1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * This is the new netlink-based wireless configuration interface. 4 * 5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 * Copyright 2015-2017 Intel Deutschland GmbH 8 * Copyright (C) 2018-2024 Intel Corporation 9 */ 10 11 #include <linux/if.h> 12 #include <linux/module.h> 13 #include <linux/err.h> 14 #include <linux/slab.h> 15 #include <linux/list.h> 16 #include <linux/if_ether.h> 17 #include <linux/ieee80211.h> 18 #include <linux/nl80211.h> 19 #include <linux/rtnetlink.h> 20 #include <linux/netlink.h> 21 #include <linux/nospec.h> 22 #include <linux/etherdevice.h> 23 #include <linux/if_vlan.h> 24 #include <net/net_namespace.h> 25 #include <net/genetlink.h> 26 #include <net/cfg80211.h> 27 #include <net/sock.h> 28 #include <net/inet_connection_sock.h> 29 #include "core.h" 30 #include "nl80211.h" 31 #include "reg.h" 32 #include "rdev-ops.h" 33 34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 35 struct genl_info *info, 36 struct cfg80211_crypto_settings *settings, 37 int cipher_limit); 38 39 /* the netlink family */ 40 static struct genl_family nl80211_fam; 41 42 /* multicast groups */ 43 enum nl80211_multicast_groups { 44 NL80211_MCGRP_CONFIG, 45 NL80211_MCGRP_SCAN, 46 NL80211_MCGRP_REGULATORY, 47 NL80211_MCGRP_MLME, 48 NL80211_MCGRP_VENDOR, 49 NL80211_MCGRP_NAN, 50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */ 51 }; 52 53 static const struct genl_multicast_group nl80211_mcgrps[] = { 54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG }, 55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN }, 56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG }, 57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME }, 58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR }, 59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN }, 60 #ifdef CONFIG_NL80211_TESTMODE 61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE } 62 #endif 63 }; 64 65 /* returns ERR_PTR values */ 66 static struct wireless_dev * 67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev, 68 struct net *netns, struct nlattr **attrs) 69 { 70 struct wireless_dev *result = NULL; 71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX]; 72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV]; 73 u64 wdev_id = 0; 74 int wiphy_idx = -1; 75 int ifidx = -1; 76 77 if (!have_ifidx && !have_wdev_id) 78 return ERR_PTR(-EINVAL); 79 80 if (have_ifidx) 81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 82 if (have_wdev_id) { 83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 84 wiphy_idx = wdev_id >> 32; 85 } 86 87 if (rdev) { 88 struct wireless_dev *wdev; 89 90 lockdep_assert_held(&rdev->wiphy.mtx); 91 92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 93 if (have_ifidx && wdev->netdev && 94 wdev->netdev->ifindex == ifidx) { 95 result = wdev; 96 break; 97 } 98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 99 result = wdev; 100 break; 101 } 102 } 103 104 return result ?: ERR_PTR(-ENODEV); 105 } 106 107 ASSERT_RTNL(); 108 109 for_each_rdev(rdev) { 110 struct wireless_dev *wdev; 111 112 if (wiphy_net(&rdev->wiphy) != netns) 113 continue; 114 115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx) 116 continue; 117 118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 119 if (have_ifidx && wdev->netdev && 120 wdev->netdev->ifindex == ifidx) { 121 result = wdev; 122 break; 123 } 124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) { 125 result = wdev; 126 break; 127 } 128 } 129 130 if (result) 131 break; 132 } 133 134 if (result) 135 return result; 136 return ERR_PTR(-ENODEV); 137 } 138 139 static struct cfg80211_registered_device * 140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs) 141 { 142 struct cfg80211_registered_device *rdev = NULL, *tmp; 143 struct net_device *netdev; 144 145 ASSERT_RTNL(); 146 147 if (!attrs[NL80211_ATTR_WIPHY] && 148 !attrs[NL80211_ATTR_IFINDEX] && 149 !attrs[NL80211_ATTR_WDEV]) 150 return ERR_PTR(-EINVAL); 151 152 if (attrs[NL80211_ATTR_WIPHY]) 153 rdev = cfg80211_rdev_by_wiphy_idx( 154 nla_get_u32(attrs[NL80211_ATTR_WIPHY])); 155 156 if (attrs[NL80211_ATTR_WDEV]) { 157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]); 158 struct wireless_dev *wdev; 159 bool found = false; 160 161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32); 162 if (tmp) { 163 /* make sure wdev exists */ 164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) { 165 if (wdev->identifier != (u32)wdev_id) 166 continue; 167 found = true; 168 break; 169 } 170 171 if (!found) 172 tmp = NULL; 173 174 if (rdev && tmp != rdev) 175 return ERR_PTR(-EINVAL); 176 rdev = tmp; 177 } 178 } 179 180 if (attrs[NL80211_ATTR_IFINDEX]) { 181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 182 183 netdev = __dev_get_by_index(netns, ifindex); 184 if (netdev) { 185 if (netdev->ieee80211_ptr) 186 tmp = wiphy_to_rdev( 187 netdev->ieee80211_ptr->wiphy); 188 else 189 tmp = NULL; 190 191 /* not wireless device -- return error */ 192 if (!tmp) 193 return ERR_PTR(-EINVAL); 194 195 /* mismatch -- return error */ 196 if (rdev && tmp != rdev) 197 return ERR_PTR(-EINVAL); 198 199 rdev = tmp; 200 } 201 } 202 203 if (!rdev) 204 return ERR_PTR(-ENODEV); 205 206 if (netns != wiphy_net(&rdev->wiphy)) 207 return ERR_PTR(-ENODEV); 208 209 return rdev; 210 } 211 212 /* 213 * This function returns a pointer to the driver 214 * that the genl_info item that is passed refers to. 215 * 216 * The result of this can be a PTR_ERR and hence must 217 * be checked with IS_ERR() for errors. 218 */ 219 static struct cfg80211_registered_device * 220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info) 221 { 222 return __cfg80211_rdev_from_attrs(netns, info->attrs); 223 } 224 225 static int validate_beacon_head(const struct nlattr *attr, 226 struct netlink_ext_ack *extack) 227 { 228 const u8 *data = nla_data(attr); 229 unsigned int len = nla_len(attr); 230 const struct element *elem; 231 const struct ieee80211_mgmt *mgmt = (void *)data; 232 unsigned int fixedlen, hdrlen; 233 bool s1g_bcn; 234 235 if (len < offsetofend(typeof(*mgmt), frame_control)) 236 goto err; 237 238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control); 239 if (s1g_bcn) { 240 fixedlen = offsetof(struct ieee80211_ext, 241 u.s1g_beacon.variable); 242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon); 243 } else { 244 fixedlen = offsetof(struct ieee80211_mgmt, 245 u.beacon.variable); 246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon); 247 } 248 249 if (len < fixedlen) 250 goto err; 251 252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen) 253 goto err; 254 255 data += fixedlen; 256 len -= fixedlen; 257 258 for_each_element(elem, data, len) { 259 /* nothing */ 260 } 261 262 if (for_each_element_completed(elem, data, len)) 263 return 0; 264 265 err: 266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head"); 267 return -EINVAL; 268 } 269 270 static int validate_ie_attr(const struct nlattr *attr, 271 struct netlink_ext_ack *extack) 272 { 273 const u8 *data = nla_data(attr); 274 unsigned int len = nla_len(attr); 275 const struct element *elem; 276 277 for_each_element(elem, data, len) { 278 /* nothing */ 279 } 280 281 if (for_each_element_completed(elem, data, len)) 282 return 0; 283 284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements"); 285 return -EINVAL; 286 } 287 288 static int validate_he_capa(const struct nlattr *attr, 289 struct netlink_ext_ack *extack) 290 { 291 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr))) 292 return -EINVAL; 293 294 return 0; 295 } 296 297 /* policy for the attributes */ 298 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR]; 299 300 static const struct nla_policy 301 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = { 302 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, }, 303 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY, 304 .len = U8_MAX }, 305 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY, 306 .len = U8_MAX }, 307 }; 308 309 static const struct nla_policy 310 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = { 311 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG }, 312 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 }, 313 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] = 314 NLA_POLICY_MAX(NLA_U8, 15), 315 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 }, 316 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] = 317 NLA_POLICY_MAX(NLA_U8, 15), 318 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 }, 319 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 }, 320 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG }, 321 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG }, 322 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG }, 323 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG }, 324 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG }, 325 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 }, 326 }; 327 328 static const struct nla_policy 329 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = { 330 [NL80211_PMSR_TYPE_FTM] = 331 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy), 332 }; 333 334 static const struct nla_policy 335 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = { 336 [NL80211_PMSR_REQ_ATTR_DATA] = 337 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy), 338 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG }, 339 }; 340 341 static const struct nla_policy 342 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = { 343 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR, 344 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy), 345 [NL80211_PMSR_PEER_ATTR_REQ] = 346 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy), 347 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT }, 348 }; 349 350 static const struct nla_policy 351 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = { 352 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT }, 353 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT }, 354 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT }, 355 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT }, 356 [NL80211_PMSR_ATTR_PEERS] = 357 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy), 358 }; 359 360 static const struct nla_policy 361 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = { 362 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] = 363 NLA_POLICY_RANGE(NLA_U8, 1, 20), 364 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] = 365 NLA_POLICY_RANGE(NLA_U8, 1, 20), 366 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] = 367 NLA_POLICY_RANGE(NLA_U8, 1, 20), 368 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] = 369 NLA_POLICY_EXACT_LEN(8), 370 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] = 371 NLA_POLICY_EXACT_LEN(8), 372 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 }, 373 }; 374 375 static const struct nla_policy 376 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = { 377 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63), 378 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG }, 379 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG }, 380 }; 381 382 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 383 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 384 .len = NL80211_MAX_SUPP_RATES }, 385 [NL80211_TXRATE_HT] = { .type = NLA_BINARY, 386 .len = NL80211_MAX_SUPP_HT_RATES }, 387 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)), 388 [NL80211_TXRATE_GI] = { .type = NLA_U8 }, 389 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)), 390 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8, 391 NL80211_RATE_INFO_HE_GI_0_8, 392 NL80211_RATE_INFO_HE_GI_3_2), 393 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8, 394 NL80211_RATE_INFO_HE_1XLTF, 395 NL80211_RATE_INFO_HE_4XLTF), 396 }; 397 398 static const struct nla_policy 399 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = { 400 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 }, 401 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 }, 402 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG }, 403 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff), 404 [NL80211_TID_CONFIG_ATTR_NOACK] = 405 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 406 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1), 407 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1), 408 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] = 409 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 410 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] = 411 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 412 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] = 413 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE), 414 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] = 415 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED), 416 [NL80211_TID_CONFIG_ATTR_TX_RATE] = 417 NLA_POLICY_NESTED(nl80211_txattr_policy), 418 }; 419 420 static const struct nla_policy 421 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = { 422 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000), 423 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000), 424 [NL80211_FILS_DISCOVERY_ATTR_TMPL] = 425 NLA_POLICY_RANGE(NLA_BINARY, 426 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN, 427 IEEE80211_MAX_DATA_LEN), 428 }; 429 430 static const struct nla_policy 431 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = { 432 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20), 433 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY, 434 .len = IEEE80211_MAX_DATA_LEN } 435 }; 436 437 static const struct nla_policy 438 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = { 439 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 }, 440 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 }, 441 }; 442 443 static const struct nla_policy 444 sar_policy[NL80211_SAR_ATTR_MAX + 1] = { 445 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE), 446 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy), 447 }; 448 449 static const struct nla_policy 450 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = { 451 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2), 452 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] = 453 NLA_POLICY_MIN(NLA_U8, 1), 454 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 }, 455 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 }, 456 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG }, 457 }; 458 459 static const struct nla_policy 460 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = { 461 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 462 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 463 }; 464 465 static const struct netlink_range_validation nl80211_punct_bitmap_range = { 466 .min = 0, 467 .max = 0xffff, 468 }; 469 470 static const struct netlink_range_validation q_range = { 471 .max = INT_MAX, 472 }; 473 474 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { 475 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD }, 476 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 477 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 478 .len = 20-1 }, 479 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 480 481 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 482 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 483 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8, 484 NL80211_EDMG_CHANNELS_MIN, 485 NL80211_EDMG_CHANNELS_MAX), 486 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8, 487 NL80211_EDMG_BW_CONFIG_MIN, 488 NL80211_EDMG_BW_CONFIG_MAX), 489 490 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 }, 491 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 }, 492 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999), 493 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 }, 494 495 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1), 496 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1), 497 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 498 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 499 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 500 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG }, 501 502 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX), 503 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 504 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 505 506 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 507 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 508 509 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 510 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 511 .len = WLAN_MAX_KEY_LEN }, 512 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7), 513 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 514 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 515 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 516 [NL80211_ATTR_KEY_TYPE] = 517 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES), 518 519 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 520 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 521 [NL80211_ATTR_BEACON_HEAD] = 522 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head, 523 IEEE80211_MAX_DATA_LEN), 524 [NL80211_ATTR_BEACON_TAIL] = 525 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 526 IEEE80211_MAX_DATA_LEN), 527 [NL80211_ATTR_STA_AID] = 528 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 529 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 530 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 531 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 532 .len = NL80211_MAX_SUPP_RATES }, 533 [NL80211_ATTR_STA_PLINK_ACTION] = 534 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1), 535 [NL80211_ATTR_STA_TX_POWER_SETTING] = 536 NLA_POLICY_RANGE(NLA_U8, 537 NL80211_TX_POWER_AUTOMATIC, 538 NL80211_TX_POWER_FIXED), 539 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 }, 540 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 541 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 542 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 543 .len = IEEE80211_MAX_MESH_ID_LEN }, 544 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT, 545 546 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */ 547 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3), 548 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 549 550 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 551 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 552 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 553 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 554 .len = NL80211_MAX_SUPP_RATES }, 555 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 556 557 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 558 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 559 560 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN), 561 562 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 563 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY, 564 validate_ie_attr, 565 IEEE80211_MAX_DATA_LEN), 566 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 567 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 568 569 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 570 .len = IEEE80211_MAX_SSID_LEN }, 571 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 572 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 573 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 574 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 575 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32, 576 NL80211_MFP_NO, 577 NL80211_MFP_OPTIONAL), 578 [NL80211_ATTR_STA_FLAGS2] = 579 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)), 580 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 581 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 582 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 583 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG }, 584 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 585 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 }, 586 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 587 [NL80211_ATTR_WPA_VERSIONS] = 588 NLA_POLICY_RANGE(NLA_U32, 0, 589 NL80211_WPA_VERSION_1 | 590 NL80211_WPA_VERSION_2 | 591 NL80211_WPA_VERSION_3), 592 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 593 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 594 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN), 595 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 596 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 597 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 598 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 599 .len = IEEE80211_MAX_DATA_LEN }, 600 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 601 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32, 602 NL80211_PS_DISABLED, 603 NL80211_PS_ENABLED), 604 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 605 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 606 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 607 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 608 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 609 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 610 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 611 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 612 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 613 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 614 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 615 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 616 [NL80211_ATTR_STA_PLINK_STATE] = 617 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1), 618 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 }, 619 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG }, 620 [NL80211_ATTR_MESH_PEER_AID] = 621 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 622 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 623 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 624 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 625 [NL80211_ATTR_HIDDEN_SSID] = 626 NLA_POLICY_RANGE(NLA_U32, 627 NL80211_HIDDEN_SSID_NOT_IN_USE, 628 NL80211_HIDDEN_SSID_ZERO_CONTENTS), 629 [NL80211_ATTR_IE_PROBE_RESP] = 630 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 631 IEEE80211_MAX_DATA_LEN), 632 [NL80211_ATTR_IE_ASSOC_RESP] = 633 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 634 IEEE80211_MAX_DATA_LEN), 635 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 636 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy), 637 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 638 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 639 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 640 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 641 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 642 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 643 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 644 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG }, 645 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 646 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 647 .len = IEEE80211_MAX_DATA_LEN }, 648 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 649 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 650 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 651 .len = NL80211_HT_CAPABILITY_LEN 652 }, 653 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 654 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 655 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 656 [NL80211_ATTR_WDEV] = { .type = NLA_U64 }, 657 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, 658 659 /* need to include at least Auth Transaction and Status Code */ 660 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4), 661 662 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN), 663 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, 664 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127), 665 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1), 666 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = 667 NLA_POLICY_RANGE(NLA_U32, 668 NL80211_MESH_POWER_UNKNOWN + 1, 669 NL80211_MESH_POWER_MAX), 670 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 }, 671 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED }, 672 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 }, 673 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, }, 674 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, }, 675 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG }, 676 [NL80211_ATTR_VHT_CAPABILITY_MASK] = { 677 .len = NL80211_VHT_CAPABILITY_LEN, 678 }, 679 [NL80211_ATTR_MDID] = { .type = NLA_U16 }, 680 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, 681 .len = IEEE80211_MAX_DATA_LEN }, 682 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 }, 683 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = 684 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION), 685 [NL80211_ATTR_PEER_AID] = 686 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), 687 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, 688 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG }, 689 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED }, 690 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY }, 691 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY }, 692 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2), 693 /* 694 * The value of the Length field of the Supported Operating 695 * Classes element is between 2 and 253. 696 */ 697 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = 698 NLA_POLICY_RANGE(NLA_BINARY, 2, 253), 699 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG }, 700 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 }, 701 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 }, 702 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 }, 703 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY }, 704 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY, 705 IEEE80211_QOS_MAP_LEN_MIN, 706 IEEE80211_QOS_MAP_LEN_MAX), 707 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 708 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 }, 709 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 }, 710 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG }, 711 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY }, 712 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG }, 713 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1), 714 [NL80211_ATTR_USER_PRIO] = 715 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1), 716 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, 717 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, 718 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 }, 719 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 720 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG }, 721 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, 722 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 }, 723 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG }, 724 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG }, 725 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED }, 726 [NL80211_ATTR_STA_SUPPORT_P2P_PS] = 727 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1), 728 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = { 729 .len = VHT_MUMIMO_GROUPS_DATA_LEN 730 }, 731 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 732 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1), 733 [NL80211_ATTR_BANDS] = { .type = NLA_U32 }, 734 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED }, 735 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY, 736 .len = FILS_MAX_KEK_LEN }, 737 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN), 738 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, }, 739 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 740 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 }, 741 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = { 742 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 743 }, 744 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 }, 745 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY, 746 .len = FILS_ERP_MAX_USERNAME_LEN }, 747 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY, 748 .len = FILS_ERP_MAX_REALM_LEN }, 749 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 }, 750 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY, 751 .len = FILS_ERP_MAX_RRK_LEN }, 752 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2), 753 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN }, 754 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN), 755 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG }, 756 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG }, 757 758 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 }, 759 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 }, 760 [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range), 761 [NL80211_ATTR_HE_CAPABILITY] = 762 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa, 763 NL80211_HE_MAX_CAPABILITY_LEN), 764 [NL80211_ATTR_FTM_RESPONDER] = 765 NLA_POLICY_NESTED(nl80211_ftm_responder_policy), 766 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1), 767 [NL80211_ATTR_PEER_MEASUREMENTS] = 768 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy), 769 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1), 770 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY, 771 .len = SAE_PASSWORD_MAX_LEN }, 772 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG }, 773 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy), 774 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2), 775 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy), 776 [NL80211_ATTR_TID_CONFIG] = 777 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy), 778 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG }, 779 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1), 780 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100), 781 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG }, 782 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999), 783 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED }, 784 [NL80211_ATTR_HE_6GHZ_CAPABILITY] = 785 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)), 786 [NL80211_ATTR_FILS_DISCOVERY] = 787 NLA_POLICY_NESTED(nl80211_fils_discovery_policy), 788 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] = 789 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy), 790 [NL80211_ATTR_S1G_CAPABILITY] = 791 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN), 792 [NL80211_ATTR_S1G_CAPABILITY_MASK] = 793 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN), 794 [NL80211_ATTR_SAE_PWE] = 795 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK, 796 NL80211_SAE_PWE_BOTH), 797 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT }, 798 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy), 799 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG }, 800 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 }, 801 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 }, 802 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 }, 803 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy), 804 [NL80211_ATTR_MBSSID_CONFIG] = 805 NLA_POLICY_NESTED(nl80211_mbssid_config_policy), 806 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED }, 807 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG }, 808 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 }, 809 [NL80211_ATTR_EHT_CAPABILITY] = 810 NLA_POLICY_RANGE(NLA_BINARY, 811 NL80211_EHT_MIN_CAPABILITY_LEN, 812 NL80211_EHT_MAX_CAPABILITY_LEN), 813 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG }, 814 [NL80211_ATTR_MLO_LINKS] = 815 NLA_POLICY_NESTED_ARRAY(nl80211_policy), 816 [NL80211_ATTR_MLO_LINK_ID] = 817 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS), 818 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN), 819 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG }, 820 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT }, 821 [NL80211_ATTR_PUNCT_BITMAP] = 822 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range), 823 824 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 }, 825 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG }, 826 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED }, 827 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG }, 828 [NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG }, 829 [NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8), 830 [NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8), 831 [NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG }, 832 }; 833 834 /* policy for the key attributes */ 835 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 836 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 837 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 838 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 839 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 840 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 841 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 842 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1), 843 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 844 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX), 845 }; 846 847 /* policy for the key default flags */ 848 static const struct nla_policy 849 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 850 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 851 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 852 }; 853 854 #ifdef CONFIG_PM 855 /* policy for WoWLAN attributes */ 856 static const struct nla_policy 857 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 858 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 859 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 860 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 861 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 862 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 863 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 864 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 865 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 866 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED }, 867 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED }, 868 }; 869 870 static const struct nla_policy 871 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = { 872 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 }, 873 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 }, 874 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 875 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 }, 876 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 }, 877 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1), 878 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = { 879 .len = sizeof(struct nl80211_wowlan_tcp_data_seq) 880 }, 881 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = { 882 .len = sizeof(struct nl80211_wowlan_tcp_data_token) 883 }, 884 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 }, 885 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1), 886 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1), 887 }; 888 #endif /* CONFIG_PM */ 889 890 /* policy for coalesce rule attributes */ 891 static const struct nla_policy 892 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = { 893 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 }, 894 [NL80211_ATTR_COALESCE_RULE_CONDITION] = 895 NLA_POLICY_RANGE(NLA_U32, 896 NL80211_COALESCE_CONDITION_MATCH, 897 NL80211_COALESCE_CONDITION_NO_MATCH), 898 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED }, 899 }; 900 901 /* policy for GTK rekey offload attributes */ 902 static const struct nla_policy 903 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 904 [NL80211_REKEY_DATA_KEK] = { 905 .type = NLA_BINARY, 906 .len = NL80211_KEK_EXT_LEN 907 }, 908 [NL80211_REKEY_DATA_KCK] = { 909 .type = NLA_BINARY, 910 .len = NL80211_KCK_EXT_LEN_32 911 }, 912 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN), 913 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 }, 914 }; 915 916 static const struct nla_policy 917 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 918 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY, 919 .len = IEEE80211_MAX_SSID_LEN }, 920 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 921 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 922 }; 923 924 static const struct nla_policy 925 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = { 926 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 }, 927 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 }, 928 }; 929 930 static const struct nla_policy 931 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = { 932 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG }, 933 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 }, 934 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = { 935 .len = sizeof(struct nl80211_bss_select_rssi_adjust) 936 }, 937 }; 938 939 /* policy for NAN function attributes */ 940 static const struct nla_policy 941 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = { 942 [NL80211_NAN_FUNC_TYPE] = 943 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE), 944 [NL80211_NAN_FUNC_SERVICE_ID] = { 945 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN }, 946 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 }, 947 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG }, 948 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG }, 949 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 }, 950 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 }, 951 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN), 952 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG }, 953 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 }, 954 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY, 955 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN }, 956 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED }, 957 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED }, 958 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED }, 959 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 }, 960 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 }, 961 }; 962 963 /* policy for Service Response Filter attributes */ 964 static const struct nla_policy 965 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = { 966 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG }, 967 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY, 968 .len = NL80211_NAN_FUNC_SRF_MAX_LEN }, 969 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 }, 970 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED }, 971 }; 972 973 /* policy for packet pattern attributes */ 974 static const struct nla_policy 975 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = { 976 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, }, 977 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, }, 978 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 }, 979 }; 980 981 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb, 982 struct cfg80211_registered_device **rdev, 983 struct wireless_dev **wdev, 984 struct nlattr **attrbuf) 985 { 986 int err; 987 988 if (!cb->args[0]) { 989 struct nlattr **attrbuf_free = NULL; 990 991 if (!attrbuf) { 992 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), 993 GFP_KERNEL); 994 if (!attrbuf) 995 return -ENOMEM; 996 attrbuf_free = attrbuf; 997 } 998 999 err = nlmsg_parse_deprecated(cb->nlh, 1000 GENL_HDRLEN + nl80211_fam.hdrsize, 1001 attrbuf, nl80211_fam.maxattr, 1002 nl80211_policy, NULL); 1003 if (err) { 1004 kfree(attrbuf_free); 1005 return err; 1006 } 1007 1008 rtnl_lock(); 1009 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk), 1010 attrbuf); 1011 kfree(attrbuf_free); 1012 if (IS_ERR(*wdev)) { 1013 rtnl_unlock(); 1014 return PTR_ERR(*wdev); 1015 } 1016 *rdev = wiphy_to_rdev((*wdev)->wiphy); 1017 mutex_lock(&(*rdev)->wiphy.mtx); 1018 rtnl_unlock(); 1019 /* 0 is the first index - add 1 to parse only once */ 1020 cb->args[0] = (*rdev)->wiphy_idx + 1; 1021 cb->args[1] = (*wdev)->identifier; 1022 } else { 1023 /* subtract the 1 again here */ 1024 struct wiphy *wiphy; 1025 struct wireless_dev *tmp; 1026 1027 rtnl_lock(); 1028 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 1029 if (!wiphy) { 1030 rtnl_unlock(); 1031 return -ENODEV; 1032 } 1033 *rdev = wiphy_to_rdev(wiphy); 1034 *wdev = NULL; 1035 1036 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) { 1037 if (tmp->identifier == cb->args[1]) { 1038 *wdev = tmp; 1039 break; 1040 } 1041 } 1042 1043 if (!*wdev) { 1044 rtnl_unlock(); 1045 return -ENODEV; 1046 } 1047 mutex_lock(&(*rdev)->wiphy.mtx); 1048 rtnl_unlock(); 1049 } 1050 1051 return 0; 1052 } 1053 1054 /* message building helper */ 1055 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq, 1056 int flags, u8 cmd) 1057 { 1058 /* since there is no private header just add the generic one */ 1059 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd); 1060 } 1061 1062 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg, 1063 const struct ieee80211_reg_rule *rule) 1064 { 1065 int j; 1066 struct nlattr *nl_wmm_rules = 1067 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM); 1068 1069 if (!nl_wmm_rules) 1070 goto nla_put_failure; 1071 1072 for (j = 0; j < IEEE80211_NUM_ACS; j++) { 1073 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j); 1074 1075 if (!nl_wmm_rule) 1076 goto nla_put_failure; 1077 1078 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN, 1079 rule->wmm_rule.client[j].cw_min) || 1080 nla_put_u16(msg, NL80211_WMMR_CW_MAX, 1081 rule->wmm_rule.client[j].cw_max) || 1082 nla_put_u8(msg, NL80211_WMMR_AIFSN, 1083 rule->wmm_rule.client[j].aifsn) || 1084 nla_put_u16(msg, NL80211_WMMR_TXOP, 1085 rule->wmm_rule.client[j].cot)) 1086 goto nla_put_failure; 1087 1088 nla_nest_end(msg, nl_wmm_rule); 1089 } 1090 nla_nest_end(msg, nl_wmm_rules); 1091 1092 return 0; 1093 1094 nla_put_failure: 1095 return -ENOBUFS; 1096 } 1097 1098 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy, 1099 struct ieee80211_channel *chan, 1100 bool large) 1101 { 1102 /* Some channels must be completely excluded from the 1103 * list to protect old user-space tools from breaking 1104 */ 1105 if (!large && chan->flags & 1106 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ)) 1107 return 0; 1108 if (!large && chan->freq_offset) 1109 return 0; 1110 1111 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 1112 chan->center_freq)) 1113 goto nla_put_failure; 1114 1115 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset)) 1116 goto nla_put_failure; 1117 1118 if ((chan->flags & IEEE80211_CHAN_PSD) && 1119 nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd)) 1120 goto nla_put_failure; 1121 1122 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 1123 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 1124 goto nla_put_failure; 1125 if (chan->flags & IEEE80211_CHAN_NO_IR) { 1126 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR)) 1127 goto nla_put_failure; 1128 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS)) 1129 goto nla_put_failure; 1130 } 1131 if (chan->flags & IEEE80211_CHAN_RADAR) { 1132 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 1133 goto nla_put_failure; 1134 if (large) { 1135 u32 time; 1136 1137 time = elapsed_jiffies_msecs(chan->dfs_state_entered); 1138 1139 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE, 1140 chan->dfs_state)) 1141 goto nla_put_failure; 1142 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME, 1143 time)) 1144 goto nla_put_failure; 1145 if (nla_put_u32(msg, 1146 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME, 1147 chan->dfs_cac_ms)) 1148 goto nla_put_failure; 1149 } 1150 } 1151 1152 if (large) { 1153 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) && 1154 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS)) 1155 goto nla_put_failure; 1156 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) && 1157 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS)) 1158 goto nla_put_failure; 1159 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) && 1160 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ)) 1161 goto nla_put_failure; 1162 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) && 1163 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ)) 1164 goto nla_put_failure; 1165 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) && 1166 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY)) 1167 goto nla_put_failure; 1168 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) && 1169 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT)) 1170 goto nla_put_failure; 1171 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) && 1172 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ)) 1173 goto nla_put_failure; 1174 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) && 1175 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ)) 1176 goto nla_put_failure; 1177 if ((chan->flags & IEEE80211_CHAN_NO_HE) && 1178 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE)) 1179 goto nla_put_failure; 1180 if ((chan->flags & IEEE80211_CHAN_1MHZ) && 1181 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ)) 1182 goto nla_put_failure; 1183 if ((chan->flags & IEEE80211_CHAN_2MHZ) && 1184 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ)) 1185 goto nla_put_failure; 1186 if ((chan->flags & IEEE80211_CHAN_4MHZ) && 1187 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ)) 1188 goto nla_put_failure; 1189 if ((chan->flags & IEEE80211_CHAN_8MHZ) && 1190 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ)) 1191 goto nla_put_failure; 1192 if ((chan->flags & IEEE80211_CHAN_16MHZ) && 1193 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ)) 1194 goto nla_put_failure; 1195 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) && 1196 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ)) 1197 goto nla_put_failure; 1198 if ((chan->flags & IEEE80211_CHAN_NO_EHT) && 1199 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT)) 1200 goto nla_put_failure; 1201 if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) && 1202 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT)) 1203 goto nla_put_failure; 1204 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) && 1205 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT)) 1206 goto nla_put_failure; 1207 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) && 1208 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT)) 1209 goto nla_put_failure; 1210 if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) && 1211 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR)) 1212 goto nla_put_failure; 1213 if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) && 1214 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP)) 1215 goto nla_put_failure; 1216 } 1217 1218 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 1219 DBM_TO_MBM(chan->max_power))) 1220 goto nla_put_failure; 1221 1222 if (large) { 1223 const struct ieee80211_reg_rule *rule = 1224 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq)); 1225 1226 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) { 1227 if (nl80211_msg_put_wmm_rules(msg, rule)) 1228 goto nla_put_failure; 1229 } 1230 } 1231 1232 return 0; 1233 1234 nla_put_failure: 1235 return -ENOBUFS; 1236 } 1237 1238 static bool nl80211_put_txq_stats(struct sk_buff *msg, 1239 struct cfg80211_txq_stats *txqstats, 1240 int attrtype) 1241 { 1242 struct nlattr *txqattr; 1243 1244 #define PUT_TXQVAL_U32(attr, memb) do { \ 1245 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \ 1246 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \ 1247 return false; \ 1248 } while (0) 1249 1250 txqattr = nla_nest_start_noflag(msg, attrtype); 1251 if (!txqattr) 1252 return false; 1253 1254 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes); 1255 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets); 1256 PUT_TXQVAL_U32(FLOWS, flows); 1257 PUT_TXQVAL_U32(DROPS, drops); 1258 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks); 1259 PUT_TXQVAL_U32(OVERLIMIT, overlimit); 1260 PUT_TXQVAL_U32(OVERMEMORY, overmemory); 1261 PUT_TXQVAL_U32(COLLISIONS, collisions); 1262 PUT_TXQVAL_U32(TX_BYTES, tx_bytes); 1263 PUT_TXQVAL_U32(TX_PACKETS, tx_packets); 1264 PUT_TXQVAL_U32(MAX_FLOWS, max_flows); 1265 nla_nest_end(msg, txqattr); 1266 1267 #undef PUT_TXQVAL_U32 1268 return true; 1269 } 1270 1271 /* netlink command implementations */ 1272 1273 /** 1274 * nl80211_link_id - return link ID 1275 * @attrs: attributes to look at 1276 * 1277 * Returns: the link ID or 0 if not given 1278 * 1279 * Note this function doesn't do any validation of the link 1280 * ID validity wrt. links that were actually added, so it must 1281 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID 1282 * or if additional validation is done. 1283 */ 1284 static unsigned int nl80211_link_id(struct nlattr **attrs) 1285 { 1286 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID]; 1287 1288 if (!linkid) 1289 return 0; 1290 1291 return nla_get_u8(linkid); 1292 } 1293 1294 static int nl80211_link_id_or_invalid(struct nlattr **attrs) 1295 { 1296 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID]; 1297 1298 if (!linkid) 1299 return -1; 1300 1301 return nla_get_u8(linkid); 1302 } 1303 1304 struct key_parse { 1305 struct key_params p; 1306 int idx; 1307 int type; 1308 bool def, defmgmt, defbeacon; 1309 bool def_uni, def_multi; 1310 }; 1311 1312 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key, 1313 struct key_parse *k) 1314 { 1315 struct nlattr *tb[NL80211_KEY_MAX + 1]; 1316 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key, 1317 nl80211_key_policy, 1318 info->extack); 1319 if (err) 1320 return err; 1321 1322 k->def = !!tb[NL80211_KEY_DEFAULT]; 1323 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 1324 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON]; 1325 1326 if (k->def) { 1327 k->def_uni = true; 1328 k->def_multi = true; 1329 } 1330 if (k->defmgmt || k->defbeacon) 1331 k->def_multi = true; 1332 1333 if (tb[NL80211_KEY_IDX]) 1334 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 1335 1336 if (tb[NL80211_KEY_DATA]) { 1337 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 1338 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 1339 } 1340 1341 if (tb[NL80211_KEY_SEQ]) { 1342 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 1343 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 1344 } 1345 1346 if (tb[NL80211_KEY_CIPHER]) 1347 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 1348 1349 if (tb[NL80211_KEY_TYPE]) 1350 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 1351 1352 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 1353 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 1354 1355 err = nla_parse_nested_deprecated(kdt, 1356 NUM_NL80211_KEY_DEFAULT_TYPES - 1, 1357 tb[NL80211_KEY_DEFAULT_TYPES], 1358 nl80211_key_default_policy, 1359 info->extack); 1360 if (err) 1361 return err; 1362 1363 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 1364 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 1365 } 1366 1367 if (tb[NL80211_KEY_MODE]) 1368 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]); 1369 1370 return 0; 1371 } 1372 1373 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 1374 { 1375 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 1376 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 1377 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 1378 } 1379 1380 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 1381 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 1382 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 1383 } 1384 1385 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1386 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1387 1388 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 1389 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 1390 1391 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 1392 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 1393 1394 if (k->def) { 1395 k->def_uni = true; 1396 k->def_multi = true; 1397 } 1398 if (k->defmgmt) 1399 k->def_multi = true; 1400 1401 if (info->attrs[NL80211_ATTR_KEY_TYPE]) 1402 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 1403 1404 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 1405 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 1406 int err = nla_parse_nested_deprecated(kdt, 1407 NUM_NL80211_KEY_DEFAULT_TYPES - 1, 1408 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 1409 nl80211_key_default_policy, 1410 info->extack); 1411 if (err) 1412 return err; 1413 1414 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 1415 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 1416 } 1417 1418 return 0; 1419 } 1420 1421 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 1422 { 1423 int err; 1424 1425 memset(k, 0, sizeof(*k)); 1426 k->idx = -1; 1427 k->type = -1; 1428 1429 if (info->attrs[NL80211_ATTR_KEY]) 1430 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k); 1431 else 1432 err = nl80211_parse_key_old(info, k); 1433 1434 if (err) 1435 return err; 1436 1437 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) + 1438 (k->defbeacon ? 