196 struct wireless_dev *wdev, 8197 u64 cookie, struct ieee80211_channel *chan, 8198 enum nl80211_channel_type channel_type, gfp_t gfp) 8199 { 8200 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 8201 rdev, wdev, cookie, chan, 8202 channel_type, 0, gfp); 8203 } 8204 8205 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 8206 struct net_device *dev, const u8 *mac_addr, 8207 struct station_info *sinfo, gfp_t gfp) 8208 { 8209 struct sk_buff *msg; 8210 8211 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8212 if (!msg) 8213 return; 8214 8215 if (nl80211_send_station(msg, 0, 0, 0, 8216 rdev, dev, mac_addr, sinfo) < 0) { 8217 nlmsg_free(msg); 8218 return; 8219 } 8220 8221 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8222 nl80211_mlme_mcgrp.id, gfp); 8223 } 8224 8225 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 8226 struct net_device *dev, const u8 *mac_addr, 8227 gfp_t gfp) 8228 { 8229 struct sk_buff *msg; 8230 void *hdr; 8231 8232 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8233 if (!msg) 8234 return; 8235 8236 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 8237 if (!hdr) { 8238 nlmsg_free(msg); 8239 return; 8240 } 8241 8242 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8243 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 8244 goto nla_put_failure; 8245 8246 genlmsg_end(msg, hdr); 8247 8248 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8249 nl80211_mlme_mcgrp.id, gfp); 8250 return; 8251 8252 nla_put_failure: 8253 genlmsg_cancel(msg, hdr); 8254 nlmsg_free(msg); 8255 } 8256 8257 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 8258 const u8 *addr, gfp_t gfp) 8259 { 8260 struct wireless_dev *wdev = dev->ieee80211_ptr; 8261 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 8262 struct sk_buff *msg; 8263 void *hdr; 8264 int err; 8265 u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid); 8266 8267 if (!nlpid) 8268 return false; 8269 8270 msg = nlmsg_new(100, gfp); 8271 if (!msg) 8272 return true; 8273 8274 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8275 if (!hdr) { 8276 nlmsg_free(msg); 8277 return true; 8278 } 8279 8280 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8281 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8282 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 8283 goto nla_put_failure; 8284 8285 err = genlmsg_end(msg, hdr); 8286 if (err < 0) { 8287 nlmsg_free(msg); 8288 return true; 8289 } 8290 8291 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 8292 return true; 8293 8294 nla_put_failure: 8295 genlmsg_cancel(msg, hdr); 8296 nlmsg_free(msg); 8297 return true; 8298 } 8299 8300 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 8301 { 8302 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 8303 addr, gfp); 8304 } 8305 8306 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 8307 const u8 *addr, gfp_t gfp) 8308 { 8309 return __nl80211_unexpected_frame(dev, 8310 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 8311 addr, gfp); 8312 } 8313 8314 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 8315 struct wireless_dev *wdev, u32 nlpid, 8316 int freq, int sig_dbm, 8317 const u8 *buf, size_t len, gfp_t gfp) 8318 { 8319 struct net_device *netdev = wdev->netdev; 8320 struct sk_buff *msg; 8321 void *hdr; 8322 8323 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8324 if (!msg) 8325 return -ENOMEM; 8326 8327 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8328 if (!hdr) { 8329 nlmsg_free(msg); 8330 return -ENOMEM; 8331 } 8332 8333 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8334 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8335 netdev->ifindex)) || 8336 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8337 (sig_dbm && 8338 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8339 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 8340 goto nla_put_failure; 8341 8342 genlmsg_end(msg, hdr); 8343 8344 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 8345 8346 nla_put_failure: 8347 genlmsg_cancel(msg, hdr); 8348 nlmsg_free(msg); 8349 return -ENOBUFS; 8350 } 8351 8352 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 8353 struct wireless_dev *wdev, u64 cookie, 8354 const u8 *buf, size_t len, bool ack, 8355 gfp_t gfp) 8356 { 8357 struct net_device *netdev = wdev->netdev; 8358 struct sk_buff *msg; 8359 void *hdr; 8360 8361 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8362 if (!msg) 8363 return; 8364 8365 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 8366 if (!hdr) { 8367 nlmsg_free(msg); 8368 return; 8369 } 8370 8371 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8372 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8373 netdev->ifindex)) || 8374 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 8375 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8376 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 8377 goto nla_put_failure; 8378 8379 genlmsg_end(msg, hdr); 8380 8381 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 8382 return; 8383 8384 nla_put_failure: 8385 genlmsg_cancel(msg, hdr); 8386 nlmsg_free(msg); 8387 } 8388 8389 void 8390 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 8391 struct net_device *netdev, 8392 enum nl80211_cqm_rssi_threshold_event rssi_event, 8393 gfp_t gfp) 8394 { 8395 struct sk_buff *msg; 8396 struct nlattr *pinfoattr; 8397 void *hdr; 