1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include <net/inet_connection_sock.h> 23 #include "core.h" 24 #include "nl80211.h" 25 #include "reg.h" 26 #include "rdev-ops.h" 27 28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 29 struct genl_info *info, 30 struct cfg80211_crypto_settings *settings, 31 int cipher_limit); 32 33 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 34 struct genl_info *info); 35 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 36 struct genl_info *info); 37 38 /* the netlink family */ 39 static struct genl_family nl80211_fam = { 40 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 41 .name = "nl80211", /* have users key off the name instead */ 42 .hdrsize = 0, /* no private header */ 43 .version = 1, /* no particular meaning now */ 44 .maxattr = NL80211_ATTR_MAX, 45 .netnsok = true, 46 .pre_doit = nl80211_pre_doit, 47 .post_doit = nl80211_post_doit, 48 }; 49 50 /* returns ERR_PTR values */ 51 static struct wireless_dev * 52 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs) 53 { 54 struct cfg80211_registered_device *rdev; 55 struct wireless_dev *result = NULL; 56 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 57 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 58 u64 wdev_id; 59 int wiphy_idx = -1; 60 int ifidx = -1; 61 62 assert_cfg80211_lock(); 63 64 if (!have_ifidx && !have_wdev_id) 65 return ERR_PTR(-EINVAL); 66 67 if (have_ifidx) 68 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 69 if (have_wdev_id) { 70 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 71 wiphy_idx = wdev_id >> 32; 72 } 73 74 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 75 struct wireless_dev *wdev; 76 77 if (wiphy_net(&rdev->wiphy) != netns) 78 continue; 79 80 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 81 continue; 82 83 mutex_lock(&rdev->devlist_mtx); 84 list_for_each_entry(wdev, &rdev->wdev_list, list) { 85 if (have_ifidx && wdev->netdev && 86 wdev->netdev->ifindex == ifidx) { 87 result = wdev; 88 break; 89 } 90 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 91 result = wdev; 92 break; 93 } 94 } 95 mutex_unlock(&rdev->devlist_mtx); 96 97 if (result) 98 break; 99 } 100 101 if (result) 102 return result; 103 return ERR_PTR(-ENODEV); 104 } 105 106 static struct cfg80211_registered_device * 107 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 108 { 109 struct cfg80211_registered_device *rdev = NULL, *tmp; 110 struct net_device *netdev; 111 112 assert_cfg80211_lock(); 113 114 if (!attrs[NL80211_ATTR_WIPHY] && 115 !attrs[NL80211_ATTR_IFINDEX] && 116 !attrs[NL80211_ATTR_WDEV]) 117 return ERR_PTR(-EINVAL); 118 119 if (attrs[NL80211_ATTR_WIPHY]) 120 rdev = cfg80211_rdev_by_wiphy_idx( 121 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 122 123 if (attrs[NL80211_ATTR_WDEV]) { 124 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 125 struct wireless_dev *wdev; 126 bool found = false; 127 128 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 129 if (tmp) { 130 /* make sure wdev exists */ 131 mutex_lock(&tmp->devlist_mtx); 132 list_for_each_entry(wdev, &tmp->wdev_list, list) { 133 if (wdev->identifier != (u32)wdev_id) 134 continue; 135 found = true; 136 break; 137 } 138 mutex_unlock(&tmp->devlist_mtx); 139 140 if (!found) 141 tmp = NULL; 142 143 if (rdev && tmp != rdev) 144 return ERR_PTR(-EINVAL); 145 rdev = tmp; 146 } 147 } 148 149 if (attrs[NL80211_ATTR_IFINDEX]) { 150 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 151 netdev = dev_get_by_index(netns, ifindex); 152 if (netdev) { 153 if (netdev->ieee80211_ptr) 154 tmp = wiphy_to_dev( 155 netdev->ieee80211_ptr->wiphy); 156 else 157 tmp = NULL; 158 159 dev_put(netdev); 160 161 /* not wireless device -- return error */ 162 if (!tmp) 163 return ERR_PTR(-EINVAL); 164 165 /* mismatch -- return error */ 166 if (rdev && tmp != rdev) 167 return ERR_PTR(-EINVAL); 168 169 rdev = tmp; 170 } 171 } 172 173 if (!rdev) 174 return ERR_PTR(-ENODEV); 175 176 if (netns != wiphy_net(&rdev->wiphy)) 177 return ERR_PTR(-ENODEV); 178 179 return rdev; 180 } 181 182 /* 183 * This function returns a pointer to the driver 184 * that the genl_info item that is passed refers to. 185 * If successful, it returns non-NULL and also locks 186 * the driver's mutex! 187 * 188 * This means that you need to call cfg80211_unlock_rdev() 189 * before being allowed to acquire &cfg80211_mutex! 190 * 191 * This is necessary because we need to lock the global 192 * mutex to get an item off the list safely, and then 193 * we lock the rdev mutex so it doesn't go away under us. 194 * 195 * We don't want to keep cfg80211_mutex locked 196 * for all the time in order to allow requests on 197 * other interfaces to go through at the same time. 198 * 199 * The result of this can be a PTR_ERR and hence must 200 * be checked with IS_ERR() for errors. 201 */ 202 static struct cfg80211_registered_device * 203 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 204 { 205 struct cfg80211_registered_device *rdev; 206 207 mutex_lock(&cfg80211_mutex); 208 rdev = __cfg80211_rdev_from_attrs(netns, info->attrs); 209 210 /* if it is not an error we grab the lock on 211 * it to assure it won't be going away while 212 * we operate on it */ 213 if (!IS_ERR(rdev)) 214 mutex_lock(&rdev->mtx); 215 216 mutex_unlock(&cfg80211_mutex); 217 218 return rdev; 219 } 220 221 /* policy for the attributes */ 222 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 223 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 224 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 225 .len = 20-1 }, 226 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 227 228 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 229 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 230 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 231 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 232 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 233 234 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 235 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 236 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 237 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 238 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 239 240 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 241 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 242 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 243 244 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 245 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 246 247 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 248 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 249 .len = WLAN_MAX_KEY_LEN }, 250 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 251 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 252 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 253 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 254 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 255 256 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 257 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 258 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 259 .len = IEEE80211_MAX_DATA_LEN }, 260 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 261 .len = IEEE80211_MAX_DATA_LEN }, 262 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 263 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 264 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 265 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 266 .len = NL80211_MAX_SUPP_RATES }, 267 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 268 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 269 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 270 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 271 .len = IEEE80211_MAX_MESH_ID_LEN }, 272 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 273 274 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 275 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 276 277 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 278 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 279 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 280 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 281 .len = NL80211_MAX_SUPP_RATES }, 282 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 283 284 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 285 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 286 287 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 288 289 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 290 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 291 .len = IEEE80211_MAX_DATA_LEN }, 292 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 293 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 294 295 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 296 .len = IEEE80211_MAX_SSID_LEN }, 297 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 298 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 299 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 300 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 301 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 302 [NL80211_ATTR_STA_FLAGS2] = { 303 .len = sizeof(struct nl80211_sta_flag_update), 304 }, 305 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 306 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 307 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 308 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 309 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 310 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 311 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 312 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 313 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 314 .len = WLAN_PMKID_LEN }, 315 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 316 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 317 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 318 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 319 .len = IEEE80211_MAX_DATA_LEN }, 320 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 321 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 322 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 323 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 324 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 325 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 326 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 327 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 328 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 329 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 330 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 331 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 332 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 333 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 334 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 335 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 336 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 337 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 338 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 339 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 340 .len = IEEE80211_MAX_DATA_LEN }, 341 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 342 .len = IEEE80211_MAX_DATA_LEN }, 343 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 344 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 345 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 346 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 347 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 348 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 349 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 350 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 351 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 352 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 353 .len = IEEE80211_MAX_DATA_LEN }, 354 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 355 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 356 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 357 .len = NL80211_HT_CAPABILITY_LEN 358 }, 359 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 360 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 361 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 362 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 363 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 364 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, }, 365 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN }, 366 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 367 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 }, 368 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 }, 369 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 370 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 371 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 372 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 373 }; 374 375 /* policy for the key attributes */ 376 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 377 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 378 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 379 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 380 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 381 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 382 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 383 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 384 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 385 }; 386 387 /* policy for the key default flags */ 388 static const struct nla_policy 389 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 390 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 391 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 392 }; 393 394 /* policy for WoWLAN attributes */ 395 static const struct nla_policy 396 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 397 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 398 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 399 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 400 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 401 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 402 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 403 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 404 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 405 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 406 }; 407 408 static const struct nla_policy 409 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 410 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 411 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 412 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN }, 413 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 414 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 415 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 }, 416 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 417 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 418 }, 419 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 420 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 421 }, 422 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 423 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 }, 424 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 }, 425 }; 426 427 /* policy for GTK rekey offload attributes */ 428 static const struct nla_policy 429 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 430 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 431 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 432 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 433 }; 434 435 static const struct nla_policy 436 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 437 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 438 .len = IEEE80211_MAX_SSID_LEN }, 439 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 440 }; 441 442 /* ifidx get helper */ 443 static int nl80211_get_ifidx(struct netlink_callback *cb) 444 { 445 int res; 446 447 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 448 nl80211_fam.attrbuf, nl80211_fam.maxattr, 449 nl80211_policy); 450 if (res) 451 return res; 452 453 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 454 return -EINVAL; 455 456 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 457 if (!res) 458 return -EINVAL; 459 return res; 460 } 461 462 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 463 struct netlink_callback *cb, 464 struct cfg80211_registered_device **rdev, 465 struct net_device **dev) 466 { 467 int ifidx = cb->args[0]; 468 int err; 469 470 if (!ifidx) 471 ifidx = nl80211_get_ifidx(cb); 472 if (ifidx < 0) 473 return ifidx; 474 475 cb->args[0] = ifidx; 476 477 rtnl_lock(); 478 479 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 480 if (!*dev) { 481 err = -ENODEV; 482 goto out_rtnl; 483 } 484 485 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 486 if (IS_ERR(*rdev)) { 487 err = PTR_ERR(*rdev); 488 goto out_rtnl; 489 } 490 491 return 0; 492 out_rtnl: 493 rtnl_unlock(); 494 return err; 495 } 496 497 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 498 { 499 cfg80211_unlock_rdev(rdev); 500 rtnl_unlock(); 501 } 502 503 /* IE validation */ 504 static bool is_valid_ie_attr(const struct nlattr *attr) 505 { 506 const u8 *pos; 507 int len; 508 509 if (!attr) 510 return true; 511 512 pos = nla_data(attr); 513 len = nla_len(attr); 514 515 while (len) { 516 u8 elemlen; 517 518 if (len < 2) 519 return false; 520 len -= 2; 521 522 elemlen = pos[1]; 523 if (elemlen > len) 524 return false; 525 526 len -= elemlen; 527 pos += 2 + elemlen; 528 } 529 530 return true; 531 } 532 533 /* message building helper */ 534 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 535 int flags, u8 cmd) 536 { 537 /* since there is no private header just add the generic one */ 538 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 539 } 540 541 static int nl80211_msg_put_channel(struct sk_buff *msg, 542 struct ieee80211_channel *chan) 543 { 544 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 545 chan->center_freq)) 546 goto nla_put_failure; 547 548 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 549 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 550 goto nla_put_failure; 551 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 552 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 553 goto nla_put_failure; 554 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 555 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 556 goto nla_put_failure; 557 if ((chan->flags & IEEE80211_CHAN_RADAR) && 558 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 559 goto nla_put_failure; 560 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) && 561 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS)) 562 goto nla_put_failure; 563 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) && 564 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS)) 565 goto nla_put_failure; 566 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) && 567 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ)) 568 goto nla_put_failure; 569 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) && 570 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ)) 571 goto nla_put_failure; 572 573 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 574 DBM_TO_MBM(chan->max_power))) 575 goto nla_put_failure; 576 577 return 0; 578 579 nla_put_failure: 580 return -ENOBUFS; 581 } 582 583 /* netlink command implementations */ 584 585 struct key_parse { 586 struct key_params p; 587 int idx; 588 int type; 589 bool def, defmgmt; 590 bool def_uni, def_multi; 591 }; 592 593 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 594 { 595 struct nlattr *tb[NL80211_KEY_MAX + 1]; 596 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 597 nl80211_key_policy); 598 if (err) 599 return err; 600 601 k->def = !!tb[NL80211_KEY_DEFAULT]; 602 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 603 604 if (k->def) { 605 k->def_uni = true; 606 k->def_multi = true; 607 } 608 if (k->defmgmt) 609 k->def_multi = true; 610 611 if (tb[NL80211_KEY_IDX]) 612 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 613 614 if (tb[NL80211_KEY_DATA]) { 615 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 616 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 617 } 618 619 if (tb[NL80211_KEY_SEQ]) { 620 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 621 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 622 } 623 624 if (tb[NL80211_KEY_CIPHER]) 625 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 626 627 if (tb[NL80211_KEY_TYPE]) { 628 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 629 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 630 return -EINVAL; 631 } 632 633 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 634 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 635 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 636 tb[NL80211_KEY_DEFAULT_TYPES], 637 nl80211_key_default_policy); 638 if (err) 639 return err; 640 641 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 642 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 643 } 644 645 return 0; 646 } 647 648 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 649 { 650 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 651 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 652 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 653 } 654 655 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 656 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 657 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 658 } 659 660 if (info->attrs[NL80211_ATTR_KEY_IDX]) 661 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 662 663 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 664 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 665 666 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 667 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 668 669 if (k->def) { 670 k->def_uni = true; 671 k->def_multi = true; 672 } 673 if (k->defmgmt) 674 k->def_multi = true; 675 676 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 677 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 678 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 679 return -EINVAL; 680 } 681 682 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 683 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 684 int err = nla_parse_nested( 685 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 686 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 687 nl80211_key_default_policy); 688 if (err) 689 return err; 690 691 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 692 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 693 } 694 695 return 0; 696 } 697 698 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 699 { 700 int err; 701 702 memset(k, 0, sizeof(*k)); 703 k->idx = -1; 704 k->type = -1; 705 706 if (info->attrs[NL80211_ATTR_KEY]) 707 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 708 else 709 err = nl80211_parse_key_old(info, k); 710 711 if (err) 712 return err; 713 714 if (k->def && k->defmgmt) 715 return -EINVAL; 716 717 if (k->defmgmt) { 718 if (k->def_uni || !k->def_multi) 719 return -EINVAL; 720 } 721 722 if (k->idx != -1) { 723 if (k->defmgmt) { 724 if (k->idx < 4 || k->idx > 5) 725 return -EINVAL; 726 } else if (k->def) { 727 if (k->idx < 0 || k->idx > 3) 728 return -EINVAL; 729 } else { 730 if (k->idx < 0 || k->idx > 5) 731 return -EINVAL; 732 } 733 } 734 735 return 0; 736 } 737 738 static struct cfg80211_cached_keys * 739 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 740 struct nlattr *keys, bool *no_ht) 741 { 742 struct key_parse parse; 743 struct nlattr *key; 744 struct cfg80211_cached_keys *result; 745 int rem, err, def = 0; 746 747 result = kzalloc(sizeof(*result), GFP_KERNEL); 748 if (!result) 749 return ERR_PTR(-ENOMEM); 750 751 result->def = -1; 752 result->defmgmt = -1; 753 754 nla_for_each_nested(key, keys, rem) { 755 memset(&parse, 0, sizeof(parse)); 756 parse.idx = -1; 757 758 err = nl80211_parse_key_new(key, &parse); 759 if (err) 760 goto error; 761 err = -EINVAL; 762 if (!parse.p.key) 763 goto error; 764 if (parse.idx < 0 || parse.idx > 4) 765 goto error; 766 if (parse.def) { 767 if (def) 768 goto error; 769 def = 1; 770 result->def = parse.idx; 771 if (!parse.def_uni || !parse.def_multi) 772 goto error; 773 } else if (parse.defmgmt) 774 goto error; 775 err = cfg80211_validate_key_settings(rdev, &parse.p, 776 parse.idx, false, NULL); 777 if (err) 778 goto error; 779 result->params[parse.idx].cipher = parse.p.cipher; 780 result->params[parse.idx].key_len = parse.p.key_len; 781 result->params[parse.idx].key = result->data[parse.idx]; 782 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 783 784 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 || 785 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) { 786 if (no_ht) 787 *no_ht = true; 788 } 789 } 790 791 return result; 792 error: 793 kfree(result); 794 return ERR_PTR(err); 795 } 796 797 static int nl80211_key_allowed(struct wireless_dev *wdev) 798 { 799 ASSERT_WDEV_LOCK(wdev); 800 801 switch (wdev->iftype) { 802 case NL80211_IFTYPE_AP: 803 case NL80211_IFTYPE_AP_VLAN: 804 case NL80211_IFTYPE_P2P_GO: 805 case NL80211_IFTYPE_MESH_POINT: 806 break; 807 case NL80211_IFTYPE_ADHOC: 808 if (!wdev->current_bss) 809 return -ENOLINK; 810 break; 811 case NL80211_IFTYPE_STATION: 812 case NL80211_IFTYPE_P2P_CLIENT: 813 if (wdev->sme_state != CFG80211_SME_CONNECTED) 814 return -ENOLINK; 815 break; 816 default: 817 return -EINVAL; 818 } 819 820 return 0; 821 } 822 823 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 824 { 825 struct nlattr *nl_modes = nla_nest_start(msg, attr); 826 int i; 827 828 if (!nl_modes) 829 goto nla_put_failure; 830 831 i = 0; 832 while (ifmodes) { 833 if ((ifmodes & 1) && nla_put_flag(msg, i)) 834 goto nla_put_failure; 835 ifmodes >>= 1; 836 i++; 837 } 838 839 nla_nest_end(msg, nl_modes); 840 return 0; 841 842 nla_put_failure: 843 return -ENOBUFS; 844 } 845 846 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 847 struct sk_buff *msg) 848 { 849 struct nlattr *nl_combis; 850 int i, j; 851 852 nl_combis = nla_nest_start(msg, 853 NL80211_ATTR_INTERFACE_COMBINATIONS); 854 if (!nl_combis) 855 goto nla_put_failure; 856 857 for (i = 0; i < wiphy->n_iface_combinations; i++) { 858 const struct ieee80211_iface_combination *c; 859 struct nlattr *nl_combi, *nl_limits; 860 861 c = &wiphy->iface_combinations[i]; 862 863 nl_combi = nla_nest_start(msg, i + 1); 864 if (!nl_combi) 865 goto nla_put_failure; 866 867 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 868 if (!nl_limits) 869 goto nla_put_failure; 870 871 for (j = 0; j < c->n_limits; j++) { 872 struct nlattr *nl_limit; 873 874 nl_limit = nla_nest_start(msg, j + 1); 875 if (!nl_limit) 876 goto nla_put_failure; 877 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 878 c->limits[j].max)) 879 goto nla_put_failure; 880 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 881 c->limits[j].types)) 882 goto nla_put_failure; 883 nla_nest_end(msg, nl_limit); 884 } 885 886 nla_nest_end(msg, nl_limits); 887 888 if (c->beacon_int_infra_match && 889 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 890 goto nla_put_failure; 891 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 892 c->num_different_channels) || 893 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 894 c->max_interfaces)) 895 goto nla_put_failure; 896 897 nla_nest_end(msg, nl_combi); 898 } 899 900 nla_nest_end(msg, nl_combis); 901 902 return 0; 903 nla_put_failure: 904 return -ENOBUFS; 905 } 906 907 static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags, 908 struct cfg80211_registered_device *dev) 909 { 910 void *hdr; 911 struct nlattr *nl_bands, *nl_band; 912 struct nlattr *nl_freqs, *nl_freq; 913 struct nlattr *nl_rates, *nl_rate; 914 struct nlattr *nl_cmds; 915 enum ieee80211_band band; 916 struct ieee80211_channel *chan; 917 struct ieee80211_rate *rate; 918 int i; 919 const struct ieee80211_txrx_stypes *mgmt_stypes = 920 dev->wiphy.mgmt_stypes; 921 922 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY); 923 if (!hdr) 924 return -1; 925 926 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 927 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) || 928 nla_put_u32(msg, NL80211_ATTR_GENERATION, 929 cfg80211_rdev_list_generation) || 930 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 931 dev->wiphy.retry_short) || 932 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 933 dev->wiphy.retry_long) || 934 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 935 dev->wiphy.frag_threshold) || 936 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 937 dev->wiphy.rts_threshold) || 938 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 939 dev->wiphy.coverage_class) || 940 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 941 dev->wiphy.max_scan_ssids) || 942 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 943 dev->wiphy.max_sched_scan_ssids) || 944 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 945 dev->wiphy.max_scan_ie_len) || 946 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 947 dev->wiphy.max_sched_scan_ie_len) || 948 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 949 dev->wiphy.max_match_sets)) 950 goto nla_put_failure; 951 952 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 953 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 954 goto nla_put_failure; 955 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 956 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 957 goto nla_put_failure; 958 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 959 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 960 goto nla_put_failure; 961 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 962 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 963 goto nla_put_failure; 964 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 965 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 966 goto nla_put_failure; 967 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 968 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 969 goto nla_put_failure; 970 971 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 972 sizeof(u32) * dev->wiphy.n_cipher_suites, 973 dev->wiphy.cipher_suites)) 974 goto nla_put_failure; 975 976 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 977 dev->wiphy.max_num_pmkids)) 978 goto nla_put_failure; 979 980 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 981 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 982 goto nla_put_failure; 983 984 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 985 dev->wiphy.available_antennas_tx) || 986 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 987 dev->wiphy.available_antennas_rx)) 988 goto nla_put_failure; 989 990 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 991 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 992 dev->wiphy.probe_resp_offload)) 993 goto nla_put_failure; 994 995 if ((dev->wiphy.available_antennas_tx || 996 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 997 u32 tx_ant = 0, rx_ant = 0; 998 int res; 999 res = rdev_get_antenna(dev, &tx_ant, &rx_ant); 1000 if (!res) { 1001 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, 1002 tx_ant) || 1003 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, 1004 rx_ant)) 1005 goto nla_put_failure; 1006 } 1007 } 1008 1009 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 1010 dev->wiphy.interface_modes)) 1011 goto nla_put_failure; 1012 1013 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 1014 if (!nl_bands) 1015 goto nla_put_failure; 1016 1017 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 1018 if (!dev->wiphy.bands[band]) 1019 continue; 1020 1021 nl_band = nla_nest_start(msg, band); 1022 if (!nl_band) 1023 goto nla_put_failure; 1024 1025 /* add HT info */ 1026 if (dev->wiphy.bands[band]->ht_cap.ht_supported && 1027 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1028 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 1029 &dev->wiphy.bands[band]->ht_cap.mcs) || 1030 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1031 dev->wiphy.bands[band]->ht_cap.cap) || 1032 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1033 dev->wiphy.bands[band]->ht_cap.ampdu_factor) || 1034 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1035 dev->wiphy.bands[band]->ht_cap.ampdu_density))) 1036 goto nla_put_failure; 1037 1038 /* add VHT info */ 1039 if (dev->wiphy.bands[band]->vht_cap.vht_supported && 1040 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1041 sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs), 1042 &dev->wiphy.bands[band]->vht_cap.vht_mcs) || 1043 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1044 dev->wiphy.bands[band]->vht_cap.cap))) 1045 goto nla_put_failure; 1046 1047 /* add frequencies */ 1048 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 1049 if (!nl_freqs) 1050 goto nla_put_failure; 1051 1052 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 1053 nl_freq = nla_nest_start(msg, i); 1054 if (!nl_freq) 1055 goto nla_put_failure; 1056 1057 chan = &dev->wiphy.bands[band]->channels[i]; 1058 1059 if (nl80211_msg_put_channel(msg, chan)) 1060 goto nla_put_failure; 1061 1062 nla_nest_end(msg, nl_freq); 1063 } 1064 1065 nla_nest_end(msg, nl_freqs); 1066 1067 /* add bitrates */ 1068 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 1069 if (!nl_rates) 1070 goto nla_put_failure; 1071 1072 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 1073 nl_rate = nla_nest_start(msg, i); 1074 if (!nl_rate) 1075 goto nla_put_failure; 1076 1077 rate = &dev->wiphy.bands[band]->bitrates[i]; 1078 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1079 rate->bitrate)) 1080 goto nla_put_failure; 1081 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1082 nla_put_flag(msg, 1083 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 1084 goto nla_put_failure; 1085 1086 nla_nest_end(msg, nl_rate); 1087 } 1088 1089 nla_nest_end(msg, nl_rates); 1090 1091 nla_nest_end(msg, nl_band); 1092 } 1093 nla_nest_end(msg, nl_bands); 1094 1095 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 1096 if (!nl_cmds) 1097 goto nla_put_failure; 1098 1099 i = 0; 1100 #define CMD(op, n) \ 1101 do { \ 1102 if (dev->ops->op) { \ 1103 i++; \ 1104 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 1105 goto nla_put_failure; \ 1106 } \ 1107 } while (0) 1108 1109 CMD(add_virtual_intf, NEW_INTERFACE); 1110 CMD(change_virtual_intf, SET_INTERFACE); 1111 CMD(add_key, NEW_KEY); 1112 CMD(start_ap, START_AP); 1113 CMD(add_station, NEW_STATION); 1114 CMD(add_mpath, NEW_MPATH); 1115 CMD(update_mesh_config, SET_MESH_CONFIG); 1116 CMD(change_bss, SET_BSS); 1117 CMD(auth, AUTHENTICATE); 1118 CMD(assoc, ASSOCIATE); 1119 CMD(deauth, DEAUTHENTICATE); 1120 CMD(disassoc, DISASSOCIATE); 1121 CMD(join_ibss, JOIN_IBSS); 1122 CMD(join_mesh, JOIN_MESH); 1123 CMD(set_pmksa, SET_PMKSA); 1124 CMD(del_pmksa, DEL_PMKSA); 1125 CMD(flush_pmksa, FLUSH_PMKSA); 1126 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 1127 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 1128 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 1129 CMD(mgmt_tx, FRAME); 1130 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 1131 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 1132 i++; 1133 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 1134 goto nla_put_failure; 1135 } 1136 if (dev->ops->set_monitor_channel || dev->ops->start_ap || 1137 dev->ops->join_mesh) { 1138 i++; 1139 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 1140 goto nla_put_failure; 1141 } 1142 CMD(set_wds_peer, SET_WDS_PEER); 1143 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 1144 CMD(tdls_mgmt, TDLS_MGMT); 1145 CMD(tdls_oper, TDLS_OPER); 1146 } 1147 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 1148 CMD(sched_scan_start, START_SCHED_SCAN); 1149 CMD(probe_client, PROBE_CLIENT); 1150 CMD(set_noack_map, SET_NOACK_MAP); 1151 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 1152 i++; 1153 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 1154 goto nla_put_failure; 1155 } 1156 CMD(start_p2p_device, START_P2P_DEVICE); 1157 CMD(set_mcast_rate, SET_MCAST_RATE); 1158 1159 #ifdef CONFIG_NL80211_TESTMODE 1160 CMD(testmode_cmd, TESTMODE); 1161 #endif 1162 1163 #undef CMD 1164 1165 if (dev->ops->connect || dev->ops->auth) { 1166 i++; 1167 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 1168 goto nla_put_failure; 1169 } 1170 1171 if (dev->ops->disconnect || dev->ops->deauth) { 1172 i++; 1173 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 1174 goto nla_put_failure; 1175 } 1176 1177 nla_nest_end(msg, nl_cmds); 1178 1179 if (dev->ops->remain_on_channel && 1180 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 1181 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 1182 dev->wiphy.max_remain_on_channel_duration)) 1183 goto nla_put_failure; 1184 1185 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 1186 