1 : 0) > 1) { 1439 GENL_SET_ERR_MSG(info, 1440 "key with multiple default flags is invalid"); 1441 return -EINVAL; 1442 } 1443 1444 if (k->defmgmt || k->defbeacon) { 1445 if (k->def_uni || !k->def_multi) { 1446 GENL_SET_ERR_MSG(info, 1447 "defmgmt/defbeacon key must be mcast"); 1448 return -EINVAL; 1449 } 1450 } 1451 1452 if (k->idx != -1) { 1453 if (k->defmgmt) { 1454 if (k->idx < 4 || k->idx > 5) { 1455 GENL_SET_ERR_MSG(info, 1456 "defmgmt key idx not 4 or 5"); 1457 return -EINVAL; 1458 } 1459 } else if (k->defbeacon) { 1460 if (k->idx < 6 || k->idx > 7) { 1461 GENL_SET_ERR_MSG(info, 1462 "defbeacon key idx not 6 or 7"); 1463 return -EINVAL; 1464 } 1465 } else if (k->def) { 1466 if (k->idx < 0 || k->idx > 3) { 1467 GENL_SET_ERR_MSG(info, "def key idx not 0-3"); 1468 return -EINVAL; 1469 } 1470 } else { 1471 if (k->idx < 0 || k->idx > 7) { 1472 GENL_SET_ERR_MSG(info, "key idx not 0-7"); 1473 return -EINVAL; 1474 } 1475 } 1476 } 1477 1478 return 0; 1479 } 1480 1481 static struct cfg80211_cached_keys * 1482 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 1483 struct genl_info *info, bool *no_ht) 1484 { 1485 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS]; 1486 struct key_parse parse; 1487 struct nlattr *key; 1488 struct cfg80211_cached_keys *result; 1489 int rem, err, def = 0; 1490 bool have_key = false; 1491 1492 nla_for_each_nested(key, keys, rem) { 1493 have_key = true; 1494 break; 1495 } 1496 1497 if (!have_key) 1498 return NULL; 1499 1500 result = kzalloc(sizeof(*result), GFP_KERNEL); 1501 if (!result) 1502 return ERR_PTR(-ENOMEM); 1503 1504 result->def = -1; 1505 1506 nla_for_each_nested(key, keys, rem) { 1507 memset(&parse, 0, sizeof(parse)); 1508 parse.idx = -1; 1509 1510 err = nl80211_parse_key_new(info, key, &parse); 1511 if (err) 1512 goto error; 1513 err = -EINVAL; 1514 if (!parse.p.key) 1515 goto error; 1516 if (parse.idx < 0 || parse.idx > 3) { 1517 GENL_SET_ERR_MSG(info, "key index out of range [0-3]"); 1518 goto error; 1519 } 1520 if (parse.def) { 1521 if (def) { 1522 GENL_SET_ERR_MSG(info, 1523 "only one key can be default"); 1524 goto error; 1525 } 1526 def = 1; 1527 result->def = parse.idx; 1528 if (!parse.def_uni || !parse.def_multi) 1529 goto error; 1530 } else if (parse.defmgmt) 1531 goto error; 1532 err = cfg80211_validate_key_settings(rdev, &parse.p, 1533 parse.idx, false, NULL); 1534 if (err) 1535 goto error; 1536 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 && 1537 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) { 1538 GENL_SET_ERR_MSG(info, "connect key must be WEP"); 1539 err = -EINVAL; 1540 goto error; 1541 } 1542 result->params[parse.idx].cipher = parse.p.cipher; 1543 result->params[parse.idx].key_len = parse.p.key_len; 1544 result->params[parse.idx].key = result->data[parse.idx]; 1545 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 1546 1547 /* must be WEP key if we got here */ 1548 if (no_ht) 1549 *no_ht = true; 1550 } 1551 1552 if (result->def < 0) { 1553 err = -EINVAL; 1554 GENL_SET_ERR_MSG(info, "need a default/TX key"); 1555 goto error; 1556 } 1557 1558 return result; 1559 error: 1560 kfree(result); 1561 return ERR_PTR(err); 1562 } 1563 1564 static int nl80211_key_allowed(struct wireless_dev *wdev) 1565 { 1566 lockdep_assert_wiphy(wdev->wiphy); 1567 1568 switch (wdev->iftype) { 1569 case NL80211_IFTYPE_AP: 1570 case NL80211_IFTYPE_AP_VLAN: 1571 case NL80211_IFTYPE_P2P_GO: 1572 case NL80211_IFTYPE_MESH_POINT: 1573 break; 1574 case NL80211_IFTYPE_ADHOC: 1575 if (wdev->u.ibss.current_bss) 1576 return 0; 1577 return -ENOLINK; 1578 case NL80211_IFTYPE_STATION: 1579 case NL80211_IFTYPE_P2P_CLIENT: 1580 if (wdev->connected) 1581 return 0; 1582 return -ENOLINK; 1583 case NL80211_IFTYPE_NAN: 1584 if (wiphy_ext_feature_isset(wdev->wiphy, 1585 NL80211_EXT_FEATURE_SECURE_NAN)) 1586 return 0; 1587 return -EINVAL; 1588 case NL80211_IFTYPE_UNSPECIFIED: 1589 case NL80211_IFTYPE_OCB: 1590 case NL80211_IFTYPE_MONITOR: 1591 case NL80211_IFTYPE_P2P_DEVICE: 1592 case NL80211_IFTYPE_WDS: 1593 case NUM_NL80211_IFTYPES: 1594 return -EINVAL; 1595 } 1596 1597 return 0; 1598 } 1599 1600 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy, 1601 u32 freq) 1602 { 1603 struct ieee80211_channel *chan; 1604 1605 chan = ieee80211_get_channel_khz(wiphy, freq); 1606 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) 1607 return NULL; 1608 return chan; 1609 } 1610 1611 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 1612 { 1613 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr); 1614 int i; 1615 1616 if (!nl_modes) 1617 goto nla_put_failure; 1618 1619 i = 0; 1620 while (ifmodes) { 1621 if ((ifmodes & 1) && nla_put_flag(msg, i)) 1622 goto nla_put_failure; 1623 ifmodes >>= 1; 1624 i++; 1625 } 1626 1627 nla_nest_end(msg, nl_modes); 1628 return 0; 1629 1630 nla_put_failure: 1631 return -ENOBUFS; 1632 } 1633 1634 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx, 1635 const struct ieee80211_iface_combination *c, 1636 u16 nested) 1637 { 1638 struct nlattr *nl_combi, *nl_limits; 1639 int i; 1640 1641 nl_combi = nla_nest_start_noflag(msg, idx | nested); 1642 if (!nl_combi) 1643 goto nla_put_failure; 1644 1645 nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS | 1646 nested); 1647 if (!nl_limits) 1648 goto nla_put_failure; 1649 1650 for (i = 0; i < c->n_limits; i++) { 1651 struct nlattr *nl_limit; 1652 1653 nl_limit = nla_nest_start_noflag(msg, i + 1); 1654 if (!nl_limit) 1655 goto nla_put_failure; 1656 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max)) 1657 goto nla_put_failure; 1658 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 1659 c->limits[i].types)) 1660 goto nla_put_failure; 1661 nla_nest_end(msg, nl_limit); 1662 } 1663 1664 nla_nest_end(msg, nl_limits); 1665 1666 if (c->beacon_int_infra_match && 1667 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 1668 goto nla_put_failure; 1669 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 1670 c->num_different_channels) || 1671 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 1672 c->max_interfaces)) 1673 goto nla_put_failure; 1674 if (large && 1675 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS, 1676 c->radar_detect_widths) || 1677 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS, 1678 c->radar_detect_regions))) 1679 goto nla_put_failure; 1680 if (c->beacon_int_min_gcd && 1681 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD, 1682 c->beacon_int_min_gcd)) 1683 goto nla_put_failure; 1684 1685 nla_nest_end(msg, nl_combi); 1686 1687 return 0; 1688 nla_put_failure: 1689 return -ENOBUFS; 1690 } 1691 1692 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 1693 struct sk_buff *msg, 1694 int attr, int radio, 1695 bool large, u16 nested) 1696 { 1697 const struct ieee80211_iface_combination *c; 1698 struct nlattr *nl_combis; 1699 int i, n; 1700 1701 nl_combis = nla_nest_start_noflag(msg, attr | nested); 1702 if (!nl_combis) 1703 goto nla_put_failure; 1704 1705 if (radio >= 0) { 1706 c = wiphy->radio[0].iface_combinations; 1707 n = wiphy->radio[0].n_iface_combinations; 1708 } else { 1709 c = wiphy->iface_combinations; 1710 n = wiphy->n_iface_combinations; 1711 } 1712 for (i = 0; i < n; i++) 1713 if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested)) 1714 goto nla_put_failure; 1715 1716 nla_nest_end(msg, nl_combis); 1717 1718 return 0; 1719 nla_put_failure: 1720 return -ENOBUFS; 1721 } 1722 1723 #ifdef CONFIG_PM 1724 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev, 1725 struct sk_buff *msg) 1726 { 1727 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp; 1728 struct nlattr *nl_tcp; 1729 1730 if (!tcp) 1731 return 0; 1732 1733 nl_tcp = nla_nest_start_noflag(msg, 1734 NL80211_WOWLAN_TRIG_TCP_CONNECTION); 1735 if (!nl_tcp) 1736 return -ENOBUFS; 1737 1738 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1739 tcp->data_payload_max)) 1740 return -ENOBUFS; 1741 1742 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 1743 tcp->data_payload_max)) 1744 return -ENOBUFS; 1745 1746 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ)) 1747 return -ENOBUFS; 1748 1749 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 1750 sizeof(*tcp->tok), tcp->tok)) 1751 return -ENOBUFS; 1752 1753 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 1754 tcp->data_interval_max)) 1755 return -ENOBUFS; 1756 1757 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 1758 tcp->wake_payload_max)) 1759 return -ENOBUFS; 1760 1761 nla_nest_end(msg, nl_tcp); 1762 return 0; 1763 } 1764 1765 static int nl80211_send_wowlan(struct sk_buff *msg, 1766 struct cfg80211_registered_device *rdev, 1767 bool large) 1768 { 1769 struct nlattr *nl_wowlan; 1770 1771 if (!rdev->wiphy.wowlan) 1772 return 0; 1773 1774 nl_wowlan = nla_nest_start_noflag(msg, 1775 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1776 if (!nl_wowlan) 1777 return -ENOBUFS; 1778 1779 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) && 1780 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1781 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) && 1782 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1783 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) && 1784 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1785 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1786 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1787 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1788 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1789 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1790 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1791 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1792 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1793 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1794 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1795 return -ENOBUFS; 1796 1797 if (rdev->wiphy.wowlan->n_patterns) { 1798 struct nl80211_pattern_support pat = { 1799 .max_patterns = rdev->wiphy.wowlan->n_patterns, 1800 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len, 1801 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len, 1802 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset, 1803 }; 1804 1805 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1806 sizeof(pat), &pat)) 1807 return -ENOBUFS; 1808 } 1809 1810 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) && 1811 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT, 1812 rdev->wiphy.wowlan->max_nd_match_sets)) 1813 return -ENOBUFS; 1814 1815 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg)) 1816 return -ENOBUFS; 1817 1818 nla_nest_end(msg, nl_wowlan); 1819 1820 return 0; 1821 } 1822 #endif 1823 1824 static int nl80211_send_coalesce(struct sk_buff *msg, 1825 struct cfg80211_registered_device *rdev) 1826 { 1827 struct nl80211_coalesce_rule_support rule; 1828 1829 if (!rdev->wiphy.coalesce) 1830 return 0; 1831 1832 rule.max_rules = rdev->wiphy.coalesce->n_rules; 1833 rule.max_delay = rdev->wiphy.coalesce->max_delay; 1834 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns; 1835 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len; 1836 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len; 1837 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset; 1838 1839 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule)) 1840 return -ENOBUFS; 1841 1842 return 0; 1843 } 1844 1845 static int 1846 nl80211_send_iftype_data(struct sk_buff *msg, 1847 const struct ieee80211_supported_band *sband, 1848 const struct ieee80211_sband_iftype_data *iftdata) 1849 { 1850 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap; 1851 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap; 1852 1853 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES, 1854 iftdata->types_mask)) 1855 return -ENOBUFS; 1856 1857 if (he_cap->has_he) { 1858 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC, 1859 sizeof(he_cap->he_cap_elem.mac_cap_info), 1860 he_cap->he_cap_elem.mac_cap_info) || 1861 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY, 1862 sizeof(he_cap->he_cap_elem.phy_cap_info), 1863 he_cap->he_cap_elem.phy_cap_info) || 1864 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET, 1865 sizeof(he_cap->he_mcs_nss_supp), 1866 &he_cap->he_mcs_nss_supp) || 1867 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE, 1868 sizeof(he_cap->ppe_thres), he_cap->ppe_thres)) 1869 return -ENOBUFS; 1870 } 1871 1872 if (eht_cap->has_eht && he_cap->has_he) { 1873 u8 mcs_nss_size, ppe_thresh_size; 1874 u16 ppe_thres_hdr; 1875 bool is_ap; 1876 1877 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) || 1878 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO); 1879 1880 mcs_nss_size = 1881 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem, 1882 &eht_cap->eht_cap_elem, 1883 is_ap); 1884 1885 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]); 1886 ppe_thresh_size = 1887 ieee80211_eht_ppe_size(ppe_thres_hdr, 1888 eht_cap->eht_cap_elem.phy_cap_info); 1889 1890 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC, 1891 sizeof(eht_cap->eht_cap_elem.mac_cap_info), 1892 eht_cap->eht_cap_elem.mac_cap_info) || 1893 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY, 1894 sizeof(eht_cap->eht_cap_elem.phy_cap_info), 1895 eht_cap->eht_cap_elem.phy_cap_info) || 1896 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET, 1897 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) || 1898 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE, 1899 ppe_thresh_size, eht_cap->eht_ppe_thres)) 1900 return -ENOBUFS; 1901 } 1902 1903 if (sband->band == NL80211_BAND_6GHZ && 1904 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA, 1905 sizeof(iftdata->he_6ghz_capa), 1906 &iftdata->he_6ghz_capa)) 1907 return -ENOBUFS; 1908 1909 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len && 1910 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS, 1911 iftdata->vendor_elems.len, iftdata->vendor_elems.data)) 1912 return -ENOBUFS; 1913 1914 return 0; 1915 } 1916 1917 static int nl80211_send_band_rateinfo(struct sk_buff *msg, 1918 struct ieee80211_supported_band *sband, 1919 bool large) 1920 { 1921 struct nlattr *nl_rates, *nl_rate; 1922 struct ieee80211_rate *rate; 1923 int i; 1924 1925 /* add HT info */ 1926 if (sband->ht_cap.ht_supported && 1927 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 1928 sizeof(sband->ht_cap.mcs), 1929 &sband->ht_cap.mcs) || 1930 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 1931 sband->ht_cap.cap) || 1932 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 1933 sband->ht_cap.ampdu_factor) || 1934 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 1935 sband->ht_cap.ampdu_density))) 1936 return -ENOBUFS; 1937 1938 /* add VHT info */ 1939 if (sband->vht_cap.vht_supported && 1940 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET, 1941 sizeof(sband->vht_cap.vht_mcs), 1942 &sband->vht_cap.vht_mcs) || 1943 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA, 1944 sband->vht_cap.cap))) 1945 return -ENOBUFS; 1946 1947 if (large && sband->n_iftype_data) { 1948 struct nlattr *nl_iftype_data = 1949 nla_nest_start_noflag(msg, 1950 NL80211_BAND_ATTR_IFTYPE_DATA); 1951 const struct ieee80211_sband_iftype_data *iftd; 1952 int err; 1953 1954 if (!nl_iftype_data) 1955 return -ENOBUFS; 1956 1957 for_each_sband_iftype_data(sband, i, iftd) { 1958 struct nlattr *iftdata; 1959 1960 iftdata = nla_nest_start_noflag(msg, i + 1); 1961 if (!iftdata) 1962 return -ENOBUFS; 1963 1964 err = nl80211_send_iftype_data(msg, sband, iftd); 1965 if (err) 1966 return err; 1967 1968 nla_nest_end(msg, iftdata); 1969 } 1970 1971 nla_nest_end(msg, nl_iftype_data); 1972 } 1973 1974 /* add EDMG info */ 1975 if (large && sband->edmg_cap.channels && 1976 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS, 1977 sband->edmg_cap.channels) || 1978 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG, 1979 sband->edmg_cap.bw_config))) 1980 1981 return -ENOBUFS; 1982 1983 /* add bitrates */ 1984 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES); 1985 if (!nl_rates) 1986 return -ENOBUFS; 1987 1988 for (i = 0; i < sband->n_bitrates; i++) { 1989 nl_rate = nla_nest_start_noflag(msg, i); 1990 if (!nl_rate) 1991 return -ENOBUFS; 1992 1993 rate = &sband->bitrates[i]; 1994 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 1995 rate->bitrate)) 1996 return -ENOBUFS; 1997 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 1998 nla_put_flag(msg, 1999 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 2000 return -ENOBUFS; 2001 2002 nla_nest_end(msg, nl_rate); 2003 } 2004 2005 nla_nest_end(msg, nl_rates); 2006 2007 /* S1G capabilities */ 2008 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g && 2009 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA, 2010 sizeof(sband->s1g_cap.cap), 2011 sband->s1g_cap.cap) || 2012 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET, 2013 sizeof(sband->s1g_cap.nss_mcs), 2014 sband->s1g_cap.nss_mcs))) 2015 return -ENOBUFS; 2016 2017 return 0; 2018 } 2019 2020 static int 2021 nl80211_send_mgmt_stypes(struct sk_buff *msg, 2022 const struct ieee80211_txrx_stypes *mgmt_stypes) 2023 { 2024 u16 stypes; 2025 struct nlattr *nl_ftypes, *nl_ifs; 2026 enum nl80211_iftype ift; 2027 int i; 2028 2029 if (!mgmt_stypes) 2030 return 0; 2031 2032 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES); 2033 if (!nl_ifs) 2034 return -ENOBUFS; 2035 2036 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 2037 nl_ftypes = nla_nest_start_noflag(msg, ift); 2038 if (!nl_ftypes) 2039 return -ENOBUFS; 2040 i = 0; 2041 stypes = mgmt_stypes[ift].tx; 2042 while (stypes) { 2043 if ((stypes & 1) && 2044 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 2045 (i << 4) | IEEE80211_FTYPE_MGMT)) 2046 return -ENOBUFS; 2047 stypes >>= 1; 2048 i++; 2049 } 2050 nla_nest_end(msg, nl_ftypes); 2051 } 2052 2053 nla_nest_end(msg, nl_ifs); 2054 2055 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES); 2056 if (!nl_ifs) 2057 return -ENOBUFS; 2058 2059 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 2060 nl_ftypes = nla_nest_start_noflag(msg, ift); 2061 if (!nl_ftypes) 2062 return -ENOBUFS; 2063 i = 0; 2064 stypes = mgmt_stypes[ift].rx; 2065 while (stypes) { 2066 if ((stypes & 1) && 2067 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 2068 (i << 4) | IEEE80211_FTYPE_MGMT)) 2069 return -ENOBUFS; 2070 stypes >>= 1; 2071 i++; 2072 } 2073 nla_nest_end(msg, nl_ftypes); 2074 } 2075 nla_nest_end(msg, nl_ifs); 2076 2077 return 0; 2078 } 2079 2080 #define CMD(op, n) \ 2081 do { \ 2082 if (rdev->ops->op) { \ 2083 i++; \ 2084 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 2085 goto nla_put_failure; \ 2086 } \ 2087 } while (0) 2088 2089 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev, 2090 struct sk_buff *msg) 2091 { 2092 int i = 0; 2093 2094 /* 2095 * do *NOT* add anything into this function, new things need to be 2096 * advertised only to new versions of userspace that can deal with 2097 * the split (and they can't possibly care about new features... 2098 */ 2099 CMD(add_virtual_intf, NEW_INTERFACE); 2100 CMD(change_virtual_intf, SET_INTERFACE); 2101 CMD(add_key, NEW_KEY); 2102 CMD(start_ap, START_AP); 2103 CMD(add_station, NEW_STATION); 2104 CMD(add_mpath, NEW_MPATH); 2105 CMD(update_mesh_config, SET_MESH_CONFIG); 2106 CMD(change_bss, SET_BSS); 2107 CMD(auth, AUTHENTICATE); 2108 CMD(assoc, ASSOCIATE); 2109 CMD(deauth, DEAUTHENTICATE); 2110 CMD(disassoc, DISASSOCIATE); 2111 CMD(join_ibss, JOIN_IBSS); 2112 CMD(join_mesh, JOIN_MESH); 2113 CMD(set_pmksa, SET_PMKSA); 2114 CMD(del_pmksa, DEL_PMKSA); 2115 CMD(flush_pmksa, FLUSH_PMKSA); 2116 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 2117 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 2118 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 2119 CMD(mgmt_tx, FRAME); 2120 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 2121 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 2122 i++; 2123 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 2124 goto nla_put_failure; 2125 } 2126 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap || 2127 rdev->ops->join_mesh) { 2128 i++; 2129 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL)) 2130 goto nla_put_failure; 2131 } 2132 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 2133 CMD(tdls_mgmt, TDLS_MGMT); 2134 CMD(tdls_oper, TDLS_OPER); 2135 } 2136 if (rdev->wiphy.max_sched_scan_reqs) 2137 CMD(sched_scan_start, START_SCHED_SCAN); 2138 CMD(probe_client, PROBE_CLIENT); 2139 CMD(set_noack_map, SET_NOACK_MAP); 2140 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 2141 i++; 2142 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 2143 goto nla_put_failure; 2144 } 2145 CMD(start_p2p_device, START_P2P_DEVICE); 2146 CMD(set_mcast_rate, SET_MCAST_RATE); 2147 #ifdef CONFIG_NL80211_TESTMODE 2148 CMD(testmode_cmd, TESTMODE); 2149 #endif 2150 2151 if (rdev->ops->connect || rdev->ops->auth) { 2152 i++; 2153 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 2154 goto nla_put_failure; 2155 } 2156 2157 if (rdev->ops->disconnect || rdev->ops->deauth) { 2158 i++; 2159 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 2160 goto nla_put_failure; 2161 } 2162 2163 return i; 2164 nla_put_failure: 2165 return -ENOBUFS; 2166 } 2167 2168 static int 2169 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap, 2170 struct sk_buff *msg) 2171 { 2172 struct nlattr *ftm; 2173 2174 if (!cap->ftm.supported) 2175 return 0; 2176 2177 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM); 2178 if (!ftm) 2179 return -ENOBUFS; 2180 2181 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP)) 2182 return -ENOBUFS; 2183 if (cap->ftm.non_asap && 2184 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP)) 2185 return -ENOBUFS; 2186 if (cap->ftm.request_lci && 2187 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI)) 2188 return -ENOBUFS; 2189 if (cap->ftm.request_civicloc && 2190 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC)) 2191 return -ENOBUFS; 2192 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES, 2193 cap->ftm.preambles)) 2194 return -ENOBUFS; 2195 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS, 2196 cap->ftm.bandwidths)) 2197 return -ENOBUFS; 2198 if (cap->ftm.max_bursts_exponent >= 0 && 2199 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT, 2200 cap->ftm.max_bursts_exponent)) 2201 return -ENOBUFS; 2202 if (cap->ftm.max_ftms_per_burst && 2203 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST, 2204 cap->ftm.max_ftms_per_burst)) 2205 return -ENOBUFS; 2206 if (cap->ftm.trigger_based && 2207 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED)) 2208 return -ENOBUFS; 2209 if (cap->ftm.non_trigger_based && 2210 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED)) 2211 return -ENOBUFS; 2212 2213 nla_nest_end(msg, ftm); 2214 return 0; 2215 } 2216 2217 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev, 2218 struct sk_buff *msg) 2219 { 2220 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa; 2221 struct nlattr *pmsr, *caps; 2222 2223 if (!cap) 2224 return 0; 2225 2226 /* 2227 * we don't need to clean up anything here since the caller 2228 * will genlmsg_cancel() if we fail 2229 */ 2230 2231 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS); 2232 if (!pmsr) 2233 return -ENOBUFS; 2234 2235 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers)) 2236 return -ENOBUFS; 2237 2238 if (cap->report_ap_tsf && 2239 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF)) 2240 return -ENOBUFS; 2241 2242 if (cap->randomize_mac_addr && 2243 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR)) 2244 return -ENOBUFS; 2245 2246 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA); 2247 if (!caps) 2248 return -ENOBUFS; 2249 2250 if (nl80211_send_pmsr_ftm_capa(cap, msg)) 2251 return -ENOBUFS; 2252 2253 nla_nest_end(msg, caps); 2254 nla_nest_end(msg, pmsr); 2255 2256 return 0; 2257 } 2258 2259 static int 2260 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev, 2261 struct sk_buff *msg) 2262 { 2263 int i; 2264 struct nlattr *nested, *nested_akms; 2265 const struct wiphy_iftype_akm_suites *iftype_akms; 2266 2267 if (!rdev->wiphy.num_iftype_akm_suites || 2268 !rdev->wiphy.iftype_akm_suites) 2269 return 0; 2270 2271 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES); 2272 if (!nested) 2273 return -ENOBUFS; 2274 2275 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) { 2276 nested_akms = nla_nest_start(msg, i + 1); 2277 if (!nested_akms) 2278 return -ENOBUFS; 2279 2280 iftype_akms = &rdev->wiphy.iftype_akm_suites[i]; 2281 2282 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES, 2283 iftype_akms->iftypes_mask)) 2284 return -ENOBUFS; 2285 2286 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES, 2287 sizeof(u32) * iftype_akms->n_akm_suites, 2288 iftype_akms->akm_suites)) { 2289 return -ENOBUFS; 2290 } 2291 nla_nest_end(msg, nested_akms); 2292 } 2293 2294 nla_nest_end(msg, nested); 2295 2296 return 0; 2297 } 2298 2299 static int 2300 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev, 2301 struct sk_buff *msg) 2302 { 2303 struct nlattr *supp; 2304 2305 if (!rdev->wiphy.tid_config_support.vif && 2306 !rdev->wiphy.tid_config_support.peer) 2307 return 0; 2308 2309 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG); 2310 if (!supp) 2311 return -ENOSPC; 2312 2313 if (rdev->wiphy.tid_config_support.vif && 2314 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP, 2315 rdev->wiphy.tid_config_support.vif, 2316 NL80211_TID_CONFIG_ATTR_PAD)) 2317 goto fail; 2318 2319 if (rdev->wiphy.tid_config_support.peer && 2320 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP, 2321 rdev->wiphy.tid_config_support.peer, 2322 NL80211_TID_CONFIG_ATTR_PAD)) 2323 goto fail; 2324 2325 /* for now we just use the same value ... makes more sense */ 2326 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT, 2327 rdev->wiphy.tid_config_support.max_retry)) 2328 goto fail; 2329 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG, 2330 rdev->wiphy.tid_config_support.max_retry)) 2331 goto fail; 2332 2333 nla_nest_end(msg, supp); 2334 2335 return 0; 2336 fail: 2337 nla_nest_cancel(msg, supp); 2338 return -ENOBUFS; 2339 } 2340 2341 static int 2342 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev, 2343 struct sk_buff *msg) 2344 { 2345 struct nlattr *sar_capa, *specs, *sub_freq_range; 2346 u8 num_freq_ranges; 2347 int i; 2348 2349 if (!rdev->wiphy.sar_capa) 2350 return 0; 2351 2352 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges; 2353 2354 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC); 2355 if (!sar_capa) 2356 return -ENOSPC; 2357 2358 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type)) 2359 goto fail; 2360 2361 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS); 2362 if (!specs) 2363 goto fail; 2364 2365 /* report supported freq_ranges */ 2366 for (i = 0; i < num_freq_ranges; i++) { 2367 sub_freq_range = nla_nest_start(msg, i + 1); 2368 if (!sub_freq_range) 2369 goto fail; 2370 2371 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ, 2372 rdev->wiphy.sar_capa->freq_ranges[i].start_freq)) 2373 goto fail; 2374 2375 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ, 2376 rdev->wiphy.sar_capa->freq_ranges[i].end_freq)) 2377 goto fail; 2378 2379 nla_nest_end(msg, sub_freq_range); 2380 } 2381 2382 nla_nest_end(msg, specs); 2383 nla_nest_end(msg, sar_capa); 2384 2385 return 0; 2386 fail: 2387 nla_nest_cancel(msg, sar_capa); 2388 return -ENOBUFS; 2389 } 2390 2391 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg) 2392 { 2393 struct nlattr *config; 2394 2395 if (!wiphy->mbssid_max_interfaces) 2396 return 0; 2397 2398 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG); 2399 if (!config) 2400 return -ENOBUFS; 2401 2402 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES, 2403 wiphy->mbssid_max_interfaces)) 2404 goto fail; 2405 2406 if (wiphy->ema_max_profile_periodicity && 2407 nla_put_u8(msg, 2408 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY, 2409 wiphy->ema_max_profile_periodicity)) 2410 goto fail; 2411 2412 nla_nest_end(msg, config); 2413 return 0; 2414 2415 fail: 2416 nla_nest_cancel(msg, config); 2417 return -ENOBUFS; 2418 } 2419 2420 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx) 2421 { 2422 const struct wiphy_radio *r = &wiphy->radio[idx]; 2423 struct nlattr *radio, *freq; 2424 int i; 2425 2426 radio = nla_nest_start(msg, idx); 2427 if (!radio) 2428 return -ENOBUFS; 2429 2430 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx)) 2431 goto nla_put_failure; 2432 2433 for (i = 0; i < r->n_freq_range; i++) { 2434 const struct wiphy_radio_freq_range *range = &r->freq_range[i]; 2435 2436 freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE); 2437 if (!freq) 2438 goto nla_put_failure; 2439 2440 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START, 2441 range->start_freq) || 2442 nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END, 2443 range->end_freq)) 2444 goto nla_put_failure; 2445 2446 nla_nest_end(msg, freq); 2447 } 2448 2449 for (i = 0; i < r->n_iface_combinations; i++) 2450 if (nl80211_put_ifcomb_data(msg, true, 2451 NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION, 2452 &r->iface_combinations[i], 2453 NLA_F_NESTED)) 2454 goto nla_put_failure; 2455 2456 nla_nest_end(msg, radio); 2457 2458 return 0; 2459 2460 nla_put_failure: 2461 return -ENOBUFS; 2462 } 2463 2464 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg) 2465 { 2466 struct nlattr *radios; 2467 int i; 2468 2469 if (!wiphy->n_radio) 2470 return 0; 2471 2472 radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS); 2473 if (!radios) 2474 return -ENOBUFS; 2475 2476 for (i = 0; i < wiphy->n_radio; i++) 2477 if (nl80211_put_radio(wiphy, msg, i)) 2478 goto fail; 2479 2480 nla_nest_end(msg, radios); 2481 2482 if (nl80211_put_iface_combinations(wiphy, msg, 2483 NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS, 2484 -1, true, NLA_F_NESTED)) 2485 return -ENOBUFS; 2486 2487 return 0; 2488 2489 fail: 2490 nla_nest_cancel(msg, radios); 2491 return -ENOBUFS; 2492 } 2493 2494 struct nl80211_dump_wiphy_state { 2495 s64 filter_wiphy; 2496 long start; 2497 long split_start, band_start, chan_start, capa_start; 2498 bool split; 2499 }; 2500 2501 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev, 2502 enum nl80211_commands cmd, 2503 struct sk_buff *msg, u32 portid, u32 seq, 2504 int flags, struct nl80211_dump_wiphy_state *state) 2505 { 2506 void *hdr; 2507 struct nlattr *nl_bands, *nl_band; 2508 struct nlattr *nl_freqs, *nl_freq; 2509 struct nlattr *nl_cmds; 2510 enum nl80211_band band; 2511 struct ieee80211_channel *chan; 2512 int i; 2513 const struct ieee80211_txrx_stypes *mgmt_stypes = 2514 rdev->wiphy.mgmt_stypes; 2515 u32 features; 2516 2517 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 2518 if (!hdr) 2519 return -ENOBUFS; 2520 2521 if (WARN_ON(!state)) 2522 return -EINVAL; 2523 2524 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 2525 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, 2526 wiphy_name(&rdev->wiphy)) || 2527 nla_put_u32(msg, NL80211_ATTR_GENERATION, 2528 cfg80211_rdev_list_generation)) 2529 goto nla_put_failure; 2530 2531 if (cmd != NL80211_CMD_NEW_WIPHY) 2532 goto finish; 2533 2534 switch (state->split_start) { 2535 case 0: 2536 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 2537 rdev->wiphy.retry_short) || 2538 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 2539 rdev->wiphy.retry_long) || 2540 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 2541 rdev->wiphy.frag_threshold) || 2542 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 2543 rdev->wiphy.rts_threshold) || 2544 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 2545 rdev->wiphy.coverage_class) || 2546 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 2547 rdev->wiphy.max_scan_ssids) || 2548 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 2549 rdev->wiphy.max_sched_scan_ssids) || 2550 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 2551 rdev->wiphy.max_scan_ie_len) || 2552 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 2553 rdev->wiphy.max_sched_scan_ie_len) || 2554 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 2555 rdev->wiphy.max_match_sets)) 2556 goto nla_put_failure; 2557 2558 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 2559 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 2560 goto nla_put_failure; 2561 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 2562 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 2563 goto nla_put_failure; 2564 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2565 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 2566 goto nla_put_failure; 2567 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 2568 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 2569 goto nla_put_failure; 2570 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 2571 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 2572 goto nla_put_failure; 2573 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 2574 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 2575 goto nla_put_failure; 2576 state->split_start++; 2577 if (state->split) 2578 break; 2579 fallthrough; 2580 case 1: 2581 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 2582 sizeof(u32) * rdev->wiphy.n_cipher_suites, 2583 rdev->wiphy.cipher_suites)) 2584 goto nla_put_failure; 2585 2586 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 2587 rdev->wiphy.max_num_pmkids)) 2588 goto nla_put_failure; 2589 2590 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 2591 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 2592 goto nla_put_failure; 2593 2594 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 2595 rdev->wiphy.available_antennas_tx) || 2596 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 2597 rdev->wiphy.available_antennas_rx)) 2598 goto nla_put_failure; 2599 2600 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 2601 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 2602 rdev->wiphy.probe_resp_offload)) 2603 goto nla_put_failure; 2604 2605 if ((rdev->wiphy.available_antennas_tx || 2606 rdev->wiphy.available_antennas_rx) && 2607 rdev->ops->get_antenna) { 2608 u32 tx_ant = 0, rx_ant = 0; 2609 int res; 2610 2611 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant); 2612 if (!res) { 2613 if (nla_put_u32(msg, 2614 NL80211_ATTR_WIPHY_ANTENNA_TX, 2615 tx_ant) || 2616 nla_put_u32(msg, 2617 NL80211_ATTR_WIPHY_ANTENNA_RX, 2618 rx_ant)) 2619 goto nla_put_failure; 2620 } 2621 } 2622 2623 state->split_start++; 2624 if (state->split) 2625 break; 2626 fallthrough; 2627 case 2: 2628 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 2629 rdev->wiphy.interface_modes)) 2630 goto nla_put_failure; 2631 state->split_start++; 2632 if (state->split) 2633 break; 2634 fallthrough; 2635 case 3: 2636 nl_bands = nla_nest_start_noflag(msg, 2637 NL80211_ATTR_WIPHY_BANDS); 2638 if (!nl_bands) 2639 goto nla_put_failure; 2640 2641 for (band = state->band_start; 2642 band < (state->split ? 2643 NUM_NL80211_BANDS : 2644 NL80211_BAND_60GHZ + 1); 2645 band++) { 2646 struct ieee80211_supported_band *sband; 2647 2648 /* omit higher bands for ancient software */ 2649 if (band > NL80211_BAND_5GHZ && !state->split) 2650 break; 2651 2652 sband = rdev->wiphy.bands[band]; 2653 2654 if (!sband) 2655 continue; 2656 2657 nl_band = nla_nest_start_noflag(msg, band); 2658 if (!nl_band) 2659 goto nla_put_failure; 2660 2661 switch (state->chan_start) { 2662 case 0: 2663 if (nl80211_send_band_rateinfo(msg, sband, 2664 state->split)) 2665 goto nla_put_failure; 2666 state->chan_start++; 2667 if (state->split) 2668 break; 2669 fallthrough; 2670 default: 2671 /* add frequencies */ 2672 nl_freqs = nla_nest_start_noflag(msg, 2673 NL80211_BAND_ATTR_FREQS); 2674 if (!nl_freqs) 2675 goto nla_put_failure; 2676 2677 for (i = state->chan_start - 1; 2678 i < sband->n_channels; 2679 i++) { 2680 nl_freq = nla_nest_start_noflag(msg, 2681 i); 2682 if (!nl_freq) 2683 goto nla_put_failure; 2684 2685 chan = &sband->channels[i]; 2686 2687 if (nl80211_msg_put_channel( 2688 msg, &rdev->wiphy, chan, 2689 state->split)) 2690 goto nla_put_failure; 2691 2692 nla_nest_end(msg, nl_freq); 2693 if (state->split) 2694 break; 2695 } 2696 if (i < sband->n_channels) 2697 state->chan_start = i + 2; 2698 else 2699 state->chan_start = 0; 2700 nla_nest_end(msg, nl_freqs); 2701 } 2702 2703 nla_nest_end(msg, nl_band); 2704 2705 if (state->split) { 2706 /* start again here */ 2707 if (state->chan_start) 2708 band--; 2709 break; 2710 } 2711 } 2712 nla_nest_end(msg, nl_bands); 2713 2714 if (band < NUM_NL80211_BANDS) 2715 state->band_start = band + 1; 2716 else 2717 state->band_start = 0; 2718 2719 /* if bands & channels are done, continue outside */ 2720 if (state->band_start == 0 && state->chan_start == 0) 2721 state->split_start++; 2722 if (state->split) 2723 break; 2724 fallthrough; 2725 case 4: 2726 nl_cmds = nla_nest_start_noflag(msg, 2727 NL80211_ATTR_SUPPORTED_COMMANDS); 2728 if (!nl_cmds) 2729 goto nla_put_failure; 2730 2731 i = nl80211_add_commands_unsplit(rdev, msg); 2732 if (i < 0) 2733 goto nla_put_failure; 2734 if (state->split) { 2735 CMD(crit_proto_start, CRIT_PROTOCOL_START); 2736 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP); 2737 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH) 2738 CMD(channel_switch, CHANNEL_SWITCH); 2739 CMD(set_qos_map, SET_QOS_MAP); 2740 if (rdev->wiphy.features & 2741 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION) 2742 CMD(add_tx_ts, ADD_TX_TS); 2743 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST); 2744 CMD(update_connect_params, UPDATE_CONNECT_PARAMS); 2745 CMD(update_ft_ies, UPDATE_FT_IES); 2746 if (rdev->wiphy.sar_capa) 2747 CMD(set_sar_specs, SET_SAR_SPECS); 2748 } 2749 #undef CMD 2750 2751 nla_nest_end(msg, nl_cmds); 2752 state->split_start++; 2753 if (state->split) 2754 break; 2755 fallthrough; 2756 case 5: 2757 if (rdev->ops->remain_on_channel && 2758 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 2759 nla_put_u32(msg, 2760 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 2761 rdev->wiphy.max_remain_on_channel_duration)) 2762 goto nla_put_failure; 2763 2764 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 2765 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 2766 goto nla_put_failure; 2767 2768 state->split_start++; 2769 if (state->split) 2770 break; 2771 fallthrough; 2772 case 6: 2773 #ifdef CONFIG_PM 2774 if (nl80211_send_wowlan(msg, rdev, state->split)) 2775 goto nla_put_failure; 2776 state->split_start++; 2777 if (state->split) 2778 break; 2779 #else 2780 state->split_start++; 2781 #endif 2782 fallthrough; 2783 case 7: 2784 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 2785 rdev->wiphy.software_iftypes)) 2786 goto nla_put_failure; 2787 2788 if (nl80211_put_iface_combinations(&rdev->wiphy, msg, 2789 NL80211_ATTR_INTERFACE_COMBINATIONS, 2790 rdev->wiphy.n_radio ? 0 : -1, 2791 state->split, 0)) 2792 goto nla_put_failure; 2793 2794 state->split_start++; 2795 if (state->split) 2796 break; 2797 fallthrough; 2798 case 8: 2799 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 2800 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 2801 rdev->wiphy.ap_sme_capa)) 2802 goto nla_put_failure; 2803 2804 features = rdev->wiphy.features; 2805 /* 2806 * We can only add the per-channel limit information if the 2807 * dump is split, otherwise it makes it too big. Therefore 2808 * only advertise it in that case. 2809 */ 2810 if (state->split) 2811 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS; 2812 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features)) 2813 goto nla_put_failure; 2814 2815 if (rdev->wiphy.ht_capa_mod_mask && 2816 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 2817 sizeof(*rdev->wiphy.ht_capa_mod_mask), 2818 rdev->wiphy.ht_capa_mod_mask)) 2819 goto nla_put_failure; 2820 2821 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME && 2822 rdev->wiphy.max_acl_mac_addrs && 2823 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX, 2824 rdev->wiphy.max_acl_mac_addrs)) 2825 goto nla_put_failure; 2826 2827 /* 2828 * Any information below this point is only available to 2829 * applications that can deal with it being split. This 2830 * helps ensure that newly added capabilities don't break 2831 * older tools by overrunning their buffers. 2832 * 2833 * We still increment split_start so that in the split 2834 * case we'll continue with more data in the next round, 2835 * but break unconditionally so unsplit data stops here. 2836 */ 2837 if (state->split) 2838 state->split_start++; 2839 else 2840 state->split_start = 0; 2841 break; 2842 case 9: 2843 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes)) 2844 goto nla_put_failure; 2845 2846 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS, 2847 rdev->wiphy.max_sched_scan_plans) || 2848 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL, 2849 rdev->wiphy.max_sched_scan_plan_interval) || 2850 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS, 2851 rdev->wiphy.max_sched_scan_plan_iterations)) 2852 goto nla_put_failure; 2853 2854 if (rdev->wiphy.extended_capabilities && 2855 (nla_put(msg, NL80211_ATTR_EXT_CAPA, 2856 rdev->wiphy.extended_capabilities_len, 2857 rdev->wiphy.extended_capabilities) || 2858 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 2859 rdev->wiphy.extended_capabilities_len, 2860 rdev->wiphy.extended_capabilities_mask))) 2861 goto nla_put_failure; 2862 2863 if (rdev->wiphy.vht_capa_mod_mask && 2864 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, 2865 sizeof(*rdev->wiphy.vht_capa_mod_mask), 2866 rdev->wiphy.vht_capa_mod_mask)) 2867 goto nla_put_failure; 2868 2869 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 2870 rdev->wiphy.perm_addr)) 2871 goto nla_put_failure; 2872 2873 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) && 2874 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN, 2875 rdev->wiphy.addr_mask)) 2876 goto nla_put_failure; 2877 2878 if (rdev->wiphy.n_addresses > 1) { 2879 void *attr; 2880 2881 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 2882 if (!attr) 2883 goto nla_put_failure; 2884 2885 for (i = 0; i < rdev->wiphy.n_addresses; i++) 2886 if (nla_put(msg, i + 1, ETH_ALEN, 2887 rdev->wiphy.addresses[i].addr)) 2888 goto nla_put_failure; 2889 2890 nla_nest_end(msg, attr); 2891 } 2892 2893 state->split_start++; 2894 break; 2895 case 10: 2896 if (nl80211_send_coalesce(msg, rdev)) 2897 goto nla_put_failure; 2898 2899 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) && 2900 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) || 2901 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ))) 2902 goto nla_put_failure; 2903 2904 if (rdev->wiphy.max_ap_assoc_sta && 2905 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA, 2906 rdev->wiphy.max_ap_assoc_sta)) 2907 goto nla_put_failure; 2908 2909 state->split_start++; 2910 break; 2911 case 11: 2912 if (rdev->wiphy.n_vendor_commands) { 2913 const struct nl80211_vendor_cmd_info *info; 2914 struct nlattr *nested; 2915 2916 nested = nla_nest_start_noflag(msg, 2917 NL80211_ATTR_VENDOR_DATA); 2918 if (!nested) 2919 goto nla_put_failure; 2920 2921 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 2922 info = &rdev->wiphy.vendor_commands[i].info; 2923 if (nla_put(msg, i + 1, sizeof(*info), info)) 2924 goto nla_put_failure; 2925 } 2926 nla_nest_end(msg, nested); 2927 } 2928 2929 if (rdev->wiphy.n_vendor_events) { 2930 const struct nl80211_vendor_cmd_info *info; 2931 struct nlattr *nested; 2932 2933 nested = nla_nest_start_noflag(msg, 2934 NL80211_ATTR_VENDOR_EVENTS); 2935 if (!nested) 2936 goto nla_put_failure; 2937 2938 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) { 2939 info = &rdev->wiphy.vendor_events[i]; 2940 if (nla_put(msg, i + 1, sizeof(*info), info)) 2941 goto nla_put_failure; 2942 } 2943 nla_nest_end(msg, nested); 2944 } 2945 state->split_start++; 2946 break; 2947 case 12: 2948 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH && 2949 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS, 2950 rdev->wiphy.max_num_csa_counters)) 2951 goto nla_put_failure; 2952 2953 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 2954 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 2955 goto nla_put_failure; 2956 2957 if (rdev->wiphy.max_sched_scan_reqs && 2958 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS, 2959 rdev->wiphy.max_sched_scan_reqs)) 2960 goto nla_put_failure; 2961 2962 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES, 2963 sizeof(rdev->wiphy.ext_features), 2964 rdev->wiphy.ext_features)) 2965 goto nla_put_failure; 2966 2967 if (rdev->wiphy.bss_select_support) { 2968 struct nlattr *nested; 2969 u32 bss_select_support = rdev->wiphy.bss_select_support; 2970 2971 nested = nla_nest_start_noflag(msg, 2972 NL80211_ATTR_BSS_SELECT); 2973 if (!nested) 2974 goto nla_put_failure; 2975 2976 i = 0; 2977 while (bss_select_support) { 2978 if ((bss_select_support & 1) && 2979 nla_put_flag(msg, i)) 2980 goto nla_put_failure; 2981 i++; 2982 bss_select_support >>= 1; 2983 } 2984 nla_nest_end(msg, nested); 2985 } 2986 2987 state->split_start++; 2988 break; 2989 case 13: 2990 if (rdev->wiphy.num_iftype_ext_capab && 2991 rdev->wiphy.iftype_ext_capab) { 2992 struct nlattr *nested_ext_capab, *nested; 2993 2994 nested = nla_nest_start_noflag(msg, 2995 NL80211_ATTR_IFTYPE_EXT_CAPA); 2996 if (!nested) 2997 goto nla_put_failure; 2998 2999 for (i = state->capa_start; 3000 i < rdev->wiphy.num_iftype_ext_capab; i++) { 3001 const struct wiphy_iftype_ext_capab *capab; 3002 3003 capab = &rdev->wiphy.iftype_ext_capab[i]; 3004 3005 nested_ext_capab = nla_nest_start_noflag(msg, 3006 i); 3007 if (!nested_ext_capab || 3008 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 3009 capab->iftype) || 3010 nla_put(msg, NL80211_ATTR_EXT_CAPA, 3011 capab->extended_capabilities_len, 3012 capab->extended_capabilities) || 3013 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK, 3014 capab->extended_capabilities_len, 3015 capab->extended_capabilities_mask)) 3016 goto nla_put_failure; 3017 3018 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO && 3019 (nla_put_u16(msg, 3020 NL80211_ATTR_EML_CAPABILITY, 3021 capab->eml_capabilities) || 3022 nla_put_u16(msg, 3023 NL80211_ATTR_MLD_CAPA_AND_OPS, 3024 capab->mld_capa_and_ops))) 3025 goto nla_put_failure; 3026 3027 nla_nest_end(msg, nested_ext_capab); 3028 if (state->split) 3029 break; 3030 } 3031 nla_nest_end(msg, nested); 3032 if (i < rdev->wiphy.num_iftype_ext_capab) { 3033 state->capa_start = i + 1; 3034 break; 3035 } 3036 } 3037 3038 if (nla_put_u32(msg, NL80211_ATTR_BANDS, 3039 rdev->wiphy.nan_supported_bands)) 3040 goto nla_put_failure; 3041 3042 if (wiphy_ext_feature_isset(&rdev->wiphy, 3043 NL80211_EXT_FEATURE_TXQS)) { 3044 struct cfg80211_txq_stats txqstats = {}; 3045 int res; 3046 3047 res = rdev_get_txq_stats(rdev, NULL, &txqstats); 3048 if (!res && 3049 !nl80211_put_txq_stats(msg, &txqstats, 3050 NL80211_ATTR_TXQ_STATS)) 3051 goto nla_put_failure; 3052 3053 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT, 3054 rdev->wiphy.txq_limit)) 3055 goto nla_put_failure; 3056 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT, 3057 rdev->wiphy.txq_memory_limit)) 3058 goto nla_put_failure; 3059 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM, 3060 rdev->wiphy.txq_quantum)) 3061 goto nla_put_failure; 3062 } 3063 3064 state->split_start++; 3065 break; 3066 case 14: 3067 if (nl80211_send_pmsr_capa(rdev, msg)) 3068 goto nla_put_failure; 3069 3070 state->split_start++; 3071 break; 3072 case 15: 3073 if (rdev->wiphy.akm_suites && 3074 nla_put(msg, NL80211_ATTR_AKM_SUITES, 3075 sizeof(u32) * rdev->wiphy.n_akm_suites, 3076 rdev->wiphy.akm_suites)) 3077 goto nla_put_failure; 3078 3079 if (nl80211_put_iftype_akm_suites(rdev, msg)) 3080 goto nla_put_failure; 3081 3082 if (nl80211_put_tid_config_support(rdev, msg)) 3083 goto nla_put_failure; 3084 state->split_start++; 3085 break; 3086 case 16: 3087 if (nl80211_put_sar_specs(rdev, msg)) 3088 goto nla_put_failure; 3089 3090 if (nl80211_put_mbssid_support(&rdev->wiphy, msg)) 3091 goto nla_put_failure; 3092 3093 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES, 3094 rdev->wiphy.max_num_akm_suites)) 3095 goto nla_put_failure; 3096 3097 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO) 3098 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT); 3099 3100 if (rdev->wiphy.hw_timestamp_max_peers && 3101 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS, 3102 rdev->wiphy.hw_timestamp_max_peers)) 3103 goto nla_put_failure; 3104 3105 state->split_start++; 3106 break; 3107 case 17: 3108 if (nl80211_put_radios(&rdev->wiphy, msg)) 3109 goto nla_put_failure; 3110 3111 /* done */ 3112 state->split_start = 0; 3113 break; 3114 } 3115 finish: 3116 genlmsg_end(msg, hdr); 3117 return 0; 3118 3119 nla_put_failure: 3120 genlmsg_cancel(msg, hdr); 3121 return -EMSGSIZE; 3122 } 3123 3124 static int nl80211_dump_wiphy_parse(struct sk_buff *skb, 3125 struct netlink_callback *cb, 3126 struct nl80211_dump_wiphy_state *state) 3127 { 3128 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL); 3129 int ret; 3130 3131 if (!tb) 3132 return -ENOMEM; 3133 3134 ret = nlmsg_parse_deprecated(cb->nlh, 3135 GENL_HDRLEN + nl80211_fam.hdrsize, 3136 tb, nl80211_fam.maxattr, 3137 nl80211_policy, NULL); 3138 /* ignore parse errors for backward compatibility */ 3139 if (ret) { 3140 ret = 0; 3141 goto out; 3142 } 3143 3144 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP]; 3145 if (tb[NL80211_ATTR_WIPHY]) 3146 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 3147 if (tb[NL80211_ATTR_WDEV]) 3148 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32; 3149 if (tb[NL80211_ATTR_IFINDEX]) { 3150 struct net_device *netdev; 3151 struct cfg80211_registered_device *rdev; 3152 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3153 3154 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 3155 if (!netdev) { 3156 ret = -ENODEV; 3157 goto out; 3158 } 3159 if (netdev->ieee80211_ptr) { 3160 rdev = wiphy_to_rdev( 3161 netdev->ieee80211_ptr->wiphy); 3162 state->filter_wiphy = rdev->wiphy_idx; 3163 } 3164 } 3165 3166 ret = 0; 3167 out: 3168 kfree(tb); 3169 return ret; 3170 } 3171 3172 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 3173 { 3174 int idx = 0, ret; 3175 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0]; 3176 struct cfg80211_registered_device *rdev; 3177 3178 rtnl_lock(); 3179 if (!state) { 3180 state = kzalloc(sizeof(*state), GFP_KERNEL); 3181 if (!state) { 3182 rtnl_unlock(); 3183 return -ENOMEM; 3184 } 3185 state->filter_wiphy = -1; 3186 ret = nl80211_dump_wiphy_parse(skb, cb, state); 3187 if (ret) { 3188 kfree(state); 3189 rtnl_unlock(); 3190 return ret; 3191 } 3192 cb->args[0] = (long)state; 3193 } 3194 3195 for_each_rdev(rdev) { 3196 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 3197 continue; 3198 if (++idx <= state->start) 3199 continue; 3200 if (state->filter_wiphy != -1 && 3201 state->filter_wiphy != rdev->wiphy_idx) 3202 continue; 3203 wiphy_lock(&rdev->wiphy); 3204 /* attempt to fit multiple wiphy data chunks into the skb */ 3205 do { 3206 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, 3207 skb, 3208 NETLINK_CB(cb->skb).portid, 3209 cb->nlh->nlmsg_seq, 3210 NLM_F_MULTI, state); 3211 if (ret < 0) { 3212 /* 3213 * If sending the wiphy data didn't fit (ENOBUFS 3214 * or EMSGSIZE returned), this SKB is still 3215 * empty (so it's not too big because another 3216 * wiphy dataset is already in the skb) and 3217 * we've not tried to adjust the dump allocation 3218 * yet ... then adjust the alloc size to be 3219 * bigger, and return 1 but with the empty skb. 3220 * This results in an empty message being RX'ed 3221 * in userspace, but that is ignored. 3222 * 3223 * We can then retry with the larger buffer. 3224 */ 3225 if ((ret == -ENOBUFS || ret == -EMSGSIZE) && 3226 !skb->len && !state->split && 3227 cb->min_dump_alloc < 4096) { 3228 cb->min_dump_alloc = 4096; 3229 state->split_start = 0; 3230 wiphy_unlock(&rdev->wiphy); 3231 rtnl_unlock(); 3232 return 1; 3233 } 3234 idx--; 3235 break; 3236 } 3237 } while (state->split_start > 0); 3238 wiphy_unlock(&rdev->wiphy); 3239 break; 3240 } 3241 rtnl_unlock(); 3242 3243 state->start = idx; 3244 3245 return skb->len; 3246 } 3247 3248 static int nl80211_dump_wiphy_done(struct netlink_callback *cb) 3249 { 3250 kfree((void *)cb->args[0]); 3251 return 0; 3252 } 3253 3254 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 3255 { 3256 struct sk_buff *msg; 3257 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3258 struct nl80211_dump_wiphy_state state = {}; 3259 3260 msg = nlmsg_new(4096, GFP_KERNEL); 3261 if (!msg) 3262 return -ENOMEM; 3263 3264 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg, 3265 info->snd_portid, info->snd_seq, 0, 3266 &state) < 0) { 3267 nlmsg_free(msg); 3268 return -ENOBUFS; 3269 } 3270 3271 return genlmsg_reply(msg, info); 3272 } 3273 3274 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 3275 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 3276 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 3277 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 3278 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 3279 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 3280 }; 3281 3282 static int parse_txq_params(struct nlattr *tb[], 3283 struct ieee80211_txq_params *txq_params) 3284 { 3285 u8 ac; 3286 3287 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 3288 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 3289 !tb[NL80211_TXQ_ATTR_AIFS]) 3290 return -EINVAL; 3291 3292 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 3293 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 3294 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 3295 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 3296 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 3297 3298 if (ac >= NL80211_NUM_ACS) 3299 return -EINVAL; 3300 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS); 3301 return 0; 3302 } 3303 3304 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 3305 { 3306 /* 3307 * You can only set the channel explicitly for some interfaces, 3308 * most have their channel managed via their respective 3309 * "establish a connection" command (connect, join, ...) 3310 * 3311 * For AP/GO and mesh mode, the channel can be set with the 3312 * channel userspace API, but is only stored and passed to the 3313 * low-level driver when the AP starts or the mesh is joined. 3314 * This is for backward compatibility, userspace can also give 3315 * the channel in the start-ap or join-mesh commands instead. 3316 * 3317 * Monitors are special as they are normally slaved to 3318 * whatever else is going on, so they have their own special 3319 * operation to set the monitor channel if possible. 3320 */ 3321 return !wdev || 3322 wdev->iftype == NL80211_IFTYPE_AP || 3323 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 3324 wdev->iftype == NL80211_IFTYPE_MONITOR || 3325 wdev->iftype == NL80211_IFTYPE_P2P_GO; 3326 } 3327 3328 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 3329 struct genl_info *info, bool monitor, 3330 struct cfg80211_chan_def *chandef) 3331 { 3332 struct netlink_ext_ack *extack = info->extack; 3333 struct nlattr **attrs = info->attrs; 3334 u32 control_freq; 3335 3336 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) { 3337 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ], 3338 "Frequency is missing"); 3339 return -EINVAL; 3340 } 3341 3342 control_freq = MHZ_TO_KHZ( 3343 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3344 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 3345 control_freq += 3346 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 3347 3348 memset(chandef, 0, sizeof(*chandef)); 3349 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq); 3350 chandef->width = NL80211_CHAN_WIDTH_20_NOHT; 3351 chandef->center_freq1 = KHZ_TO_MHZ(control_freq); 3352 chandef->freq1_offset = control_freq % 1000; 3353 chandef->center_freq2 = 0; 3354 3355 if (!chandef->chan) { 3356 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ], 3357 "Unknown channel"); 3358 return -EINVAL; 3359 } 3360 3361 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 3362 enum nl80211_channel_type chantype; 3363 3364 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 3365 3366 switch (chantype) { 3367 case NL80211_CHAN_NO_HT: 3368 case NL80211_CHAN_HT20: 3369 case NL80211_CHAN_HT40PLUS: 3370 case NL80211_CHAN_HT40MINUS: 3371 cfg80211_chandef_create(chandef, chandef->chan, 3372 chantype); 3373 /* user input for center_freq is incorrect */ 3374 if (attrs[NL80211_ATTR_CENTER_FREQ1] && 3375 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) { 3376 NL_SET_ERR_MSG_ATTR(extack, 3377 attrs[NL80211_ATTR_CENTER_FREQ1], 3378 "bad center frequency 1"); 3379 return -EINVAL; 3380 } 3381 /* center_freq2 must be zero */ 3382 if (attrs[NL80211_ATTR_CENTER_FREQ2] && 3383 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) { 3384 NL_SET_ERR_MSG_ATTR(extack, 3385 attrs[NL80211_ATTR_CENTER_FREQ2], 3386 "center frequency 2 can't be used"); 3387 return -EINVAL; 3388 } 3389 break; 3390 default: 3391 NL_SET_ERR_MSG_ATTR(extack, 3392 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 3393 "invalid channel type"); 3394 return -EINVAL; 3395 } 3396 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) { 3397 chandef->width = 3398 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]); 3399 if (chandef->chan->band == NL80211_BAND_S1GHZ) { 3400 /* User input error for channel width doesn't match channel */ 3401 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) { 3402 NL_SET_ERR_MSG_ATTR(extack, 3403 attrs[NL80211_ATTR_CHANNEL_WIDTH], 3404 "bad channel width"); 3405 return -EINVAL; 3406 } 3407 } 3408 if (attrs[NL80211_ATTR_CENTER_FREQ1]) { 3409 chandef->center_freq1 = 3410 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]); 3411 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]) 3412 chandef->freq1_offset = nla_get_u32( 3413 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]); 3414 else 3415 chandef->freq1_offset = 0; 3416 } 3417 if (attrs[NL80211_ATTR_CENTER_FREQ2]) 3418 chandef->center_freq2 = 3419 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]); 3420 } 3421 3422 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) { 3423 chandef->edmg.channels = 3424 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]); 3425 3426 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]) 3427 chandef->edmg.bw_config = 3428 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]); 3429 } else { 3430 chandef->edmg.bw_config = 0; 3431 chandef->edmg.channels = 0; 3432 } 3433 3434 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) { 3435 chandef->punctured = 3436 nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]); 3437 3438 if (chandef->punctured && 3439 !wiphy_ext_feature_isset(&rdev->wiphy, 3440 NL80211_EXT_FEATURE_PUNCT)) { 3441 NL_SET_ERR_MSG(extack, 3442 "driver doesn't support puncturing"); 3443 return -EINVAL; 3444 } 3445 } 3446 3447 if (!cfg80211_chandef_valid(chandef)) { 3448 NL_SET_ERR_MSG(extack, "invalid channel definition"); 3449 return -EINVAL; 3450 } 3451 3452 if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef, 3453 IEEE80211_CHAN_DISABLED, 3454 monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) { 3455 NL_SET_ERR_MSG(extack, "(extension) channel is disabled"); 3456 return -EINVAL; 3457 } 3458 3459 if ((chandef->width == NL80211_CHAN_WIDTH_5 || 3460 chandef->width == NL80211_CHAN_WIDTH_10) && 3461 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) { 3462 NL_SET_ERR_MSG(extack, "5/10 MHz not supported"); 3463 return -EINVAL; 3464 } 3465 3466 return 0; 3467 } 3468 3469 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev, 3470 struct genl_info *info, 3471 struct cfg80211_chan_def *chandef) 3472 { 3473 return _nl80211_parse_chandef(rdev, info, false, chandef); 3474 } 3475 3476 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 3477 struct net_device *dev, 3478 struct genl_info *info, 3479 int _link_id) 3480 { 3481 struct cfg80211_chan_def chandef; 3482 int result; 3483 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR; 3484 struct wireless_dev *wdev = NULL; 3485 int link_id = _link_id; 3486 3487 if (dev) 3488 wdev = dev->ieee80211_ptr; 3489 if (!nl80211_can_set_dev_channel(wdev)) 3490 return -EOPNOTSUPP; 3491 if (wdev) 3492 iftype = wdev->iftype; 3493 3494 if (link_id < 0) { 3495 if (wdev && wdev->valid_links) 3496 return -EINVAL; 3497 link_id = 0; 3498 } 3499 3500 result = _nl80211_parse_chandef(rdev, info, 3501 iftype == NL80211_IFTYPE_MONITOR, 3502 &chandef); 3503 if (result) 3504 return result; 3505 3506 switch (iftype) { 3507 case NL80211_IFTYPE_AP: 3508 case NL80211_IFTYPE_P2P_GO: 3509 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 3510 iftype)) 3511 return -EINVAL; 3512 if (wdev->links[link_id].ap.beacon_interval) { 3513 struct ieee80211_channel *cur_chan; 3514 3515 if (!dev || !rdev->ops->set_ap_chanwidth || 3516 !(rdev->wiphy.features & 3517 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) 3518 return -EBUSY; 3519 3520 /* Only allow dynamic channel width changes */ 3521 cur_chan = wdev->links[link_id].ap.chandef.chan; 3522 if (chandef.chan != cur_chan) 3523 return -EBUSY; 3524 3525 /* only allow this for regular channel widths */ 3526 switch (wdev->links[link_id].ap.chandef.width) { 3527 case NL80211_CHAN_WIDTH_20_NOHT: 3528 case NL80211_CHAN_WIDTH_20: 3529 case NL80211_CHAN_WIDTH_40: 3530 case NL80211_CHAN_WIDTH_80: 3531 case NL80211_CHAN_WIDTH_80P80: 3532 case NL80211_CHAN_WIDTH_160: 3533 case NL80211_CHAN_WIDTH_320: 3534 break; 3535 default: 3536 return -EINVAL; 3537 } 3538 3539 switch (chandef.width) { 3540 case NL80211_CHAN_WIDTH_20_NOHT: 3541 case NL80211_CHAN_WIDTH_20: 3542 case NL80211_CHAN_WIDTH_40: 3543 case NL80211_CHAN_WIDTH_80: 3544 case NL80211_CHAN_WIDTH_80P80: 3545 case NL80211_CHAN_WIDTH_160: 3546 case NL80211_CHAN_WIDTH_320: 3547 break; 3548 default: 3549 return -EINVAL; 3550 } 3551 3552 result = rdev_set_ap_chanwidth(rdev, dev, link_id, 3553 &chandef); 3554 if (result) 3555 return result; 3556 wdev->links[link_id].ap.chandef = chandef; 3557 } else { 3558 wdev->u.ap.preset_chandef = chandef; 3559 } 3560 return 0; 3561 case NL80211_IFTYPE_MESH_POINT: 3562 return cfg80211_set_mesh_channel(rdev, wdev, &chandef); 3563 case NL80211_IFTYPE_MONITOR: 3564 return cfg80211_set_monitor_channel(rdev, &chandef); 3565 default: 3566 break; 3567 } 3568 3569 return -EINVAL; 3570 } 3571 3572 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 3573 { 3574 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3575 int link_id = nl80211_link_id_or_invalid(info->attrs); 3576 struct net_device *netdev = info->user_ptr[1]; 3577 3578 return __nl80211_set_channel(rdev, netdev, info, link_id); 3579 } 3580 3581 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 3582 { 3583 struct cfg80211_registered_device *rdev = NULL; 3584 struct net_device *netdev = NULL; 3585 struct wireless_dev *wdev; 3586 int result = 0, rem_txq_params = 0; 3587 struct nlattr *nl_txq_params; 3588 u32 changed; 3589 u8 retry_short = 0, retry_long = 0; 3590 u32 frag_threshold = 0, rts_threshold = 0; 3591 u8 coverage_class = 0; 3592 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0; 3593 3594 rtnl_lock(); 3595 /* 3596 * Try to find the wiphy and netdev. Normally this 3597 * function shouldn't need the netdev, but this is 3598 * done for backward compatibility -- previously 3599 * setting the channel was done per wiphy, but now 3600 * it is per netdev. Previous userland like hostapd 3601 * also passed a netdev to set_wiphy, so that it is 3602 * possible to let that go to the right netdev! 3603 */ 3604 3605 if (info->attrs[NL80211_ATTR_IFINDEX]) { 3606 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 3607 3608 netdev = __dev_get_by_index(genl_info_net(info), ifindex); 3609 if (netdev && netdev->ieee80211_ptr) 3610 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy); 3611 else 3612 netdev = NULL; 3613 } 3614 3615 if (!netdev) { 3616 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info), 3617 info->attrs); 3618 if (IS_ERR(rdev)) { 3619 rtnl_unlock(); 3620 return PTR_ERR(rdev); 3621 } 3622 wdev = NULL; 3623 netdev = NULL; 3624 result = 0; 3625 } else 3626 wdev = netdev->ieee80211_ptr; 3627 3628 wiphy_lock(&rdev->wiphy); 3629 3630 /* 3631 * end workaround code, by now the rdev is available 3632 * and locked, and wdev may or may not be NULL. 3633 */ 3634 3635 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 3636 result = cfg80211_dev_rename( 3637 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 3638 rtnl_unlock(); 3639 3640 if (result) 3641 goto out; 3642 3643 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 3644 struct ieee80211_txq_params txq_params; 3645 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 3646 3647 if (!rdev->ops->set_txq_params) { 3648 result = -EOPNOTSUPP; 3649 goto out; 3650 } 3651 3652 if (!netdev) { 3653 result = -EINVAL; 3654 goto out; 3655 } 3656 3657 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3658 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 3659 result = -EINVAL; 3660 goto out; 3661 } 3662 3663 if (!netif_running(netdev)) { 3664 result = -ENETDOWN; 3665 goto out; 3666 } 3667 3668 nla_for_each_nested(nl_txq_params, 3669 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 3670 rem_txq_params) { 3671 result = nla_parse_nested_deprecated(tb, 3672 NL80211_TXQ_ATTR_MAX, 3673 nl_txq_params, 3674 txq_params_policy, 3675 info->extack); 3676 if (result) 3677 goto out; 3678 result = parse_txq_params(tb, &txq_params); 3679 if (result) 3680 goto out; 3681 3682 txq_params.link_id = 3683 nl80211_link_id_or_invalid(info->attrs); 3684 3685 if (txq_params.link_id >= 0 && 3686 !