8398 8399 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8400 if (!msg) 8401 return; 8402 8403 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8404 if (!hdr) { 8405 nlmsg_free(msg); 8406 return; 8407 } 8408 8409 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8410 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8411 goto nla_put_failure; 8412 8413 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8414 if (!pinfoattr) 8415 goto nla_put_failure; 8416 8417 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 8418 rssi_event)) 8419 goto nla_put_failure; 8420 8421 nla_nest_end(msg, pinfoattr); 8422 8423 genlmsg_end(msg, hdr); 8424 8425 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8426 nl80211_mlme_mcgrp.id, gfp); 8427 return; 8428 8429 nla_put_failure: 8430 genlmsg_cancel(msg, hdr); 8431 nlmsg_free(msg); 8432 } 8433 8434 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 8435 struct net_device *netdev, const u8 *bssid, 8436 const u8 *replay_ctr, gfp_t gfp) 8437 { 8438 struct sk_buff *msg; 8439 struct nlattr *rekey_attr; 8440 void *hdr; 8441 8442 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8443 if (!msg) 8444 return; 8445 8446 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 8447 if (!hdr) { 8448 nlmsg_free(msg); 8449 return; 8450 } 8451 8452 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8453 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8454 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 8455 goto nla_put_failure; 8456 8457 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 8458 if (!rekey_attr) 8459 goto nla_put_failure; 8460 8461 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 8462 NL80211_REPLAY_CTR_LEN, replay_ctr)) 8463 goto nla_put_failure; 8464 8465 nla_nest_end(msg, rekey_attr); 8466 8467 genlmsg_end(msg, hdr); 8468 8469 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8470 nl80211_mlme_mcgrp.id, gfp); 8471 return; 8472 8473 nla_put_failure: 8474 genlmsg_cancel(msg, hdr); 8475 nlmsg_free(msg); 8476 } 8477 8478 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 8479 struct net_device *netdev, int index, 8480 const u8 *bssid, bool preauth, gfp_t gfp) 8481 { 8482 struct sk_buff *msg; 8483 struct nlattr *attr; 8484 void *hdr; 8485 8486 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8487 if (!msg) 8488 return; 8489 8490 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 8491 if (!hdr) { 8492 nlmsg_free(msg); 8493 return; 8494 } 8495 8496 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8497 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8498 goto nla_put_failure; 8499 8500 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 8501 if (!attr) 8502 goto nla_put_failure; 8503 8504 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 8505 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 8506 (preauth && 8507 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 8508 goto nla_put_failure; 8509 8510 nla_nest_end(msg, attr); 8511 8512 genlmsg_end(msg, hdr); 8513 8514 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8515 nl80211_mlme_mcgrp.id, gfp); 8516 return; 8517 8518 nla_put_failure: 8519 genlmsg_cancel(msg, hdr); 8520 nlmsg_free(msg); 8521 } 8522 8523 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 8524 struct net_device *netdev, int freq, 8525 enum nl80211_channel_type type, gfp_t gfp) 8526 { 8527 struct sk_buff *msg; 8528 void *hdr; 8529 8530 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8531 if (!msg) 8532 return; 8533 8534 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 8535 if (!hdr) { 8536 nlmsg_free(msg); 8537 return; 8538 } 8539 8540 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8541 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8542 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, type)) 8543 goto nla_put_failure; 8544 8545 genlmsg_end(msg, hdr); 8546 8547 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8548 nl80211_mlme_mcgrp.id, gfp); 8549 return; 8550 8551 nla_put_failure: 8552 genlmsg_cancel(msg, hdr); 8553 nlmsg_free(msg); 8554 } 8555 8556 void 8557 nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev, 8558 struct net_device *netdev, const u8 *peer, 8559 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp) 8560 { 8561 struct sk_buff *msg; 8562 struct nlattr *pinfoattr; 8563 void *hdr; 8564 8565 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8566 if (!msg) 8567 return; 8568 8569 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8570 if (!hdr) { 8571 nlmsg_free(msg); 8572 return; 8573 } 8574 8575 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8576 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8577 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 8578 goto nla_put_failure; 8579 8580 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8581 if (!pinfoattr) 8582 goto nla_put_failure; 8583 8584 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 8585 goto nla_put_failure; 8586 8587 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 8588 goto nla_put_failure; 8589 8590 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 8591 goto nla_put_failure; 8592 8593 nla_nest_end(msg, pinfoattr); 8594 8595 genlmsg_end(msg, hdr); 8596 8597 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8598 nl80211_mlme_mcgrp.id, gfp); 8599 return; 8600 8601 nla_put_failure: 8602 