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 1187 goto nla_put_failure; 1188 1189 if (mgmt_stypes) { 1190 u16 stypes; 1191 struct nlattr *nl_ftypes, *nl_ifs; 1192 enum nl80211_iftype ift; 1193 1194 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 1195 if (!nl_ifs) 1196 goto nla_put_failure; 1197 1198 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1199 nl_ftypes = nla_nest_start(msg, ift); 1200 if (!nl_ftypes) 1201 goto nla_put_failure; 1202 i = 0; 1203 stypes = mgmt_stypes[ift].tx; 1204 while (stypes) { 1205 if ((stypes & 1) && 1206 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1207 (i << 4) | IEEE80211_FTYPE_MGMT)) 1208 goto nla_put_failure; 1209 stypes >>= 1; 1210 i++; 1211 } 1212 nla_nest_end(msg, nl_ftypes); 1213 } 1214 1215 nla_nest_end(msg, nl_ifs); 1216 1217 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 1218 if (!nl_ifs) 1219 goto nla_put_failure; 1220 1221 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1222 nl_ftypes = nla_nest_start(msg, ift); 1223 if (!nl_ftypes) 1224 goto nla_put_failure; 1225 i = 0; 1226 stypes = mgmt_stypes[ift].rx; 1227 while (stypes) { 1228 if ((stypes & 1) && 1229 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1230 (i << 4) | IEEE80211_FTYPE_MGMT)) 1231 goto nla_put_failure; 1232 stypes >>= 1; 1233 i++; 1234 } 1235 nla_nest_end(msg, nl_ftypes); 1236 } 1237 nla_nest_end(msg, nl_ifs); 1238 } 1239 1240 #ifdef CONFIG_PM 1241 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 1242 struct nlattr *nl_wowlan; 1243 1244 nl_wowlan = nla_nest_start(msg, 1245 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1246 if (!nl_wowlan) 1247 goto nla_put_failure; 1248 1249 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) && 1250 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1251 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) && 1252 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1253 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) && 1254 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1255 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1256 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1257 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1258 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1259 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1260 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1261 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1262 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1263 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1264 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1265 goto nla_put_failure; 1266 if (dev->wiphy.wowlan.n_patterns) { 1267 struct nl80211_wowlan_pattern_support pat = { 1268 .max_patterns = dev->wiphy.wowlan.n_patterns, 1269 .min_pattern_len = 1270 dev->wiphy.wowlan.pattern_min_len, 1271 .max_pattern_len = 1272 dev->wiphy.wowlan.pattern_max_len, 1273 .max_pkt_offset = 1274 dev->wiphy.wowlan.max_pkt_offset, 1275 }; 1276 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1277 sizeof(pat), &pat)) 1278 goto nla_put_failure; 1279 } 1280 1281 nla_nest_end(msg, nl_wowlan); 1282 } 1283 #endif 1284 1285 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1286 dev->wiphy.software_iftypes)) 1287 goto nla_put_failure; 1288 1289 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1290 goto nla_put_failure; 1291 1292 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1293 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1294 dev->wiphy.ap_sme_capa)) 1295 goto nla_put_failure; 1296 1297 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, 1298 dev->wiphy.features)) 1299 goto nla_put_failure; 1300 1301 if (dev->wiphy.ht_capa_mod_mask && 1302 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1303 sizeof(*dev->wiphy.ht_capa_mod_mask), 1304 dev->wiphy.ht_capa_mod_mask)) 1305 goto nla_put_failure; 1306 1307 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 1308 dev->wiphy.max_acl_mac_addrs && 1309 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 1310 dev->wiphy.max_acl_mac_addrs)) 1311 goto nla_put_failure; 1312 1313 if (dev->wiphy.extended_capabilities && 1314 (nla_put(msg, NL80211_ATTR_EXT_CAPA, 1315 dev->wiphy.extended_capabilities_len, 1316 dev->wiphy.extended_capabilities) || 1317 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 1318 dev->wiphy.extended_capabilities_len, 1319 dev->wiphy.extended_capabilities_mask))) 1320 goto nla_put_failure; 1321 1322 return genlmsg_end(msg, hdr); 1323 1324 nla_put_failure: 1325 genlmsg_cancel(msg, hdr); 1326 return -EMSGSIZE; 1327 } 1328 1329 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1330 { 1331 int idx = 0; 1332 int start = cb->args[0]; 1333 struct cfg80211_registered_device *dev; 1334 1335 mutex_lock(&cfg80211_mutex); 1336 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1337 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1338 continue; 1339 if (++idx <= start) 1340 continue; 1341 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid, 1342 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1343 dev) < 0) { 1344 idx--; 1345 break; 1346 } 1347 } 1348 mutex_unlock(&cfg80211_mutex); 1349 1350 cb->args[0] = idx; 1351 1352 return skb->len; 1353 } 1354 1355 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1356 { 1357 struct sk_buff *msg; 1358 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1359 1360 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1361 if (!msg) 1362 return -ENOMEM; 1363 1364 if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) { 1365 nlmsg_free(msg); 1366 return -ENOBUFS; 1367 } 1368 1369 return genlmsg_reply(msg, info); 1370 } 1371 1372 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1373 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1374 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1375 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1376 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1377 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1378 }; 1379 1380 static int parse_txq_params(struct nlattr *tb[], 1381 struct ieee80211_txq_params *txq_params) 1382 { 1383 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1384 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1385 !tb[NL80211_TXQ_ATTR_AIFS]) 1386 return -EINVAL; 1387 1388 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1389 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1390 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1391 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1392 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1393 1394 if (txq_params->ac >= NL80211_NUM_ACS) 1395 return -EINVAL; 1396 1397 return 0; 1398 } 1399 1400 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1401 { 1402 /* 1403 * You can only set the channel explicitly for WDS interfaces, 1404 * all others have their channel managed via their respective 1405 * "establish a connection" command (connect, join, ...) 1406 * 1407 * For AP/GO and mesh mode, the channel can be set with the 1408 * channel userspace API, but is only stored and passed to the 1409 * low-level driver when the AP starts or the mesh is joined. 1410 * This is for backward compatibility, userspace can also give 1411 * the channel in the start-ap or join-mesh commands instead. 1412 * 1413 * Monitors are special as they are normally slaved to 1414 * whatever else is going on, so they have their own special 1415 * operation to set the monitor channel if possible. 1416 */ 1417 return !wdev || 1418 wdev->iftype == NL80211_IFTYPE_AP || 1419 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1420 wdev->iftype == NL80211_IFTYPE_MONITOR || 1421 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1422 } 1423 1424 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 1425 struct genl_info *info, 1426 struct cfg80211_chan_def *chandef) 1427 { 1428 u32 control_freq; 1429 1430 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1431 return -EINVAL; 1432 1433 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1434 1435 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq); 1436 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 1437 chandef->center_freq1 = control_freq; 1438 chandef->center_freq2 = 0; 1439 1440 /* Primary channel not allowed */ 1441 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) 1442 return -EINVAL; 1443 1444 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1445 enum nl80211_channel_type chantype; 1446 1447 chantype = nla_get_u32( 1448 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1449 1450 switch (chantype) { 1451 case NL80211_CHAN_NO_HT: 1452 case NL80211_CHAN_HT20: 1453 case NL80211_CHAN_HT40PLUS: 1454 case NL80211_CHAN_HT40MINUS: 1455 cfg80211_chandef_create(chandef, chandef->chan, 1456 chantype); 1457 break; 1458 default: 1459 return -EINVAL; 1460 } 1461 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 1462 chandef->width = 1463 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]); 1464 if (info->attrs[NL80211_ATTR_CENTER_FREQ1]) 1465 chandef->center_freq1 = 1466 nla_get_u32( 1467 info->attrs[NL80211_ATTR_CENTER_FREQ1]); 1468 if (info->attrs[NL80211_ATTR_CENTER_FREQ2]) 1469 chandef->center_freq2 = 1470 nla_get_u32( 1471 info->attrs[NL80211_ATTR_CENTER_FREQ2]); 1472 } 1473 1474 if (!cfg80211_chandef_valid(chandef)) 1475 return -EINVAL; 1476 1477 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef, 1478 IEEE80211_CHAN_DISABLED)) 1479 return -EINVAL; 1480 1481 return 0; 1482 } 1483 1484 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1485 struct wireless_dev *wdev, 1486 struct genl_info *info) 1487 { 1488 struct cfg80211_chan_def chandef; 1489 int result; 1490 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 1491 1492 if (wdev) 1493 iftype = wdev->iftype; 1494 1495 if (!nl80211_can_set_dev_channel(wdev)) 1496 return -EOPNOTSUPP; 1497 1498 result = nl80211_parse_chandef(rdev, info, &chandef); 1499 if (result) 1500 return result; 1501 1502 mutex_lock(&rdev->devlist_mtx); 1503 switch (iftype) { 1504 case NL80211_IFTYPE_AP: 1505 case NL80211_IFTYPE_P2P_GO: 1506 if (wdev->beacon_interval) { 1507 result = -EBUSY; 1508 break; 1509 } 1510 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) { 1511 result = -EINVAL; 1512 break; 1513 } 1514 wdev->preset_chandef = chandef; 1515 result = 0; 1516 break; 1517 case NL80211_IFTYPE_MESH_POINT: 1518 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef); 1519 break; 1520 case NL80211_IFTYPE_MONITOR: 1521 result = cfg80211_set_monitor_channel(rdev, &chandef); 1522 break; 1523 default: 1524 result = -EINVAL; 1525 } 1526 mutex_unlock(&rdev->devlist_mtx); 1527 1528 return result; 1529 } 1530 1531 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1532 { 1533 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1534 struct net_device *netdev = info->user_ptr[1]; 1535 1536 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1537 } 1538 1539 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1540 { 1541 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1542 struct net_device *dev = info->user_ptr[1]; 1543 struct wireless_dev *wdev = dev->ieee80211_ptr; 1544 const u8 *bssid; 1545 1546 if (!info->attrs[NL80211_ATTR_MAC]) 1547 return -EINVAL; 1548 1549 if (netif_running(dev)) 1550 return -EBUSY; 1551 1552 if (!rdev->ops->set_wds_peer) 1553 return -EOPNOTSUPP; 1554 1555 if (wdev->iftype != NL80211_IFTYPE_WDS) 1556 return -EOPNOTSUPP; 1557 1558 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1559 return rdev_set_wds_peer(rdev, dev, bssid); 1560 } 1561 1562 1563 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1564 { 1565 struct cfg80211_registered_device *rdev; 1566 struct net_device *netdev = NULL; 1567 struct wireless_dev *wdev; 1568 int result = 0, rem_txq_params = 0; 1569 struct nlattr *nl_txq_params; 1570 u32 changed; 1571 u8 retry_short = 0, retry_long = 0; 1572 u32 frag_threshold = 0, rts_threshold = 0; 1573 u8 coverage_class = 0; 1574 1575 /* 1576 * Try to find the wiphy and netdev. Normally this 1577 * function shouldn't need the netdev, but this is 1578 * done for backward compatibility -- previously 1579 * setting the channel was done per wiphy, but now 1580 * it is per netdev. Previous userland like hostapd 1581 * also passed a netdev to set_wiphy, so that it is 1582 * possible to let that go to the right netdev! 1583 */ 1584 mutex_lock(&cfg80211_mutex); 1585 1586 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1587 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1588 1589 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1590 if (netdev && netdev->ieee80211_ptr) { 1591 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1592 mutex_lock(&rdev->mtx); 1593 } else 1594 netdev = NULL; 1595 } 1596 1597 if (!netdev) { 1598 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 1599 info->attrs); 1600 if (IS_ERR(rdev)) { 1601 mutex_unlock(&cfg80211_mutex); 1602 return PTR_ERR(rdev); 1603 } 1604 wdev = NULL; 1605 netdev = NULL; 1606 result = 0; 1607 1608 mutex_lock(&rdev->mtx); 1609 } else 1610 wdev = netdev->ieee80211_ptr; 1611 1612 /* 1613 * end workaround code, by now the rdev is available 1614 * and locked, and wdev may or may not be NULL. 1615 */ 1616 1617 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1618 result = cfg80211_dev_rename( 1619 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1620 1621 mutex_unlock(&cfg80211_mutex); 1622 1623 if (result) 1624 goto bad_res; 1625 1626 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1627 struct ieee80211_txq_params txq_params; 1628 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1629 1630 if (!rdev->ops->set_txq_params) { 1631 result = -EOPNOTSUPP; 1632 goto bad_res; 1633 } 1634 1635 if (!netdev) { 1636 result = -EINVAL; 1637 goto bad_res; 1638 } 1639 1640 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1641 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1642 result = -EINVAL; 1643 goto bad_res; 1644 } 1645 1646 if (!netif_running(netdev)) { 1647 result = -ENETDOWN; 1648 goto bad_res; 1649 } 1650 1651 nla_for_each_nested(nl_txq_params, 1652 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1653 rem_txq_params) { 1654 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1655 nla_data(nl_txq_params), 1656 nla_len(nl_txq_params), 1657 txq_params_policy); 1658 result = parse_txq_params(tb, &txq_params); 1659 if (result) 1660 goto bad_res; 1661 1662 result = rdev_set_txq_params(rdev, netdev, 1663 &txq_params); 1664 if (result) 1665 goto bad_res; 1666 } 1667 } 1668 1669 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1670 result = __nl80211_set_channel(rdev, 1671 nl80211_can_set_dev_channel(wdev) ? wdev : NULL, 1672 info); 1673 if (result) 1674 goto bad_res; 1675 } 1676 1677 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1678 struct wireless_dev *txp_wdev = wdev; 1679 enum nl80211_tx_power_setting type; 1680 int idx, mbm = 0; 1681 1682 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 1683 txp_wdev = NULL; 1684 1685 if (!rdev->ops->set_tx_power) { 1686 result = -EOPNOTSUPP; 1687 goto bad_res; 1688 } 1689 1690 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1691 type = nla_get_u32(info->attrs[idx]); 1692 1693 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1694 (type != NL80211_TX_POWER_AUTOMATIC)) { 1695 result = -EINVAL; 1696 goto bad_res; 1697 } 1698 1699 if (type != NL80211_TX_POWER_AUTOMATIC) { 1700 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1701 mbm = nla_get_u32(info->attrs[idx]); 1702 } 1703 1704 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 1705 if (result) 1706 goto bad_res; 1707 } 1708 1709 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1710 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1711 u32 tx_ant, rx_ant; 1712 if ((!rdev->wiphy.available_antennas_tx && 1713 !rdev->wiphy.available_antennas_rx) || 1714 !rdev->ops->set_antenna) { 1715 result = -EOPNOTSUPP; 1716 goto bad_res; 1717 } 1718 1719 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1720 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1721 1722 /* reject antenna configurations which don't match the 1723 * available antenna masks, except for the "all" mask */ 1724 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1725 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1726 result = -EINVAL; 1727 goto bad_res; 1728 } 1729 1730 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1731 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1732 1733 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 1734 if (result) 1735 goto bad_res; 1736 } 1737 1738 changed = 0; 1739 1740 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1741 retry_short = nla_get_u8( 1742 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1743 if (retry_short == 0) { 1744 result = -EINVAL; 1745 goto bad_res; 1746 } 1747 changed |= WIPHY_PARAM_RETRY_SHORT; 1748 } 1749 1750 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1751 retry_long = nla_get_u8( 1752 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1753 if (retry_long == 0) { 1754 result = -EINVAL; 1755 goto bad_res; 1756 } 1757 changed |= WIPHY_PARAM_RETRY_LONG; 1758 } 1759 1760 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1761 frag_threshold = nla_get_u32( 1762 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1763 if (frag_threshold < 256) { 1764 result = -EINVAL; 1765 goto bad_res; 1766 } 1767 if (frag_threshold != (u32) -1) { 1768 /* 1769 * Fragments (apart from the last one) are required to 1770 * have even length. Make the fragmentation code 1771 * simpler by stripping LSB should someone try to use 1772 * odd threshold value. 1773 */ 1774 frag_threshold &= ~0x1; 1775 } 1776 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1777 } 1778 1779 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1780 rts_threshold = nla_get_u32( 1781 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1782 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1783 } 1784 1785 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1786 coverage_class = nla_get_u8( 1787 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1788 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1789 } 1790 1791 if (changed) { 1792 u8 old_retry_short, old_retry_long; 1793 u32 old_frag_threshold, old_rts_threshold; 1794 u8 old_coverage_class; 1795 1796 if (!rdev->ops->set_wiphy_params) { 1797 result = -EOPNOTSUPP; 1798 goto bad_res; 1799 } 1800 1801 old_retry_short = rdev->wiphy.retry_short; 1802 old_retry_long = rdev->wiphy.retry_long; 1803 old_frag_threshold = rdev->wiphy.frag_threshold; 1804 old_rts_threshold = rdev->wiphy.rts_threshold; 1805 old_coverage_class = rdev->wiphy.coverage_class; 1806 1807 if (changed & WIPHY_PARAM_RETRY_SHORT) 1808 rdev->wiphy.retry_short = retry_short; 1809 if (changed & WIPHY_PARAM_RETRY_LONG) 1810 rdev->wiphy.retry_long = retry_long; 1811 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1812 rdev->wiphy.frag_threshold = frag_threshold; 1813 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1814 rdev->wiphy.rts_threshold = rts_threshold; 1815 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1816 rdev->wiphy.coverage_class = coverage_class; 1817 1818 result = rdev_set_wiphy_params(rdev, changed); 1819 if (result) { 1820 rdev->wiphy.retry_short = old_retry_short; 1821 rdev->wiphy.retry_long = old_retry_long; 1822 rdev->wiphy.frag_threshold = old_frag_threshold; 1823 rdev->wiphy.rts_threshold = old_rts_threshold; 1824 rdev->wiphy.coverage_class = old_coverage_class; 1825 } 1826 } 1827 1828 bad_res: 1829 mutex_unlock(&rdev->mtx); 1830 if (netdev) 1831 dev_put(netdev); 1832 return result; 1833 } 1834 1835 static inline u64 wdev_id(struct wireless_dev *wdev) 1836 { 1837 return (u64)wdev->identifier | 1838 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32); 1839 } 1840 1841 static int nl80211_send_chandef(struct sk_buff *msg, 1842 struct cfg80211_chan_def *chandef) 1843 { 1844 WARN_ON(!cfg80211_chandef_valid(chandef)); 1845 1846 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1847 chandef->chan->center_freq)) 1848 return -ENOBUFS; 1849 switch (chandef->width) { 1850 case NL80211_CHAN_WIDTH_20_NOHT: 1851 case NL80211_CHAN_WIDTH_20: 1852 case NL80211_CHAN_WIDTH_40: 1853 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1854 cfg80211_get_chandef_type(chandef))) 1855 return -ENOBUFS; 1856 break; 1857 default: 1858 break; 1859 } 1860 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 1861 return -ENOBUFS; 1862 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 1863 return -ENOBUFS; 1864 if (chandef->center_freq2 && 1865 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 1866 return -ENOBUFS; 1867 return 0; 1868 } 1869 1870 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 1871 struct cfg80211_registered_device *rdev, 1872 struct wireless_dev *wdev) 1873 { 1874 struct net_device *dev = wdev->netdev; 1875 void *hdr; 1876 1877 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1878 if (!hdr) 1879 return -1; 1880 1881 if (dev && 1882 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1883 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 1884 goto nla_put_failure; 1885 1886 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1887 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 1888 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 1889 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 1890 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1891 rdev->devlist_generation ^ 1892 (cfg80211_rdev_list_generation << 2))) 1893 goto nla_put_failure; 1894 1895 if (rdev->ops->get_channel) { 1896 int ret; 1897 struct cfg80211_chan_def chandef; 1898 1899 ret = rdev_get_channel(rdev, wdev, &chandef); 1900 if (ret == 0) { 1901 if (nl80211_send_chandef(msg, &chandef)) 1902 goto nla_put_failure; 1903 } 1904 } 1905 1906 if (wdev->ssid_len) { 1907 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid)) 1908 goto nla_put_failure; 1909 } 1910 1911 return genlmsg_end(msg, hdr); 1912 1913 nla_put_failure: 1914 genlmsg_cancel(msg, hdr); 1915 return -EMSGSIZE; 1916 } 1917 1918 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1919 { 1920 int wp_idx = 0; 1921 int if_idx = 0; 1922 int wp_start = cb->args[0]; 1923 int if_start = cb->args[1]; 1924 struct cfg80211_registered_device *rdev; 1925 struct wireless_dev *wdev; 1926 1927 mutex_lock(&cfg80211_mutex); 1928 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1929 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1930 continue; 1931 if (wp_idx < wp_start) { 1932 wp_idx++; 1933 continue; 1934 } 1935 if_idx = 0; 1936 1937 mutex_lock(&rdev->devlist_mtx); 1938 list_for_each_entry(wdev, &rdev->wdev_list, list) { 1939 if (if_idx < if_start) { 1940 if_idx++; 1941 continue; 1942 } 1943 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 1944 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1945 rdev, wdev) < 0) { 1946 mutex_unlock(&rdev->devlist_mtx); 1947 goto out; 1948 } 1949 if_idx++; 1950 } 1951 mutex_unlock(&rdev->devlist_mtx); 1952 1953 wp_idx++; 1954 } 1955 out: 1956 mutex_unlock(&cfg80211_mutex); 1957 1958 cb->args[0] = wp_idx; 1959 cb->args[1] = if_idx; 1960 1961 return skb->len; 1962 } 1963 1964 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1965 { 1966 struct sk_buff *msg; 1967 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1968 struct wireless_dev *wdev = info->user_ptr[1]; 1969 1970 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1971 if (!msg) 1972 return -ENOMEM; 1973 1974 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 1975 dev, wdev) < 0) { 1976 nlmsg_free(msg); 1977 return -ENOBUFS; 1978 } 1979 1980 return genlmsg_reply(msg, info); 1981 } 1982 1983 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1984 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1985 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1986 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1987 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1988 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1989 }; 1990 1991 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1992 { 1993 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1994 int flag; 1995 1996 *mntrflags = 0; 1997 1998 if (!nla) 1999 return -EINVAL; 2000 2001 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 2002 nla, mntr_flags_policy)) 2003 return -EINVAL; 2004 2005 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 2006 if (flags[flag]) 2007 *mntrflags |= (1<<flag); 2008 2009 return 0; 2010 } 2011 2012 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 2013 struct net_device *netdev, u8 use_4addr, 2014 enum nl80211_iftype iftype) 2015 { 2016 if (!use_4addr) { 2017 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 2018 return -EBUSY; 2019 return 0; 2020 } 2021 2022 switch (iftype) { 2023 case NL80211_IFTYPE_AP_VLAN: 2024 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 2025 return 0; 2026 break; 2027 case NL80211_IFTYPE_STATION: 2028 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 2029 return 0; 2030 break; 2031 default: 2032 break; 2033 } 2034 2035 return -EOPNOTSUPP; 2036 } 2037 2038 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 2039 { 2040 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2041 struct vif_params params; 2042 int err; 2043 enum nl80211_iftype otype, ntype; 2044 struct net_device *dev = info->user_ptr[1]; 2045 u32 _flags, *flags = NULL; 2046 bool change = false; 2047 2048 memset(¶ms, 0, sizeof(params)); 2049 2050 otype = ntype = dev->ieee80211_ptr->iftype; 2051 2052 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2053 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2054 if (otype != ntype) 2055 change = true; 2056 if (ntype > NL80211_IFTYPE_MAX) 2057 return -EINVAL; 2058 } 2059 2060 if (info->attrs[NL80211_ATTR_MESH_ID]) { 2061 struct wireless_dev *wdev = dev->ieee80211_ptr; 2062 2063 if (ntype != NL80211_IFTYPE_MESH_POINT) 2064 return -EINVAL; 2065 if (netif_running(dev)) 2066 return -EBUSY; 2067 2068 wdev_lock(wdev); 2069 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2070 IEEE80211_MAX_MESH_ID_LEN); 2071 wdev->mesh_id_up_len = 2072 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2073 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2074 wdev->mesh_id_up_len); 2075 wdev_unlock(wdev); 2076 } 2077 2078 if (info->attrs[NL80211_ATTR_4ADDR]) { 2079 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2080 change = true; 2081 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 2082 if (err) 2083 return err; 2084 } else { 2085 params.use_4addr = -1; 2086 } 2087 2088 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 2089 if (ntype != NL80211_IFTYPE_MONITOR) 2090 return -EINVAL; 2091 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 2092 &_flags); 2093 if (err) 2094 return err; 2095 2096 flags = &_flags; 2097 change = true; 2098 } 2099 2100 if (change) 2101 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 2102 else 2103 err = 0; 2104 2105 if (!err && params.use_4addr != -1) 2106 dev->ieee80211_ptr->use_4addr = params.use_4addr; 2107 2108 return err; 2109 } 2110 2111 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 2112 { 2113 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2114 struct vif_params params; 2115 struct wireless_dev *wdev; 2116 struct sk_buff *msg; 2117 int err; 2118 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 2119 u32 flags; 2120 2121 memset(¶ms, 0, sizeof(params)); 2122 2123 if (!info->attrs[NL80211_ATTR_IFNAME]) 2124 return -EINVAL; 2125 2126 if (info->attrs[NL80211_ATTR_IFTYPE]) { 2127 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 2128 if (type > NL80211_IFTYPE_MAX) 2129 return -EINVAL; 2130 } 2131 2132 if (!rdev->ops->add_virtual_intf || 2133 !(rdev->wiphy.interface_modes & (1 << type))) 2134 return -EOPNOTSUPP; 2135 2136 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) { 2137 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 2138 ETH_ALEN); 2139 if (!is_valid_ether_addr(params.macaddr)) 2140 return -EADDRNOTAVAIL; 2141 } 2142 2143 if (info->attrs[NL80211_ATTR_4ADDR]) { 2144 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 2145 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 2146 if (err) 2147 return err; 2148 } 2149 2150 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2151 if (!msg) 2152 return -ENOMEM; 2153 2154 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 2155 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 2156 &flags); 2157 wdev = rdev_add_virtual_intf(rdev, 2158 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 2159 type, err ? NULL : &flags, ¶ms); 2160 if (IS_ERR(wdev)) { 2161 nlmsg_free(msg); 2162 return PTR_ERR(wdev); 2163 } 2164 2165 switch (type) { 2166 case NL80211_IFTYPE_MESH_POINT: 2167 if (!info->attrs[NL80211_ATTR_MESH_ID]) 2168 break; 2169 wdev_lock(wdev); 2170 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 2171 IEEE80211_MAX_MESH_ID_LEN); 2172 wdev->mesh_id_up_len = 2173 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 2174 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 2175 wdev->mesh_id_up_len); 2176 wdev_unlock(wdev); 2177 break; 2178 case NL80211_IFTYPE_P2P_DEVICE: 2179 /* 2180 * P2P Device doesn't have a netdev, so doesn't go 2181 * through the netdev notifier and must be added here 2182 */ 2183 mutex_init(&wdev->mtx); 2184 INIT_LIST_HEAD(&wdev->event_list); 2185 spin_lock_init(&wdev->event_lock); 2186 INIT_LIST_HEAD(&wdev->mgmt_registrations); 2187 spin_lock_init(&wdev->mgmt_registrations_lock); 2188 2189 mutex_lock(&rdev->devlist_mtx); 2190 wdev->identifier = ++rdev->wdev_id; 2191 list_add_rcu(&wdev->list, &rdev->wdev_list); 2192 rdev->devlist_generation++; 2193 mutex_unlock(&rdev->devlist_mtx); 2194 break; 2195 default: 2196 break; 2197 } 2198 2199 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 2200 rdev, wdev) < 0) { 2201 nlmsg_free(msg); 2202 return -ENOBUFS; 2203 } 2204 2205 return genlmsg_reply(msg, info); 2206 } 2207 2208 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 2209 { 2210 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2211 struct wireless_dev *wdev = info->user_ptr[1]; 2212 2213 if (!rdev->ops->del_virtual_intf) 2214 return -EOPNOTSUPP; 2215 2216 /* 2217 * If we remove a wireless device without a netdev then clear 2218 * user_ptr[1] so that nl80211_post_doit won't dereference it 2219 * to check if it needs to do dev_put(). Otherwise it crashes 2220 * since the wdev has been freed, unlike with a netdev where 2221 * we need the dev_put() for the netdev to really be freed. 2222 */ 2223 if (!wdev->netdev) 2224 info->user_ptr[1] = NULL; 2225 2226 return rdev_del_virtual_intf(rdev, wdev); 2227 } 2228 2229 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 2230 { 2231 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2232 struct net_device *dev = info->user_ptr[1]; 2233 u16 noack_map; 2234 2235 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 2236 return -EINVAL; 2237 2238 if (!rdev->ops->set_noack_map) 2239 return -EOPNOTSUPP; 2240 2241 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 2242 2243 return rdev_set_noack_map(rdev, dev, noack_map); 2244 } 2245 2246 struct get_key_cookie { 2247 struct sk_buff *msg; 2248 int error; 2249 int idx; 2250 }; 2251 2252 static void get_key_callback(void *c, struct key_params *params) 2253 { 2254 struct nlattr *key; 2255 struct get_key_cookie *cookie = c; 2256 2257 if ((params->key && 2258 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 2259 params->key_len, params->key)) || 2260 (params->seq && 2261 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 2262 params->seq_len, params->seq)) || 2263 (params->cipher && 2264 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 2265 params->cipher))) 2266 goto nla_put_failure; 2267 2268 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 2269 if (!key) 2270 goto nla_put_failure; 2271 2272 if ((params->key && 2273 nla_put(cookie->msg, NL80211_KEY_DATA, 2274 params->key_len, params->key)) || 2275 (params->seq && 2276 nla_put(cookie->msg, NL80211_KEY_SEQ, 2277 params->seq_len, params->seq)) || 2278 (params->cipher && 2279 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 2280 params->cipher))) 2281 goto nla_put_failure; 2282 2283 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 2284 goto nla_put_failure; 2285 2286 nla_nest_end(cookie->msg, key); 2287 2288 return; 2289 nla_put_failure: 2290 cookie->error = 1; 2291 } 2292 2293 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 2294 { 2295 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2296 int err; 2297 struct net_device *dev = info->user_ptr[1]; 2298 u8 key_idx = 0; 2299 const u8 *mac_addr = NULL; 2300 bool pairwise; 2301 struct get_key_cookie cookie = { 2302 .error = 0, 2303 }; 2304 void *hdr; 2305 struct sk_buff *msg; 2306 2307 if (info->attrs[NL80211_ATTR_KEY_IDX]) 2308 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 2309 2310 if (key_idx > 5) 2311 return -EINVAL; 2312 2313 if (info->attrs[NL80211_ATTR_MAC]) 2314 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2315 2316 pairwise = !!mac_addr; 2317 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 2318 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 2319 if (kt >= NUM_NL80211_KEYTYPES) 2320 return -EINVAL; 2321 if (kt != NL80211_KEYTYPE_GROUP && 2322 kt != NL80211_KEYTYPE_PAIRWISE) 2323 return -EINVAL; 2324 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 2325 } 2326 2327 if (!rdev->ops->get_key) 2328 return -EOPNOTSUPP; 2329 2330 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2331 if (!msg) 2332 return -ENOMEM; 2333 2334 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 2335 NL80211_CMD_NEW_KEY); 2336 if (IS_ERR(hdr)) 2337 return PTR_ERR(hdr); 2338 2339 cookie.msg = msg; 2340 cookie.idx = key_idx; 2341 2342 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2343 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 2344 goto nla_put_failure; 2345 if (mac_addr && 2346 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 2347 goto nla_put_failure; 2348 2349 if (pairwise && mac_addr && 2350 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2351 return -ENOENT; 2352 2353 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie, 2354 get_key_callback); 2355 2356 if (err) 2357 goto free_msg; 2358 2359 if (cookie.error) 2360 goto nla_put_failure; 2361 2362 genlmsg_end(msg, hdr); 2363 return genlmsg_reply(msg, info); 2364 2365 nla_put_failure: 2366 err = -ENOBUFS; 2367 free_msg: 2368 nlmsg_free(msg); 2369 return err; 2370 } 2371 2372 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 2373 { 2374 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2375 struct key_parse key; 2376 int err; 2377 struct net_device *dev = info->user_ptr[1]; 2378 2379 err = nl80211_parse_key(info, &key); 2380 if (err) 2381 return err; 2382 2383 if (key.idx < 0) 2384 return -EINVAL; 2385 2386 /* only support setting default key */ 2387 if (!key.def && !key.defmgmt) 2388 return -EINVAL; 2389 2390 wdev_lock(dev->ieee80211_ptr); 2391 2392 if (key.def) { 2393 if (!rdev->ops->set_default_key) { 2394 err = -EOPNOTSUPP; 2395 goto out; 2396 } 2397 2398 err = nl80211_key_allowed(dev->ieee80211_ptr); 2399 if (err) 2400 goto out; 2401 2402 err = rdev_set_default_key(rdev, dev, key.idx, 2403 key.def_uni, key.def_multi); 2404 2405 if (err) 2406 goto out; 2407 2408 #ifdef CONFIG_CFG80211_WEXT 2409 dev->ieee80211_ptr->wext.default_key = key.idx; 2410 #endif 2411 } else { 2412 if (key.def_uni || !key.def_multi) { 2413 err = -EINVAL; 2414 goto out; 2415 } 2416 2417 if (!rdev->ops->set_default_mgmt_key) { 2418 err = -EOPNOTSUPP; 2419 goto out; 2420 } 2421 2422 err = nl80211_key_allowed(dev->ieee80211_ptr); 2423 if (err) 2424 goto out; 2425 2426 err = rdev_set_default_mgmt_key(rdev, dev, key.idx); 2427 if (err) 2428 goto out; 2429 2430 #ifdef CONFIG_CFG80211_WEXT 2431 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2432 #endif 2433 } 2434 2435 out: 2436 wdev_unlock(dev->ieee80211_ptr); 2437 2438 return err; 2439 } 2440 2441 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2442 { 2443 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2444 int err; 2445 struct net_device *dev = info->user_ptr[1]; 2446 struct key_parse key; 2447 const u8 *mac_addr = NULL; 2448 2449 err = nl80211_parse_key(info, &key); 2450 if (err) 2451 return err; 2452 2453 if (!key.p.key) 2454 return -EINVAL; 2455 2456 if (info->attrs[NL80211_ATTR_MAC]) 2457 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2458 2459 if (key.type == -1) { 2460 if (mac_addr) 2461 key.type = NL80211_KEYTYPE_PAIRWISE; 2462 else 2463 key.type = NL80211_KEYTYPE_GROUP; 2464 } 2465 2466 /* for now */ 2467 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2468 key.type != NL80211_KEYTYPE_GROUP) 2469 return -EINVAL; 2470 2471 if (!rdev->ops->add_key) 2472 return -EOPNOTSUPP; 2473 2474 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2475 key.type == NL80211_KEYTYPE_PAIRWISE, 2476 mac_addr)) 2477 return -EINVAL; 2478 2479 wdev_lock(dev->ieee80211_ptr); 2480 err = nl80211_key_allowed(dev->ieee80211_ptr); 2481 if (!err) 2482 err = rdev_add_key(rdev, dev, key.idx, 2483 key.type == NL80211_KEYTYPE_PAIRWISE, 2484 mac_addr, &key.p); 2485 wdev_unlock(dev->ieee80211_ptr); 2486 2487 return err; 2488 } 2489 2490 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2491 { 2492 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2493 int err; 2494 struct net_device *dev = info->user_ptr[1]; 2495 u8 *mac_addr = NULL; 2496 struct key_parse key; 2497 2498 err = nl80211_parse_key(info, &key); 2499 if (err) 2500 return err; 2501 2502 if (info->attrs[NL80211_ATTR_MAC]) 2503 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2504 2505 if (key.type == -1) { 2506 if (mac_addr) 2507 key.type = NL80211_KEYTYPE_PAIRWISE; 2508 else 2509 key.type = NL80211_KEYTYPE_GROUP; 2510 } 2511 2512 /* for now */ 2513 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2514 key.type != NL80211_KEYTYPE_GROUP) 2515 return -EINVAL; 2516 2517 if (!rdev->ops->del_key) 2518 return -EOPNOTSUPP; 2519 2520 wdev_lock(dev->ieee80211_ptr); 2521 err = nl80211_key_allowed(dev->ieee80211_ptr); 2522 2523 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2524 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2525 err = -ENOENT; 2526 2527 if (!err) 2528 err = rdev_del_key(rdev, dev, key.idx, 2529 key.type == NL80211_KEYTYPE_PAIRWISE, 2530 mac_addr); 2531 2532 #ifdef CONFIG_CFG80211_WEXT 2533 if (!err) { 2534 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2535 dev->ieee80211_ptr->wext.default_key = -1; 2536 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2537 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2538 } 2539 #endif 2540 wdev_unlock(dev->ieee80211_ptr); 2541 2542 return err; 2543 } 2544 2545 /* This function returns an error or the number of nested attributes */ 2546 static int validate_acl_mac_addrs(struct nlattr *nl_attr) 2547 { 2548 struct nlattr *attr; 2549 int n_entries = 0, tmp; 2550 2551 nla_for_each_nested(attr, nl_attr, tmp) { 2552 if (nla_len(attr) != ETH_ALEN) 2553 return -EINVAL; 2554 2555 n_entries++; 2556 } 2557 2558 return n_entries; 2559 } 2560 2561 /* 2562 * This function parses ACL information and allocates memory for ACL data. 2563 * On successful return, the calling function is responsible to free the 2564 * ACL buffer returned by this function. 