(netdev->ieee80211_ptr->valid_links & 3687 BIT(txq_params.link_id))) 3688 result = -ENOLINK; 3689 else if (txq_params.link_id >= 0 && 3690 !netdev->ieee80211_ptr->valid_links) 3691 result = -EINVAL; 3692 else 3693 result = rdev_set_txq_params(rdev, netdev, 3694 &txq_params); 3695 if (result) 3696 goto out; 3697 } 3698 } 3699 3700 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 3701 int link_id = nl80211_link_id_or_invalid(info->attrs); 3702 3703 if (wdev) { 3704 result = __nl80211_set_channel( 3705 rdev, 3706 nl80211_can_set_dev_channel(wdev) ? netdev : NULL, 3707 info, link_id); 3708 } else { 3709 result = __nl80211_set_channel(rdev, netdev, info, link_id); 3710 } 3711 3712 if (result) 3713 goto out; 3714 } 3715 3716 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 3717 struct wireless_dev *txp_wdev = wdev; 3718 enum nl80211_tx_power_setting type; 3719 int idx, mbm = 0; 3720 3721 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER)) 3722 txp_wdev = NULL; 3723 3724 if (!rdev->ops->set_tx_power) { 3725 result = -EOPNOTSUPP; 3726 goto out; 3727 } 3728 3729 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 3730 type = nla_get_u32(info->attrs[idx]); 3731 3732 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 3733 (type != NL80211_TX_POWER_AUTOMATIC)) { 3734 result = -EINVAL; 3735 goto out; 3736 } 3737 3738 if (type != NL80211_TX_POWER_AUTOMATIC) { 3739 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 3740 mbm = nla_get_u32(info->attrs[idx]); 3741 } 3742 3743 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm); 3744 if (result) 3745 goto out; 3746 } 3747 3748 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 3749 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 3750 u32 tx_ant, rx_ant; 3751 3752 if ((!rdev->wiphy.available_antennas_tx && 3753 !rdev->wiphy.available_antennas_rx) || 3754 !rdev->ops->set_antenna) { 3755 result = -EOPNOTSUPP; 3756 goto out; 3757 } 3758 3759 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 3760 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 3761 3762 /* reject antenna configurations which don't match the 3763 * available antenna masks, except for the "all" mask */ 3764 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 3765 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 3766 result = -EINVAL; 3767 goto out; 3768 } 3769 3770 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 3771 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 3772 3773 result = rdev_set_antenna(rdev, tx_ant, rx_ant); 3774 if (result) 3775 goto out; 3776 } 3777 3778 changed = 0; 3779 3780 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 3781 retry_short = nla_get_u8( 3782 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 3783 3784 changed |= WIPHY_PARAM_RETRY_SHORT; 3785 } 3786 3787 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 3788 retry_long = nla_get_u8( 3789 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 3790 3791 changed |= WIPHY_PARAM_RETRY_LONG; 3792 } 3793 3794 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 3795 frag_threshold = nla_get_u32( 3796 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 3797 if (frag_threshold < 256) { 3798 result = -EINVAL; 3799 goto out; 3800 } 3801 3802 if (frag_threshold != (u32) -1) { 3803 /* 3804 * Fragments (apart from the last one) are required to 3805 * have even length. Make the fragmentation code 3806 * simpler by stripping LSB should someone try to use 3807 * odd threshold value. 3808 */ 3809 frag_threshold &= ~0x1; 3810 } 3811 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 3812 } 3813 3814 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 3815 rts_threshold = nla_get_u32( 3816 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 3817 changed |= WIPHY_PARAM_RTS_THRESHOLD; 3818 } 3819 3820 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 3821 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 3822 result = -EINVAL; 3823 goto out; 3824 } 3825 3826 coverage_class = nla_get_u8( 3827 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 3828 changed |= WIPHY_PARAM_COVERAGE_CLASS; 3829 } 3830 3831 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) { 3832 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) { 3833 result = -EOPNOTSUPP; 3834 goto out; 3835 } 3836 3837 changed |= WIPHY_PARAM_DYN_ACK; 3838 } 3839 3840 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) { 3841 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3842 NL80211_EXT_FEATURE_TXQS)) { 3843 result = -EOPNOTSUPP; 3844 goto out; 3845 } 3846 txq_limit = nla_get_u32( 3847 info->attrs[NL80211_ATTR_TXQ_LIMIT]); 3848 changed |= WIPHY_PARAM_TXQ_LIMIT; 3849 } 3850 3851 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) { 3852 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3853 NL80211_EXT_FEATURE_TXQS)) { 3854 result = -EOPNOTSUPP; 3855 goto out; 3856 } 3857 txq_memory_limit = nla_get_u32( 3858 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]); 3859 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT; 3860 } 3861 3862 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) { 3863 if (!wiphy_ext_feature_isset(&rdev->wiphy, 3864 NL80211_EXT_FEATURE_TXQS)) { 3865 result = -EOPNOTSUPP; 3866 goto out; 3867 } 3868 txq_quantum = nla_get_u32( 3869 info->attrs[NL80211_ATTR_TXQ_QUANTUM]); 3870 changed |= WIPHY_PARAM_TXQ_QUANTUM; 3871 } 3872 3873 if (changed) { 3874 u8 old_retry_short, old_retry_long; 3875 u32 old_frag_threshold, old_rts_threshold; 3876 u8 old_coverage_class; 3877 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum; 3878 3879 if (!rdev->ops->set_wiphy_params) { 3880 result = -EOPNOTSUPP; 3881 goto out; 3882 } 3883 3884 old_retry_short = rdev->wiphy.retry_short; 3885 old_retry_long = rdev->wiphy.retry_long; 3886 old_frag_threshold = rdev->wiphy.frag_threshold; 3887 old_rts_threshold = rdev->wiphy.rts_threshold; 3888 old_coverage_class = rdev->wiphy.coverage_class; 3889 old_txq_limit = rdev->wiphy.txq_limit; 3890 old_txq_memory_limit = rdev->wiphy.txq_memory_limit; 3891 old_txq_quantum = rdev->wiphy.txq_quantum; 3892 3893 if (changed & WIPHY_PARAM_RETRY_SHORT) 3894 rdev->wiphy.retry_short = retry_short; 3895 if (changed & WIPHY_PARAM_RETRY_LONG) 3896 rdev->wiphy.retry_long = retry_long; 3897 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 3898 rdev->wiphy.frag_threshold = frag_threshold; 3899 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 3900 rdev->wiphy.rts_threshold = rts_threshold; 3901 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 3902 rdev->wiphy.coverage_class = coverage_class; 3903 if (changed & WIPHY_PARAM_TXQ_LIMIT) 3904 rdev->wiphy.txq_limit = txq_limit; 3905 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT) 3906 rdev->wiphy.txq_memory_limit = txq_memory_limit; 3907 if (changed & WIPHY_PARAM_TXQ_QUANTUM) 3908 rdev->wiphy.txq_quantum = txq_quantum; 3909 3910 result = rdev_set_wiphy_params(rdev, changed); 3911 if (result) { 3912 rdev->wiphy.retry_short = old_retry_short; 3913 rdev->wiphy.retry_long = old_retry_long; 3914 rdev->wiphy.frag_threshold = old_frag_threshold; 3915 rdev->wiphy.rts_threshold = old_rts_threshold; 3916 rdev->wiphy.coverage_class = old_coverage_class; 3917 rdev->wiphy.txq_limit = old_txq_limit; 3918 rdev->wiphy.txq_memory_limit = old_txq_memory_limit; 3919 rdev->wiphy.txq_quantum = old_txq_quantum; 3920 goto out; 3921 } 3922 } 3923 3924 result = 0; 3925 3926 out: 3927 wiphy_unlock(&rdev->wiphy); 3928 return result; 3929 } 3930 3931 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef) 3932 { 3933 if (WARN_ON(!cfg80211_chandef_valid(chandef))) 3934 return -EINVAL; 3935 3936 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 3937 chandef->chan->center_freq)) 3938 return -ENOBUFS; 3939 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, 3940 chandef->chan->freq_offset)) 3941 return -ENOBUFS; 3942 switch (chandef->width) { 3943 case NL80211_CHAN_WIDTH_20_NOHT: 3944 case NL80211_CHAN_WIDTH_20: 3945 case NL80211_CHAN_WIDTH_40: 3946 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3947 cfg80211_get_chandef_type(chandef))) 3948 return -ENOBUFS; 3949 break; 3950 default: 3951 break; 3952 } 3953 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width)) 3954 return -ENOBUFS; 3955 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1)) 3956 return -ENOBUFS; 3957 if (chandef->center_freq2 && 3958 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2)) 3959 return -ENOBUFS; 3960 if (chandef->punctured && 3961 nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured)) 3962 return -ENOBUFS; 3963 3964 return 0; 3965 } 3966 EXPORT_SYMBOL(nl80211_send_chandef); 3967 3968 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, 3969 struct cfg80211_registered_device *rdev, 3970 struct wireless_dev *wdev, 3971 enum nl80211_commands cmd) 3972 { 3973 struct net_device *dev = wdev->netdev; 3974 void *hdr; 3975 3976 lockdep_assert_wiphy(&rdev->wiphy); 3977 3978 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE && 3979 cmd != NL80211_CMD_DEL_INTERFACE && 3980 cmd != NL80211_CMD_SET_INTERFACE); 3981 3982 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 3983 if (!hdr) 3984 return -1; 3985 3986 if (dev && 3987 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3988 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name))) 3989 goto nla_put_failure; 3990 3991 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 3992 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) || 3993 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 3994 NL80211_ATTR_PAD) || 3995 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) || 3996 nla_put_u32(msg, NL80211_ATTR_GENERATION, 3997 rdev->devlist_generation ^ 3998 (cfg80211_rdev_list_generation << 2)) || 3999 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr)) 4000 goto nla_put_failure; 4001 4002 if (rdev->ops->get_channel && !wdev->valid_links) { 4003 struct cfg80211_chan_def chandef = {}; 4004 int ret; 4005 4006 ret = rdev_get_channel(rdev, wdev, 0, &chandef); 4007 if (ret == 0 && nl80211_send_chandef(msg, &chandef)) 4008 goto nla_put_failure; 4009 } 4010 4011 if (rdev->ops->get_tx_power) { 4012 int dbm, ret; 4013 4014 ret = rdev_get_tx_power(rdev, wdev, &dbm); 4015 if (ret == 0 && 4016 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL, 4017 DBM_TO_MBM(dbm))) 4018 goto nla_put_failure; 4019 } 4020 4021 switch (wdev->iftype) { 4022 case NL80211_IFTYPE_AP: 4023 case NL80211_IFTYPE_P2P_GO: 4024 if (wdev->u.ap.ssid_len && 4025 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len, 4026 wdev->u.ap.ssid)) 4027 goto nla_put_failure; 4028 break; 4029 case NL80211_IFTYPE_STATION: 4030 case NL80211_IFTYPE_P2P_CLIENT: 4031 if (wdev->u.client.ssid_len && 4032 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len, 4033 wdev->u.client.ssid)) 4034 goto nla_put_failure; 4035 break; 4036 case NL80211_IFTYPE_ADHOC: 4037 if (wdev->u.ibss.ssid_len && 4038 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len, 4039 wdev->u.ibss.ssid)) 4040 goto nla_put_failure; 4041 break; 4042 default: 4043 /* nothing */ 4044 break; 4045 } 4046 4047 if (rdev->ops->get_txq_stats) { 4048 struct cfg80211_txq_stats txqstats = {}; 4049 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats); 4050 4051 if (ret == 0 && 4052 !nl80211_put_txq_stats(msg, &txqstats, 4053 NL80211_ATTR_TXQ_STATS)) 4054 goto nla_put_failure; 4055 } 4056 4057 if (wdev->valid_links) { 4058 unsigned int link_id; 4059 struct nlattr *links = nla_nest_start(msg, 4060 NL80211_ATTR_MLO_LINKS); 4061 4062 if (!links) 4063 goto nla_put_failure; 4064 4065 for_each_valid_link(wdev, link_id) { 4066 struct nlattr *link = nla_nest_start(msg, link_id + 1); 4067 struct cfg80211_chan_def chandef = {}; 4068 int ret; 4069 4070 if (!link) 4071 goto nla_put_failure; 4072 4073 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) 4074 goto nla_put_failure; 4075 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 4076 wdev->links[link_id].addr)) 4077 goto nla_put_failure; 4078 4079 ret = rdev_get_channel(rdev, wdev, link_id, &chandef); 4080 if (ret == 0 && nl80211_send_chandef(msg, &chandef)) 4081 goto nla_put_failure; 4082 4083 nla_nest_end(msg, link); 4084 } 4085 4086 nla_nest_end(msg, links); 4087 } 4088 4089 genlmsg_end(msg, hdr); 4090 return 0; 4091 4092 nla_put_failure: 4093 genlmsg_cancel(msg, hdr); 4094 return -EMSGSIZE; 4095 } 4096 4097 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 4098 { 4099 int wp_idx = 0; 4100 int if_idx = 0; 4101 int wp_start = cb->args[0]; 4102 int if_start = cb->args[1]; 4103 int filter_wiphy = -1; 4104 struct cfg80211_registered_device *rdev; 4105 struct wireless_dev *wdev; 4106 int ret; 4107 4108 rtnl_lock(); 4109 if (!cb->args[2]) { 4110 struct nl80211_dump_wiphy_state state = { 4111 .filter_wiphy = -1, 4112 }; 4113 4114 ret = nl80211_dump_wiphy_parse(skb, cb, &state); 4115 if (ret) 4116 goto out_unlock; 4117 4118 filter_wiphy = state.filter_wiphy; 4119 4120 /* 4121 * if filtering, set cb->args[2] to +1 since 0 is the default 4122 * value needed to determine that parsing is necessary. 4123 */ 4124 if (filter_wiphy >= 0) 4125 cb->args[2] = filter_wiphy + 1; 4126 else 4127 cb->args[2] = -1; 4128 } else if (cb->args[2] > 0) { 4129 filter_wiphy = cb->args[2] - 1; 4130 } 4131 4132 for_each_rdev(rdev) { 4133 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 4134 continue; 4135 if (wp_idx < wp_start) { 4136 wp_idx++; 4137 continue; 4138 } 4139 4140 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx) 4141 continue; 4142 4143 if_idx = 0; 4144 4145 wiphy_lock(&rdev->wiphy); 4146 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 4147 if (if_idx < if_start) { 4148 if_idx++; 4149 continue; 4150 } 4151 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid, 4152 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4153 rdev, wdev, 4154 NL80211_CMD_NEW_INTERFACE) < 0) { 4155 wiphy_unlock(&rdev->wiphy); 4156 goto out; 4157 } 4158 if_idx++; 4159 } 4160 wiphy_unlock(&rdev->wiphy); 4161 4162 if_start = 0; 4163 wp_idx++; 4164 } 4165 out: 4166 cb->args[0] = wp_idx; 4167 cb->args[1] = if_idx; 4168 4169 ret = skb->len; 4170 out_unlock: 4171 rtnl_unlock(); 4172 4173 return ret; 4174 } 4175 4176 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 4177 { 4178 struct sk_buff *msg; 4179 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4180 struct wireless_dev *wdev = info->user_ptr[1]; 4181 4182 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4183 if (!msg) 4184 return -ENOMEM; 4185 4186 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 4187 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) { 4188 nlmsg_free(msg); 4189 return -ENOBUFS; 4190 } 4191 4192 return genlmsg_reply(msg, info); 4193 } 4194 4195 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 4196 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 4197 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 4198 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 4199 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 4200 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 4201 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG }, 4202 }; 4203 4204 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 4205 { 4206 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 4207 int flag; 4208 4209 *mntrflags = 0; 4210 4211 if (!nla) 4212 return -EINVAL; 4213 4214 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL)) 4215 return -EINVAL; 4216 4217 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 4218 if (flags[flag]) 4219 *mntrflags |= (1<<flag); 4220 4221 *mntrflags |= MONITOR_FLAG_CHANGED; 4222 4223 return 0; 4224 } 4225 4226 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev, 4227 enum nl80211_iftype type, 4228 struct genl_info *info, 4229 struct vif_params *params) 4230 { 4231 bool change = false; 4232 int err; 4233 4234 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 4235 if (type != NL80211_IFTYPE_MONITOR) 4236 return -EINVAL; 4237 4238 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 4239 ¶ms->flags); 4240 if (err) 4241 return err; 4242 4243 change = true; 4244 } 4245 4246 if (params->flags & MONITOR_FLAG_ACTIVE && 4247 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR)) 4248 return -EOPNOTSUPP; 4249 4250 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) { 4251 const u8 *mumimo_groups; 4252 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 4253 4254 if (type != NL80211_IFTYPE_MONITOR) 4255 return -EINVAL; 4256 4257 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 4258 return -EOPNOTSUPP; 4259 4260 mumimo_groups = 4261 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]); 4262 4263 /* bits 0 and 63 are reserved and must be zero */ 4264 if ((mumimo_groups[0] & BIT(0)) || 4265 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7))) 4266 return -EINVAL; 4267 4268 params->vht_mumimo_groups = mumimo_groups; 4269 change = true; 4270 } 4271 4272 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) { 4273 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER; 4274 4275 if (type != NL80211_IFTYPE_MONITOR) 4276 return -EINVAL; 4277 4278 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag)) 4279 return -EOPNOTSUPP; 4280 4281 params->vht_mumimo_follow_addr = 4282 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]); 4283 change = true; 4284 } 4285 4286 return change ? 1 : 0; 4287 } 4288 4289 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 4290 struct net_device *netdev, u8 use_4addr, 4291 enum nl80211_iftype iftype) 4292 { 4293 if (!use_4addr) { 4294 if (netdev && netif_is_bridge_port(netdev)) 4295 return -EBUSY; 4296 return 0; 4297 } 4298 4299 switch (iftype) { 4300 case NL80211_IFTYPE_AP_VLAN: 4301 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 4302 return 0; 4303 break; 4304 case NL80211_IFTYPE_STATION: 4305 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 4306 return 0; 4307 break; 4308 default: 4309 break; 4310 } 4311 4312 return -EOPNOTSUPP; 4313 } 4314 4315 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 4316 { 4317 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4318 struct vif_params params; 4319 int err; 4320 enum nl80211_iftype otype, ntype; 4321 struct net_device *dev = info->user_ptr[1]; 4322 bool change = false; 4323 4324 memset(¶ms, 0, sizeof(params)); 4325 4326 otype = ntype = dev->ieee80211_ptr->iftype; 4327 4328 if (info->attrs[NL80211_ATTR_IFTYPE]) { 4329 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 4330 if (otype != ntype) 4331 change = true; 4332 } 4333 4334 if (info->attrs[NL80211_ATTR_MESH_ID]) { 4335 struct wireless_dev *wdev = dev->ieee80211_ptr; 4336 4337 if (ntype != NL80211_IFTYPE_MESH_POINT) 4338 return -EINVAL; 4339 if (otype != NL80211_IFTYPE_MESH_POINT) 4340 return -EINVAL; 4341 if (netif_running(dev)) 4342 return -EBUSY; 4343 4344 wdev->u.mesh.id_up_len = 4345 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 4346 memcpy(wdev->u.mesh.id, 4347 nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 4348 wdev->u.mesh.id_up_len); 4349 } 4350 4351 if (info->attrs[NL80211_ATTR_4ADDR]) { 4352 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 4353 change = true; 4354 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 4355 if (err) 4356 return err; 4357 } else { 4358 params.use_4addr = -1; 4359 } 4360 4361 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms); 4362 if (err < 0) 4363 return err; 4364 if (err > 0) 4365 change = true; 4366 4367 if (change) 4368 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms); 4369 else 4370 err = 0; 4371 4372 if (!err && params.use_4addr != -1) 4373 dev->ieee80211_ptr->use_4addr = params.use_4addr; 4374 4375 if (change && !err) { 4376 struct wireless_dev *wdev = dev->ieee80211_ptr; 4377 4378 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE); 4379 } 4380 4381 return err; 4382 } 4383 4384 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 4385 { 4386 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4387 struct vif_params params; 4388 struct wireless_dev *wdev; 4389 struct sk_buff *msg; 4390 int err; 4391 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 4392 4393 memset(¶ms, 0, sizeof(params)); 4394 4395 if (!info->attrs[NL80211_ATTR_IFNAME]) 4396 return -EINVAL; 4397 4398 if (info->attrs[NL80211_ATTR_IFTYPE]) 4399 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 4400 4401 if (!rdev->ops->add_virtual_intf) 4402 return -EOPNOTSUPP; 4403 4404 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN || 4405 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) && 4406 info->attrs[NL80211_ATTR_MAC]) { 4407 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC], 4408 ETH_ALEN); 4409 if (!is_valid_ether_addr(params.macaddr)) 4410 return -EADDRNOTAVAIL; 4411 } 4412 4413 if (info->attrs[NL80211_ATTR_4ADDR]) { 4414 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 4415 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 4416 if (err) 4417 return err; 4418 } 4419 4420 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0)) 4421 return -EOPNOTSUPP; 4422 4423 err = nl80211_parse_mon_options(rdev, type, info, ¶ms); 4424 if (err < 0) 4425 return err; 4426 4427 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4428 if (!msg) 4429 return -ENOMEM; 4430 4431 wdev = rdev_add_virtual_intf(rdev, 4432 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 4433 NET_NAME_USER, type, ¶ms); 4434 if (WARN_ON(!wdev)) { 4435 nlmsg_free(msg); 4436 return -EPROTO; 4437 } else if (IS_ERR(wdev)) { 4438 nlmsg_free(msg); 4439 return PTR_ERR(wdev); 4440 } 4441 4442 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 4443 wdev->owner_nlportid = info->snd_portid; 4444 4445 switch (type) { 4446 case NL80211_IFTYPE_MESH_POINT: 4447 if (!info->attrs[NL80211_ATTR_MESH_ID]) 4448 break; 4449 wdev->u.mesh.id_up_len = 4450 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 4451 memcpy(wdev->u.mesh.id, 4452 nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 4453 wdev->u.mesh.id_up_len); 4454 break; 4455 case NL80211_IFTYPE_NAN: 4456 case NL80211_IFTYPE_P2P_DEVICE: 4457 /* 4458 * P2P Device and NAN do not have a netdev, so don't go 4459 * through the netdev notifier and must be added here 4460 */ 4461 cfg80211_init_wdev(wdev); 4462 cfg80211_register_wdev(rdev, wdev); 4463 break; 4464 default: 4465 break; 4466 } 4467 4468 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0, 4469 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) { 4470 nlmsg_free(msg); 4471 return -ENOBUFS; 4472 } 4473 4474 return genlmsg_reply(msg, info); 4475 } 4476 4477 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 4478 { 4479 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4480 int ret; 4481 4482 /* to avoid failing a new interface creation due to pending removal */ 4483 cfg80211_destroy_ifaces(rdev); 4484 4485 wiphy_lock(&rdev->wiphy); 4486 ret = _nl80211_new_interface(skb, info); 4487 wiphy_unlock(&rdev->wiphy); 4488 4489 return ret; 4490 } 4491 4492 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 4493 { 4494 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4495 struct wireless_dev *wdev = info->user_ptr[1]; 4496 4497 if (!rdev->ops->del_virtual_intf) 4498 return -EOPNOTSUPP; 4499 4500 /* 4501 * We hold RTNL, so this is safe, without RTNL opencount cannot 4502 * reach 0, and thus the rdev cannot be deleted. 4503 * 4504 * We need to do it for the dev_close(), since that will call 4505 * the netdev notifiers, and we need to acquire the mutex there 4506 * but don't know if we get there from here or from some other 4507 * place (e.g. "ip link set ... down"). 4508 */ 4509 mutex_unlock(&rdev->wiphy.mtx); 4510 4511 /* 4512 * If we remove a wireless device without a netdev then clear 4513 * user_ptr[1] so that nl80211_post_doit won't dereference it 4514 * to check if it needs to do dev_put(). Otherwise it crashes 4515 * since the wdev has been freed, unlike with a netdev where 4516 * we need the dev_put() for the netdev to really be freed. 4517 */ 4518 if (!wdev->netdev) 4519 info->user_ptr[1] = NULL; 4520 else 4521 dev_close(wdev->netdev); 4522 4523 mutex_lock(&rdev->wiphy.mtx); 4524 4525 return cfg80211_remove_virtual_intf(rdev, wdev); 4526 } 4527 4528 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 4529 { 4530 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4531 struct net_device *dev = info->user_ptr[1]; 4532 u16 noack_map; 4533 4534 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 4535 return -EINVAL; 4536 4537 if (!rdev->ops->set_noack_map) 4538 return -EOPNOTSUPP; 4539 4540 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 4541 4542 return rdev_set_noack_map(rdev, dev, noack_map); 4543 } 4544 4545 static int nl80211_validate_key_link_id(struct genl_info *info, 4546 struct wireless_dev *wdev, 4547 int link_id, bool pairwise) 4548 { 4549 if (pairwise) { 4550 if (link_id != -1) { 4551 GENL_SET_ERR_MSG(info, 4552 "link ID not allowed for pairwise key"); 4553 return -EINVAL; 4554 } 4555 4556 return 0; 4557 } 4558 4559 if (wdev->valid_links) { 4560 if (link_id == -1) { 4561 GENL_SET_ERR_MSG(info, 4562 "link ID must for MLO group key"); 4563 return -EINVAL; 4564 } 4565 if (!(wdev->valid_links & BIT(link_id))) { 4566 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key"); 4567 return -EINVAL; 4568 } 4569 } else if (link_id != -1) { 4570 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key"); 4571 return -EINVAL; 4572 } 4573 4574 return 0; 4575 } 4576 4577 struct get_key_cookie { 4578 struct sk_buff *msg; 4579 int error; 4580 int idx; 4581 }; 4582 4583 static void get_key_callback(void *c, struct key_params *params) 4584 { 4585 struct nlattr *key; 4586 struct get_key_cookie *cookie = c; 4587 4588 if ((params->seq && 4589 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 4590 params->seq_len, params->seq)) || 4591 (params->cipher && 4592 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 4593 params->cipher))) 4594 goto nla_put_failure; 4595 4596 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY); 4597 if (!key) 4598 goto nla_put_failure; 4599 4600 if ((params->seq && 4601 nla_put(cookie->msg, NL80211_KEY_SEQ, 4602 params->seq_len, params->seq)) || 4603 (params->cipher && 4604 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 4605 params->cipher))) 4606 goto nla_put_failure; 4607 4608 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx)) 4609 goto nla_put_failure; 4610 4611 nla_nest_end(cookie->msg, key); 4612 4613 return; 4614 nla_put_failure: 4615 cookie->error = 1; 4616 } 4617 4618 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 4619 { 4620 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4621 int err; 4622 struct net_device *dev = info->user_ptr[1]; 4623 u8 key_idx = 0; 4624 const u8 *mac_addr = NULL; 4625 bool pairwise; 4626 struct get_key_cookie cookie = { 4627 .error = 0, 4628 }; 4629 void *hdr; 4630 struct sk_buff *msg; 4631 bool bigtk_support = false; 4632 int link_id = nl80211_link_id_or_invalid(info->attrs); 4633 struct wireless_dev *wdev = dev->ieee80211_ptr; 4634 4635 if (wiphy_ext_feature_isset(&rdev->wiphy, 4636 NL80211_EXT_FEATURE_BEACON_PROTECTION)) 4637 bigtk_support = true; 4638 4639 if ((wdev->iftype == NL80211_IFTYPE_STATION || 4640 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) && 4641 wiphy_ext_feature_isset(&rdev->wiphy, 4642 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) 4643 bigtk_support = true; 4644 4645 if (info->attrs[NL80211_ATTR_KEY_IDX]) { 4646 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 4647 4648 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) { 4649 GENL_SET_ERR_MSG(info, "BIGTK not supported"); 4650 return -EINVAL; 4651 } 4652 } 4653 4654 if (info->attrs[NL80211_ATTR_MAC]) 4655 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4656 4657 pairwise = !!mac_addr; 4658 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 4659 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 4660 4661 if (kt != NL80211_KEYTYPE_GROUP && 4662 kt != NL80211_KEYTYPE_PAIRWISE) 4663 return -EINVAL; 4664 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 4665 } 4666 4667 if (!rdev->ops->get_key) 4668 return -EOPNOTSUPP; 4669 4670 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 4671 return -ENOENT; 4672 4673 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4674 if (!msg) 4675 return -ENOMEM; 4676 4677 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 4678 NL80211_CMD_NEW_KEY); 4679 if (!hdr) 4680 goto nla_put_failure; 4681 4682 cookie.msg = msg; 4683 cookie.idx = key_idx; 4684 4685 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 4686 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 4687 goto nla_put_failure; 4688 if (mac_addr && 4689 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 4690 goto nla_put_failure; 4691 4692 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise); 4693 if (err) 4694 goto free_msg; 4695 4696 err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr, 4697 &cookie, get_key_callback); 4698 4699 if (err) 4700 goto free_msg; 4701 4702 if (cookie.error) 4703 goto nla_put_failure; 4704 4705 genlmsg_end(msg, hdr); 4706 return genlmsg_reply(msg, info); 4707 4708 nla_put_failure: 4709 err = -ENOBUFS; 4710 free_msg: 4711 nlmsg_free(msg); 4712 return err; 4713 } 4714 4715 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 4716 { 4717 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4718 struct key_parse key; 4719 int err; 4720 struct net_device *dev = info->user_ptr[1]; 4721 int link_id = nl80211_link_id_or_invalid(info->attrs); 4722 struct wireless_dev *wdev = dev->ieee80211_ptr; 4723 4724 err = nl80211_parse_key(info, &key); 4725 if (err) 4726 return err; 4727 4728 if (key.idx < 0) 4729 return -EINVAL; 4730 4731 /* Only support setting default key and 4732 * Extended Key ID action NL80211_KEY_SET_TX. 4733 */ 4734 if (!key.def && !key.defmgmt && !key.defbeacon && 4735 !(key.p.mode == NL80211_KEY_SET_TX)) 4736 return -EINVAL; 4737 4738 if (key.def) { 4739 if (!rdev->ops->set_default_key) 4740 return -EOPNOTSUPP; 4741 4742 err = nl80211_key_allowed(wdev); 4743 if (err) 4744 return err; 4745 4746 err = nl80211_validate_key_link_id(info, wdev, link_id, false); 4747 if (err) 4748 return err; 4749 4750 err = rdev_set_default_key(rdev, dev, link_id, key.idx, 4751 key.def_uni, key.def_multi); 4752 4753 if (err) 4754 return err; 4755 4756 #ifdef CONFIG_CFG80211_WEXT 4757 wdev->wext.default_key = key.idx; 4758 #endif 4759 return 0; 4760 } else if (key.defmgmt) { 4761 if (key.def_uni || !key.def_multi) 4762 return -EINVAL; 4763 4764 if (!rdev->ops->set_default_mgmt_key) 4765 return -EOPNOTSUPP; 4766 4767 err = nl80211_key_allowed(wdev); 4768 if (err) 4769 return err; 4770 4771 err = nl80211_validate_key_link_id(info, wdev, link_id, false); 4772 if (err) 4773 return err; 4774 4775 err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx); 4776 if (err) 4777 return err; 4778 4779 #ifdef CONFIG_CFG80211_WEXT 4780 wdev->wext.default_mgmt_key = key.idx; 4781 #endif 4782 return 0; 4783 } else if (key.defbeacon) { 4784 if (key.def_uni || !key.def_multi) 4785 return -EINVAL; 4786 4787 if (!rdev->ops->set_default_beacon_key) 4788 return -EOPNOTSUPP; 4789 4790 err = nl80211_key_allowed(wdev); 4791 if (err) 4792 return err; 4793 4794 err = nl80211_validate_key_link_id(info, wdev, link_id, false); 4795 if (err) 4796 return err; 4797 4798 return rdev_set_default_beacon_key(rdev, dev, link_id, key.idx); 4799 } else if (key.p.mode == NL80211_KEY_SET_TX && 4800 wiphy_ext_feature_isset(&rdev->wiphy, 4801 NL80211_EXT_FEATURE_EXT_KEY_ID)) { 4802 u8 *mac_addr = NULL; 4803 4804 if (info->attrs[NL80211_ATTR_MAC]) 4805 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4806 4807 if (!mac_addr || key.idx < 0 || key.idx > 1) 4808 return -EINVAL; 4809 4810 err = nl80211_validate_key_link_id(info, wdev, link_id, true); 4811 if (err) 4812 return err; 4813 4814 return rdev_add_key(rdev, dev, link_id, key.idx, 4815 NL80211_KEYTYPE_PAIRWISE, 4816 mac_addr, &key.p); 4817 } 4818 4819 return -EINVAL; 4820 } 4821 4822 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 4823 { 4824 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4825 int err; 4826 struct net_device *dev = info->user_ptr[1]; 4827 struct key_parse key; 4828 const u8 *mac_addr = NULL; 4829 int link_id = nl80211_link_id_or_invalid(info->attrs); 4830 struct wireless_dev *wdev = dev->ieee80211_ptr; 4831 4832 err = nl80211_parse_key(info, &key); 4833 if (err) 4834 return err; 4835 4836 if (!key.p.key) { 4837 GENL_SET_ERR_MSG(info, "no key"); 4838 return -EINVAL; 4839 } 4840 4841 if (info->attrs[NL80211_ATTR_MAC]) 4842 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4843 4844 if (key.type == -1) { 4845 if (mac_addr) 4846 key.type = NL80211_KEYTYPE_PAIRWISE; 4847 else 4848 key.type = NL80211_KEYTYPE_GROUP; 4849 } 4850 4851 /* for now */ 4852 if (key.type != NL80211_KEYTYPE_PAIRWISE && 4853 key.type != NL80211_KEYTYPE_GROUP) { 4854 GENL_SET_ERR_MSG(info, "key type not pairwise or group"); 4855 return -EINVAL; 4856 } 4857 4858 if (key.type == NL80211_KEYTYPE_GROUP && 4859 info->attrs[NL80211_ATTR_VLAN_ID]) 4860 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 4861 4862 if (!rdev->ops->add_key) 4863 return -EOPNOTSUPP; 4864 4865 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 4866 key.type == NL80211_KEYTYPE_PAIRWISE, 4867 mac_addr)) { 4868 GENL_SET_ERR_MSG(info, "key setting validation failed"); 4869 return -EINVAL; 4870 } 4871 4872 err = nl80211_key_allowed(wdev); 4873 if (err) 4874 GENL_SET_ERR_MSG(info, "key not allowed"); 4875 4876 if (!err) 4877 err = nl80211_validate_key_link_id(info, wdev, link_id, 4878 key.type == NL80211_KEYTYPE_PAIRWISE); 4879 4880 if (!err) { 4881 err = rdev_add_key(rdev, dev, link_id, key.idx, 4882 key.type == NL80211_KEYTYPE_PAIRWISE, 4883 mac_addr, &key.p); 4884 if (err) 4885 GENL_SET_ERR_MSG(info, "key addition failed"); 4886 } 4887 4888 return err; 4889 } 4890 4891 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 4892 { 4893 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4894 int err; 4895 struct net_device *dev = info->user_ptr[1]; 4896 u8 *mac_addr = NULL; 4897 struct key_parse key; 4898 int link_id = nl80211_link_id_or_invalid(info->attrs); 4899 struct wireless_dev *wdev = dev->ieee80211_ptr; 4900 4901 err = nl80211_parse_key(info, &key); 4902 if (err) 4903 return err; 4904 4905 if (info->attrs[NL80211_ATTR_MAC]) 4906 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 4907 4908 if (key.type == -1) { 4909 if (mac_addr) 4910 key.type = NL80211_KEYTYPE_PAIRWISE; 4911 else 4912 key.type = NL80211_KEYTYPE_GROUP; 4913 } 4914 4915 /* for now */ 4916 if (key.type != NL80211_KEYTYPE_PAIRWISE && 4917 key.type != NL80211_KEYTYPE_GROUP) 4918 return -EINVAL; 4919 4920 if (!cfg80211_valid_key_idx(rdev, key.idx, 4921 key.type == NL80211_KEYTYPE_PAIRWISE)) 4922 return -EINVAL; 4923 4924 if (!rdev->ops->del_key) 4925 return -EOPNOTSUPP; 4926 4927 err = nl80211_key_allowed(wdev); 4928 4929 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr && 4930 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 4931 err = -ENOENT; 4932 4933 if (!err) 4934 err = nl80211_validate_key_link_id(info, wdev, link_id, 4935 key.type == NL80211_KEYTYPE_PAIRWISE); 4936 4937 if (!err) 4938 err = rdev_del_key(rdev, dev, link_id, key.idx, 4939 key.type == NL80211_KEYTYPE_PAIRWISE, 4940 mac_addr); 4941 4942 #ifdef CONFIG_CFG80211_WEXT 4943 if (!err) { 4944 if (key.idx == wdev->wext.default_key) 4945 wdev->wext.default_key = -1; 4946 else if (key.idx == wdev->wext.default_mgmt_key) 4947 wdev->wext.default_mgmt_key = -1; 4948 } 4949 #endif 4950 4951 return err; 4952 } 4953 4954 /* This function returns an error or the number of nested attributes */ 4955 static int validate_acl_mac_addrs(struct nlattr *nl_attr) 4956 { 4957 struct nlattr *attr; 4958 int n_entries = 0, tmp; 4959 4960 nla_for_each_nested(attr, nl_attr, tmp) { 4961 if (nla_len(attr) != ETH_ALEN) 4962 return -EINVAL; 4963 4964 n_entries++; 4965 } 4966 4967 return n_entries; 4968 } 4969 4970 /* 4971 * This function parses ACL information and allocates memory for ACL data. 4972 * On successful return, the calling function is responsible to free the 4973 * ACL buffer returned by this function. 4974 */ 4975 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy, 4976 struct genl_info *info) 4977 { 4978 enum nl80211_acl_policy acl_policy; 4979 struct nlattr *attr; 4980 struct cfg80211_acl_data *acl; 4981 int i = 0, n_entries, tmp; 4982 4983 if (!wiphy->max_acl_mac_addrs) 4984 return ERR_PTR(-EOPNOTSUPP); 4985 4986 if (!info->attrs[NL80211_ATTR_ACL_POLICY]) 4987 return ERR_PTR(-EINVAL); 4988 4989 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]); 4990 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED && 4991 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED) 4992 return ERR_PTR(-EINVAL); 4993 4994 if (!info->attrs[NL80211_ATTR_MAC_ADDRS]) 4995 return ERR_PTR(-EINVAL); 4996 4997 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]); 4998 if (n_entries < 0) 4999 return ERR_PTR(n_entries); 5000 5001 if (n_entries > wiphy->max_acl_mac_addrs) 5002 return ERR_PTR(-EOPNOTSUPP); 5003 5004 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL); 5005 if (!acl) 5006 return ERR_PTR(-ENOMEM); 5007 acl->n_acl_entries = n_entries; 5008 5009 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) { 5010 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN); 5011 i++; 5012 } 5013 acl->acl_policy = acl_policy; 5014 5015 return acl; 5016 } 5017 5018 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info) 5019 { 5020 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5021 struct net_device *dev = info->user_ptr[1]; 5022 struct cfg80211_acl_data *acl; 5023 int err; 5024 5025 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5026 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5027 return -EOPNOTSUPP; 5028 5029 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval) 5030 return -EINVAL; 5031 5032 acl = parse_acl_data(&rdev->wiphy, info); 5033 if (IS_ERR(acl)) 5034 return PTR_ERR(acl); 5035 5036 err = rdev_set_mac_acl(rdev, dev, acl); 5037 5038 kfree(acl); 5039 5040 return err; 5041 } 5042 5043 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5044 u8 *rates, u8 rates_len) 5045 { 5046 u8 i; 5047 u32 mask = 0; 5048 5049 for (i = 0; i < rates_len; i++) { 5050 int rate = (rates[i] & 0x7f) * 5; 5051 int ridx; 5052 5053 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 5054 struct ieee80211_rate *srate = 5055 &sband->bitrates[ridx]; 5056 if (rate == srate->bitrate) { 5057 mask |= 1 << ridx; 5058 break; 5059 } 5060 } 5061 if (ridx == sband->n_bitrates) 5062 return 0; /* rate not found */ 5063 } 5064 5065 return mask; 5066 } 5067 5068 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 5069 u8 *rates, u8 rates_len, 5070 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 5071 { 5072 u8 i; 5073 5074 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 5075 5076 for (i = 0; i < rates_len; i++) { 5077 int ridx, rbit; 5078 5079 ridx = rates[i] / 8; 5080 rbit = BIT(rates[i] % 8); 5081 5082 /* check validity */ 5083 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 5084 return false; 5085 5086 /* check availability */ 5087 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN); 5088 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 5089 mcs[ridx] |= rbit; 5090 else 5091 return false; 5092 } 5093 5094 return true; 5095 } 5096 5097 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map) 5098 { 5099 u16 mcs_mask = 0; 5100 5101 switch (vht_mcs_map) { 5102 case IEEE80211_VHT_MCS_NOT_SUPPORTED: 5103 break; 5104 case IEEE80211_VHT_MCS_SUPPORT_0_7: 5105 mcs_mask = 0x00FF; 5106 break; 5107 case IEEE80211_VHT_MCS_SUPPORT_0_8: 5108 mcs_mask = 0x01FF; 5109 break; 5110 case IEEE80211_VHT_MCS_SUPPORT_0_9: 5111 mcs_mask = 0x03FF; 5112 break; 5113 default: 5114 break; 5115 } 5116 5117 return mcs_mask; 5118 } 5119 5120 static void vht_build_mcs_mask(u16 vht_mcs_map, 5121 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX]) 5122 { 5123 u8 nss; 5124 5125 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) { 5126 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03); 5127 vht_mcs_map >>= 2; 5128 } 5129 } 5130 5131 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband, 5132 struct nl80211_txrate_vht *txrate, 5133 u16 mcs[NL80211_VHT_NSS_MAX]) 5134 { 5135 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 5136 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {}; 5137 u8 i; 5138 5139 if (!sband->vht_cap.vht_supported) 5140 return false; 5141 5142 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX); 5143 5144 /* Build vht_mcs_mask from VHT capabilities */ 5145 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 5146 5147 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 5148 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 5149 mcs[i] = txrate->mcs[i]; 5150 else 5151 return false; 5152 } 5153 5154 return true; 5155 } 5156 5157 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map) 5158 { 5159 switch (he_mcs_map) { 5160 case IEEE80211_HE_MCS_NOT_SUPPORTED: 5161 return 0; 5162 case IEEE80211_HE_MCS_SUPPORT_0_7: 5163 return 0x00FF; 5164 case IEEE80211_HE_MCS_SUPPORT_0_9: 5165 return 0x03FF; 5166 case IEEE80211_HE_MCS_SUPPORT_0_11: 5167 return 0xFFF; 5168 default: 5169 break; 5170 } 5171 return 0; 5172 } 5173 5174 static void he_build_mcs_mask(u16 he_mcs_map, 5175 u16 he_mcs_mask[NL80211_HE_NSS_MAX]) 5176 { 5177 u8 nss; 5178 5179 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) { 5180 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03); 5181 he_mcs_map >>= 2; 5182 } 5183 } 5184 5185 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id, 5186 const struct ieee80211_sta_he_cap *he_cap) 5187 { 5188 struct net_device *dev = info->user_ptr[1]; 5189 struct wireless_dev *wdev = dev->ieee80211_ptr; 5190 struct cfg80211_chan_def *chandef; 5191 __le16 tx_mcs; 5192 5193 chandef = wdev_chandef(wdev, link_id); 5194 if (!chandef) { 5195 /* 5196 * This is probably broken, but we never maintained 5197 * a chandef in these cases, so it always was. 5198 */ 5199 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80); 5200 } 5201 5202 switch (chandef->width) { 5203 case NL80211_CHAN_WIDTH_80P80: 5204 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80; 5205 break; 5206 case NL80211_CHAN_WIDTH_160: 5207 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160; 5208 break; 5209 default: 5210 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80; 5211 break; 5212 } 5213 5214 return le16_to_cpu(tx_mcs); 5215 } 5216 5217 static bool he_set_mcs_mask(struct genl_info *info, 5218 struct wireless_dev *wdev, 5219 struct ieee80211_supported_band *sband, 5220 struct nl80211_txrate_he *txrate, 5221 u16 mcs[NL80211_HE_NSS_MAX], 5222 unsigned int link_id) 5223 { 5224 const struct ieee80211_sta_he_cap *he_cap; 5225 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {}; 5226 u16 tx_mcs_map = 0; 5227 u8 i; 5228 5229 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype); 5230 if (!he_cap) 5231 return false; 5232 5233 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX); 5234 5235 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap); 5236 5237 /* Build he_mcs_mask from HE capabilities */ 5238 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask); 5239 5240 for (i = 0; i < NL80211_HE_NSS_MAX; i++) { 5241 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i]) 5242 mcs[i] = txrate->mcs[i]; 5243 else 5244 return false; 5245 } 5246 5247 return true; 5248 } 5249 5250 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info, 5251 struct nlattr *attrs[], 5252 enum nl80211_attrs attr, 5253 struct cfg80211_bitrate_mask *mask, 5254 struct net_device *dev, 5255 bool default_all_enabled, 5256 unsigned int link_id) 5257 { 5258 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5259 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5260 struct wireless_dev *wdev = dev->ieee80211_ptr; 5261 int rem, i; 5262 struct nlattr *tx_rates; 5263 struct ieee80211_supported_band *sband; 5264 u16 vht_tx_mcs_map, he_tx_mcs_map; 5265 5266 memset(mask, 0, sizeof(*mask)); 5267 /* Default to all rates enabled */ 5268 for (i = 0; i < NUM_NL80211_BANDS; i++) { 5269 const struct ieee80211_sta_he_cap *he_cap; 5270 5271 if (!default_all_enabled) 5272 break; 5273 5274 sband = rdev->wiphy.bands[i]; 5275 5276 if (!sband) 5277 continue; 5278 5279 mask->control[i].legacy = (1 << sband->n_bitrates) - 1; 5280 memcpy(mask->control[i].ht_mcs, 5281 sband->ht_cap.mcs.rx_mask, 5282 sizeof(mask->control[i].ht_mcs)); 5283 5284 if (sband->vht_cap.vht_supported) { 5285 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map); 5286 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs); 5287 } 5288 5289 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype); 5290 if (!he_cap) 5291 continue; 5292 5293 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap); 5294 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs); 5295 5296 mask->control[i].he_gi = 0xFF; 5297 mask->control[i].he_ltf = 0xFF; 5298 } 5299 5300 /* if no rates are given set it back to the defaults */ 5301 if (!attrs[attr]) 5302 goto out; 5303 5304 /* The nested attribute uses enum nl80211_band as the index. This maps 5305 * directly to the enum nl80211_band values used in cfg80211. 5306 */ 5307 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 5308 nla_for_each_nested(tx_rates, attrs[attr], rem) { 5309 enum nl80211_band band = nla_type(tx_rates); 5310 int err; 5311 5312 if (band < 0 || band >= NUM_NL80211_BANDS) 5313 return -EINVAL; 5314 sband = rdev->wiphy.bands[band]; 5315 if (sband == NULL) 5316 return -EINVAL; 5317 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX, 5318 tx_rates, 5319 nl80211_txattr_policy, 5320 info->extack); 5321 if (err) 5322 return err; 5323 if (tb[NL80211_TXRATE_LEGACY]) { 5324 mask->control[band].legacy = rateset_to_mask( 5325 sband, 5326 nla_data(tb[NL80211_TXRATE_LEGACY]), 5327 nla_len(tb[NL80211_TXRATE_LEGACY])); 5328 if ((mask->control[band].legacy == 0) && 5329 nla_len(tb[NL80211_TXRATE_LEGACY])) 5330 return -EINVAL; 5331 } 5332 if (tb[NL80211_TXRATE_HT]) { 5333 if (!ht_rateset_to_mask( 5334 sband, 5335 nla_data(tb[NL80211_TXRATE_HT]), 5336 nla_len(tb[NL80211_TXRATE_HT]), 5337 mask->control[band].ht_mcs)) 5338 return -EINVAL; 5339 } 5340 5341 if (tb[NL80211_TXRATE_VHT]) { 5342 if (!vht_set_mcs_mask( 5343 sband, 5344 nla_data(tb[NL80211_TXRATE_VHT]), 5345 mask->control[band].vht_mcs)) 5346 return -EINVAL; 5347 } 5348 5349 if (tb[NL80211_TXRATE_GI]) { 5350 mask->control[band].gi = 5351 nla_get_u8(tb[NL80211_TXRATE_GI]); 5352 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI) 5353 return -EINVAL; 5354 } 5355 if (tb[NL80211_TXRATE_HE] && 5356 !he_set_mcs_mask(info, wdev, sband, 5357 nla_data(tb[NL80211_TXRATE_HE]), 5358 mask->control[band].he_mcs, 5359 link_id)) 5360 return -EINVAL; 5361 5362 if (tb[NL80211_TXRATE_HE_GI]) 5363 mask->control[band].he_gi = 5364 nla_get_u8(tb[NL80211_TXRATE_HE_GI]); 5365 if (tb[NL80211_TXRATE_HE_LTF]) 5366 mask->control[band].he_ltf = 5367 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]); 5368 5369 if (mask->control[band].legacy == 0) { 5370 /* don't allow empty legacy rates if HT, VHT or HE 5371 * are not even supported. 5372 */ 5373 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported || 5374 rdev->wiphy.bands[band]->vht_cap.vht_supported || 5375 ieee80211_get_he_iftype_cap(sband, wdev->iftype))) 5376 return -EINVAL; 5377 5378 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 5379 if (mask->control[band].ht_mcs[i]) 5380 goto out; 5381 5382 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) 5383 if (mask->control[band].vht_mcs[i]) 5384 goto out; 5385 5386 for (i = 0; i < NL80211_HE_NSS_MAX; i++) 5387 if (mask->control[band].he_mcs[i]) 5388 goto out; 5389 5390 /* legacy and mcs rates may not be both empty */ 5391 return -EINVAL; 5392 } 5393 } 5394 5395 out: 5396 return 0; 5397 } 5398 5399 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev, 5400 enum nl80211_band band, 5401 struct cfg80211_bitrate_mask *beacon_rate) 5402 { 5403 u32 count_ht, count_vht, count_he, i; 5404 u32 rate = beacon_rate->control[band].legacy; 5405 5406 /* Allow only one rate */ 5407 if (hweight32(rate) > 1) 5408 return -EINVAL; 5409 5410 count_ht = 0; 5411 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) { 5412 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) { 5413 return -EINVAL; 5414 } else if (beacon_rate->control[band].ht_mcs[i]) { 5415 count_ht++; 5416 if (count_ht > 1) 5417 return -EINVAL; 5418 } 5419 if (count_ht && rate) 5420 return -EINVAL; 5421 } 5422 5423 count_vht = 0; 5424 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) { 5425 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) { 5426 return -EINVAL; 5427 } else if (beacon_rate->control[band].vht_mcs[i]) { 5428 count_vht++; 5429 if (count_vht > 1) 5430 return -EINVAL; 5431 } 5432 if (count_vht && rate) 5433 return -EINVAL; 5434 } 5435 5436 count_he = 0; 5437 for (i = 0; i < NL80211_HE_NSS_MAX; i++) { 5438 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) { 5439 return -EINVAL; 5440 } else if (beacon_rate->control[band].he_mcs[i]) { 5441 count_he++; 5442 if (count_he > 1) 5443 return -EINVAL; 5444 } 5445 if (count_he && rate) 5446 return -EINVAL; 5447 } 5448 5449 if ((count_ht && count_vht && count_he) || 5450 (!rate && !count_ht && !count_vht && !count_he)) 5451 return -EINVAL; 5452 5453 if (rate && 5454 !wiphy_ext_feature_isset(&rdev->wiphy, 5455 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) 5456 return -EINVAL; 5457 if (count_ht && 5458 !wiphy_ext_feature_isset(&rdev->wiphy, 5459 NL80211_EXT_FEATURE_BEACON_RATE_HT)) 5460 return -EINVAL; 5461 if (count_vht && 5462 !wiphy_ext_feature_isset(&rdev->wiphy, 5463 NL80211_EXT_FEATURE_BEACON_RATE_VHT)) 5464 return -EINVAL; 5465 if (count_he && 5466 !wiphy_ext_feature_isset(&rdev->wiphy, 5467 NL80211_EXT_FEATURE_BEACON_RATE_HE)) 5468 return -EINVAL; 5469 5470 return 0; 5471 } 5472 5473 static int nl80211_parse_mbssid_config(struct wiphy *wiphy, 5474 struct net_device *dev, 5475 struct nlattr *attrs, 5476 struct cfg80211_mbssid_config *config, 5477 u8 num_elems) 5478 { 5479 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1]; 5480 5481 if (!wiphy->mbssid_max_interfaces) 5482 return -EOPNOTSUPP; 5483 5484 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL, 5485 NULL) || 5486 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]) 5487 return -EINVAL; 5488 5489 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]); 5490 if (config->ema) { 5491 if (!wiphy->ema_max_profile_periodicity) 5492 return -EOPNOTSUPP; 5493 5494 if (num_elems > wiphy->ema_max_profile_periodicity) 5495 return -EINVAL; 5496 } 5497 5498 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]); 5499 if (config->index >= wiphy->mbssid_max_interfaces || 5500 (!config->index && !num_elems)) 5501 return -EINVAL; 5502 5503 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) { 5504 u32 tx_ifindex = 5505 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]); 5506 5507 if ((!config->index && tx_ifindex != dev->ifindex) || 5508 (config->index && tx_ifindex == dev->ifindex)) 5509 return -EINVAL; 5510 5511 if (tx_ifindex != dev->ifindex) { 5512 struct net_device *tx_netdev = 5513 dev_get_by_index(wiphy_net(wiphy), tx_ifindex); 5514 5515 if (!tx_netdev || !tx_netdev->ieee80211_ptr || 5516 tx_netdev->ieee80211_ptr->wiphy != wiphy || 5517 tx_netdev->ieee80211_ptr->iftype != 5518 NL80211_IFTYPE_AP) { 5519 dev_put(tx_netdev); 5520 return -EINVAL; 5521 } 5522 5523 config->tx_wdev = tx_netdev->ieee80211_ptr; 5524 } else { 5525 config->tx_wdev = dev->ieee80211_ptr; 5526 } 5527 } else if (!config->index) { 5528 config->tx_wdev = dev->ieee80211_ptr; 5529 } else { 5530 return -EINVAL; 5531 } 5532 5533 return 0; 5534 } 5535 5536 static struct cfg80211_mbssid_elems * 5537 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs) 5538 { 5539 struct nlattr *nl_elems; 5540 struct cfg80211_mbssid_elems *elems; 5541 int rem_elems; 5542 u8 i = 0, num_elems = 0; 5543 5544 if (!wiphy->mbssid_max_interfaces) 5545 return ERR_PTR(-EINVAL); 5546 5547 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5548 if (num_elems >= 255) 5549 return ERR_PTR(-EINVAL); 5550 num_elems++; 5551 } 5552 5553 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL); 5554 if (!elems) 5555 return ERR_PTR(-ENOMEM); 5556 elems->cnt = num_elems; 5557 5558 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5559 elems->elem[i].data = nla_data(nl_elems); 5560 elems->elem[i].len = nla_len(nl_elems); 5561 i++; 5562 } 5563 return elems; 5564 } 5565 5566 static struct cfg80211_rnr_elems * 5567 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs, 5568 struct netlink_ext_ack *extack) 5569 { 5570 struct nlattr *nl_elems; 5571 struct cfg80211_rnr_elems *elems; 5572 int rem_elems; 5573 u8 i = 0, num_elems = 0; 5574 5575 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5576 int ret; 5577 5578 ret = validate_ie_attr(nl_elems, extack); 5579 if (ret) 5580 return ERR_PTR(ret); 5581 5582 num_elems++; 5583 } 5584 5585 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL); 5586 if (!elems) 5587 return ERR_PTR(-ENOMEM); 5588 elems->cnt = num_elems; 5589 5590 nla_for_each_nested(nl_elems, attrs, rem_elems) { 5591 elems->elem[i].data = nla_data(nl_elems); 5592 elems->elem[i].len = nla_len(nl_elems); 5593 i++; 5594 } 5595 return elems; 5596 } 5597 5598 static int nl80211_parse_he_bss_color(struct nlattr *attrs, 5599 struct cfg80211_he_bss_color *he_bss_color) 5600 { 5601 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1]; 5602 int err; 5603 5604 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs, 5605 he_bss_color_policy, NULL); 5606 if (err) 5607 return err; 5608 5609 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]) 5610 return -EINVAL; 5611 5612 he_bss_color->color = 5613 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]); 5614 he_bss_color->enabled = 5615 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]); 5616 he_bss_color->partial = 5617 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]); 5618 5619 return 0; 5620 } 5621 5622 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev, 5623 struct nlattr *attrs[], 5624 struct cfg80211_beacon_data *bcn, 5625 struct netlink_ext_ack *extack) 5626 { 5627 bool haveinfo = false; 5628 int err; 5629 5630 memset(bcn, 0, sizeof(*bcn)); 5631 5632 bcn->link_id = nl80211_link_id(attrs); 5633 5634 if (attrs[NL80211_ATTR_BEACON_HEAD]) { 5635 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]); 5636 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]); 5637 if (!bcn->head_len) 5638 return -EINVAL; 5639 haveinfo = true; 5640 } 5641 5642 if (attrs[NL80211_ATTR_BEACON_TAIL]) { 5643 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]); 5644 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]); 5645 haveinfo = true; 5646 } 5647 5648 if (!haveinfo) 5649 return -EINVAL; 5650 5651 if (attrs[NL80211_ATTR_IE]) { 5652 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]); 5653 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]); 5654 } 5655 5656 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) { 5657 bcn->proberesp_ies = 5658 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]); 5659 bcn->proberesp_ies_len = 5660 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]); 5661 } 5662 5663 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 5664 bcn->assocresp_ies = 5665 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 5666 bcn->assocresp_ies_len = 5667 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]); 5668 } 5669 5670 if (attrs[NL80211_ATTR_PROBE_RESP]) { 5671 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]); 5672 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]); 5673 } 5674 5675 if (attrs[NL80211_ATTR_FTM_RESPONDER]) { 5676 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1]; 5677 5678 err = nla_parse_nested_deprecated(tb, 5679 NL80211_FTM_RESP_ATTR_MAX, 5680 attrs[NL80211_ATTR_FTM_RESPONDER], 5681 NULL, NULL); 5682 if (err) 5683 return err; 5684 5685 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] && 5686 wiphy_ext_feature_isset(&rdev->wiphy, 5687 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER)) 5688 bcn->ftm_responder = 1; 5689 else 5690 return -EOPNOTSUPP; 5691 5692 if (tb[NL80211_FTM_RESP_ATTR_LCI]) { 5693 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]); 5694 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]); 5695 } 5696 5697 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) { 5698 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]); 5699 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]); 5700 } 5701 } else { 5702 bcn->ftm_responder = -1; 5703 } 5704 5705 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) { 5706 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR], 5707 &bcn->he_bss_color); 5708 if (err) 5709 return err; 5710 bcn->he_bss_color_valid = true; 5711 } 5712 5713 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) { 5714 struct cfg80211_mbssid_elems *mbssid = 5715 nl80211_parse_mbssid_elems(&rdev->wiphy, 5716 attrs[NL80211_ATTR_MBSSID_ELEMS]); 5717 5718 if (IS_ERR(mbssid)) 5719 return PTR_ERR(mbssid); 5720 5721 bcn->mbssid_ies = mbssid; 5722 5723 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) { 5724 struct cfg80211_rnr_elems *rnr = 5725 nl80211_parse_rnr_elems(&rdev->wiphy, 5726 attrs[NL80211_ATTR_EMA_RNR_ELEMS], 5727 extack); 5728 5729 if (IS_ERR(rnr)) 5730 return PTR_ERR(rnr); 5731 5732 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt) 5733 return -EINVAL; 5734 5735 bcn->rnr_ies = rnr; 5736 } 5737 } 5738 5739 return 0; 5740 } 5741 5742 static int nl80211_parse_he_obss_pd(struct nlattr *attrs, 5743 struct ieee80211_he_obss_pd *he_obss_pd) 5744 { 5745 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1]; 5746 int err; 5747 5748 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs, 5749 he_obss_pd_policy, NULL); 5750 if (err) 5751 return err; 5752 5753 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]) 5754 return -EINVAL; 5755 5756 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]); 5757 5758 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]) 5759 he_obss_pd->min_offset = 5760 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]); 5761 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]) 5762 he_obss_pd->max_offset = 5763 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]); 5764 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]) 5765 he_obss_pd->non_srg_max_offset = 5766 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]); 5767 5768 if (he_obss_pd->min_offset > he_obss_pd->max_offset) 5769 return -EINVAL; 5770 5771 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]) 5772 memcpy(he_obss_pd->bss_color_bitmap, 5773 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]), 5774 sizeof(he_obss_pd->bss_color_bitmap)); 5775 5776 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]) 5777 memcpy(he_obss_pd->partial_bssid_bitmap, 5778 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]), 5779 sizeof(he_obss_pd->partial_bssid_bitmap)); 5780 5781 he_obss_pd->enable = true; 5782 5783 return 0; 5784 } 5785 5786 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev, 5787 struct nlattr *attrs, 5788 struct cfg80211_fils_discovery *fd) 5789 { 5790 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1]; 5791 int ret; 5792 5793 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5794 NL80211_EXT_FEATURE_FILS_DISCOVERY)) 5795 return -EINVAL; 5796 5797 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs, 5798 NULL, NULL); 5799 if (ret) 5800 return ret; 5801 5802 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] && 5803 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] && 5804 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) { 5805 fd->update = true; 5806 return 0; 5807 } 5808 5809 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] || 5810 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] || 5811 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) 5812 return -EINVAL; 5813 5814 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]); 5815 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]); 5816 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]); 5817 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]); 5818 fd->update = true; 5819 return 0; 5820 } 5821 5822 static int 5823 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev, 5824 struct nlattr *attrs, 5825 struct cfg80211_unsol_bcast_probe_resp *presp) 5826 { 5827 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1]; 5828 int ret; 5829 5830 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5831 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP)) 5832 return -EINVAL; 5833 5834 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX, 5835 attrs, NULL, NULL); 5836 if (ret) 5837 return ret; 5838 5839 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] && 5840 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) { 5841 presp->update = true; 5842 return 0; 5843 } 5844 5845 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] || 5846 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) 5847 return -EINVAL; 5848 5849 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]); 5850 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]); 5851 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]); 5852 presp->update = true; 5853 return 0; 5854 } 5855 5856 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params, 5857 const struct element *rates) 5858 { 5859 int i; 5860 5861 if (!rates) 5862 return; 5863 5864 for (i = 0; i < rates->datalen; i++) { 5865 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY) 5866 params->ht_required = true; 5867 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY) 5868 params->vht_required = true; 5869 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY) 5870 params->he_required = true; 5871 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E) 5872 params->sae_h2e_required = true; 5873 } 5874 } 5875 5876 /* 5877 * Since the nl80211 API didn't include, from the beginning, attributes about 5878 * HT/VHT requirements/capabilities, we parse them out of the IEs for the 5879 * benefit of drivers that rebuild IEs in the firmware. 