genlmsg_cancel(msg, hdr); 8603 nlmsg_free(msg); 8604 } 8605 8606 void 8607 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 8608 struct net_device *netdev, const u8 *peer, 8609 u32 num_packets, gfp_t gfp) 8610 { 8611 struct sk_buff *msg; 8612 struct nlattr *pinfoattr; 8613 void *hdr; 8614 8615 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8616 if (!msg) 8617 return; 8618 8619 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8620 if (!hdr) { 8621 nlmsg_free(msg); 8622 return; 8623 } 8624 8625 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8626 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8627 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 8628 goto nla_put_failure; 8629 8630 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8631 if (!pinfoattr) 8632 goto nla_put_failure; 8633 8634 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 8635 goto nla_put_failure; 8636 8637 nla_nest_end(msg, pinfoattr); 8638 8639 genlmsg_end(msg, hdr); 8640 8641 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8642 nl80211_mlme_mcgrp.id, gfp); 8643 return; 8644 8645 nla_put_failure: 8646 genlmsg_cancel(msg, hdr); 8647 nlmsg_free(msg); 8648 } 8649 8650 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 8651 u64 cookie, bool acked, gfp_t gfp) 8652 { 8653 struct wireless_dev *wdev = dev->ieee80211_ptr; 8654 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 8655 struct sk_buff *msg; 8656 void *hdr; 8657 int err; 8658 8659 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8660 if (!msg) 8661 return; 8662 8663 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 8664 if (!hdr) { 8665 nlmsg_free(msg); 8666 return; 8667 } 8668 8669 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8670 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8671 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 8672 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8673 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 8674 goto nla_put_failure; 8675 8676 err = genlmsg_end(msg, hdr); 8677 if (err < 0) { 8678 nlmsg_free(msg); 8679 return; 8680 } 8681 8682 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8683 nl80211_mlme_mcgrp.id, gfp); 8684 return; 8685 8686 nla_put_failure: 8687 genlmsg_cancel(msg, hdr); 8688 nlmsg_free(msg); 8689 } 8690 EXPORT_SYMBOL(cfg80211_probe_status); 8691 8692 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 8693 const u8 *frame, size_t len, 8694 int freq, int sig_dbm, gfp_t gfp) 8695 { 8696 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 8697 struct sk_buff *msg; 8698 void *hdr; 8699 u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid); 8700 8701 if (!nlpid) 8702 return; 8703 8704 msg = nlmsg_new(len + 100, gfp); 8705 if (!msg) 8706 return; 8707 8708 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8709 if (!hdr) { 8710 nlmsg_free(msg); 8711 return; 8712 } 8713 8714 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8715 (freq && 8716 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 8717 (sig_dbm && 8718 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8719 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 8720 goto nla_put_failure; 8721 8722 genlmsg_end(msg, hdr); 8723 8724 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 8725 return; 8726 8727 nla_put_failure: 8728 genlmsg_cancel(msg, hdr); 8729 nlmsg_free(msg); 8730 } 8731 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 8732 8733 static int nl80211_netlink_notify(struct notifier_block * nb, 8734 unsigned long state, 8735 void *_notify) 8736 { 8737 struct netlink_notify *notify = _notify; 8738 struct cfg80211_registered_device *rdev; 8739 struct wireless_dev *wdev; 8740 8741 if (state != NETLINK_URELEASE) 8742 return NOTIFY_DONE; 8743 8744 rcu_read_lock(); 8745 8746 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8747 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) 8748 cfg80211_mlme_unregister_socket(wdev, notify->pid); 8749 if (rdev->ap_beacons_nlpid == notify->pid) 8750 rdev->ap_beacons_nlpid = 0; 8751 } 8752 8753 rcu_read_unlock(); 8754 8755 return NOTIFY_DONE; 8756 } 8757 8758 static struct notifier_block nl80211_netlink_notifier = { 8759 .notifier_call = nl80211_netlink_notify, 8760 }; 8761 8762 /* initialisation/exit functions */ 8763 8764 int nl80211_init(void) 8765 { 8766 int err; 8767 8768 err = genl_register_family_with_ops(&nl80211_fam, 8769 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 8770 if (err) 8771 return err; 8772 8773 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 8774 if (err) 8775 goto err_out; 8776 8777 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 8778 if (err) 8779 goto err_out; 8780 8781 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 8782 if (err) 8783 goto err_out; 8784 8785 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 8786 if (err) 8787 goto err_out; 8788 8789 #ifdef CONFIG_NL80211_TESTMODE 8790 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 8791 if (err) 8792 goto err_out; 8793 #endif 8794 8795 err = netlink_register_notifier(&nl80211_netlink_notifier); 8796 if (err) 8797 goto err_out; 8798 8799 return 0; 8800 err_out: 8801 genl_unregister_family(&nl80211_fam); 8802 return err; 8803 } 8804 8805 void nl80211_exit(void) 8806 { 8807 netlink_unregister_notifier(&nl80211_netlink_notifier); 8808 genl_unregister_family(&nl80211_fam); 8809 } 8810