2565 */ 2566 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 2567 struct genl_info *info) 2568 { 2569 enum nl80211_acl_policy acl_policy; 2570 struct nlattr *attr; 2571 struct cfg80211_acl_data *acl; 2572 int i = 0, n_entries, tmp; 2573 2574 if (!wiphy->max_acl_mac_addrs) 2575 return ERR_PTR(-EOPNOTSUPP); 2576 2577 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 2578 return ERR_PTR(-EINVAL); 2579 2580 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 2581 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 2582 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 2583 return ERR_PTR(-EINVAL); 2584 2585 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 2586 return ERR_PTR(-EINVAL); 2587 2588 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 2589 if (n_entries < 0) 2590 return ERR_PTR(n_entries); 2591 2592 if (n_entries > wiphy->max_acl_mac_addrs) 2593 return ERR_PTR(-ENOTSUPP); 2594 2595 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries), 2596 GFP_KERNEL); 2597 if (!acl) 2598 return ERR_PTR(-ENOMEM); 2599 2600 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 2601 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 2602 i++; 2603 } 2604 2605 acl->n_acl_entries = n_entries; 2606 acl->acl_policy = acl_policy; 2607 2608 return acl; 2609 } 2610 2611 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 2612 { 2613 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2614 struct net_device *dev = info->user_ptr[1]; 2615 struct cfg80211_acl_data *acl; 2616 int err; 2617 2618 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2619 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2620 return -EOPNOTSUPP; 2621 2622 if (!dev->ieee80211_ptr->beacon_interval) 2623 return -EINVAL; 2624 2625 acl = parse_acl_data(&rdev->wiphy, info); 2626 if (IS_ERR(acl)) 2627 return PTR_ERR(acl); 2628 2629 err = rdev_set_mac_acl(rdev, dev, acl); 2630 2631 kfree(acl); 2632 2633 return err; 2634 } 2635 2636 static int nl80211_parse_beacon(struct genl_info *info, 2637 struct cfg80211_beacon_data *bcn) 2638 { 2639 bool haveinfo = false; 2640 2641 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2642 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2643 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2644 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2645 return -EINVAL; 2646 2647 memset(bcn, 0, sizeof(*bcn)); 2648 2649 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2650 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2651 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2652 if (!bcn->head_len) 2653 return -EINVAL; 2654 haveinfo = true; 2655 } 2656 2657 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2658 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2659 bcn->tail_len = 2660 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2661 haveinfo = true; 2662 } 2663 2664 if (!haveinfo) 2665 return -EINVAL; 2666 2667 if (info->attrs[NL80211_ATTR_IE]) { 2668 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2669 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2670 } 2671 2672 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2673 bcn->proberesp_ies = 2674 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2675 bcn->proberesp_ies_len = 2676 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2677 } 2678 2679 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2680 bcn->assocresp_ies = 2681 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2682 bcn->assocresp_ies_len = 2683 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2684 } 2685 2686 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2687 bcn->probe_resp = 2688 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2689 bcn->probe_resp_len = 2690 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2691 } 2692 2693 return 0; 2694 } 2695 2696 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 2697 struct cfg80211_ap_settings *params) 2698 { 2699 struct wireless_dev *wdev; 2700 bool ret = false; 2701 2702 mutex_lock(&rdev->devlist_mtx); 2703 2704 list_for_each_entry(wdev, &rdev->wdev_list, list) { 2705 if (wdev->iftype != NL80211_IFTYPE_AP && 2706 wdev->iftype != NL80211_IFTYPE_P2P_GO) 2707 continue; 2708 2709 if (!wdev->preset_chandef.chan) 2710 continue; 2711 2712 params->chandef = wdev->preset_chandef; 2713 ret = true; 2714 break; 2715 } 2716 2717 mutex_unlock(&rdev->devlist_mtx); 2718 2719 return ret; 2720 } 2721 2722 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 2723 enum nl80211_auth_type auth_type, 2724 enum nl80211_commands cmd) 2725 { 2726 if (auth_type > NL80211_AUTHTYPE_MAX) 2727 return false; 2728 2729 switch (cmd) { 2730 case NL80211_CMD_AUTHENTICATE: 2731 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 2732 auth_type == NL80211_AUTHTYPE_SAE) 2733 return false; 2734 return true; 2735 case NL80211_CMD_CONNECT: 2736 case NL80211_CMD_START_AP: 2737 /* SAE not supported yet */ 2738 if (auth_type == NL80211_AUTHTYPE_SAE) 2739 return false; 2740 return true; 2741 default: 2742 return false; 2743 } 2744 } 2745 2746 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2747 { 2748 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2749 struct net_device *dev = info->user_ptr[1]; 2750 struct wireless_dev *wdev = dev->ieee80211_ptr; 2751 struct cfg80211_ap_settings params; 2752 int err; 2753 u8 radar_detect_width = 0; 2754 2755 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2756 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2757 return -EOPNOTSUPP; 2758 2759 if (!rdev->ops->start_ap) 2760 return -EOPNOTSUPP; 2761 2762 if (wdev->beacon_interval) 2763 return -EALREADY; 2764 2765 memset(¶ms, 0, sizeof(params)); 2766 2767 /* these are required for START_AP */ 2768 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2769 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2770 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2771 return -EINVAL; 2772 2773 err = nl80211_parse_beacon(info, ¶ms.beacon); 2774 if (err) 2775 return err; 2776 2777 params.beacon_interval = 2778 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2779 params.dtim_period = 2780 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2781 2782 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2783 if (err) 2784 return err; 2785 2786 /* 2787 * In theory, some of these attributes should be required here 2788 * but since they were not used when the command was originally 2789 * added, keep them optional for old user space programs to let 2790 * them continue to work with drivers that do not need the 2791 * additional information -- drivers must check! 2792 */ 2793 if (info->attrs[NL80211_ATTR_SSID]) { 2794 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2795 params.ssid_len = 2796 nla_len(info->attrs[NL80211_ATTR_SSID]); 2797 if (params.ssid_len == 0 || 2798 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2799 return -EINVAL; 2800 } 2801 2802 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2803 params.hidden_ssid = nla_get_u32( 2804 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2805 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2806 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2807 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2808 return -EINVAL; 2809 } 2810 2811 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2812 2813 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2814 params.auth_type = nla_get_u32( 2815 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2816 if (!nl80211_valid_auth_type(rdev, params.auth_type, 2817 NL80211_CMD_START_AP)) 2818 return -EINVAL; 2819 } else 2820 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2821 2822 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2823 NL80211_MAX_NR_CIPHER_SUITES); 2824 if (err) 2825 return err; 2826 2827 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2828 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2829 return -EOPNOTSUPP; 2830 params.inactivity_timeout = nla_get_u16( 2831 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2832 } 2833 2834 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 2835 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2836 return -EINVAL; 2837 params.p2p_ctwindow = 2838 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 2839 if (params.p2p_ctwindow > 127) 2840 return -EINVAL; 2841 if (params.p2p_ctwindow != 0 && 2842 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 2843 return -EINVAL; 2844 } 2845 2846 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 2847 u8 tmp; 2848 2849 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2850 return -EINVAL; 2851 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 2852 if (tmp > 1) 2853 return -EINVAL; 2854 params.p2p_opp_ps = tmp; 2855 if (params.p2p_opp_ps != 0 && 2856 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 2857 return -EINVAL; 2858 } 2859 2860 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 2861 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 2862 if (err) 2863 return err; 2864 } else if (wdev->preset_chandef.chan) { 2865 params.chandef = wdev->preset_chandef; 2866 } else if (!nl80211_get_ap_channel(rdev, ¶ms)) 2867 return -EINVAL; 2868 2869 if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef)) 2870 return -EINVAL; 2871 2872 err = cfg80211_chandef_dfs_required(wdev->wiphy, ¶ms.chandef); 2873 if (err < 0) 2874 return err; 2875 if (err) { 2876 radar_detect_width = BIT(params.chandef.width); 2877 params.radar_required = true; 2878 } 2879 2880 mutex_lock(&rdev->devlist_mtx); 2881 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype, 2882 params.chandef.chan, 2883 CHAN_MODE_SHARED, 2884 radar_detect_width); 2885 mutex_unlock(&rdev->devlist_mtx); 2886 2887 if (err) 2888 return err; 2889 2890 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 2891 params.acl = parse_acl_data(&rdev->wiphy, info); 2892 if (IS_ERR(params.acl)) 2893 return PTR_ERR(params.acl); 2894 } 2895 2896 err = rdev_start_ap(rdev, dev, ¶ms); 2897 if (!err) { 2898 wdev->preset_chandef = params.chandef; 2899 wdev->beacon_interval = params.beacon_interval; 2900 wdev->channel = params.chandef.chan; 2901 wdev->ssid_len = params.ssid_len; 2902 memcpy(wdev->ssid, params.ssid, wdev->ssid_len); 2903 } 2904 2905 kfree(params.acl); 2906 2907 return err; 2908 } 2909 2910 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2911 { 2912 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2913 struct net_device *dev = info->user_ptr[1]; 2914 struct wireless_dev *wdev = dev->ieee80211_ptr; 2915 struct cfg80211_beacon_data params; 2916 int err; 2917 2918 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2919 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2920 return -EOPNOTSUPP; 2921 2922 if (!rdev->ops->change_beacon) 2923 return -EOPNOTSUPP; 2924 2925 if (!wdev->beacon_interval) 2926 return -EINVAL; 2927 2928 err = nl80211_parse_beacon(info, ¶ms); 2929 if (err) 2930 return err; 2931 2932 return rdev_change_beacon(rdev, dev, ¶ms); 2933 } 2934 2935 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2936 { 2937 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2938 struct net_device *dev = info->user_ptr[1]; 2939 2940 return cfg80211_stop_ap(rdev, dev); 2941 } 2942 2943 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2944 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2945 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2946 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2947 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2948 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2949 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2950 }; 2951 2952 static int parse_station_flags(struct genl_info *info, 2953 enum nl80211_iftype iftype, 2954 struct station_parameters *params) 2955 { 2956 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2957 struct nlattr *nla; 2958 int flag; 2959 2960 /* 2961 * Try parsing the new attribute first so userspace 2962 * can specify both for older kernels. 2963 */ 2964 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2965 if (nla) { 2966 struct nl80211_sta_flag_update *sta_flags; 2967 2968 sta_flags = nla_data(nla); 2969 params->sta_flags_mask = sta_flags->mask; 2970 params->sta_flags_set = sta_flags->set; 2971 if ((params->sta_flags_mask | 2972 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2973 return -EINVAL; 2974 return 0; 2975 } 2976 2977 /* if present, parse the old attribute */ 2978 2979 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2980 if (!nla) 2981 return 0; 2982 2983 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2984 nla, sta_flags_policy)) 2985 return -EINVAL; 2986 2987 /* 2988 * Only allow certain flags for interface types so that 2989 * other attributes are silently ignored. Remember that 2990 * this is backward compatibility code with old userspace 2991 * and shouldn't be hit in other cases anyway. 2992 */ 2993 switch (iftype) { 2994 case NL80211_IFTYPE_AP: 2995 case NL80211_IFTYPE_AP_VLAN: 2996 case NL80211_IFTYPE_P2P_GO: 2997 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2998 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2999 BIT(NL80211_STA_FLAG_WME) | 3000 BIT(NL80211_STA_FLAG_MFP); 3001 break; 3002 case NL80211_IFTYPE_P2P_CLIENT: 3003 case NL80211_IFTYPE_STATION: 3004 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 3005 BIT(NL80211_STA_FLAG_TDLS_PEER); 3006 break; 3007 case NL80211_IFTYPE_MESH_POINT: 3008 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3009 BIT(NL80211_STA_FLAG_MFP) | 3010 BIT(NL80211_STA_FLAG_AUTHORIZED); 3011 default: 3012 return -EINVAL; 3013 } 3014 3015 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 3016 if (flags[flag]) { 3017 params->sta_flags_set |= (1<<flag); 3018 3019 /* no longer support new API additions in old API */ 3020 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 3021 return -EINVAL; 3022 } 3023 } 3024 3025 return 0; 3026 } 3027 3028 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 3029 int attr) 3030 { 3031 struct nlattr *rate; 3032 u32 bitrate; 3033 u16 bitrate_compat; 3034 3035 rate = nla_nest_start(msg, attr); 3036 if (!rate) 3037 return false; 3038 3039 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 3040 bitrate = cfg80211_calculate_bitrate(info); 3041 /* report 16-bit bitrate only if we can */ 3042 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 3043 if (bitrate > 0 && 3044 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 3045 return false; 3046 if (bitrate_compat > 0 && 3047 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 3048 return false; 3049 3050 if (info->flags & RATE_INFO_FLAGS_MCS) { 3051 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 3052 return false; 3053 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 3054 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 3055 return false; 3056 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 3057 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 3058 return false; 3059 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 3060 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 3061 return false; 3062 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 3063 return false; 3064 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH && 3065 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) 3066 return false; 3067 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH && 3068 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH)) 3069 return false; 3070 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH && 3071 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH)) 3072 return false; 3073 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH && 3074 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH)) 3075 return false; 3076 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 3077 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 3078 return false; 3079 } 3080 3081 nla_nest_end(msg, rate); 3082 return true; 3083 } 3084 3085 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq, 3086 int flags, 3087 struct cfg80211_registered_device *rdev, 3088 struct net_device *dev, 3089 const u8 *mac_addr, struct station_info *sinfo) 3090 { 3091 void *hdr; 3092 struct nlattr *sinfoattr, *bss_param; 3093 3094 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 3095 if (!hdr) 3096 return -1; 3097 3098 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3099 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 3100 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 3101 goto nla_put_failure; 3102 3103 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 3104 if (!sinfoattr) 3105 goto nla_put_failure; 3106 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 3107 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 3108 sinfo->connected_time)) 3109 goto nla_put_failure; 3110 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 3111 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 3112 sinfo->inactive_time)) 3113 goto nla_put_failure; 3114 if ((sinfo->filled & (STATION_INFO_RX_BYTES | 3115 STATION_INFO_RX_BYTES64)) && 3116 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 3117 (u32)sinfo->rx_bytes)) 3118 goto nla_put_failure; 3119 if ((sinfo->filled & (STATION_INFO_TX_BYTES | 3120 NL80211_STA_INFO_TX_BYTES64)) && 3121 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 3122 (u32)sinfo->tx_bytes)) 3123 goto nla_put_failure; 3124 if ((sinfo->filled & STATION_INFO_RX_BYTES64) && 3125 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64, 3126 sinfo->rx_bytes)) 3127 goto nla_put_failure; 3128 if ((sinfo->filled & STATION_INFO_TX_BYTES64) && 3129 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64, 3130 sinfo->tx_bytes)) 3131 goto nla_put_failure; 3132 if ((sinfo->filled & STATION_INFO_LLID) && 3133 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 3134 goto nla_put_failure; 3135 if ((sinfo->filled & STATION_INFO_PLID) && 3136 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 3137 goto nla_put_failure; 3138 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 3139 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 3140 sinfo->plink_state)) 3141 goto nla_put_failure; 3142 switch (rdev->wiphy.signal_type) { 3143 case CFG80211_SIGNAL_TYPE_MBM: 3144 if ((sinfo->filled & STATION_INFO_SIGNAL) && 3145 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 3146 sinfo->signal)) 3147 goto nla_put_failure; 3148 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 3149 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 3150 sinfo->signal_avg)) 3151 goto nla_put_failure; 3152 break; 3153 default: 3154 break; 3155 } 3156 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 3157 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 3158 NL80211_STA_INFO_TX_BITRATE)) 3159 goto nla_put_failure; 3160 } 3161 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 3162 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 3163 NL80211_STA_INFO_RX_BITRATE)) 3164 goto nla_put_failure; 3165 } 3166 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 3167 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 3168 sinfo->rx_packets)) 3169 goto nla_put_failure; 3170 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 3171 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 3172 sinfo->tx_packets)) 3173 goto nla_put_failure; 3174 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 3175 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 3176 sinfo->tx_retries)) 3177 goto nla_put_failure; 3178 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 3179 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 3180 sinfo->tx_failed)) 3181 goto nla_put_failure; 3182 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 3183 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 3184 sinfo->beacon_loss_count)) 3185 goto nla_put_failure; 3186 if ((sinfo->filled & STATION_INFO_LOCAL_PM) && 3187 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM, 3188 sinfo->local_pm)) 3189 goto nla_put_failure; 3190 if ((sinfo->filled & STATION_INFO_PEER_PM) && 3191 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM, 3192 sinfo->peer_pm)) 3193 goto nla_put_failure; 3194 if ((sinfo->filled & STATION_INFO_NONPEER_PM) && 3195 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM, 3196 sinfo->nonpeer_pm)) 3197 goto nla_put_failure; 3198 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 3199 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 3200 if (!bss_param) 3201 goto nla_put_failure; 3202 3203 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 3204 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 3205 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 3206 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 3207 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 3208 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 3209 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 3210 sinfo->bss_param.dtim_period) || 3211 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 3212 sinfo->bss_param.beacon_interval)) 3213 goto nla_put_failure; 3214 3215 nla_nest_end(msg, bss_param); 3216 } 3217 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 3218 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 3219 sizeof(struct nl80211_sta_flag_update), 3220 &sinfo->sta_flags)) 3221 goto nla_put_failure; 3222 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 3223 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 3224 sinfo->t_offset)) 3225 goto nla_put_failure; 3226 nla_nest_end(msg, sinfoattr); 3227 3228 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 3229 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 3230 sinfo->assoc_req_ies)) 3231 goto nla_put_failure; 3232 3233 return genlmsg_end(msg, hdr); 3234 3235 nla_put_failure: 3236 genlmsg_cancel(msg, hdr); 3237 return -EMSGSIZE; 3238 } 3239 3240 static int nl80211_dump_station(struct sk_buff *skb, 3241 struct netlink_callback *cb) 3242 { 3243 struct station_info sinfo; 3244 struct cfg80211_registered_device *dev; 3245 struct net_device *netdev; 3246 u8 mac_addr[ETH_ALEN]; 3247 int sta_idx = cb->args[1]; 3248 int err; 3249 3250 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3251 if (err) 3252 return err; 3253 3254 if (!dev->ops->dump_station) { 3255 err = -EOPNOTSUPP; 3256 goto out_err; 3257 } 3258 3259 while (1) { 3260 memset(&sinfo, 0, sizeof(sinfo)); 3261 err = rdev_dump_station(dev, netdev, sta_idx, 3262 mac_addr, &sinfo); 3263 if (err == -ENOENT) 3264 break; 3265 if (err) 3266 goto out_err; 3267 3268 if (nl80211_send_station(skb, 3269 NETLINK_CB(cb->skb).portid, 3270 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3271 dev, netdev, mac_addr, 3272 &sinfo) < 0) 3273 goto out; 3274 3275 sta_idx++; 3276 } 3277 3278 3279 out: 3280 cb->args[1] = sta_idx; 3281 err = skb->len; 3282 out_err: 3283 nl80211_finish_netdev_dump(dev); 3284 3285 return err; 3286 } 3287 3288 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 3289 { 3290 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3291 struct net_device *dev = info->user_ptr[1]; 3292 struct station_info sinfo; 3293 struct sk_buff *msg; 3294 u8 *mac_addr = NULL; 3295 int err; 3296 3297 memset(&sinfo, 0, sizeof(sinfo)); 3298 3299 if (!info->attrs[NL80211_ATTR_MAC]) 3300 return -EINVAL; 3301 3302 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3303 3304 if (!rdev->ops->get_station) 3305 return -EOPNOTSUPP; 3306 3307 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 3308 if (err) 3309 return err; 3310 3311 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3312 if (!msg) 3313 return -ENOMEM; 3314 3315 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0, 3316 rdev, dev, mac_addr, &sinfo) < 0) { 3317 nlmsg_free(msg); 3318 return -ENOBUFS; 3319 } 3320 3321 return genlmsg_reply(msg, info); 3322 } 3323 3324 /* 3325 * Get vlan interface making sure it is running and on the right wiphy. 3326 */ 3327 static struct net_device *get_vlan(struct genl_info *info, 3328 struct cfg80211_registered_device *rdev) 3329 { 3330 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 3331 struct net_device *v; 3332 int ret; 3333 3334 if (!vlanattr) 3335 return NULL; 3336 3337 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 3338 if (!v) 3339 return ERR_PTR(-ENODEV); 3340 3341 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 3342 ret = -EINVAL; 3343 goto error; 3344 } 3345 3346 if (!netif_running(v)) { 3347 ret = -ENETDOWN; 3348 goto error; 3349 } 3350 3351 return v; 3352 error: 3353 dev_put(v); 3354 return ERR_PTR(ret); 3355 } 3356 3357 static struct nla_policy 3358 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 3359 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 3360 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 3361 }; 3362 3363 static int nl80211_set_station_tdls(struct genl_info *info, 3364 struct station_parameters *params) 3365 { 3366 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3367 struct nlattr *nla; 3368 int err; 3369 3370 /* Dummy STA entry gets updated once the peer capabilities are known */ 3371 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3372 params->ht_capa = 3373 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3374 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3375 params->vht_capa = 3376 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 3377 3378 /* parse WME attributes if present */ 3379 if (!info->attrs[NL80211_ATTR_STA_WME]) 3380 return 0; 3381 3382 nla = info->attrs[NL80211_ATTR_STA_WME]; 3383 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3384 nl80211_sta_wme_policy); 3385 if (err) 3386 return err; 3387 3388 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3389 params->uapsd_queues = nla_get_u8( 3390 tb[NL80211_STA_WME_UAPSD_QUEUES]); 3391 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3392 return -EINVAL; 3393 3394 if (tb[NL80211_STA_WME_MAX_SP]) 3395 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3396 3397 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3398 return -EINVAL; 3399 3400 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3401 3402 return 0; 3403 } 3404 3405 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 3406 { 3407 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3408 int err; 3409 struct net_device *dev = info->user_ptr[1]; 3410 struct station_parameters params; 3411 u8 *mac_addr = NULL; 3412 3413 memset(¶ms, 0, sizeof(params)); 3414 3415 params.listen_interval = -1; 3416 params.plink_state = -1; 3417 3418 if (info->attrs[NL80211_ATTR_STA_AID]) 3419 return -EINVAL; 3420 3421 if (!info->attrs[NL80211_ATTR_MAC]) 3422 return -EINVAL; 3423 3424 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3425 3426 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 3427 params.supported_rates = 3428 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3429 params.supported_rates_len = 3430 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3431 } 3432 3433 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 3434 params.capability = 3435 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 3436 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 3437 } 3438 3439 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 3440 params.ext_capab = 3441 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3442 params.ext_capab_len = 3443 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3444 } 3445 3446 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3447 return -EINVAL; 3448 3449 if (!rdev->ops->change_station) 3450 return -EOPNOTSUPP; 3451 3452 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3453 return -EINVAL; 3454 3455 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3456 params.plink_action = 3457 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3458 3459 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 3460 params.plink_state = 3461 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 3462 3463 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) { 3464 enum nl80211_mesh_power_mode pm = nla_get_u32( 3465 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 3466 3467 if (pm <= NL80211_MESH_POWER_UNKNOWN || 3468 pm > NL80211_MESH_POWER_MAX) 3469 return -EINVAL; 3470 3471 params.local_pm = pm; 3472 } 3473 3474 switch (dev->ieee80211_ptr->iftype) { 3475 case NL80211_IFTYPE_AP: 3476 case NL80211_IFTYPE_AP_VLAN: 3477 case NL80211_IFTYPE_P2P_GO: 3478 /* disallow mesh-specific things */ 3479 if (params.plink_action) 3480 return -EINVAL; 3481 if (params.local_pm) 3482 return -EINVAL; 3483 3484 /* TDLS can't be set, ... */ 3485 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3486 return -EINVAL; 3487 /* 3488 * ... but don't bother the driver with it. This works around 3489 * a hostapd/wpa_supplicant issue -- it always includes the 3490 * TLDS_PEER flag in the mask even for AP mode. 3491 */ 3492 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3493 3494 /* accept only the listed bits */ 3495 if (params.sta_flags_mask & 3496 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3497 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3498 BIT(NL80211_STA_FLAG_ASSOCIATED) | 3499 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 3500 BIT(NL80211_STA_FLAG_WME) | 3501 BIT(NL80211_STA_FLAG_MFP))) 3502 return -EINVAL; 3503 3504 /* but authenticated/associated only if driver handles it */ 3505 if (!(rdev->wiphy.features & 3506 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 3507 params.sta_flags_mask & 3508 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3509 BIT(NL80211_STA_FLAG_ASSOCIATED))) 3510 return -EINVAL; 3511 3512 /* reject other things that can't change */ 3513 if (params.supported_rates) 3514 return -EINVAL; 3515 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) 3516 return -EINVAL; 3517 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) 3518 return -EINVAL; 3519 if (info->attrs[NL80211_ATTR_HT_CAPABILITY] || 3520 info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3521 return -EINVAL; 3522 3523 /* must be last in here for error handling */ 3524 params.vlan = get_vlan(info, rdev); 3525 if (IS_ERR(params.vlan)) 3526 return PTR_ERR(params.vlan); 3527 break; 3528 case NL80211_IFTYPE_P2P_CLIENT: 3529 case NL80211_IFTYPE_STATION: 3530 /* 3531 * Don't allow userspace to change the TDLS_PEER flag, 3532 * but silently ignore attempts to change it since we 3533 * don't have state here to verify that it doesn't try 3534 * to change the flag. 3535 */ 3536 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3537 /* Include parameters for TDLS peer (driver will check) */ 3538 err = nl80211_set_station_tdls(info, ¶ms); 3539 if (err) 3540 return err; 3541 /* disallow things sta doesn't support */ 3542 if (params.plink_action) 3543 return -EINVAL; 3544 if (params.local_pm) 3545 return -EINVAL; 3546 /* reject any changes other than AUTHORIZED or WME (for TDLS) */ 3547 if (params.sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 3548 BIT(NL80211_STA_FLAG_WME))) 3549 return -EINVAL; 3550 break; 3551 case NL80211_IFTYPE_ADHOC: 3552 /* disallow things sta doesn't support */ 3553 if (params.plink_action) 3554 return -EINVAL; 3555 if (params.local_pm) 3556 return -EINVAL; 3557 if (info->attrs[NL80211_ATTR_HT_CAPABILITY] || 3558 info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3559 return -EINVAL; 3560 /* reject any changes other than AUTHORIZED */ 3561 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 3562 return -EINVAL; 3563 break; 3564 case NL80211_IFTYPE_MESH_POINT: 3565 /* disallow things mesh doesn't support */ 3566 if (params.vlan) 3567 return -EINVAL; 3568 if (params.supported_rates) 3569 return -EINVAL; 3570 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) 3571 return -EINVAL; 3572 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) 3573 return -EINVAL; 3574 if (info->attrs[NL80211_ATTR_HT_CAPABILITY] || 3575 info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3576 return -EINVAL; 3577 /* 3578 * No special handling for TDLS here -- the userspace 3579 * mesh code doesn't have this bug. 3580 */ 3581 if (params.sta_flags_mask & 3582 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3583 BIT(NL80211_STA_FLAG_MFP) | 3584 BIT(NL80211_STA_FLAG_AUTHORIZED))) 3585 return -EINVAL; 3586 break; 3587 default: 3588 return -EOPNOTSUPP; 3589 } 3590 3591 /* be aware of params.vlan when changing code here */ 3592 3593 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 3594 3595 if (params.vlan) 3596 dev_put(params.vlan); 3597 3598 return err; 3599 } 3600 3601 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 3602 { 3603 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3604 int err; 3605 struct net_device *dev = info->user_ptr[1]; 3606 struct station_parameters params; 3607 u8 *mac_addr = NULL; 3608 3609 memset(¶ms, 0, sizeof(params)); 3610 3611 if (!info->attrs[NL80211_ATTR_MAC]) 3612 return -EINVAL; 3613 3614 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 3615 return -EINVAL; 3616 3617 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 3618 return -EINVAL; 3619 3620 if (!info->attrs[NL80211_ATTR_STA_AID]) 3621 return -EINVAL; 3622 3623 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3624 params.supported_rates = 3625 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3626 params.supported_rates_len = 3627 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 3628 params.listen_interval = 3629 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 3630 3631 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 3632 if (!params.aid || params.aid > IEEE80211_MAX_AID) 3633 return -EINVAL; 3634 3635 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 3636 params.capability = 3637 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 3638 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 3639 } 3640 3641 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 3642 params.ext_capab = 3643 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3644 params.ext_capab_len = 3645 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 3646 } 3647 3648 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 3649 params.ht_capa = 3650 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 3651 3652 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 3653 params.vht_capa = 3654 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 3655 3656 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 3657 params.plink_action = 3658 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 3659 3660 if (!rdev->ops->add_station) 3661 return -EOPNOTSUPP; 3662 3663 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 3664 return -EINVAL; 3665 3666 switch (dev->ieee80211_ptr->iftype) { 3667 case NL80211_IFTYPE_AP: 3668 case NL80211_IFTYPE_AP_VLAN: 3669 case NL80211_IFTYPE_P2P_GO: 3670 /* parse WME attributes if sta is WME capable */ 3671 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 3672 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 3673 info->attrs[NL80211_ATTR_STA_WME]) { 3674 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 3675 struct nlattr *nla; 3676 3677 nla = info->attrs[NL80211_ATTR_STA_WME]; 3678 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 3679 nl80211_sta_wme_policy); 3680 if (err) 3681 return err; 3682 3683 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 3684 params.uapsd_queues = 3685 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 3686 if (params.uapsd_queues & 3687 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 3688 return -EINVAL; 3689 3690 if (tb[NL80211_STA_WME_MAX_SP]) 3691 params.max_sp = 3692 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 3693 3694 if (params.max_sp & 3695 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 3696 return -EINVAL; 3697 3698 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 3699 } 3700 /* TDLS peers cannot be added */ 3701 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3702 return -EINVAL; 3703 /* but don't bother the driver with it */ 3704 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 3705 3706 /* allow authenticated/associated only if driver handles it */ 3707 if (!