5880 */ 5881 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params) 5882 { 5883 const struct cfg80211_beacon_data *bcn = ¶ms->beacon; 5884 size_t ies_len = bcn->tail_len; 5885 const u8 *ies = bcn->tail; 5886 const struct element *rates; 5887 const struct element *cap; 5888 5889 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len); 5890 nl80211_check_ap_rate_selectors(params, rates); 5891 5892 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len); 5893 nl80211_check_ap_rate_selectors(params, rates); 5894 5895 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len); 5896 if (cap && cap->datalen >= sizeof(*params->ht_cap)) 5897 params->ht_cap = (void *)cap->data; 5898 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len); 5899 if (cap && cap->datalen >= sizeof(*params->vht_cap)) 5900 params->vht_cap = (void *)cap->data; 5901 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len); 5902 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1) 5903 params->he_cap = (void *)(cap->data + 1); 5904 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len); 5905 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1) 5906 params->he_oper = (void *)(cap->data + 1); 5907 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len); 5908 if (cap) { 5909 if (!cap->datalen) 5910 return -EINVAL; 5911 params->eht_cap = (void *)(cap->data + 1); 5912 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap, 5913 (const u8 *)params->eht_cap, 5914 cap->datalen - 1, true)) 5915 return -EINVAL; 5916 } 5917 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len); 5918 if (cap) { 5919 if (!cap->datalen) 5920 return -EINVAL; 5921 params->eht_oper = (void *)(cap->data + 1); 5922 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper, 5923 cap->datalen - 1)) 5924 return -EINVAL; 5925 } 5926 return 0; 5927 } 5928 5929 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev, 5930 struct cfg80211_ap_settings *params) 5931 { 5932 struct wireless_dev *wdev; 5933 5934 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 5935 if (wdev->iftype != NL80211_IFTYPE_AP && 5936 wdev->iftype != NL80211_IFTYPE_P2P_GO) 5937 continue; 5938 5939 if (!wdev->u.ap.preset_chandef.chan) 5940 continue; 5941 5942 params->chandef = wdev->u.ap.preset_chandef; 5943 return true; 5944 } 5945 5946 return false; 5947 } 5948 5949 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 5950 enum nl80211_auth_type auth_type, 5951 enum nl80211_commands cmd) 5952 { 5953 if (auth_type > NL80211_AUTHTYPE_MAX) 5954 return false; 5955 5956 switch (cmd) { 5957 case NL80211_CMD_AUTHENTICATE: 5958 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 5959 auth_type == NL80211_AUTHTYPE_SAE) 5960 return false; 5961 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5962 NL80211_EXT_FEATURE_FILS_STA) && 5963 (auth_type == NL80211_AUTHTYPE_FILS_SK || 5964 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5965 auth_type == NL80211_AUTHTYPE_FILS_PK)) 5966 return false; 5967 return true; 5968 case NL80211_CMD_CONNECT: 5969 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && 5970 !wiphy_ext_feature_isset(&rdev->wiphy, 5971 NL80211_EXT_FEATURE_SAE_OFFLOAD) && 5972 auth_type == NL80211_AUTHTYPE_SAE) 5973 return false; 5974 5975 /* FILS with SK PFS or PK not supported yet */ 5976 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5977 auth_type == NL80211_AUTHTYPE_FILS_PK) 5978 return false; 5979 if (!wiphy_ext_feature_isset( 5980 &rdev->wiphy, 5981 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 5982 auth_type == NL80211_AUTHTYPE_FILS_SK) 5983 return false; 5984 return true; 5985 case NL80211_CMD_START_AP: 5986 if (!wiphy_ext_feature_isset(&rdev->wiphy, 5987 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) && 5988 auth_type == NL80211_AUTHTYPE_SAE) 5989 return false; 5990 /* FILS not supported yet */ 5991 if (auth_type == NL80211_AUTHTYPE_FILS_SK || 5992 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 5993 auth_type == NL80211_AUTHTYPE_FILS_PK) 5994 return false; 5995 return true; 5996 default: 5997 return false; 5998 } 5999 } 6000 6001 static void nl80211_send_ap_started(struct wireless_dev *wdev, 6002 unsigned int link_id) 6003 { 6004 struct wiphy *wiphy = wdev->wiphy; 6005 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 6006 struct sk_buff *msg; 6007 void *hdr; 6008 6009 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6010 if (!msg) 6011 return; 6012 6013 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP); 6014 if (!hdr) 6015 goto out; 6016 6017 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 6018 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || 6019 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 6020 NL80211_ATTR_PAD) || 6021 (wdev->u.ap.ssid_len && 6022 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len, 6023 wdev->u.ap.ssid)) || 6024 (wdev->valid_links && 6025 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))) 6026 goto out; 6027 6028 genlmsg_end(msg, hdr); 6029 6030 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, 6031 NL80211_MCGRP_MLME, GFP_KERNEL); 6032 return; 6033 out: 6034 nlmsg_free(msg); 6035 } 6036 6037 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params) 6038 { 6039 struct ieee80211_channel *channel = params->chandef.chan; 6040 6041 if ((params->he_cap || params->he_oper) && 6042 (channel->flags & IEEE80211_CHAN_NO_HE)) 6043 return -EOPNOTSUPP; 6044 6045 if ((params->eht_cap || params->eht_oper) && 6046 (channel->flags & IEEE80211_CHAN_NO_EHT)) 6047 return -EOPNOTSUPP; 6048 6049 return 0; 6050 } 6051 6052 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 6053 { 6054 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6055 struct cfg80211_beaconing_check_config beacon_check = {}; 6056 unsigned int link_id = nl80211_link_id(info->attrs); 6057 struct net_device *dev = info->user_ptr[1]; 6058 struct wireless_dev *wdev = dev->ieee80211_ptr; 6059 struct cfg80211_ap_settings *params; 6060 int err; 6061 6062 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 6063 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 6064 return -EOPNOTSUPP; 6065 6066 if (!rdev->ops->start_ap) 6067 return -EOPNOTSUPP; 6068 6069 if (wdev->links[link_id].cac_started) 6070 return -EBUSY; 6071 6072 if (wdev->links[link_id].ap.beacon_interval) 6073 return -EALREADY; 6074 6075 /* these are required for START_AP */ 6076 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 6077 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 6078 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 6079 return -EINVAL; 6080 6081 params = kzalloc(sizeof(*params), GFP_KERNEL); 6082 if (!params) 6083 return -ENOMEM; 6084 6085 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon, 6086 info->extack); 6087 if (err) 6088 goto out; 6089 6090 params->beacon_interval = 6091 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 6092 params->dtim_period = 6093 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 6094 6095 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype, 6096 params->beacon_interval); 6097 if (err) 6098 goto out; 6099 6100 /* 6101 * In theory, some of these attributes should be required here 6102 * but since they were not used when the command was originally 6103 * added, keep them optional for old user space programs to let 6104 * them continue to work with drivers that do not need the 6105 * additional information -- drivers must check! 6106 */ 6107 if (info->attrs[NL80211_ATTR_SSID]) { 6108 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 6109 params->ssid_len = 6110 nla_len(info->attrs[NL80211_ATTR_SSID]); 6111 if (params->ssid_len == 0) { 6112 err = -EINVAL; 6113 goto out; 6114 } 6115 6116 if (wdev->u.ap.ssid_len && 6117 (wdev->u.ap.ssid_len != params->ssid_len || 6118 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) { 6119 /* require identical SSID for MLO */ 6120 err = -EINVAL; 6121 goto out; 6122 } 6123 } else if (wdev->valid_links) { 6124 /* require SSID for MLO */ 6125 err = -EINVAL; 6126 goto out; 6127 } 6128 6129 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) 6130 params->hidden_ssid = nla_get_u32( 6131 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 6132 6133 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 6134 6135 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 6136 params->auth_type = nla_get_u32( 6137 info->attrs[NL80211_ATTR_AUTH_TYPE]); 6138 if (!nl80211_valid_auth_type(rdev, params->auth_type, 6139 NL80211_CMD_START_AP)) { 6140 err = -EINVAL; 6141 goto out; 6142 } 6143 } else 6144 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC; 6145 6146 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto, 6147 NL80211_MAX_NR_CIPHER_SUITES); 6148 if (err) 6149 goto out; 6150 6151 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 6152 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) { 6153 err = -EOPNOTSUPP; 6154 goto out; 6155 } 6156 params->inactivity_timeout = nla_get_u16( 6157 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 6158 } 6159 6160 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 6161 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 6162 err = -EINVAL; 6163 goto out; 6164 } 6165 params->p2p_ctwindow = 6166 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 6167 if (params->p2p_ctwindow != 0 && 6168 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) { 6169 err = -EINVAL; 6170 goto out; 6171 } 6172 } 6173 6174 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 6175 u8 tmp; 6176 6177 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 6178 err = -EINVAL; 6179 goto out; 6180 } 6181 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 6182 params->p2p_opp_ps = tmp; 6183 if (params->p2p_opp_ps != 0 && 6184 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) { 6185 err = -EINVAL; 6186 goto out; 6187 } 6188 } 6189 6190 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 6191 err = nl80211_parse_chandef(rdev, info, ¶ms->chandef); 6192 if (err) 6193 goto out; 6194 } else if (wdev->valid_links) { 6195 /* with MLD need to specify the channel configuration */ 6196 err = -EINVAL; 6197 goto out; 6198 } else if (wdev->u.ap.preset_chandef.chan) { 6199 params->chandef = wdev->u.ap.preset_chandef; 6200 } else if (!nl80211_get_ap_channel(rdev, params)) { 6201 err = -EINVAL; 6202 goto out; 6203 } 6204 6205 beacon_check.iftype = wdev->iftype; 6206 beacon_check.relax = true; 6207 beacon_check.reg_power = 6208 cfg80211_get_6ghz_power_type(params->beacon.tail, 6209 params->beacon.tail_len); 6210 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, ¶ms->chandef, 6211 &beacon_check)) { 6212 err = -EINVAL; 6213 goto out; 6214 } 6215 6216 if (info->attrs[NL80211_ATTR_TX_RATES]) { 6217 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 6218 NL80211_ATTR_TX_RATES, 6219 ¶ms->beacon_rate, 6220 dev, false, link_id); 6221 if (err) 6222 goto out; 6223 6224 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band, 6225 ¶ms->beacon_rate); 6226 if (err) 6227 goto out; 6228 } 6229 6230 if (info->attrs[NL80211_ATTR_SMPS_MODE]) { 6231 params->smps_mode = 6232 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]); 6233 switch (params->smps_mode) { 6234 case NL80211_SMPS_OFF: 6235 break; 6236 case NL80211_SMPS_STATIC: 6237 if (!(rdev->wiphy.features & 6238 NL80211_FEATURE_STATIC_SMPS)) { 6239 err = -EINVAL; 6240 goto out; 6241 } 6242 break; 6243 case NL80211_SMPS_DYNAMIC: 6244 if (!(rdev->wiphy.features & 6245 NL80211_FEATURE_DYNAMIC_SMPS)) { 6246 err = -EINVAL; 6247 goto out; 6248 } 6249 break; 6250 default: 6251 err = -EINVAL; 6252 goto out; 6253 } 6254 } else { 6255 params->smps_mode = NL80211_SMPS_OFF; 6256 } 6257 6258 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 6259 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 6260 err = -EOPNOTSUPP; 6261 goto out; 6262 } 6263 6264 if (info->attrs[NL80211_ATTR_ACL_POLICY]) { 6265 params->acl = parse_acl_data(&rdev->wiphy, info); 6266 if (IS_ERR(params->acl)) { 6267 err = PTR_ERR(params->acl); 6268 params->acl = NULL; 6269 goto out; 6270 } 6271 } 6272 6273 params->twt_responder = 6274 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]); 6275 6276 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) { 6277 err = nl80211_parse_he_obss_pd( 6278 info->attrs[NL80211_ATTR_HE_OBSS_PD], 6279 ¶ms->he_obss_pd); 6280 if (err) 6281 goto out; 6282 } 6283 6284 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) { 6285 err = nl80211_parse_fils_discovery(rdev, 6286 info->attrs[NL80211_ATTR_FILS_DISCOVERY], 6287 ¶ms->fils_discovery); 6288 if (err) 6289 goto out; 6290 } 6291 6292 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) { 6293 err = nl80211_parse_unsol_bcast_probe_resp( 6294 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP], 6295 ¶ms->unsol_bcast_probe_resp); 6296 if (err) 6297 goto out; 6298 } 6299 6300 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) { 6301 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev, 6302 info->attrs[NL80211_ATTR_MBSSID_CONFIG], 6303 ¶ms->mbssid_config, 6304 params->beacon.mbssid_ies ? 6305 params->beacon.mbssid_ies->cnt : 6306 0); 6307 if (err) 6308 goto out; 6309 } 6310 6311 if (!params->mbssid_config.ema && params->beacon.rnr_ies) { 6312 err = -EINVAL; 6313 goto out; 6314 } 6315 6316 err = nl80211_calculate_ap_params(params); 6317 if (err) 6318 goto out; 6319 6320 err = nl80211_validate_ap_phy_operation(params); 6321 if (err) 6322 goto out; 6323 6324 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]) 6325 params->flags = nla_get_u32( 6326 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]); 6327 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT]) 6328 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT; 6329 6330 if (wdev->conn_owner_nlportid && 6331 info->attrs[NL80211_ATTR_SOCKET_OWNER] && 6332 wdev->conn_owner_nlportid != info->snd_portid) { 6333 err = -EINVAL; 6334 goto out; 6335 } 6336 6337 /* FIXME: validate MLO/link-id against driver capabilities */ 6338 6339 err = rdev_start_ap(rdev, dev, params); 6340 if (!err) { 6341 wdev->links[link_id].ap.beacon_interval = params->beacon_interval; 6342 wdev->links[link_id].ap.chandef = params->chandef; 6343 wdev->u.ap.ssid_len = params->ssid_len; 6344 memcpy(wdev->u.ap.ssid, params->ssid, 6345 params->ssid_len); 6346 6347 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 6348 wdev->conn_owner_nlportid = info->snd_portid; 6349 6350 nl80211_send_ap_started(wdev, link_id); 6351 } 6352 out: 6353 kfree(params->acl); 6354 kfree(params->beacon.mbssid_ies); 6355 if (params->mbssid_config.tx_wdev && 6356 params->mbssid_config.tx_wdev->netdev && 6357 params->mbssid_config.tx_wdev->netdev != dev) 6358 dev_put(params->mbssid_config.tx_wdev->netdev); 6359 kfree(params->beacon.rnr_ies); 6360 kfree(params); 6361 6362 return err; 6363 } 6364 6365 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 6366 { 6367 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6368 struct cfg80211_beaconing_check_config beacon_check = {}; 6369 unsigned int link_id = nl80211_link_id(info->attrs); 6370 struct net_device *dev = info->user_ptr[1]; 6371 struct wireless_dev *wdev = dev->ieee80211_ptr; 6372 struct cfg80211_ap_update *params; 6373 struct nlattr *attr; 6374 int err; 6375 6376 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 6377 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 6378 return -EOPNOTSUPP; 6379 6380 if (!rdev->ops->change_beacon) 6381 return -EOPNOTSUPP; 6382 6383 if (!wdev->links[link_id].ap.beacon_interval) 6384 return -EINVAL; 6385 6386 params = kzalloc(sizeof(*params), GFP_KERNEL); 6387 if (!params) 6388 return -ENOMEM; 6389 6390 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon, 6391 info->extack); 6392 if (err) 6393 goto out; 6394 6395 /* recheck beaconing is permitted with possibly changed power type */ 6396 beacon_check.iftype = wdev->iftype; 6397 beacon_check.relax = true; 6398 beacon_check.reg_power = 6399 cfg80211_get_6ghz_power_type(params->beacon.tail, 6400 params->beacon.tail_len); 6401 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, 6402 &wdev->links[link_id].ap.chandef, 6403 &beacon_check)) { 6404 err = -EINVAL; 6405 goto out; 6406 } 6407 6408 attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY]; 6409 if (attr) { 6410 err = nl80211_parse_fils_discovery(rdev, attr, 6411 ¶ms->fils_discovery); 6412 if (err) 6413 goto out; 6414 } 6415 6416 attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]; 6417 if (attr) { 6418 err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr, 6419 ¶ms->unsol_bcast_probe_resp); 6420 if (err) 6421 goto out; 6422 } 6423 6424 err = rdev_change_beacon(rdev, dev, params); 6425 6426 out: 6427 kfree(params->beacon.mbssid_ies); 6428 kfree(params->beacon.rnr_ies); 6429 kfree(params); 6430 return err; 6431 } 6432 6433 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 6434 { 6435 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6436 unsigned int link_id = nl80211_link_id(info->attrs); 6437 struct net_device *dev = info->user_ptr[1]; 6438 6439 return cfg80211_stop_ap(rdev, dev, link_id, false); 6440 } 6441 6442 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 6443 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 6444 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 6445 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 6446 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 6447 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 6448 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 6449 }; 6450 6451 static int parse_station_flags(struct genl_info *info, 6452 enum nl80211_iftype iftype, 6453 struct station_parameters *params) 6454 { 6455 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 6456 struct nlattr *nla; 6457 int flag; 6458 6459 /* 6460 * Try parsing the new attribute first so userspace 6461 * can specify both for older kernels. 6462 */ 6463 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 6464 if (nla) { 6465 struct nl80211_sta_flag_update *sta_flags; 6466 6467 sta_flags = nla_data(nla); 6468 params->sta_flags_mask = sta_flags->mask; 6469 params->sta_flags_set = sta_flags->set; 6470 params->sta_flags_set &= params->sta_flags_mask; 6471 if ((params->sta_flags_mask | 6472 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 6473 return -EINVAL; 6474 return 0; 6475 } 6476 6477 /* if present, parse the old attribute */ 6478 6479 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 6480 if (!nla) 6481 return 0; 6482 6483 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack)) 6484 return -EINVAL; 6485 6486 /* 6487 * Only allow certain flags for interface types so that 6488 * other attributes are silently ignored. Remember that 6489 * this is backward compatibility code with old userspace 6490 * and shouldn't be hit in other cases anyway. 6491 */ 6492 switch (iftype) { 6493 case NL80211_IFTYPE_AP: 6494 case NL80211_IFTYPE_AP_VLAN: 6495 case NL80211_IFTYPE_P2P_GO: 6496 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 6497 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 6498 BIT(NL80211_STA_FLAG_WME) | 6499 BIT(NL80211_STA_FLAG_MFP); 6500 break; 6501 case NL80211_IFTYPE_P2P_CLIENT: 6502 case NL80211_IFTYPE_STATION: 6503 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 6504 BIT(NL80211_STA_FLAG_TDLS_PEER); 6505 break; 6506 case NL80211_IFTYPE_MESH_POINT: 6507 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 6508 BIT(NL80211_STA_FLAG_MFP) | 6509 BIT(NL80211_STA_FLAG_AUTHORIZED); 6510 break; 6511 default: 6512 return -EINVAL; 6513 } 6514 6515 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) { 6516 if (flags[flag]) { 6517 params->sta_flags_set |= (1<<flag); 6518 6519 /* no longer support new API additions in old API */ 6520 if (flag > NL80211_STA_FLAG_MAX_OLD_API) 6521 return -EINVAL; 6522 } 6523 } 6524 6525 return 0; 6526 } 6527 6528 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr) 6529 { 6530 struct nlattr *rate; 6531 u32 bitrate; 6532 u16 bitrate_compat; 6533 enum nl80211_rate_info rate_flg; 6534 6535 rate = nla_nest_start_noflag(msg, attr); 6536 if (!rate) 6537 return false; 6538 6539 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 6540 bitrate = cfg80211_calculate_bitrate(info); 6541 /* report 16-bit bitrate only if we can */ 6542 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0; 6543 if (bitrate > 0 && 6544 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) 6545 return false; 6546 if (bitrate_compat > 0 && 6547 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) 6548 return false; 6549 6550 switch (info->bw) { 6551 case RATE_INFO_BW_1: 6552 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH; 6553 break; 6554 case RATE_INFO_BW_2: 6555 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH; 6556 break; 6557 case RATE_INFO_BW_4: 6558 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH; 6559 break; 6560 case RATE_INFO_BW_5: 6561 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH; 6562 break; 6563 case RATE_INFO_BW_8: 6564 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH; 6565 break; 6566 case RATE_INFO_BW_10: 6567 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH; 6568 break; 6569 case RATE_INFO_BW_16: 6570 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH; 6571 break; 6572 default: 6573 WARN_ON(1); 6574 fallthrough; 6575 case RATE_INFO_BW_20: 6576 rate_flg = 0; 6577 break; 6578 case RATE_INFO_BW_40: 6579 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH; 6580 break; 6581 case RATE_INFO_BW_80: 6582 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH; 6583 break; 6584 case RATE_INFO_BW_160: 6585 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH; 6586 break; 6587 case RATE_INFO_BW_HE_RU: 6588 rate_flg = 0; 6589 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS)); 6590 break; 6591 case RATE_INFO_BW_320: 6592 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH; 6593 break; 6594 case RATE_INFO_BW_EHT_RU: 6595 rate_flg = 0; 6596 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS)); 6597 break; 6598 } 6599 6600 if (rate_flg && nla_put_flag(msg, rate_flg)) 6601 return false; 6602 6603 if (info->flags & RATE_INFO_FLAGS_MCS) { 6604 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) 6605 return false; 6606 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 6607 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 6608 return false; 6609 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) { 6610 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs)) 6611 return false; 6612 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss)) 6613 return false; 6614 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 6615 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 6616 return false; 6617 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) { 6618 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs)) 6619 return false; 6620 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss)) 6621 return false; 6622 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi)) 6623 return false; 6624 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm)) 6625 return false; 6626 if (info->bw == RATE_INFO_BW_HE_RU && 6627 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC, 6628 info->he_ru_alloc)) 6629 return false; 6630 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) { 6631 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs)) 6632 return false; 6633 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss)) 6634 return false; 6635 if (info->flags & RATE_INFO_FLAGS_SHORT_GI && 6636 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)) 6637 return false; 6638 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) { 6639 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs)) 6640 return false; 6641 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss)) 6642 return false; 6643 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi)) 6644 return false; 6645 if (info->bw == RATE_INFO_BW_EHT_RU && 6646 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC, 6647 info->eht_ru_alloc)) 6648 return false; 6649 } 6650 6651 nla_nest_end(msg, rate); 6652 return true; 6653 } 6654 6655 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal, 6656 int id) 6657 { 6658 void *attr; 6659 int i = 0; 6660 6661 if (!mask) 6662 return true; 6663 6664 attr = nla_nest_start_noflag(msg, id); 6665 if (!attr) 6666 return false; 6667 6668 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) { 6669 if (!(mask & BIT(i))) 6670 continue; 6671 6672 if (nla_put_u8(msg, i, signal[i])) 6673 return false; 6674 } 6675 6676 nla_nest_end(msg, attr); 6677 6678 return true; 6679 } 6680 6681 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid, 6682 u32 seq, int flags, 6683 struct cfg80211_registered_device *rdev, 6684 struct net_device *dev, 6685 const u8 *mac_addr, struct station_info *sinfo) 6686 { 6687 void *hdr; 6688 struct nlattr *sinfoattr, *bss_param; 6689 6690 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 6691 if (!hdr) { 6692 cfg80211_sinfo_release_content(sinfo); 6693 return -1; 6694 } 6695 6696 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 6697 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 6698 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 6699 goto nla_put_failure; 6700 6701 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO); 6702 if (!sinfoattr) 6703 goto nla_put_failure; 6704 6705 #define PUT_SINFO(attr, memb, type) do { \ 6706 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \ 6707 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \ 6708 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \ 6709 sinfo->memb)) \ 6710 goto nla_put_failure; \ 6711 } while (0) 6712 #define PUT_SINFO_U64(attr, memb) do { \ 6713 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \ 6714 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \ 6715 sinfo->memb, NL80211_STA_INFO_PAD)) \ 6716 goto nla_put_failure; \ 6717 } while (0) 6718 6719 PUT_SINFO(CONNECTED_TIME, connected_time, u32); 6720 PUT_SINFO(INACTIVE_TIME, inactive_time, u32); 6721 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at); 6722 6723 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) | 6724 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) && 6725 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 6726 (u32)sinfo->rx_bytes)) 6727 goto nla_put_failure; 6728 6729 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) | 6730 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) && 6731 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 6732 (u32)sinfo->tx_bytes)) 6733 goto nla_put_failure; 6734 6735 PUT_SINFO_U64(RX_BYTES64, rx_bytes); 6736 PUT_SINFO_U64(TX_BYTES64, tx_bytes); 6737 PUT_SINFO(LLID, llid, u16); 6738 PUT_SINFO(PLID, plid, u16); 6739 PUT_SINFO(PLINK_STATE, plink_state, u8); 6740 PUT_SINFO_U64(RX_DURATION, rx_duration); 6741 PUT_SINFO_U64(TX_DURATION, tx_duration); 6742 6743 if (wiphy_ext_feature_isset(&rdev->wiphy, 6744 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 6745 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16); 6746 6747 switch (rdev->wiphy.signal_type) { 6748 case CFG80211_SIGNAL_TYPE_MBM: 6749 PUT_SINFO(SIGNAL, signal, u8); 6750 PUT_SINFO(SIGNAL_AVG, signal_avg, u8); 6751 break; 6752 default: 6753 break; 6754 } 6755 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) { 6756 if (!nl80211_put_signal(msg, sinfo->chains, 6757 sinfo->chain_signal, 6758 NL80211_STA_INFO_CHAIN_SIGNAL)) 6759 goto nla_put_failure; 6760 } 6761 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) { 6762 if (!nl80211_put_signal(msg, sinfo->chains, 6763 sinfo->chain_signal_avg, 6764 NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) 6765 goto nla_put_failure; 6766 } 6767 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) { 6768 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 6769 NL80211_STA_INFO_TX_BITRATE)) 6770 goto nla_put_failure; 6771 } 6772 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) { 6773 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 6774 NL80211_STA_INFO_RX_BITRATE)) 6775 goto nla_put_failure; 6776 } 6777 6778 PUT_SINFO(RX_PACKETS, rx_packets, u32); 6779 PUT_SINFO(TX_PACKETS, tx_packets, u32); 6780 PUT_SINFO(TX_RETRIES, tx_retries, u32); 6781 PUT_SINFO(TX_FAILED, tx_failed, u32); 6782 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32); 6783 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32); 6784 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32); 6785 PUT_SINFO(LOCAL_PM, local_pm, u32); 6786 PUT_SINFO(PEER_PM, peer_pm, u32); 6787 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32); 6788 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8); 6789 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8); 6790 6791 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) { 6792 bss_param = nla_nest_start_noflag(msg, 6793 NL80211_STA_INFO_BSS_PARAM); 6794 if (!bss_param) 6795 goto nla_put_failure; 6796 6797 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 6798 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 6799 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 6800 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 6801 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 6802 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 6803 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 6804 sinfo->bss_param.dtim_period) || 6805 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 6806 sinfo->bss_param.beacon_interval)) 6807 goto nla_put_failure; 6808 6809 nla_nest_end(msg, bss_param); 6810 } 6811 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) && 6812 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 6813 sizeof(struct nl80211_sta_flag_update), 6814 &sinfo->sta_flags)) 6815 goto nla_put_failure; 6816 6817 PUT_SINFO_U64(T_OFFSET, t_offset); 6818 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc); 6819 PUT_SINFO_U64(BEACON_RX, rx_beacon); 6820 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8); 6821 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32); 6822 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32); 6823 if (wiphy_ext_feature_isset(&rdev->wiphy, 6824 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) { 6825 PUT_SINFO(ACK_SIGNAL, ack_signal, u8); 6826 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8); 6827 } 6828 6829 #undef PUT_SINFO 6830 #undef PUT_SINFO_U64 6831 6832 if (sinfo->pertid) { 6833 struct nlattr *tidsattr; 6834 int tid; 6835 6836 tidsattr = nla_nest_start_noflag(msg, 6837 NL80211_STA_INFO_TID_STATS); 6838 if (!tidsattr) 6839 goto nla_put_failure; 6840 6841 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) { 6842 struct cfg80211_tid_stats *tidstats; 6843 struct nlattr *tidattr; 6844 6845 tidstats = &sinfo->pertid[tid]; 6846 6847 if (!tidstats->filled) 6848 continue; 6849 6850 tidattr = nla_nest_start_noflag(msg, tid + 1); 6851 if (!tidattr) 6852 goto nla_put_failure; 6853 6854 #define PUT_TIDVAL_U64(attr, memb) do { \ 6855 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \ 6856 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \ 6857 tidstats->memb, NL80211_TID_STATS_PAD)) \ 6858 goto nla_put_failure; \ 6859 } while (0) 6860 6861 PUT_TIDVAL_U64(RX_MSDU, rx_msdu); 6862 PUT_TIDVAL_U64(TX_MSDU, tx_msdu); 6863 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries); 6864 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed); 6865 6866 #undef PUT_TIDVAL_U64 6867 if ((tidstats->filled & 6868 BIT(NL80211_TID_STATS_TXQ_STATS)) && 6869 !nl80211_put_txq_stats(msg, &tidstats->txq_stats, 6870 NL80211_TID_STATS_TXQ_STATS)) 6871 goto nla_put_failure; 6872 6873 nla_nest_end(msg, tidattr); 6874 } 6875 6876 nla_nest_end(msg, tidsattr); 6877 } 6878 6879 nla_nest_end(msg, sinfoattr); 6880 6881 if (sinfo->assoc_req_ies_len && 6882 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 6883 sinfo->assoc_req_ies)) 6884 goto nla_put_failure; 6885 6886 if (sinfo->assoc_resp_ies_len && 6887 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len, 6888 sinfo->assoc_resp_ies)) 6889 goto nla_put_failure; 6890 6891 if (sinfo->mlo_params_valid) { 6892 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, 6893 sinfo->assoc_link_id)) 6894 goto nla_put_failure; 6895 6896 if (!is_zero_ether_addr(sinfo->mld_addr) && 6897 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, 6898 sinfo->mld_addr)) 6899 goto nla_put_failure; 6900 } 6901 6902 cfg80211_sinfo_release_content(sinfo); 6903 genlmsg_end(msg, hdr); 6904 return 0; 6905 6906 nla_put_failure: 6907 cfg80211_sinfo_release_content(sinfo); 6908 genlmsg_cancel(msg, hdr); 6909 return -EMSGSIZE; 6910 } 6911 6912 static int nl80211_dump_station(struct sk_buff *skb, 6913 struct netlink_callback *cb) 6914 { 6915 struct station_info sinfo; 6916 struct cfg80211_registered_device *rdev; 6917 struct wireless_dev *wdev; 6918 u8 mac_addr[ETH_ALEN]; 6919 int sta_idx = cb->args[2]; 6920 int err; 6921 6922 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 6923 if (err) 6924 return err; 6925 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 6926 __acquire(&rdev->wiphy.mtx); 6927 6928 if (!wdev->netdev) { 6929 err = -EINVAL; 6930 goto out_err; 6931 } 6932 6933 if (!rdev->ops->dump_station) { 6934 err = -EOPNOTSUPP; 6935 goto out_err; 6936 } 6937 6938 while (1) { 6939 memset(&sinfo, 0, sizeof(sinfo)); 6940 err = rdev_dump_station(rdev, wdev->netdev, sta_idx, 6941 mac_addr, &sinfo); 6942 if (err == -ENOENT) 6943 break; 6944 if (err) 6945 goto out_err; 6946 6947 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION, 6948 NETLINK_CB(cb->skb).portid, 6949 cb->nlh->nlmsg_seq, NLM_F_MULTI, 6950 rdev, wdev->netdev, mac_addr, 6951 &sinfo) < 0) 6952 goto out; 6953 6954 sta_idx++; 6955 } 6956 6957 out: 6958 cb->args[2] = sta_idx; 6959 err = skb->len; 6960 out_err: 6961 wiphy_unlock(&rdev->wiphy); 6962 6963 return err; 6964 } 6965 6966 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 6967 { 6968 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6969 struct net_device *dev = info->user_ptr[1]; 6970 struct station_info sinfo; 6971 struct sk_buff *msg; 6972 u8 *mac_addr = NULL; 6973 int err; 6974 6975 memset(&sinfo, 0, sizeof(sinfo)); 6976 6977 if (!info->attrs[NL80211_ATTR_MAC]) 6978 return -EINVAL; 6979 6980 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6981 6982 if (!rdev->ops->get_station) 6983 return -EOPNOTSUPP; 6984 6985 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 6986 if (err) 6987 return err; 6988 6989 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6990 if (!msg) { 6991 cfg80211_sinfo_release_content(&sinfo); 6992 return -ENOMEM; 6993 } 6994 6995 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 6996 info->snd_portid, info->snd_seq, 0, 6997 rdev, dev, mac_addr, &sinfo) < 0) { 6998 nlmsg_free(msg); 6999 return -ENOBUFS; 7000 } 7001 7002 return genlmsg_reply(msg, info); 7003 } 7004 7005 int cfg80211_check_station_change(struct wiphy *wiphy, 7006 struct station_parameters *params, 7007 enum cfg80211_station_type statype) 7008 { 7009 if (params->listen_interval != -1 && 7010 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 7011 return -EINVAL; 7012 7013 if (params->support_p2p_ps != -1 && 7014 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 7015 return -EINVAL; 7016 7017 if (params->aid && 7018 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) && 7019 statype != CFG80211_STA_AP_CLIENT_UNASSOC) 7020 return -EINVAL; 7021 7022 /* When you run into this, adjust the code below for the new flag */ 7023 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8); 7024 7025 switch (statype) { 7026 case CFG80211_STA_MESH_PEER_KERNEL: 7027 case CFG80211_STA_MESH_PEER_USER: 7028 /* 7029 * No ignoring the TDLS flag here -- the userspace mesh 7030 * code doesn't have the bug of including TDLS in the 7031 * mask everywhere. 7032 */ 7033 if (params->sta_flags_mask & 7034 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 7035 BIT(NL80211_STA_FLAG_MFP) | 7036 BIT(NL80211_STA_FLAG_AUTHORIZED))) 7037 return -EINVAL; 7038 break; 7039 case CFG80211_STA_TDLS_PEER_SETUP: 7040 case CFG80211_STA_TDLS_PEER_ACTIVE: 7041 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 7042 return -EINVAL; 7043 /* ignore since it can't change */ 7044 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 7045 break; 7046 default: 7047 /* disallow mesh-specific things */ 7048 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION) 7049 return -EINVAL; 7050 if (params->local_pm) 7051 return -EINVAL; 7052 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 7053 return -EINVAL; 7054 } 7055 7056 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 7057 statype != CFG80211_STA_TDLS_PEER_ACTIVE) { 7058 /* TDLS can't be set, ... */ 7059 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 7060 return -EINVAL; 7061 /* 7062 * ... but don't bother the driver with it. This works around 7063 * a hostapd/wpa_supplicant issue -- it always includes the 7064 * TLDS_PEER flag in the mask even for AP mode. 7065 */ 7066 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 7067 } 7068 7069 if (statype != CFG80211_STA_TDLS_PEER_SETUP && 7070 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 7071 /* reject other things that can't change */ 7072 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) 7073 return -EINVAL; 7074 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY) 7075 return -EINVAL; 7076 if (params->link_sta_params.supported_rates) 7077 return -EINVAL; 7078 if (params->ext_capab || params->link_sta_params.ht_capa || 7079 params->link_sta_params.vht_capa || 7080 params->link_sta_params.he_capa || 7081 params->link_sta_params.eht_capa) 7082 return -EINVAL; 7083 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU)) 7084 return -EINVAL; 7085 } 7086 7087 if (statype != CFG80211_STA_AP_CLIENT && 7088 statype != CFG80211_STA_AP_CLIENT_UNASSOC) { 7089 if (params->vlan) 7090 return -EINVAL; 7091 } 7092 7093 switch (statype) { 7094 case CFG80211_STA_AP_MLME_CLIENT: 7095 /* Use this only for authorizing/unauthorizing a station */ 7096 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED))) 7097 return -EOPNOTSUPP; 7098 break; 7099 case CFG80211_STA_AP_CLIENT: 7100 case CFG80211_STA_AP_CLIENT_UNASSOC: 7101 /* accept only the listed bits */ 7102 if (params->sta_flags_mask & 7103 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 7104 BIT(NL80211_STA_FLAG_AUTHENTICATED) | 7105 BIT(NL80211_STA_FLAG_ASSOCIATED) | 7106 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 7107 BIT(NL80211_STA_FLAG_WME) | 7108 BIT(NL80211_STA_FLAG_MFP) | 7109 BIT(NL80211_STA_FLAG_SPP_AMSDU))) 7110 return -EINVAL; 7111 7112 /* but authenticated/associated only if driver handles it */ 7113 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 7114 params->sta_flags_mask & 7115 (BIT(NL80211_STA_FLAG_AUTHENTICATED) | 7116 BIT(NL80211_STA_FLAG_ASSOCIATED))) 7117 return -EINVAL; 7118 break; 7119 case CFG80211_STA_IBSS: 7120 case CFG80211_STA_AP_STA: 7121 /* reject any changes other than AUTHORIZED */ 7122 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 7123 return -EINVAL; 7124 break; 7125 case CFG80211_STA_TDLS_PEER_SETUP: 7126 /* reject any changes other than AUTHORIZED or WME */ 7127 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 7128 BIT(NL80211_STA_FLAG_WME))) 7129 return -EINVAL; 7130 /* force (at least) rates when authorizing */ 7131 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) && 7132 !params->link_sta_params.supported_rates) 7133 return -EINVAL; 7134 break; 7135 case CFG80211_STA_TDLS_PEER_ACTIVE: 7136 /* reject any changes */ 7137 return -EINVAL; 7138 case CFG80211_STA_MESH_PEER_KERNEL: 7139 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) 7140 return -EINVAL; 7141 break; 7142 case CFG80211_STA_MESH_PEER_USER: 7143 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION && 7144 params->plink_action != NL80211_PLINK_ACTION_BLOCK) 7145 return -EINVAL; 7146 break; 7147 } 7148 7149 /* 7150 * Older kernel versions ignored this attribute entirely, so don't 7151 * reject attempts to update it but mark it as unused instead so the 7152 * driver won't look at the data. 7153 */ 7154 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC && 7155 statype != CFG80211_STA_TDLS_PEER_SETUP) 7156 params->link_sta_params.opmode_notif_used = false; 7157 7158 return 0; 7159 } 7160 EXPORT_SYMBOL(cfg80211_check_station_change); 7161 7162 /* 7163 * Get vlan interface making sure it is running and on the right wiphy. 7164 */ 7165 static struct net_device *get_vlan(struct genl_info *info, 7166 struct cfg80211_registered_device *rdev) 7167 { 7168 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 7169 struct net_device *v; 7170 int ret; 7171 7172 if (!vlanattr) 7173 return NULL; 7174 7175 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 7176 if (!v) 7177 return ERR_PTR(-ENODEV); 7178 7179 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 7180 ret = -EINVAL; 7181 goto error; 7182 } 7183 7184 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 7185 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 7186 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 7187 ret = -EINVAL; 7188 goto error; 7189 } 7190 7191 if (!netif_running(v)) { 7192 ret = -ENETDOWN; 7193 goto error; 7194 } 7195 7196 return v; 7197 error: 7198 dev_put(v); 7199 return ERR_PTR(ret); 7200 } 7201 7202 static int nl80211_parse_sta_wme(struct genl_info *info, 7203 struct station_parameters *params) 7204 { 7205 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 7206 struct nlattr *nla; 7207 int err; 7208 7209 /* parse WME attributes if present */ 7210 if (!info->attrs[NL80211_ATTR_STA_WME]) 7211 return 0; 7212 7213 nla = info->attrs[NL80211_ATTR_STA_WME]; 7214 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla, 7215 nl80211_sta_wme_policy, 7216 info->extack); 7217 if (err) 7218 return err; 7219 7220 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 7221 params->uapsd_queues = nla_get_u8( 7222 tb[NL80211_STA_WME_UAPSD_QUEUES]); 7223 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 7224 return -EINVAL; 7225 7226 if (tb[NL80211_STA_WME_MAX_SP]) 7227 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 7228 7229 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 7230 return -EINVAL; 7231 7232 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 7233 7234 return 0; 7235 } 7236 7237 static int nl80211_parse_sta_channel_info(struct genl_info *info, 7238 struct station_parameters *params) 7239 { 7240 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) { 7241 params->supported_channels = 7242 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 7243 params->supported_channels_len = 7244 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]); 7245 /* 7246 * Need to include at least one (first channel, number of 7247 * channels) tuple for each subband (checked in policy), 7248 * and must have proper tuples for the rest of the data as well. 7249 */ 7250 if (params->supported_channels_len % 2) 7251 return -EINVAL; 7252 } 7253 7254 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) { 7255 params->supported_oper_classes = 7256 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 7257 params->supported_oper_classes_len = 7258 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]); 7259 } 7260 return 0; 7261 } 7262 7263 static int nl80211_set_station_tdls(struct genl_info *info, 7264 struct station_parameters *params) 7265 { 7266 int err; 7267 /* Dummy STA entry gets updated once the peer capabilities are known */ 7268 if (info->attrs[NL80211_ATTR_PEER_AID]) 7269 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 7270 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 7271 params->link_sta_params.ht_capa = 7272 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 7273 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 7274 params->link_sta_params.vht_capa = 7275 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 7276 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 7277 params->link_sta_params.he_capa = 7278 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7279 params->link_sta_params.he_capa_len = 7280 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7281 7282 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 7283 params->link_sta_params.eht_capa = 7284 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7285 params->link_sta_params.eht_capa_len = 7286 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7287 7288 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa, 7289 (const u8 *)params->link_sta_params.eht_capa, 7290 params->link_sta_params.eht_capa_len, 7291 false)) 7292 return -EINVAL; 7293 } 7294 } 7295 7296 err = nl80211_parse_sta_channel_info(info, params); 7297 if (err) 7298 return err; 7299 7300 return nl80211_parse_sta_wme(info, params); 7301 } 7302 7303 static int nl80211_parse_sta_txpower_setting(struct genl_info *info, 7304 struct sta_txpwr *txpwr, 7305 bool *txpwr_set) 7306 { 7307 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7308 int idx; 7309 7310 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) { 7311 if (!rdev->ops->set_tx_power || 7312 !wiphy_ext_feature_isset(&rdev->wiphy, 7313 NL80211_EXT_FEATURE_STA_TX_PWR)) 7314 return -EOPNOTSUPP; 7315 7316 idx = NL80211_ATTR_STA_TX_POWER_SETTING; 7317 txpwr->type = nla_get_u8(info->attrs[idx]); 7318 7319 if (txpwr->type == NL80211_TX_POWER_LIMITED) { 7320 idx = NL80211_ATTR_STA_TX_POWER; 7321 7322 if (info->attrs[idx]) 7323 txpwr->power = nla_get_s16(info->attrs[idx]); 7324 else 7325 return -EINVAL; 7326 } 7327 7328 *txpwr_set = true; 7329 } else { 7330 *txpwr_set = false; 7331 } 7332 7333 return 0; 7334 } 7335 7336 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 7337 { 7338 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7339 struct net_device *dev = info->user_ptr[1]; 7340 struct station_parameters params; 7341 u8 *mac_addr; 7342 int err; 7343 7344 memset(¶ms, 0, sizeof(params)); 7345 7346 if (!rdev->ops->change_station) 7347 return -EOPNOTSUPP; 7348 7349 /* 7350 * AID and listen_interval properties can be set only for unassociated 7351 * station. Include these parameters here and will check them in 7352 * cfg80211_check_station_change(). 7353 */ 7354 if (info->attrs[NL80211_ATTR_STA_AID]) 7355 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 7356 7357 if (info->attrs[NL80211_ATTR_VLAN_ID]) 7358 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 7359 7360 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 7361 params.listen_interval = 7362 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 7363 else 7364 params.listen_interval = -1; 7365 7366 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) 7367 params.support_p2p_ps = 7368 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 7369 else 7370 params.support_p2p_ps = -1; 7371 7372 if (!info->attrs[NL80211_ATTR_MAC]) 7373 return -EINVAL; 7374 7375 params.link_sta_params.link_id = 7376 nl80211_link_id_or_invalid(info->attrs); 7377 7378 if (info->attrs[NL80211_ATTR_MLD_ADDR]) { 7379 /* If MLD_ADDR attribute is set then this is an MLD station 7380 * and the MLD_ADDR attribute holds the MLD address and the 7381 * MAC attribute holds for the LINK address. 7382 * In that case, the link_id is also expected to be valid. 7383 */ 7384 if (params.link_sta_params.link_id < 0) 7385 return -EINVAL; 7386 7387 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 7388 params.link_sta_params.mld_mac = mac_addr; 7389 params.link_sta_params.link_mac = 7390 nla_data(info->attrs[NL80211_ATTR_MAC]); 7391 if (!is_valid_ether_addr(params.link_sta_params.link_mac)) 7392 return -EINVAL; 7393 } else { 7394 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 7395 } 7396 7397 7398 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 7399 params.link_sta_params.supported_rates = 7400 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7401 params.link_sta_params.supported_rates_len = 7402 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7403 } 7404 7405 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 7406 params.capability = 7407 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 7408 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 7409 } 7410 7411 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 7412 params.ext_capab = 7413 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7414 params.ext_capab_len = 7415 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7416 } 7417 7418 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 7419 return -EINVAL; 7420 7421 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 7422 params.plink_action = 7423 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 7424 7425 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) { 7426 params.plink_state = 7427 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 7428 if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) 7429 params.peer_aid = nla_get_u16( 7430 info->attrs[NL80211_ATTR_MESH_PEER_AID]); 7431 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE; 7432 } 7433 7434 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) 7435 params.local_pm = nla_get_u32( 7436 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]); 7437 7438 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 7439 params.link_sta_params.opmode_notif_used = true; 7440 params.link_sta_params.opmode_notif = 7441 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 7442 } 7443 7444 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 7445 params.link_sta_params.he_6ghz_capa = 7446 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 7447 7448 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]) 7449 params.airtime_weight = 7450 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]); 7451 7452 if (params.airtime_weight && 7453 !wiphy_ext_feature_isset(&rdev->wiphy, 7454 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 7455 return -EOPNOTSUPP; 7456 7457 err = nl80211_parse_sta_txpower_setting(info, 7458 ¶ms.link_sta_params.txpwr, 7459 ¶ms.link_sta_params.txpwr_set); 7460 if (err) 7461 return err; 7462 7463 /* Include parameters for TDLS peer (will check later) */ 7464 err = nl80211_set_station_tdls(info, ¶ms); 7465 if (err) 7466 return err; 7467 7468 params.vlan = get_vlan(info, rdev); 7469 if (IS_ERR(params.vlan)) 7470 return PTR_ERR(params.vlan); 7471 7472 switch (dev->ieee80211_ptr->iftype) { 7473 case NL80211_IFTYPE_AP: 7474 case NL80211_IFTYPE_AP_VLAN: 7475 case NL80211_IFTYPE_P2P_GO: 7476 case NL80211_IFTYPE_P2P_CLIENT: 7477 case NL80211_IFTYPE_STATION: 7478 case NL80211_IFTYPE_ADHOC: 7479 case NL80211_IFTYPE_MESH_POINT: 7480 break; 7481 default: 7482 err = -EOPNOTSUPP; 7483 goto out_put_vlan; 7484 } 7485 7486 /* driver will call cfg80211_check_station_change() */ 7487 err = rdev_change_station(rdev, dev, mac_addr, ¶ms); 7488 7489 out_put_vlan: 7490 dev_put(params.vlan); 7491 7492 return err; 7493 } 7494 7495 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 7496 { 7497 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7498 int err; 7499 struct net_device *dev = info->user_ptr[1]; 7500 struct wireless_dev *wdev = dev->ieee80211_ptr; 7501 struct station_parameters params; 7502 u8 *mac_addr = NULL; 7503 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 7504 BIT(NL80211_STA_FLAG_ASSOCIATED); 7505 7506 memset(¶ms, 0, sizeof(params)); 7507 7508 if (!rdev->ops->add_station) 7509 return -EOPNOTSUPP; 7510 7511 if (!info->attrs[NL80211_ATTR_MAC]) 7512 return -EINVAL; 7513 7514 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 7515 return -EINVAL; 7516 7517 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 7518 return -EINVAL; 7519 7520 if (!info->attrs[NL80211_ATTR_STA_AID] && 7521 !info->attrs[NL80211_ATTR_PEER_AID]) 7522 return -EINVAL; 7523 7524 params.link_sta_params.link_id = 7525 nl80211_link_id_or_invalid(info->attrs); 7526 7527 if (info->attrs[NL80211_ATTR_MLD_ADDR]) { 7528 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 7529 params.link_sta_params.mld_mac = mac_addr; 7530 params.link_sta_params.link_mac = 7531 nla_data(info->attrs[NL80211_ATTR_MAC]); 7532 if (!is_valid_ether_addr(params.link_sta_params.link_mac)) 7533 return -EINVAL; 7534 } else { 7535 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 7536 } 7537 7538 params.link_sta_params.supported_rates = 7539 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7540 params.link_sta_params.supported_rates_len = 7541 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 7542 params.listen_interval = 7543 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 7544 7545 if (info->attrs[NL80211_ATTR_VLAN_ID]) 7546 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]); 7547 7548 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) { 7549 params.support_p2p_ps = 7550 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]); 7551 } else { 7552 /* 7553 * if not specified, assume it's supported for P2P GO interface, 7554 * and is NOT supported for AP interface 7555 */ 7556 params.support_p2p_ps = 7557 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO; 7558 } 7559 7560 if (info->attrs[NL80211_ATTR_PEER_AID]) 7561 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]); 7562 else 7563 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 7564 7565 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) { 7566 params.capability = 7567 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]); 7568 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY; 7569 } 7570 7571 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) { 7572 params.ext_capab = 7573 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7574 params.ext_capab_len = 7575 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]); 7576 } 7577 7578 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 7579 params.link_sta_params.ht_capa = 7580 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 7581 7582 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 7583 params.link_sta_params.vht_capa = 7584 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 7585 7586 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 7587 params.link_sta_params.he_capa = 7588 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7589 params.link_sta_params.he_capa_len = 7590 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 7591 7592 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 7593 params.link_sta_params.eht_capa = 7594 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7595 params.link_sta_params.eht_capa_len = 7596 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 7597 7598 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa, 7599 (const u8 *)params.link_sta_params.eht_capa, 7600 params.link_sta_params.eht_capa_len, 7601 false)) 7602 return -EINVAL; 7603 } 7604 } 7605 7606 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 7607 params.link_sta_params.he_6ghz_capa = 7608 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 7609 7610 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 7611 params.link_sta_params.opmode_notif_used = true; 7612 params.link_sta_params.opmode_notif = 7613 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 7614 } 7615 7616 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 7617 params.plink_action = 7618 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 7619 7620 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]) 7621 params.airtime_weight = 7622 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]); 7623 7624 if (params.airtime_weight && 7625 !wiphy_ext_feature_isset(&rdev->wiphy, 7626 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS)) 7627 return -EOPNOTSUPP; 7628 7629 err = nl80211_parse_sta_txpower_setting(info, 7630 ¶ms.link_sta_params.txpwr, 7631 ¶ms.link_sta_params.txpwr_set); 7632 if (err) 7633 return err; 7634 7635 err = nl80211_parse_sta_channel_info(info, ¶ms); 7636 if (err) 7637 return err; 7638 7639 err = nl80211_parse_sta_wme(info, ¶ms); 7640 if (err) 7641 return err; 7642 7643 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 7644 return -EINVAL; 7645 7646 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT 7647 * as userspace might just pass through the capabilities from the IEs 7648 * directly, rather than enforcing this restriction and returning an 7649 * error in this case. 7650 */ 7651 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) { 7652 params.link_sta_params.ht_capa = NULL; 7653 params.link_sta_params.vht_capa = NULL; 7654 7655 /* HE and EHT require WME */ 7656 if (params.link_sta_params.he_capa_len || 7657 params.link_sta_params.he_6ghz_capa || 7658 params.link_sta_params.eht_capa_len) 7659 return -EINVAL; 7660 } 7661 7662 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */ 7663 if (params.link_sta_params.he_6ghz_capa && 7664 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa)) 7665 return -EINVAL; 7666 7667 /* When you run into this, adjust the code below for the new flag */ 7668 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8); 7669 7670 switch (dev->ieee80211_ptr->iftype) { 7671 case NL80211_IFTYPE_AP: 7672 case NL80211_IFTYPE_AP_VLAN: 7673 case NL80211_IFTYPE_P2P_GO: 7674 /* ignore WME attributes if iface/sta is not capable */ 7675 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) || 7676 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) 7677 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7678 7679 /* TDLS peers cannot be added */ 7680 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 7681 info->attrs[NL80211_ATTR_PEER_AID]) 7682 return -EINVAL; 7683 /* but don't bother the driver with it */ 7684 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 7685 7686 /* allow authenticated/associated only if driver handles it */ 7687 if (!(rdev->wiphy.features & 7688 NL80211_FEATURE_FULL_AP_CLIENT_STATE) && 7689 params.sta_flags_mask & auth_assoc) 7690 return -EINVAL; 7691 7692 if (!wiphy_ext_feature_isset(&rdev->wiphy, 7693 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) && 7694 params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU)) 7695 return -EINVAL; 7696 7697 /* Older userspace, or userspace wanting to be compatible with 7698 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth 7699 * and assoc flags in the mask, but assumes the station will be 7700 * added as associated anyway since this was the required driver 7701 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was 7702 * introduced. 7703 * In order to not bother drivers with this quirk in the API 7704 * set the flags in both the mask and set for new stations in 7705 * this case. 7706 */ 7707 if (!