(rdev->wiphy.features & 3708 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 3709 params.sta_flags_mask & 3710 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 3711 BIT(NL80211_STA_FLAG_ASSOCIATED))) 3712 return -EINVAL; 3713 3714 /* must be last in here for error handling */ 3715 params.vlan = get_vlan(info, rdev); 3716 if (IS_ERR(params.vlan)) 3717 return PTR_ERR(params.vlan); 3718 break; 3719 case NL80211_IFTYPE_MESH_POINT: 3720 /* associated is disallowed */ 3721 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 3722 return -EINVAL; 3723 /* TDLS peers cannot be added */ 3724 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 3725 return -EINVAL; 3726 break; 3727 case NL80211_IFTYPE_STATION: 3728 /* associated is disallowed */ 3729 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 3730 return -EINVAL; 3731 /* Only TDLS peers can be added */ 3732 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 3733 return -EINVAL; 3734 /* Can only add if TDLS ... */ 3735 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 3736 return -EOPNOTSUPP; 3737 /* ... with external setup is supported */ 3738 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 3739 return -EOPNOTSUPP; 3740 break; 3741 default: 3742 return -EOPNOTSUPP; 3743 } 3744 3745 /* be aware of params.vlan when changing code here */ 3746 3747 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 3748 3749 if (params.vlan) 3750 dev_put(params.vlan); 3751 return err; 3752 } 3753 3754 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 3755 { 3756 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3757 struct net_device *dev = info->user_ptr[1]; 3758 u8 *mac_addr = NULL; 3759 3760 if (info->attrs[NL80211_ATTR_MAC]) 3761 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 3762 3763 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3764 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 3765 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 3766 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3767 return -EINVAL; 3768 3769 if (!rdev->ops->del_station) 3770 return -EOPNOTSUPP; 3771 3772 return rdev_del_station(rdev, dev, mac_addr); 3773 } 3774 3775 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 3776 int flags, struct net_device *dev, 3777 u8 *dst, u8 *next_hop, 3778 struct mpath_info *pinfo) 3779 { 3780 void *hdr; 3781 struct nlattr *pinfoattr; 3782 3783 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION); 3784 if (!hdr) 3785 return -1; 3786 3787 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3788 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 3789 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 3790 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 3791 goto nla_put_failure; 3792 3793 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 3794 if (!pinfoattr) 3795 goto nla_put_failure; 3796 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 3797 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 3798 pinfo->frame_qlen)) 3799 goto nla_put_failure; 3800 if (((pinfo->filled & MPATH_INFO_SN) && 3801 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 3802 ((pinfo->filled & MPATH_INFO_METRIC) && 3803 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 3804 pinfo->metric)) || 3805 ((pinfo->filled & MPATH_INFO_EXPTIME) && 3806 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 3807 pinfo->exptime)) || 3808 ((pinfo->filled & MPATH_INFO_FLAGS) && 3809 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 3810 pinfo->flags)) || 3811 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 3812 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 3813 pinfo->discovery_timeout)) || 3814 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 3815 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 3816 pinfo->discovery_retries))) 3817 goto nla_put_failure; 3818 3819 nla_nest_end(msg, pinfoattr); 3820 3821 return genlmsg_end(msg, hdr); 3822 3823 nla_put_failure: 3824 genlmsg_cancel(msg, hdr); 3825 return -EMSGSIZE; 3826 } 3827 3828 static int nl80211_dump_mpath(struct sk_buff *skb, 3829 struct netlink_callback *cb) 3830 { 3831 struct mpath_info pinfo; 3832 struct cfg80211_registered_device *dev; 3833 struct net_device *netdev; 3834 u8 dst[ETH_ALEN]; 3835 u8 next_hop[ETH_ALEN]; 3836 int path_idx = cb->args[1]; 3837 int err; 3838 3839 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3840 if (err) 3841 return err; 3842 3843 if (!dev->ops->dump_mpath) { 3844 err = -EOPNOTSUPP; 3845 goto out_err; 3846 } 3847 3848 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 3849 err = -EOPNOTSUPP; 3850 goto out_err; 3851 } 3852 3853 while (1) { 3854 err = rdev_dump_mpath(dev, netdev, path_idx, dst, next_hop, 3855 &pinfo); 3856 if (err == -ENOENT) 3857 break; 3858 if (err) 3859 goto out_err; 3860 3861 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 3862 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3863 netdev, dst, next_hop, 3864 &pinfo) < 0) 3865 goto out; 3866 3867 path_idx++; 3868 } 3869 3870 3871 out: 3872 cb->args[1] = path_idx; 3873 err = skb->len; 3874 out_err: 3875 nl80211_finish_netdev_dump(dev); 3876 return err; 3877 } 3878 3879 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3880 { 3881 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3882 int err; 3883 struct net_device *dev = info->user_ptr[1]; 3884 struct mpath_info pinfo; 3885 struct sk_buff *msg; 3886 u8 *dst = NULL; 3887 u8 next_hop[ETH_ALEN]; 3888 3889 memset(&pinfo, 0, sizeof(pinfo)); 3890 3891 if (!info->attrs[NL80211_ATTR_MAC]) 3892 return -EINVAL; 3893 3894 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3895 3896 if (!rdev->ops->get_mpath) 3897 return -EOPNOTSUPP; 3898 3899 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3900 return -EOPNOTSUPP; 3901 3902 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 3903 if (err) 3904 return err; 3905 3906 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3907 if (!msg) 3908 return -ENOMEM; 3909 3910 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 3911 dev, dst, next_hop, &pinfo) < 0) { 3912 nlmsg_free(msg); 3913 return -ENOBUFS; 3914 } 3915 3916 return genlmsg_reply(msg, info); 3917 } 3918 3919 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3920 { 3921 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3922 struct net_device *dev = info->user_ptr[1]; 3923 u8 *dst = NULL; 3924 u8 *next_hop = NULL; 3925 3926 if (!info->attrs[NL80211_ATTR_MAC]) 3927 return -EINVAL; 3928 3929 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3930 return -EINVAL; 3931 3932 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3933 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3934 3935 if (!rdev->ops->change_mpath) 3936 return -EOPNOTSUPP; 3937 3938 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3939 return -EOPNOTSUPP; 3940 3941 return rdev_change_mpath(rdev, dev, dst, next_hop); 3942 } 3943 3944 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3945 { 3946 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3947 struct net_device *dev = info->user_ptr[1]; 3948 u8 *dst = NULL; 3949 u8 *next_hop = NULL; 3950 3951 if (!info->attrs[NL80211_ATTR_MAC]) 3952 return -EINVAL; 3953 3954 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3955 return -EINVAL; 3956 3957 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3958 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3959 3960 if (!rdev->ops->add_mpath) 3961 return -EOPNOTSUPP; 3962 3963 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3964 return -EOPNOTSUPP; 3965 3966 return rdev_add_mpath(rdev, dev, dst, next_hop); 3967 } 3968 3969 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3970 { 3971 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3972 struct net_device *dev = info->user_ptr[1]; 3973 u8 *dst = NULL; 3974 3975 if (info->attrs[NL80211_ATTR_MAC]) 3976 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3977 3978 if (!rdev->ops->del_mpath) 3979 return -EOPNOTSUPP; 3980 3981 return rdev_del_mpath(rdev, dev, dst); 3982 } 3983 3984 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3985 { 3986 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3987 struct net_device *dev = info->user_ptr[1]; 3988 struct bss_parameters params; 3989 3990 memset(¶ms, 0, sizeof(params)); 3991 /* default to not changing parameters */ 3992 params.use_cts_prot = -1; 3993 params.use_short_preamble = -1; 3994 params.use_short_slot_time = -1; 3995 params.ap_isolate = -1; 3996 params.ht_opmode = -1; 3997 params.p2p_ctwindow = -1; 3998 params.p2p_opp_ps = -1; 3999 4000 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 4001 params.use_cts_prot = 4002 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 4003 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 4004 params.use_short_preamble = 4005 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 4006 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 4007 params.use_short_slot_time = 4008 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 4009 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 4010 params.basic_rates = 4011 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4012 params.basic_rates_len = 4013 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4014 } 4015 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 4016 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 4017 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 4018 params.ht_opmode = 4019 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 4020 4021 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 4022 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4023 return -EINVAL; 4024 params.p2p_ctwindow = 4025 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 4026 if (params.p2p_ctwindow < 0) 4027 return -EINVAL; 4028 if (params.p2p_ctwindow != 0 && 4029 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 4030 return -EINVAL; 4031 } 4032 4033 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 4034 u8 tmp; 4035 4036 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4037 return -EINVAL; 4038 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 4039 if (tmp > 1) 4040 return -EINVAL; 4041 params.p2p_opp_ps = tmp; 4042 if (params.p2p_opp_ps && 4043 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 4044 return -EINVAL; 4045 } 4046 4047 if (!rdev->ops->change_bss) 4048 return -EOPNOTSUPP; 4049 4050 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 4051 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 4052 return -EOPNOTSUPP; 4053 4054 return rdev_change_bss(rdev, dev, ¶ms); 4055 } 4056 4057 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 4058 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 4059 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 4060 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 4061 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 4062 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 4063 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 4064 }; 4065 4066 static int parse_reg_rule(struct nlattr *tb[], 4067 struct ieee80211_reg_rule *reg_rule) 4068 { 4069 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 4070 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 4071 4072 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 4073 return -EINVAL; 4074 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 4075 return -EINVAL; 4076 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 4077 return -EINVAL; 4078 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 4079 return -EINVAL; 4080 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 4081 return -EINVAL; 4082 4083 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 4084 4085 freq_range->start_freq_khz = 4086 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 4087 freq_range->end_freq_khz = 4088 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 4089 freq_range->max_bandwidth_khz = 4090 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 4091 4092 power_rule->max_eirp = 4093 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 4094 4095 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 4096 power_rule->max_antenna_gain = 4097 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 4098 4099 return 0; 4100 } 4101 4102 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 4103 { 4104 int r; 4105 char *data = NULL; 4106 enum nl80211_user_reg_hint_type user_reg_hint_type; 4107 4108 /* 4109 * You should only get this when cfg80211 hasn't yet initialized 4110 * completely when built-in to the kernel right between the time 4111 * window between nl80211_init() and regulatory_init(), if that is 4112 * even possible. 4113 */ 4114 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 4115 return -EINPROGRESS; 4116 4117 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4118 return -EINVAL; 4119 4120 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4121 4122 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 4123 user_reg_hint_type = 4124 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 4125 else 4126 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 4127 4128 switch (user_reg_hint_type) { 4129 case NL80211_USER_REG_HINT_USER: 4130 case NL80211_USER_REG_HINT_CELL_BASE: 4131 break; 4132 default: 4133 return -EINVAL; 4134 } 4135 4136 r = regulatory_hint_user(data, user_reg_hint_type); 4137 4138 return r; 4139 } 4140 4141 static int nl80211_get_mesh_config(struct sk_buff *skb, 4142 struct genl_info *info) 4143 { 4144 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4145 struct net_device *dev = info->user_ptr[1]; 4146 struct wireless_dev *wdev = dev->ieee80211_ptr; 4147 struct mesh_config cur_params; 4148 int err = 0; 4149 void *hdr; 4150 struct nlattr *pinfoattr; 4151 struct sk_buff *msg; 4152 4153 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 4154 return -EOPNOTSUPP; 4155 4156 if (!rdev->ops->get_mesh_config) 4157 return -EOPNOTSUPP; 4158 4159 wdev_lock(wdev); 4160 /* If not connected, get default parameters */ 4161 if (!wdev->mesh_id_len) 4162 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 4163 else 4164 err = rdev_get_mesh_config(rdev, dev, &cur_params); 4165 wdev_unlock(wdev); 4166 4167 if (err) 4168 return err; 4169 4170 /* Draw up a netlink message to send back */ 4171 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4172 if (!msg) 4173 return -ENOMEM; 4174 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4175 NL80211_CMD_GET_MESH_CONFIG); 4176 if (!hdr) 4177 goto out; 4178 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 4179 if (!pinfoattr) 4180 goto nla_put_failure; 4181 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4182 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 4183 cur_params.dot11MeshRetryTimeout) || 4184 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 4185 cur_params.dot11MeshConfirmTimeout) || 4186 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 4187 cur_params.dot11MeshHoldingTimeout) || 4188 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 4189 cur_params.dot11MeshMaxPeerLinks) || 4190 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 4191 cur_params.dot11MeshMaxRetries) || 4192 nla_put_u8(msg, NL80211_MESHCONF_TTL, 4193 cur_params.dot11MeshTTL) || 4194 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 4195 cur_params.element_ttl) || 4196 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 4197 cur_params.auto_open_plinks) || 4198 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 4199 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 4200 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 4201 cur_params.dot11MeshHWMPmaxPREQretries) || 4202 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 4203 cur_params.path_refresh_time) || 4204 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 4205 cur_params.min_discovery_timeout) || 4206 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 4207 cur_params.dot11MeshHWMPactivePathTimeout) || 4208 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 4209 cur_params.dot11MeshHWMPpreqMinInterval) || 4210 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 4211 cur_params.dot11MeshHWMPperrMinInterval) || 4212 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 4213 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 4214 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 4215 cur_params.dot11MeshHWMPRootMode) || 4216 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 4217 cur_params.dot11MeshHWMPRannInterval) || 4218 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 4219 cur_params.dot11MeshGateAnnouncementProtocol) || 4220 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 4221 cur_params.dot11MeshForwarding) || 4222 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 4223 cur_params.rssi_threshold) || 4224 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 4225 cur_params.ht_opmode) || 4226 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 4227 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 4228 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 4229 cur_params.dot11MeshHWMProotInterval) || 4230 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 4231 cur_params.dot11MeshHWMPconfirmationInterval) || 4232 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 4233 cur_params.power_mode) || 4234 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 4235 cur_params.dot11MeshAwakeWindowDuration)) 4236 goto nla_put_failure; 4237 nla_nest_end(msg, pinfoattr); 4238 genlmsg_end(msg, hdr); 4239 return genlmsg_reply(msg, info); 4240 4241 nla_put_failure: 4242 genlmsg_cancel(msg, hdr); 4243 out: 4244 nlmsg_free(msg); 4245 return -ENOBUFS; 4246 } 4247 4248 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 4249 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 4250 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 4251 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 4252 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 4253 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 4254 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 4255 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 4256 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 4257 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 4258 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 4259 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 4260 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 4261 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 4262 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 4263 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 4264 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 4265 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 4266 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 4267 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 4268 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 4269 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 }, 4270 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 4271 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 4272 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 }, 4273 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 }, 4274 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 }, 4275 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 4276 }; 4277 4278 static const struct nla_policy 4279 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 4280 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 4281 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 4282 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 4283 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 4284 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 4285 .len = IEEE80211_MAX_DATA_LEN }, 4286 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 4287 }; 4288 4289 static int nl80211_parse_mesh_config(struct genl_info *info, 4290 struct mesh_config *cfg, 4291 u32 *mask_out) 4292 { 4293 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 4294 u32 mask = 0; 4295 4296 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \ 4297 do { \ 4298 if (tb[attr]) { \ 4299 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \ 4300 return -EINVAL; \ 4301 cfg->param = fn(tb[attr]); \ 4302 mask |= (1 << (attr - 1)); \ 4303 } \ 4304 } while (0) 4305 4306 4307 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 4308 return -EINVAL; 4309 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 4310 info->attrs[NL80211_ATTR_MESH_CONFIG], 4311 nl80211_meshconf_params_policy)) 4312 return -EINVAL; 4313 4314 /* This makes sure that there aren't more than 32 mesh config 4315 * parameters (otherwise our bitfield scheme would not work.) */ 4316 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 4317 4318 /* Fill in the params struct */ 4319 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255, 4320 mask, NL80211_MESHCONF_RETRY_TIMEOUT, 4321 nla_get_u16); 4322 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255, 4323 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, 4324 nla_get_u16); 4325 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255, 4326 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, 4327 nla_get_u16); 4328 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255, 4329 mask, NL80211_MESHCONF_MAX_PEER_LINKS, 4330 nla_get_u16); 4331 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16, 4332 mask, NL80211_MESHCONF_MAX_RETRIES, 4333 nla_get_u8); 4334 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255, 4335 mask, NL80211_MESHCONF_TTL, nla_get_u8); 4336 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255, 4337 mask, NL80211_MESHCONF_ELEMENT_TTL, 4338 nla_get_u8); 4339 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1, 4340 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 4341 nla_get_u8); 4342 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 4343 1, 255, mask, 4344 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 4345 nla_get_u32); 4346 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255, 4347 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 4348 nla_get_u8); 4349 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535, 4350 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, 4351 nla_get_u32); 4352 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535, 4353 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 4354 nla_get_u16); 4355 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 4356 1, 65535, mask, 4357 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 4358 nla_get_u32); 4359 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 4360 1, 65535, mask, 4361 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 4362 nla_get_u16); 4363 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 4364 1, 65535, mask, 4365 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 4366 nla_get_u16); 4367 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4368 dot11MeshHWMPnetDiameterTraversalTime, 4369 1, 65535, mask, 4370 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 4371 nla_get_u16); 4372 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4, 4373 mask, NL80211_MESHCONF_HWMP_ROOTMODE, 4374 nla_get_u8); 4375 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535, 4376 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 4377 nla_get_u16); 4378 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4379 dot11MeshGateAnnouncementProtocol, 0, 1, 4380 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 4381 nla_get_u8); 4382 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1, 4383 mask, NL80211_MESHCONF_FORWARDING, 4384 nla_get_u8); 4385 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 1, 255, 4386 mask, NL80211_MESHCONF_RSSI_THRESHOLD, 4387 nla_get_u32); 4388 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16, 4389 mask, NL80211_MESHCONF_HT_OPMODE, 4390 nla_get_u16); 4391 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout, 4392 1, 65535, mask, 4393 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 4394 nla_get_u32); 4395 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535, 4396 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 4397 nla_get_u16); 4398 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 4399 dot11MeshHWMPconfirmationInterval, 4400 1, 65535, mask, 4401 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 4402 nla_get_u16); 4403 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, 4404 NL80211_MESH_POWER_ACTIVE, 4405 NL80211_MESH_POWER_MAX, 4406 mask, NL80211_MESHCONF_POWER_MODE, 4407 nla_get_u32); 4408 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, 4409 0, 65535, mask, 4410 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16); 4411 if (mask_out) 4412 *mask_out = mask; 4413 4414 return 0; 4415 4416 #undef FILL_IN_MESH_PARAM_IF_SET 4417 } 4418 4419 static int nl80211_parse_mesh_setup(struct genl_info *info, 4420 struct mesh_setup *setup) 4421 { 4422 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 4423 4424 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 4425 return -EINVAL; 4426 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 4427 info->attrs[NL80211_ATTR_MESH_SETUP], 4428 nl80211_mesh_setup_params_policy)) 4429 return -EINVAL; 4430 4431 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 4432 setup->sync_method = 4433 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 4434 IEEE80211_SYNC_METHOD_VENDOR : 4435 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 4436 4437 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 4438 setup->path_sel_proto = 4439 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 4440 IEEE80211_PATH_PROTOCOL_VENDOR : 4441 IEEE80211_PATH_PROTOCOL_HWMP; 4442 4443 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 4444 setup->path_metric = 4445 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 4446 IEEE80211_PATH_METRIC_VENDOR : 4447 IEEE80211_PATH_METRIC_AIRTIME; 4448 4449 4450 if (tb[NL80211_MESH_SETUP_IE]) { 4451 struct nlattr *ieattr = 4452 tb[NL80211_MESH_SETUP_IE]; 4453 if (!is_valid_ie_attr(ieattr)) 4454 return -EINVAL; 4455 setup->ie = nla_data(ieattr); 4456 setup->ie_len = nla_len(ieattr); 4457 } 4458 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 4459 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 4460 4461 return 0; 4462 } 4463 4464 static int nl80211_update_mesh_config(struct sk_buff *skb, 4465 struct genl_info *info) 4466 { 4467 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4468 struct net_device *dev = info->user_ptr[1]; 4469 struct wireless_dev *wdev = dev->ieee80211_ptr; 4470 struct mesh_config cfg; 4471 u32 mask; 4472 int err; 4473 4474 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 4475 return -EOPNOTSUPP; 4476 4477 if (!rdev->ops->update_mesh_config) 4478 return -EOPNOTSUPP; 4479 4480 err = nl80211_parse_mesh_config(info, &cfg, &mask); 4481 if (err) 4482 return err; 4483 4484 wdev_lock(wdev); 4485 if (!wdev->mesh_id_len) 4486 err = -ENOLINK; 4487 4488 if (!err) 4489 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 4490 4491 wdev_unlock(wdev); 4492 4493 return err; 4494 } 4495 4496 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 4497 { 4498 const struct ieee80211_regdomain *regdom; 4499 struct sk_buff *msg; 4500 void *hdr = NULL; 4501 struct nlattr *nl_reg_rules; 4502 unsigned int i; 4503 int err = -EINVAL; 4504 4505 mutex_lock(&cfg80211_mutex); 4506 4507 if (!cfg80211_regdomain) 4508 goto out; 4509 4510 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4511 if (!msg) { 4512 err = -ENOBUFS; 4513 goto out; 4514 } 4515 4516 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4517 NL80211_CMD_GET_REG); 4518 if (!hdr) 4519 goto put_failure; 4520 4521 if (reg_last_request_cell_base() && 4522 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 4523 NL80211_USER_REG_HINT_CELL_BASE)) 4524 goto nla_put_failure; 4525 4526 rcu_read_lock(); 4527 regdom = rcu_dereference(cfg80211_regdomain); 4528 4529 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 4530 (regdom->dfs_region && 4531 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 4532 goto nla_put_failure_rcu; 4533 4534 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 4535 if (!nl_reg_rules) 4536 goto nla_put_failure_rcu; 4537 4538 for (i = 0; i < regdom->n_reg_rules; i++) { 4539 struct nlattr *nl_reg_rule; 4540 const struct ieee80211_reg_rule *reg_rule; 4541 const struct ieee80211_freq_range *freq_range; 4542 const struct ieee80211_power_rule *power_rule; 4543 4544 reg_rule = ®dom->reg_rules[i]; 4545 freq_range = ®_rule->freq_range; 4546 power_rule = ®_rule->power_rule; 4547 4548 nl_reg_rule = nla_nest_start(msg, i); 4549 if (!nl_reg_rule) 4550 goto nla_put_failure_rcu; 4551 4552 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 4553 reg_rule->flags) || 4554 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 4555 freq_range->start_freq_khz) || 4556 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 4557 freq_range->end_freq_khz) || 4558 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 4559 freq_range->max_bandwidth_khz) || 4560 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 4561 power_rule->max_antenna_gain) || 4562 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 4563 power_rule->max_eirp)) 4564 goto nla_put_failure_rcu; 4565 4566 nla_nest_end(msg, nl_reg_rule); 4567 } 4568 rcu_read_unlock(); 4569 4570 nla_nest_end(msg, nl_reg_rules); 4571 4572 genlmsg_end(msg, hdr); 4573 err = genlmsg_reply(msg, info); 4574 goto out; 4575 4576 nla_put_failure_rcu: 4577 rcu_read_unlock(); 4578 nla_put_failure: 4579 genlmsg_cancel(msg, hdr); 4580 put_failure: 4581 nlmsg_free(msg); 4582 err = -EMSGSIZE; 4583 out: 4584 mutex_unlock(&cfg80211_mutex); 4585 return err; 4586 } 4587 4588 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 4589 { 4590 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 4591 struct nlattr *nl_reg_rule; 4592 char *alpha2 = NULL; 4593 int rem_reg_rules = 0, r = 0; 4594 u32 num_rules = 0, rule_idx = 0, size_of_regd; 4595 u8 dfs_region = 0; 4596 struct ieee80211_regdomain *rd = NULL; 4597 4598 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 4599 return -EINVAL; 4600 4601 if (!info->attrs[NL80211_ATTR_REG_RULES]) 4602 return -EINVAL; 4603 4604 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 4605 4606 if (info->attrs[NL80211_ATTR_DFS_REGION]) 4607 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 4608 4609 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4610 rem_reg_rules) { 4611 num_rules++; 4612 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 4613 return -EINVAL; 4614 } 4615 4616 size_of_regd = sizeof(struct ieee80211_regdomain) + 4617 num_rules * sizeof(struct ieee80211_reg_rule); 4618 4619 rd = kzalloc(size_of_regd, GFP_KERNEL); 4620 if (!rd) 4621 return -ENOMEM; 4622 4623 rd->n_reg_rules = num_rules; 4624 rd->alpha2[0] = alpha2[0]; 4625 rd->alpha2[1] = alpha2[1]; 4626 4627 /* 4628 * Disable DFS master mode if the DFS region was 4629 * not supported or known on this kernel. 