(params.sta_flags_mask & auth_assoc)) { 7708 params.sta_flags_mask |= auth_assoc; 7709 params.sta_flags_set |= auth_assoc; 7710 } 7711 7712 /* must be last in here for error handling */ 7713 params.vlan = get_vlan(info, rdev); 7714 if (IS_ERR(params.vlan)) 7715 return PTR_ERR(params.vlan); 7716 break; 7717 case NL80211_IFTYPE_MESH_POINT: 7718 /* ignore uAPSD data */ 7719 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7720 7721 /* associated is disallowed */ 7722 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) 7723 return -EINVAL; 7724 /* TDLS peers cannot be added */ 7725 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) || 7726 info->attrs[NL80211_ATTR_PEER_AID]) 7727 return -EINVAL; 7728 break; 7729 case NL80211_IFTYPE_STATION: 7730 case NL80211_IFTYPE_P2P_CLIENT: 7731 /* ignore uAPSD data */ 7732 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD; 7733 7734 /* these are disallowed */ 7735 if (params.sta_flags_mask & 7736 (BIT(NL80211_STA_FLAG_ASSOCIATED) | 7737 BIT(NL80211_STA_FLAG_AUTHENTICATED))) 7738 return -EINVAL; 7739 /* Only TDLS peers can be added */ 7740 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 7741 return -EINVAL; 7742 /* Can only add if TDLS ... */ 7743 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 7744 return -EOPNOTSUPP; 7745 /* ... with external setup is supported */ 7746 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 7747 return -EOPNOTSUPP; 7748 /* 7749 * Older wpa_supplicant versions always mark the TDLS peer 7750 * as authorized, but it shouldn't yet be. 7751 */ 7752 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED); 7753 break; 7754 default: 7755 return -EOPNOTSUPP; 7756 } 7757 7758 /* be aware of params.vlan when changing code here */ 7759 7760 if (wdev->valid_links) { 7761 if (params.link_sta_params.link_id < 0) { 7762 err = -EINVAL; 7763 goto out; 7764 } 7765 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) { 7766 err = -ENOLINK; 7767 goto out; 7768 } 7769 } else { 7770 if (params.link_sta_params.link_id >= 0) { 7771 err = -EINVAL; 7772 goto out; 7773 } 7774 } 7775 err = rdev_add_station(rdev, dev, mac_addr, ¶ms); 7776 out: 7777 dev_put(params.vlan); 7778 return err; 7779 } 7780 7781 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 7782 { 7783 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7784 struct net_device *dev = info->user_ptr[1]; 7785 struct wireless_dev *wdev = dev->ieee80211_ptr; 7786 struct station_del_parameters params; 7787 int link_id = nl80211_link_id_or_invalid(info->attrs); 7788 7789 memset(¶ms, 0, sizeof(params)); 7790 7791 if (info->attrs[NL80211_ATTR_MAC]) 7792 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]); 7793 7794 switch (wdev->iftype) { 7795 case NL80211_IFTYPE_AP: 7796 case NL80211_IFTYPE_AP_VLAN: 7797 case NL80211_IFTYPE_MESH_POINT: 7798 case NL80211_IFTYPE_P2P_GO: 7799 /* always accept these */ 7800 break; 7801 case NL80211_IFTYPE_ADHOC: 7802 /* conditionally accept */ 7803 if (wiphy_ext_feature_isset(&rdev->wiphy, 7804 NL80211_EXT_FEATURE_DEL_IBSS_STA)) 7805 break; 7806 return -EINVAL; 7807 default: 7808 return -EINVAL; 7809 } 7810 7811 if (!rdev->ops->del_station) 7812 return -EOPNOTSUPP; 7813 7814 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) { 7815 params.subtype = 7816 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]); 7817 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 && 7818 params.subtype != IEEE80211_STYPE_DEAUTH >> 4) 7819 return -EINVAL; 7820 } else { 7821 /* Default to Deauthentication frame */ 7822 params.subtype = IEEE80211_STYPE_DEAUTH >> 4; 7823 } 7824 7825 if (info->attrs[NL80211_ATTR_REASON_CODE]) { 7826 params.reason_code = 7827 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 7828 if (params.reason_code == 0) 7829 return -EINVAL; /* 0 is reserved */ 7830 } else { 7831 /* Default to reason code 2 */ 7832 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID; 7833 } 7834 7835 /* Link ID not expected in case of non-ML operation */ 7836 if (!wdev->valid_links && link_id != -1) 7837 return -EINVAL; 7838 7839 /* If given, a valid link ID should be passed during MLO */ 7840 if (wdev->valid_links && link_id >= 0 && 7841 !(wdev->valid_links & BIT(link_id))) 7842 return -EINVAL; 7843 7844 params.link_id = link_id; 7845 7846 return rdev_del_station(rdev, dev, ¶ms); 7847 } 7848 7849 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq, 7850 int flags, struct net_device *dev, 7851 u8 *dst, u8 *next_hop, 7852 struct mpath_info *pinfo) 7853 { 7854 void *hdr; 7855 struct nlattr *pinfoattr; 7856 7857 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH); 7858 if (!hdr) 7859 return -1; 7860 7861 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7862 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 7863 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 7864 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 7865 goto nla_put_failure; 7866 7867 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO); 7868 if (!pinfoattr) 7869 goto nla_put_failure; 7870 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 7871 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 7872 pinfo->frame_qlen)) 7873 goto nla_put_failure; 7874 if (((pinfo->filled & MPATH_INFO_SN) && 7875 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 7876 ((pinfo->filled & MPATH_INFO_METRIC) && 7877 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 7878 pinfo->metric)) || 7879 ((pinfo->filled & MPATH_INFO_EXPTIME) && 7880 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 7881 pinfo->exptime)) || 7882 ((pinfo->filled & MPATH_INFO_FLAGS) && 7883 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 7884 pinfo->flags)) || 7885 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 7886 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 7887 pinfo->discovery_timeout)) || 7888 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 7889 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 7890 pinfo->discovery_retries)) || 7891 ((pinfo->filled & MPATH_INFO_HOP_COUNT) && 7892 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT, 7893 pinfo->hop_count)) || 7894 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) && 7895 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE, 7896 pinfo->path_change_count))) 7897 goto nla_put_failure; 7898 7899 nla_nest_end(msg, pinfoattr); 7900 7901 genlmsg_end(msg, hdr); 7902 return 0; 7903 7904 nla_put_failure: 7905 genlmsg_cancel(msg, hdr); 7906 return -EMSGSIZE; 7907 } 7908 7909 static int nl80211_dump_mpath(struct sk_buff *skb, 7910 struct netlink_callback *cb) 7911 { 7912 struct mpath_info pinfo; 7913 struct cfg80211_registered_device *rdev; 7914 struct wireless_dev *wdev; 7915 u8 dst[ETH_ALEN]; 7916 u8 next_hop[ETH_ALEN]; 7917 int path_idx = cb->args[2]; 7918 int err; 7919 7920 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 7921 if (err) 7922 return err; 7923 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 7924 __acquire(&rdev->wiphy.mtx); 7925 7926 if (!rdev->ops->dump_mpath) { 7927 err = -EOPNOTSUPP; 7928 goto out_err; 7929 } 7930 7931 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 7932 err = -EOPNOTSUPP; 7933 goto out_err; 7934 } 7935 7936 while (1) { 7937 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst, 7938 next_hop, &pinfo); 7939 if (err == -ENOENT) 7940 break; 7941 if (err) 7942 goto out_err; 7943 7944 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 7945 cb->nlh->nlmsg_seq, NLM_F_MULTI, 7946 wdev->netdev, dst, next_hop, 7947 &pinfo) < 0) 7948 goto out; 7949 7950 path_idx++; 7951 } 7952 7953 out: 7954 cb->args[2] = path_idx; 7955 err = skb->len; 7956 out_err: 7957 wiphy_unlock(&rdev->wiphy); 7958 return err; 7959 } 7960 7961 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 7962 { 7963 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 7964 int err; 7965 struct net_device *dev = info->user_ptr[1]; 7966 struct mpath_info pinfo; 7967 struct sk_buff *msg; 7968 u8 *dst = NULL; 7969 u8 next_hop[ETH_ALEN]; 7970 7971 memset(&pinfo, 0, sizeof(pinfo)); 7972 7973 if (!info->attrs[NL80211_ATTR_MAC]) 7974 return -EINVAL; 7975 7976 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 7977 7978 if (!rdev->ops->get_mpath) 7979 return -EOPNOTSUPP; 7980 7981 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 7982 return -EOPNOTSUPP; 7983 7984 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo); 7985 if (err) 7986 return err; 7987 7988 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7989 if (!msg) 7990 return -ENOMEM; 7991 7992 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 7993 dev, dst, next_hop, &pinfo) < 0) { 7994 nlmsg_free(msg); 7995 return -ENOBUFS; 7996 } 7997 7998 return genlmsg_reply(msg, info); 7999 } 8000 8001 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 8002 { 8003 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8004 struct net_device *dev = info->user_ptr[1]; 8005 u8 *dst = NULL; 8006 u8 *next_hop = NULL; 8007 8008 if (!info->attrs[NL80211_ATTR_MAC]) 8009 return -EINVAL; 8010 8011 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 8012 return -EINVAL; 8013 8014 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 8015 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 8016 8017 if (!rdev->ops->change_mpath) 8018 return -EOPNOTSUPP; 8019 8020 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 8021 return -EOPNOTSUPP; 8022 8023 return rdev_change_mpath(rdev, dev, dst, next_hop); 8024 } 8025 8026 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 8027 { 8028 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8029 struct net_device *dev = info->user_ptr[1]; 8030 u8 *dst = NULL; 8031 u8 *next_hop = NULL; 8032 8033 if (!info->attrs[NL80211_ATTR_MAC]) 8034 return -EINVAL; 8035 8036 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 8037 return -EINVAL; 8038 8039 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 8040 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 8041 8042 if (!rdev->ops->add_mpath) 8043 return -EOPNOTSUPP; 8044 8045 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 8046 return -EOPNOTSUPP; 8047 8048 return rdev_add_mpath(rdev, dev, dst, next_hop); 8049 } 8050 8051 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 8052 { 8053 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8054 struct net_device *dev = info->user_ptr[1]; 8055 u8 *dst = NULL; 8056 8057 if (info->attrs[NL80211_ATTR_MAC]) 8058 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 8059 8060 if (!rdev->ops->del_mpath) 8061 return -EOPNOTSUPP; 8062 8063 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 8064 return -EOPNOTSUPP; 8065 8066 return rdev_del_mpath(rdev, dev, dst); 8067 } 8068 8069 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info) 8070 { 8071 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8072 int err; 8073 struct net_device *dev = info->user_ptr[1]; 8074 struct mpath_info pinfo; 8075 struct sk_buff *msg; 8076 u8 *dst = NULL; 8077 u8 mpp[ETH_ALEN]; 8078 8079 memset(&pinfo, 0, sizeof(pinfo)); 8080 8081 if (!info->attrs[NL80211_ATTR_MAC]) 8082 return -EINVAL; 8083 8084 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 8085 8086 if (!rdev->ops->get_mpp) 8087 return -EOPNOTSUPP; 8088 8089 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 8090 return -EOPNOTSUPP; 8091 8092 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo); 8093 if (err) 8094 return err; 8095 8096 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8097 if (!msg) 8098 return -ENOMEM; 8099 8100 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0, 8101 dev, dst, mpp, &pinfo) < 0) { 8102 nlmsg_free(msg); 8103 return -ENOBUFS; 8104 } 8105 8106 return genlmsg_reply(msg, info); 8107 } 8108 8109 static int nl80211_dump_mpp(struct sk_buff *skb, 8110 struct netlink_callback *cb) 8111 { 8112 struct mpath_info pinfo; 8113 struct cfg80211_registered_device *rdev; 8114 struct wireless_dev *wdev; 8115 u8 dst[ETH_ALEN]; 8116 u8 mpp[ETH_ALEN]; 8117 int path_idx = cb->args[2]; 8118 int err; 8119 8120 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL); 8121 if (err) 8122 return err; 8123 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 8124 __acquire(&rdev->wiphy.mtx); 8125 8126 if (!rdev->ops->dump_mpp) { 8127 err = -EOPNOTSUPP; 8128 goto out_err; 8129 } 8130 8131 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) { 8132 err = -EOPNOTSUPP; 8133 goto out_err; 8134 } 8135 8136 while (1) { 8137 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst, 8138 mpp, &pinfo); 8139 if (err == -ENOENT) 8140 break; 8141 if (err) 8142 goto out_err; 8143 8144 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 8145 cb->nlh->nlmsg_seq, NLM_F_MULTI, 8146 wdev->netdev, dst, mpp, 8147 &pinfo) < 0) 8148 goto out; 8149 8150 path_idx++; 8151 } 8152 8153 out: 8154 cb->args[2] = path_idx; 8155 err = skb->len; 8156 out_err: 8157 wiphy_unlock(&rdev->wiphy); 8158 return err; 8159 } 8160 8161 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 8162 { 8163 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8164 struct net_device *dev = info->user_ptr[1]; 8165 struct bss_parameters params; 8166 8167 memset(¶ms, 0, sizeof(params)); 8168 params.link_id = nl80211_link_id_or_invalid(info->attrs); 8169 /* default to not changing parameters */ 8170 params.use_cts_prot = -1; 8171 params.use_short_preamble = -1; 8172 params.use_short_slot_time = -1; 8173 params.ap_isolate = -1; 8174 params.ht_opmode = -1; 8175 params.p2p_ctwindow = -1; 8176 params.p2p_opp_ps = -1; 8177 8178 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 8179 params.use_cts_prot = 8180 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 8181 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 8182 params.use_short_preamble = 8183 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 8184 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 8185 params.use_short_slot_time = 8186 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 8187 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 8188 params.basic_rates = 8189 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8190 params.basic_rates_len = 8191 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 8192 } 8193 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 8194 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 8195 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 8196 params.ht_opmode = 8197 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 8198 8199 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) { 8200 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 8201 return -EINVAL; 8202 params.p2p_ctwindow = 8203 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]); 8204 if (params.p2p_ctwindow != 0 && 8205 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) 8206 return -EINVAL; 8207 } 8208 8209 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) { 8210 u8 tmp; 8211 8212 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 8213 return -EINVAL; 8214 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]); 8215 params.p2p_opp_ps = tmp; 8216 if (params.p2p_opp_ps && 8217 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) 8218 return -EINVAL; 8219 } 8220 8221 if (!rdev->ops->change_bss) 8222 return -EOPNOTSUPP; 8223 8224 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 8225 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 8226 return -EOPNOTSUPP; 8227 8228 return rdev_change_bss(rdev, dev, ¶ms); 8229 } 8230 8231 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 8232 { 8233 char *data = NULL; 8234 bool is_indoor; 8235 enum nl80211_user_reg_hint_type user_reg_hint_type; 8236 u32 owner_nlportid; 8237 8238 /* 8239 * You should only get this when cfg80211 hasn't yet initialized 8240 * completely when built-in to the kernel right between the time 8241 * window between nl80211_init() and regulatory_init(), if that is 8242 * even possible. 8243 */ 8244 if (unlikely(!rcu_access_pointer(cfg80211_regdomain))) 8245 return -EINPROGRESS; 8246 8247 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]) 8248 user_reg_hint_type = 8249 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]); 8250 else 8251 user_reg_hint_type = NL80211_USER_REG_HINT_USER; 8252 8253 switch (user_reg_hint_type) { 8254 case NL80211_USER_REG_HINT_USER: 8255 case NL80211_USER_REG_HINT_CELL_BASE: 8256 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 8257 return -EINVAL; 8258 8259 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 8260 return regulatory_hint_user(data, user_reg_hint_type); 8261 case NL80211_USER_REG_HINT_INDOOR: 8262 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 8263 owner_nlportid = info->snd_portid; 8264 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR]; 8265 } else { 8266 owner_nlportid = 0; 8267 is_indoor = true; 8268 } 8269 8270 regulatory_hint_indoor(is_indoor, owner_nlportid); 8271 return 0; 8272 default: 8273 return -EINVAL; 8274 } 8275 } 8276 8277 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info) 8278 { 8279 return reg_reload_regdb(); 8280 } 8281 8282 static int nl80211_get_mesh_config(struct sk_buff *skb, 8283 struct genl_info *info) 8284 { 8285 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8286 struct net_device *dev = info->user_ptr[1]; 8287 struct wireless_dev *wdev = dev->ieee80211_ptr; 8288 struct mesh_config cur_params; 8289 int err = 0; 8290 void *hdr; 8291 struct nlattr *pinfoattr; 8292 struct sk_buff *msg; 8293 8294 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 8295 return -EOPNOTSUPP; 8296 8297 if (!rdev->ops->get_mesh_config) 8298 return -EOPNOTSUPP; 8299 8300 /* If not connected, get default parameters */ 8301 if (!wdev->u.mesh.id_len) 8302 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 8303 else 8304 err = rdev_get_mesh_config(rdev, dev, &cur_params); 8305 8306 if (err) 8307 return err; 8308 8309 /* Draw up a netlink message to send back */ 8310 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8311 if (!msg) 8312 return -ENOMEM; 8313 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8314 NL80211_CMD_GET_MESH_CONFIG); 8315 if (!hdr) 8316 goto out; 8317 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG); 8318 if (!pinfoattr) 8319 goto nla_put_failure; 8320 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8321 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 8322 cur_params.dot11MeshRetryTimeout) || 8323 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 8324 cur_params.dot11MeshConfirmTimeout) || 8325 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 8326 cur_params.dot11MeshHoldingTimeout) || 8327 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 8328 cur_params.dot11MeshMaxPeerLinks) || 8329 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 8330 cur_params.dot11MeshMaxRetries) || 8331 nla_put_u8(msg, NL80211_MESHCONF_TTL, 8332 cur_params.dot11MeshTTL) || 8333 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 8334 cur_params.element_ttl) || 8335 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 8336 cur_params.auto_open_plinks) || 8337 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 8338 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 8339 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 8340 cur_params.dot11MeshHWMPmaxPREQretries) || 8341 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 8342 cur_params.path_refresh_time) || 8343 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 8344 cur_params.min_discovery_timeout) || 8345 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 8346 cur_params.dot11MeshHWMPactivePathTimeout) || 8347 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 8348 cur_params.dot11MeshHWMPpreqMinInterval) || 8349 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 8350 cur_params.dot11MeshHWMPperrMinInterval) || 8351 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 8352 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 8353 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 8354 cur_params.dot11MeshHWMPRootMode) || 8355 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 8356 cur_params.dot11MeshHWMPRannInterval) || 8357 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 8358 cur_params.dot11MeshGateAnnouncementProtocol) || 8359 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 8360 cur_params.dot11MeshForwarding) || 8361 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 8362 cur_params.rssi_threshold) || 8363 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 8364 cur_params.ht_opmode) || 8365 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 8366 cur_params.dot11MeshHWMPactivePathToRootTimeout) || 8367 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 8368 cur_params.dot11MeshHWMProotInterval) || 8369 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 8370 cur_params.dot11MeshHWMPconfirmationInterval) || 8371 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE, 8372 cur_params.power_mode) || 8373 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW, 8374 cur_params.dot11MeshAwakeWindowDuration) || 8375 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT, 8376 cur_params.plink_timeout) || 8377 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE, 8378 cur_params.dot11MeshConnectedToMeshGate) || 8379 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN, 8380 cur_params.dot11MeshNolearn) || 8381 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS, 8382 cur_params.dot11MeshConnectedToAuthServer)) 8383 goto nla_put_failure; 8384 nla_nest_end(msg, pinfoattr); 8385 genlmsg_end(msg, hdr); 8386 return genlmsg_reply(msg, info); 8387 8388 nla_put_failure: 8389 out: 8390 nlmsg_free(msg); 8391 return -ENOBUFS; 8392 } 8393 8394 static const struct nla_policy 8395 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 8396 [NL80211_MESHCONF_RETRY_TIMEOUT] = 8397 NLA_POLICY_RANGE(NLA_U16, 1, 255), 8398 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = 8399 NLA_POLICY_RANGE(NLA_U16, 1, 255), 8400 [NL80211_MESHCONF_HOLDING_TIMEOUT] = 8401 NLA_POLICY_RANGE(NLA_U16, 1, 255), 8402 [NL80211_MESHCONF_MAX_PEER_LINKS] = 8403 NLA_POLICY_RANGE(NLA_U16, 0, 255), 8404 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16), 8405 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1), 8406 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1), 8407 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1), 8408 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = 8409 NLA_POLICY_RANGE(NLA_U32, 1, 255), 8410 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 8411 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 8412 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1), 8413 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 8414 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = 8415 NLA_POLICY_MIN(NLA_U16, 1), 8416 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = 8417 NLA_POLICY_MIN(NLA_U16, 1), 8418 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = 8419 NLA_POLICY_MIN(NLA_U16, 1), 8420 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4), 8421 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = 8422 NLA_POLICY_MIN(NLA_U16, 1), 8423 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1), 8424 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1), 8425 [NL80211_MESHCONF_RSSI_THRESHOLD] = 8426 NLA_POLICY_RANGE(NLA_S32, -255, 0), 8427 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 }, 8428 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 }, 8429 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = 8430 NLA_POLICY_MIN(NLA_U16, 1), 8431 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = 8432 NLA_POLICY_MIN(NLA_U16, 1), 8433 [NL80211_MESHCONF_POWER_MODE] = 8434 NLA_POLICY_RANGE(NLA_U32, 8435 NL80211_MESH_POWER_ACTIVE, 8436 NL80211_MESH_POWER_MAX), 8437 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 }, 8438 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 }, 8439 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 8440 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 8441 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1), 8442 }; 8443 8444 static const struct nla_policy 8445 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 8446 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 8447 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 8448 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 8449 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 8450 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 }, 8451 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG }, 8452 [NL80211_MESH_SETUP_IE] = 8453 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr, 8454 IEEE80211_MAX_DATA_LEN), 8455 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 8456 }; 8457 8458 static int nl80211_parse_mesh_config(struct genl_info *info, 8459 struct mesh_config *cfg, 8460 u32 *mask_out) 8461 { 8462 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 8463 u32 mask = 0; 8464 u16 ht_opmode; 8465 8466 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \ 8467 do { \ 8468 if (tb[attr]) { \ 8469 cfg->param = fn(tb[attr]); \ 8470 mask |= BIT((attr) - 1); \ 8471 } \ 8472 } while (0) 8473 8474 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 8475 return -EINVAL; 8476 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack)) 8477 return -EINVAL; 8478 8479 /* This makes sure that there aren't more than 32 mesh config 8480 * parameters (otherwise our bitfield scheme would not work.) */ 8481 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 8482 8483 /* Fill in the params struct */ 8484 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask, 8485 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 8486 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask, 8487 NL80211_MESHCONF_CONFIRM_TIMEOUT, 8488 nla_get_u16); 8489 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask, 8490 NL80211_MESHCONF_HOLDING_TIMEOUT, 8491 nla_get_u16); 8492 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask, 8493 NL80211_MESHCONF_MAX_PEER_LINKS, 8494 nla_get_u16); 8495 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask, 8496 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 8497 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask, 8498 NL80211_MESHCONF_TTL, nla_get_u8); 8499 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask, 8500 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8); 8501 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask, 8502 NL80211_MESHCONF_AUTO_OPEN_PLINKS, 8503 nla_get_u8); 8504 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 8505 mask, 8506 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 8507 nla_get_u32); 8508 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask, 8509 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 8510 nla_get_u8); 8511 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask, 8512 NL80211_MESHCONF_PATH_REFRESH_TIME, 8513 nla_get_u32); 8514 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) && 8515 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535)) 8516 return -EINVAL; 8517 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask, 8518 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 8519 nla_get_u16); 8520 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 8521 mask, 8522 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 8523 nla_get_u32); 8524 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) && 8525 (cfg->dot11MeshHWMPactivePathTimeout < 1 || 8526 cfg->dot11MeshHWMPactivePathTimeout > 65535)) 8527 return -EINVAL; 8528 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask, 8529 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 8530 nla_get_u16); 8531 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask, 8532 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 8533 nla_get_u16); 8534 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 8535 dot11MeshHWMPnetDiameterTraversalTime, mask, 8536 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 8537 nla_get_u16); 8538 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask, 8539 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8); 8540 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask, 8541 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 8542 nla_get_u16); 8543 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol, 8544 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 8545 nla_get_u8); 8546 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask, 8547 NL80211_MESHCONF_FORWARDING, nla_get_u8); 8548 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask, 8549 NL80211_MESHCONF_RSSI_THRESHOLD, 8550 nla_get_s32); 8551 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask, 8552 NL80211_MESHCONF_CONNECTED_TO_GATE, 8553 nla_get_u8); 8554 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask, 8555 NL80211_MESHCONF_CONNECTED_TO_AS, 8556 nla_get_u8); 8557 /* 8558 * Check HT operation mode based on 8559 * IEEE 802.11-2016 9.4.2.57 HT Operation element. 8560 */ 8561 if (tb[NL80211_MESHCONF_HT_OPMODE]) { 8562 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]); 8563 8564 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION | 8565 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT | 8566 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT)) 8567 return -EINVAL; 8568 8569 /* NON_HT_STA bit is reserved, but some programs set it */ 8570 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT; 8571 8572 cfg->ht_opmode = ht_opmode; 8573 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1)); 8574 } 8575 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 8576 dot11MeshHWMPactivePathToRootTimeout, mask, 8577 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, 8578 nla_get_u32); 8579 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) && 8580 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 || 8581 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535)) 8582 return -EINVAL; 8583 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask, 8584 NL80211_MESHCONF_HWMP_ROOT_INTERVAL, 8585 nla_get_u16); 8586 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval, 8587 mask, 8588 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, 8589 nla_get_u16); 8590 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask, 8591 NL80211_MESHCONF_POWER_MODE, nla_get_u32); 8592 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask, 8593 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16); 8594 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask, 8595 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32); 8596 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask, 8597 NL80211_MESHCONF_NOLEARN, nla_get_u8); 8598 if (mask_out) 8599 *mask_out = mask; 8600 8601 return 0; 8602 8603 #undef FILL_IN_MESH_PARAM_IF_SET 8604 } 8605 8606 static int nl80211_parse_mesh_setup(struct genl_info *info, 8607 struct mesh_setup *setup) 8608 { 8609 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8610 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 8611 8612 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 8613 return -EINVAL; 8614 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack)) 8615 return -EINVAL; 8616 8617 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 8618 setup->sync_method = 8619 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 8620 IEEE80211_SYNC_METHOD_VENDOR : 8621 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 8622 8623 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 8624 setup->path_sel_proto = 8625 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 8626 IEEE80211_PATH_PROTOCOL_VENDOR : 8627 IEEE80211_PATH_PROTOCOL_HWMP; 8628 8629 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 8630 setup->path_metric = 8631 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 8632 IEEE80211_PATH_METRIC_VENDOR : 8633 IEEE80211_PATH_METRIC_AIRTIME; 8634 8635 if (tb[NL80211_MESH_SETUP_IE]) { 8636 struct nlattr *ieattr = 8637 tb[NL80211_MESH_SETUP_IE]; 8638 setup->ie = nla_data(ieattr); 8639 setup->ie_len = nla_len(ieattr); 8640 } 8641 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] && 8642 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM)) 8643 return -EINVAL; 8644 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]); 8645 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 8646 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 8647 if (setup->is_secure) 8648 setup->user_mpm = true; 8649 8650 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) { 8651 if (!setup->user_mpm) 8652 return -EINVAL; 8653 setup->auth_id = 8654 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]); 8655 } 8656 8657 return 0; 8658 } 8659 8660 static int nl80211_update_mesh_config(struct sk_buff *skb, 8661 struct genl_info *info) 8662 { 8663 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 8664 struct net_device *dev = info->user_ptr[1]; 8665 struct wireless_dev *wdev = dev->ieee80211_ptr; 8666 struct mesh_config cfg = {}; 8667 u32 mask; 8668 int err; 8669 8670 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 8671 return -EOPNOTSUPP; 8672 8673 if (!rdev->ops->update_mesh_config) 8674 return -EOPNOTSUPP; 8675 8676 err = nl80211_parse_mesh_config(info, &cfg, &mask); 8677 if (err) 8678 return err; 8679 8680 if (!wdev->u.mesh.id_len) 8681 err = -ENOLINK; 8682 8683 if (!err) 8684 err = rdev_update_mesh_config(rdev, dev, mask, &cfg); 8685 8686 return err; 8687 } 8688 8689 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom, 8690 struct sk_buff *msg) 8691 { 8692 struct nlattr *nl_reg_rules; 8693 unsigned int i; 8694 8695 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) || 8696 (regdom->dfs_region && 8697 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region))) 8698 goto nla_put_failure; 8699 8700 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES); 8701 if (!nl_reg_rules) 8702 goto nla_put_failure; 8703 8704 for (i = 0; i < regdom->n_reg_rules; i++) { 8705 struct nlattr *nl_reg_rule; 8706 const struct ieee80211_reg_rule *reg_rule; 8707 const struct ieee80211_freq_range *freq_range; 8708 const struct ieee80211_power_rule *power_rule; 8709 unsigned int max_bandwidth_khz; 8710 8711 reg_rule = ®dom->reg_rules[i]; 8712 freq_range = ®_rule->freq_range; 8713 power_rule = ®_rule->power_rule; 8714 8715 nl_reg_rule = nla_nest_start_noflag(msg, i); 8716 if (!nl_reg_rule) 8717 goto nla_put_failure; 8718 8719 max_bandwidth_khz = freq_range->max_bandwidth_khz; 8720 if (!max_bandwidth_khz) 8721 max_bandwidth_khz = reg_get_max_bandwidth(regdom, 8722 reg_rule); 8723 8724 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 8725 reg_rule->flags) || 8726 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 8727 freq_range->start_freq_khz) || 8728 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 8729 freq_range->end_freq_khz) || 8730 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 8731 max_bandwidth_khz) || 8732 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 8733 power_rule->max_antenna_gain) || 8734 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 8735 power_rule->max_eirp) || 8736 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME, 8737 reg_rule->dfs_cac_ms)) 8738 goto nla_put_failure; 8739 8740 if ((reg_rule->flags & NL80211_RRF_PSD) && 8741 nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD, 8742 reg_rule->psd)) 8743 goto nla_put_failure; 8744 8745 nla_nest_end(msg, nl_reg_rule); 8746 } 8747 8748 nla_nest_end(msg, nl_reg_rules); 8749 return 0; 8750 8751 nla_put_failure: 8752 return -EMSGSIZE; 8753 } 8754 8755 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info) 8756 { 8757 const struct ieee80211_regdomain *regdom = NULL; 8758 struct cfg80211_registered_device *rdev; 8759 struct wiphy *wiphy = NULL; 8760 struct sk_buff *msg; 8761 int err = -EMSGSIZE; 8762 void *hdr; 8763 8764 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 8765 if (!msg) 8766 return -ENOBUFS; 8767 8768 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 8769 NL80211_CMD_GET_REG); 8770 if (!hdr) 8771 goto put_failure; 8772 8773 rtnl_lock(); 8774 8775 if (info->attrs[NL80211_ATTR_WIPHY]) { 8776 bool self_managed; 8777 8778 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 8779 if (IS_ERR(rdev)) { 8780 err = PTR_ERR(rdev); 8781 goto nla_put_failure; 8782 } 8783 8784 wiphy = &rdev->wiphy; 8785 self_managed = wiphy->regulatory_flags & 8786 REGULATORY_WIPHY_SELF_MANAGED; 8787 8788 rcu_read_lock(); 8789 8790 regdom = get_wiphy_regdom(wiphy); 8791 8792 /* a self-managed-reg device must have a private regdom */ 8793 if (WARN_ON(!regdom && self_managed)) { 8794 err = -EINVAL; 8795 goto nla_put_failure_rcu; 8796 } 8797 8798 if (regdom && 8799 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8800 goto nla_put_failure_rcu; 8801 } else { 8802 rcu_read_lock(); 8803 } 8804 8805 if (!wiphy && reg_last_request_cell_base() && 8806 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 8807 NL80211_USER_REG_HINT_CELL_BASE)) 8808 goto nla_put_failure_rcu; 8809 8810 if (!regdom) 8811 regdom = rcu_dereference(cfg80211_regdomain); 8812 8813 if (nl80211_put_regdom(regdom, msg)) 8814 goto nla_put_failure_rcu; 8815 8816 rcu_read_unlock(); 8817 8818 genlmsg_end(msg, hdr); 8819 rtnl_unlock(); 8820 return genlmsg_reply(msg, info); 8821 8822 nla_put_failure_rcu: 8823 rcu_read_unlock(); 8824 nla_put_failure: 8825 rtnl_unlock(); 8826 put_failure: 8827 nlmsg_free(msg); 8828 return err; 8829 } 8830 8831 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb, 8832 u32 seq, int flags, struct wiphy *wiphy, 8833 const struct ieee80211_regdomain *regdom) 8834 { 8835 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 8836 NL80211_CMD_GET_REG); 8837 8838 if (!hdr) 8839 return -1; 8840 8841 genl_dump_check_consistent(cb, hdr); 8842 8843 if (nl80211_put_regdom(regdom, msg)) 8844 goto nla_put_failure; 8845 8846 if (!wiphy && reg_last_request_cell_base() && 8847 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE, 8848 NL80211_USER_REG_HINT_CELL_BASE)) 8849 goto nla_put_failure; 8850 8851 if (wiphy && 8852 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 8853 goto nla_put_failure; 8854 8855 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 8856 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 8857 goto nla_put_failure; 8858 8859 genlmsg_end(msg, hdr); 8860 return 0; 8861 8862 nla_put_failure: 8863 genlmsg_cancel(msg, hdr); 8864 return -EMSGSIZE; 8865 } 8866 8867 static int nl80211_get_reg_dump(struct sk_buff *skb, 8868 struct netlink_callback *cb) 8869 { 8870 const struct ieee80211_regdomain *regdom = NULL; 8871 struct cfg80211_registered_device *rdev; 8872 int err, reg_idx, start = cb->args[2]; 8873 8874 rcu_read_lock(); 8875 8876 if (cfg80211_regdomain && start == 0) { 8877 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 8878 NLM_F_MULTI, NULL, 8879 rcu_dereference(cfg80211_regdomain)); 8880 if (err < 0) 8881 goto out_err; 8882 } 8883 8884 /* the global regdom is idx 0 */ 8885 reg_idx = 1; 8886 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8887 regdom = get_wiphy_regdom(&rdev->wiphy); 8888 if (!regdom) 8889 continue; 8890 8891 if (++reg_idx <= start) 8892 continue; 8893 8894 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq, 8895 NLM_F_MULTI, &rdev->wiphy, regdom); 8896 if (err < 0) { 8897 reg_idx--; 8898 break; 8899 } 8900 } 8901 8902 cb->args[2] = reg_idx; 8903 err = skb->len; 8904 out_err: 8905 rcu_read_unlock(); 8906 return err; 8907 } 8908 8909 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 8910 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 8911 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 8912 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 8913 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 8914 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 8915 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 8916 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 8917 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 }, 8918 }; 8919 8920 static int parse_reg_rule(struct nlattr *tb[], 8921 struct ieee80211_reg_rule *reg_rule) 8922 { 8923 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 8924 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 8925 8926 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 8927 return -EINVAL; 8928 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 8929 return -EINVAL; 8930 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 8931 return -EINVAL; 8932 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 8933 return -EINVAL; 8934 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 8935 return -EINVAL; 8936 8937 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 8938 8939 freq_range->start_freq_khz = 8940 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 8941 freq_range->end_freq_khz = 8942 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 8943 freq_range->max_bandwidth_khz = 8944 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 8945 8946 power_rule->max_eirp = 8947 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 8948 8949 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 8950 power_rule->max_antenna_gain = 8951 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 8952 8953 if (tb[NL80211_ATTR_DFS_CAC_TIME]) 8954 reg_rule->dfs_cac_ms = 8955 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]); 8956 8957 return 0; 8958 } 8959 8960 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 8961 { 8962 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 8963 struct nlattr *nl_reg_rule; 8964 char *alpha2; 8965 int rem_reg_rules, r; 8966 u32 num_rules = 0, rule_idx = 0; 8967 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET; 8968 struct ieee80211_regdomain *rd; 8969 8970 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 8971 return -EINVAL; 8972 8973 if (!info->attrs[NL80211_ATTR_REG_RULES]) 8974 return -EINVAL; 8975 8976 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 8977 8978 if (info->attrs[NL80211_ATTR_DFS_REGION]) 8979 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 8980 8981 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 8982 rem_reg_rules) { 8983 num_rules++; 8984 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 8985 return -EINVAL; 8986 } 8987 8988 rtnl_lock(); 8989 if (!reg_is_valid_request(alpha2)) { 8990 r = -EINVAL; 8991 goto out; 8992 } 8993 8994 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL); 8995 if (!rd) { 8996 r = -ENOMEM; 8997 goto out; 8998 } 8999 9000 rd->n_reg_rules = num_rules; 9001 rd->alpha2[0] = alpha2[0]; 9002 rd->alpha2[1] = alpha2[1]; 9003 9004 /* 9005 * Disable DFS master mode if the DFS region was 9006 * not supported or known on this kernel. 9007 */ 9008 if (reg_supported_dfs_region(dfs_region)) 9009 rd->dfs_region = dfs_region; 9010 9011 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 9012 rem_reg_rules) { 9013 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX, 9014 nl_reg_rule, reg_rule_policy, 9015 info->extack); 9016 if (r) 9017 goto bad_reg; 9018 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 9019 if (r) 9020 goto bad_reg; 9021 9022 rule_idx++; 9023 9024 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 9025 r = -EINVAL; 9026 goto bad_reg; 9027 } 9028 } 9029 9030 r = set_regdom(rd, REGD_SOURCE_CRDA); 9031 /* set_regdom takes ownership of rd */ 9032 rd = NULL; 9033 bad_reg: 9034 kfree(rd); 9035 out: 9036 rtnl_unlock(); 9037 return r; 9038 } 9039 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */ 9040 9041 static int validate_scan_freqs(struct nlattr *freqs) 9042 { 9043 struct nlattr *attr1, *attr2; 9044 int n_channels = 0, tmp1, tmp2; 9045 9046 nla_for_each_nested(attr1, freqs, tmp1) 9047 if (nla_len(attr1) != sizeof(u32)) 9048 return 0; 9049 9050 nla_for_each_nested(attr1, freqs, tmp1) { 9051 n_channels++; 9052 /* 9053 * Some hardware has a limited channel list for 9054 * scanning, and it is pretty much nonsensical 9055 * to scan for a channel twice, so disallow that 9056 * and don't require drivers to check that the 9057 * channel list they get isn't longer than what 9058 * they can scan, as long as they can scan all 9059 * the channels they registered at once. 9060 */ 9061 nla_for_each_nested(attr2, freqs, tmp2) 9062 if (attr1 != attr2 && 9063 nla_get_u32(attr1) == nla_get_u32(attr2)) 9064 return 0; 9065 } 9066 9067 return n_channels; 9068 } 9069 9070 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b) 9071 { 9072 return b < NUM_NL80211_BANDS && wiphy->bands[b]; 9073 } 9074 9075 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy, 9076 struct cfg80211_bss_selection *bss_select) 9077 { 9078 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1]; 9079 struct nlattr *nest; 9080 int err; 9081 bool found = false; 9082 int i; 9083 9084 /* only process one nested attribute */ 9085 nest = nla_data(nla); 9086 if (!nla_ok(nest, nla_len(nest))) 9087 return -EINVAL; 9088 9089 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX, 9090 nest, nl80211_bss_select_policy, 9091 NULL); 9092 if (err) 9093 return err; 9094 9095 /* only one attribute may be given */ 9096 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) { 9097 if (attr[i]) { 9098 if (found) 9099 return -EINVAL; 9100 found = true; 9101 } 9102 } 9103 9104 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID; 9105 9106 if (attr[NL80211_BSS_SELECT_ATTR_RSSI]) 9107 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI; 9108 9109 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) { 9110 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF; 9111 bss_select->param.band_pref = 9112 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]); 9113 if (!is_band_valid(wiphy, bss_select->param.band_pref)) 9114 return -EINVAL; 9115 } 9116 9117 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) { 9118 struct nl80211_bss_select_rssi_adjust *adj_param; 9119 9120 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]); 9121 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST; 9122 bss_select->param.adjust.band = adj_param->band; 9123 bss_select->param.adjust.delta = adj_param->delta; 9124 if (!is_band_valid(wiphy, bss_select->param.adjust.band)) 9125 return -EINVAL; 9126 } 9127 9128 /* user-space did not provide behaviour attribute */ 9129 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID) 9130 return -EINVAL; 9131 9132 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour))) 9133 return -EINVAL; 9134 9135 return 0; 9136 } 9137 9138 int nl80211_parse_random_mac(struct nlattr **attrs, 9139 u8 *mac_addr, u8 *mac_addr_mask) 9140 { 9141 int i; 9142 9143 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) { 9144 eth_zero_addr(mac_addr); 9145 eth_zero_addr(mac_addr_mask); 9146 mac_addr[0] = 0x2; 9147 mac_addr_mask[0] = 0x3; 9148 9149 return 0; 9150 } 9151 9152 /* need both or none */ 9153 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK]) 9154 return -EINVAL; 9155 9156 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN); 9157 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN); 9158 9159 /* don't allow or configure an mcast address */ 9160 if (!is_multicast_ether_addr(mac_addr_mask) || 9161 is_multicast_ether_addr(mac_addr)) 9162 return -EINVAL; 9163 9164 /* 9165 * allow users to pass a MAC address that has bits set outside 9166 * of the mask, but don't bother drivers with having to deal 9167 * with such bits 9168 */ 9169 for (i = 0; i < ETH_ALEN; i++) 9170 mac_addr[i] &= mac_addr_mask[i]; 9171 9172 return 0; 9173 } 9174 9175 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev, 9176 struct ieee80211_channel *chan) 9177 { 9178 unsigned int link_id; 9179 bool all_ok = true; 9180 9181 lockdep_assert_wiphy(wdev->wiphy); 9182 9183 if (!cfg80211_beaconing_iface_active(wdev)) 9184 return true; 9185 9186 /* 9187 * FIXME: check if we have a free HW resource/link for chan 9188 * 9189 * This, as well as the FIXME below, requires knowing the link 9190 * capabilities of the hardware. 9191 */ 9192 9193 /* we cannot leave radar channels */ 9194 for_each_valid_link(wdev, link_id) { 9195 struct cfg80211_chan_def *chandef; 9196 9197 chandef = wdev_chandef(wdev, link_id); 9198 if (!chandef || !chandef->chan) 9199 continue; 9200 9201 /* 9202 * FIXME: don't require all_ok, but rather check only the 9203 * correct HW resource/link onto which 'chan' falls, 9204 * as only that link leaves the channel for doing 9205 * the off-channel operation. 9206 */ 9207 9208 if (chandef->chan->flags & IEEE80211_CHAN_RADAR) 9209 all_ok = false; 9210 } 9211 9212 if (all_ok) 9213 return true; 9214 9215 return regulatory_pre_cac_allowed(wdev->wiphy); 9216 } 9217 9218 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag, 9219 enum nl80211_ext_feature_index feat) 9220 { 9221 if (!(flags & flag)) 9222 return true; 9223 if (wiphy_ext_feature_isset(wiphy, feat)) 9224 return true; 9225 return false; 9226 } 9227 9228 static int 9229 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev, 9230 void *request, struct nlattr **attrs, 9231 bool is_sched_scan) 9232 { 9233 u8 *mac_addr, *mac_addr_mask; 9234 u32 *flags; 9235 enum nl80211_feature_flags randomness_flag; 9236 9237 if (!attrs[NL80211_ATTR_SCAN_FLAGS]) 9238 return 0; 9239 9240 if (is_sched_scan) { 9241 struct cfg80211_sched_scan_request *req = request; 9242 9243 randomness_flag = wdev ? 9244 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR : 9245 NL80211_FEATURE_ND_RANDOM_MAC_ADDR; 9246 flags = &req->flags; 9247 mac_addr = req->mac_addr; 9248 mac_addr_mask = req->mac_addr_mask; 9249 } else { 9250 struct cfg80211_scan_request *req = request; 9251 9252 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR; 9253 flags = &req->flags; 9254 mac_addr = req->mac_addr; 9255 mac_addr_mask = req->mac_addr_mask; 9256 } 9257 9258 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]); 9259 9260 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) && 9261 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) || 9262 !nl80211_check_scan_feat(wiphy, *flags, 9263 NL80211_SCAN_FLAG_LOW_SPAN, 9264 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) || 9265 !nl80211_check_scan_feat(wiphy, *flags, 9266 NL80211_SCAN_FLAG_LOW_POWER, 9267 NL80211_EXT_FEATURE_LOW_POWER_SCAN) || 9268 !nl80211_check_scan_feat(wiphy, *flags, 9269 NL80211_SCAN_FLAG_HIGH_ACCURACY, 9270 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) || 9271 !nl80211_check_scan_feat(wiphy, *flags, 9272 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME, 9273 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) || 9274 !nl80211_check_scan_feat(wiphy, *flags, 9275 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP, 9276 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) || 9277 !nl80211_check_scan_feat(wiphy, *flags, 9278 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION, 9279 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) || 9280 !nl80211_check_scan_feat(wiphy, *flags, 9281 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE, 9282 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) || 9283 !nl80211_check_scan_feat(wiphy, *flags, 9284 NL80211_SCAN_FLAG_RANDOM_SN, 9285 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) || 9286 !nl80211_check_scan_feat(wiphy, *flags, 9287 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT, 9288 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT)) 9289 return -EOPNOTSUPP; 9290 9291 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { 9292 int err; 9293 9294 if (!(wiphy->features & randomness_flag) || 9295 (wdev && wdev->connected)) 9296 return -EOPNOTSUPP; 9297 9298 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask); 9299 if (err) 9300 return err; 9301 } 9302 9303 return 0; 9304 } 9305 9306 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 9307 { 9308 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9309 struct wireless_dev *wdev = info->user_ptr[1]; 9310 struct cfg80211_scan_request *request; 9311 struct nlattr *scan_freqs = NULL; 9312 bool scan_freqs_khz = false; 9313 struct nlattr *attr; 9314 struct wiphy *wiphy; 9315 int err, tmp, n_ssids = 0, n_channels, i; 9316 size_t ie_len, size; 9317 size_t ssids_offset, ie_offset; 9318 9319 wiphy = &rdev->wiphy; 9320 9321 if (wdev->iftype == NL80211_IFTYPE_NAN) 9322 return -EOPNOTSUPP; 9323 9324 if (!rdev->ops->scan) 9325 return -EOPNOTSUPP; 9326 9327 if (rdev->scan_req || rdev->scan_msg) 9328 return -EBUSY; 9329 9330 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) { 9331 if (!wiphy_ext_feature_isset(wiphy, 9332 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ)) 9333 return -EOPNOTSUPP; 9334 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]; 9335 scan_freqs_khz = true; 9336 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) 9337 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]; 9338 9339 if (scan_freqs) { 9340 n_channels = validate_scan_freqs(scan_freqs); 9341 if (!n_channels) 9342 return -EINVAL; 9343 } else { 9344 n_channels = ieee80211_get_num_supported_channels(wiphy); 9345 } 9346 9347 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 9348 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 9349 n_ssids++; 9350 9351 if (n_ssids > wiphy->max_scan_ssids) 9352 return -EINVAL; 9353 9354 if (info->attrs[NL80211_ATTR_IE]) 9355 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 9356 else 9357 ie_len = 0; 9358 9359 if (ie_len > wiphy->max_scan_ie_len) 9360 return -EINVAL; 9361 9362 size = struct_size(request, channels, n_channels); 9363 ssids_offset = size; 9364 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids)); 9365 ie_offset = size; 9366 size = size_add(size, ie_len); 9367 request = kzalloc(size, GFP_KERNEL); 9368 if (!request) 9369 return -ENOMEM; 9370 request->n_channels = n_channels; 9371 9372 if (n_ssids) 9373 request->ssids = (void *)request + ssids_offset; 9374 request->n_ssids = n_ssids; 9375 if (ie_len) 9376 request->ie = (void *)request + ie_offset; 9377 9378 i = 0; 9379 if (scan_freqs) { 9380 /* user specified, bail out if channel not found */ 9381 nla_for_each_nested(attr, scan_freqs, tmp) { 9382 struct ieee80211_channel *chan; 9383 int freq = nla_get_u32(attr); 9384 9385 if (!scan_freqs_khz) 9386 freq = MHZ_TO_KHZ(freq); 9387 9388 chan = ieee80211_get_channel_khz(wiphy, freq); 9389 if (!chan) { 9390 err = -EINVAL; 9391 goto out_free; 9392 } 9393 9394 /* ignore disabled channels */ 9395 if (chan->flags & IEEE80211_CHAN_DISABLED) 9396 continue; 9397 9398 request->channels[i] = chan; 9399 i++; 9400 } 9401 } else { 9402 enum nl80211_band band; 9403 9404 /* all channels */ 9405 for (band = 0; band < NUM_NL80211_BANDS; band++) { 9406 int j; 9407 9408 if (!wiphy->bands[band]) 9409 continue; 9410 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 9411 struct ieee80211_channel *chan; 9412 9413 chan = &wiphy->bands[band]->channels[j]; 9414 9415 if (chan->flags & IEEE80211_CHAN_DISABLED) 9416 continue; 9417 9418 request->channels[i] = chan; 9419 i++; 9420 } 9421 } 9422 } 9423 9424 if (!i) { 9425 err = -EINVAL; 9426 goto out_free; 9427 } 9428 9429 request->n_channels = i; 9430 9431 for (i = 0; i < request->n_channels; i++) { 9432 struct ieee80211_channel *chan = request->channels[i]; 9433 9434 /* if we can go off-channel to the target channel we're good */ 9435 if (cfg80211_off_channel_oper_allowed(wdev, chan)) 9436 continue; 9437 9438 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) { 9439 err = -EBUSY; 9440 goto out_free; 9441 } 9442 } 9443 9444 i = 0; 9445 if (n_ssids) { 9446 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 9447 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 9448 err = -EINVAL; 9449 goto out_free; 9450 } 9451 request->ssids[i].ssid_len = nla_len(attr); 9452 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 9453 i++; 9454 } 9455 } 9456 9457 if (info->attrs[NL80211_ATTR_IE]) { 9458 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 9459 memcpy((void *)request->ie, 9460 nla_data(info->attrs[NL80211_ATTR_IE]), 9461 request->ie_len); 9462 } 9463 9464 for (i = 0; i < NUM_NL80211_BANDS; i++) 9465 if (wiphy->bands[i]) 9466 request->rates[i] = 9467 (1 << wiphy->bands[i]->n_bitrates) - 1; 9468 9469 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 9470 nla_for_each_nested(attr, 9471 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 9472 tmp) { 9473 enum nl80211_band band = nla_type(attr); 9474 9475 if (band < 0 || band >= NUM_NL80211_BANDS) { 9476 err = -EINVAL; 9477 goto out_free; 9478 } 9479 9480 if (!wiphy->bands[band]) 9481 continue; 9482 9483 err = ieee80211_get_ratemask(wiphy->bands[band], 9484 nla_data(attr), 9485 nla_len(attr), 9486 &request->rates[band]); 9487 if (err) 9488 goto out_free; 9489 } 9490 } 9491 9492 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) { 9493 request->duration = 9494 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]); 9495 request->duration_mandatory = 9496 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]); 9497 } 9498 9499 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs, 9500 false); 9501 if (err) 9502 goto out_free; 9503 9504 request->no_cck = 9505 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 9506 9507 /* Initial implementation used NL80211_ATTR_MAC to set the specific 9508 * BSSID to scan for. This was problematic because that same attribute 9509 * was already used for another purpose (local random MAC address). The 9510 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards 9511 * compatibility with older userspace components, also use the 9512 * NL80211_ATTR_MAC value here if it can be determined to be used for 9513 * the specific BSSID use case instead of the random MAC address 9514 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use). 9515 */ 9516 if (info->attrs[NL80211_ATTR_BSSID]) 9517 memcpy(request->bssid, 9518 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN); 9519 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) && 9520 info->attrs[NL80211_ATTR_MAC]) 9521 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]), 9522 ETH_ALEN); 9523 else 9524 eth_broadcast_addr(request->bssid); 9525 9526 request->tsf_report_link_id = nl80211_link_id_or_invalid(info->attrs); 9527 request->wdev = wdev; 9528 request->wiphy = &rdev->wiphy; 9529 request->scan_start = jiffies; 9530 9531 rdev->scan_req = request; 9532 err = cfg80211_scan(rdev); 9533 9534 if (err) 9535 goto out_free; 9536 9537 nl80211_send_scan_start(rdev, wdev); 9538 dev_hold(wdev->netdev); 9539 9540 return 0; 9541 9542 out_free: 9543 rdev->scan_req = NULL; 9544 kfree(request); 9545 9546 return err; 9547 } 9548 9549 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info) 9550 { 9551 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9552 struct wireless_dev *wdev = info->user_ptr[1]; 9553 9554 if (!rdev->ops->abort_scan) 9555 return -EOPNOTSUPP; 9556 9557 if (rdev->scan_msg) 9558 return 0; 9559 9560 if (!rdev->scan_req) 9561 return -ENOENT; 9562 9563 rdev_abort_scan(rdev, wdev); 9564 return 0; 9565 } 9566 9567 static int 9568 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans, 9569 struct cfg80211_sched_scan_request *request, 9570 struct nlattr **attrs) 9571 { 9572 int tmp, err, i = 0; 9573 struct nlattr *attr; 9574 9575 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 9576 u32 interval; 9577 9578 /* 9579 * If scan plans are not specified, 9580 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this 9581 * case one scan plan will be set with the specified scan 9582 * interval and infinite number of iterations. 9583 */ 9584 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 9585 if (!interval) 9586 return -EINVAL; 9587 9588 request->scan_plans[0].interval = 9589 DIV_ROUND_UP(interval, MSEC_PER_SEC); 9590 if (!request->scan_plans[0].interval) 9591 return -EINVAL; 9592 9593 if (request->scan_plans[0].interval > 9594 wiphy->max_sched_scan_plan_interval) 9595 request->scan_plans[0].interval = 9596 wiphy->max_sched_scan_plan_interval; 9597 9598 return 0; 9599 } 9600 9601 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) { 9602 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1]; 9603 9604 if (WARN_ON(i >= n_plans)) 9605 return -EINVAL; 9606 9607 err = nla_parse_nested_deprecated(plan, 9608 NL80211_SCHED_SCAN_PLAN_MAX, 9609 attr, nl80211_plan_policy, 9610 NULL); 9611 if (err) 9612 return err; 9613 9614 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]) 9615 return -EINVAL; 9616 9617 request->scan_plans[i].interval = 9618 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]); 9619 if (!request->scan_plans[i].interval || 9620 request->scan_plans[i].interval > 9621 wiphy->max_sched_scan_plan_interval) 9622 return -EINVAL; 9623 9624 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) { 9625 request->scan_plans[i].iterations = 9626 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]); 9627 if (!request->scan_plans[i].iterations || 9628 (request->scan_plans[i].iterations > 9629 wiphy->max_sched_scan_plan_iterations)) 9630 return -EINVAL; 9631 } else if (i < n_plans - 1) { 9632 /* 9633 * All scan plans but the last one must specify 9634 * a finite number of iterations 9635 */ 9636 return -EINVAL; 9637 } 9638 9639 i++; 9640 } 9641 9642 /* 9643 * The last scan plan must not specify the number of 9644 * iterations, it is supposed to run infinitely 9645 */ 9646 if (request->scan_plans[n_plans - 1].iterations) 9647 return -EINVAL; 9648 9649 return 0; 9650 } 9651 9652 static struct cfg80211_sched_scan_request * 9653 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev, 9654 struct nlattr **attrs, int max_match_sets) 9655 { 9656 struct cfg80211_sched_scan_request *request; 9657 struct nlattr *attr; 9658 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0; 9659 enum nl80211_band band; 9660 size_t ie_len, size; 9661 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 9662 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF; 9663 9664 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 9665 n_channels = validate_scan_freqs( 9666 attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 9667 if (!n_channels) 9668 return ERR_PTR(-EINVAL); 9669 } else { 9670 n_channels = ieee80211_get_num_supported_channels(wiphy); 9671 } 9672 9673 if (attrs[NL80211_ATTR_SCAN_SSIDS]) 9674 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 9675 tmp) 9676 n_ssids++; 9677 9678 if (n_ssids > wiphy->max_sched_scan_ssids) 9679 return ERR_PTR(-EINVAL); 9680 9681 /* 9682 * First, count the number of 'real' matchsets. Due to an issue with 9683 * the old implementation, matchsets containing only the RSSI attribute 9684 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default' 9685 * RSSI for all matchsets, rather than their own matchset for reporting 9686 * all APs with a strong RSSI. This is needed to be compatible with 9687 * older userspace that treated a matchset with only the RSSI as the 9688 * global RSSI for all other matchsets - if there are other matchsets. 