4630 */ 4631 if (reg_supported_dfs_region(dfs_region)) 4632 rd->dfs_region = dfs_region; 4633 4634 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 4635 rem_reg_rules) { 4636 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 4637 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 4638 reg_rule_policy); 4639 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 4640 if (r) 4641 goto bad_reg; 4642 4643 rule_idx++; 4644 4645 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 4646 r = -EINVAL; 4647 goto bad_reg; 4648 } 4649 } 4650 4651 mutex_lock(&cfg80211_mutex); 4652 4653 r = set_regdom(rd); 4654 /* set_regdom took ownership */ 4655 rd = NULL; 4656 mutex_unlock(&cfg80211_mutex); 4657 4658 bad_reg: 4659 kfree(rd); 4660 return r; 4661 } 4662 4663 static int validate_scan_freqs(struct nlattr *freqs) 4664 { 4665 struct nlattr *attr1, *attr2; 4666 int n_channels = 0, tmp1, tmp2; 4667 4668 nla_for_each_nested(attr1, freqs, tmp1) { 4669 n_channels++; 4670 /* 4671 * Some hardware has a limited channel list for 4672 * scanning, and it is pretty much nonsensical 4673 * to scan for a channel twice, so disallow that 4674 * and don't require drivers to check that the 4675 * channel list they get isn't longer than what 4676 * they can scan, as long as they can scan all 4677 * the channels they registered at once. 4678 */ 4679 nla_for_each_nested(attr2, freqs, tmp2) 4680 if (attr1 != attr2 && 4681 nla_get_u32(attr1) == nla_get_u32(attr2)) 4682 return 0; 4683 } 4684 4685 return n_channels; 4686 } 4687 4688 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 4689 { 4690 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4691 struct wireless_dev *wdev = info->user_ptr[1]; 4692 struct cfg80211_scan_request *request; 4693 struct nlattr *attr; 4694 struct wiphy *wiphy; 4695 int err, tmp, n_ssids = 0, n_channels, i; 4696 size_t ie_len; 4697 4698 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4699 return -EINVAL; 4700 4701 wiphy = &rdev->wiphy; 4702 4703 if (!rdev->ops->scan) 4704 return -EOPNOTSUPP; 4705 4706 if (rdev->scan_req) 4707 return -EBUSY; 4708 4709 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4710 n_channels = validate_scan_freqs( 4711 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4712 if (!n_channels) 4713 return -EINVAL; 4714 } else { 4715 enum ieee80211_band band; 4716 n_channels = 0; 4717 4718 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4719 if (wiphy->bands[band]) 4720 n_channels += wiphy->bands[band]->n_channels; 4721 } 4722 4723 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4724 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 4725 n_ssids++; 4726 4727 if (n_ssids > wiphy->max_scan_ssids) 4728 return -EINVAL; 4729 4730 if (info->attrs[NL80211_ATTR_IE]) 4731 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4732 else 4733 ie_len = 0; 4734 4735 if (ie_len > wiphy->max_scan_ie_len) 4736 return -EINVAL; 4737 4738 request = kzalloc(sizeof(*request) 4739 + sizeof(*request->ssids) * n_ssids 4740 + sizeof(*request->channels) * n_channels 4741 + ie_len, GFP_KERNEL); 4742 if (!request) 4743 return -ENOMEM; 4744 4745 if (n_ssids) 4746 request->ssids = (void *)&request->channels[n_channels]; 4747 request->n_ssids = n_ssids; 4748 if (ie_len) { 4749 if (request->ssids) 4750 request->ie = (void *)(request->ssids + n_ssids); 4751 else 4752 request->ie = (void *)(request->channels + n_channels); 4753 } 4754 4755 i = 0; 4756 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4757 /* user specified, bail out if channel not found */ 4758 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 4759 struct ieee80211_channel *chan; 4760 4761 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4762 4763 if (!chan) { 4764 err = -EINVAL; 4765 goto out_free; 4766 } 4767 4768 /* ignore disabled channels */ 4769 if (chan->flags & IEEE80211_CHAN_DISABLED) 4770 continue; 4771 4772 request->channels[i] = chan; 4773 i++; 4774 } 4775 } else { 4776 enum ieee80211_band band; 4777 4778 /* all channels */ 4779 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4780 int j; 4781 if (!wiphy->bands[band]) 4782 continue; 4783 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4784 struct ieee80211_channel *chan; 4785 4786 chan = &wiphy->bands[band]->channels[j]; 4787 4788 if (chan->flags & IEEE80211_CHAN_DISABLED) 4789 continue; 4790 4791 request->channels[i] = chan; 4792 i++; 4793 } 4794 } 4795 } 4796 4797 if (!i) { 4798 err = -EINVAL; 4799 goto out_free; 4800 } 4801 4802 request->n_channels = i; 4803 4804 i = 0; 4805 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4806 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 4807 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4808 err = -EINVAL; 4809 goto out_free; 4810 } 4811 request->ssids[i].ssid_len = nla_len(attr); 4812 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 4813 i++; 4814 } 4815 } 4816 4817 if (info->attrs[NL80211_ATTR_IE]) { 4818 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4819 memcpy((void *)request->ie, 4820 nla_data(info->attrs[NL80211_ATTR_IE]), 4821 request->ie_len); 4822 } 4823 4824 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 4825 if (wiphy->bands[i]) 4826 request->rates[i] = 4827 (1 << wiphy->bands[i]->n_bitrates) - 1; 4828 4829 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 4830 nla_for_each_nested(attr, 4831 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 4832 tmp) { 4833 enum ieee80211_band band = nla_type(attr); 4834 4835 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4836 err = -EINVAL; 4837 goto out_free; 4838 } 4839 err = ieee80211_get_ratemask(wiphy->bands[band], 4840 nla_data(attr), 4841 nla_len(attr), 4842 &request->rates[band]); 4843 if (err) 4844 goto out_free; 4845 } 4846 } 4847 4848 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 4849 request->flags = nla_get_u32( 4850 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 4851 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 4852 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 4853 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 4854 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 4855 err = -EOPNOTSUPP; 4856 goto out_free; 4857 } 4858 } 4859 4860 request->no_cck = 4861 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 4862 4863 request->wdev = wdev; 4864 request->wiphy = &rdev->wiphy; 4865 request->scan_start = jiffies; 4866 4867 rdev->scan_req = request; 4868 err = rdev_scan(rdev, request); 4869 4870 if (!err) { 4871 nl80211_send_scan_start(rdev, wdev); 4872 if (wdev->netdev) 4873 dev_hold(wdev->netdev); 4874 } else { 4875 out_free: 4876 rdev->scan_req = NULL; 4877 kfree(request); 4878 } 4879 4880 return err; 4881 } 4882 4883 static int nl80211_start_sched_scan(struct sk_buff *skb, 4884 struct genl_info *info) 4885 { 4886 struct cfg80211_sched_scan_request *request; 4887 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4888 struct net_device *dev = info->user_ptr[1]; 4889 struct nlattr *attr; 4890 struct wiphy *wiphy; 4891 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 4892 u32 interval; 4893 enum ieee80211_band band; 4894 size_t ie_len; 4895 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 4896 4897 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4898 !rdev->ops->sched_scan_start) 4899 return -EOPNOTSUPP; 4900 4901 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4902 return -EINVAL; 4903 4904 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 4905 return -EINVAL; 4906 4907 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 4908 if (interval == 0) 4909 return -EINVAL; 4910 4911 wiphy = &rdev->wiphy; 4912 4913 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4914 n_channels = validate_scan_freqs( 4915 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4916 if (!n_channels) 4917 return -EINVAL; 4918 } else { 4919 n_channels = 0; 4920 4921 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4922 if (wiphy->bands[band]) 4923 n_channels += wiphy->bands[band]->n_channels; 4924 } 4925 4926 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4927 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4928 tmp) 4929 n_ssids++; 4930 4931 if (n_ssids > wiphy->max_sched_scan_ssids) 4932 return -EINVAL; 4933 4934 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 4935 nla_for_each_nested(attr, 4936 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4937 tmp) 4938 n_match_sets++; 4939 4940 if (n_match_sets > wiphy->max_match_sets) 4941 return -EINVAL; 4942 4943 if (info->attrs[NL80211_ATTR_IE]) 4944 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4945 else 4946 ie_len = 0; 4947 4948 if (ie_len > wiphy->max_sched_scan_ie_len) 4949 return -EINVAL; 4950 4951 mutex_lock(&rdev->sched_scan_mtx); 4952 4953 if (rdev->sched_scan_req) { 4954 err = -EINPROGRESS; 4955 goto out; 4956 } 4957 4958 request = kzalloc(sizeof(*request) 4959 + sizeof(*request->ssids) * n_ssids 4960 + sizeof(*request->match_sets) * n_match_sets 4961 + sizeof(*request->channels) * n_channels 4962 + ie_len, GFP_KERNEL); 4963 if (!request) { 4964 err = -ENOMEM; 4965 goto out; 4966 } 4967 4968 if (n_ssids) 4969 request->ssids = (void *)&request->channels[n_channels]; 4970 request->n_ssids = n_ssids; 4971 if (ie_len) { 4972 if (request->ssids) 4973 request->ie = (void *)(request->ssids + n_ssids); 4974 else 4975 request->ie = (void *)(request->channels + n_channels); 4976 } 4977 4978 if (n_match_sets) { 4979 if (request->ie) 4980 request->match_sets = (void *)(request->ie + ie_len); 4981 else if (request->ssids) 4982 request->match_sets = 4983 (void *)(request->ssids + n_ssids); 4984 else 4985 request->match_sets = 4986 (void *)(request->channels + n_channels); 4987 } 4988 request->n_match_sets = n_match_sets; 4989 4990 i = 0; 4991 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4992 /* user specified, bail out if channel not found */ 4993 nla_for_each_nested(attr, 4994 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4995 tmp) { 4996 struct ieee80211_channel *chan; 4997 4998 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4999 5000 if (!chan) { 5001 err = -EINVAL; 5002 goto out_free; 5003 } 5004 5005 /* ignore disabled channels */ 5006 if (chan->flags & IEEE80211_CHAN_DISABLED) 5007 continue; 5008 5009 request->channels[i] = chan; 5010 i++; 5011 } 5012 } else { 5013 /* all channels */ 5014 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5015 int j; 5016 if (!wiphy->bands[band]) 5017 continue; 5018 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 5019 struct ieee80211_channel *chan; 5020 5021 chan = &wiphy->bands[band]->channels[j]; 5022 5023 if (chan->flags & IEEE80211_CHAN_DISABLED) 5024 continue; 5025 5026 request->channels[i] = chan; 5027 i++; 5028 } 5029 } 5030 } 5031 5032 if (!i) { 5033 err = -EINVAL; 5034 goto out_free; 5035 } 5036 5037 request->n_channels = i; 5038 5039 i = 0; 5040 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 5041 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 5042 tmp) { 5043 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 5044 err = -EINVAL; 5045 goto out_free; 5046 } 5047 request->ssids[i].ssid_len = nla_len(attr); 5048 memcpy(request->ssids[i].ssid, nla_data(attr), 5049 nla_len(attr)); 5050 i++; 5051 } 5052 } 5053 5054 i = 0; 5055 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 5056 nla_for_each_nested(attr, 5057 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 5058 tmp) { 5059 struct nlattr *ssid, *rssi; 5060 5061 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 5062 nla_data(attr), nla_len(attr), 5063 nl80211_match_policy); 5064 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 5065 if (ssid) { 5066 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 5067 err = -EINVAL; 5068 goto out_free; 5069 } 5070 memcpy(request->match_sets[i].ssid.ssid, 5071 nla_data(ssid), nla_len(ssid)); 5072 request->match_sets[i].ssid.ssid_len = 5073 nla_len(ssid); 5074 } 5075 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 5076 if (rssi) 5077 request->rssi_thold = nla_get_u32(rssi); 5078 else 5079 request->rssi_thold = 5080 NL80211_SCAN_RSSI_THOLD_OFF; 5081 i++; 5082 } 5083 } 5084 5085 if (info->attrs[NL80211_ATTR_IE]) { 5086 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5087 memcpy((void *)request->ie, 5088 nla_data(info->attrs[NL80211_ATTR_IE]), 5089 request->ie_len); 5090 } 5091 5092 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) { 5093 request->flags = nla_get_u32( 5094 info->attrs[NL80211_ATTR_SCAN_FLAGS]); 5095 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 5096 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 5097 ((request->flags & NL80211_SCAN_FLAG_FLUSH) && 5098 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) { 5099 err = -EOPNOTSUPP; 5100 goto out_free; 5101 } 5102 } 5103 5104 request->dev = dev; 5105 request->wiphy = &rdev->wiphy; 5106 request->interval = interval; 5107 request->scan_start = jiffies; 5108 5109 err = rdev_sched_scan_start(rdev, dev, request); 5110 if (!err) { 5111 rdev->sched_scan_req = request; 5112 nl80211_send_sched_scan(rdev, dev, 5113 NL80211_CMD_START_SCHED_SCAN); 5114 goto out; 5115 } 5116 5117 out_free: 5118 kfree(request); 5119 out: 5120 mutex_unlock(&rdev->sched_scan_mtx); 5121 return err; 5122 } 5123 5124 static int nl80211_stop_sched_scan(struct sk_buff *skb, 5125 struct genl_info *info) 5126 { 5127 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5128 int err; 5129 5130 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 5131 !rdev->ops->sched_scan_stop) 5132 return -EOPNOTSUPP; 5133 5134 mutex_lock(&rdev->sched_scan_mtx); 5135 err = __cfg80211_stop_sched_scan(rdev, false); 5136 mutex_unlock(&rdev->sched_scan_mtx); 5137 5138 return err; 5139 } 5140 5141 static int nl80211_start_radar_detection(struct sk_buff *skb, 5142 struct genl_info *info) 5143 { 5144 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5145 struct net_device *dev = info->user_ptr[1]; 5146 struct wireless_dev *wdev = dev->ieee80211_ptr; 5147 struct cfg80211_chan_def chandef; 5148 int err; 5149 5150 err = nl80211_parse_chandef(rdev, info, &chandef); 5151 if (err) 5152 return err; 5153 5154 if (wdev->cac_started) 5155 return -EBUSY; 5156 5157 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef); 5158 if (err < 0) 5159 return err; 5160 5161 if (err == 0) 5162 return -EINVAL; 5163 5164 if (chandef.chan->dfs_state != NL80211_DFS_USABLE) 5165 return -EINVAL; 5166 5167 if (!rdev->ops->start_radar_detection) 5168 return -EOPNOTSUPP; 5169 5170 mutex_lock(&rdev->devlist_mtx); 5171 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype, 5172 chandef.chan, CHAN_MODE_SHARED, 5173 BIT(chandef.width)); 5174 if (err) 5175 goto err_locked; 5176 5177 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef); 5178 if (!err) { 5179 wdev->channel = chandef.chan; 5180 wdev->cac_started = true; 5181 wdev->cac_start_time = jiffies; 5182 } 5183 err_locked: 5184 mutex_unlock(&rdev->devlist_mtx); 5185 5186 return err; 5187 } 5188 5189 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 5190 u32 seq, int flags, 5191 struct cfg80211_registered_device *rdev, 5192 struct wireless_dev *wdev, 5193 struct cfg80211_internal_bss *intbss) 5194 { 5195 struct cfg80211_bss *res = &intbss->pub; 5196 const struct cfg80211_bss_ies *ies; 5197 void *hdr; 5198 struct nlattr *bss; 5199 bool tsf = false; 5200 5201 ASSERT_WDEV_LOCK(wdev); 5202 5203 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 5204 NL80211_CMD_NEW_SCAN_RESULTS); 5205 if (!hdr) 5206 return -1; 5207 5208 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 5209 5210 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 5211 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 5212 goto nla_put_failure; 5213 5214 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 5215 if (!bss) 5216 goto nla_put_failure; 5217 if ((!is_zero_ether_addr(res->bssid) && 5218 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 5219 goto nla_put_failure; 5220 5221 rcu_read_lock(); 5222 ies = rcu_dereference(res->ies); 5223 if (ies) { 5224 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf)) 5225 goto fail_unlock_rcu; 5226 tsf = true; 5227 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 5228 ies->len, ies->data)) 5229 goto fail_unlock_rcu; 5230 } 5231 ies = rcu_dereference(res->beacon_ies); 5232 if (ies) { 5233 if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf)) 5234 goto fail_unlock_rcu; 5235 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 5236 ies->len, ies->data)) 5237 goto fail_unlock_rcu; 5238 } 5239 rcu_read_unlock(); 5240 5241 if (res->beacon_interval && 5242 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 5243 goto nla_put_failure; 5244 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 5245 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 5246 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 5247 jiffies_to_msecs(jiffies - intbss->ts))) 5248 goto nla_put_failure; 5249 5250 switch (rdev->wiphy.signal_type) { 5251 case CFG80211_SIGNAL_TYPE_MBM: 5252 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 5253 goto nla_put_failure; 5254 break; 5255 case CFG80211_SIGNAL_TYPE_UNSPEC: 5256 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 5257 goto nla_put_failure; 5258 break; 5259 default: 5260 break; 5261 } 5262 5263 switch (wdev->iftype) { 5264 case NL80211_IFTYPE_P2P_CLIENT: 5265 case NL80211_IFTYPE_STATION: 5266 if (intbss == wdev->current_bss && 5267 nla_put_u32(msg, NL80211_BSS_STATUS, 5268 NL80211_BSS_STATUS_ASSOCIATED)) 5269 goto nla_put_failure; 5270 break; 5271 case NL80211_IFTYPE_ADHOC: 5272 if (intbss == wdev->current_bss && 5273 nla_put_u32(msg, NL80211_BSS_STATUS, 5274 NL80211_BSS_STATUS_IBSS_JOINED)) 5275 goto nla_put_failure; 5276 break; 5277 default: 5278 break; 5279 } 5280 5281 nla_nest_end(msg, bss); 5282 5283 return genlmsg_end(msg, hdr); 5284 5285 fail_unlock_rcu: 5286 rcu_read_unlock(); 5287 nla_put_failure: 5288 genlmsg_cancel(msg, hdr); 5289 return -EMSGSIZE; 5290 } 5291 5292 static int nl80211_dump_scan(struct sk_buff *skb, 5293 struct netlink_callback *cb) 5294 { 5295 struct cfg80211_registered_device *rdev; 5296 struct net_device *dev; 5297 struct cfg80211_internal_bss *scan; 5298 struct wireless_dev *wdev; 5299 int start = cb->args[1], idx = 0; 5300 int err; 5301 5302 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 5303 if (err) 5304 return err; 5305 5306 wdev = dev->ieee80211_ptr; 5307 5308 wdev_lock(wdev); 5309 spin_lock_bh(&rdev->bss_lock); 5310 cfg80211_bss_expire(rdev); 5311 5312 cb->seq = rdev->bss_generation; 5313 5314 list_for_each_entry(scan, &rdev->bss_list, list) { 5315 if (++idx <= start) 5316 continue; 5317 if (nl80211_send_bss(skb, cb, 5318 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5319 rdev, wdev, scan) < 0) { 5320 idx--; 5321 break; 5322 } 5323 } 5324 5325 spin_unlock_bh(&rdev->bss_lock); 5326 wdev_unlock(wdev); 5327 5328 cb->args[1] = idx; 5329 nl80211_finish_netdev_dump(rdev); 5330 5331 return skb->len; 5332 } 5333 5334 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 5335 int flags, struct net_device *dev, 5336 struct survey_info *survey) 5337 { 5338 void *hdr; 5339 struct nlattr *infoattr; 5340 5341 hdr = nl80211hdr_put(msg, portid, seq, flags, 5342 NL80211_CMD_NEW_SURVEY_RESULTS); 5343 if (!hdr) 5344 return -ENOMEM; 5345 5346 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 5347 goto nla_put_failure; 5348 5349 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 5350 if (!infoattr) 5351 goto nla_put_failure; 5352 5353 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 5354 survey->channel->center_freq)) 5355 goto nla_put_failure; 5356 5357 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 5358 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 5359 goto nla_put_failure; 5360 if ((survey->filled & SURVEY_INFO_IN_USE) && 5361 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 5362 goto nla_put_failure; 5363 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 5364 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 5365 survey->channel_time)) 5366 goto nla_put_failure; 5367 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 5368 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 5369 survey->channel_time_busy)) 5370 goto nla_put_failure; 5371 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 5372 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 5373 survey->channel_time_ext_busy)) 5374 goto nla_put_failure; 5375 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 5376 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 5377 survey->channel_time_rx)) 5378 goto nla_put_failure; 5379 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 5380 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 5381 survey->channel_time_tx)) 5382 goto nla_put_failure; 5383 5384 nla_nest_end(msg, infoattr); 5385 5386 return genlmsg_end(msg, hdr); 5387 5388 nla_put_failure: 5389 genlmsg_cancel(msg, hdr); 5390 return -EMSGSIZE; 5391 } 5392 5393 static int nl80211_dump_survey(struct sk_buff *skb, 5394 struct netlink_callback *cb) 5395 { 5396 struct survey_info survey; 5397 struct cfg80211_registered_device *dev; 5398 struct net_device *netdev; 5399 int survey_idx = cb->args[1]; 5400 int res; 5401 5402 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 5403 if (res) 5404 return res; 5405 5406 if (!dev->ops->dump_survey) { 5407 res = -EOPNOTSUPP; 5408 goto out_err; 5409 } 5410 5411 while (1) { 5412 struct ieee80211_channel *chan; 5413 5414 res = rdev_dump_survey(dev, netdev, survey_idx, &survey); 5415 if (res == -ENOENT) 5416 break; 5417 if (res) 5418 goto out_err; 5419 5420 /* Survey without a channel doesn't make sense */ 5421 if (!survey.channel) { 5422 res = -EINVAL; 5423 goto out; 5424 } 5425 5426 chan = ieee80211_get_channel(&dev->wiphy, 5427 survey.channel->center_freq); 5428 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 5429 survey_idx++; 5430 continue; 5431 } 5432 5433 if (nl80211_send_survey(skb, 5434 NETLINK_CB(cb->skb).portid, 5435 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5436 netdev, 5437 &survey) < 0) 5438 goto out; 5439 survey_idx++; 5440 } 5441 5442 out: 5443 cb->args[1] = survey_idx; 5444 res = skb->len; 5445 out_err: 5446 nl80211_finish_netdev_dump(dev); 5447 return res; 5448 } 5449 5450 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 5451 { 5452 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 5453 NL80211_WPA_VERSION_2)); 5454 } 5455 5456 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 5457 { 5458 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5459 struct net_device *dev = info->user_ptr[1]; 5460 struct ieee80211_channel *chan; 5461 const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL; 5462 int err, ssid_len, ie_len = 0, sae_data_len = 0; 5463 enum nl80211_auth_type auth_type; 5464 struct key_parse key; 5465 bool local_state_change; 5466 5467 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5468 return -EINVAL; 5469 5470 if (!info->attrs[NL80211_ATTR_MAC]) 5471 return -EINVAL; 5472 5473 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 5474 return -EINVAL; 5475 5476 if (!info->attrs[NL80211_ATTR_SSID]) 5477 return -EINVAL; 5478 5479 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5480 return -EINVAL; 5481 5482 err = nl80211_parse_key(info, &key); 5483 if (err) 5484 return err; 5485 5486 if (key.idx >= 0) { 5487 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 5488 return -EINVAL; 5489 if (!key.p.key || !key.p.key_len) 5490 return -EINVAL; 5491 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 5492 key.p.key_len != WLAN_KEY_LEN_WEP40) && 5493 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 5494 key.p.key_len != WLAN_KEY_LEN_WEP104)) 5495 return -EINVAL; 5496 if (key.idx > 4) 5497 return -EINVAL; 5498 } else { 5499 key.p.key_len = 0; 5500 key.p.key = NULL; 5501 } 5502 5503 if (key.idx >= 0) { 5504 int i; 5505 bool ok = false; 5506 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 5507 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 5508 ok = true; 5509 break; 5510 } 5511 } 5512 if (!ok) 5513 return -EINVAL; 5514 } 5515 5516 if (!rdev->ops->auth) 5517 return -EOPNOTSUPP; 5518 5519 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5520 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5521 return -EOPNOTSUPP; 5522 5523 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5524 chan = ieee80211_get_channel(&rdev->wiphy, 5525 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5526 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5527 return -EINVAL; 5528 5529 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5530 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5531 5532 if (info->attrs[NL80211_ATTR_IE]) { 5533 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5534 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5535 } 5536 5537 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5538 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 5539 return -EINVAL; 5540 5541 if (auth_type == NL80211_AUTHTYPE_SAE && 5542 !info->attrs[NL80211_ATTR_SAE_DATA]) 5543 return -EINVAL; 5544 5545 if (info->attrs[NL80211_ATTR_SAE_DATA]) { 5546 if (auth_type != NL80211_AUTHTYPE_SAE) 5547 return -EINVAL; 5548 sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]); 5549 sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]); 5550 /* need to include at least Auth Transaction and Status Code */ 5551 if (sae_data_len < 4) 5552 return -EINVAL; 5553 } 5554 5555 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5556 5557 /* 5558 * Since we no longer track auth state, ignore 5559 * requests to only change local state. 5560 */ 5561 if (local_state_change) 5562 return 0; 5563 5564 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 5565 ssid, ssid_len, ie, ie_len, 5566 key.p.key, key.p.key_len, key.idx, 5567 sae_data, sae_data_len); 5568 } 5569 5570 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 5571 struct genl_info *info, 5572 struct cfg80211_crypto_settings *settings, 5573 int cipher_limit) 5574 { 5575 memset(settings, 0, sizeof(*settings)); 5576 5577 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 5578 5579 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 5580 u16 proto; 5581 proto = nla_get_u16( 5582 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 5583 settings->control_port_ethertype = cpu_to_be16(proto); 5584 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 5585 proto != ETH_P_PAE) 5586 return -EINVAL; 5587 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 5588 settings->control_port_no_encrypt = true; 5589 } else 5590 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 5591 5592 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 5593 void *data; 5594 int len, i; 5595 5596 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5597 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 5598 settings->n_ciphers_pairwise = len / sizeof(u32); 5599 5600 if (len % sizeof(u32)) 5601 return -EINVAL; 5602 5603 if (settings->n_ciphers_pairwise > cipher_limit) 5604 return -EINVAL; 5605 5606 memcpy(settings->ciphers_pairwise, data, len); 5607 5608 for (i = 0; i < settings->n_ciphers_pairwise; i++) 5609 if (!cfg80211_supported_cipher_suite( 5610 &rdev->wiphy, 5611 settings->ciphers_pairwise[i])) 5612 return -EINVAL; 5613 } 5614 5615 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 5616 settings->cipher_group = 5617 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 5618 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 5619 settings->cipher_group)) 5620 return -EINVAL; 5621 } 5622 5623 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 5624 settings->wpa_versions = 5625 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 5626 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 5627 return -EINVAL; 5628 } 5629 5630 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 5631 void *data; 5632 int len; 5633 5634 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 5635 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 5636 settings->n_akm_suites = len / sizeof(u32); 5637 5638 if (len % sizeof(u32)) 5639 return -EINVAL; 5640 5641 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 5642 return -EINVAL; 5643 5644 memcpy(settings->akm_suites, data, len); 5645 } 5646 5647 return 0; 5648 } 5649 5650 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 5651 { 5652 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5653 struct net_device *dev = info->user_ptr[1]; 5654 struct cfg80211_crypto_settings crypto; 5655 struct ieee80211_channel *chan; 5656 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 5657 int err, ssid_len, ie_len = 0; 5658 bool use_mfp = false; 5659 u32 flags = 0; 5660 struct ieee80211_ht_cap *ht_capa = NULL; 5661 struct ieee80211_ht_cap *ht_capa_mask = NULL; 5662 5663 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5664 return -EINVAL; 5665 5666 if (!info->attrs[NL80211_ATTR_MAC] || 5667 !info->attrs[NL80211_ATTR_SSID] || 5668 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5669 return -EINVAL; 5670 5671 if (!rdev->ops->assoc) 5672 return -EOPNOTSUPP; 5673 5674 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5675 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5676 return -EOPNOTSUPP; 5677 5678 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5679 5680 chan = ieee80211_get_channel(&rdev->wiphy, 5681 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5682 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 5683 return -EINVAL; 5684 5685 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5686 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5687 5688 if (info->attrs[NL80211_ATTR_IE]) { 5689 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5690 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5691 } 5692 5693 if (info->attrs[NL80211_ATTR_USE_MFP]) { 5694 enum nl80211_mfp mfp = 5695 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 5696 if (mfp == NL80211_MFP_REQUIRED) 5697 use_mfp = true; 5698 else if (mfp != NL80211_MFP_NO) 5699 return -EINVAL; 5700 } 5701 5702 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 5703 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 5704 5705 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5706 flags |= ASSOC_REQ_DISABLE_HT; 5707 5708 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5709 ht_capa_mask = 5710 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 5711 5712 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5713 if (!ht_capa_mask) 5714 return -EINVAL; 5715 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 5716 } 5717 5718 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 5719 if (!err) 5720 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 5721 ssid, ssid_len, ie, ie_len, use_mfp, 5722 &crypto, flags, ht_capa, 5723 ht_capa_mask); 5724 5725 return err; 5726 } 5727 5728 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 5729 { 5730 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5731 struct net_device *dev = info->user_ptr[1]; 5732 const u8 *ie = NULL, *bssid; 5733 int ie_len = 0; 5734 u16 reason_code; 5735 bool local_state_change; 5736 5737 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5738 return -EINVAL; 5739 5740 if (!info->attrs[NL80211_ATTR_MAC]) 5741 return -EINVAL; 5742 5743 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5744 return -EINVAL; 5745 5746 if (!rdev->ops->deauth) 5747 return -EOPNOTSUPP; 5748 5749 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5750 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5751 return -EOPNOTSUPP; 5752 5753 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5754 5755 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5756 if (reason_code == 0) { 5757 /* Reason Code 0 is reserved */ 5758 return -EINVAL; 5759 } 5760 5761 if (info->attrs[NL80211_ATTR_IE]) { 5762 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5763 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5764 } 5765 5766 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5767 5768 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 5769 local_state_change); 5770 } 5771 5772 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 5773 { 5774 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5775 struct net_device *dev = info->user_ptr[1]; 5776 const u8 *ie = NULL, *bssid; 5777 int ie_len = 0; 5778 u16 reason_code; 5779 bool local_state_change; 5780 5781 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5782 return -EINVAL; 5783 5784 if (!info->attrs[NL80211_ATTR_MAC]) 5785 return -EINVAL; 5786 5787 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5788 return -EINVAL; 5789 5790 if (!rdev->ops->disassoc) 5791 return -EOPNOTSUPP; 5792 5793 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5794 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5795 return -EOPNOTSUPP; 5796 5797 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5798 5799 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5800 if (reason_code == 0) { 5801 /* Reason Code 0 is reserved */ 5802 return -EINVAL; 5803 } 5804 5805 if (info->attrs[NL80211_ATTR_IE]) { 5806 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5807 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5808 } 5809 5810 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 5811 5812 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 5813 local_state_change); 5814 } 5815 5816 static bool 5817 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 5818 int mcast_rate[IEEE80211_NUM_BANDS], 5819 int rateval) 5820 { 5821 struct wiphy *wiphy = &rdev->wiphy; 5822 bool found = false; 5823 int band, i; 5824 5825 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 5826 struct ieee80211_supported_band *sband; 5827 5828 sband = wiphy->bands[band]; 5829 if (!sband) 5830 continue; 5831 5832 for (i = 0; i < sband->n_bitrates; i++) { 5833 if (sband->bitrates[i].bitrate == rateval) { 5834 mcast_rate[band] = i + 1; 5835 found = true; 5836 break; 5837 } 5838 } 5839 } 5840 5841 return found; 5842 } 5843 5844 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 5845 { 5846 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5847 struct net_device *dev = info->user_ptr[1]; 5848 struct cfg80211_ibss_params ibss; 5849 struct wiphy *wiphy; 5850 struct cfg80211_cached_keys *connkeys = NULL; 5851 int err; 5852 5853 memset(&ibss, 0, sizeof(ibss)); 5854 5855 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5856 return -EINVAL; 5857 5858 if (!info->attrs[NL80211_ATTR_SSID] || 5859 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5860 return -EINVAL; 5861 5862 ibss.beacon_interval = 100; 5863 5864 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 5865 ibss.beacon_interval = 5866 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 5867 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 5868 return -EINVAL; 5869 } 5870 5871 if (!rdev->ops->join_ibss) 5872 return -EOPNOTSUPP; 5873 5874 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5875 return -EOPNOTSUPP; 5876 5877 wiphy = &rdev->wiphy; 5878 5879 if (info->attrs[NL80211_ATTR_MAC]) { 5880 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5881 5882 if (!is_valid_ether_addr(ibss.bssid)) 5883 return -EINVAL; 5884 } 5885 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5886 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5887 5888 if (info->attrs[NL80211_ATTR_IE]) { 5889 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5890 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5891 } 5892 5893 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 5894 if (err) 5895 return err; 5896 5897 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef)) 5898 return -EINVAL; 5899 5900 if (ibss.chandef.width > NL80211_CHAN_WIDTH_40) 5901 return -EINVAL; 5902 if (ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 5903 !(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 5904 return -EINVAL; 5905 5906 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 5907 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 5908 5909 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 5910 u8 *rates = 5911 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5912 int n_rates = 5913 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 5914 struct ieee80211_supported_band *sband = 5915 wiphy->bands[ibss.chandef.chan->band]; 5916 5917 err = ieee80211_get_ratemask(sband, rates, n_rates, 5918 &ibss.basic_rates); 5919 if (err) 5920 return err; 5921 } 5922 5923 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 5924 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 5925 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 5926 return -EINVAL; 5927 5928 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5929 bool no_ht = false; 5930 5931 connkeys = nl80211_parse_connkeys(rdev, 5932 info->attrs[NL80211_ATTR_KEYS], 5933 &no_ht); 5934 if (IS_ERR(connkeys)) 5935 return PTR_ERR(connkeys); 5936 5937 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 5938 no_ht) { 5939 kfree(connkeys); 5940 return -EINVAL; 5941 } 5942 } 5943 5944 ibss.control_port = 5945 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 5946 5947 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 5948 if (err) 5949 kfree(connkeys); 5950 return err; 5951 } 5952 5953 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 5954 { 5955 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5956 struct net_device *dev = info->user_ptr[1]; 5957 5958 if (!rdev->ops->leave_ibss) 5959 return -EOPNOTSUPP; 5960 5961 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 5962 return -EOPNOTSUPP; 5963 5964 return cfg80211_leave_ibss(rdev, dev, false); 5965 } 5966 5967 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 5968 { 5969 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5970 struct net_device *dev = info->user_ptr[1]; 5971 int mcast_rate[IEEE80211_NUM_BANDS]; 5972 u32 nla_rate; 5973 int err; 5974 5975 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5976 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 5977 return -EOPNOTSUPP; 5978 5979 if (!rdev->ops->set_mcast_rate) 5980 return -EOPNOTSUPP; 5981 5982 memset(mcast_rate, 0, sizeof(mcast_rate)); 5983 5984 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 5985 return -EINVAL; 5986 5987 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 5988 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 5989 return -EINVAL; 5990 5991 err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate); 5992 5993 return err; 5994 } 5995 5996 5997 #ifdef CONFIG_NL80211_TESTMODE 5998 static struct genl_multicast_group nl80211_testmode_mcgrp = { 5999 .name = "testmode", 6000 }; 6001 6002 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 6003 { 6004 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6005 int err; 6006 6007 if (!info->attrs[NL80211_ATTR_TESTDATA]) 6008 return -EINVAL; 6009 6010 err = -EOPNOTSUPP; 6011 if (rdev->ops->testmode_cmd) { 6012 rdev->testmode_info = info; 6013 err = rdev_testmode_cmd(rdev, 6014 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 6015 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 6016 rdev->testmode_info = NULL; 6017 } 6018 6019 return err; 6020 } 6021 6022 static int nl80211_testmode_dump(struct sk_buff *skb, 6023 struct netlink_callback *cb) 6024 { 6025 struct cfg80211_registered_device *rdev; 6026 int err; 6027 long phy_idx; 6028 void *data = NULL; 6029 int data_len = 0; 6030 6031 if (cb->args[0]) { 6032 /* 6033 * 0 is a valid index, but not valid for args[0], 6034 * so we need to offset by 1. 6035 */ 6036 phy_idx = cb->args[0] - 1; 6037 } else { 6038 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 6039 nl80211_fam.attrbuf, nl80211_fam.maxattr, 6040 nl80211_policy); 6041 if (err) 6042 return err; 6043 6044 mutex_lock(&cfg80211_mutex); 6045 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), 6046 nl80211_fam.attrbuf); 6047 if (IS_ERR(rdev)) { 6048 mutex_unlock(&cfg80211_mutex); 6049 return PTR_ERR(rdev); 6050 } 6051 phy_idx = rdev->wiphy_idx; 6052 rdev = NULL; 6053 mutex_unlock(&cfg80211_mutex); 6054 6055 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 6056 cb->args[1] = 6057 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 6058 } 6059 6060 if (cb->args[1]) { 6061 data = nla_data((void *)cb->args[1]); 6062 data_len = nla_len((void *)cb->args[1]); 6063 } 6064 6065 mutex_lock(&cfg80211_mutex); 6066 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 6067 if (!rdev) { 6068 mutex_unlock(&cfg80211_mutex); 6069 return -ENOENT; 6070 } 6071 cfg80211_lock_rdev(rdev); 6072 mutex_unlock(&cfg80211_mutex); 6073 6074 if (!rdev->ops->testmode_dump) { 6075 err = -EOPNOTSUPP; 6076 goto out_err; 6077 } 6078 6079 while (1) { 6080 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 6081 cb->nlh->nlmsg_seq, NLM_F_MULTI, 6082 NL80211_CMD_TESTMODE); 6083 struct nlattr *tmdata; 6084 6085 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 6086 genlmsg_cancel(skb, hdr); 6087 break; 6088 } 6089 6090 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 6091 if (!tmdata) { 6092 genlmsg_cancel(skb, hdr); 6093 break; 6094 } 6095 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 6096 nla_nest_end(skb, tmdata); 6097 6098 if (err == -ENOBUFS || err == -ENOENT) { 6099 genlmsg_cancel(skb, hdr); 6100 break; 6101 } else if (err) { 6102 genlmsg_cancel(skb, hdr); 6103 goto out_err; 6104 } 6105 6106 genlmsg_end(skb, hdr); 6107 } 6108 6109 err = skb->len; 6110 /* see above */ 6111 cb->args[0] = phy_idx + 1; 6112 out_err: 6113 cfg80211_unlock_rdev(rdev); 6114 return err; 6115 } 6116 6117 static struct sk_buff * 6118 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 6119 int approxlen, u32 portid, u32 seq, gfp_t gfp) 6120 { 6121 struct sk_buff *skb; 6122 void *hdr; 6123 struct nlattr *data; 6124 6125 skb = nlmsg_new(approxlen + 100, gfp); 6126 if (!skb) 6127 return NULL; 6128 6129 hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE); 6130 if (!hdr) { 6131 kfree_skb(skb); 6132 return NULL; 6133 } 6134 6135 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 6136 goto nla_put_failure; 6137 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 6138 6139 ((void **)skb->cb)[0] = rdev; 6140 ((void **)skb->cb)[1] = hdr; 6141 ((void **)skb->cb)[2] = data; 6142 6143 return skb; 6144 6145 nla_put_failure: 6146 kfree_skb(skb); 6147 return NULL; 6148 } 6149 6150 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 6151 int approxlen) 6152 { 6153 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 6154 6155 if (WARN_ON(!rdev->testmode_info)) 6156 return NULL; 6157 6158 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 6159 rdev->testmode_info->snd_portid, 6160 rdev->testmode_info->snd_seq, 6161 GFP_KERNEL); 6162 } 6163 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 6164 6165 int cfg80211_testmode_reply(struct sk_buff *skb) 6166 { 6167 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 6168 void *hdr = ((void **)skb->cb)[1]; 6169 struct nlattr *data = ((void **)skb->cb)[2]; 6170 6171 if (WARN_ON(!rdev->testmode_info)) { 6172 kfree_skb(skb); 6173 return -EINVAL; 6174 } 6175 6176 nla_nest_end(skb, data); 6177 genlmsg_end(skb, hdr); 6178 return genlmsg_reply(skb, rdev->testmode_info); 6179 } 6180 EXPORT_SYMBOL(cfg80211_testmode_reply); 6181 6182 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 6183 int approxlen, gfp_t gfp) 6184 { 6185 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 6186 6187 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 6188 } 6189 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 6190 6191 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 6192 { 6193 void *hdr = ((void **)skb->cb)[1]; 6194 struct nlattr *data = ((void **)skb->cb)[2]; 6195 6196 nla_nest_end(skb, data); 6197 genlmsg_end(skb, hdr); 6198 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 6199 } 6200 EXPORT_SYMBOL(cfg80211_testmode_event); 6201 #endif 6202 6203 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 6204 { 6205 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6206 struct net_device *dev = info->user_ptr[1]; 6207 struct cfg80211_connect_params connect; 6208 struct wiphy *wiphy; 6209 struct cfg80211_cached_keys *connkeys = NULL; 6210 int err; 6211 6212 memset(&connect, 0, sizeof(connect)); 6213 6214 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 6215 return -EINVAL; 6216 6217 if (!info->attrs[NL80211_ATTR_SSID] || 6218 !nla_len(info->attrs[NL80211_ATTR_SSID])) 6219 return -EINVAL; 6220 6221 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 6222 connect.auth_type = 6223 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 6224 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 6225 NL80211_CMD_CONNECT)) 6226 return -EINVAL; 6227 } else 6228 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 6229 6230 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 6231 6232 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 6233 NL80211_MAX_NR_CIPHER_SUITES); 6234 if (err) 6235 return err; 6236 6237 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6238 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6239 return -EOPNOTSUPP; 6240 6241 wiphy = &rdev->wiphy; 6242 6243 connect.bg_scan_period = -1; 6244 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 6245 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 6246 connect.bg_scan_period = 6247 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 6248 } 6249 6250 if (info->attrs[NL80211_ATTR_MAC]) 6251 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6252 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 6253 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 6254 6255 if (info->attrs[NL80211_ATTR_IE]) { 6256 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 6257 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 6258 } 6259 6260 if (info->attrs[NL80211_ATTR_USE_MFP]) { 6261 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 6262 if (connect.mfp != NL80211_MFP_REQUIRED && 6263 connect.mfp != NL80211_MFP_NO) 6264 return -EINVAL; 6265 } else { 6266 connect.mfp = NL80211_MFP_NO; 6267 } 6268 6269 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6270 connect.channel = 6271 ieee80211_get_channel(wiphy, 6272 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 6273 if (!connect.channel || 6274 connect.channel->flags & IEEE80211_CHAN_DISABLED) 6275 return -EINVAL; 6276 } 6277 6278 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 6279 connkeys = nl80211_parse_connkeys(rdev, 6280 info->attrs[NL80211_ATTR_KEYS], NULL); 6281 if (IS_ERR(connkeys)) 6282 return PTR_ERR(connkeys); 6283 } 6284 6285 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 6286 connect.flags |= ASSOC_REQ_DISABLE_HT; 6287 6288 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 6289 memcpy(&connect.ht_capa_mask, 6290 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 6291 sizeof(connect.ht_capa_mask)); 6292 6293 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 6294 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 6295 kfree(connkeys); 6296 return -EINVAL; 6297 } 6298 memcpy(&connect.ht_capa, 6299 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 6300 sizeof(connect.ht_capa)); 6301 } 6302 6303 err = cfg80211_connect(rdev, dev, &connect, connkeys); 6304 if (err) 6305 kfree(connkeys); 6306 return err; 6307 } 6308 6309 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 6310 { 6311 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6312 struct net_device *dev = info->user_ptr[1]; 6313 u16 reason; 6314 6315 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 6316 reason = WLAN_REASON_DEAUTH_LEAVING; 6317 else 6318 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 6319 6320 if (reason == 0) 6321 return -EINVAL; 6322 6323 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6324 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6325 return -EOPNOTSUPP; 6326 6327 return cfg80211_disconnect(rdev, dev, reason, true); 6328 } 6329 6330 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 6331 { 6332 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6333 struct net *net; 6334 int err; 6335 u32 pid; 6336 6337 if (!info->attrs[NL80211_ATTR_PID]) 6338 return -EINVAL; 6339 6340 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 6341 6342 net = get_net_ns_by_pid(pid); 6343 if (IS_ERR(net)) 6344 return PTR_ERR(net); 6345 6346 err = 0; 6347 6348 /* check if anything to do */ 6349 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 6350 err = cfg80211_switch_netns(rdev, net); 6351 6352 put_net(net); 6353 return err; 6354 } 6355 6356 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 6357 { 6358 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6359 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 6360 struct cfg80211_pmksa *pmksa) = NULL; 6361 struct net_device *dev = info->user_ptr[1]; 6362 struct cfg80211_pmksa pmksa; 6363 6364 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 6365 6366 if (!info->attrs[NL80211_ATTR_MAC]) 6367 return -EINVAL; 6368 6369 if (!info->attrs[NL80211_ATTR_PMKID]) 6370 return -EINVAL; 6371 6372 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 6373 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 6374 6375 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6376 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6377 return -EOPNOTSUPP; 6378 6379 switch (info->genlhdr->cmd) { 6380 case NL80211_CMD_SET_PMKSA: 6381 rdev_ops = rdev->ops->set_pmksa; 6382 break; 6383 case NL80211_CMD_DEL_PMKSA: 6384 rdev_ops = rdev->ops->del_pmksa; 6385 break; 6386 default: 6387 WARN_ON(1); 6388 break; 6389 } 6390 6391 if (!rdev_ops) 6392 return -EOPNOTSUPP; 6393 6394 return rdev_ops(&rdev->wiphy, dev, &pmksa); 6395 } 6396 6397 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 6398 { 6399 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6400 struct net_device *dev = info->user_ptr[1]; 6401 6402 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 6403 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 6404 return -EOPNOTSUPP; 6405 6406 if (!rdev->ops->flush_pmksa) 6407 return -EOPNOTSUPP; 6408 6409 return rdev_flush_pmksa(rdev, dev); 6410 } 6411 6412 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 6413 { 6414 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6415 struct net_device *dev = info->user_ptr[1]; 6416 u8 action_code, dialog_token; 6417 u16 status_code; 6418 u8 *peer; 6419 6420 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6421 !rdev->ops->tdls_mgmt) 6422 return -EOPNOTSUPP; 6423 6424 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 6425 !info->attrs[NL80211_ATTR_STATUS_CODE] || 6426 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 6427 !info->attrs[NL80211_ATTR_IE] || 6428 !info->attrs[NL80211_ATTR_MAC]) 6429 return -EINVAL; 6430 6431 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6432 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 6433 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 6434 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 6435 6436 return rdev_tdls_mgmt(rdev, dev, peer, action_code, 6437 dialog_token, status_code, 6438 nla_data(info->attrs[NL80211_ATTR_IE]), 6439 nla_len(info->attrs[NL80211_ATTR_IE])); 6440 } 6441 6442 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 6443 { 6444 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6445 struct net_device *dev = info->user_ptr[1]; 6446 enum nl80211_tdls_operation operation; 6447 u8 *peer; 6448 6449 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 6450 !rdev->ops->tdls_oper) 6451 return -EOPNOTSUPP; 6452 6453 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 6454 !info->attrs[NL80211_ATTR_MAC]) 6455 return -EINVAL; 6456 6457 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 6458 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 6459 6460 return rdev_tdls_oper(rdev, dev, peer, operation); 6461 } 6462 6463 static int nl80211_remain_on_channel(struct sk_buff *skb, 6464 struct genl_info *info) 6465 { 6466 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6467 struct wireless_dev *wdev = info->user_ptr[1]; 6468 struct cfg80211_chan_def chandef; 6469 struct sk_buff *msg; 6470 void *hdr; 6471 u64 cookie; 6472 u32 duration; 6473 int err; 6474 6475 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 6476 !info->attrs[NL80211_ATTR_DURATION]) 6477 return -EINVAL; 6478 6479 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6480 6481 if (!rdev->ops->remain_on_channel || 6482 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 6483 return -EOPNOTSUPP; 6484 6485 /* 6486 * We should be on that channel for at least a minimum amount of 6487 * time (10ms) but no longer than the driver supports. 6488 */ 6489 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6490 duration > rdev->wiphy.max_remain_on_channel_duration) 6491 return -EINVAL; 6492 6493 err = nl80211_parse_chandef(rdev, info, &chandef); 6494 if (err) 6495 return err; 6496 6497 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6498 if (!msg) 6499 return -ENOMEM; 6500 6501 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6502 NL80211_CMD_REMAIN_ON_CHANNEL); 6503 6504 if (IS_ERR(hdr)) { 6505 err = PTR_ERR(hdr); 6506 goto free_msg; 6507 } 6508 6509 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 6510 duration, &cookie); 6511 6512 if (err) 6513 goto free_msg; 6514 6515 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6516 goto nla_put_failure; 6517 6518 genlmsg_end(msg, hdr); 6519 6520 return genlmsg_reply(msg, info); 6521 6522 nla_put_failure: 6523 err = -ENOBUFS; 6524 free_msg: 6525 nlmsg_free(msg); 6526 return err; 6527 } 6528 6529 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 6530 struct genl_info *info) 6531 { 6532 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6533 struct wireless_dev *wdev = info->user_ptr[1]; 6534 u64 cookie; 6535 6536 if (!info->attrs[NL80211_ATTR_COOKIE]) 6537 return -EINVAL; 6538 6539 if (!rdev->ops->cancel_remain_on_channel) 6540 return -EOPNOTSUPP; 6541 6542 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6543 6544 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 6545 } 6546 6547 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 6548 u8 *rates, u8 rates_len) 6549 { 6550 u8 i; 6551 u32 mask = 0; 6552 6553 for (i = 0; i < rates_len; i++) { 6554 int rate = (rates[i] & 0x7f) * 5; 6555 int ridx; 6556 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 6557 struct ieee80211_rate *srate = 6558 &sband->bitrates[ridx]; 6559 if (rate == srate->bitrate) { 6560 mask |= 1 << ridx; 6561 break; 6562 } 6563 } 6564 if (ridx == sband->n_bitrates) 6565 return 0; /* rate not found */ 6566 } 6567 6568 return mask; 6569 } 6570 6571 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 6572 u8 *rates, u8 rates_len, 6573 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 6574 { 6575 u8 i; 6576 6577 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 6578 6579 for (i = 0; i < rates_len; i++) { 6580 int ridx, rbit; 6581 6582 ridx = rates[i] / 8; 6583 rbit = BIT(rates[i] % 8); 6584 6585 /* check validity */ 6586 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 6587 return false; 6588 6589 /* check availability */ 6590 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 6591 mcs[ridx] |= rbit; 6592 else 6593 return false; 6594 } 6595 6596 return true; 6597 } 6598 6599 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 6600 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 6601 .len = NL80211_MAX_SUPP_RATES }, 6602 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 6603 .len = NL80211_MAX_SUPP_HT_RATES }, 6604 }; 6605 6606 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 6607 struct genl_info *info) 6608 { 6609 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 6610 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6611 struct cfg80211_bitrate_mask mask; 6612 int rem, i; 6613 struct net_device *dev = info->user_ptr[1]; 6614 struct nlattr *tx_rates; 6615 struct ieee80211_supported_band *sband; 6616 6617 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 6618 return -EINVAL; 6619 6620 if (!rdev->ops->set_bitrate_mask) 6621 return -EOPNOTSUPP; 6622 6623 memset(&mask, 0, sizeof(mask)); 6624 /* Default to all rates enabled */ 6625 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 6626 sband = rdev->wiphy.bands[i]; 6627 mask.control[i].legacy = 6628 sband ? (1 << sband->n_bitrates) - 1 : 0; 6629 if (sband) 6630 memcpy(mask.control[i].mcs, 6631 sband->ht_cap.mcs.rx_mask, 6632 sizeof(mask.control[i].mcs)); 6633 else 6634 memset(mask.control[i].mcs, 0, 6635 sizeof(mask.control[i].mcs)); 6636 } 6637 6638 /* 6639 * The nested attribute uses enum nl80211_band as the index. This maps 6640 * directly to the enum ieee80211_band values used in cfg80211. 6641 */ 6642 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 6643 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 6644 { 6645 enum ieee80211_band band = nla_type(tx_rates); 6646 if (band < 0 || band >= IEEE80211_NUM_BANDS) 6647 return -EINVAL; 6648 sband = rdev->wiphy.bands[band]; 6649 if (sband == NULL) 6650 return -EINVAL; 6651 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 6652 nla_len(tx_rates), nl80211_txattr_policy); 6653 if (tb[NL80211_TXRATE_LEGACY]) { 6654 mask.control[band].legacy = rateset_to_mask( 6655 sband, 6656 nla_data(tb[NL80211_TXRATE_LEGACY]), 6657 nla_len(tb[NL80211_TXRATE_LEGACY])); 6658 if ((mask.control[band].legacy == 0) && 6659 nla_len(tb[NL80211_TXRATE_LEGACY])) 6660 return -EINVAL; 6661 } 6662 if (tb[NL80211_TXRATE_MCS]) { 6663 if (!ht_rateset_to_mask( 6664 sband, 6665 nla_data(tb[NL80211_TXRATE_MCS]), 6666 nla_len(tb[NL80211_TXRATE_MCS]), 6667 mask.control[band].mcs)) 6668 return -EINVAL; 6669 } 6670 6671 if (mask.control[band].legacy == 0) { 6672 /* don't allow empty legacy rates if HT 6673 * is not even supported. */ 6674 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 6675 return -EINVAL; 6676 6677 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 6678 if (mask.control[band].mcs[i]) 6679 break; 6680 6681 /* legacy and mcs rates may not be both empty */ 6682 if (i == IEEE80211_HT_MCS_MASK_LEN) 6683 return -EINVAL; 6684 } 6685 } 6686 6687 return rdev_set_bitrate_mask(rdev, dev, NULL, &mask); 6688 } 6689 6690 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 6691 { 6692 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6693 struct wireless_dev *wdev = info->user_ptr[1]; 6694 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 6695 6696 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 6697 return -EINVAL; 6698 6699 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 6700 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 6701 6702 switch (wdev->iftype) { 6703 case NL80211_IFTYPE_STATION: 6704 case NL80211_IFTYPE_ADHOC: 6705 case NL80211_IFTYPE_P2P_CLIENT: 6706 case NL80211_IFTYPE_AP: 6707 case NL80211_IFTYPE_AP_VLAN: 6708 case NL80211_IFTYPE_MESH_POINT: 6709 case NL80211_IFTYPE_P2P_GO: 6710 case NL80211_IFTYPE_P2P_DEVICE: 6711 break; 6712 default: 6713 return -EOPNOTSUPP; 6714 } 6715 6716 /* not much point in registering if we can't reply */ 6717 if (!rdev->ops->mgmt_tx) 6718 return -EOPNOTSUPP; 6719 6720 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 6721 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 6722 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 6723 } 6724 6725 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 6726 { 6727 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6728 struct wireless_dev *wdev = info->user_ptr[1]; 6729 struct cfg80211_chan_def chandef; 6730 int err; 6731 void *hdr = NULL; 6732 u64 cookie; 6733 struct sk_buff *msg = NULL; 6734 unsigned int wait = 0; 6735 bool offchan, no_cck, dont_wait_for_ack; 6736 6737 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 6738 6739 if (!info->attrs[NL80211_ATTR_FRAME]) 6740 return -EINVAL; 6741 6742 if (!rdev->ops->mgmt_tx) 6743 return -EOPNOTSUPP; 6744 6745 switch (wdev->iftype) { 6746 case NL80211_IFTYPE_STATION: 6747 case NL80211_IFTYPE_ADHOC: 6748 case NL80211_IFTYPE_P2P_CLIENT: 6749 case NL80211_IFTYPE_AP: 6750 case NL80211_IFTYPE_AP_VLAN: 6751 case NL80211_IFTYPE_MESH_POINT: 6752 case NL80211_IFTYPE_P2P_GO: 6753 case NL80211_IFTYPE_P2P_DEVICE: 6754 break; 6755 default: 6756 return -EOPNOTSUPP; 6757 } 6758 6759 if (info->attrs[NL80211_ATTR_DURATION]) { 6760 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6761 return -EINVAL; 6762 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 6763 6764 /* 6765 * We should wait on the channel for at least a minimum amount 6766 * of time (10ms) but no longer than the driver supports. 6767 */ 6768 if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 6769 wait > rdev->wiphy.max_remain_on_channel_duration) 6770 return -EINVAL; 6771 6772 } 6773 6774 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 6775 6776 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 6777 return -EINVAL; 6778 6779 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 6780 6781 err = nl80211_parse_chandef(rdev, info, &chandef); 6782 if (err) 6783 return err; 6784 6785 if (!dont_wait_for_ack) { 6786 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6787 if (!msg) 6788 return -ENOMEM; 6789 6790 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6791 NL80211_CMD_FRAME); 6792 6793 if (IS_ERR(hdr)) { 6794 err = PTR_ERR(hdr); 6795 goto free_msg; 6796 } 6797 } 6798 6799 err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait, 6800 nla_data(info->attrs[NL80211_ATTR_FRAME]), 6801 nla_len(info->attrs[NL80211_ATTR_FRAME]), 6802 no_cck, dont_wait_for_ack, &cookie); 6803 if (err) 6804 goto free_msg; 6805 6806 if (msg) { 6807 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6808 goto nla_put_failure; 6809 6810 genlmsg_end(msg, hdr); 6811 return genlmsg_reply(msg, info); 6812 } 6813 6814 return 0; 6815 6816 nla_put_failure: 6817 err = -ENOBUFS; 6818 free_msg: 6819 nlmsg_free(msg); 6820 return err; 6821 } 6822 6823 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 6824 { 6825 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6826 struct wireless_dev *wdev = info->user_ptr[1]; 6827 u64 cookie; 6828 6829 if (!info->attrs[NL80211_ATTR_COOKIE]) 6830 return -EINVAL; 6831 6832 if (!rdev->ops->mgmt_tx_cancel_wait) 6833 return -EOPNOTSUPP; 6834 6835 switch (wdev->iftype) { 6836 case NL80211_IFTYPE_STATION: 6837 case NL80211_IFTYPE_ADHOC: 6838 case NL80211_IFTYPE_P2P_CLIENT: 6839 case NL80211_IFTYPE_AP: 6840 case NL80211_IFTYPE_AP_VLAN: 6841 case NL80211_IFTYPE_P2P_GO: 6842 case NL80211_IFTYPE_P2P_DEVICE: 6843 break; 6844 default: 6845 return -EOPNOTSUPP; 6846 } 6847 6848 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 6849 6850 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 6851 } 6852 6853 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 6854 { 6855 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6856 struct wireless_dev *wdev; 6857 struct net_device *dev = info->user_ptr[1]; 6858 u8 ps_state; 6859 bool state; 6860 int err; 6861 6862 if (!info->attrs[NL80211_ATTR_PS_STATE]) 6863 return -EINVAL; 6864 6865 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 6866 6867 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 6868 return -EINVAL; 6869 6870 wdev = dev->ieee80211_ptr; 6871 6872 if (!rdev->ops->set_power_mgmt) 6873 return -EOPNOTSUPP; 6874 6875 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 6876 6877 if (state == wdev->ps) 6878 return 0; 6879 6880 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 6881 if (!err) 6882 wdev->ps = state; 6883 return err; 6884 } 6885 6886 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 6887 { 6888 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6889 enum nl80211_ps_state ps_state; 6890 struct wireless_dev *wdev; 6891 struct net_device *dev = info->user_ptr[1]; 6892 struct sk_buff *msg; 6893 void *hdr; 6894 int err; 6895 6896 wdev = dev->ieee80211_ptr; 6897 6898 if (!rdev->ops->set_power_mgmt) 6899 return -EOPNOTSUPP; 6900 6901 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6902 if (!msg) 6903 return -ENOMEM; 6904 6905 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 6906 NL80211_CMD_GET_POWER_SAVE); 6907 if (!hdr) { 6908 err = -ENOBUFS; 6909 goto free_msg; 6910 } 6911 6912 if (wdev->ps) 6913 ps_state = NL80211_PS_ENABLED; 6914 else 6915 ps_state = NL80211_PS_DISABLED; 6916 6917 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 6918 goto nla_put_failure; 6919 6920 genlmsg_end(msg, hdr); 6921 return genlmsg_reply(msg, info); 6922 6923 nla_put_failure: 6924 err = -ENOBUFS; 6925 free_msg: 6926 nlmsg_free(msg); 6927 return err; 6928 } 6929 6930 static struct nla_policy 6931 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 6932 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 6933 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 6934 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 6935 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 6936 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 6937 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 6938 }; 6939 6940 static int nl80211_set_cqm_txe(struct genl_info *info, 6941 u32 rate, u32 pkts, u32 intvl) 6942 { 6943 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6944 struct wireless_dev *wdev; 6945 struct net_device *dev = info->user_ptr[1]; 6946 6947 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 6948 return -EINVAL; 6949 6950 wdev = dev->ieee80211_ptr; 6951 6952 if (!rdev->ops->set_cqm_txe_config) 6953 return -EOPNOTSUPP; 6954 6955 if (wdev->iftype != NL80211_IFTYPE_STATION && 6956 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6957 return -EOPNOTSUPP; 6958 6959 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 6960 } 6961 6962 static int nl80211_set_cqm_rssi(struct genl_info *info, 6963 s32 threshold, u32 hysteresis) 6964 { 6965 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6966 struct wireless_dev *wdev; 6967 struct net_device *dev = info->user_ptr[1]; 6968 6969 if (threshold > 0) 6970 return -EINVAL; 6971 6972 wdev = dev->ieee80211_ptr; 6973 6974 if (!rdev->ops->set_cqm_rssi_config) 6975 return -EOPNOTSUPP; 6976 6977 if (wdev->iftype != NL80211_IFTYPE_STATION && 6978 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 6979 return -EOPNOTSUPP; 6980 6981 return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis); 6982 } 6983 6984 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 6985 { 6986 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 6987 struct nlattr *cqm; 6988 int err; 6989 6990 cqm = info->attrs[NL80211_ATTR_CQM]; 6991 if (!cqm) { 6992 err = -EINVAL; 6993 goto out; 6994 } 6995 6996 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 6997 nl80211_attr_cqm_policy); 6998 if (err) 6999 goto out; 7000 7001 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 7002 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 7003 s32 threshold; 7004 u32 hysteresis; 7005 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 7006 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 7007 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 7008 } else if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 7009 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 7010 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 7011 u32 rate, pkts, intvl; 7012 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 7013 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 7014 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 7015 err = nl80211_set_cqm_txe(info, rate, pkts, intvl); 7016 } else 7017 err = -EINVAL; 7018 7019 out: 7020 return err; 7021 } 7022 7023 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 7024 { 7025 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7026 struct net_device *dev = info->user_ptr[1]; 7027 struct mesh_config cfg; 7028 struct mesh_setup setup; 7029 int err; 7030 7031 /* start with default */ 7032 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 7033 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 7034 7035 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 7036 /* and parse parameters if given */ 7037 err = nl80211_parse_mesh_config(info, &cfg, NULL); 7038 if (err) 7039 return err; 7040 } 7041 7042 if (!info->attrs[NL80211_ATTR_MESH_ID] || 7043 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 7044 return -EINVAL; 7045 7046 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 7047 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 7048 7049 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 7050 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 7051 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 7052 return -EINVAL; 7053 7054 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 7055 setup.beacon_interval = 7056 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 7057 if (setup.beacon_interval < 10 || 7058 setup.beacon_interval > 10000) 7059 return -EINVAL; 7060 } 7061 7062 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 7063 setup.dtim_period = 7064 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 7065 if (setup.dtim_period < 1 || setup.dtim_period > 100) 7066 return -EINVAL; 7067 } 7068 7069 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 7070 /* parse additional setup parameters if given */ 7071 err = nl80211_parse_mesh_setup(info, &setup); 7072 if (err) 7073 return err; 7074 } 7075 7076 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 7077 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 7078 if (err) 7079 return err; 7080 } else { 7081 /* cfg80211_join_mesh() will sort it out */ 7082 setup.chandef.chan = NULL; 7083 } 7084 7085 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 7086 } 7087 7088 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 7089 { 7090 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7091 struct net_device *dev = info->user_ptr[1]; 7092 7093 return cfg80211_leave_mesh(rdev, dev); 7094 } 7095 7096 #ifdef CONFIG_PM 7097 static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 7098 struct cfg80211_registered_device *rdev) 7099 { 7100 struct nlattr *nl_pats, *nl_pat; 7101 int i, pat_len; 7102 7103 if (!rdev->wowlan->n_patterns) 7104 return 0; 7105 7106 nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 7107 if (!nl_pats) 7108 return -ENOBUFS; 7109 7110 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 7111 nl_pat = nla_nest_start(msg, i + 1); 7112 if (!nl_pat) 7113 return -ENOBUFS; 7114 pat_len = rdev->wowlan->patterns[i].pattern_len; 7115 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 7116 DIV_ROUND_UP(pat_len, 8), 7117 rdev->wowlan->patterns[i].mask) || 7118 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 7119 pat_len, rdev->wowlan->patterns[i].pattern) || 7120 nla_put_u32(msg, NL80211_WOWLAN_PKTPAT_OFFSET, 7121 rdev->wowlan->patterns[i].pkt_offset)) 7122 return -ENOBUFS; 7123 nla_nest_end(msg, nl_pat); 7124 } 7125 nla_nest_end(msg, nl_pats); 7126 7127 return 0; 7128 } 7129 7130 static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 7131 struct cfg80211_wowlan_tcp *tcp) 7132 { 7133 struct nlattr *nl_tcp; 7134 7135 if (!tcp) 7136 return 0; 7137 7138 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION); 7139 if (!nl_tcp) 7140 return -ENOBUFS; 7141 7142 if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 7143 nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 7144 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 7145 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 7146 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 7147 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 7148 tcp->payload_len, tcp->payload) || 7149 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 7150 tcp->data_interval) || 7151 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 7152 tcp->wake_len, tcp->wake_data) || 7153 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 7154 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 7155 return -ENOBUFS; 7156 7157 if (tcp->payload_seq.len && 7158 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 7159 sizeof(tcp->payload_seq), &tcp->payload_seq)) 7160 return -ENOBUFS; 7161 7162 if (tcp->payload_tok.len && 7163 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 7164 sizeof(tcp->payload_tok) + tcp->tokens_size, 7165 &tcp->payload_tok)) 7166 return -ENOBUFS; 7167 7168 return 0; 7169 } 7170 7171 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 7172 { 7173 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7174 struct sk_buff *msg; 7175 void *hdr; 7176 u32 size = NLMSG_DEFAULT_SIZE; 7177 7178 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns && 7179 !rdev->wiphy.wowlan.tcp) 7180 return -EOPNOTSUPP; 7181 7182 if (rdev->wowlan && rdev->wowlan->tcp) { 7183 /* adjust size to have room for all the data */ 7184 size += rdev->wowlan->tcp->tokens_size + 7185 rdev->wowlan->tcp->payload_len + 7186 rdev->wowlan->tcp->wake_len + 7187 rdev->wowlan->tcp->wake_len / 8; 7188 } 7189 7190 msg = nlmsg_new(size, GFP_KERNEL); 7191 if (!msg) 7192 return -ENOMEM; 7193 7194 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7195 NL80211_CMD_GET_WOWLAN); 7196 if (!hdr) 7197 goto nla_put_failure; 7198 7199 if (rdev->wowlan) { 7200 struct nlattr *nl_wowlan; 7201 7202 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 7203 if (!nl_wowlan) 7204 goto nla_put_failure; 7205 7206 if ((rdev->wowlan->any && 7207 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 7208 (rdev->wowlan->disconnect && 7209 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 7210 (rdev->wowlan->magic_pkt && 7211 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 7212 (rdev->wowlan->gtk_rekey_failure && 7213 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 7214 (rdev->wowlan->eap_identity_req && 7215 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 7216 (rdev->wowlan->four_way_handshake && 7217 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 7218 (rdev->wowlan->rfkill_release && 7219 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 7220 goto nla_put_failure; 7221 7222 if (nl80211_send_wowlan_patterns(msg, rdev)) 7223 goto nla_put_failure; 7224 7225 if (nl80211_send_wowlan_tcp(msg, rdev->wowlan->tcp)) 7226 goto nla_put_failure; 7227 7228 nla_nest_end(msg, nl_wowlan); 7229 } 7230 7231 genlmsg_end(msg, hdr); 7232 return genlmsg_reply(msg, info); 7233 7234 nla_put_failure: 7235 nlmsg_free(msg); 7236 return -ENOBUFS; 7237 } 7238 7239 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 7240 struct nlattr *attr, 7241 struct cfg80211_wowlan *trig) 7242 { 7243 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 7244 struct cfg80211_wowlan_tcp *cfg; 7245 struct nl80211_wowlan_tcp_data_token *tok = NULL; 7246 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 7247 u32 size; 7248 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 7249 int err, port; 7250 7251 if (!rdev->wiphy.wowlan.tcp) 7252 return -EINVAL; 7253 7254 err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP, 7255 nla_data(attr), nla_len(attr), 7256 nl80211_wowlan_tcp_policy); 7257 if (err) 7258 return err; 7259 7260 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 7261 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 7262 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 7263 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 7264 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 7265 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 7266 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 7267 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 7268 return -EINVAL; 7269 7270 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 7271 if (data_size > rdev->wiphy.wowlan.tcp->data_payload_max) 7272 return -EINVAL; 7273 7274 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 7275 rdev->wiphy.wowlan.tcp->data_interval_max) 7276 return -EINVAL; 7277 7278 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 7279 if (wake_size > rdev->wiphy.wowlan.tcp->wake_payload_max) 7280 return -EINVAL; 7281 7282 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 7283 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 7284 return -EINVAL; 7285 7286 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 7287 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 7288 7289 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 7290 tokens_size = tokln - sizeof(*tok); 7291 7292 if (!tok->len || tokens_size % tok->len) 7293 return -EINVAL; 7294 if (!rdev->wiphy.wowlan.tcp->tok) 7295 return -EINVAL; 7296 if (tok->len > rdev->wiphy.wowlan.tcp->tok->max_len) 7297 return -EINVAL; 7298 if (tok->len < rdev->wiphy.wowlan.tcp->tok->min_len) 7299 return -EINVAL; 7300 if (tokens_size > rdev->wiphy.wowlan.tcp->tok->bufsize) 7301 return -EINVAL; 7302 if (tok->offset + tok->len > data_size) 7303 return -EINVAL; 7304 } 7305 7306 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 7307 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 7308 if (!rdev->wiphy.wowlan.tcp->seq) 7309 return -EINVAL; 7310 if (seq->len == 0 || seq->len > 4) 7311 return -EINVAL; 7312 if (seq->len + seq->offset > data_size) 7313 return -EINVAL; 7314 } 7315 7316 size = sizeof(*cfg); 7317 size += data_size; 7318 size += wake_size + wake_mask_size; 7319 size += tokens_size; 7320 7321 cfg = kzalloc(size, GFP_KERNEL); 7322 if (!cfg) 7323 return -ENOMEM; 7324 cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 7325 cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 7326 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 7327 ETH_ALEN); 7328 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 7329 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 7330 else 7331 port = 0; 7332 #ifdef CONFIG_INET 7333 /* allocate a socket and port for it and use it */ 7334 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 7335 IPPROTO_TCP, &cfg->sock, 1); 7336 if (err) { 7337 kfree(cfg); 7338 return err; 7339 } 7340 if (inet_csk_get_port(cfg->sock->sk, port)) { 7341 sock_release(cfg->sock); 7342 kfree(cfg); 7343 return -EADDRINUSE; 7344 } 7345 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 7346 #else 7347 if (!port) { 7348 kfree(cfg); 7349 return -EINVAL; 7350 } 7351 cfg->src_port = port; 7352 #endif 7353 7354 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 7355 cfg->payload_len = data_size; 7356 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 7357 memcpy((void *)cfg->payload, 7358 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 7359 data_size); 7360 if (seq) 7361 cfg->payload_seq = *seq; 7362 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 7363 cfg->wake_len = wake_size; 7364 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 7365 memcpy((void *)cfg->wake_data, 7366 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 7367 wake_size); 7368 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 7369 data_size + wake_size; 7370 memcpy((void *)cfg->wake_mask, 7371 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 7372 wake_mask_size); 7373 if (tok) { 7374 cfg->tokens_size = tokens_size; 7375 memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size); 7376 } 7377 7378 trig->tcp = cfg; 7379 7380 return 0; 7381 } 7382 7383 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 7384 { 7385 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7386 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 7387 struct cfg80211_wowlan new_triggers = {}; 7388 struct cfg80211_wowlan *ntrig; 