9689 */ 9690 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 9691 nla_for_each_nested(attr, 9692 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 9693 tmp) { 9694 struct nlattr *rssi; 9695 9696 err = nla_parse_nested_deprecated(tb, 9697 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 9698 attr, 9699 nl80211_match_policy, 9700 NULL); 9701 if (err) 9702 return ERR_PTR(err); 9703 9704 /* SSID and BSSID are mutually exclusive */ 9705 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] && 9706 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) 9707 return ERR_PTR(-EINVAL); 9708 9709 /* add other standalone attributes here */ 9710 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] || 9711 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) { 9712 n_match_sets++; 9713 continue; 9714 } 9715 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 9716 if (rssi) 9717 default_match_rssi = nla_get_s32(rssi); 9718 } 9719 } 9720 9721 /* However, if there's no other matchset, add the RSSI one */ 9722 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF) 9723 n_match_sets = 1; 9724 9725 if (n_match_sets > max_match_sets) 9726 return ERR_PTR(-EINVAL); 9727 9728 if (attrs[NL80211_ATTR_IE]) 9729 ie_len = nla_len(attrs[NL80211_ATTR_IE]); 9730 else 9731 ie_len = 0; 9732 9733 if (ie_len > wiphy->max_sched_scan_ie_len) 9734 return ERR_PTR(-EINVAL); 9735 9736 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) { 9737 /* 9738 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since 9739 * each scan plan already specifies its own interval 9740 */ 9741 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 9742 return ERR_PTR(-EINVAL); 9743 9744 nla_for_each_nested(attr, 9745 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) 9746 n_plans++; 9747 } else { 9748 /* 9749 * The scan interval attribute is kept for backward 9750 * compatibility. If no scan plans are specified and sched scan 9751 * interval is specified, one scan plan will be set with this 9752 * scan interval and infinite number of iterations. 9753 */ 9754 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 9755 return ERR_PTR(-EINVAL); 9756 9757 n_plans = 1; 9758 } 9759 9760 if (!n_plans || n_plans > wiphy->max_sched_scan_plans) 9761 return ERR_PTR(-EINVAL); 9762 9763 if (!wiphy_ext_feature_isset( 9764 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) && 9765 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] || 9766 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST])) 9767 return ERR_PTR(-EINVAL); 9768 9769 size = struct_size(request, channels, n_channels); 9770 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids)); 9771 size = size_add(size, array_size(sizeof(*request->match_sets), 9772 n_match_sets)); 9773 size = size_add(size, array_size(sizeof(*request->scan_plans), 9774 n_plans)); 9775 size = size_add(size, ie_len); 9776 request = kzalloc(size, GFP_KERNEL); 9777 if (!request) 9778 return ERR_PTR(-ENOMEM); 9779 9780 if (n_ssids) 9781 request->ssids = (void *)request + 9782 struct_size(request, channels, n_channels); 9783 request->n_ssids = n_ssids; 9784 if (ie_len) { 9785 if (n_ssids) 9786 request->ie = (void *)(request->ssids + n_ssids); 9787 else 9788 request->ie = (void *)(request->channels + n_channels); 9789 } 9790 9791 if (n_match_sets) { 9792 if (request->ie) 9793 request->match_sets = (void *)(request->ie + ie_len); 9794 else if (n_ssids) 9795 request->match_sets = 9796 (void *)(request->ssids + n_ssids); 9797 else 9798 request->match_sets = 9799 (void *)(request->channels + n_channels); 9800 } 9801 request->n_match_sets = n_match_sets; 9802 9803 if (n_match_sets) 9804 request->scan_plans = (void *)(request->match_sets + 9805 n_match_sets); 9806 else if (request->ie) 9807 request->scan_plans = (void *)(request->ie + ie_len); 9808 else if (n_ssids) 9809 request->scan_plans = (void *)(request->ssids + n_ssids); 9810 else 9811 request->scan_plans = (void *)(request->channels + n_channels); 9812 9813 request->n_scan_plans = n_plans; 9814 9815 i = 0; 9816 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 9817 /* user specified, bail out if channel not found */ 9818 nla_for_each_nested(attr, 9819 attrs[NL80211_ATTR_SCAN_FREQUENCIES], 9820 tmp) { 9821 struct ieee80211_channel *chan; 9822 9823 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 9824 9825 if (!chan) { 9826 err = -EINVAL; 9827 goto out_free; 9828 } 9829 9830 /* ignore disabled channels */ 9831 if (chan->flags & IEEE80211_CHAN_DISABLED) 9832 continue; 9833 9834 request->channels[i] = chan; 9835 i++; 9836 } 9837 } else { 9838 /* all channels */ 9839 for (band = 0; band < NUM_NL80211_BANDS; band++) { 9840 int j; 9841 9842 if (!wiphy->bands[band]) 9843 continue; 9844 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 9845 struct ieee80211_channel *chan; 9846 9847 chan = &wiphy->bands[band]->channels[j]; 9848 9849 if (chan->flags & IEEE80211_CHAN_DISABLED) 9850 continue; 9851 9852 request->channels[i] = chan; 9853 i++; 9854 } 9855 } 9856 } 9857 9858 if (!i) { 9859 err = -EINVAL; 9860 goto out_free; 9861 } 9862 9863 request->n_channels = i; 9864 9865 i = 0; 9866 if (n_ssids) { 9867 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS], 9868 tmp) { 9869 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 9870 err = -EINVAL; 9871 goto out_free; 9872 } 9873 request->ssids[i].ssid_len = nla_len(attr); 9874 memcpy(request->ssids[i].ssid, nla_data(attr), 9875 nla_len(attr)); 9876 i++; 9877 } 9878 } 9879 9880 i = 0; 9881 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 9882 nla_for_each_nested(attr, 9883 attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 9884 tmp) { 9885 struct nlattr *ssid, *bssid, *rssi; 9886 9887 err = nla_parse_nested_deprecated(tb, 9888 NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 9889 attr, 9890 nl80211_match_policy, 9891 NULL); 9892 if (err) 9893 goto out_free; 9894 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]; 9895 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]; 9896 9897 if (!ssid && !bssid) { 9898 i++; 9899 continue; 9900 } 9901 9902 if (WARN_ON(i >= n_match_sets)) { 9903 /* this indicates a programming error, 9904 * the loop above should have verified 9905 * things properly 9906 */ 9907 err = -EINVAL; 9908 goto out_free; 9909 } 9910 9911 if (ssid) { 9912 memcpy(request->match_sets[i].ssid.ssid, 9913 nla_data(ssid), nla_len(ssid)); 9914 request->match_sets[i].ssid.ssid_len = 9915 nla_len(ssid); 9916 } 9917 if (bssid) 9918 memcpy(request->match_sets[i].bssid, 9919 nla_data(bssid), ETH_ALEN); 9920 9921 /* special attribute - old implementation w/a */ 9922 request->match_sets[i].rssi_thold = default_match_rssi; 9923 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI]; 9924 if (rssi) 9925 request->match_sets[i].rssi_thold = 9926 nla_get_s32(rssi); 9927 i++; 9928 } 9929 9930 /* there was no other matchset, so the RSSI one is alone */ 9931 if (i == 0 && n_match_sets) 9932 request->match_sets[0].rssi_thold = default_match_rssi; 9933 9934 request->min_rssi_thold = INT_MAX; 9935 for (i = 0; i < n_match_sets; i++) 9936 request->min_rssi_thold = 9937 min(request->match_sets[i].rssi_thold, 9938 request->min_rssi_thold); 9939 } else { 9940 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF; 9941 } 9942 9943 if (ie_len) { 9944 request->ie_len = ie_len; 9945 memcpy((void *)request->ie, 9946 nla_data(attrs[NL80211_ATTR_IE]), 9947 request->ie_len); 9948 } 9949 9950 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true); 9951 if (err) 9952 goto out_free; 9953 9954 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY]) 9955 request->delay = 9956 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]); 9957 9958 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) { 9959 request->relative_rssi = nla_get_s8( 9960 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]); 9961 request->relative_rssi_set = true; 9962 } 9963 9964 if (request->relative_rssi_set && 9965 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) { 9966 struct nl80211_bss_select_rssi_adjust *rssi_adjust; 9967 9968 rssi_adjust = nla_data( 9969 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]); 9970 request->rssi_adjust.band = rssi_adjust->band; 9971 request->rssi_adjust.delta = rssi_adjust->delta; 9972 if (!is_band_valid(wiphy, request->rssi_adjust.band)) { 9973 err = -EINVAL; 9974 goto out_free; 9975 } 9976 } 9977 9978 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs); 9979 if (err) 9980 goto out_free; 9981 9982 request->scan_start = jiffies; 9983 9984 return request; 9985 9986 out_free: 9987 kfree(request); 9988 return ERR_PTR(err); 9989 } 9990 9991 static int nl80211_start_sched_scan(struct sk_buff *skb, 9992 struct genl_info *info) 9993 { 9994 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 9995 struct net_device *dev = info->user_ptr[1]; 9996 struct wireless_dev *wdev = dev->ieee80211_ptr; 9997 struct cfg80211_sched_scan_request *sched_scan_req; 9998 bool want_multi; 9999 int err; 10000 10001 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start) 10002 return -EOPNOTSUPP; 10003 10004 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI]; 10005 err = cfg80211_sched_scan_req_possible(rdev, want_multi); 10006 if (err) 10007 return err; 10008 10009 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev, 10010 info->attrs, 10011 rdev->wiphy.max_match_sets); 10012 10013 err = PTR_ERR_OR_ZERO(sched_scan_req); 10014 if (err) 10015 goto out_err; 10016 10017 /* leave request id zero for legacy request 10018 * or if driver does not support multi-scheduled scan 10019 */ 10020 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) 10021 sched_scan_req->reqid = cfg80211_assign_cookie(rdev); 10022 10023 err = rdev_sched_scan_start(rdev, dev, sched_scan_req); 10024 if (err) 10025 goto out_free; 10026 10027 sched_scan_req->dev = dev; 10028 sched_scan_req->wiphy = &rdev->wiphy; 10029 10030 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 10031 sched_scan_req->owner_nlportid = info->snd_portid; 10032 10033 cfg80211_add_sched_scan_req(rdev, sched_scan_req); 10034 10035 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN); 10036 return 0; 10037 10038 out_free: 10039 kfree(sched_scan_req); 10040 out_err: 10041 return err; 10042 } 10043 10044 static int nl80211_stop_sched_scan(struct sk_buff *skb, 10045 struct genl_info *info) 10046 { 10047 struct cfg80211_sched_scan_request *req; 10048 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10049 u64 cookie; 10050 10051 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop) 10052 return -EOPNOTSUPP; 10053 10054 if (info->attrs[NL80211_ATTR_COOKIE]) { 10055 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 10056 return __cfg80211_stop_sched_scan(rdev, cookie, false); 10057 } 10058 10059 req = list_first_or_null_rcu(&rdev->sched_scan_req_list, 10060 struct cfg80211_sched_scan_request, 10061 list); 10062 if (!req || req->reqid || 10063 (req->owner_nlportid && 10064 req->owner_nlportid != info->snd_portid)) 10065 return -ENOENT; 10066 10067 return cfg80211_stop_sched_scan_req(rdev, req, false); 10068 } 10069 10070 static int nl80211_start_radar_detection(struct sk_buff *skb, 10071 struct genl_info *info) 10072 { 10073 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10074 struct net_device *dev = info->user_ptr[1]; 10075 struct wireless_dev *wdev = dev->ieee80211_ptr; 10076 int link_id = nl80211_link_id(info->attrs); 10077 struct wiphy *wiphy = wdev->wiphy; 10078 struct cfg80211_chan_def chandef; 10079 enum nl80211_dfs_regions dfs_region; 10080 unsigned int cac_time_ms; 10081 int err = -EINVAL; 10082 10083 flush_delayed_work(&rdev->dfs_update_channels_wk); 10084 10085 switch (wdev->iftype) { 10086 case NL80211_IFTYPE_AP: 10087 case NL80211_IFTYPE_P2P_GO: 10088 case NL80211_IFTYPE_MESH_POINT: 10089 case NL80211_IFTYPE_ADHOC: 10090 break; 10091 default: 10092 /* caution - see cfg80211_beaconing_iface_active() below */ 10093 return -EINVAL; 10094 } 10095 10096 wiphy_lock(wiphy); 10097 10098 dfs_region = reg_get_dfs_region(wiphy); 10099 if (dfs_region == NL80211_DFS_UNSET) 10100 goto unlock; 10101 10102 err = nl80211_parse_chandef(rdev, info, &chandef); 10103 if (err) 10104 goto unlock; 10105 10106 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype); 10107 if (err < 0) 10108 goto unlock; 10109 10110 if (err == 0) { 10111 err = -EINVAL; 10112 goto unlock; 10113 } 10114 10115 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef)) { 10116 err = -EINVAL; 10117 goto unlock; 10118 } 10119 10120 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND])) { 10121 err = cfg80211_start_background_radar_detection(rdev, wdev, 10122 &chandef); 10123 goto unlock; 10124 } 10125 10126 if (cfg80211_beaconing_iface_active(wdev)) { 10127 /* During MLO other link(s) can beacon, only the current link 10128 * can not already beacon 10129 */ 10130 if (wdev->valid_links && 10131 !wdev->links[link_id].ap.beacon_interval) { 10132 /* nothing */ 10133 } else { 10134 err = -EBUSY; 10135 goto unlock; 10136 } 10137 } 10138 10139 if (wdev->links[link_id].cac_started) { 10140 err = -EBUSY; 10141 goto unlock; 10142 } 10143 10144 /* CAC start is offloaded to HW and can't be started manually */ 10145 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) { 10146 err = -EOPNOTSUPP; 10147 goto unlock; 10148 } 10149 10150 if (!rdev->ops->start_radar_detection) { 10151 err = -EOPNOTSUPP; 10152 goto unlock; 10153 } 10154 10155 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef); 10156 if (WARN_ON(!cac_time_ms)) 10157 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS; 10158 10159 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms, 10160 link_id); 10161 if (!err) { 10162 switch (wdev->iftype) { 10163 case NL80211_IFTYPE_AP: 10164 case NL80211_IFTYPE_P2P_GO: 10165 wdev->links[0].ap.chandef = chandef; 10166 break; 10167 case NL80211_IFTYPE_ADHOC: 10168 wdev->u.ibss.chandef = chandef; 10169 break; 10170 case NL80211_IFTYPE_MESH_POINT: 10171 wdev->u.mesh.chandef = chandef; 10172 break; 10173 default: 10174 break; 10175 } 10176 wdev->links[link_id].cac_started = true; 10177 wdev->links[link_id].cac_start_time = jiffies; 10178 wdev->links[link_id].cac_time_ms = cac_time_ms; 10179 } 10180 unlock: 10181 wiphy_unlock(wiphy); 10182 10183 return err; 10184 } 10185 10186 static int nl80211_notify_radar_detection(struct sk_buff *skb, 10187 struct genl_info *info) 10188 { 10189 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10190 struct net_device *dev = info->user_ptr[1]; 10191 struct wireless_dev *wdev = dev->ieee80211_ptr; 10192 struct wiphy *wiphy = wdev->wiphy; 10193 struct cfg80211_chan_def chandef; 10194 enum nl80211_dfs_regions dfs_region; 10195 int err; 10196 10197 dfs_region = reg_get_dfs_region(wiphy); 10198 if (dfs_region == NL80211_DFS_UNSET) { 10199 GENL_SET_ERR_MSG(info, 10200 "DFS Region is not set. Unexpected Radar indication"); 10201 return -EINVAL; 10202 } 10203 10204 err = nl80211_parse_chandef(rdev, info, &chandef); 10205 if (err) { 10206 GENL_SET_ERR_MSG(info, "Unable to extract chandef info"); 10207 return err; 10208 } 10209 10210 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype); 10211 if (err < 0) { 10212 GENL_SET_ERR_MSG(info, "chandef is invalid"); 10213 return err; 10214 } 10215 10216 if (err == 0) { 10217 GENL_SET_ERR_MSG(info, 10218 "Unexpected Radar indication for chandef/iftype"); 10219 return -EINVAL; 10220 } 10221 10222 /* Do not process this notification if radar is already detected 10223 * by kernel on this channel, and return success. 10224 */ 10225 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE) 10226 return 0; 10227 10228 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE); 10229 10230 cfg80211_sched_dfs_chan_update(rdev); 10231 10232 rdev->radar_chandef = chandef; 10233 10234 /* Propagate this notification to other radios as well */ 10235 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk); 10236 10237 return 0; 10238 } 10239 10240 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev, 10241 const u8 *data, size_t datalen, 10242 int first_count, struct nlattr *attr, 10243 const u16 **offsets, unsigned int *n_offsets) 10244 { 10245 int i; 10246 10247 *n_offsets = 0; 10248 10249 if (!attr) 10250 return 0; 10251 10252 if (!nla_len(attr) || (nla_len(attr) % sizeof(u16))) 10253 return -EINVAL; 10254 10255 *n_offsets = nla_len(attr) / sizeof(u16); 10256 if (rdev->wiphy.max_num_csa_counters && 10257 (*n_offsets > rdev->wiphy.max_num_csa_counters)) 10258 return -EINVAL; 10259 10260 *offsets = nla_data(attr); 10261 10262 /* sanity checks - counters should fit and be the same */ 10263 for (i = 0; i < *n_offsets; i++) { 10264 u16 offset = (*offsets)[i]; 10265 10266 if (offset >= datalen) 10267 return -EINVAL; 10268 10269 if (first_count != -1 && data[offset] != first_count) 10270 return -EINVAL; 10271 } 10272 10273 return 0; 10274 } 10275 10276 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info) 10277 { 10278 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10279 unsigned int link_id = nl80211_link_id(info->attrs); 10280 struct net_device *dev = info->user_ptr[1]; 10281 struct wireless_dev *wdev = dev->ieee80211_ptr; 10282 struct cfg80211_csa_settings params; 10283 struct nlattr **csa_attrs = NULL; 10284 int err; 10285 bool need_new_beacon = false; 10286 bool need_handle_dfs_flag = true; 10287 u32 cs_count; 10288 10289 if (!rdev->ops->channel_switch || 10290 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)) 10291 return -EOPNOTSUPP; 10292 10293 switch (dev->ieee80211_ptr->iftype) { 10294 case NL80211_IFTYPE_AP: 10295 case NL80211_IFTYPE_P2P_GO: 10296 need_new_beacon = true; 10297 /* For all modes except AP the handle_dfs flag needs to be 10298 * supplied to tell the kernel that userspace will handle radar 10299 * events when they happen. Otherwise a switch to a channel 10300 * requiring DFS will be rejected. 10301 */ 10302 need_handle_dfs_flag = false; 10303 10304 /* useless if AP is not running */ 10305 if (!wdev->links[link_id].ap.beacon_interval) 10306 return -ENOTCONN; 10307 break; 10308 case NL80211_IFTYPE_ADHOC: 10309 if (!wdev->u.ibss.ssid_len) 10310 return -ENOTCONN; 10311 break; 10312 case NL80211_IFTYPE_MESH_POINT: 10313 if (!wdev->u.mesh.id_len) 10314 return -ENOTCONN; 10315 break; 10316 default: 10317 return -EOPNOTSUPP; 10318 } 10319 10320 memset(¶ms, 0, sizeof(params)); 10321 params.beacon_csa.ftm_responder = -1; 10322 10323 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 10324 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]) 10325 return -EINVAL; 10326 10327 /* only important for AP, IBSS and mesh create IEs internally */ 10328 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES]) 10329 return -EINVAL; 10330 10331 /* Even though the attribute is u32, the specification says 10332 * u8, so let's make sure we don't overflow. 10333 */ 10334 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]); 10335 if (cs_count > 255) 10336 return -EINVAL; 10337 10338 params.count = cs_count; 10339 10340 if (!need_new_beacon) 10341 goto skip_beacons; 10342 10343 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after, 10344 info->extack); 10345 if (err) 10346 goto free; 10347 10348 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs), 10349 GFP_KERNEL); 10350 if (!csa_attrs) { 10351 err = -ENOMEM; 10352 goto free; 10353 } 10354 10355 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX, 10356 info->attrs[NL80211_ATTR_CSA_IES], 10357 nl80211_policy, info->extack); 10358 if (err) 10359 goto free; 10360 10361 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa, 10362 info->extack); 10363 if (err) 10364 goto free; 10365 10366 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) { 10367 err = -EINVAL; 10368 goto free; 10369 } 10370 10371 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail, 10372 params.beacon_csa.tail_len, 10373 params.count, 10374 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON], 10375 ¶ms.counter_offsets_beacon, 10376 ¶ms.n_counter_offsets_beacon); 10377 if (err) 10378 goto free; 10379 10380 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp, 10381 params.beacon_csa.probe_resp_len, 10382 params.count, 10383 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP], 10384 ¶ms.counter_offsets_presp, 10385 ¶ms.n_counter_offsets_presp); 10386 if (err) 10387 goto free; 10388 10389 skip_beacons: 10390 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef); 10391 if (err) 10392 goto free; 10393 10394 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef, 10395 wdev->iftype)) { 10396 err = -EINVAL; 10397 goto free; 10398 } 10399 10400 err = cfg80211_chandef_dfs_required(wdev->wiphy, 10401 ¶ms.chandef, 10402 wdev->iftype); 10403 if (err < 0) 10404 goto free; 10405 10406 if (err > 0) { 10407 params.radar_required = true; 10408 if (need_handle_dfs_flag && 10409 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) { 10410 err = -EINVAL; 10411 goto free; 10412 } 10413 } 10414 10415 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX]) 10416 params.block_tx = true; 10417 10418 params.link_id = link_id; 10419 err = rdev_channel_switch(rdev, dev, ¶ms); 10420 10421 free: 10422 kfree(params.beacon_after.mbssid_ies); 10423 kfree(params.beacon_csa.mbssid_ies); 10424 kfree(params.beacon_after.rnr_ies); 10425 kfree(params.beacon_csa.rnr_ies); 10426 kfree(csa_attrs); 10427 return err; 10428 } 10429 10430 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 10431 u32 seq, int flags, 10432 struct cfg80211_registered_device *rdev, 10433 struct wireless_dev *wdev, 10434 struct cfg80211_internal_bss *intbss) 10435 { 10436 struct cfg80211_bss *res = &intbss->pub; 10437 const struct cfg80211_bss_ies *ies; 10438 unsigned int link_id; 10439 void *hdr; 10440 struct nlattr *bss; 10441 10442 lockdep_assert_wiphy(wdev->wiphy); 10443 10444 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags, 10445 NL80211_CMD_NEW_SCAN_RESULTS); 10446 if (!hdr) 10447 return -1; 10448 10449 genl_dump_check_consistent(cb, hdr); 10450 10451 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation)) 10452 goto nla_put_failure; 10453 if (wdev->netdev && 10454 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 10455 goto nla_put_failure; 10456 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 10457 NL80211_ATTR_PAD)) 10458 goto nla_put_failure; 10459 10460 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS); 10461 if (!bss) 10462 goto nla_put_failure; 10463 if ((!is_zero_ether_addr(res->bssid) && 10464 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid))) 10465 goto nla_put_failure; 10466 10467 rcu_read_lock(); 10468 /* indicate whether we have probe response data or not */ 10469 if (rcu_access_pointer(res->proberesp_ies) && 10470 nla_put_flag(msg, NL80211_BSS_PRESP_DATA)) 10471 goto fail_unlock_rcu; 10472 10473 /* this pointer prefers to be pointed to probe response data 10474 * but is always valid 10475 */ 10476 ies = rcu_dereference(res->ies); 10477 if (ies) { 10478 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf, 10479 NL80211_BSS_PAD)) 10480 goto fail_unlock_rcu; 10481 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 10482 ies->len, ies->data)) 10483 goto fail_unlock_rcu; 10484 } 10485 10486 /* and this pointer is always (unless driver didn't know) beacon data */ 10487 ies = rcu_dereference(res->beacon_ies); 10488 if (ies && ies->from_beacon) { 10489 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf, 10490 NL80211_BSS_PAD)) 10491 goto fail_unlock_rcu; 10492 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES, 10493 ies->len, ies->data)) 10494 goto fail_unlock_rcu; 10495 } 10496 rcu_read_unlock(); 10497 10498 if (res->beacon_interval && 10499 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 10500 goto nla_put_failure; 10501 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 10502 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 10503 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET, 10504 res->channel->freq_offset) || 10505 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 10506 jiffies_to_msecs(jiffies - intbss->ts))) 10507 goto nla_put_failure; 10508 10509 if (intbss->parent_tsf && 10510 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF, 10511 intbss->parent_tsf, NL80211_BSS_PAD) || 10512 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN, 10513 intbss->parent_bssid))) 10514 goto nla_put_failure; 10515 10516 if (intbss->ts_boottime && 10517 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME, 10518 intbss->ts_boottime, NL80211_BSS_PAD)) 10519 goto nla_put_failure; 10520 10521 if (!nl80211_put_signal(msg, intbss->pub.chains, 10522 intbss->pub.chain_signal, 10523 NL80211_BSS_CHAIN_SIGNAL)) 10524 goto nla_put_failure; 10525 10526 if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) { 10527 switch (rdev->wiphy.signal_type) { 10528 case CFG80211_SIGNAL_TYPE_MBM: 10529 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, 10530 res->signal)) 10531 goto nla_put_failure; 10532 break; 10533 case CFG80211_SIGNAL_TYPE_UNSPEC: 10534 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, 10535 res->signal)) 10536 goto nla_put_failure; 10537 break; 10538 default: 10539 break; 10540 } 10541 } 10542 10543 switch (wdev->iftype) { 10544 case NL80211_IFTYPE_P2P_CLIENT: 10545 case NL80211_IFTYPE_STATION: 10546 for_each_valid_link(wdev, link_id) { 10547 if (intbss == wdev->links[link_id].client.current_bss && 10548 (nla_put_u32(msg, NL80211_BSS_STATUS, 10549 NL80211_BSS_STATUS_ASSOCIATED) || 10550 (wdev->valid_links && 10551 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID, 10552 link_id) || 10553 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN, 10554 wdev->u.client.connected_addr))))) 10555 goto nla_put_failure; 10556 } 10557 break; 10558 case NL80211_IFTYPE_ADHOC: 10559 if (intbss == wdev->u.ibss.current_bss && 10560 nla_put_u32(msg, NL80211_BSS_STATUS, 10561 NL80211_BSS_STATUS_IBSS_JOINED)) 10562 goto nla_put_failure; 10563 break; 10564 default: 10565 break; 10566 } 10567 10568 if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for)) 10569 goto nla_put_failure; 10570 10571 if (res->cannot_use_reasons && 10572 nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS, 10573 res->cannot_use_reasons, 10574 NL80211_BSS_PAD)) 10575 goto nla_put_failure; 10576 10577 nla_nest_end(msg, bss); 10578 10579 genlmsg_end(msg, hdr); 10580 return 0; 10581 10582 fail_unlock_rcu: 10583 rcu_read_unlock(); 10584 nla_put_failure: 10585 genlmsg_cancel(msg, hdr); 10586 return -EMSGSIZE; 10587 } 10588 10589 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb) 10590 { 10591 struct cfg80211_registered_device *rdev; 10592 struct cfg80211_internal_bss *scan; 10593 struct wireless_dev *wdev; 10594 struct nlattr **attrbuf; 10595 int start = cb->args[2], idx = 0; 10596 bool dump_include_use_data; 10597 int err; 10598 10599 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL); 10600 if (!attrbuf) 10601 return -ENOMEM; 10602 10603 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf); 10604 if (err) { 10605 kfree(attrbuf); 10606 return err; 10607 } 10608 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 10609 __acquire(&rdev->wiphy.mtx); 10610 10611 dump_include_use_data = 10612 attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA]; 10613 kfree(attrbuf); 10614 10615 spin_lock_bh(&rdev->bss_lock); 10616 10617 /* 10618 * dump_scan will be called multiple times to break up the scan results 10619 * into multiple messages. It is unlikely that any more bss-es will be 10620 * expired after the first call, so only call only call this on the 10621 * first dump_scan invocation. 10622 */ 10623 if (start == 0) 10624 cfg80211_bss_expire(rdev); 10625 10626 cb->seq = rdev->bss_generation; 10627 10628 list_for_each_entry(scan, &rdev->bss_list, list) { 10629 if (++idx <= start) 10630 continue; 10631 if (!dump_include_use_data && 10632 !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL)) 10633 continue; 10634 if (nl80211_send_bss(skb, cb, 10635 cb->nlh->nlmsg_seq, NLM_F_MULTI, 10636 rdev, wdev, scan) < 0) { 10637 idx--; 10638 break; 10639 } 10640 } 10641 10642 spin_unlock_bh(&rdev->bss_lock); 10643 10644 cb->args[2] = idx; 10645 wiphy_unlock(&rdev->wiphy); 10646 10647 return skb->len; 10648 } 10649 10650 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq, 10651 int flags, struct net_device *dev, 10652 bool allow_radio_stats, 10653 struct survey_info *survey) 10654 { 10655 void *hdr; 10656 struct nlattr *infoattr; 10657 10658 /* skip radio stats if userspace didn't request them */ 10659 if (!survey->channel && !allow_radio_stats) 10660 return 0; 10661 10662 hdr = nl80211hdr_put(msg, portid, seq, flags, 10663 NL80211_CMD_NEW_SURVEY_RESULTS); 10664 if (!hdr) 10665 return -ENOMEM; 10666 10667 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 10668 goto nla_put_failure; 10669 10670 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO); 10671 if (!infoattr) 10672 goto nla_put_failure; 10673 10674 if (survey->channel && 10675 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 10676 survey->channel->center_freq)) 10677 goto nla_put_failure; 10678 10679 if (survey->channel && survey->channel->freq_offset && 10680 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET, 10681 survey->channel->freq_offset)) 10682 goto nla_put_failure; 10683 10684 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 10685 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 10686 goto nla_put_failure; 10687 if ((survey->filled & SURVEY_INFO_IN_USE) && 10688 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 10689 goto nla_put_failure; 10690 if ((survey->filled & SURVEY_INFO_TIME) && 10691 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME, 10692 survey->time, NL80211_SURVEY_INFO_PAD)) 10693 goto nla_put_failure; 10694 if ((survey->filled & SURVEY_INFO_TIME_BUSY) && 10695 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY, 10696 survey->time_busy, NL80211_SURVEY_INFO_PAD)) 10697 goto nla_put_failure; 10698 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) && 10699 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY, 10700 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD)) 10701 goto nla_put_failure; 10702 if ((survey->filled & SURVEY_INFO_TIME_RX) && 10703 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX, 10704 survey->time_rx, NL80211_SURVEY_INFO_PAD)) 10705 goto nla_put_failure; 10706 if ((survey->filled & SURVEY_INFO_TIME_TX) && 10707 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX, 10708 survey->time_tx, NL80211_SURVEY_INFO_PAD)) 10709 goto nla_put_failure; 10710 if ((survey->filled & SURVEY_INFO_TIME_SCAN) && 10711 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN, 10712 survey->time_scan, NL80211_SURVEY_INFO_PAD)) 10713 goto nla_put_failure; 10714 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) && 10715 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX, 10716 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD)) 10717 goto nla_put_failure; 10718 10719 nla_nest_end(msg, infoattr); 10720 10721 genlmsg_end(msg, hdr); 10722 return 0; 10723 10724 nla_put_failure: 10725 genlmsg_cancel(msg, hdr); 10726 return -EMSGSIZE; 10727 } 10728 10729 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb) 10730 { 10731 struct nlattr **attrbuf; 10732 struct survey_info survey; 10733 struct cfg80211_registered_device *rdev; 10734 struct wireless_dev *wdev; 10735 int survey_idx = cb->args[2]; 10736 int res; 10737 bool radio_stats; 10738 10739 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL); 10740 if (!attrbuf) 10741 return -ENOMEM; 10742 10743 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf); 10744 if (res) { 10745 kfree(attrbuf); 10746 return res; 10747 } 10748 /* nl80211_prepare_wdev_dump acquired it in the successful case */ 10749 __acquire(&rdev->wiphy.mtx); 10750 10751 /* prepare_wdev_dump parsed the attributes */ 10752 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS]; 10753 10754 if (!wdev->netdev) { 10755 res = -EINVAL; 10756 goto out_err; 10757 } 10758 10759 if (!rdev->ops->dump_survey) { 10760 res = -EOPNOTSUPP; 10761 goto out_err; 10762 } 10763 10764 while (1) { 10765 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey); 10766 if (res == -ENOENT) 10767 break; 10768 if (res) 10769 goto out_err; 10770 10771 /* don't send disabled channels, but do send non-channel data */ 10772 if (survey.channel && 10773 survey.channel->flags & IEEE80211_CHAN_DISABLED) { 10774 survey_idx++; 10775 continue; 10776 } 10777 10778 if (nl80211_send_survey(skb, 10779 NETLINK_CB(cb->skb).portid, 10780 cb->nlh->nlmsg_seq, NLM_F_MULTI, 10781 wdev->netdev, radio_stats, &survey) < 0) 10782 goto out; 10783 survey_idx++; 10784 } 10785 10786 out: 10787 cb->args[2] = survey_idx; 10788 res = skb->len; 10789 out_err: 10790 kfree(attrbuf); 10791 wiphy_unlock(&rdev->wiphy); 10792 return res; 10793 } 10794 10795 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 10796 { 10797 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 10798 struct net_device *dev = info->user_ptr[1]; 10799 struct ieee80211_channel *chan; 10800 const u8 *bssid, *ssid; 10801 int err, ssid_len; 10802 enum nl80211_auth_type auth_type; 10803 struct key_parse key; 10804 bool local_state_change; 10805 struct cfg80211_auth_request req = {}; 10806 u32 freq; 10807 10808 if (!info->attrs[NL80211_ATTR_MAC]) 10809 return -EINVAL; 10810 10811 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 10812 return -EINVAL; 10813 10814 if (!info->attrs[NL80211_ATTR_SSID]) 10815 return -EINVAL; 10816 10817 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 10818 return -EINVAL; 10819 10820 err = nl80211_parse_key(info, &key); 10821 if (err) 10822 return err; 10823 10824 if (key.idx >= 0) { 10825 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 10826 return -EINVAL; 10827 if (!key.p.key || !key.p.key_len) 10828 return -EINVAL; 10829 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 10830 key.p.key_len != WLAN_KEY_LEN_WEP40) && 10831 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 10832 key.p.key_len != WLAN_KEY_LEN_WEP104)) 10833 return -EINVAL; 10834 if (key.idx > 3) 10835 return -EINVAL; 10836 } else { 10837 key.p.key_len = 0; 10838 key.p.key = NULL; 10839 } 10840 10841 if (key.idx >= 0) { 10842 int i; 10843 bool ok = false; 10844 10845 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 10846 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 10847 ok = true; 10848 break; 10849 } 10850 } 10851 if (!ok) 10852 return -EINVAL; 10853 } 10854 10855 if (!rdev->ops->auth) 10856 return -EOPNOTSUPP; 10857 10858 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 10859 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 10860 return -EOPNOTSUPP; 10861 10862 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 10863 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 10864 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 10865 freq += 10866 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 10867 10868 chan = nl80211_get_valid_chan(&rdev->wiphy, freq); 10869 if (!chan) 10870 return -EINVAL; 10871 10872 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 10873 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 10874 10875 if (info->attrs[NL80211_ATTR_IE]) { 10876 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 10877 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 10878 } 10879 10880 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 10881 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE)) 10882 return -EINVAL; 10883 10884 if ((auth_type == NL80211_AUTHTYPE_SAE || 10885 auth_type == NL80211_AUTHTYPE_FILS_SK || 10886 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS || 10887 auth_type == NL80211_AUTHTYPE_FILS_PK) && 10888 !info->attrs[NL80211_ATTR_AUTH_DATA]) 10889 return -EINVAL; 10890 10891 if (info->attrs[NL80211_ATTR_AUTH_DATA]) { 10892 if (auth_type != NL80211_AUTHTYPE_SAE && 10893 auth_type != NL80211_AUTHTYPE_FILS_SK && 10894 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS && 10895 auth_type != NL80211_AUTHTYPE_FILS_PK) 10896 return -EINVAL; 10897 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]); 10898 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]); 10899 } 10900 10901 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 10902 10903 /* 10904 * Since we no longer track auth state, ignore 10905 * requests to only change local state. 10906 */ 10907 if (local_state_change) 10908 return 0; 10909 10910 req.auth_type = auth_type; 10911 req.key = key.p.key; 10912 req.key_len = key.p.key_len; 10913 req.key_idx = key.idx; 10914 req.link_id = nl80211_link_id_or_invalid(info->attrs); 10915 if (req.link_id >= 0) { 10916 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)) 10917 return -EINVAL; 10918 if (!info->attrs[NL80211_ATTR_MLD_ADDR]) 10919 return -EINVAL; 10920 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 10921 if (!is_valid_ether_addr(req.ap_mld_addr)) 10922 return -EINVAL; 10923 } 10924 10925 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 10926 IEEE80211_BSS_TYPE_ESS, 10927 IEEE80211_PRIVACY_ANY); 10928 if (!req.bss) 10929 return -ENOENT; 10930 10931 err = cfg80211_mlme_auth(rdev, dev, &req); 10932 10933 cfg80211_put_bss(&rdev->wiphy, req.bss); 10934 10935 return err; 10936 } 10937 10938 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev, 10939 struct genl_info *info) 10940 { 10941 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 10942 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set"); 10943 return -EINVAL; 10944 } 10945 10946 if (!rdev->ops->tx_control_port || 10947 !wiphy_ext_feature_isset(&rdev->wiphy, 10948 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 10949 return -EOPNOTSUPP; 10950 10951 return 0; 10952 } 10953 10954 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 10955 struct genl_info *info, 10956 struct cfg80211_crypto_settings *settings, 10957 int cipher_limit) 10958 { 10959 memset(settings, 0, sizeof(*settings)); 10960 10961 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 10962 10963 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 10964 u16 proto; 10965 10966 proto = nla_get_u16( 10967 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 10968 settings->control_port_ethertype = cpu_to_be16(proto); 10969 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 10970 proto != ETH_P_PAE) 10971 return -EINVAL; 10972 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 10973 settings->control_port_no_encrypt = true; 10974 } else 10975 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 10976 10977 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 10978 int r = validate_pae_over_nl80211(rdev, info); 10979 10980 if (r < 0) 10981 return r; 10982 10983 settings->control_port_over_nl80211 = true; 10984 10985 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH]) 10986 settings->control_port_no_preauth = true; 10987 } 10988 10989 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 10990 void *data; 10991 int len, i; 10992 10993 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 10994 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 10995 settings->n_ciphers_pairwise = len / sizeof(u32); 10996 10997 if (len % sizeof(u32)) 10998 return -EINVAL; 10999 11000 if (settings->n_ciphers_pairwise > cipher_limit) 11001 return -EINVAL; 11002 11003 memcpy(settings->ciphers_pairwise, data, len); 11004 11005 for (i = 0; i < settings->n_ciphers_pairwise; i++) 11006 if (!cfg80211_supported_cipher_suite( 11007 &rdev->wiphy, 11008 settings->ciphers_pairwise[i])) 11009 return -EINVAL; 11010 } 11011 11012 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 11013 settings->cipher_group = 11014 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 11015 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 11016 settings->cipher_group)) 11017 return -EINVAL; 11018 } 11019 11020 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) 11021 settings->wpa_versions = 11022 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 11023 11024 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 11025 void *data; 11026 int len; 11027 11028 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 11029 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 11030 settings->n_akm_suites = len / sizeof(u32); 11031 11032 if (len % sizeof(u32)) 11033 return -EINVAL; 11034 11035 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites) 11036 return -EINVAL; 11037 11038 memcpy(settings->akm_suites, data, len); 11039 } 11040 11041 if (info->attrs[NL80211_ATTR_PMK]) { 11042 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN) 11043 return -EINVAL; 11044 if (!wiphy_ext_feature_isset(&rdev->wiphy, 11045 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) && 11046 !wiphy_ext_feature_isset(&rdev->wiphy, 11047 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK)) 11048 return -EINVAL; 11049 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); 11050 } 11051 11052 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) { 11053 if (!wiphy_ext_feature_isset(&rdev->wiphy, 11054 NL80211_EXT_FEATURE_SAE_OFFLOAD) && 11055 !wiphy_ext_feature_isset(&rdev->wiphy, 11056 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP)) 11057 return -EINVAL; 11058 settings->sae_pwd = 11059 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]); 11060 settings->sae_pwd_len = 11061 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]); 11062 } 11063 11064 if (info->attrs[NL80211_ATTR_SAE_PWE]) 11065 settings->sae_pwe = 11066 nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]); 11067 else 11068 settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED; 11069 11070 return 0; 11071 } 11072 11073 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev, 11074 const u8 *ssid, int ssid_len, 11075 struct nlattr **attrs, 11076 int assoc_link_id, int link_id) 11077 { 11078 struct ieee80211_channel *chan; 11079 struct cfg80211_bss *bss; 11080 const u8 *bssid; 11081 u32 freq, use_for = 0; 11082 11083 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ]) 11084 return ERR_PTR(-EINVAL); 11085 11086 bssid = nla_data(attrs[NL80211_ATTR_MAC]); 11087 11088 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ])); 11089 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 11090 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 11091 11092 chan = nl80211_get_valid_chan(&rdev->wiphy, freq); 11093 if (!chan) 11094 return ERR_PTR(-EINVAL); 11095 11096 if (assoc_link_id >= 0) 11097 use_for = NL80211_BSS_USE_FOR_MLD_LINK; 11098 if (assoc_link_id == link_id) 11099 use_for |= NL80211_BSS_USE_FOR_NORMAL; 11100 11101 bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid, 11102 ssid, ssid_len, 11103 IEEE80211_BSS_TYPE_ESS, 11104 IEEE80211_PRIVACY_ANY, 11105 use_for); 11106 if (!bss) 11107 return ERR_PTR(-ENOENT); 11108 11109 return bss; 11110 } 11111 11112 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 11113 { 11114 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11115 struct net_device *dev = info->user_ptr[1]; 11116 struct cfg80211_assoc_request req = {}; 11117 struct nlattr **attrs = NULL; 11118 const u8 *ap_addr, *ssid; 11119 unsigned int link_id; 11120 int err, ssid_len; 11121 11122 if (dev->ieee80211_ptr->conn_owner_nlportid && 11123 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 11124 return -EPERM; 11125 11126 if (!info->attrs[NL80211_ATTR_SSID]) 11127 return -EINVAL; 11128 11129 if (!rdev->ops->assoc) 11130 return -EOPNOTSUPP; 11131 11132 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11133 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11134 return -EOPNOTSUPP; 11135 11136 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 11137 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 11138 11139 if (info->attrs[NL80211_ATTR_IE]) { 11140 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11141 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11142 11143 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE, 11144 req.ie, req.ie_len)) { 11145 NL_SET_ERR_MSG_ATTR(info->extack, 11146 info->attrs[NL80211_ATTR_IE], 11147 "non-inheritance makes no sense"); 11148 return -EINVAL; 11149 } 11150 } 11151 11152 if (info->attrs[NL80211_ATTR_USE_MFP]) { 11153 enum nl80211_mfp mfp = 11154 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 11155 if (mfp == NL80211_MFP_REQUIRED) 11156 req.use_mfp = true; 11157 else if (mfp != NL80211_MFP_NO) 11158 return -EINVAL; 11159 } 11160 11161 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 11162 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 11163 11164 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 11165 req.flags |= ASSOC_REQ_DISABLE_HT; 11166 11167 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11168 memcpy(&req.ht_capa_mask, 11169 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 11170 sizeof(req.ht_capa_mask)); 11171 11172 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 11173 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11174 return -EINVAL; 11175 memcpy(&req.ht_capa, 11176 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 11177 sizeof(req.ht_capa)); 11178 } 11179 11180 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 11181 req.flags |= ASSOC_REQ_DISABLE_VHT; 11182 11183 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE])) 11184 req.flags |= ASSOC_REQ_DISABLE_HE; 11185 11186 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT])) 11187 req.flags |= ASSOC_REQ_DISABLE_EHT; 11188 11189 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 11190 memcpy(&req.vht_capa_mask, 11191 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 11192 sizeof(req.vht_capa_mask)); 11193 11194 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 11195 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 11196 return -EINVAL; 11197 memcpy(&req.vht_capa, 11198 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 11199 sizeof(req.vht_capa)); 11200 } 11201 11202 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 11203 if (!((rdev->wiphy.features & 11204 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 11205 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 11206 !wiphy_ext_feature_isset(&rdev->wiphy, 11207 NL80211_EXT_FEATURE_RRM)) 11208 return -EINVAL; 11209 req.flags |= ASSOC_REQ_USE_RRM; 11210 } 11211 11212 if (info->attrs[NL80211_ATTR_FILS_KEK]) { 11213 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]); 11214 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]); 11215 if (!info->attrs[NL80211_ATTR_FILS_NONCES]) 11216 return -EINVAL; 11217 req.fils_nonces = 11218 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]); 11219 } 11220 11221 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) { 11222 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY]) 11223 return -EINVAL; 11224 memcpy(&req.s1g_capa_mask, 11225 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]), 11226 sizeof(req.s1g_capa_mask)); 11227 } 11228 11229 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) { 11230 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) 11231 return -EINVAL; 11232 memcpy(&req.s1g_capa, 11233 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]), 11234 sizeof(req.s1g_capa)); 11235 } 11236 11237 if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) { 11238 if (!wiphy_ext_feature_isset(&rdev->wiphy, 11239 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) { 11240 GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported"); 11241 return -EINVAL; 11242 } 11243 req.flags |= ASSOC_REQ_SPP_AMSDU; 11244 } 11245 11246 req.link_id = nl80211_link_id_or_invalid(info->attrs); 11247 11248 if (info->attrs[NL80211_ATTR_MLO_LINKS]) { 11249 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(*attrs); 11250 struct nlattr *link; 11251 int rem = 0; 11252 11253 if (req.link_id < 0) 11254 return -EINVAL; 11255 11256 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)) 11257 return -EINVAL; 11258 11259 if (info->attrs[NL80211_ATTR_MAC] || 11260 info->attrs[NL80211_ATTR_WIPHY_FREQ] || 11261 !info->attrs[NL80211_ATTR_MLD_ADDR]) 11262 return -EINVAL; 11263 11264 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 11265 ap_addr = req.ap_mld_addr; 11266 11267 attrs = kzalloc(attrsize, GFP_KERNEL); 11268 if (!attrs) 11269 return -ENOMEM; 11270 11271 nla_for_each_nested(link, 11272 info->attrs[NL80211_ATTR_MLO_LINKS], 11273 rem) { 11274 memset(attrs, 0, attrsize); 11275 11276 nla_parse_nested(attrs, NL80211_ATTR_MAX, 11277 link, NULL, NULL); 11278 11279 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) { 11280 err = -EINVAL; 11281 NL_SET_BAD_ATTR(info->extack, link); 11282 goto free; 11283 } 11284 11285 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]); 11286 /* cannot use the same link ID again */ 11287 if (req.links[link_id].bss) { 11288 err = -EINVAL; 11289 NL_SET_BAD_ATTR(info->extack, link); 11290 goto free; 11291 } 11292 req.links[link_id].bss = 11293 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs, 11294 req.link_id, link_id); 11295 if (IS_ERR(req.links[link_id].bss)) { 11296 err = PTR_ERR(req.links[link_id].bss); 11297 req.links[link_id].bss = NULL; 11298 NL_SET_ERR_MSG_ATTR(info->extack, 11299 link, "Error fetching BSS for link"); 11300 goto free; 11301 } 11302 11303 if (attrs[NL80211_ATTR_IE]) { 11304 req.links[link_id].elems = 11305 nla_data(attrs[NL80211_ATTR_IE]); 11306 req.links[link_id].elems_len = 11307 nla_len(attrs[NL80211_ATTR_IE]); 11308 11309 if (cfg80211_find_elem(WLAN_EID_FRAGMENT, 11310 req.links[link_id].elems, 11311 req.links[link_id].elems_len)) { 11312 NL_SET_ERR_MSG_ATTR(info->extack, 11313 attrs[NL80211_ATTR_IE], 11314 "cannot deal with fragmentation"); 11315 err = -EINVAL; 11316 goto free; 11317 } 11318 11319 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE, 11320 req.links[link_id].elems, 11321 req.links[link_id].elems_len)) { 11322 NL_SET_ERR_MSG_ATTR(info->extack, 11323 attrs[NL80211_ATTR_IE], 11324 "cannot deal with non-inheritance"); 11325 err = -EINVAL; 11326 goto free; 11327 } 11328 } 11329 11330 req.links[link_id].disabled = 11331 nla_get_flag(attrs[NL80211_ATTR_MLO_LINK_DISABLED]); 11332 } 11333 11334 if (!req.links[req.link_id].bss) { 11335 err = -EINVAL; 11336 goto free; 11337 } 11338 11339 if (req.links[req.link_id].elems_len) { 11340 GENL_SET_ERR_MSG(info, 11341 "cannot have per-link elems on assoc link"); 11342 err = -EINVAL; 11343 goto free; 11344 } 11345 11346 if (req.links[req.link_id].disabled) { 11347 GENL_SET_ERR_MSG(info, 11348 "cannot have assoc link disabled"); 11349 err = -EINVAL; 11350 goto free; 11351 } 11352 11353 kfree(attrs); 11354 attrs = NULL; 11355 } else { 11356 if (req.link_id >= 0) 11357 return -EINVAL; 11358 11359 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs, 11360 -1, -1); 11361 if (IS_ERR(req.bss)) 11362 return PTR_ERR(req.bss); 11363 ap_addr = req.bss->bssid; 11364 } 11365 11366 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1); 11367 if (!err) { 11368 struct nlattr *link; 11369 int rem = 0; 11370 11371 err = cfg80211_mlme_assoc(rdev, dev, &req, 11372 info->extack); 11373 11374 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 11375 dev->ieee80211_ptr->conn_owner_nlportid = 11376 info->snd_portid; 11377 memcpy(dev->ieee80211_ptr->disconnect_bssid, 11378 ap_addr, ETH_ALEN); 11379 } 11380 11381 /* Report error from first problematic link */ 11382 if (info->attrs[NL80211_ATTR_MLO_LINKS]) { 11383 nla_for_each_nested(link, 11384 info->attrs[NL80211_ATTR_MLO_LINKS], 11385 rem) { 11386 struct nlattr *link_id_attr = 11387 nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID); 11388 11389 if (!link_id_attr) 11390 continue; 11391 11392 link_id = nla_get_u8(link_id_attr); 11393 11394 if (link_id == req.link_id) 11395 continue; 11396 11397 if (!req.links[link_id].error || 11398 WARN_ON(req.links[link_id].error > 0)) 11399 continue; 11400 11401 WARN_ON(err >= 0); 11402 11403 NL_SET_BAD_ATTR(info->extack, link); 11404 err = req.links[link_id].error; 11405 break; 11406 } 11407 } 11408 } 11409 11410 free: 11411 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++) 11412 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss); 11413 cfg80211_put_bss(&rdev->wiphy, req.bss); 11414 kfree(attrs); 11415 11416 return err; 11417 } 11418 11419 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 11420 { 11421 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11422 struct net_device *dev = info->user_ptr[1]; 11423 const u8 *ie = NULL, *bssid; 11424 int ie_len = 0; 11425 u16 reason_code; 11426 bool local_state_change; 11427 11428 if (dev->ieee80211_ptr->conn_owner_nlportid && 11429 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 11430 return -EPERM; 11431 11432 if (!info->attrs[NL80211_ATTR_MAC]) 11433 return -EINVAL; 11434 11435 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 11436 return -EINVAL; 11437 11438 if (!rdev->ops->deauth) 11439 return -EOPNOTSUPP; 11440 11441 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11442 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11443 return -EOPNOTSUPP; 11444 11445 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11446 11447 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 11448 if (reason_code == 0) { 11449 /* Reason Code 0 is reserved */ 11450 return -EINVAL; 11451 } 11452 11453 if (info->attrs[NL80211_ATTR_IE]) { 11454 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11455 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11456 } 11457 11458 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 11459 11460 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 11461 local_state_change); 11462 } 11463 11464 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 11465 { 11466 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11467 struct net_device *dev = info->user_ptr[1]; 11468 const u8 *ie = NULL, *bssid; 11469 int ie_len = 0; 11470 u16 reason_code; 11471 bool local_state_change; 11472 11473 if (dev->ieee80211_ptr->conn_owner_nlportid && 11474 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 11475 return -EPERM; 11476 11477 if (!info->attrs[NL80211_ATTR_MAC]) 11478 return -EINVAL; 11479 11480 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 11481 return -EINVAL; 11482 11483 if (!rdev->ops->disassoc) 11484 return -EOPNOTSUPP; 11485 11486 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 11487 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 11488 return -EOPNOTSUPP; 11489 11490 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11491 11492 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 11493 if (reason_code == 0) { 11494 /* Reason Code 0 is reserved */ 11495 return -EINVAL; 11496 } 11497 11498 if (info->attrs[NL80211_ATTR_IE]) { 11499 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11500 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11501 } 11502 11503 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 11504 11505 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 11506 local_state_change); 11507 } 11508 11509 static bool 11510 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 11511 int mcast_rate[NUM_NL80211_BANDS], 11512 int rateval) 11513 { 11514 struct wiphy *wiphy = &rdev->wiphy; 11515 bool found = false; 11516 int band, i; 11517 11518 for (band = 0; band < NUM_NL80211_BANDS; band++) { 11519 struct ieee80211_supported_band *sband; 11520 11521 sband = wiphy->bands[band]; 11522 if (!sband) 11523 continue; 11524 11525 for (i = 0; i < sband->n_bitrates; i++) { 11526 if (sband->bitrates[i].bitrate == rateval) { 11527 mcast_rate[band] = i + 1; 11528 found = true; 11529 break; 11530 } 11531 } 11532 } 11533 11534 return found; 11535 } 11536 11537 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 11538 { 11539 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11540 struct net_device *dev = info->user_ptr[1]; 11541 struct cfg80211_ibss_params ibss; 11542 struct wiphy *wiphy; 11543 struct cfg80211_cached_keys *connkeys = NULL; 11544 int err; 11545 11546 memset(&ibss, 0, sizeof(ibss)); 11547 11548 if (!info->attrs[NL80211_ATTR_SSID] || 11549 !nla_len(info->attrs[NL80211_ATTR_SSID])) 11550 return -EINVAL; 11551 11552 ibss.beacon_interval = 100; 11553 11554 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) 11555 ibss.beacon_interval = 11556 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 11557 11558 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC, 11559 ibss.beacon_interval); 11560 if (err) 11561 return err; 11562 11563 if (!rdev->ops->join_ibss) 11564 return -EOPNOTSUPP; 11565 11566 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 11567 return -EOPNOTSUPP; 11568 11569 wiphy = &rdev->wiphy; 11570 11571 if (info->attrs[NL80211_ATTR_MAC]) { 11572 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 11573 11574 if (!is_valid_ether_addr(ibss.bssid)) 11575 return -EINVAL; 11576 } 11577 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 11578 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 11579 11580 if (info->attrs[NL80211_ATTR_IE]) { 11581 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 11582 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 11583 } 11584 11585 err = nl80211_parse_chandef(rdev, info, &ibss.chandef); 11586 if (err) 11587 return err; 11588 11589 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef, 11590 NL80211_IFTYPE_ADHOC)) 11591 return -EINVAL; 11592 11593 switch (ibss.chandef.width) { 11594 case NL80211_CHAN_WIDTH_5: 11595 case NL80211_CHAN_WIDTH_10: 11596 case NL80211_CHAN_WIDTH_20_NOHT: 11597 break; 11598 case NL80211_CHAN_WIDTH_20: 11599 case NL80211_CHAN_WIDTH_40: 11600 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 11601 return -EINVAL; 11602 break; 11603 case NL80211_CHAN_WIDTH_80: 11604 case NL80211_CHAN_WIDTH_80P80: 11605 case NL80211_CHAN_WIDTH_160: 11606 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)) 11607 return -EINVAL; 11608 if (!wiphy_ext_feature_isset(&rdev->wiphy, 11609 NL80211_EXT_FEATURE_VHT_IBSS)) 11610 return -EINVAL; 11611 break; 11612 case NL80211_CHAN_WIDTH_320: 11613 return -EINVAL; 11614 default: 11615 return -EINVAL; 11616 } 11617 11618 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 11619 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 11620 11621 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 11622 u8 *rates = 11623 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 11624 int n_rates = 11625 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 11626 struct ieee80211_supported_band *sband = 11627 wiphy->bands[ibss.chandef.chan->band]; 11628 11629 err = ieee80211_get_ratemask(sband, rates, n_rates, 11630 &ibss.basic_rates); 11631 if (err) 11632 return err; 11633 } 11634 11635 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11636 memcpy(&ibss.ht_capa_mask, 11637 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 11638 sizeof(ibss.ht_capa_mask)); 11639 11640 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 11641 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 11642 return -EINVAL; 11643 memcpy(&ibss.ht_capa, 11644 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 11645 sizeof(ibss.ht_capa)); 11646 } 11647 11648 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 11649 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 11650 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 11651 return -EINVAL; 11652 11653 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 11654 bool no_ht = false; 11655 11656 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht); 11657 if (IS_ERR(connkeys)) 11658 return PTR_ERR(connkeys); 11659 11660 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) && 11661 no_ht) { 11662 kfree_sensitive(connkeys); 11663 return -EINVAL; 11664 } 11665 } 11666 11667 ibss.control_port = 11668 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 11669 11670 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 11671 int r = validate_pae_over_nl80211(rdev, info); 11672 11673 if (r < 0) { 11674 kfree_sensitive(connkeys); 11675 return r; 11676 } 11677 11678 ibss.control_port_over_nl80211 = true; 11679 } 11680 11681 ibss.userspace_handles_dfs = 11682 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 11683 11684 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 11685 if (err) 11686 kfree_sensitive(connkeys); 11687 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) 11688 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 11689 11690 return err; 11691 } 11692 11693 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 11694 { 11695 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11696 struct net_device *dev = info->user_ptr[1]; 11697 11698 if (!rdev->ops->leave_ibss) 11699 return -EOPNOTSUPP; 11700 11701 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 11702 return -EOPNOTSUPP; 11703 11704 return cfg80211_leave_ibss(rdev, dev, false); 11705 } 11706 11707 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info) 11708 { 11709 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11710 struct net_device *dev = info->user_ptr[1]; 11711 int mcast_rate[NUM_NL80211_BANDS]; 11712 u32 nla_rate; 11713 11714 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 11715 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 11716 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB) 11717 return -EOPNOTSUPP; 11718 11719 if (!rdev->ops->set_mcast_rate) 11720 return -EOPNOTSUPP; 11721 11722 memset(mcast_rate, 0, sizeof(mcast_rate)); 11723 11724 if (!info->attrs[NL80211_ATTR_MCAST_RATE]) 11725 return -EINVAL; 11726 11727 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]); 11728 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate)) 11729 return -EINVAL; 11730 11731 return rdev_set_mcast_rate(rdev, dev, mcast_rate); 11732 } 11733 11734 static struct sk_buff * 11735 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev, 11736 struct wireless_dev *wdev, int approxlen, 11737 u32 portid, u32 seq, enum nl80211_commands cmd, 11738 enum nl80211_attrs attr, 11739 const struct nl80211_vendor_cmd_info *info, 11740 gfp_t gfp) 11741 { 11742 struct sk_buff *skb; 11743 void *hdr; 11744 struct nlattr *data; 11745 11746 skb = nlmsg_new(approxlen + 100, gfp); 11747 if (!skb) 11748 return NULL; 11749 11750 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd); 11751 if (!hdr) { 11752 kfree_skb(skb); 11753 return NULL; 11754 } 11755 11756 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 11757 goto nla_put_failure; 11758 11759 if (info) { 11760 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID, 11761 info->vendor_id)) 11762 goto nla_put_failure; 11763 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD, 11764 info->subcmd)) 11765 goto nla_put_failure; 11766 } 11767 11768 if (wdev) { 11769 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 11770 wdev_id(wdev), NL80211_ATTR_PAD)) 11771 goto nla_put_failure; 11772 if (wdev->netdev && 11773 nla_put_u32(skb, NL80211_ATTR_IFINDEX, 11774 wdev->netdev->ifindex)) 11775 goto nla_put_failure; 11776 } 11777 11778 data = nla_nest_start_noflag(skb, attr); 11779 if (!data) 11780 goto nla_put_failure; 11781 11782 ((void **)skb->cb)[0] = rdev; 11783 ((void **)skb->cb)[1] = hdr; 11784 ((void **)skb->cb)[2] = data; 11785 11786 return skb; 11787 11788 nla_put_failure: 11789 kfree_skb(skb); 11790 return NULL; 11791 } 11792 11793 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy, 11794 struct wireless_dev *wdev, 11795 enum nl80211_commands cmd, 11796 enum nl80211_attrs attr, 11797 unsigned int portid, 11798 int vendor_event_idx, 11799 int approxlen, gfp_t gfp) 11800 { 11801 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 11802 const struct nl80211_vendor_cmd_info *info; 11803 11804 switch (cmd) { 11805 case NL80211_CMD_TESTMODE: 11806 if (WARN_ON(vendor_event_idx != -1)) 11807 return NULL; 11808 info = NULL; 11809 break; 11810 case NL80211_CMD_VENDOR: 11811 if (WARN_ON(vendor_event_idx < 0 || 11812 vendor_event_idx >= wiphy->n_vendor_events)) 11813 return NULL; 11814 info = &wiphy->vendor_events[vendor_event_idx]; 11815 break; 11816 default: 11817 WARN_ON(1); 11818 return NULL; 11819 } 11820 11821 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0, 11822 cmd, attr, info, gfp); 11823 } 11824 EXPORT_SYMBOL(__cfg80211_alloc_event_skb); 11825 11826 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp) 11827 { 11828 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 11829 void *hdr = ((void **)skb->cb)[1]; 11830 struct nlmsghdr *nlhdr = nlmsg_hdr(skb); 11831 struct nlattr *data = ((void **)skb->cb)[2]; 11832 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE; 11833 11834 /* clear CB data for netlink core to own from now on */ 11835 memset(skb->cb, 0, sizeof(skb->cb)); 11836 11837 nla_nest_end(skb, data); 11838 genlmsg_end(skb, hdr); 11839 11840 if (nlhdr->nlmsg_pid) { 11841 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb, 11842 nlhdr->nlmsg_pid); 11843 } else { 11844 if (data->nla_type == NL80211_ATTR_VENDOR_DATA) 11845 mcgrp = NL80211_MCGRP_VENDOR; 11846 11847 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 11848 skb, 0, mcgrp, gfp); 11849 } 11850 } 11851 EXPORT_SYMBOL(__cfg80211_send_event_skb); 11852 11853 #ifdef CONFIG_NL80211_TESTMODE 11854 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 11855 { 11856 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11857 struct wireless_dev *wdev; 11858 int err; 11859 11860 lockdep_assert_held(&rdev->wiphy.mtx); 11861 11862 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info), 11863 info->attrs); 11864 11865 if (!rdev->ops->testmode_cmd) 11866 return -EOPNOTSUPP; 11867 11868 if (IS_ERR(wdev)) { 11869 err = PTR_ERR(wdev); 11870 if (err != -EINVAL) 11871 return err; 11872 wdev = NULL; 11873 } else if (wdev->wiphy != &rdev->wiphy) { 11874 return -EINVAL; 11875 } 11876 11877 if (!info->attrs[NL80211_ATTR_TESTDATA]) 11878 return -EINVAL; 11879 11880 rdev->cur_cmd_info = info; 11881 err = rdev_testmode_cmd(rdev, wdev, 11882 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 11883 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 11884 rdev->cur_cmd_info = NULL; 11885 11886 return err; 11887 } 11888 11889 static int nl80211_testmode_dump(struct sk_buff *skb, 11890 struct netlink_callback *cb) 11891 { 11892 struct cfg80211_registered_device *rdev; 11893 struct nlattr **attrbuf = NULL; 11894 int err; 11895 long phy_idx; 11896 void *data = NULL; 11897 int data_len = 0; 11898 11899 rtnl_lock(); 11900 11901 if (cb->args[0]) { 11902 /* 11903 * 0 is a valid index, but not valid for args[0], 11904 * so we need to offset by 1. 11905 */ 11906 phy_idx = cb->args[0] - 1; 11907 11908 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 11909 if (!rdev) { 11910 err = -ENOENT; 11911 goto out_err; 11912 } 11913 } else { 11914 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), 11915 GFP_KERNEL); 11916 if (!attrbuf) { 11917 err = -ENOMEM; 11918 goto out_err; 11919 } 11920 11921 err = nlmsg_parse_deprecated(cb->nlh, 11922 GENL_HDRLEN + nl80211_fam.hdrsize, 11923 attrbuf, nl80211_fam.maxattr, 11924 nl80211_policy, NULL); 11925 if (err) 11926 goto out_err; 11927 11928 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 11929 if (IS_ERR(rdev)) { 11930 err = PTR_ERR(rdev); 11931 goto out_err; 11932 } 11933 phy_idx = rdev->wiphy_idx; 11934 11935 if (attrbuf[NL80211_ATTR_TESTDATA]) 11936 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA]; 11937 } 11938 11939 if (cb->args[1]) { 11940 data = nla_data((void *)cb->args[1]); 11941 data_len = nla_len((void *)cb->args[1]); 11942 } 11943 11944 if (!rdev->ops->testmode_dump) { 11945 err = -EOPNOTSUPP; 11946 goto out_err; 11947 } 11948 11949 while (1) { 11950 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 11951 cb->nlh->nlmsg_seq, NLM_F_MULTI, 11952 NL80211_CMD_TESTMODE); 11953 struct nlattr *tmdata; 11954 11955 if (!hdr) 11956 break; 11957 11958 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 11959 genlmsg_cancel(skb, hdr); 11960 break; 11961 } 11962 11963 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA); 11964 if (!tmdata) { 11965 genlmsg_cancel(skb, hdr); 11966 break; 11967 } 11968 err = rdev_testmode_dump(rdev, skb, cb, data, data_len); 11969 nla_nest_end(skb, tmdata); 11970 11971 if (err == -ENOBUFS || err == -ENOENT) { 11972 genlmsg_cancel(skb, hdr); 11973 break; 11974 } else if (err) { 11975 genlmsg_cancel(skb, hdr); 11976 goto out_err; 11977 } 11978 11979 genlmsg_end(skb, hdr); 11980 } 11981 11982 err = skb->len; 11983 /* see above */ 11984 cb->args[0] = phy_idx + 1; 11985 out_err: 11986 kfree(attrbuf); 11987 rtnl_unlock(); 11988 return err; 11989 } 11990 #endif 11991 11992 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 11993 { 11994 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 11995 struct net_device *dev = info->user_ptr[1]; 11996 struct cfg80211_connect_params connect; 11997 struct wiphy *wiphy; 11998 struct cfg80211_cached_keys *connkeys = NULL; 11999 u32 freq = 0; 12000 int err; 12001 12002 memset(&connect, 0, sizeof(connect)); 12003 12004 if (!info->attrs[NL80211_ATTR_SSID] || 12005 !nla_len(info->attrs[NL80211_ATTR_SSID])) 12006 return -EINVAL; 12007 12008 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 12009 connect.auth_type = 12010 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 12011 if (!nl80211_valid_auth_type(rdev, connect.auth_type, 12012 NL80211_CMD_CONNECT)) 12013 return -EINVAL; 12014 } else 12015 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 12016 12017 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 12018 12019 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] && 12020 !wiphy_ext_feature_isset(&rdev->wiphy, 12021 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 12022 return -EINVAL; 12023 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS]; 12024 12025 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 12026 NL80211_MAX_NR_CIPHER_SUITES); 12027 if (err) 12028 return err; 12029 12030 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12031 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 12032 return -EOPNOTSUPP; 12033 12034 wiphy = &rdev->wiphy; 12035 12036 connect.bg_scan_period = -1; 12037 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 12038 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 12039 connect.bg_scan_period = 12040 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 12041 } 12042 12043 if (info->attrs[NL80211_ATTR_MAC]) 12044 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 12045 else if (info->attrs[NL80211_ATTR_MAC_HINT]) 12046 connect.bssid_hint = 12047 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]); 12048 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 12049 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 12050 12051 if (info->attrs[NL80211_ATTR_IE]) { 12052 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 12053 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 12054 } 12055 12056 if (info->attrs[NL80211_ATTR_USE_MFP]) { 12057 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 12058 if (connect.mfp == NL80211_MFP_OPTIONAL && 12059 !wiphy_ext_feature_isset(&rdev->wiphy, 12060 NL80211_EXT_FEATURE_MFP_OPTIONAL)) 12061 return -EOPNOTSUPP; 12062 } else { 12063 connect.mfp = NL80211_MFP_NO; 12064 } 12065 12066 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 12067 connect.prev_bssid = 12068 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 12069 12070 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) 12071 freq = MHZ_TO_KHZ(nla_get_u32( 12072 info->attrs[NL80211_ATTR_WIPHY_FREQ])); 12073 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]) 12074 freq += 12075 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]); 12076 12077 if (freq) { 12078 connect.channel = nl80211_get_valid_chan(wiphy, freq); 12079 if (!connect.channel) 12080 return -EINVAL; 12081 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) { 12082 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]); 12083 freq = MHZ_TO_KHZ(freq); 12084 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq); 12085 if (!connect.channel_hint) 12086 return -EINVAL; 12087 } 12088 12089 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) { 12090 connect.edmg.channels = 12091 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]); 12092 12093 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]) 12094 connect.edmg.bw_config = 12095 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]); 12096 } 12097 12098 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 12099 connkeys = nl80211_parse_connkeys(rdev, info, NULL); 12100 if (IS_ERR(connkeys)) 12101 return PTR_ERR(connkeys); 12102 } 12103 12104 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 12105 connect.flags |= ASSOC_REQ_DISABLE_HT; 12106 12107 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 12108 memcpy(&connect.ht_capa_mask, 12109 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 12110 sizeof(connect.ht_capa_mask)); 12111 12112 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 12113 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) { 12114 kfree_sensitive(connkeys); 12115 return -EINVAL; 12116 } 12117 memcpy(&connect.ht_capa, 12118 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 12119 sizeof(connect.ht_capa)); 12120 } 12121 12122 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT])) 12123 connect.flags |= ASSOC_REQ_DISABLE_VHT; 12124 12125 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE])) 12126 connect.flags |= ASSOC_REQ_DISABLE_HE; 12127 12128 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT])) 12129 connect.flags |= ASSOC_REQ_DISABLE_EHT; 12130 12131 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) 12132 memcpy(&connect.vht_capa_mask, 12133 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]), 12134 sizeof(connect.vht_capa_mask)); 12135 12136 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) { 12137 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) { 12138 kfree_sensitive(connkeys); 12139 return -EINVAL; 12140 } 12141 memcpy(&connect.vht_capa, 12142 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]), 12143 sizeof(connect.vht_capa)); 12144 } 12145 12146 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 12147 if (!((rdev->wiphy.features & 12148 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 12149 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 12150 !wiphy_ext_feature_isset(&rdev->wiphy, 12151 NL80211_EXT_FEATURE_RRM)) { 12152 kfree_sensitive(connkeys); 12153 return -EINVAL; 12154 } 12155 connect.flags |= ASSOC_REQ_USE_RRM; 12156 } 12157 12158 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 12159 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) { 12160 kfree_sensitive(connkeys); 12161 return -EOPNOTSUPP; 12162 } 12163 12164 if (info->attrs[NL80211_ATTR_BSS_SELECT]) { 12165 /* bss selection makes no sense if bssid is set */ 12166 if (connect.bssid) { 12167 kfree_sensitive(connkeys); 12168 return -EINVAL; 12169 } 12170 12171 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT], 12172 wiphy, &connect.bss_select); 12173 if (err) { 12174 kfree_sensitive(connkeys); 12175 return err; 12176 } 12177 } 12178 12179 if (wiphy_ext_feature_isset(&rdev->wiphy, 12180 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) && 12181 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 12182 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 12183 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 12184 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12185 connect.fils_erp_username = 12186 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12187 connect.fils_erp_username_len = 12188 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12189 connect.fils_erp_realm = 12190 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12191 connect.fils_erp_realm_len = 12192 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12193 connect.fils_erp_next_seq_num = 12194 nla_get_u16( 12195 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 12196 connect.fils_erp_rrk = 12197 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12198 connect.fils_erp_rrk_len = 12199 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12200 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 12201 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 12202 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 12203 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12204 kfree_sensitive(connkeys); 12205 return -EINVAL; 12206 } 12207 12208 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) { 12209 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 12210 kfree_sensitive(connkeys); 12211 GENL_SET_ERR_MSG(info, 12212 "external auth requires connection ownership"); 12213 return -EINVAL; 12214 } 12215 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT; 12216 } 12217 12218 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT])) 12219 connect.flags |= CONNECT_REQ_MLO_SUPPORT; 12220 12221 err = cfg80211_connect(rdev, dev, &connect, connkeys, 12222 connect.prev_bssid); 12223 if (err) 12224 kfree_sensitive(connkeys); 12225 12226 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) { 12227 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 12228 if (connect.bssid) 12229 memcpy(dev->ieee80211_ptr->disconnect_bssid, 12230 connect.bssid, ETH_ALEN); 12231 else 12232 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid); 12233 } 12234 12235 return err; 12236 } 12237 12238 static int nl80211_update_connect_params(struct sk_buff *skb, 12239 struct genl_info *info) 12240 { 12241 struct cfg80211_connect_params connect = {}; 12242 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12243 struct net_device *dev = info->user_ptr[1]; 12244 struct wireless_dev *wdev = dev->ieee80211_ptr; 12245 bool fils_sk_offload; 12246 u32 auth_type; 12247 u32 changed = 0; 12248 12249 if (!rdev->ops->update_connect_params) 12250 return -EOPNOTSUPP; 12251 12252 if (info->attrs[NL80211_ATTR_IE]) { 12253 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 12254 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 12255 changed |= UPDATE_ASSOC_IES; 12256 } 12257 12258 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy, 12259 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD); 12260 12261 /* 12262 * when driver supports fils-sk offload all attributes must be 12263 * provided. So the else covers "fils-sk-not-all" and 12264 * "no-fils-sk-any". 12265 */ 12266 if (fils_sk_offload && 12267 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] && 12268 info->attrs[NL80211_ATTR_FILS_ERP_REALM] && 12269 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] && 12270 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12271 connect.fils_erp_username = 12272 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12273 connect.fils_erp_username_len = 12274 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]); 12275 connect.fils_erp_realm = 12276 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12277 connect.fils_erp_realm_len = 12278 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]); 12279 connect.fils_erp_next_seq_num = 12280 nla_get_u16( 12281 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]); 12282 connect.fils_erp_rrk = 12283 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12284 connect.fils_erp_rrk_len = 12285 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]); 12286 changed |= UPDATE_FILS_ERP_INFO; 12287 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] || 12288 info->attrs[NL80211_ATTR_FILS_ERP_REALM] || 12289 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] || 12290 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) { 12291 return -EINVAL; 12292 } 12293 12294 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 12295 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 12296 if (!nl80211_valid_auth_type(rdev, auth_type, 12297 NL80211_CMD_CONNECT)) 12298 return -EINVAL; 12299 12300 if (auth_type == NL80211_AUTHTYPE_FILS_SK && 12301 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO)) 12302 return -EINVAL; 12303 12304 connect.auth_type = auth_type; 12305 changed |= UPDATE_AUTH_TYPE; 12306 } 12307 12308 if (!wdev->connected) 12309 return -ENOLINK; 12310 12311 return rdev_update_connect_params(rdev, dev, &connect, changed); 12312 } 12313 12314 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 12315 { 12316 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12317 struct net_device *dev = info->user_ptr[1]; 12318 u16 reason; 12319 12320 if (dev->ieee80211_ptr->conn_owner_nlportid && 12321 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid) 12322 return -EPERM; 12323 12324 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 12325 reason = WLAN_REASON_DEAUTH_LEAVING; 12326 else 12327 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 12328 12329 if (reason == 0) 12330 return -EINVAL; 12331 12332 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12333 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 12334 return -EOPNOTSUPP; 12335 12336 return cfg80211_disconnect(rdev, dev, reason, true); 12337 } 12338 12339 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 12340 { 12341 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12342 struct net *net; 12343 int err; 12344 12345 if (info->attrs[NL80211_ATTR_PID]) { 12346 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 12347 12348 net = get_net_ns_by_pid(pid); 12349 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) { 12350 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]); 12351 12352 net = get_net_ns_by_fd(fd); 12353 } else { 12354 return -EINVAL; 12355 } 12356 12357 if (IS_ERR(net)) 12358 return PTR_ERR(net); 12359 12360 err = 0; 12361 12362 /* check if anything to do */ 12363 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 12364 err = cfg80211_switch_netns(rdev, net); 12365 12366 put_net(net); 12367 return err; 12368 } 12369 12370 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info) 12371 { 12372 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12373 struct net_device *dev = info->user_ptr[1]; 12374 struct cfg80211_pmksa pmksa; 12375 bool ap_pmksa_caching_support = false; 12376 12377 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 12378 12379 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy, 12380 NL80211_EXT_FEATURE_AP_PMKSA_CACHING); 12381 12382 if (!info->attrs[NL80211_ATTR_PMKID]) 12383 return -EINVAL; 12384 12385 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 12386 12387 if (info->attrs[NL80211_ATTR_MAC]) { 12388 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 12389 } else if (info->attrs[NL80211_ATTR_SSID] && 12390 info->attrs[NL80211_ATTR_FILS_CACHE_ID] && 12391 info->attrs[NL80211_ATTR_PMK]) { 12392 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 12393 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 12394 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]); 12395 } else { 12396 return -EINVAL; 12397 } 12398 12399 if (info->attrs[NL80211_ATTR_PMK]) { 12400 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 12401 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 12402 } 12403 12404 if (info->attrs[NL80211_ATTR_PMK_LIFETIME]) 12405 pmksa.pmk_lifetime = 12406 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]); 12407 12408 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]) 12409 pmksa.pmk_reauth_threshold = 12410 nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]); 12411 12412 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12413 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 12414 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP || 12415 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) && 12416 ap_pmksa_caching_support)) 12417 return -EOPNOTSUPP; 12418 12419 if (!rdev->ops->set_pmksa) 12420 return -EOPNOTSUPP; 12421 12422 return rdev_set_pmksa(rdev, dev, &pmksa); 12423 } 12424 12425 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info) 12426 { 12427 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12428 struct net_device *dev = info->user_ptr[1]; 12429 struct cfg80211_pmksa pmksa; 12430 bool sae_offload_support = false; 12431 bool owe_offload_support = false; 12432 bool ap_pmksa_caching_support = false; 12433 12434 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 12435 12436 sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy, 12437 NL80211_EXT_FEATURE_SAE_OFFLOAD); 12438 owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy, 12439 NL80211_EXT_FEATURE_OWE_OFFLOAD); 12440 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy, 12441 NL80211_EXT_FEATURE_AP_PMKSA_CACHING); 12442 12443 if (info->attrs[NL80211_ATTR_PMKID]) 12444 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 12445 12446 if (info->attrs[NL80211_ATTR_MAC]) { 12447 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 12448 } else if (info->attrs[NL80211_ATTR_SSID]) { 12449 /* SSID based pmksa flush suppported only for FILS, 12450 * OWE/SAE OFFLOAD cases 12451 */ 12452 if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] && 12453 info->attrs[NL80211_ATTR_PMK]) { 12454 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]); 12455 } else if (!sae_offload_support && !owe_offload_support) { 12456 return -EINVAL; 12457 } 12458 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 12459 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 12460 } else { 12461 return -EINVAL; 12462 } 12463 12464 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12465 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 12466 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP || 12467 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) && 12468 ap_pmksa_caching_support)) 12469 return -EOPNOTSUPP; 12470 12471 if (!rdev->ops->del_pmksa) 12472 return -EOPNOTSUPP; 12473 12474 return rdev_del_pmksa(rdev, dev, &pmksa); 12475 } 12476 12477 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 12478 { 12479 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12480 struct net_device *dev = info->user_ptr[1]; 12481 12482 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 12483 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 12484 return -EOPNOTSUPP; 12485 12486 if (!rdev->ops->flush_pmksa) 12487 return -EOPNOTSUPP; 12488 12489 return rdev_flush_pmksa(rdev, dev); 12490 } 12491 12492 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 12493 { 12494 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12495 struct net_device *dev = info->user_ptr[1]; 12496 u8 action_code, dialog_token; 12497 u32 peer_capability = 0; 12498 u16 status_code; 12499 u8 *peer; 12500 int link_id; 12501 bool initiator; 12502 12503 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 12504 !rdev->ops->tdls_mgmt) 12505 return -EOPNOTSUPP; 12506 12507 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 12508 !info->attrs[NL80211_ATTR_STATUS_CODE] || 12509 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 12510 !info->attrs[NL80211_ATTR_IE] || 12511 !info->attrs[NL80211_ATTR_MAC]) 12512 return -EINVAL; 12513 12514 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 12515 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 12516 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 12517 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 12518 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]); 12519 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]) 12520 peer_capability = 12521 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]); 12522 link_id = nl80211_link_id_or_invalid(info->attrs); 12523 12524 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code, 12525 dialog_token, status_code, peer_capability, 12526 initiator, 12527 nla_data(info->attrs[NL80211_ATTR_IE]), 12528 nla_len(info->attrs[NL80211_ATTR_IE])); 12529 } 12530 12531 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 12532 { 12533 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12534 struct net_device *dev = info->user_ptr[1]; 12535 enum nl80211_tdls_operation operation; 12536 u8 *peer; 12537 12538 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 12539 !rdev->ops->tdls_oper) 12540 return -EOPNOTSUPP; 12541 12542 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 12543 !info->attrs[NL80211_ATTR_MAC]) 12544 return -EINVAL; 12545 12546 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 12547 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 12548 12549 return rdev_tdls_oper(rdev, dev, peer, operation); 12550 } 12551 12552 static int nl80211_remain_on_channel(struct sk_buff *skb, 12553 struct genl_info *info) 12554 { 12555 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12556 unsigned int link_id = nl80211_link_id(info->attrs); 12557 struct wireless_dev *wdev = info->user_ptr[1]; 12558 struct cfg80211_chan_def chandef; 12559 struct sk_buff *msg; 12560 void *hdr; 12561 u64 cookie; 12562 u32 duration; 12563 int err; 12564 12565 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 12566 !info->attrs[NL80211_ATTR_DURATION]) 12567 return -EINVAL; 12568 12569 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 12570 12571 if (!rdev->ops->remain_on_channel || 12572 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 12573 return -EOPNOTSUPP; 12574 12575 /* 12576 * We should be on that channel for at least a minimum amount of 12577 * time (10ms) but no longer than the driver supports. 12578 */ 12579 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 12580 duration > rdev->wiphy.max_remain_on_channel_duration) 12581 return -EINVAL; 12582 12583 err = nl80211_parse_chandef(rdev, info, &chandef); 12584 if (err) 12585 return err; 12586 12587 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) { 12588 const struct cfg80211_chan_def *oper_chandef, *compat_chandef; 12589 12590 oper_chandef = wdev_chandef(wdev, link_id); 12591 12592 if (WARN_ON(!oper_chandef)) { 12593 /* cannot happen since we must beacon to get here */ 12594 WARN_ON(1); 12595 return -EBUSY; 12596 } 12597 12598 /* note: returns first one if identical chandefs */ 12599 compat_chandef = cfg80211_chandef_compatible(&chandef, 12600 oper_chandef); 12601 12602 if (compat_chandef != &chandef) 12603 return -EBUSY; 12604 } 12605 12606 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12607 if (!msg) 12608 return -ENOMEM; 12609 12610 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12611 NL80211_CMD_REMAIN_ON_CHANNEL); 12612 if (!hdr) { 12613 err = -ENOBUFS; 12614 goto free_msg; 12615 } 12616 12617 err = rdev_remain_on_channel(rdev, wdev, chandef.chan, 12618 duration, &cookie); 12619 12620 if (err) 12621 goto free_msg; 12622 12623 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 12624 NL80211_ATTR_PAD)) 12625 goto nla_put_failure; 12626 12627 genlmsg_end(msg, hdr); 12628 12629 return genlmsg_reply(msg, info); 12630 12631 nla_put_failure: 12632 err = -ENOBUFS; 12633 free_msg: 12634 nlmsg_free(msg); 12635 return err; 12636 } 12637 12638 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 12639 struct genl_info *info) 12640 { 12641 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12642 struct wireless_dev *wdev = info->user_ptr[1]; 12643 u64 cookie; 12644 12645 if (!info->attrs[NL80211_ATTR_COOKIE]) 12646 return -EINVAL; 12647 12648 if (!rdev->ops->cancel_remain_on_channel) 12649 return -EOPNOTSUPP; 12650 12651 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 12652 12653 return rdev_cancel_remain_on_channel(rdev, wdev, cookie); 12654 } 12655 12656 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 12657 struct genl_info *info) 12658 { 12659 struct cfg80211_bitrate_mask mask; 12660 unsigned int link_id = nl80211_link_id(info->attrs); 12661 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12662 struct net_device *dev = info->user_ptr[1]; 12663 int err; 12664 12665 if (!rdev->ops->set_bitrate_mask) 12666 return -EOPNOTSUPP; 12667 12668 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 12669 NL80211_ATTR_TX_RATES, &mask, 12670 dev, true, link_id); 12671 if (err) 12672 return err; 12673 12674 return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask); 12675 } 12676 12677 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 12678 { 12679 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12680 struct wireless_dev *wdev = info->user_ptr[1]; 12681 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 12682 12683 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 12684 return -EINVAL; 12685 12686 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 12687 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 12688 12689 switch (wdev->iftype) { 12690 case NL80211_IFTYPE_STATION: 12691 case NL80211_IFTYPE_ADHOC: 12692 case NL80211_IFTYPE_P2P_CLIENT: 12693 case NL80211_IFTYPE_AP: 12694 case NL80211_IFTYPE_AP_VLAN: 12695 case NL80211_IFTYPE_MESH_POINT: 12696 case NL80211_IFTYPE_P2P_GO: 12697 case NL80211_IFTYPE_P2P_DEVICE: 12698 break; 12699 case NL80211_IFTYPE_NAN: 12700 if (!wiphy_ext_feature_isset(wdev->wiphy, 12701 NL80211_EXT_FEATURE_SECURE_NAN)) 12702 return -EOPNOTSUPP; 12703 break; 12704 default: 12705 return -EOPNOTSUPP; 12706 } 12707 12708 /* not much point in registering if we can't reply */ 12709 if (!rdev->ops->mgmt_tx) 12710 return -EOPNOTSUPP; 12711 12712 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] && 12713 !wiphy_ext_feature_isset(&rdev->wiphy, 12714 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) { 12715 GENL_SET_ERR_MSG(info, 12716 "multicast RX registrations are not supported"); 12717 return -EOPNOTSUPP; 12718 } 12719 12720 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type, 12721 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 12722 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]), 12723 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST], 12724 info->extack); 12725 } 12726 12727 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 12728 { 12729 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12730 struct wireless_dev *wdev = info->user_ptr[1]; 12731 struct cfg80211_chan_def chandef; 12732 int err; 12733 void *hdr = NULL; 12734 u64 cookie; 12735 struct sk_buff *msg = NULL; 12736 struct cfg80211_mgmt_tx_params params = { 12737 .dont_wait_for_ack = 12738 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK], 12739 }; 12740 12741 if (!info->attrs[NL80211_ATTR_FRAME]) 12742 return -EINVAL; 12743 12744 if (!rdev->ops->mgmt_tx) 12745 return -EOPNOTSUPP; 12746 12747 switch (wdev->iftype) { 12748 case NL80211_IFTYPE_P2P_DEVICE: 12749 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 12750 return -EINVAL; 12751 break; 12752 case NL80211_IFTYPE_STATION: 12753 case NL80211_IFTYPE_ADHOC: 12754 case NL80211_IFTYPE_P2P_CLIENT: 12755 case NL80211_IFTYPE_AP: 12756 case NL80211_IFTYPE_AP_VLAN: 12757 case NL80211_IFTYPE_MESH_POINT: 12758 case NL80211_IFTYPE_P2P_GO: 12759 break; 12760 case NL80211_IFTYPE_NAN: 12761 if (!wiphy_ext_feature_isset(wdev->wiphy, 12762 NL80211_EXT_FEATURE_SECURE_NAN)) 12763 return -EOPNOTSUPP; 12764 break; 12765 default: 12766 return -EOPNOTSUPP; 12767 } 12768 12769 if (info->attrs[NL80211_ATTR_DURATION]) { 12770 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 12771 return -EINVAL; 12772 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 12773 12774 /* 12775 * We should wait on the channel for at least a minimum amount 12776 * of time (10ms) but no longer than the driver supports. 12777 */ 12778 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME || 12779 params.wait > rdev->wiphy.max_remain_on_channel_duration) 12780 return -EINVAL; 12781 } 12782 12783 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 12784 12785 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 12786 return -EINVAL; 12787 12788 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 12789 12790 /* get the channel if any has been specified, otherwise pass NULL to 12791 * the driver. The latter will use the current one 12792 */ 12793 chandef.chan = NULL; 12794 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 12795 err = nl80211_parse_chandef(rdev, info, &chandef); 12796 if (err) 12797 return err; 12798 } 12799 12800 if (!chandef.chan && params.offchan) 12801 return -EINVAL; 12802 12803 if (params.offchan && 12804 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) 12805 return -EBUSY; 12806 12807 params.link_id = nl80211_link_id_or_invalid(info->attrs); 12808 /* 12809 * This now races due to the unlock, but we cannot check 12810 * the valid links for the _station_ anyway, so that's up 12811 * to the driver. 12812 */ 12813 if (params.link_id >= 0 && 12814 !(wdev->valid_links & BIT(params.link_id))) 12815 return -EINVAL; 12816 12817 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 12818 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 12819 12820 err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1, 12821 info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX], 12822 ¶ms.csa_offsets, 12823 ¶ms.n_csa_offsets); 12824 if (err) 12825 return err; 12826 12827 if (!params.dont_wait_for_ack) { 12828 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12829 if (!msg) 12830 return -ENOMEM; 12831 12832 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12833 NL80211_CMD_FRAME); 12834 if (!hdr) { 12835 err = -ENOBUFS; 12836 goto free_msg; 12837 } 12838 } 12839 12840 params.chan = chandef.chan; 12841 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie); 12842 if (err) 12843 goto free_msg; 12844 12845 if (msg) { 12846 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 12847 NL80211_ATTR_PAD)) 12848 goto nla_put_failure; 12849 12850 genlmsg_end(msg, hdr); 12851 return genlmsg_reply(msg, info); 12852 } 12853 12854 return 0; 12855 12856 nla_put_failure: 12857 err = -ENOBUFS; 12858 free_msg: 12859 nlmsg_free(msg); 12860 return err; 12861 } 12862 12863 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 12864 { 12865 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12866 struct wireless_dev *wdev = info->user_ptr[1]; 12867 u64 cookie; 12868 12869 if (!info->attrs[NL80211_ATTR_COOKIE]) 12870 return -EINVAL; 12871 12872 if (!rdev->ops->mgmt_tx_cancel_wait) 12873 return -EOPNOTSUPP; 12874 12875 switch (wdev->iftype) { 12876 case NL80211_IFTYPE_STATION: 12877 case NL80211_IFTYPE_ADHOC: 12878 case NL80211_IFTYPE_P2P_CLIENT: 12879 case NL80211_IFTYPE_AP: 12880 case NL80211_IFTYPE_AP_VLAN: 12881 case NL80211_IFTYPE_P2P_GO: 12882 case NL80211_IFTYPE_P2P_DEVICE: 12883 break; 12884 case NL80211_IFTYPE_NAN: 12885 if (!wiphy_ext_feature_isset(wdev->wiphy, 12886 NL80211_EXT_FEATURE_SECURE_NAN)) 12887 return -EOPNOTSUPP; 12888 break; 12889 default: 12890 return -EOPNOTSUPP; 12891 } 12892 12893 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 12894 12895 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie); 12896 } 12897 12898 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 12899 { 12900 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12901 struct wireless_dev *wdev; 12902 struct net_device *dev = info->user_ptr[1]; 12903 u8 ps_state; 12904 bool state; 12905 int err; 12906 12907 if (!info->attrs[NL80211_ATTR_PS_STATE]) 12908 return -EINVAL; 12909 12910 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 12911 12912 wdev = dev->ieee80211_ptr; 12913 12914 if (!rdev->ops->set_power_mgmt) 12915 return -EOPNOTSUPP; 12916 12917 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 12918 12919 if (state == wdev->ps) 12920 return 0; 12921 12922 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout); 12923 if (!err) 12924 wdev->ps = state; 12925 return err; 12926 } 12927 12928 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 12929 { 12930 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12931 enum nl80211_ps_state ps_state; 12932 struct wireless_dev *wdev; 12933 struct net_device *dev = info->user_ptr[1]; 12934 struct sk_buff *msg; 12935 void *hdr; 12936 int err; 12937 12938 wdev = dev->ieee80211_ptr; 12939 12940 if (!rdev->ops->set_power_mgmt) 12941 return -EOPNOTSUPP; 12942 12943 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 12944 if (!msg) 12945 return -ENOMEM; 12946 12947 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 12948 NL80211_CMD_GET_POWER_SAVE); 12949 if (!hdr) { 12950 err = -ENOBUFS; 12951 goto free_msg; 12952 } 12953 12954 if (wdev->ps) 12955 ps_state = NL80211_PS_ENABLED; 12956 else 12957 ps_state = NL80211_PS_DISABLED; 12958 12959 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 12960 goto nla_put_failure; 12961 12962 genlmsg_end(msg, hdr); 12963 return genlmsg_reply(msg, info); 12964 12965 nla_put_failure: 12966 err = -ENOBUFS; 12967 free_msg: 12968 nlmsg_free(msg); 12969 return err; 12970 } 12971 12972 static const struct nla_policy 12973 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 12974 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY }, 12975 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 12976 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 12977 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 }, 12978 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 }, 12979 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 }, 12980 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 }, 12981 }; 12982 12983 static int nl80211_set_cqm_txe(struct genl_info *info, 12984 u32 rate, u32 pkts, u32 intvl) 12985 { 12986 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 12987 struct net_device *dev = info->user_ptr[1]; 12988 struct wireless_dev *wdev = dev->ieee80211_ptr; 12989 12990 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL) 12991 return -EINVAL; 12992 12993 if (!rdev->ops->set_cqm_txe_config) 12994 return -EOPNOTSUPP; 12995 12996 if (wdev->iftype != NL80211_IFTYPE_STATION && 12997 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 12998 return -EOPNOTSUPP; 12999 13000 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl); 13001 } 13002 13003 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev, 13004 struct net_device *dev, 13005 struct cfg80211_cqm_config *cqm_config) 13006 { 13007 struct wireless_dev *wdev = dev->ieee80211_ptr; 13008 s32 last, low, high; 13009 u32 hyst; 13010 int i, n, low_index; 13011 int err; 13012 13013 /* 13014 * Obtain current RSSI value if possible, if not and no RSSI threshold 13015 * event has been received yet, we should receive an event after a 13016 * connection is established and enough beacons received to calculate 13017 * the average. 13018 */ 13019 if (!cqm_config->last_rssi_event_value && 13020 wdev->links[0].client.current_bss && 13021 rdev->ops->get_station) { 13022 struct station_info sinfo = {}; 13023 u8 *mac_addr; 13024 13025 mac_addr = wdev->links[0].client.current_bss->pub.bssid; 13026 13027 err = rdev_get_station(rdev, dev, mac_addr, &sinfo); 13028 if (err) 13029 return err; 13030 13031 cfg80211_sinfo_release_content(&sinfo); 13032 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG)) 13033 cqm_config->last_rssi_event_value = 13034 (s8) sinfo.rx_beacon_signal_avg; 13035 } 13036 13037 last = cqm_config->last_rssi_event_value; 13038 hyst = cqm_config->rssi_hyst; 13039 n = cqm_config->n_rssi_thresholds; 13040 13041 for (i = 0; i < n; i++) { 13042 i = array_index_nospec(i, n); 13043 if (last < cqm_config->rssi_thresholds[i]) 13044 break; 13045 } 13046 13047 low_index = i - 1; 13048 if (low_index >= 0) { 13049 low_index = array_index_nospec(low_index, n); 13050 low = cqm_config->rssi_thresholds[low_index] - hyst; 13051 } else { 13052 low = S32_MIN; 13053 } 13054 if (i < n) { 13055 i = array_index_nospec(i, n); 13056 high = cqm_config->rssi_thresholds[i] + hyst - 1; 13057 } else { 13058 high = S32_MAX; 13059 } 13060 13061 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high); 13062 } 13063 13064 static int nl80211_set_cqm_rssi(struct genl_info *info, 13065 const s32 *thresholds, int n_thresholds, 13066 u32 hysteresis) 13067 { 13068 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13069 struct cfg80211_cqm_config *cqm_config = NULL, *old; 13070 struct net_device *dev = info->user_ptr[1]; 13071 struct wireless_dev *wdev = dev->ieee80211_ptr; 13072 s32 prev = S32_MIN; 13073 int i, err; 13074 13075 /* Check all values negative and sorted */ 13076 for (i = 0; i < n_thresholds; i++) { 13077 if (thresholds[i] > 0 || thresholds[i] <= prev) 13078 return -EINVAL; 13079 13080 prev = thresholds[i]; 13081 } 13082 13083 if (wdev->iftype != NL80211_IFTYPE_STATION && 13084 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 13085 return -EOPNOTSUPP; 13086 13087 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */ 13088 n_thresholds = 0; 13089 13090 old = wiphy_dereference(wdev->wiphy, wdev->cqm_config); 13091 13092 /* if already disabled just succeed */ 13093 if (!n_thresholds && !old) 13094 return 0; 13095 13096 if (n_thresholds > 1) { 13097 if (!wiphy_ext_feature_isset(&rdev->wiphy, 13098 NL80211_EXT_FEATURE_CQM_RSSI_LIST) || 13099 !rdev->ops->set_cqm_rssi_range_config) 13100 return -EOPNOTSUPP; 13101 } else { 13102 if (!rdev->ops->set_cqm_rssi_config) 13103 return -EOPNOTSUPP; 13104 } 13105 13106 if (n_thresholds) { 13107 cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds, 13108 n_thresholds), 13109 GFP_KERNEL); 13110 if (!cqm_config) 13111 return -ENOMEM; 13112 13113 cqm_config->rssi_hyst = hysteresis; 13114 cqm_config->n_rssi_thresholds = n_thresholds; 13115 memcpy(cqm_config->rssi_thresholds, thresholds, 13116 flex_array_size(cqm_config, rssi_thresholds, 13117 n_thresholds)); 13118 cqm_config->use_range_api = n_thresholds > 1 || 13119 !rdev->ops->set_cqm_rssi_config; 13120 13121 rcu_assign_pointer(wdev->cqm_config, cqm_config); 13122 13123 if (cqm_config->use_range_api) 13124 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config); 13125 else 13126 err = rdev_set_cqm_rssi_config(rdev, dev, 13127 thresholds[0], 13128 hysteresis); 13129 } else { 13130 RCU_INIT_POINTER(wdev->cqm_config, NULL); 13131 /* if enabled as range also disable via range */ 13132 if (old->use_range_api) 13133 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0); 13134 else 13135 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0); 13136 } 13137 13138 if (err) { 13139 rcu_assign_pointer(wdev->cqm_config, old); 13140 kfree_rcu(cqm_config, rcu_head); 13141 } else { 13142 kfree_rcu(old, rcu_head); 13143 } 13144 13145 return err; 13146 } 13147 13148 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 13149 { 13150 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 13151 struct nlattr *cqm; 13152 int err; 13153 13154 cqm = info->attrs[NL80211_ATTR_CQM]; 13155 if (!cqm) 13156 return -EINVAL; 13157 13158 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm, 13159 nl80211_attr_cqm_policy, 13160 info->extack); 13161 if (err) 13162 return err; 13163 13164 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 13165 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 13166 const s32 *thresholds = 13167 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 13168 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 13169 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 13170 13171 if (len % 4) 13172 return -EINVAL; 13173 13174 return nl80211_set_cqm_rssi(info, thresholds, len / 4, 13175 hysteresis); 13176 } 13177 13178 if (attrs[NL80211_ATTR_CQM_TXE_RATE] && 13179 attrs[NL80211_ATTR_CQM_TXE_PKTS] && 13180 attrs[NL80211_ATTR_CQM_TXE_INTVL]) { 13181 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]); 13182 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]); 13183 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]); 13184 13185 return nl80211_set_cqm_txe(info, rate, pkts, intvl); 13186 } 13187 13188 return -EINVAL; 13189 } 13190 13191 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info) 13192 { 13193 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13194 struct net_device *dev = info->user_ptr[1]; 13195 struct ocb_setup setup = {}; 13196 int err; 13197 13198 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 13199 if (err) 13200 return err; 13201 13202 return cfg80211_join_ocb(rdev, dev, &setup); 13203 } 13204 13205 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info) 13206 { 13207 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13208 struct net_device *dev = info->user_ptr[1]; 13209 13210 return cfg80211_leave_ocb(rdev, dev); 13211 } 13212 13213 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 13214 { 13215 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13216 struct net_device *dev = info->user_ptr[1]; 13217 struct mesh_config cfg; 13218 struct mesh_setup setup; 13219 int err; 13220 13221 /* start with default */ 13222 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 13223 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 13224 13225 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 13226 /* and parse parameters if given */ 13227 err = nl80211_parse_mesh_config(info, &cfg, NULL); 13228 if (err) 13229 return err; 13230 } 13231 13232 if (!info->attrs[NL80211_ATTR_MESH_ID] || 13233 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 13234 return -EINVAL; 13235 13236 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 13237 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 13238 13239 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 13240 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 13241 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 13242 return -EINVAL; 13243 13244 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 13245 setup.beacon_interval = 13246 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 13247 13248 err = cfg80211_validate_beacon_int(rdev, 13249 NL80211_IFTYPE_MESH_POINT, 13250 setup.beacon_interval); 13251 if (err) 13252 return err; 13253 } 13254 13255 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 13256 setup.dtim_period = 13257 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 13258 if (setup.dtim_period < 1 || setup.dtim_period > 100) 13259 return -EINVAL; 13260 } 13261 13262 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 13263 /* parse additional setup parameters if given */ 13264 err = nl80211_parse_mesh_setup(info, &setup); 13265 if (err) 13266 return err; 13267 } 13268 13269 if (setup.user_mpm) 13270 cfg.auto_open_plinks = false; 13271 13272 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 13273 err = nl80211_parse_chandef(rdev, info, &setup.chandef); 13274 if (err) 13275 return err; 13276 } else { 13277 /* __cfg80211_join_mesh() will sort it out */ 13278 setup.chandef.chan = NULL; 13279 } 13280 13281 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 13282 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 13283 int n_rates = 13284 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 13285 struct ieee80211_supported_band *sband; 13286 13287 if (!setup.chandef.chan) 13288 return -EINVAL; 13289 13290 sband = rdev->wiphy.bands[setup.chandef.chan->band]; 13291 13292 err = ieee80211_get_ratemask(sband, rates, n_rates, 13293 &setup.basic_rates); 13294 if (err) 13295 return err; 13296 } 13297 13298 if (info->attrs[NL80211_ATTR_TX_RATES]) { 13299 err = nl80211_parse_tx_bitrate_mask(info, info->attrs, 13300 NL80211_ATTR_TX_RATES, 13301 &setup.beacon_rate, 13302 dev, false, 0); 13303 if (err) 13304 return err; 13305 13306 if (!setup.chandef.chan) 13307 return -EINVAL; 13308 13309 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band, 13310 &setup.beacon_rate); 13311 if (err) 13312 return err; 13313 } 13314 13315 setup.userspace_handles_dfs = 13316 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]); 13317 13318 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) { 13319 int r = validate_pae_over_nl80211(rdev, info); 13320 13321 if (r < 0) 13322 return r; 13323 13324 setup.control_port_over_nl80211 = true; 13325 } 13326 13327 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg); 13328 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) 13329 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid; 13330 13331 return err; 13332 } 13333 13334 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 13335 { 13336 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13337 struct net_device *dev = info->user_ptr[1]; 13338 13339 return cfg80211_leave_mesh(rdev, dev); 13340 } 13341 13342 #ifdef CONFIG_PM 13343 static int nl80211_send_wowlan_patterns(struct sk_buff *msg, 13344 struct cfg80211_registered_device *rdev) 13345 { 13346 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config; 13347 struct nlattr *nl_pats, *nl_pat; 13348 int i, pat_len; 13349 13350 if (!wowlan->n_patterns) 13351 return 0; 13352 13353 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN); 13354 if (!nl_pats) 13355 return -ENOBUFS; 13356 13357 for (i = 0; i < wowlan->n_patterns; i++) { 13358 nl_pat = nla_nest_start_noflag(msg, i + 1); 13359 if (!nl_pat) 13360 return -ENOBUFS; 13361 pat_len = wowlan->patterns[i].pattern_len; 13362 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8), 13363 wowlan->patterns[i].mask) || 13364 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 13365 wowlan->patterns[i].pattern) || 13366 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 13367 wowlan->patterns[i].pkt_offset)) 13368 return -ENOBUFS; 13369 nla_nest_end(msg, nl_pat); 13370 } 13371 nla_nest_end(msg, nl_pats); 13372 13373 return 0; 13374 } 13375 13376 static int nl80211_send_wowlan_tcp(struct sk_buff *msg, 13377 struct cfg80211_wowlan_tcp *tcp) 13378 { 13379 struct nlattr *nl_tcp; 13380 13381 if (!tcp) 13382 return 0; 13383 13384 nl_tcp = nla_nest_start_noflag(msg, 13385 NL80211_WOWLAN_TRIG_TCP_CONNECTION); 13386 if (!nl_tcp) 13387 return -ENOBUFS; 13388 13389 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) || 13390 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) || 13391 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) || 13392 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) || 13393 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) || 13394 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD, 13395 tcp->payload_len, tcp->payload) || 13396 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL, 13397 tcp->data_interval) || 13398 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD, 13399 tcp->wake_len, tcp->wake_data) || 13400 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK, 13401 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask)) 13402 return -ENOBUFS; 13403 13404 if (tcp->payload_seq.len && 13405 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ, 13406 sizeof(tcp->payload_seq), &tcp->payload_seq)) 13407 return -ENOBUFS; 13408 13409 if (tcp->payload_tok.len && 13410 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN, 13411 sizeof(tcp->payload_tok) + tcp->tokens_size, 13412 &tcp->payload_tok)) 13413 return -ENOBUFS; 13414 13415 nla_nest_end(msg, nl_tcp); 13416 13417 return 0; 13418 } 13419 13420 static int nl80211_send_wowlan_nd(struct sk_buff *msg, 13421 struct cfg80211_sched_scan_request *req) 13422 { 13423 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan; 13424 int i; 13425 13426 if (!req) 13427 return 0; 13428 13429 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT); 13430 if (!nd) 13431 return -ENOBUFS; 13432 13433 if (req->n_scan_plans == 1 && 13434 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, 13435 req->scan_plans[0].interval * 1000)) 13436 return -ENOBUFS; 13437 13438 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay)) 13439 return -ENOBUFS; 13440 13441 if (req->relative_rssi_set) { 13442 struct nl80211_bss_select_rssi_adjust rssi_adjust; 13443 13444 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI, 13445 req->relative_rssi)) 13446 return -ENOBUFS; 13447 13448 rssi_adjust.band = req->rssi_adjust.band; 13449 rssi_adjust.delta = req->rssi_adjust.delta; 13450 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST, 13451 sizeof(rssi_adjust), &rssi_adjust)) 13452 return -ENOBUFS; 13453 } 13454 13455 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES); 13456 if (!freqs) 13457 return -ENOBUFS; 13458 13459 for (i = 0; i < req->n_channels; i++) { 13460 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 13461 return -ENOBUFS; 13462 } 13463 13464 nla_nest_end(msg, freqs); 13465 13466 if (req->n_match_sets) { 13467 matches = nla_nest_start_noflag(msg, 13468 NL80211_ATTR_SCHED_SCAN_MATCH); 13469 if (!matches) 13470 return -ENOBUFS; 13471 13472 for (i = 0; i < req->n_match_sets; i++) { 13473 match = nla_nest_start_noflag(msg, i); 13474 if (!match) 13475 return -ENOBUFS; 13476 13477 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID, 13478 req->match_sets[i].ssid.ssid_len, 13479 req->match_sets[i].ssid.ssid)) 13480 return -ENOBUFS; 13481 nla_nest_end(msg, match); 13482 } 13483 nla_nest_end(msg, matches); 13484 } 13485 13486 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS); 13487 if (!scan_plans) 13488 return -ENOBUFS; 13489 13490 for (i = 0; i < req->n_scan_plans; i++) { 13491 scan_plan = nla_nest_start_noflag(msg, i + 1); 13492 if (!scan_plan) 13493 return -ENOBUFS; 13494 13495 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL, 13496 req->scan_plans[i].interval) || 13497 (req->scan_plans[i].iterations && 13498 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS, 13499 req->scan_plans[i].iterations))) 13500 return -ENOBUFS; 13501 nla_nest_end(msg, scan_plan); 13502 } 13503 nla_nest_end(msg, scan_plans); 13504 13505 nla_nest_end(msg, nd); 13506 13507 return 0; 13508 } 13509 13510 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 13511 { 13512 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13513 struct sk_buff *msg; 13514 void *hdr; 13515 u32 size = NLMSG_DEFAULT_SIZE; 13516 13517 if (!rdev->wiphy.wowlan) 13518 return -EOPNOTSUPP; 13519 13520 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) { 13521 /* adjust size to have room for all the data */ 13522 size += rdev->wiphy.wowlan_config->tcp->tokens_size + 13523 rdev->wiphy.wowlan_config->tcp->payload_len + 13524 rdev->wiphy.wowlan_config->tcp->wake_len + 13525 rdev->wiphy.wowlan_config->tcp->wake_len / 8; 13526 } 13527 13528 msg = nlmsg_new(size, GFP_KERNEL); 13529 if (!msg) 13530 return -ENOMEM; 13531 13532 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 13533 NL80211_CMD_GET_WOWLAN); 13534 if (!hdr) 13535 goto nla_put_failure; 13536 13537 if (rdev->wiphy.wowlan_config) { 13538 struct nlattr *nl_wowlan; 13539 13540 nl_wowlan = nla_nest_start_noflag(msg, 13541 NL80211_ATTR_WOWLAN_TRIGGERS); 13542 if (!nl_wowlan) 13543 goto nla_put_failure; 13544 13545 if ((rdev->wiphy.wowlan_config->any && 13546 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 13547 (rdev->wiphy.wowlan_config->disconnect && 13548 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 13549 (rdev->wiphy.wowlan_config->magic_pkt && 13550 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 13551 (rdev->wiphy.wowlan_config->gtk_rekey_failure && 13552 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 13553 (rdev->wiphy.wowlan_config->eap_identity_req && 13554 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 13555 (rdev->wiphy.wowlan_config->four_way_handshake && 13556 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 13557 (rdev->wiphy.wowlan_config->rfkill_release && 13558 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 13559 goto nla_put_failure; 13560 13561 if (nl80211_send_wowlan_patterns(msg, rdev)) 13562 goto nla_put_failure; 13563 13564 if (nl80211_send_wowlan_tcp(msg, 13565 rdev->wiphy.wowlan_config->tcp)) 13566 goto nla_put_failure; 13567 13568 if (nl80211_send_wowlan_nd( 13569 msg, 13570 rdev->wiphy.wowlan_config->nd_config)) 13571 goto nla_put_failure; 13572 13573 nla_nest_end(msg, nl_wowlan); 13574 } 13575 13576 genlmsg_end(msg, hdr); 13577 return genlmsg_reply(msg, info); 13578 13579 nla_put_failure: 13580 nlmsg_free(msg); 13581 return -ENOBUFS; 13582 } 13583 13584 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev, 