7389 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 7390 int err, i; 7391 bool prev_enabled = rdev->wowlan; 7392 7393 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns && 7394 !rdev->wiphy.wowlan.tcp) 7395 return -EOPNOTSUPP; 7396 7397 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 7398 cfg80211_rdev_free_wowlan(rdev); 7399 rdev->wowlan = NULL; 7400 goto set_wakeup; 7401 } 7402 7403 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 7404 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 7405 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 7406 nl80211_wowlan_policy); 7407 if (err) 7408 return err; 7409 7410 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 7411 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 7412 return -EINVAL; 7413 new_triggers.any = true; 7414 } 7415 7416 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 7417 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 7418 return -EINVAL; 7419 new_triggers.disconnect = true; 7420 } 7421 7422 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 7423 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 7424 return -EINVAL; 7425 new_triggers.magic_pkt = true; 7426 } 7427 7428 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 7429 return -EINVAL; 7430 7431 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 7432 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 7433 return -EINVAL; 7434 new_triggers.gtk_rekey_failure = true; 7435 } 7436 7437 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 7438 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 7439 return -EINVAL; 7440 new_triggers.eap_identity_req = true; 7441 } 7442 7443 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 7444 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 7445 return -EINVAL; 7446 new_triggers.four_way_handshake = true; 7447 } 7448 7449 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 7450 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 7451 return -EINVAL; 7452 new_triggers.rfkill_release = true; 7453 } 7454 7455 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 7456 struct nlattr *pat; 7457 int n_patterns = 0; 7458 int rem, pat_len, mask_len, pkt_offset; 7459 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 7460 7461 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 7462 rem) 7463 n_patterns++; 7464 if (n_patterns > wowlan->n_patterns) 7465 return -EINVAL; 7466 7467 new_triggers.patterns = kcalloc(n_patterns, 7468 sizeof(new_triggers.patterns[0]), 7469 GFP_KERNEL); 7470 if (!new_triggers.patterns) 7471 return -ENOMEM; 7472 7473 new_triggers.n_patterns = n_patterns; 7474 i = 0; 7475 7476 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 7477 rem) { 7478 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 7479 nla_data(pat), nla_len(pat), NULL); 7480 err = -EINVAL; 7481 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 7482 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 7483 goto error; 7484 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 7485 mask_len = DIV_ROUND_UP(pat_len, 8); 7486 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 7487 mask_len) 7488 goto error; 7489 if (pat_len > wowlan->pattern_max_len || 7490 pat_len < wowlan->pattern_min_len) 7491 goto error; 7492 7493 if (!pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]) 7494 pkt_offset = 0; 7495 else 7496 pkt_offset = nla_get_u32( 7497 pat_tb[NL80211_WOWLAN_PKTPAT_OFFSET]); 7498 if (pkt_offset > wowlan->max_pkt_offset) 7499 goto error; 7500 new_triggers.patterns[i].pkt_offset = pkt_offset; 7501 7502 new_triggers.patterns[i].mask = 7503 kmalloc(mask_len + pat_len, GFP_KERNEL); 7504 if (!new_triggers.patterns[i].mask) { 7505 err = -ENOMEM; 7506 goto error; 7507 } 7508 new_triggers.patterns[i].pattern = 7509 new_triggers.patterns[i].mask + mask_len; 7510 memcpy(new_triggers.patterns[i].mask, 7511 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 7512 mask_len); 7513 new_triggers.patterns[i].pattern_len = pat_len; 7514 memcpy(new_triggers.patterns[i].pattern, 7515 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 7516 pat_len); 7517 i++; 7518 } 7519 } 7520 7521 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 7522 err = nl80211_parse_wowlan_tcp( 7523 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 7524 &new_triggers); 7525 if (err) 7526 goto error; 7527 } 7528 7529 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 7530 if (!ntrig) { 7531 err = -ENOMEM; 7532 goto error; 7533 } 7534 cfg80211_rdev_free_wowlan(rdev); 7535 rdev->wowlan = ntrig; 7536 7537 set_wakeup: 7538 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 7539 rdev_set_wakeup(rdev, rdev->wowlan); 7540 7541 return 0; 7542 error: 7543 for (i = 0; i < new_triggers.n_patterns; i++) 7544 kfree(new_triggers.patterns[i].mask); 7545 kfree(new_triggers.patterns); 7546 if (new_triggers.tcp && new_triggers.tcp->sock) 7547 sock_release(new_triggers.tcp->sock); 7548 kfree(new_triggers.tcp); 7549 return err; 7550 } 7551 #endif 7552 7553 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 7554 { 7555 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7556 struct net_device *dev = info->user_ptr[1]; 7557 struct wireless_dev *wdev = dev->ieee80211_ptr; 7558 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 7559 struct cfg80211_gtk_rekey_data rekey_data; 7560 int err; 7561 7562 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 7563 return -EINVAL; 7564 7565 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 7566 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 7567 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 7568 nl80211_rekey_policy); 7569 if (err) 7570 return err; 7571 7572 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 7573 return -ERANGE; 7574 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 7575 return -ERANGE; 7576 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 7577 return -ERANGE; 7578 7579 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 7580 NL80211_KEK_LEN); 7581 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 7582 NL80211_KCK_LEN); 7583 memcpy(rekey_data.replay_ctr, 7584 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 7585 NL80211_REPLAY_CTR_LEN); 7586 7587 wdev_lock(wdev); 7588 if (!wdev->current_bss) { 7589 err = -ENOTCONN; 7590 goto out; 7591 } 7592 7593 if (!rdev->ops->set_rekey_data) { 7594 err = -EOPNOTSUPP; 7595 goto out; 7596 } 7597 7598 err = rdev_set_rekey_data(rdev, dev, &rekey_data); 7599 out: 7600 wdev_unlock(wdev); 7601 return err; 7602 } 7603 7604 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 7605 struct genl_info *info) 7606 { 7607 struct net_device *dev = info->user_ptr[1]; 7608 struct wireless_dev *wdev = dev->ieee80211_ptr; 7609 7610 if (wdev->iftype != NL80211_IFTYPE_AP && 7611 wdev->iftype != NL80211_IFTYPE_P2P_GO) 7612 return -EINVAL; 7613 7614 if (wdev->ap_unexpected_nlportid) 7615 return -EBUSY; 7616 7617 wdev->ap_unexpected_nlportid = info->snd_portid; 7618 return 0; 7619 } 7620 7621 static int nl80211_probe_client(struct sk_buff *skb, 7622 struct genl_info *info) 7623 { 7624 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7625 struct net_device *dev = info->user_ptr[1]; 7626 struct wireless_dev *wdev = dev->ieee80211_ptr; 7627 struct sk_buff *msg; 7628 void *hdr; 7629 const u8 *addr; 7630 u64 cookie; 7631 int err; 7632 7633 if (wdev->iftype != NL80211_IFTYPE_AP && 7634 wdev->iftype != NL80211_IFTYPE_P2P_GO) 7635 return -EOPNOTSUPP; 7636 7637 if (!info->attrs[NL80211_ATTR_MAC]) 7638 return -EINVAL; 7639 7640 if (!rdev->ops->probe_client) 7641 return -EOPNOTSUPP; 7642 7643 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7644 if (!msg) 7645 return -ENOMEM; 7646 7647 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 7648 NL80211_CMD_PROBE_CLIENT); 7649 7650 if (IS_ERR(hdr)) { 7651 err = PTR_ERR(hdr); 7652 goto free_msg; 7653 } 7654 7655 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 7656 7657 err = rdev_probe_client(rdev, dev, addr, &cookie); 7658 if (err) 7659 goto free_msg; 7660 7661 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 7662 goto nla_put_failure; 7663 7664 genlmsg_end(msg, hdr); 7665 7666 return genlmsg_reply(msg, info); 7667 7668 nla_put_failure: 7669 err = -ENOBUFS; 7670 free_msg: 7671 nlmsg_free(msg); 7672 return err; 7673 } 7674 7675 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 7676 { 7677 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7678 struct cfg80211_beacon_registration *reg, *nreg; 7679 int rv; 7680 7681 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 7682 return -EOPNOTSUPP; 7683 7684 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 7685 if (!nreg) 7686 return -ENOMEM; 7687 7688 /* First, check if already registered. */ 7689 spin_lock_bh(&rdev->beacon_registrations_lock); 7690 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 7691 if (reg->nlportid == info->snd_portid) { 7692 rv = -EALREADY; 7693 goto out_err; 7694 } 7695 } 7696 /* Add it to the list */ 7697 nreg->nlportid = info->snd_portid; 7698 list_add(&nreg->list, &rdev->beacon_registrations); 7699 7700 spin_unlock_bh(&rdev->beacon_registrations_lock); 7701 7702 return 0; 7703 out_err: 7704 spin_unlock_bh(&rdev->beacon_registrations_lock); 7705 kfree(nreg); 7706 return rv; 7707 } 7708 7709 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 7710 { 7711 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7712 struct wireless_dev *wdev = info->user_ptr[1]; 7713 int err; 7714 7715 if (!rdev->ops->start_p2p_device) 7716 return -EOPNOTSUPP; 7717 7718 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 7719 return -EOPNOTSUPP; 7720 7721 if (wdev->p2p_started) 7722 return 0; 7723 7724 mutex_lock(&rdev->devlist_mtx); 7725 err = cfg80211_can_add_interface(rdev, wdev->iftype); 7726 mutex_unlock(&rdev->devlist_mtx); 7727 if (err) 7728 return err; 7729 7730 err = rdev_start_p2p_device(rdev, wdev); 7731 if (err) 7732 return err; 7733 7734 wdev->p2p_started = true; 7735 mutex_lock(&rdev->devlist_mtx); 7736 rdev->opencount++; 7737 mutex_unlock(&rdev->devlist_mtx); 7738 7739 return 0; 7740 } 7741 7742 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 7743 { 7744 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7745 struct wireless_dev *wdev = info->user_ptr[1]; 7746 7747 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 7748 return -EOPNOTSUPP; 7749 7750 if (!rdev->ops->stop_p2p_device) 7751 return -EOPNOTSUPP; 7752 7753 if (!wdev->p2p_started) 7754 return 0; 7755 7756 rdev_stop_p2p_device(rdev, wdev); 7757 wdev->p2p_started = false; 7758 7759 mutex_lock(&rdev->devlist_mtx); 7760 rdev->opencount--; 7761 mutex_unlock(&rdev->devlist_mtx); 7762 7763 if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) { 7764 rdev->scan_req->aborted = true; 7765 ___cfg80211_scan_done(rdev, true); 7766 } 7767 7768 return 0; 7769 } 7770 7771 #define NL80211_FLAG_NEED_WIPHY 0x01 7772 #define NL80211_FLAG_NEED_NETDEV 0x02 7773 #define NL80211_FLAG_NEED_RTNL 0x04 7774 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 7775 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 7776 NL80211_FLAG_CHECK_NETDEV_UP) 7777 #define NL80211_FLAG_NEED_WDEV 0x10 7778 /* If a netdev is associated, it must be UP, P2P must be started */ 7779 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 7780 NL80211_FLAG_CHECK_NETDEV_UP) 7781 7782 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 7783 struct genl_info *info) 7784 { 7785 struct cfg80211_registered_device *rdev; 7786 struct wireless_dev *wdev; 7787 struct net_device *dev; 7788 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 7789 7790 if (rtnl) 7791 rtnl_lock(); 7792 7793 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 7794 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 7795 if (IS_ERR(rdev)) { 7796 if (rtnl) 7797 rtnl_unlock(); 7798 return PTR_ERR(rdev); 7799 } 7800 info->user_ptr[0] = rdev; 7801 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV || 7802 ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 7803 mutex_lock(&cfg80211_mutex); 7804 wdev = __cfg80211_wdev_from_attrs(genl_info_net(info), 7805 info->attrs); 7806 if (IS_ERR(wdev)) { 7807 mutex_unlock(&cfg80211_mutex); 7808 if (rtnl) 7809 rtnl_unlock(); 7810 return PTR_ERR(wdev); 7811 } 7812 7813 dev = wdev->netdev; 7814 rdev = wiphy_to_dev(wdev->wiphy); 7815 7816 if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 7817 if (!dev) { 7818 mutex_unlock(&cfg80211_mutex); 7819 if (rtnl) 7820 rtnl_unlock(); 7821 return -EINVAL; 7822 } 7823 7824 info->user_ptr[1] = dev; 7825 } else { 7826 info->user_ptr[1] = wdev; 7827 } 7828 7829 if (dev) { 7830 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 7831 !netif_running(dev)) { 7832 mutex_unlock(&cfg80211_mutex); 7833 if (rtnl) 7834 rtnl_unlock(); 7835 return -ENETDOWN; 7836 } 7837 7838 dev_hold(dev); 7839 } else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) { 7840 if (!wdev->p2p_started) { 7841 mutex_unlock(&cfg80211_mutex); 7842 if (rtnl) 7843 rtnl_unlock(); 7844 return -ENETDOWN; 7845 } 7846 } 7847 7848 cfg80211_lock_rdev(rdev); 7849 7850 mutex_unlock(&cfg80211_mutex); 7851 7852 info->user_ptr[0] = rdev; 7853 } 7854 7855 return 0; 7856 } 7857 7858 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 7859 struct genl_info *info) 7860 { 7861 if (info->user_ptr[0]) 7862 cfg80211_unlock_rdev(info->user_ptr[0]); 7863 if (info->user_ptr[1]) { 7864 if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) { 7865 struct wireless_dev *wdev = info->user_ptr[1]; 7866 7867 if (wdev->netdev) 7868 dev_put(wdev->netdev); 7869 } else { 7870 dev_put(info->user_ptr[1]); 7871 } 7872 } 7873 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 7874 rtnl_unlock(); 7875 } 7876 7877 static struct genl_ops nl80211_ops[] = { 7878 { 7879 .cmd = NL80211_CMD_GET_WIPHY, 7880 .doit = nl80211_get_wiphy, 7881 .dumpit = nl80211_dump_wiphy, 7882 .policy = nl80211_policy, 7883 /* can be retrieved by unprivileged users */ 7884 .internal_flags = NL80211_FLAG_NEED_WIPHY, 7885 }, 7886 { 7887 .cmd = NL80211_CMD_SET_WIPHY, 7888 .doit = nl80211_set_wiphy, 7889 .policy = nl80211_policy, 7890 .flags = GENL_ADMIN_PERM, 7891 .internal_flags = NL80211_FLAG_NEED_RTNL, 7892 }, 7893 { 7894 .cmd = NL80211_CMD_GET_INTERFACE, 7895 .doit = nl80211_get_interface, 7896 .dumpit = nl80211_dump_interface, 7897 .policy = nl80211_policy, 7898 /* can be retrieved by unprivileged users */ 7899 .internal_flags = NL80211_FLAG_NEED_WDEV, 7900 }, 7901 { 7902 .cmd = NL80211_CMD_SET_INTERFACE, 7903 .doit = nl80211_set_interface, 7904 .policy = nl80211_policy, 7905 .flags = GENL_ADMIN_PERM, 7906 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7907 NL80211_FLAG_NEED_RTNL, 7908 }, 7909 { 7910 .cmd = NL80211_CMD_NEW_INTERFACE, 7911 .doit = nl80211_new_interface, 7912 .policy = nl80211_policy, 7913 .flags = GENL_ADMIN_PERM, 7914 .internal_flags = NL80211_FLAG_NEED_WIPHY | 7915 NL80211_FLAG_NEED_RTNL, 7916 }, 7917 { 7918 .cmd = NL80211_CMD_DEL_INTERFACE, 7919 .doit = nl80211_del_interface, 7920 .policy = nl80211_policy, 7921 .flags = GENL_ADMIN_PERM, 7922 .internal_flags = NL80211_FLAG_NEED_WDEV | 7923 NL80211_FLAG_NEED_RTNL, 7924 }, 7925 { 7926 .cmd = NL80211_CMD_GET_KEY, 7927 .doit = nl80211_get_key, 7928 .policy = nl80211_policy, 7929 .flags = GENL_ADMIN_PERM, 7930 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7931 NL80211_FLAG_NEED_RTNL, 7932 }, 7933 { 7934 .cmd = NL80211_CMD_SET_KEY, 7935 .doit = nl80211_set_key, 7936 .policy = nl80211_policy, 7937 .flags = GENL_ADMIN_PERM, 7938 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7939 NL80211_FLAG_NEED_RTNL, 7940 }, 7941 { 7942 .cmd = NL80211_CMD_NEW_KEY, 7943 .doit = nl80211_new_key, 7944 .policy = nl80211_policy, 7945 .flags = GENL_ADMIN_PERM, 7946 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7947 NL80211_FLAG_NEED_RTNL, 7948 }, 7949 { 7950 .cmd = NL80211_CMD_DEL_KEY, 7951 .doit = nl80211_del_key, 7952 .policy = nl80211_policy, 7953 .flags = GENL_ADMIN_PERM, 7954 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7955 NL80211_FLAG_NEED_RTNL, 7956 }, 7957 { 7958 .cmd = NL80211_CMD_SET_BEACON, 7959 .policy = nl80211_policy, 7960 .flags = GENL_ADMIN_PERM, 7961 .doit = nl80211_set_beacon, 7962 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7963 NL80211_FLAG_NEED_RTNL, 7964 }, 7965 { 7966 .cmd = NL80211_CMD_START_AP, 7967 .policy = nl80211_policy, 7968 .flags = GENL_ADMIN_PERM, 7969 .doit = nl80211_start_ap, 7970 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7971 NL80211_FLAG_NEED_RTNL, 7972 }, 7973 { 7974 .cmd = NL80211_CMD_STOP_AP, 7975 .policy = nl80211_policy, 7976 .flags = GENL_ADMIN_PERM, 7977 .doit = nl80211_stop_ap, 7978 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7979 NL80211_FLAG_NEED_RTNL, 7980 }, 7981 { 7982 .cmd = NL80211_CMD_GET_STATION, 7983 .doit = nl80211_get_station, 7984 .dumpit = nl80211_dump_station, 7985 .policy = nl80211_policy, 7986 .internal_flags = NL80211_FLAG_NEED_NETDEV | 7987 NL80211_FLAG_NEED_RTNL, 7988 }, 7989 { 7990 .cmd = NL80211_CMD_SET_STATION, 7991 .doit = nl80211_set_station, 7992 .policy = nl80211_policy, 7993 .flags = GENL_ADMIN_PERM, 7994 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 7995 NL80211_FLAG_NEED_RTNL, 7996 }, 7997 { 7998 .cmd = NL80211_CMD_NEW_STATION, 7999 .doit = nl80211_new_station, 8000 .policy = nl80211_policy, 8001 .flags = GENL_ADMIN_PERM, 8002 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8003 NL80211_FLAG_NEED_RTNL, 8004 }, 8005 { 8006 .cmd = NL80211_CMD_DEL_STATION, 8007 .doit = nl80211_del_station, 8008 .policy = nl80211_policy, 8009 .flags = GENL_ADMIN_PERM, 8010 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8011 NL80211_FLAG_NEED_RTNL, 8012 }, 8013 { 8014 .cmd = NL80211_CMD_GET_MPATH, 8015 .doit = nl80211_get_mpath, 8016 .dumpit = nl80211_dump_mpath, 8017 .policy = nl80211_policy, 8018 .flags = GENL_ADMIN_PERM, 8019 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8020 NL80211_FLAG_NEED_RTNL, 8021 }, 8022 { 8023 .cmd = NL80211_CMD_SET_MPATH, 8024 .doit = nl80211_set_mpath, 8025 .policy = nl80211_policy, 8026 .flags = GENL_ADMIN_PERM, 8027 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8028 NL80211_FLAG_NEED_RTNL, 8029 }, 8030 { 8031 .cmd = NL80211_CMD_NEW_MPATH, 8032 .doit = nl80211_new_mpath, 8033 .policy = nl80211_policy, 8034 .flags = GENL_ADMIN_PERM, 8035 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8036 NL80211_FLAG_NEED_RTNL, 8037 }, 8038 { 8039 .cmd = NL80211_CMD_DEL_MPATH, 8040 .doit = nl80211_del_mpath, 8041 .policy = nl80211_policy, 8042 .flags = GENL_ADMIN_PERM, 8043 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8044 NL80211_FLAG_NEED_RTNL, 8045 }, 8046 { 8047 .cmd = NL80211_CMD_SET_BSS, 8048 .doit = nl80211_set_bss, 8049 .policy = nl80211_policy, 8050 .flags = GENL_ADMIN_PERM, 8051 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8052 NL80211_FLAG_NEED_RTNL, 8053 }, 8054 { 8055 .cmd = NL80211_CMD_GET_REG, 8056 .doit = nl80211_get_reg, 8057 .policy = nl80211_policy, 8058 /* can be retrieved by unprivileged users */ 8059 }, 8060 { 8061 .cmd = NL80211_CMD_SET_REG, 8062 .doit = nl80211_set_reg, 8063 .policy = nl80211_policy, 8064 .flags = GENL_ADMIN_PERM, 8065 }, 8066 { 8067 .cmd = NL80211_CMD_REQ_SET_REG, 8068 .doit = nl80211_req_set_reg, 8069 .policy = nl80211_policy, 8070 .flags = GENL_ADMIN_PERM, 8071 }, 8072 { 8073 .cmd = NL80211_CMD_GET_MESH_CONFIG, 8074 .doit = nl80211_get_mesh_config, 8075 .policy = nl80211_policy, 8076 /* can be retrieved by unprivileged users */ 8077 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8078 NL80211_FLAG_NEED_RTNL, 8079 }, 8080 { 8081 .cmd = NL80211_CMD_SET_MESH_CONFIG, 8082 .doit = nl80211_update_mesh_config, 8083 .policy = nl80211_policy, 8084 .flags = GENL_ADMIN_PERM, 8085 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8086 NL80211_FLAG_NEED_RTNL, 8087 }, 8088 { 8089 .cmd = NL80211_CMD_TRIGGER_SCAN, 8090 .doit = nl80211_trigger_scan, 8091 .policy = nl80211_policy, 8092 .flags = GENL_ADMIN_PERM, 8093 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8094 NL80211_FLAG_NEED_RTNL, 8095 }, 8096 { 8097 .cmd = NL80211_CMD_GET_SCAN, 8098 .policy = nl80211_policy, 8099 .dumpit = nl80211_dump_scan, 8100 }, 8101 { 8102 .cmd = NL80211_CMD_START_SCHED_SCAN, 8103 .doit = nl80211_start_sched_scan, 8104 .policy = nl80211_policy, 8105 .flags = GENL_ADMIN_PERM, 8106 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8107 NL80211_FLAG_NEED_RTNL, 8108 }, 8109 { 8110 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 8111 .doit = nl80211_stop_sched_scan, 8112 .policy = nl80211_policy, 8113 .flags = GENL_ADMIN_PERM, 8114 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8115 NL80211_FLAG_NEED_RTNL, 8116 }, 8117 { 8118 .cmd = NL80211_CMD_AUTHENTICATE, 8119 .doit = nl80211_authenticate, 8120 .policy = nl80211_policy, 8121 .flags = GENL_ADMIN_PERM, 8122 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8123 NL80211_FLAG_NEED_RTNL, 8124 }, 8125 { 8126 .cmd = NL80211_CMD_ASSOCIATE, 8127 .doit = nl80211_associate, 8128 .policy = nl80211_policy, 8129 .flags = GENL_ADMIN_PERM, 8130 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8131 NL80211_FLAG_NEED_RTNL, 8132 }, 8133 { 8134 .cmd = NL80211_CMD_DEAUTHENTICATE, 8135 .doit = nl80211_deauthenticate, 8136 .policy = nl80211_policy, 8137 .flags = GENL_ADMIN_PERM, 8138 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8139 NL80211_FLAG_NEED_RTNL, 8140 }, 8141 { 8142 .cmd = NL80211_CMD_DISASSOCIATE, 8143 .doit = nl80211_disassociate, 8144 .policy = nl80211_policy, 8145 .flags = GENL_ADMIN_PERM, 8146 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8147 NL80211_FLAG_NEED_RTNL, 8148 }, 8149 { 8150 .cmd = NL80211_CMD_JOIN_IBSS, 8151 .doit = nl80211_join_ibss, 8152 .policy = nl80211_policy, 8153 .flags = GENL_ADMIN_PERM, 8154 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8155 NL80211_FLAG_NEED_RTNL, 8156 }, 8157 { 8158 .cmd = NL80211_CMD_LEAVE_IBSS, 8159 .doit = nl80211_leave_ibss, 8160 .policy = nl80211_policy, 8161 .flags = GENL_ADMIN_PERM, 8162 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8163 NL80211_FLAG_NEED_RTNL, 8164 }, 8165 #ifdef CONFIG_NL80211_TESTMODE 8166 { 8167 .cmd = NL80211_CMD_TESTMODE, 8168 .doit = nl80211_testmode_do, 8169 .dumpit = nl80211_testmode_dump, 8170 .policy = nl80211_policy, 8171 .flags = GENL_ADMIN_PERM, 8172 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8173 NL80211_FLAG_NEED_RTNL, 8174 }, 8175 #endif 8176 { 8177 .cmd = NL80211_CMD_CONNECT, 8178 .doit = nl80211_connect, 8179 .policy = nl80211_policy, 8180 .flags = GENL_ADMIN_PERM, 8181 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8182 NL80211_FLAG_NEED_RTNL, 8183 }, 8184 { 8185 .cmd = NL80211_CMD_DISCONNECT, 8186 .doit = nl80211_disconnect, 8187 .policy = nl80211_policy, 8188 .flags = GENL_ADMIN_PERM, 8189 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8190 NL80211_FLAG_NEED_RTNL, 8191 }, 8192 { 8193 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 8194 .doit = nl80211_wiphy_netns, 8195 .policy = nl80211_policy, 8196 .flags = GENL_ADMIN_PERM, 8197 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8198 NL80211_FLAG_NEED_RTNL, 8199 }, 8200 { 8201 .cmd = NL80211_CMD_GET_SURVEY, 8202 .policy = nl80211_policy, 8203 .dumpit = nl80211_dump_survey, 8204 }, 8205 { 8206 .cmd = NL80211_CMD_SET_PMKSA, 8207 .doit = nl80211_setdel_pmksa, 8208 .policy = nl80211_policy, 8209 .flags = GENL_ADMIN_PERM, 8210 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8211 NL80211_FLAG_NEED_RTNL, 8212 }, 8213 { 8214 .cmd = NL80211_CMD_DEL_PMKSA, 8215 .doit = nl80211_setdel_pmksa, 8216 .policy = nl80211_policy, 8217 .flags = GENL_ADMIN_PERM, 8218 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8219 NL80211_FLAG_NEED_RTNL, 8220 }, 8221 { 8222 .cmd = NL80211_CMD_FLUSH_PMKSA, 8223 .doit = nl80211_flush_pmksa, 8224 .policy = nl80211_policy, 8225 .flags = GENL_ADMIN_PERM, 8226 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8227 NL80211_FLAG_NEED_RTNL, 8228 }, 8229 { 8230 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 8231 .doit = nl80211_remain_on_channel, 8232 .policy = nl80211_policy, 8233 .flags = GENL_ADMIN_PERM, 8234 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8235 NL80211_FLAG_NEED_RTNL, 8236 }, 8237 { 8238 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 8239 .doit = nl80211_cancel_remain_on_channel, 8240 .policy = nl80211_policy, 8241 .flags = GENL_ADMIN_PERM, 8242 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8243 NL80211_FLAG_NEED_RTNL, 8244 }, 8245 { 8246 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 8247 .doit = nl80211_set_tx_bitrate_mask, 8248 .policy = nl80211_policy, 8249 .flags = GENL_ADMIN_PERM, 8250 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8251 NL80211_FLAG_NEED_RTNL, 8252 }, 8253 { 8254 .cmd = NL80211_CMD_REGISTER_FRAME, 8255 .doit = nl80211_register_mgmt, 8256 .policy = nl80211_policy, 8257 .flags = GENL_ADMIN_PERM, 8258 .internal_flags = NL80211_FLAG_NEED_WDEV | 8259 NL80211_FLAG_NEED_RTNL, 8260 }, 8261 { 8262 .cmd = NL80211_CMD_FRAME, 8263 .doit = nl80211_tx_mgmt, 8264 .policy = nl80211_policy, 8265 .flags = GENL_ADMIN_PERM, 8266 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8267 NL80211_FLAG_NEED_RTNL, 8268 }, 8269 { 8270 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 8271 .doit = nl80211_tx_mgmt_cancel_wait, 8272 .policy = nl80211_policy, 8273 .flags = GENL_ADMIN_PERM, 8274 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8275 NL80211_FLAG_NEED_RTNL, 8276 }, 8277 { 8278 .cmd = NL80211_CMD_SET_POWER_SAVE, 8279 .doit = nl80211_set_power_save, 8280 .policy = nl80211_policy, 8281 .flags = GENL_ADMIN_PERM, 8282 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8283 NL80211_FLAG_NEED_RTNL, 8284 }, 8285 { 8286 .cmd = NL80211_CMD_GET_POWER_SAVE, 8287 .doit = nl80211_get_power_save, 8288 .policy = nl80211_policy, 8289 /* can be retrieved by unprivileged users */ 8290 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8291 NL80211_FLAG_NEED_RTNL, 8292 }, 8293 { 8294 .cmd = NL80211_CMD_SET_CQM, 8295 .doit = nl80211_set_cqm, 8296 .policy = nl80211_policy, 8297 .flags = GENL_ADMIN_PERM, 8298 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8299 NL80211_FLAG_NEED_RTNL, 8300 }, 8301 { 8302 .cmd = NL80211_CMD_SET_CHANNEL, 8303 .doit = nl80211_set_channel, 8304 .policy = nl80211_policy, 8305 .flags = GENL_ADMIN_PERM, 8306 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8307 NL80211_FLAG_NEED_RTNL, 8308 }, 8309 { 8310 .cmd = NL80211_CMD_SET_WDS_PEER, 8311 .doit = nl80211_set_wds_peer, 8312 .policy = nl80211_policy, 8313 .flags = GENL_ADMIN_PERM, 8314 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8315 NL80211_FLAG_NEED_RTNL, 8316 }, 8317 { 8318 .cmd = NL80211_CMD_JOIN_MESH, 8319 .doit = nl80211_join_mesh, 8320 .policy = nl80211_policy, 8321 .flags = GENL_ADMIN_PERM, 8322 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8323 NL80211_FLAG_NEED_RTNL, 8324 }, 8325 { 8326 .cmd = NL80211_CMD_LEAVE_MESH, 8327 .doit = nl80211_leave_mesh, 8328 .policy = nl80211_policy, 8329 .flags = GENL_ADMIN_PERM, 8330 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8331 NL80211_FLAG_NEED_RTNL, 8332 }, 8333 #ifdef CONFIG_PM 8334 { 8335 .cmd = NL80211_CMD_GET_WOWLAN, 8336 .doit = nl80211_get_wowlan, 8337 .policy = nl80211_policy, 8338 /* can be retrieved by unprivileged users */ 8339 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8340 NL80211_FLAG_NEED_RTNL, 8341 }, 8342 { 8343 .cmd = NL80211_CMD_SET_WOWLAN, 8344 .doit = nl80211_set_wowlan, 8345 .policy = nl80211_policy, 8346 .flags = GENL_ADMIN_PERM, 8347 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8348 NL80211_FLAG_NEED_RTNL, 8349 }, 8350 #endif 8351 { 8352 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 8353 .doit = nl80211_set_rekey_data, 8354 .policy = nl80211_policy, 8355 .flags = GENL_ADMIN_PERM, 8356 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8357 NL80211_FLAG_NEED_RTNL, 8358 }, 8359 { 8360 .cmd = NL80211_CMD_TDLS_MGMT, 8361 .doit = nl80211_tdls_mgmt, 8362 .policy = nl80211_policy, 8363 .flags = GENL_ADMIN_PERM, 8364 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8365 NL80211_FLAG_NEED_RTNL, 8366 }, 8367 { 8368 .cmd = NL80211_CMD_TDLS_OPER, 8369 .doit = nl80211_tdls_oper, 8370 .policy = nl80211_policy, 8371 .flags = GENL_ADMIN_PERM, 8372 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8373 NL80211_FLAG_NEED_RTNL, 8374 }, 8375 { 8376 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 8377 .doit = nl80211_register_unexpected_frame, 8378 .policy = nl80211_policy, 8379 .flags = GENL_ADMIN_PERM, 8380 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8381 NL80211_FLAG_NEED_RTNL, 8382 }, 8383 { 8384 .cmd = NL80211_CMD_PROBE_CLIENT, 8385 .doit = nl80211_probe_client, 8386 .policy = nl80211_policy, 8387 .flags = GENL_ADMIN_PERM, 8388 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8389 NL80211_FLAG_NEED_RTNL, 8390 }, 8391 { 8392 .cmd = NL80211_CMD_REGISTER_BEACONS, 8393 .doit = nl80211_register_beacons, 8394 .policy = nl80211_policy, 8395 .flags = GENL_ADMIN_PERM, 8396 .internal_flags = NL80211_FLAG_NEED_WIPHY | 8397 NL80211_FLAG_NEED_RTNL, 8398 }, 8399 { 8400 .cmd = NL80211_CMD_SET_NOACK_MAP, 8401 .doit = nl80211_set_noack_map, 8402 .policy = nl80211_policy, 8403 .flags = GENL_ADMIN_PERM, 8404 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8405 NL80211_FLAG_NEED_RTNL, 8406 }, 8407 { 8408 .cmd = NL80211_CMD_START_P2P_DEVICE, 8409 .doit = nl80211_start_p2p_device, 8410 .policy = nl80211_policy, 8411 .flags = GENL_ADMIN_PERM, 8412 .internal_flags = NL80211_FLAG_NEED_WDEV | 8413 NL80211_FLAG_NEED_RTNL, 8414 }, 8415 { 8416 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 8417 .doit = nl80211_stop_p2p_device, 8418 .policy = nl80211_policy, 8419 .flags = GENL_ADMIN_PERM, 8420 .internal_flags = NL80211_FLAG_NEED_WDEV_UP | 8421 NL80211_FLAG_NEED_RTNL, 8422 }, 8423 { 8424 .cmd = NL80211_CMD_SET_MCAST_RATE, 8425 .doit = nl80211_set_mcast_rate, 8426 .policy = nl80211_policy, 8427 .flags = GENL_ADMIN_PERM, 8428 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8429 NL80211_FLAG_NEED_RTNL, 8430 }, 8431 { 8432 .cmd = NL80211_CMD_SET_MAC_ACL, 8433 .doit = nl80211_set_mac_acl, 8434 .policy = nl80211_policy, 8435 .flags = GENL_ADMIN_PERM, 8436 .internal_flags = NL80211_FLAG_NEED_NETDEV | 8437 NL80211_FLAG_NEED_RTNL, 8438 }, 8439 { 8440 .cmd = NL80211_CMD_RADAR_DETECT, 8441 .doit = nl80211_start_radar_detection, 8442 .policy = nl80211_policy, 8443 .flags = GENL_ADMIN_PERM, 8444 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8445 NL80211_FLAG_NEED_RTNL, 8446 }, 8447 }; 8448 8449 static struct genl_multicast_group nl80211_mlme_mcgrp = { 8450 .name = "mlme", 8451 }; 8452 8453 /* multicast groups */ 8454 static struct genl_multicast_group nl80211_config_mcgrp = { 8455 .name = "config", 8456 }; 8457 static struct genl_multicast_group nl80211_scan_mcgrp = { 8458 .name = "scan", 8459 }; 8460 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 8461 .name = "regulatory", 8462 }; 8463 8464 /* notification functions */ 8465 8466 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 8467 { 8468 struct sk_buff *msg; 8469 8470 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8471 if (!msg) 8472 return; 8473 8474 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 8475 nlmsg_free(msg); 8476 return; 8477 } 8478 8479 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8480 nl80211_config_mcgrp.id, GFP_KERNEL); 8481 } 8482 8483 static int nl80211_add_scan_req(struct sk_buff *msg, 8484 struct cfg80211_registered_device *rdev) 8485 { 8486 struct cfg80211_scan_request *req = rdev->scan_req; 8487 struct nlattr *nest; 8488 int i; 8489 8490 ASSERT_RDEV_LOCK(rdev); 8491 8492 if (WARN_ON(!req)) 8493 return 0; 8494 8495 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 8496 if (!nest) 8497 goto nla_put_failure; 8498 for (i = 0; i < req->n_ssids; i++) { 8499 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 8500 goto nla_put_failure; 8501 } 8502 nla_nest_end(msg, nest); 8503 8504 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 8505 if (!nest) 8506 goto nla_put_failure; 8507 for (i = 0; i < req->n_channels; i++) { 8508 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 8509 goto nla_put_failure; 8510 } 8511 nla_nest_end(msg, nest); 8512 8513 if (req->ie && 8514 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 8515 goto nla_put_failure; 8516 8517 if (req->flags) 8518 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags); 8519 8520 return 0; 8521 nla_put_failure: 8522 return -ENOBUFS; 8523 } 8524 8525 static int nl80211_send_scan_msg(struct sk_buff *msg, 8526 struct cfg80211_registered_device *rdev, 8527 struct wireless_dev *wdev, 8528 u32 portid, u32 seq, int flags, 8529 u32 cmd) 8530 { 8531 void *hdr; 8532 8533 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 8534 if (!hdr) 8535 return -1; 8536 8537 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8538 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 8539 wdev->netdev->ifindex)) || 8540 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 8541 goto nla_put_failure; 8542 8543 /* ignore errors and send incomplete event anyway */ 8544 nl80211_add_scan_req(msg, rdev); 8545 8546 return genlmsg_end(msg, hdr); 8547 8548 nla_put_failure: 8549 genlmsg_cancel(msg, hdr); 8550 return -EMSGSIZE; 8551 } 8552 8553 static int 8554 nl80211_send_sched_scan_msg(struct sk_buff *msg, 8555 struct cfg80211_registered_device *rdev, 8556 struct net_device *netdev, 8557 u32 portid, u32 seq, int flags, u32 cmd) 8558 { 8559 void *hdr; 8560 8561 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 8562 if (!hdr) 8563 return -1; 8564 8565 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8566 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8567 goto nla_put_failure; 8568 8569 return genlmsg_end(msg, hdr); 8570 8571 nla_put_failure: 8572 genlmsg_cancel(msg, hdr); 8573 return -EMSGSIZE; 8574 } 8575 8576 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 8577 struct wireless_dev *wdev) 8578 { 8579 struct sk_buff *msg; 8580 8581 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8582 if (!msg) 8583 return; 8584 8585 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 8586 NL80211_CMD_TRIGGER_SCAN) < 0) { 8587 nlmsg_free(msg); 8588 return; 8589 } 8590 8591 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8592 nl80211_scan_mcgrp.id, GFP_KERNEL); 8593 } 8594 8595 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 8596 struct wireless_dev *wdev) 8597 { 8598 struct sk_buff *msg; 8599 8600 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8601 if (!msg) 8602 return; 8603 8604 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 8605 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 8606 nlmsg_free(msg); 8607 return; 8608 } 8609 8610 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8611 nl80211_scan_mcgrp.id, GFP_KERNEL); 8612 } 8613 8614 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 8615 struct wireless_dev *wdev) 8616 { 8617 struct sk_buff *msg; 8618 8619 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8620 if (!msg) 8621 return; 8622 8623 if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0, 8624 NL80211_CMD_SCAN_ABORTED) < 0) { 8625 nlmsg_free(msg); 8626 return; 8627 } 8628 8629 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8630 nl80211_scan_mcgrp.id, GFP_KERNEL); 8631 } 8632 8633 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 8634 struct net_device *netdev) 8635 { 8636 struct sk_buff *msg; 8637 8638 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8639 if (!msg) 8640 return; 8641 8642 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 8643 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 8644 nlmsg_free(msg); 8645 return; 8646 } 8647 8648 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8649 nl80211_scan_mcgrp.id, GFP_KERNEL); 8650 } 8651 8652 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 8653 struct net_device *netdev, u32 cmd) 8654 { 8655 struct sk_buff *msg; 8656 8657 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8658 if (!msg) 8659 return; 8660 8661 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 8662 nlmsg_free(msg); 8663 return; 8664 } 8665 8666 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8667 nl80211_scan_mcgrp.id, GFP_KERNEL); 8668 } 8669 8670 /* 8671 * This can happen on global regulatory changes or device specific settings 8672 * based on custom world regulatory domains. 8673 */ 8674 void nl80211_send_reg_change_event(struct regulatory_request *request) 8675 { 8676 struct sk_buff *msg; 8677 void *hdr; 8678 8679 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8680 if (!msg) 8681 return; 8682 8683 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 8684 if (!hdr) { 8685 nlmsg_free(msg); 8686 return; 8687 } 8688 8689 /* Userspace can always count this one always being set */ 8690 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 8691 goto nla_put_failure; 8692 8693 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 8694 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8695 NL80211_REGDOM_TYPE_WORLD)) 8696 goto nla_put_failure; 8697 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 8698 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8699 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 8700 goto nla_put_failure; 8701 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 8702 request->intersect) { 8703 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8704 NL80211_REGDOM_TYPE_INTERSECTION)) 8705 goto nla_put_failure; 8706 } else { 8707 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 8708 NL80211_REGDOM_TYPE_COUNTRY) || 8709 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 8710 request->alpha2)) 8711 goto nla_put_failure; 8712 } 8713 8714 if (request->wiphy_idx != WIPHY_IDX_INVALID && 8715 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 8716 goto nla_put_failure; 8717 8718 genlmsg_end(msg, hdr); 8719 8720 rcu_read_lock(); 8721 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 8722 GFP_ATOMIC); 8723 rcu_read_unlock(); 8724 8725 return; 8726 8727 nla_put_failure: 8728 genlmsg_cancel(msg, hdr); 8729 nlmsg_free(msg); 8730 } 8731 8732 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 8733 struct net_device *netdev, 8734 const u8 *buf, size_t len, 8735 enum nl80211_commands cmd, gfp_t gfp) 8736 { 8737 struct sk_buff *msg; 8738 void *hdr; 8739 8740 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8741 if (!msg) 8742 return; 8743 8744 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8745 if (!hdr) { 8746 nlmsg_free(msg); 8747 return; 8748 } 8749 8750 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8751 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8752 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 8753 goto nla_put_failure; 8754 8755 genlmsg_end(msg, hdr); 8756 8757 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8758 nl80211_mlme_mcgrp.id, gfp); 8759 return; 8760 8761 nla_put_failure: 8762 genlmsg_cancel(msg, hdr); 8763 nlmsg_free(msg); 8764 } 8765 8766 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 8767 struct net_device *netdev, const u8 *buf, 8768 size_t len, gfp_t gfp) 8769 { 8770 nl80211_send_mlme_event(rdev, netdev, buf, len, 8771 NL80211_CMD_AUTHENTICATE, gfp); 8772 } 8773 8774 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 8775 struct net_device *netdev, const u8 *buf, 8776 size_t len, gfp_t gfp) 8777 { 8778 nl80211_send_mlme_event(rdev, netdev, buf, len, 8779 NL80211_CMD_ASSOCIATE, gfp); 8780 } 8781 8782 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 8783 struct net_device *netdev, const u8 *buf, 8784 size_t len, gfp_t gfp) 8785 { 8786 nl80211_send_mlme_event(rdev, netdev, buf, len, 8787 NL80211_CMD_DEAUTHENTICATE, gfp); 8788 } 8789 8790 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 8791 struct net_device *netdev, const u8 *buf, 8792 size_t len, gfp_t gfp) 8793 { 8794 nl80211_send_mlme_event(rdev, netdev, buf, len, 8795 NL80211_CMD_DISASSOCIATE, gfp); 8796 } 8797 8798 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 8799 struct net_device *netdev, const u8 *buf, 8800 size_t len, gfp_t gfp) 8801 { 8802 nl80211_send_mlme_event(rdev, netdev, buf, len, 8803 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 8804 } 8805 8806 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 8807 struct net_device *netdev, const u8 *buf, 8808 size_t len, gfp_t gfp) 8809 { 8810 nl80211_send_mlme_event(rdev, netdev, buf, len, 8811 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 8812 } 8813 8814 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 8815 struct net_device *netdev, int cmd, 8816 const u8 *addr, gfp_t gfp) 8817 { 8818 struct sk_buff *msg; 8819 void *hdr; 8820 8821 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8822 if (!msg) 8823 return; 8824 8825 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 8826 if (!hdr) { 8827 nlmsg_free(msg); 8828 return; 8829 } 8830 8831 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8832 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8833 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 8834 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 8835 goto nla_put_failure; 8836 8837 genlmsg_end(msg, hdr); 8838 8839 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8840 nl80211_mlme_mcgrp.id, gfp); 8841 return; 8842 8843 nla_put_failure: 8844 genlmsg_cancel(msg, hdr); 8845 nlmsg_free(msg); 8846 } 8847 8848 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 8849 struct net_device *netdev, const u8 *addr, 8850 gfp_t gfp) 8851 { 8852 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 8853 addr, gfp); 8854 } 8855 8856 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 8857 struct net_device *netdev, const u8 *addr, 8858 gfp_t gfp) 8859 { 8860 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 8861 addr, gfp); 8862 } 8863 8864 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 8865 struct net_device *netdev, const u8 *bssid, 8866 const u8 *req_ie, size_t req_ie_len, 8867 const u8 *resp_ie, size_t resp_ie_len, 8868 u16 status, gfp_t gfp) 8869 { 8870 struct sk_buff *msg; 8871 void *hdr; 8872 8873 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8874 if (!msg) 8875 return; 8876 8877 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 8878 if (!hdr) { 8879 nlmsg_free(msg); 8880 return; 8881 } 8882 8883 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8884 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8885 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 8886 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 8887 (req_ie && 8888 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 8889 (resp_ie && 8890 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 8891 goto nla_put_failure; 8892 8893 genlmsg_end(msg, hdr); 8894 8895 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8896 nl80211_mlme_mcgrp.id, gfp); 8897 return; 8898 8899 nla_put_failure: 8900 genlmsg_cancel(msg, hdr); 8901 nlmsg_free(msg); 8902 8903 } 8904 8905 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 8906 struct net_device *netdev, const u8 *bssid, 8907 const u8 *req_ie, size_t req_ie_len, 8908 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 8909 { 8910 struct sk_buff *msg; 8911 void *hdr; 8912 8913 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8914 if (!msg) 8915 return; 8916 8917 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 8918 if (!hdr) { 8919 nlmsg_free(msg); 8920 return; 8921 } 8922 8923 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8924 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8925 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 8926 (req_ie && 8927 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 8928 (resp_ie && 8929 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 8930 goto nla_put_failure; 8931 8932 genlmsg_end(msg, hdr); 8933 8934 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8935 nl80211_mlme_mcgrp.id, gfp); 8936 return; 8937 8938 nla_put_failure: 8939 genlmsg_cancel(msg, hdr); 8940 nlmsg_free(msg); 8941 8942 } 8943 8944 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 8945 struct net_device *netdev, u16 reason, 8946 const u8 *ie, size_t ie_len, bool from_ap) 8947 { 8948 struct sk_buff *msg; 8949 void *hdr; 8950 8951 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8952 if (!msg) 8953 return; 8954 8955 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 8956 if (!hdr) { 8957 nlmsg_free(msg); 8958 return; 8959 } 8960 8961 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8962 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8963 (from_ap && reason && 8964 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 8965 (from_ap && 8966 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 8967 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 8968 goto nla_put_failure; 8969 8970 genlmsg_end(msg, hdr); 8971 8972 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8973 nl80211_mlme_mcgrp.id, GFP_KERNEL); 8974 return; 8975 8976 nla_put_failure: 8977 genlmsg_cancel(msg, hdr); 8978 nlmsg_free(msg); 8979 8980 } 8981 8982 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 8983 struct net_device *netdev, const u8 *bssid, 8984 gfp_t gfp) 8985 { 8986 struct sk_buff *msg; 8987 void *hdr; 8988 8989 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 8990 if (!msg) 8991 return; 8992 8993 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 8994 if (!hdr) { 8995 nlmsg_free(msg); 8996 return; 8997 } 8998 8999 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9000 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9001 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 9002 goto nla_put_failure; 9003 9004 genlmsg_end(msg, hdr); 9005 9006 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9007 nl80211_mlme_mcgrp.id, gfp); 9008 return; 9009 9010 nla_put_failure: 9011 genlmsg_cancel(msg, hdr); 9012 nlmsg_free(msg); 9013 } 9014 9015 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 9016 struct net_device *netdev, 9017 const u8 *macaddr, const u8* ie, u8 ie_len, 9018 gfp_t gfp) 9019 { 9020 struct sk_buff *msg; 9021 void *hdr; 9022 9023 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9024 if (!msg) 9025 return; 9026 9027 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 9028 if (!hdr) { 9029 nlmsg_free(msg); 9030 return; 9031 } 9032 9033 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9034 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9035 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) || 9036 (ie_len && ie && 9037 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 9038 goto nla_put_failure; 9039 9040 genlmsg_end(msg, hdr); 9041 9042 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9043 nl80211_mlme_mcgrp.id, gfp); 9044 return; 9045 9046 nla_put_failure: 9047 genlmsg_cancel(msg, hdr); 9048 nlmsg_free(msg); 9049 } 9050 9051 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 9052 struct net_device *netdev, const u8 *addr, 9053 enum nl80211_key_type key_type, int key_id, 9054 const u8 *tsc, gfp_t gfp) 9055 { 9056 struct sk_buff *msg; 9057 void *hdr; 9058 9059 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9060 if (!msg) 9061 return; 9062 9063 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 9064 if (!hdr) { 9065 nlmsg_free(msg); 9066 return; 9067 } 9068 9069 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9070 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9071 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 9072 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 9073 (key_id != -1 && 9074 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 9075 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 9076 goto nla_put_failure; 9077 9078 genlmsg_end(msg, hdr); 9079 9080 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9081 nl80211_mlme_mcgrp.id, gfp); 9082 return; 9083 9084 nla_put_failure: 9085 genlmsg_cancel(msg, hdr); 9086 nlmsg_free(msg); 9087 } 9088 9089 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 9090 struct ieee80211_channel *channel_before, 9091 struct ieee80211_channel *channel_after) 9092 { 9093 struct sk_buff *msg; 9094 void *hdr; 9095 struct nlattr *nl_freq; 9096 9097 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 9098 if (!msg) 9099 return; 9100 9101 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 9102 if (!hdr) { 9103 nlmsg_free(msg); 9104 return; 9105 } 9106 9107 /* 9108 * Since we are applying the beacon hint to a wiphy we know its 9109 * wiphy_idx is valid 9110 */ 9111 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 9112 goto nla_put_failure; 9113 9114 /* Before */ 9115 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 9116 if (!nl_freq) 9117 goto nla_put_failure; 9118 if (nl80211_msg_put_channel(msg, channel_before)) 9119 goto nla_put_failure; 9120 nla_nest_end(msg, nl_freq); 9121 9122 /* After */ 9123 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 9124 if (!nl_freq) 9125 goto nla_put_failure; 9126 if (nl80211_msg_put_channel(msg, channel_after)) 9127 goto nla_put_failure; 9128 nla_nest_end(msg, nl_freq); 9129 9130 genlmsg_end(msg, hdr); 9131 9132 rcu_read_lock(); 9133 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 9134 GFP_ATOMIC); 9135 rcu_read_unlock(); 9136 9137 return; 9138 9139 nla_put_failure: 9140 genlmsg_cancel(msg, hdr); 9141 nlmsg_free(msg); 9142 } 9143 9144 static void nl80211_send_remain_on_chan_event( 9145 int cmd, struct cfg80211_registered_device *rdev, 9146 struct wireless_dev *wdev, u64 cookie, 9147 struct ieee80211_channel *chan, 9148 unsigned int duration, gfp_t gfp) 9149 { 9150 struct sk_buff *msg; 9151 void *hdr; 9152 9153 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9154 if (!msg) 9155 return; 9156 9157 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9158 if (!hdr) { 9159 nlmsg_free(msg); 9160 return; 9161 } 9162 9163 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9164 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9165 wdev->netdev->ifindex)) || 9166 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) || 9167 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 9168 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 9169 NL80211_CHAN_NO_HT) || 9170 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 9171 goto nla_put_failure; 9172 9173 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 9174 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 9175 goto nla_put_failure; 9176 9177 genlmsg_end(msg, hdr); 9178 9179 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9180 nl80211_mlme_mcgrp.id, gfp); 9181 return; 9182 9183 nla_put_failure: 9184 genlmsg_cancel(msg, hdr); 9185 nlmsg_free(msg); 9186 } 9187 9188 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 9189 struct wireless_dev *wdev, u64 cookie, 9190 struct ieee80211_channel *chan, 9191 unsigned int duration, gfp_t gfp) 9192 { 9193 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 9194 rdev, wdev, cookie, chan, 9195 duration, gfp); 9196 } 9197 9198 void nl80211_send_remain_on_channel_cancel( 9199 struct cfg80211_registered_device *rdev, 9200 struct wireless_dev *wdev, 9201 u64 cookie, struct ieee80211_channel *chan, gfp_t gfp) 9202 { 9203 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 9204 rdev, wdev, cookie, chan, 0, gfp); 9205 } 9206 9207 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 9208 struct net_device *dev, const u8 *mac_addr, 9209 struct station_info *sinfo, gfp_t gfp) 9210 { 9211 struct sk_buff *msg; 9212 9213 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9214 if (!msg) 9215 return; 9216 9217 if (nl80211_send_station(msg, 0, 0, 0, 9218 rdev, dev, mac_addr, sinfo) < 0) { 9219 nlmsg_free(msg); 9220 return; 9221 } 9222 9223 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9224 nl80211_mlme_mcgrp.id, gfp); 9225 } 9226 9227 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 9228 struct net_device *dev, const u8 *mac_addr, 9229 gfp_t gfp) 9230 { 9231 struct sk_buff *msg; 9232 void *hdr; 9233 9234 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9235 if (!msg) 9236 return; 9237 9238 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 9239 if (!hdr) { 9240 nlmsg_free(msg); 9241 return; 9242 } 9243 9244 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9245 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 9246 goto nla_put_failure; 9247 9248 genlmsg_end(msg, hdr); 9249 9250 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9251 nl80211_mlme_mcgrp.id, gfp); 9252 return; 9253 9254 nla_put_failure: 9255 genlmsg_cancel(msg, hdr); 9256 nlmsg_free(msg); 9257 } 9258 9259 void nl80211_send_conn_failed_event(struct cfg80211_registered_device *rdev, 9260 struct net_device *dev, const u8 *mac_addr, 9261 enum nl80211_connect_failed_reason reason, 9262 gfp_t gfp) 9263 { 9264 struct sk_buff *msg; 9265 void *hdr; 9266 9267 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 9268 if (!msg) 9269 return; 9270 9271 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 9272 if (!hdr) { 9273 nlmsg_free(msg); 9274 return; 9275 } 9276 9277 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9278 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 9279 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 9280 goto nla_put_failure; 9281 9282 genlmsg_end(msg, hdr); 9283 9284 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9285 nl80211_mlme_mcgrp.id, gfp); 9286 return; 9287 9288 nla_put_failure: 9289 genlmsg_cancel(msg, hdr); 9290 nlmsg_free(msg); 9291 } 9292 9293 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 9294 const u8 *addr, gfp_t gfp) 9295 { 9296 struct wireless_dev *wdev = dev->ieee80211_ptr; 9297 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9298 struct sk_buff *msg; 9299 void *hdr; 9300 int err; 9301 u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid); 9302 9303 if (!nlportid) 9304 return false; 9305 9306 msg = nlmsg_new(100, gfp); 9307 if (!msg) 9308 return true; 9309 9310 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 9311 if (!hdr) { 9312 nlmsg_free(msg); 9313 return true; 9314 } 9315 9316 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9317 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9318 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 9319 goto nla_put_failure; 9320 9321 err = genlmsg_end(msg, hdr); 9322 if (err < 0) { 9323 nlmsg_free(msg); 9324 return true; 9325 } 9326 9327 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 9328 return true; 9329 9330 nla_put_failure: 9331 genlmsg_cancel(msg, hdr); 9332 nlmsg_free(msg); 9333 return true; 9334 } 9335 9336 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 9337 { 9338 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 9339 addr, gfp); 9340 } 9341 9342 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 9343 const u8 *addr, gfp_t gfp) 9344 { 9345 return __nl80211_unexpected_frame(dev, 9346 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 9347 addr, gfp); 9348 } 9349 9350 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 9351 struct wireless_dev *wdev, u32 nlportid, 9352 int freq, int sig_dbm, 9353 const u8 *buf, size_t len, gfp_t gfp) 9354 { 9355 struct net_device *netdev = wdev->netdev; 9356 struct sk_buff *msg; 9357 void *hdr; 9358 9359 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9360 if (!msg) 9361 return -ENOMEM; 9362 9363 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 9364 if (!hdr) { 9365 nlmsg_free(msg); 9366 return -ENOMEM; 9367 } 9368 9369 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9370 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9371 netdev->ifindex)) || 9372 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 9373 (sig_dbm && 9374 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 9375 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 9376 goto nla_put_failure; 9377 9378 genlmsg_end(msg, hdr); 9379 9380 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 9381 9382 nla_put_failure: 9383 genlmsg_cancel(msg, hdr); 9384 nlmsg_free(msg); 9385 return -ENOBUFS; 9386 } 9387 9388 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 9389 struct wireless_dev *wdev, u64 cookie, 9390 const u8 *buf, size_t len, bool ack, 9391 gfp_t gfp) 9392 { 9393 struct net_device *netdev = wdev->netdev; 9394 struct sk_buff *msg; 9395 void *hdr; 9396 9397 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9398 if (!msg) 9399 return; 9400 9401 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 9402 if (!hdr) { 9403 nlmsg_free(msg); 9404 return; 9405 } 9406 9407 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9408 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9409 netdev->ifindex)) || 9410 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 9411 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 9412 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 9413 goto nla_put_failure; 9414 9415 genlmsg_end(msg, hdr); 9416 9417 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 9418 return; 9419 9420 nla_put_failure: 9421 genlmsg_cancel(msg, hdr); 9422 nlmsg_free(msg); 9423 } 9424 9425 void 9426 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 9427 struct net_device *netdev, 9428 enum nl80211_cqm_rssi_threshold_event rssi_event, 9429 gfp_t gfp) 9430 { 9431 struct sk_buff *msg; 9432 struct nlattr *pinfoattr; 9433 void *hdr; 9434 9435 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9436 if (!msg) 9437 return; 9438 9439 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 9440 if (!hdr) { 9441 nlmsg_free(msg); 9442 return; 9443 } 9444 9445 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9446 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 9447 goto nla_put_failure; 9448 9449 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 9450 if (!pinfoattr) 9451 goto nla_put_failure; 9452 9453 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 9454 rssi_event)) 9455 goto nla_put_failure; 9456 9457 nla_nest_end(msg, pinfoattr); 9458 9459 genlmsg_end(msg, hdr); 9460 9461 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9462 nl80211_mlme_mcgrp.id, gfp); 9463 return; 9464 9465 nla_put_failure: 9466 genlmsg_cancel(msg, hdr); 9467 nlmsg_free(msg); 9468 } 9469 9470 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 9471 struct net_device *netdev, const u8 *bssid, 9472 const u8 *replay_ctr, gfp_t gfp) 9473 { 9474 struct sk_buff *msg; 9475 struct nlattr *rekey_attr; 9476 void *hdr; 9477 9478 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9479 if (!msg) 9480 return; 9481 9482 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 9483 if (!hdr) { 9484 nlmsg_free(msg); 9485 return; 9486 } 9487 9488 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9489 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9490 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 9491 goto nla_put_failure; 9492 9493 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 9494 if (!rekey_attr) 9495 goto nla_put_failure; 9496 9497 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 9498 NL80211_REPLAY_CTR_LEN, replay_ctr)) 9499 goto nla_put_failure; 9500 9501 nla_nest_end(msg, rekey_attr); 9502 9503 genlmsg_end(msg, hdr); 9504 9505 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9506 nl80211_mlme_mcgrp.id, gfp); 9507 return; 9508 9509 nla_put_failure: 9510 genlmsg_cancel(msg, hdr); 9511 nlmsg_free(msg); 9512 } 9513 9514 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 9515 struct net_device *netdev, int index, 9516 const u8 *bssid, bool preauth, gfp_t gfp) 9517 { 9518 struct sk_buff *msg; 9519 struct nlattr *attr; 9520 void *hdr; 9521 9522 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9523 if (!msg) 9524 return; 9525 9526 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 9527 if (!hdr) { 9528 nlmsg_free(msg); 9529 return; 9530 } 9531 9532 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9533 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 9534 goto nla_put_failure; 9535 9536 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 9537 if (!attr) 9538 goto nla_put_failure; 9539 9540 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 9541 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 9542 (preauth && 9543 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 9544 goto nla_put_failure; 9545 9546 nla_nest_end(msg, attr); 9547 9548 genlmsg_end(msg, hdr); 9549 9550 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9551 nl80211_mlme_mcgrp.id, gfp); 9552 return; 9553 9554 nla_put_failure: 9555 genlmsg_cancel(msg, hdr); 9556 nlmsg_free(msg); 9557 } 9558 9559 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 9560 struct net_device *netdev, 9561 struct cfg80211_chan_def *chandef, gfp_t gfp) 9562 { 9563 struct sk_buff *msg; 9564 void *hdr; 9565 9566 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9567 if (!msg) 9568 return; 9569 9570 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 9571 if (!hdr) { 9572 nlmsg_free(msg); 9573 return; 9574 } 9575 9576 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 9577 goto nla_put_failure; 9578 9579 if (nl80211_send_chandef(msg, chandef)) 9580 goto nla_put_failure; 9581 9582 genlmsg_end(msg, hdr); 9583 9584 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9585 nl80211_mlme_mcgrp.id, gfp); 9586 return; 9587 9588 nla_put_failure: 9589 genlmsg_cancel(msg, hdr); 9590 nlmsg_free(msg); 9591 } 9592 9593 void 9594 nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev, 9595 struct net_device *netdev, const u8 *peer, 9596 u32 num_packets, u32 rate, u32 intvl, gfp_t gfp) 9597 { 9598 struct sk_buff *msg; 9599 struct nlattr *pinfoattr; 9600 void *hdr; 9601 9602 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 9603 if (!msg) 9604 return; 9605 9606 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 9607 if (!hdr) { 9608 nlmsg_free(msg); 9609 return; 9610 } 9611 9612 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9613 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9614 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 9615 goto nla_put_failure; 9616 9617 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 9618 if (!pinfoattr) 9619 goto nla_put_failure; 9620 9621 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 9622 goto nla_put_failure; 9623 9624 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 9625 goto nla_put_failure; 9626 9627 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 9628 goto nla_put_failure; 9629 9630 nla_nest_end(msg, pinfoattr); 9631 9632 genlmsg_end(msg, hdr); 9633 9634 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9635 nl80211_mlme_mcgrp.id, gfp); 9636 return; 9637 9638 nla_put_failure: 9639 genlmsg_cancel(msg, hdr); 9640 nlmsg_free(msg); 9641 } 9642 9643 void 9644 nl80211_radar_notify(struct cfg80211_registered_device *rdev, 9645 struct cfg80211_chan_def *chandef, 9646 enum nl80211_radar_event event, 9647 struct net_device *netdev, gfp_t gfp) 9648 { 9649 struct sk_buff *msg; 9650 void *hdr; 9651 9652 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9653 if (!msg) 9654 return; 9655 9656 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 9657 if (!hdr) { 9658 nlmsg_free(msg); 9659 return; 9660 } 9661 9662 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 9663 goto nla_put_failure; 9664 9665 /* NOP and radar events don't need a netdev parameter */ 9666 if (netdev) { 9667 struct wireless_dev *wdev = netdev->ieee80211_ptr; 9668 9669 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9670 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 9671 goto nla_put_failure; 9672 } 9673 9674 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 9675 goto nla_put_failure; 9676 9677 if (nl80211_send_chandef(msg, chandef)) 9678 goto nla_put_failure; 9679 9680 if (genlmsg_end(msg, hdr) < 0) { 9681 nlmsg_free(msg); 9682 return; 9683 } 9684 9685 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9686 nl80211_mlme_mcgrp.id, gfp); 9687 return; 9688 9689 nla_put_failure: 9690 genlmsg_cancel(msg, hdr); 9691 nlmsg_free(msg); 9692 } 9693 9694 void 9695 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 9696 struct net_device *netdev, const u8 *peer, 9697 u32 num_packets, gfp_t gfp) 9698 { 9699 struct sk_buff *msg; 9700 struct nlattr *pinfoattr; 9701 void *hdr; 9702 9703 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9704 if (!msg) 9705 return; 9706 9707 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 9708 if (!hdr) { 9709 nlmsg_free(msg); 9710 return; 9711 } 9712 9713 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9714 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 9715 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 9716 goto nla_put_failure; 9717 9718 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 9719 if (!pinfoattr) 9720 goto nla_put_failure; 9721 9722 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 9723 goto nla_put_failure; 9724 9725 nla_nest_end(msg, pinfoattr); 9726 9727 genlmsg_end(msg, hdr); 9728 9729 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9730 nl80211_mlme_mcgrp.id, gfp); 9731 return; 9732 9733 nla_put_failure: 9734 genlmsg_cancel(msg, hdr); 9735 nlmsg_free(msg); 9736 } 9737 9738 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 9739 u64 cookie, bool acked, gfp_t gfp) 9740 { 9741 struct wireless_dev *wdev = dev->ieee80211_ptr; 9742 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9743 struct sk_buff *msg; 9744 void *hdr; 9745 int err; 9746 9747 trace_cfg80211_probe_status(dev, addr, cookie, acked); 9748 9749 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9750 9751 if (!msg) 9752 return; 9753 9754 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 9755 if (!hdr) { 9756 nlmsg_free(msg); 9757 return; 9758 } 9759 9760 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9761 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9762 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 9763 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 9764 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 9765 goto nla_put_failure; 9766 9767 err = genlmsg_end(msg, hdr); 9768 if (err < 0) { 9769 nlmsg_free(msg); 9770 return; 9771 } 9772 9773 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9774 nl80211_mlme_mcgrp.id, gfp); 9775 return; 9776 9777 nla_put_failure: 9778 genlmsg_cancel(msg, hdr); 9779 nlmsg_free(msg); 9780 } 9781 EXPORT_SYMBOL(cfg80211_probe_status); 9782 9783 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 9784 const u8 *frame, size_t len, 9785 int freq, int sig_dbm) 9786 { 9787 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 9788 struct sk_buff *msg; 9789 void *hdr; 9790 struct cfg80211_beacon_registration *reg; 9791 9792 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 9793 9794 spin_lock_bh(&rdev->beacon_registrations_lock); 9795 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 9796 msg = nlmsg_new(len + 100, GFP_ATOMIC); 9797 if (!msg) { 9798 spin_unlock_bh(&rdev->beacon_registrations_lock); 9799 return; 9800 } 9801 9802 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 9803 if (!hdr) 9804 goto nla_put_failure; 9805 9806 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9807 (freq && 9808 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 9809 (sig_dbm && 9810 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 9811 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 9812 goto nla_put_failure; 9813 9814 genlmsg_end(msg, hdr); 9815 9816 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 9817 } 9818 spin_unlock_bh(&rdev->beacon_registrations_lock); 9819 return; 9820 9821 nla_put_failure: 9822 spin_unlock_bh(&rdev->beacon_registrations_lock); 9823 if (hdr) 9824 genlmsg_cancel(msg, hdr); 9825 nlmsg_free(msg); 9826 } 9827 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 9828 9829 #ifdef CONFIG_PM 9830 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 9831 struct cfg80211_wowlan_wakeup *wakeup, 9832 gfp_t gfp) 9833 { 9834 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9835 struct sk_buff *msg; 9836 void *hdr; 9837 int err, size = 200; 9838 9839 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 9840 9841 if (wakeup) 9842 size += wakeup->packet_present_len; 9843 9844 msg = nlmsg_new(size, gfp); 9845 if (!msg) 9846 return; 9847 9848 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 9849 if (!hdr) 9850 goto free_msg; 9851 9852 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9853 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev))) 9854 goto free_msg; 9855 9856 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 9857 wdev->netdev->ifindex)) 9858 goto free_msg; 9859 9860 if (wakeup) { 9861 struct nlattr *reasons; 9862 9863 reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 9864 9865 if (wakeup->disconnect && 9866 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 9867 goto free_msg; 9868 if (wakeup->magic_pkt && 9869 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 9870 goto free_msg; 9871 if (wakeup->gtk_rekey_failure && 9872 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 9873 goto free_msg; 9874 if (wakeup->eap_identity_req && 9875 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 9876 goto free_msg; 9877 if (wakeup->four_way_handshake && 9878 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 9879 goto free_msg; 9880 if (wakeup->rfkill_release && 9881 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 9882 goto free_msg; 9883 9884 if (wakeup->pattern_idx >= 0 && 9885 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 9886 wakeup->pattern_idx)) 9887 goto free_msg; 9888 9889 if (wakeup->tcp_match) 9890 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH); 9891 9892 if (wakeup->tcp_connlost) 9893 nla_put_flag(msg, 9894 NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST); 9895 9896 if (wakeup->tcp_nomoretokens) 9897 nla_put_flag(msg, 9898 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS); 9899 9900 if (wakeup->packet) { 9901 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 9902 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 9903 9904 if (!wakeup->packet_80211) { 9905 pkt_attr = 9906 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 9907 len_attr = 9908 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 9909 } 9910 9911 if (wakeup->packet_len && 9912 nla_put_u32(msg, len_attr, wakeup->packet_len)) 9913 goto free_msg; 9914 9915 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 9916 wakeup->packet)) 9917 goto free_msg; 9918 } 9919 9920 nla_nest_end(msg, reasons); 9921 } 9922 9923 err = genlmsg_end(msg, hdr); 9924 if (err < 0) 9925 goto free_msg; 9926 9927 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9928 nl80211_mlme_mcgrp.id, gfp); 9929 return; 9930 9931 free_msg: 9932 nlmsg_free(msg); 9933 } 9934 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 9935 #endif 9936 9937 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 9938 enum nl80211_tdls_operation oper, 9939 u16 reason_code, gfp_t gfp) 9940 { 9941 struct wireless_dev *wdev = dev->ieee80211_ptr; 9942 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 9943 struct sk_buff *msg; 9944 void *hdr; 9945 int err; 9946 9947 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 9948 reason_code); 9949 9950 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 9951 if (!msg) 9952 return; 9953 9954 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 9955 if (!hdr) { 9956 nlmsg_free(msg); 9957 return; 9958 } 9959 9960 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 9961 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 9962 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 9963 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 9964 (reason_code > 0 && 9965 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 9966 goto nla_put_failure; 9967 9968 err = genlmsg_end(msg, hdr); 9969 if (err < 0) { 9970 nlmsg_free(msg); 9971 return; 9972 } 9973 9974 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 9975 nl80211_mlme_mcgrp.id, gfp); 9976 return; 9977 9978 nla_put_failure: 9979 genlmsg_cancel(msg, hdr); 9980 nlmsg_free(msg); 9981 } 9982 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 9983 9984 static int nl80211_netlink_notify(struct notifier_block * nb, 9985 unsigned long state, 9986 void *_notify) 9987 { 9988 struct netlink_notify *notify = _notify; 9989 struct cfg80211_registered_device *rdev; 9990 struct wireless_dev *wdev; 9991 struct cfg80211_beacon_registration *reg, *tmp; 9992 9993 if (state != NETLINK_URELEASE) 9994 return NOTIFY_DONE; 9995 9996 rcu_read_lock(); 9997 9998 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 9999 list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) 10000 cfg80211_mlme_unregister_socket(wdev, notify->portid); 10001 10002 spin_lock_bh(&rdev->beacon_registrations_lock); 10003 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 10004 list) { 10005 if (reg->nlportid == notify->portid) { 10006 list_del(®->list); 10007 kfree(reg); 10008 break; 10009 } 10010 } 10011 spin_unlock_bh(&rdev->beacon_registrations_lock); 10012 } 10013 10014 rcu_read_unlock(); 10015 10016 return NOTIFY_DONE; 10017 } 10018 10019 static struct notifier_block nl80211_netlink_notifier = { 10020 .notifier_call = nl80211_netlink_notify, 10021 }; 10022 10023 /* initialisation/exit functions */ 10024 10025 int nl80211_init(void) 10026 { 10027 int err; 10028 10029 err = genl_register_family_with_ops(&nl80211_fam, 10030 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 10031 if (err) 10032 return err; 10033 10034 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 10035 if (err) 10036 goto err_out; 10037 10038 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 10039 if (err) 10040 goto err_out; 10041 10042 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 10043 if (err) 10044 goto err_out; 10045 10046 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 10047 if (err) 10048 goto err_out; 10049 10050 #ifdef CONFIG_NL80211_TESTMODE 10051 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 10052 if (err) 10053 goto err_out; 10054 #endif 10055 10056 err = netlink_register_notifier(&nl80211_netlink_notifier); 10057 if (err) 10058 goto err_out; 10059 10060 return 0; 10061 err_out: 10062 genl_unregister_family(&nl80211_fam); 10063 return err; 10064 } 10065 10066 void nl80211_exit(void) 10067 { 10068 netlink_unregister_notifier(&nl80211_netlink_notifier); 10069 genl_unregister_family(&nl80211_fam); 10070 } 10071