13585 struct nlattr *attr, 13586 struct cfg80211_wowlan *trig) 13587 { 13588 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP]; 13589 struct cfg80211_wowlan_tcp *cfg; 13590 struct nl80211_wowlan_tcp_data_token *tok = NULL; 13591 struct nl80211_wowlan_tcp_data_seq *seq = NULL; 13592 u32 size; 13593 u32 data_size, wake_size, tokens_size = 0, wake_mask_size; 13594 int err, port; 13595 13596 if (!rdev->wiphy.wowlan->tcp) 13597 return -EINVAL; 13598 13599 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr, 13600 nl80211_wowlan_tcp_policy, NULL); 13601 if (err) 13602 return err; 13603 13604 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] || 13605 !tb[NL80211_WOWLAN_TCP_DST_IPV4] || 13606 !tb[NL80211_WOWLAN_TCP_DST_MAC] || 13607 !tb[NL80211_WOWLAN_TCP_DST_PORT] || 13608 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] || 13609 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] || 13610 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] || 13611 !tb[NL80211_WOWLAN_TCP_WAKE_MASK]) 13612 return -EINVAL; 13613 13614 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]); 13615 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max) 13616 return -EINVAL; 13617 13618 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) > 13619 rdev->wiphy.wowlan->tcp->data_interval_max || 13620 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0) 13621 return -EINVAL; 13622 13623 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]); 13624 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max) 13625 return -EINVAL; 13626 13627 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]); 13628 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8)) 13629 return -EINVAL; 13630 13631 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) { 13632 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 13633 13634 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]); 13635 tokens_size = tokln - sizeof(*tok); 13636 13637 if (!tok->len || tokens_size % tok->len) 13638 return -EINVAL; 13639 if (!rdev->wiphy.wowlan->tcp->tok) 13640 return -EINVAL; 13641 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len) 13642 return -EINVAL; 13643 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len) 13644 return -EINVAL; 13645 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize) 13646 return -EINVAL; 13647 if (tok->offset + tok->len > data_size) 13648 return -EINVAL; 13649 } 13650 13651 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) { 13652 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]); 13653 if (!rdev->wiphy.wowlan->tcp->seq) 13654 return -EINVAL; 13655 if (seq->len == 0 || seq->len > 4) 13656 return -EINVAL; 13657 if (seq->len + seq->offset > data_size) 13658 return -EINVAL; 13659 } 13660 13661 size = sizeof(*cfg); 13662 size += data_size; 13663 size += wake_size + wake_mask_size; 13664 size += tokens_size; 13665 13666 cfg = kzalloc(size, GFP_KERNEL); 13667 if (!cfg) 13668 return -ENOMEM; 13669 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]); 13670 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]); 13671 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]), 13672 ETH_ALEN); 13673 if (tb[NL80211_WOWLAN_TCP_SRC_PORT]) 13674 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]); 13675 else 13676 port = 0; 13677 #ifdef CONFIG_INET 13678 /* allocate a socket and port for it and use it */ 13679 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM, 13680 IPPROTO_TCP, &cfg->sock, 1); 13681 if (err) { 13682 kfree(cfg); 13683 return err; 13684 } 13685 if (inet_csk_get_port(cfg->sock->sk, port)) { 13686 sock_release(cfg->sock); 13687 kfree(cfg); 13688 return -EADDRINUSE; 13689 } 13690 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num; 13691 #else 13692 if (!port) { 13693 kfree(cfg); 13694 return -EINVAL; 13695 } 13696 cfg->src_port = port; 13697 #endif 13698 13699 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]); 13700 cfg->payload_len = data_size; 13701 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size; 13702 memcpy((void *)cfg->payload, 13703 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]), 13704 data_size); 13705 if (seq) 13706 cfg->payload_seq = *seq; 13707 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]); 13708 cfg->wake_len = wake_size; 13709 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size; 13710 memcpy((void *)cfg->wake_data, 13711 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]), 13712 wake_size); 13713 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size + 13714 data_size + wake_size; 13715 memcpy((void *)cfg->wake_mask, 13716 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]), 13717 wake_mask_size); 13718 if (tok) { 13719 cfg->tokens_size = tokens_size; 13720 cfg->payload_tok = *tok; 13721 memcpy(cfg->payload_tok.token_stream, tok->token_stream, 13722 tokens_size); 13723 } 13724 13725 trig->tcp = cfg; 13726 13727 return 0; 13728 } 13729 13730 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev, 13731 const struct wiphy_wowlan_support *wowlan, 13732 struct nlattr *attr, 13733 struct cfg80211_wowlan *trig) 13734 { 13735 struct nlattr **tb; 13736 int err; 13737 13738 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL); 13739 if (!tb) 13740 return -ENOMEM; 13741 13742 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) { 13743 err = -EOPNOTSUPP; 13744 goto out; 13745 } 13746 13747 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr, 13748 nl80211_policy, NULL); 13749 if (err) 13750 goto out; 13751 13752 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb, 13753 wowlan->max_nd_match_sets); 13754 err = PTR_ERR_OR_ZERO(trig->nd_config); 13755 if (err) 13756 trig->nd_config = NULL; 13757 13758 out: 13759 kfree(tb); 13760 return err; 13761 } 13762 13763 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 13764 { 13765 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 13766 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 13767 struct cfg80211_wowlan new_triggers = {}; 13768 struct cfg80211_wowlan *ntrig; 13769 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan; 13770 int err, i; 13771 bool prev_enabled = rdev->wiphy.wowlan_config; 13772 bool regular = false; 13773 13774 if (!wowlan) 13775 return -EOPNOTSUPP; 13776 13777 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) { 13778 cfg80211_rdev_free_wowlan(rdev); 13779 rdev->wiphy.wowlan_config = NULL; 13780 goto set_wakeup; 13781 } 13782 13783 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG, 13784 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS], 13785 nl80211_wowlan_policy, info->extack); 13786 if (err) 13787 return err; 13788 13789 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 13790 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 13791 return -EINVAL; 13792 new_triggers.any = true; 13793 } 13794 13795 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 13796 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 13797 return -EINVAL; 13798 new_triggers.disconnect = true; 13799 regular = true; 13800 } 13801 13802 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 13803 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 13804 return -EINVAL; 13805 new_triggers.magic_pkt = true; 13806 regular = true; 13807 } 13808 13809 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 13810 return -EINVAL; 13811 13812 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 13813 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 13814 return -EINVAL; 13815 new_triggers.gtk_rekey_failure = true; 13816 regular = true; 13817 } 13818 13819 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 13820 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 13821 return -EINVAL; 13822 new_triggers.eap_identity_req = true; 13823 regular = true; 13824 } 13825 13826 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 13827 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 13828 return -EINVAL; 13829 new_triggers.four_way_handshake = true; 13830 regular = true; 13831 } 13832 13833 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 13834 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 13835 return -EINVAL; 13836 new_triggers.rfkill_release = true; 13837 regular = true; 13838 } 13839 13840 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 13841 struct nlattr *pat; 13842 int n_patterns = 0; 13843 int rem, pat_len, mask_len, pkt_offset; 13844 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 13845 13846 regular = true; 13847 13848 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 13849 rem) 13850 n_patterns++; 13851 if (n_patterns > wowlan->n_patterns) 13852 return -EINVAL; 13853 13854 new_triggers.patterns = kcalloc(n_patterns, 13855 sizeof(new_triggers.patterns[0]), 13856 GFP_KERNEL); 13857 if (!new_triggers.patterns) 13858 return -ENOMEM; 13859 13860 new_triggers.n_patterns = n_patterns; 13861 i = 0; 13862 13863 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 13864 rem) { 13865 u8 *mask_pat; 13866 13867 err = nla_parse_nested_deprecated(pat_tb, 13868 MAX_NL80211_PKTPAT, 13869 pat, 13870 nl80211_packet_pattern_policy, 13871 info->extack); 13872 if (err) 13873 goto error; 13874 13875 err = -EINVAL; 13876 if (!pat_tb[NL80211_PKTPAT_MASK] || 13877 !pat_tb[NL80211_PKTPAT_PATTERN]) 13878 goto error; 13879 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 13880 mask_len = DIV_ROUND_UP(pat_len, 8); 13881 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 13882 goto error; 13883 if (pat_len > wowlan->pattern_max_len || 13884 pat_len < wowlan->pattern_min_len) 13885 goto error; 13886 13887 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 13888 pkt_offset = 0; 13889 else 13890 pkt_offset = nla_get_u32( 13891 pat_tb[NL80211_PKTPAT_OFFSET]); 13892 if (pkt_offset > wowlan->max_pkt_offset) 13893 goto error; 13894 new_triggers.patterns[i].pkt_offset = pkt_offset; 13895 13896 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 13897 if (!mask_pat) { 13898 err = -ENOMEM; 13899 goto error; 13900 } 13901 new_triggers.patterns[i].mask = mask_pat; 13902 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 13903 mask_len); 13904 mask_pat += mask_len; 13905 new_triggers.patterns[i].pattern = mask_pat; 13906 new_triggers.patterns[i].pattern_len = pat_len; 13907 memcpy(mask_pat, 13908 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 13909 pat_len); 13910 i++; 13911 } 13912 } 13913 13914 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) { 13915 regular = true; 13916 err = nl80211_parse_wowlan_tcp( 13917 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION], 13918 &new_triggers); 13919 if (err) 13920 goto error; 13921 } 13922 13923 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) { 13924 regular = true; 13925 err = nl80211_parse_wowlan_nd( 13926 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT], 13927 &new_triggers); 13928 if (err) 13929 goto error; 13930 } 13931 13932 /* The 'any' trigger means the device continues operating more or less 13933 * as in its normal operation mode and wakes up the host on most of the 13934 * normal interrupts (like packet RX, ...) 13935 * It therefore makes little sense to combine with the more constrained 13936 * wakeup trigger modes. 13937 */ 13938 if (new_triggers.any && regular) { 13939 err = -EINVAL; 13940 goto error; 13941 } 13942 13943 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL); 13944 if (!ntrig) { 13945 err = -ENOMEM; 13946 goto error; 13947 } 13948 cfg80211_rdev_free_wowlan(rdev); 13949 rdev->wiphy.wowlan_config = ntrig; 13950 13951 set_wakeup: 13952 if (rdev->ops->set_wakeup && 13953 prev_enabled != !!rdev->wiphy.wowlan_config) 13954 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config); 13955 13956 return 0; 13957 error: 13958 for (i = 0; i < new_triggers.n_patterns; i++) 13959 kfree(new_triggers.patterns[i].mask); 13960 kfree(new_triggers.patterns); 13961 if (new_triggers.tcp && new_triggers.tcp->sock) 13962 sock_release(new_triggers.tcp->sock); 13963 kfree(new_triggers.tcp); 13964 kfree(new_triggers.nd_config); 13965 return err; 13966 } 13967 #endif 13968 13969 static int nl80211_send_coalesce_rules(struct sk_buff *msg, 13970 struct cfg80211_registered_device *rdev) 13971 { 13972 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules; 13973 int i, j, pat_len; 13974 struct cfg80211_coalesce_rules *rule; 13975 13976 if (!rdev->coalesce->n_rules) 13977 return 0; 13978 13979 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE); 13980 if (!nl_rules) 13981 return -ENOBUFS; 13982 13983 for (i = 0; i < rdev->coalesce->n_rules; i++) { 13984 nl_rule = nla_nest_start_noflag(msg, i + 1); 13985 if (!nl_rule) 13986 return -ENOBUFS; 13987 13988 rule = &rdev->coalesce->rules[i]; 13989 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY, 13990 rule->delay)) 13991 return -ENOBUFS; 13992 13993 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION, 13994 rule->condition)) 13995 return -ENOBUFS; 13996 13997 nl_pats = nla_nest_start_noflag(msg, 13998 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN); 13999 if (!nl_pats) 14000 return -ENOBUFS; 14001 14002 for (j = 0; j < rule->n_patterns; j++) { 14003 nl_pat = nla_nest_start_noflag(msg, j + 1); 14004 if (!nl_pat) 14005 return -ENOBUFS; 14006 pat_len = rule->patterns[j].pattern_len; 14007 if (nla_put(msg, NL80211_PKTPAT_MASK, 14008 DIV_ROUND_UP(pat_len, 8), 14009 rule->patterns[j].mask) || 14010 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len, 14011 rule->patterns[j].pattern) || 14012 nla_put_u32(msg, NL80211_PKTPAT_OFFSET, 14013 rule->patterns[j].pkt_offset)) 14014 return -ENOBUFS; 14015 nla_nest_end(msg, nl_pat); 14016 } 14017 nla_nest_end(msg, nl_pats); 14018 nla_nest_end(msg, nl_rule); 14019 } 14020 nla_nest_end(msg, nl_rules); 14021 14022 return 0; 14023 } 14024 14025 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info) 14026 { 14027 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14028 struct sk_buff *msg; 14029 void *hdr; 14030 14031 if (!rdev->wiphy.coalesce) 14032 return -EOPNOTSUPP; 14033 14034 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14035 if (!msg) 14036 return -ENOMEM; 14037 14038 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14039 NL80211_CMD_GET_COALESCE); 14040 if (!hdr) 14041 goto nla_put_failure; 14042 14043 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev)) 14044 goto nla_put_failure; 14045 14046 genlmsg_end(msg, hdr); 14047 return genlmsg_reply(msg, info); 14048 14049 nla_put_failure: 14050 nlmsg_free(msg); 14051 return -ENOBUFS; 14052 } 14053 14054 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce) 14055 { 14056 int i, j; 14057 struct cfg80211_coalesce_rules *rule; 14058 14059 if (!coalesce) 14060 return; 14061 14062 for (i = 0; i < coalesce->n_rules; i++) { 14063 rule = &coalesce->rules[i]; 14064 if (!rule) 14065 continue; 14066 for (j = 0; j < rule->n_patterns; j++) 14067 kfree(rule->patterns[j].mask); 14068 kfree(rule->patterns); 14069 } 14070 kfree(coalesce); 14071 } 14072 14073 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev, 14074 struct nlattr *rule, 14075 struct cfg80211_coalesce_rules *new_rule) 14076 { 14077 int err, i; 14078 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 14079 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat; 14080 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0; 14081 struct nlattr *pat_tb[NUM_NL80211_PKTPAT]; 14082 14083 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX, 14084 rule, nl80211_coalesce_policy, NULL); 14085 if (err) 14086 return err; 14087 14088 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY]) 14089 new_rule->delay = 14090 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]); 14091 if (new_rule->delay > coalesce->max_delay) 14092 return -EINVAL; 14093 14094 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION]) 14095 new_rule->condition = 14096 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]); 14097 14098 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN]) 14099 return -EINVAL; 14100 14101 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 14102 rem) 14103 n_patterns++; 14104 if (n_patterns > coalesce->n_patterns) 14105 return -EINVAL; 14106 14107 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]), 14108 GFP_KERNEL); 14109 if (!new_rule->patterns) 14110 return -ENOMEM; 14111 14112 new_rule->n_patterns = n_patterns; 14113 i = 0; 14114 14115 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN], 14116 rem) { 14117 u8 *mask_pat; 14118 14119 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT, 14120 pat, 14121 nl80211_packet_pattern_policy, 14122 NULL); 14123 if (err) 14124 return err; 14125 14126 if (!pat_tb[NL80211_PKTPAT_MASK] || 14127 !pat_tb[NL80211_PKTPAT_PATTERN]) 14128 return -EINVAL; 14129 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]); 14130 mask_len = DIV_ROUND_UP(pat_len, 8); 14131 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len) 14132 return -EINVAL; 14133 if (pat_len > coalesce->pattern_max_len || 14134 pat_len < coalesce->pattern_min_len) 14135 return -EINVAL; 14136 14137 if (!pat_tb[NL80211_PKTPAT_OFFSET]) 14138 pkt_offset = 0; 14139 else 14140 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]); 14141 if (pkt_offset > coalesce->max_pkt_offset) 14142 return -EINVAL; 14143 new_rule->patterns[i].pkt_offset = pkt_offset; 14144 14145 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL); 14146 if (!mask_pat) 14147 return -ENOMEM; 14148 14149 new_rule->patterns[i].mask = mask_pat; 14150 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]), 14151 mask_len); 14152 14153 mask_pat += mask_len; 14154 new_rule->patterns[i].pattern = mask_pat; 14155 new_rule->patterns[i].pattern_len = pat_len; 14156 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), 14157 pat_len); 14158 i++; 14159 } 14160 14161 return 0; 14162 } 14163 14164 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info) 14165 { 14166 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14167 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce; 14168 struct cfg80211_coalesce *new_coalesce; 14169 int err, rem_rule, n_rules = 0, i; 14170 struct nlattr *rule; 14171 14172 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce) 14173 return -EOPNOTSUPP; 14174 14175 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) { 14176 cfg80211_free_coalesce(rdev->coalesce); 14177 rdev->coalesce = NULL; 14178 rdev_set_coalesce(rdev, NULL); 14179 return 0; 14180 } 14181 14182 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 14183 rem_rule) 14184 n_rules++; 14185 if (n_rules > coalesce->n_rules) 14186 return -EINVAL; 14187 14188 new_coalesce = kzalloc(struct_size(new_coalesce, rules, n_rules), 14189 GFP_KERNEL); 14190 if (!new_coalesce) 14191 return -ENOMEM; 14192 14193 new_coalesce->n_rules = n_rules; 14194 i = 0; 14195 14196 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE], 14197 rem_rule) { 14198 err = nl80211_parse_coalesce_rule(rdev, rule, 14199 &new_coalesce->rules[i]); 14200 if (err) 14201 goto error; 14202 14203 i++; 14204 } 14205 14206 err = rdev_set_coalesce(rdev, new_coalesce); 14207 if (err) 14208 goto error; 14209 14210 cfg80211_free_coalesce(rdev->coalesce); 14211 rdev->coalesce = new_coalesce; 14212 14213 return 0; 14214 error: 14215 cfg80211_free_coalesce(new_coalesce); 14216 14217 return err; 14218 } 14219 14220 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 14221 { 14222 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14223 struct net_device *dev = info->user_ptr[1]; 14224 struct wireless_dev *wdev = dev->ieee80211_ptr; 14225 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 14226 struct cfg80211_gtk_rekey_data rekey_data = {}; 14227 int err; 14228 14229 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 14230 return -EINVAL; 14231 14232 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA, 14233 info->attrs[NL80211_ATTR_REKEY_DATA], 14234 nl80211_rekey_policy, info->extack); 14235 if (err) 14236 return err; 14237 14238 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] || 14239 !tb[NL80211_REKEY_DATA_KCK]) 14240 return -EINVAL; 14241 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN && 14242 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK && 14243 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN)) 14244 return -ERANGE; 14245 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN && 14246 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK && 14247 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) && 14248 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 && 14249 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32)) 14250 return -ERANGE; 14251 14252 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]); 14253 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]); 14254 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]); 14255 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]); 14256 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]); 14257 if (tb[NL80211_REKEY_DATA_AKM]) 14258 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]); 14259 14260 if (!wdev->connected) 14261 return -ENOTCONN; 14262 14263 if (!rdev->ops->set_rekey_data) 14264 return -EOPNOTSUPP; 14265 14266 return rdev_set_rekey_data(rdev, dev, &rekey_data); 14267 } 14268 14269 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 14270 struct genl_info *info) 14271 { 14272 struct net_device *dev = info->user_ptr[1]; 14273 struct wireless_dev *wdev = dev->ieee80211_ptr; 14274 14275 if (wdev->iftype != NL80211_IFTYPE_AP && 14276 wdev->iftype != NL80211_IFTYPE_P2P_GO) 14277 return -EINVAL; 14278 14279 if (wdev->ap_unexpected_nlportid) 14280 return -EBUSY; 14281 14282 wdev->ap_unexpected_nlportid = info->snd_portid; 14283 return 0; 14284 } 14285 14286 static int nl80211_probe_client(struct sk_buff *skb, 14287 struct genl_info *info) 14288 { 14289 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14290 struct net_device *dev = info->user_ptr[1]; 14291 struct wireless_dev *wdev = dev->ieee80211_ptr; 14292 struct sk_buff *msg; 14293 void *hdr; 14294 const u8 *addr; 14295 u64 cookie; 14296 int err; 14297 14298 if (wdev->iftype != NL80211_IFTYPE_AP && 14299 wdev->iftype != NL80211_IFTYPE_P2P_GO) 14300 return -EOPNOTSUPP; 14301 14302 if (!info->attrs[NL80211_ATTR_MAC]) 14303 return -EINVAL; 14304 14305 if (!rdev->ops->probe_client) 14306 return -EOPNOTSUPP; 14307 14308 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14309 if (!msg) 14310 return -ENOMEM; 14311 14312 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14313 NL80211_CMD_PROBE_CLIENT); 14314 if (!hdr) { 14315 err = -ENOBUFS; 14316 goto free_msg; 14317 } 14318 14319 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 14320 14321 err = rdev_probe_client(rdev, dev, addr, &cookie); 14322 if (err) 14323 goto free_msg; 14324 14325 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 14326 NL80211_ATTR_PAD)) 14327 goto nla_put_failure; 14328 14329 genlmsg_end(msg, hdr); 14330 14331 return genlmsg_reply(msg, info); 14332 14333 nla_put_failure: 14334 err = -ENOBUFS; 14335 free_msg: 14336 nlmsg_free(msg); 14337 return err; 14338 } 14339 14340 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 14341 { 14342 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14343 struct cfg80211_beacon_registration *reg, *nreg; 14344 int rv; 14345 14346 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 14347 return -EOPNOTSUPP; 14348 14349 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL); 14350 if (!nreg) 14351 return -ENOMEM; 14352 14353 /* First, check if already registered. */ 14354 spin_lock_bh(&rdev->beacon_registrations_lock); 14355 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 14356 if (reg->nlportid == info->snd_portid) { 14357 rv = -EALREADY; 14358 goto out_err; 14359 } 14360 } 14361 /* Add it to the list */ 14362 nreg->nlportid = info->snd_portid; 14363 list_add(&nreg->list, &rdev->beacon_registrations); 14364 14365 spin_unlock_bh(&rdev->beacon_registrations_lock); 14366 14367 return 0; 14368 out_err: 14369 spin_unlock_bh(&rdev->beacon_registrations_lock); 14370 kfree(nreg); 14371 return rv; 14372 } 14373 14374 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info) 14375 { 14376 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14377 struct wireless_dev *wdev = info->user_ptr[1]; 14378 int err; 14379 14380 if (!rdev->ops->start_p2p_device) 14381 return -EOPNOTSUPP; 14382 14383 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 14384 return -EOPNOTSUPP; 14385 14386 if (wdev_running(wdev)) 14387 return 0; 14388 14389 if (rfkill_blocked(rdev->wiphy.rfkill)) 14390 return -ERFKILL; 14391 14392 err = rdev_start_p2p_device(rdev, wdev); 14393 if (err) 14394 return err; 14395 14396 wdev->is_running = true; 14397 rdev->opencount++; 14398 14399 return 0; 14400 } 14401 14402 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info) 14403 { 14404 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14405 struct wireless_dev *wdev = info->user_ptr[1]; 14406 14407 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) 14408 return -EOPNOTSUPP; 14409 14410 if (!rdev->ops->stop_p2p_device) 14411 return -EOPNOTSUPP; 14412 14413 cfg80211_stop_p2p_device(rdev, wdev); 14414 14415 return 0; 14416 } 14417 14418 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info) 14419 { 14420 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14421 struct wireless_dev *wdev = info->user_ptr[1]; 14422 struct cfg80211_nan_conf conf = {}; 14423 int err; 14424 14425 if (wdev->iftype != NL80211_IFTYPE_NAN) 14426 return -EOPNOTSUPP; 14427 14428 if (wdev_running(wdev)) 14429 return -EEXIST; 14430 14431 if (rfkill_blocked(rdev->wiphy.rfkill)) 14432 return -ERFKILL; 14433 14434 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) 14435 return -EINVAL; 14436 14437 conf.master_pref = 14438 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 14439 14440 if (info->attrs[NL80211_ATTR_BANDS]) { 14441 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 14442 14443 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 14444 return -EOPNOTSUPP; 14445 14446 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 14447 return -EINVAL; 14448 14449 conf.bands = bands; 14450 } 14451 14452 err = rdev_start_nan(rdev, wdev, &conf); 14453 if (err) 14454 return err; 14455 14456 wdev->is_running = true; 14457 rdev->opencount++; 14458 14459 return 0; 14460 } 14461 14462 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info) 14463 { 14464 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14465 struct wireless_dev *wdev = info->user_ptr[1]; 14466 14467 if (wdev->iftype != NL80211_IFTYPE_NAN) 14468 return -EOPNOTSUPP; 14469 14470 cfg80211_stop_nan(rdev, wdev); 14471 14472 return 0; 14473 } 14474 14475 static int validate_nan_filter(struct nlattr *filter_attr) 14476 { 14477 struct nlattr *attr; 14478 int len = 0, n_entries = 0, rem; 14479 14480 nla_for_each_nested(attr, filter_attr, rem) { 14481 len += nla_len(attr); 14482 n_entries++; 14483 } 14484 14485 if (len >= U8_MAX) 14486 return -EINVAL; 14487 14488 return n_entries; 14489 } 14490 14491 static int handle_nan_filter(struct nlattr *attr_filter, 14492 struct cfg80211_nan_func *func, 14493 bool tx) 14494 { 14495 struct nlattr *attr; 14496 int n_entries, rem, i; 14497 struct cfg80211_nan_func_filter *filter; 14498 14499 n_entries = validate_nan_filter(attr_filter); 14500 if (n_entries < 0) 14501 return n_entries; 14502 14503 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters)); 14504 14505 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL); 14506 if (!filter) 14507 return -ENOMEM; 14508 14509 i = 0; 14510 nla_for_each_nested(attr, attr_filter, rem) { 14511 filter[i].filter = nla_memdup(attr, GFP_KERNEL); 14512 if (!filter[i].filter) 14513 goto err; 14514 14515 filter[i].len = nla_len(attr); 14516 i++; 14517 } 14518 if (tx) { 14519 func->num_tx_filters = n_entries; 14520 func->tx_filters = filter; 14521 } else { 14522 func->num_rx_filters = n_entries; 14523 func->rx_filters = filter; 14524 } 14525 14526 return 0; 14527 14528 err: 14529 i = 0; 14530 nla_for_each_nested(attr, attr_filter, rem) { 14531 kfree(filter[i].filter); 14532 i++; 14533 } 14534 kfree(filter); 14535 return -ENOMEM; 14536 } 14537 14538 static int nl80211_nan_add_func(struct sk_buff *skb, 14539 struct genl_info *info) 14540 { 14541 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14542 struct wireless_dev *wdev = info->user_ptr[1]; 14543 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr; 14544 struct cfg80211_nan_func *func; 14545 struct sk_buff *msg = NULL; 14546 void *hdr = NULL; 14547 int err = 0; 14548 14549 if (wdev->iftype != NL80211_IFTYPE_NAN) 14550 return -EOPNOTSUPP; 14551 14552 if (!wdev_running(wdev)) 14553 return -ENOTCONN; 14554 14555 if (!info->attrs[NL80211_ATTR_NAN_FUNC]) 14556 return -EINVAL; 14557 14558 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX, 14559 info->attrs[NL80211_ATTR_NAN_FUNC], 14560 nl80211_nan_func_policy, 14561 info->extack); 14562 if (err) 14563 return err; 14564 14565 func = kzalloc(sizeof(*func), GFP_KERNEL); 14566 if (!func) 14567 return -ENOMEM; 14568 14569 func->cookie = cfg80211_assign_cookie(rdev); 14570 14571 if (!tb[NL80211_NAN_FUNC_TYPE]) { 14572 err = -EINVAL; 14573 goto out; 14574 } 14575 14576 14577 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]); 14578 14579 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) { 14580 err = -EINVAL; 14581 goto out; 14582 } 14583 14584 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]), 14585 sizeof(func->service_id)); 14586 14587 func->close_range = 14588 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]); 14589 14590 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) { 14591 func->serv_spec_info_len = 14592 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]); 14593 func->serv_spec_info = 14594 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]), 14595 func->serv_spec_info_len, 14596 GFP_KERNEL); 14597 if (!func->serv_spec_info) { 14598 err = -ENOMEM; 14599 goto out; 14600 } 14601 } 14602 14603 if (tb[NL80211_NAN_FUNC_TTL]) 14604 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]); 14605 14606 switch (func->type) { 14607 case NL80211_NAN_FUNC_PUBLISH: 14608 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) { 14609 err = -EINVAL; 14610 goto out; 14611 } 14612 14613 func->publish_type = 14614 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]); 14615 func->publish_bcast = 14616 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]); 14617 14618 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) && 14619 func->publish_bcast) { 14620 err = -EINVAL; 14621 goto out; 14622 } 14623 break; 14624 case NL80211_NAN_FUNC_SUBSCRIBE: 14625 func->subscribe_active = 14626 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]); 14627 break; 14628 case NL80211_NAN_FUNC_FOLLOW_UP: 14629 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || 14630 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || 14631 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { 14632 err = -EINVAL; 14633 goto out; 14634 } 14635 14636 func->followup_id = 14637 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]); 14638 func->followup_reqid = 14639 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]); 14640 memcpy(func->followup_dest.addr, 14641 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]), 14642 sizeof(func->followup_dest.addr)); 14643 if (func->ttl) { 14644 err = -EINVAL; 14645 goto out; 14646 } 14647 break; 14648 default: 14649 err = -EINVAL; 14650 goto out; 14651 } 14652 14653 if (tb[NL80211_NAN_FUNC_SRF]) { 14654 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR]; 14655 14656 err = nla_parse_nested_deprecated(srf_tb, 14657 NL80211_NAN_SRF_ATTR_MAX, 14658 tb[NL80211_NAN_FUNC_SRF], 14659 nl80211_nan_srf_policy, 14660 info->extack); 14661 if (err) 14662 goto out; 14663 14664 func->srf_include = 14665 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]); 14666 14667 if (srf_tb[NL80211_NAN_SRF_BF]) { 14668 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] || 14669 !srf_tb[NL80211_NAN_SRF_BF_IDX]) { 14670 err = -EINVAL; 14671 goto out; 14672 } 14673 14674 func->srf_bf_len = 14675 nla_len(srf_tb[NL80211_NAN_SRF_BF]); 14676 func->srf_bf = 14677 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]), 14678 func->srf_bf_len, GFP_KERNEL); 14679 if (!func->srf_bf) { 14680 err = -ENOMEM; 14681 goto out; 14682 } 14683 14684 func->srf_bf_idx = 14685 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]); 14686 } else { 14687 struct nlattr *attr, *mac_attr = 14688 srf_tb[NL80211_NAN_SRF_MAC_ADDRS]; 14689 int n_entries, rem, i = 0; 14690 14691 if (!mac_attr) { 14692 err = -EINVAL; 14693 goto out; 14694 } 14695 14696 n_entries = validate_acl_mac_addrs(mac_attr); 14697 if (n_entries <= 0) { 14698 err = -EINVAL; 14699 goto out; 14700 } 14701 14702 func->srf_num_macs = n_entries; 14703 func->srf_macs = 14704 kcalloc(n_entries, sizeof(*func->srf_macs), 14705 GFP_KERNEL); 14706 if (!func->srf_macs) { 14707 err = -ENOMEM; 14708 goto out; 14709 } 14710 14711 nla_for_each_nested(attr, mac_attr, rem) 14712 memcpy(func->srf_macs[i++].addr, nla_data(attr), 14713 sizeof(*func->srf_macs)); 14714 } 14715 } 14716 14717 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) { 14718 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER], 14719 func, true); 14720 if (err) 14721 goto out; 14722 } 14723 14724 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) { 14725 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER], 14726 func, false); 14727 if (err) 14728 goto out; 14729 } 14730 14731 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14732 if (!msg) { 14733 err = -ENOMEM; 14734 goto out; 14735 } 14736 14737 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14738 NL80211_CMD_ADD_NAN_FUNCTION); 14739 /* This can't really happen - we just allocated 4KB */ 14740 if (WARN_ON(!hdr)) { 14741 err = -ENOMEM; 14742 goto out; 14743 } 14744 14745 err = rdev_add_nan_func(rdev, wdev, func); 14746 out: 14747 if (err < 0) { 14748 cfg80211_free_nan_func(func); 14749 nlmsg_free(msg); 14750 return err; 14751 } 14752 14753 /* propagate the instance id and cookie to userspace */ 14754 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie, 14755 NL80211_ATTR_PAD)) 14756 goto nla_put_failure; 14757 14758 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC); 14759 if (!func_attr) 14760 goto nla_put_failure; 14761 14762 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, 14763 func->instance_id)) 14764 goto nla_put_failure; 14765 14766 nla_nest_end(msg, func_attr); 14767 14768 genlmsg_end(msg, hdr); 14769 return genlmsg_reply(msg, info); 14770 14771 nla_put_failure: 14772 nlmsg_free(msg); 14773 return -ENOBUFS; 14774 } 14775 14776 static int nl80211_nan_del_func(struct sk_buff *skb, 14777 struct genl_info *info) 14778 { 14779 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14780 struct wireless_dev *wdev = info->user_ptr[1]; 14781 u64 cookie; 14782 14783 if (wdev->iftype != NL80211_IFTYPE_NAN) 14784 return -EOPNOTSUPP; 14785 14786 if (!wdev_running(wdev)) 14787 return -ENOTCONN; 14788 14789 if (!info->attrs[NL80211_ATTR_COOKIE]) 14790 return -EINVAL; 14791 14792 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 14793 14794 rdev_del_nan_func(rdev, wdev, cookie); 14795 14796 return 0; 14797 } 14798 14799 static int nl80211_nan_change_config(struct sk_buff *skb, 14800 struct genl_info *info) 14801 { 14802 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 14803 struct wireless_dev *wdev = info->user_ptr[1]; 14804 struct cfg80211_nan_conf conf = {}; 14805 u32 changed = 0; 14806 14807 if (wdev->iftype != NL80211_IFTYPE_NAN) 14808 return -EOPNOTSUPP; 14809 14810 if (!wdev_running(wdev)) 14811 return -ENOTCONN; 14812 14813 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) { 14814 conf.master_pref = 14815 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]); 14816 if (conf.master_pref <= 1 || conf.master_pref == 255) 14817 return -EINVAL; 14818 14819 changed |= CFG80211_NAN_CONF_CHANGED_PREF; 14820 } 14821 14822 if (info->attrs[NL80211_ATTR_BANDS]) { 14823 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]); 14824 14825 if (bands & ~(u32)wdev->wiphy->nan_supported_bands) 14826 return -EOPNOTSUPP; 14827 14828 if (bands && !(bands & BIT(NL80211_BAND_2GHZ))) 14829 return -EINVAL; 14830 14831 conf.bands = bands; 14832 changed |= CFG80211_NAN_CONF_CHANGED_BANDS; 14833 } 14834 14835 if (!changed) 14836 return -EINVAL; 14837 14838 return rdev_nan_change_conf(rdev, wdev, &conf, changed); 14839 } 14840 14841 void cfg80211_nan_match(struct wireless_dev *wdev, 14842 struct cfg80211_nan_match_params *match, gfp_t gfp) 14843 { 14844 struct wiphy *wiphy = wdev->wiphy; 14845 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14846 struct nlattr *match_attr, *local_func_attr, *peer_func_attr; 14847 struct sk_buff *msg; 14848 void *hdr; 14849 14850 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr)) 14851 return; 14852 14853 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14854 if (!msg) 14855 return; 14856 14857 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH); 14858 if (!hdr) { 14859 nlmsg_free(msg); 14860 return; 14861 } 14862 14863 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14864 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14865 wdev->netdev->ifindex)) || 14866 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14867 NL80211_ATTR_PAD)) 14868 goto nla_put_failure; 14869 14870 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie, 14871 NL80211_ATTR_PAD) || 14872 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr)) 14873 goto nla_put_failure; 14874 14875 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH); 14876 if (!match_attr) 14877 goto nla_put_failure; 14878 14879 local_func_attr = nla_nest_start_noflag(msg, 14880 NL80211_NAN_MATCH_FUNC_LOCAL); 14881 if (!local_func_attr) 14882 goto nla_put_failure; 14883 14884 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id)) 14885 goto nla_put_failure; 14886 14887 nla_nest_end(msg, local_func_attr); 14888 14889 peer_func_attr = nla_nest_start_noflag(msg, 14890 NL80211_NAN_MATCH_FUNC_PEER); 14891 if (!peer_func_attr) 14892 goto nla_put_failure; 14893 14894 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) || 14895 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id)) 14896 goto nla_put_failure; 14897 14898 if (match->info && match->info_len && 14899 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len, 14900 match->info)) 14901 goto nla_put_failure; 14902 14903 nla_nest_end(msg, peer_func_attr); 14904 nla_nest_end(msg, match_attr); 14905 genlmsg_end(msg, hdr); 14906 14907 if (!wdev->owner_nlportid) 14908 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 14909 msg, 0, NL80211_MCGRP_NAN, gfp); 14910 else 14911 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 14912 wdev->owner_nlportid); 14913 14914 return; 14915 14916 nla_put_failure: 14917 nlmsg_free(msg); 14918 } 14919 EXPORT_SYMBOL(cfg80211_nan_match); 14920 14921 void cfg80211_nan_func_terminated(struct wireless_dev *wdev, 14922 u8 inst_id, 14923 enum nl80211_nan_func_term_reason reason, 14924 u64 cookie, gfp_t gfp) 14925 { 14926 struct wiphy *wiphy = wdev->wiphy; 14927 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 14928 struct sk_buff *msg; 14929 struct nlattr *func_attr; 14930 void *hdr; 14931 14932 if (WARN_ON(!inst_id)) 14933 return; 14934 14935 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 14936 if (!msg) 14937 return; 14938 14939 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION); 14940 if (!hdr) { 14941 nlmsg_free(msg); 14942 return; 14943 } 14944 14945 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 14946 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 14947 wdev->netdev->ifindex)) || 14948 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 14949 NL80211_ATTR_PAD)) 14950 goto nla_put_failure; 14951 14952 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 14953 NL80211_ATTR_PAD)) 14954 goto nla_put_failure; 14955 14956 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC); 14957 if (!func_attr) 14958 goto nla_put_failure; 14959 14960 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) || 14961 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason)) 14962 goto nla_put_failure; 14963 14964 nla_nest_end(msg, func_attr); 14965 genlmsg_end(msg, hdr); 14966 14967 if (!wdev->owner_nlportid) 14968 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 14969 msg, 0, NL80211_MCGRP_NAN, gfp); 14970 else 14971 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 14972 wdev->owner_nlportid); 14973 14974 return; 14975 14976 nla_put_failure: 14977 nlmsg_free(msg); 14978 } 14979 EXPORT_SYMBOL(cfg80211_nan_func_terminated); 14980 14981 static int nl80211_get_protocol_features(struct sk_buff *skb, 14982 struct genl_info *info) 14983 { 14984 void *hdr; 14985 struct sk_buff *msg; 14986 14987 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 14988 if (!msg) 14989 return -ENOMEM; 14990 14991 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 14992 NL80211_CMD_GET_PROTOCOL_FEATURES); 14993 if (!hdr) 14994 goto nla_put_failure; 14995 14996 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES, 14997 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)) 14998 goto nla_put_failure; 14999 15000 genlmsg_end(msg, hdr); 15001 return genlmsg_reply(msg, info); 15002 15003 nla_put_failure: 15004 kfree_skb(msg); 15005 return -ENOBUFS; 15006 } 15007 15008 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info) 15009 { 15010 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15011 struct cfg80211_update_ft_ies_params ft_params; 15012 struct net_device *dev = info->user_ptr[1]; 15013 15014 if (!rdev->ops->update_ft_ies) 15015 return -EOPNOTSUPP; 15016 15017 if (!info->attrs[NL80211_ATTR_MDID] || 15018 !info->attrs[NL80211_ATTR_IE]) 15019 return -EINVAL; 15020 15021 memset(&ft_params, 0, sizeof(ft_params)); 15022 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]); 15023 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 15024 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 15025 15026 return rdev_update_ft_ies(rdev, dev, &ft_params); 15027 } 15028 15029 static int nl80211_crit_protocol_start(struct sk_buff *skb, 15030 struct genl_info *info) 15031 { 15032 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15033 struct wireless_dev *wdev = info->user_ptr[1]; 15034 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC; 15035 u16 duration; 15036 int ret; 15037 15038 if (!rdev->ops->crit_proto_start) 15039 return -EOPNOTSUPP; 15040 15041 if (WARN_ON(!rdev->ops->crit_proto_stop)) 15042 return -EINVAL; 15043 15044 if (rdev->crit_proto_nlportid) 15045 return -EBUSY; 15046 15047 /* determine protocol if provided */ 15048 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID]) 15049 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]); 15050 15051 if (proto >= NUM_NL80211_CRIT_PROTO) 15052 return -EINVAL; 15053 15054 /* timeout must be provided */ 15055 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]) 15056 return -EINVAL; 15057 15058 duration = 15059 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]); 15060 15061 ret = rdev_crit_proto_start(rdev, wdev, proto, duration); 15062 if (!ret) 15063 rdev->crit_proto_nlportid = info->snd_portid; 15064 15065 return ret; 15066 } 15067 15068 static int nl80211_crit_protocol_stop(struct sk_buff *skb, 15069 struct genl_info *info) 15070 { 15071 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15072 struct wireless_dev *wdev = info->user_ptr[1]; 15073 15074 if (!rdev->ops->crit_proto_stop) 15075 return -EOPNOTSUPP; 15076 15077 if (rdev->crit_proto_nlportid) { 15078 rdev->crit_proto_nlportid = 0; 15079 rdev_crit_proto_stop(rdev, wdev); 15080 } 15081 return 0; 15082 } 15083 15084 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd, 15085 struct nlattr *attr, 15086 struct netlink_ext_ack *extack) 15087 { 15088 if (vcmd->policy == VENDOR_CMD_RAW_DATA) { 15089 if (attr->nla_type & NLA_F_NESTED) { 15090 NL_SET_ERR_MSG_ATTR(extack, attr, 15091 "unexpected nested data"); 15092 return -EINVAL; 15093 } 15094 15095 return 0; 15096 } 15097 15098 if (!(attr->nla_type & NLA_F_NESTED)) { 15099 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data"); 15100 return -EINVAL; 15101 } 15102 15103 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack); 15104 } 15105 15106 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info) 15107 { 15108 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15109 struct wireless_dev *wdev = 15110 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info), 15111 info->attrs); 15112 int i, err; 15113 u32 vid, subcmd; 15114 15115 if (!rdev->wiphy.vendor_commands) 15116 return -EOPNOTSUPP; 15117 15118 if (IS_ERR(wdev)) { 15119 err = PTR_ERR(wdev); 15120 if (err != -EINVAL) 15121 return err; 15122 wdev = NULL; 15123 } else if (wdev->wiphy != &rdev->wiphy) { 15124 return -EINVAL; 15125 } 15126 15127 if (!info->attrs[NL80211_ATTR_VENDOR_ID] || 15128 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD]) 15129 return -EINVAL; 15130 15131 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]); 15132 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]); 15133 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) { 15134 const struct wiphy_vendor_command *vcmd; 15135 void *data = NULL; 15136 int len = 0; 15137 15138 vcmd = &rdev->wiphy.vendor_commands[i]; 15139 15140 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 15141 continue; 15142 15143 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 15144 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 15145 if (!wdev) 15146 return -EINVAL; 15147 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 15148 !wdev->netdev) 15149 return -EINVAL; 15150 15151 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 15152 if (!wdev_running(wdev)) 15153 return -ENETDOWN; 15154 } 15155 } else { 15156 wdev = NULL; 15157 } 15158 15159 if (!vcmd->doit) 15160 return -EOPNOTSUPP; 15161 15162 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) { 15163 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]); 15164 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]); 15165 15166 err = nl80211_vendor_check_policy(vcmd, 15167 info->attrs[NL80211_ATTR_VENDOR_DATA], 15168 info->extack); 15169 if (err) 15170 return err; 15171 } 15172 15173 rdev->cur_cmd_info = info; 15174 err = vcmd->doit(&rdev->wiphy, wdev, data, len); 15175 rdev->cur_cmd_info = NULL; 15176 return err; 15177 } 15178 15179 return -EOPNOTSUPP; 15180 } 15181 15182 static int nl80211_prepare_vendor_dump(struct sk_buff *skb, 15183 struct netlink_callback *cb, 15184 struct cfg80211_registered_device **rdev, 15185 struct wireless_dev **wdev) 15186 { 15187 struct nlattr **attrbuf; 15188 u32 vid, subcmd; 15189 unsigned int i; 15190 int vcmd_idx = -1; 15191 int err; 15192 void *data = NULL; 15193 unsigned int data_len = 0; 15194 15195 if (cb->args[0]) { 15196 /* subtract the 1 again here */ 15197 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1); 15198 struct wireless_dev *tmp; 15199 15200 if (!wiphy) 15201 return -ENODEV; 15202 *rdev = wiphy_to_rdev(wiphy); 15203 *wdev = NULL; 15204 15205 if (cb->args[1]) { 15206 list_for_each_entry(tmp, &wiphy->wdev_list, list) { 15207 if (tmp->identifier == cb->args[1] - 1) { 15208 *wdev = tmp; 15209 break; 15210 } 15211 } 15212 } 15213 15214 /* keep rtnl locked in successful case */ 15215 return 0; 15216 } 15217 15218 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL); 15219 if (!attrbuf) 15220 return -ENOMEM; 15221 15222 err = nlmsg_parse_deprecated(cb->nlh, 15223 GENL_HDRLEN + nl80211_fam.hdrsize, 15224 attrbuf, nl80211_fam.maxattr, 15225 nl80211_policy, NULL); 15226 if (err) 15227 goto out; 15228 15229 if (!attrbuf[NL80211_ATTR_VENDOR_ID] || 15230 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) { 15231 err = -EINVAL; 15232 goto out; 15233 } 15234 15235 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf); 15236 if (IS_ERR(*wdev)) 15237 *wdev = NULL; 15238 15239 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf); 15240 if (IS_ERR(*rdev)) { 15241 err = PTR_ERR(*rdev); 15242 goto out; 15243 } 15244 15245 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]); 15246 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]); 15247 15248 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) { 15249 const struct wiphy_vendor_command *vcmd; 15250 15251 vcmd = &(*rdev)->wiphy.vendor_commands[i]; 15252 15253 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd) 15254 continue; 15255 15256 if (!vcmd->dumpit) { 15257 err = -EOPNOTSUPP; 15258 goto out; 15259 } 15260 15261 vcmd_idx = i; 15262 break; 15263 } 15264 15265 if (vcmd_idx < 0) { 15266 err = -EOPNOTSUPP; 15267 goto out; 15268 } 15269 15270 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) { 15271 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]); 15272 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]); 15273 15274 err = nl80211_vendor_check_policy( 15275 &(*rdev)->wiphy.vendor_commands[vcmd_idx], 15276 attrbuf[NL80211_ATTR_VENDOR_DATA], 15277 cb->extack); 15278 if (err) 15279 goto out; 15280 } 15281 15282 /* 0 is the first index - add 1 to parse only once */ 15283 cb->args[0] = (*rdev)->wiphy_idx + 1; 15284 /* add 1 to know if it was NULL */ 15285 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0; 15286 cb->args[2] = vcmd_idx; 15287 cb->args[3] = (unsigned long)data; 15288 cb->args[4] = data_len; 15289 15290 /* keep rtnl locked in successful case */ 15291 err = 0; 15292 out: 15293 kfree(attrbuf); 15294 return err; 15295 } 15296 15297 static int nl80211_vendor_cmd_dump(struct sk_buff *skb, 15298 struct netlink_callback *cb) 15299 { 15300 struct cfg80211_registered_device *rdev; 15301 struct wireless_dev *wdev; 15302 unsigned int vcmd_idx; 15303 const struct wiphy_vendor_command *vcmd; 15304 void *data; 15305 int data_len; 15306 int err; 15307 struct nlattr *vendor_data; 15308 15309 rtnl_lock(); 15310 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev); 15311 if (err) 15312 goto out; 15313 15314 vcmd_idx = cb->args[2]; 15315 data = (void *)cb->args[3]; 15316 data_len = cb->args[4]; 15317 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx]; 15318 15319 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV | 15320 WIPHY_VENDOR_CMD_NEED_NETDEV)) { 15321 if (!wdev) { 15322 err = -EINVAL; 15323 goto out; 15324 } 15325 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV && 15326 !wdev->netdev) { 15327 err = -EINVAL; 15328 goto out; 15329 } 15330 15331 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) { 15332 if (!wdev_running(wdev)) { 15333 err = -ENETDOWN; 15334 goto out; 15335 } 15336 } 15337 } 15338 15339 while (1) { 15340 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid, 15341 cb->nlh->nlmsg_seq, NLM_F_MULTI, 15342 NL80211_CMD_VENDOR); 15343 if (!hdr) 15344 break; 15345 15346 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 15347 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV, 15348 wdev_id(wdev), 15349 NL80211_ATTR_PAD))) { 15350 genlmsg_cancel(skb, hdr); 15351 break; 15352 } 15353 15354 vendor_data = nla_nest_start_noflag(skb, 15355 NL80211_ATTR_VENDOR_DATA); 15356 if (!vendor_data) { 15357 genlmsg_cancel(skb, hdr); 15358 break; 15359 } 15360 15361 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len, 15362 (unsigned long *)&cb->args[5]); 15363 nla_nest_end(skb, vendor_data); 15364 15365 if (err == -ENOBUFS || err == -ENOENT) { 15366 genlmsg_cancel(skb, hdr); 15367 break; 15368 } else if (err <= 0) { 15369 genlmsg_cancel(skb, hdr); 15370 goto out; 15371 } 15372 15373 genlmsg_end(skb, hdr); 15374 } 15375 15376 err = skb->len; 15377 out: 15378 rtnl_unlock(); 15379 return err; 15380 } 15381 15382 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy, 15383 enum nl80211_commands cmd, 15384 enum nl80211_attrs attr, 15385 int approxlen) 15386 { 15387 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15388 15389 if (WARN_ON(!rdev->cur_cmd_info)) 15390 return NULL; 15391 15392 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen, 15393 rdev->cur_cmd_info->snd_portid, 15394 rdev->cur_cmd_info->snd_seq, 15395 cmd, attr, NULL, GFP_KERNEL); 15396 } 15397 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb); 15398 15399 int cfg80211_vendor_cmd_reply(struct sk_buff *skb) 15400 { 15401 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 15402 void *hdr = ((void **)skb->cb)[1]; 15403 struct nlattr *data = ((void **)skb->cb)[2]; 15404 15405 /* clear CB data for netlink core to own from now on */ 15406 memset(skb->cb, 0, sizeof(skb->cb)); 15407 15408 if (WARN_ON(!rdev->cur_cmd_info)) { 15409 kfree_skb(skb); 15410 return -EINVAL; 15411 } 15412 15413 nla_nest_end(skb, data); 15414 genlmsg_end(skb, hdr); 15415 return genlmsg_reply(skb, rdev->cur_cmd_info); 15416 } 15417 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply); 15418 15419 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy) 15420 { 15421 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 15422 15423 if (WARN_ON(!rdev->cur_cmd_info)) 15424 return 0; 15425 15426 return rdev->cur_cmd_info->snd_portid; 15427 } 15428 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender); 15429 15430 static int nl80211_set_qos_map(struct sk_buff *skb, 15431 struct genl_info *info) 15432 { 15433 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15434 struct cfg80211_qos_map *qos_map = NULL; 15435 struct net_device *dev = info->user_ptr[1]; 15436 u8 *pos, len, num_des, des_len, des; 15437 int ret; 15438 15439 if (!rdev->ops->set_qos_map) 15440 return -EOPNOTSUPP; 15441 15442 if (info->attrs[NL80211_ATTR_QOS_MAP]) { 15443 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]); 15444 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]); 15445 15446 if (len % 2) 15447 return -EINVAL; 15448 15449 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL); 15450 if (!qos_map) 15451 return -ENOMEM; 15452 15453 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1; 15454 if (num_des) { 15455 des_len = num_des * 15456 sizeof(struct cfg80211_dscp_exception); 15457 memcpy(qos_map->dscp_exception, pos, des_len); 15458 qos_map->num_des = num_des; 15459 for (des = 0; des < num_des; des++) { 15460 if (qos_map->dscp_exception[des].up > 7) { 15461 kfree(qos_map); 15462 return -EINVAL; 15463 } 15464 } 15465 pos += des_len; 15466 } 15467 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN); 15468 } 15469 15470 ret = nl80211_key_allowed(dev->ieee80211_ptr); 15471 if (!ret) 15472 ret = rdev_set_qos_map(rdev, dev, qos_map); 15473 15474 kfree(qos_map); 15475 return ret; 15476 } 15477 15478 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info) 15479 { 15480 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15481 struct net_device *dev = info->user_ptr[1]; 15482 struct wireless_dev *wdev = dev->ieee80211_ptr; 15483 const u8 *peer; 15484 u8 tsid, up; 15485 u16 admitted_time = 0; 15486 15487 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)) 15488 return -EOPNOTSUPP; 15489 15490 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] || 15491 !info->attrs[NL80211_ATTR_USER_PRIO]) 15492 return -EINVAL; 15493 15494 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 15495 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]); 15496 15497 /* WMM uses TIDs 0-7 even for TSPEC */ 15498 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) { 15499 /* TODO: handle 802.11 TSPEC/admission control 15500 * need more attributes for that (e.g. BA session requirement); 15501 * change the WMM adminssion test above to allow both then 15502 */ 15503 return -EINVAL; 15504 } 15505 15506 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 15507 15508 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) { 15509 admitted_time = 15510 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]); 15511 if (!admitted_time) 15512 return -EINVAL; 15513 } 15514 15515 switch (wdev->iftype) { 15516 case NL80211_IFTYPE_STATION: 15517 case NL80211_IFTYPE_P2P_CLIENT: 15518 if (wdev->connected) 15519 break; 15520 return -ENOTCONN; 15521 default: 15522 return -EOPNOTSUPP; 15523 } 15524 15525 return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time); 15526 } 15527 15528 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info) 15529 { 15530 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15531 struct net_device *dev = info->user_ptr[1]; 15532 const u8 *peer; 15533 u8 tsid; 15534 15535 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC]) 15536 return -EINVAL; 15537 15538 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]); 15539 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 15540 15541 return rdev_del_tx_ts(rdev, dev, tsid, peer); 15542 } 15543 15544 static int nl80211_tdls_channel_switch(struct sk_buff *skb, 15545 struct genl_info *info) 15546 { 15547 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15548 struct net_device *dev = info->user_ptr[1]; 15549 struct wireless_dev *wdev = dev->ieee80211_ptr; 15550 struct cfg80211_chan_def chandef = {}; 15551 const u8 *addr; 15552 u8 oper_class; 15553 int err; 15554 15555 if (!rdev->ops->tdls_channel_switch || 15556 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 15557 return -EOPNOTSUPP; 15558 15559 switch (dev->ieee80211_ptr->iftype) { 15560 case NL80211_IFTYPE_STATION: 15561 case NL80211_IFTYPE_P2P_CLIENT: 15562 break; 15563 default: 15564 return -EOPNOTSUPP; 15565 } 15566 15567 if (!info->attrs[NL80211_ATTR_MAC] || 15568 !info->attrs[NL80211_ATTR_OPER_CLASS]) 15569 return -EINVAL; 15570 15571 err = nl80211_parse_chandef(rdev, info, &chandef); 15572 if (err) 15573 return err; 15574 15575 /* 15576 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012 15577 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the 15578 * specification is not defined for them. 15579 */ 15580 if (chandef.chan->band == NL80211_BAND_2GHZ && 15581 chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 15582 chandef.width != NL80211_CHAN_WIDTH_20) 15583 return -EINVAL; 15584 15585 /* we will be active on the TDLS link */ 15586 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef, 15587 wdev->iftype)) 15588 return -EINVAL; 15589 15590 /* don't allow switching to DFS channels */ 15591 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype)) 15592 return -EINVAL; 15593 15594 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 15595 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]); 15596 15597 return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef); 15598 } 15599 15600 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb, 15601 struct genl_info *info) 15602 { 15603 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15604 struct net_device *dev = info->user_ptr[1]; 15605 const u8 *addr; 15606 15607 if (!rdev->ops->tdls_channel_switch || 15608 !rdev->ops->tdls_cancel_channel_switch || 15609 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH)) 15610 return -EOPNOTSUPP; 15611 15612 switch (dev->ieee80211_ptr->iftype) { 15613 case NL80211_IFTYPE_STATION: 15614 case NL80211_IFTYPE_P2P_CLIENT: 15615 break; 15616 default: 15617 return -EOPNOTSUPP; 15618 } 15619 15620 if (!info->attrs[NL80211_ATTR_MAC]) 15621 return -EINVAL; 15622 15623 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 15624 15625 rdev_tdls_cancel_channel_switch(rdev, dev, addr); 15626 15627 return 0; 15628 } 15629 15630 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb, 15631 struct genl_info *info) 15632 { 15633 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15634 struct net_device *dev = info->user_ptr[1]; 15635 struct wireless_dev *wdev = dev->ieee80211_ptr; 15636 const struct nlattr *nla; 15637 bool enabled; 15638 15639 if (!rdev->ops->set_multicast_to_unicast) 15640 return -EOPNOTSUPP; 15641 15642 if (wdev->iftype != NL80211_IFTYPE_AP && 15643 wdev->iftype != NL80211_IFTYPE_P2P_GO) 15644 return -EOPNOTSUPP; 15645 15646 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED]; 15647 enabled = nla_get_flag(nla); 15648 15649 return rdev_set_multicast_to_unicast(rdev, dev, enabled); 15650 } 15651 15652 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info) 15653 { 15654 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15655 struct net_device *dev = info->user_ptr[1]; 15656 struct wireless_dev *wdev = dev->ieee80211_ptr; 15657 struct cfg80211_pmk_conf pmk_conf = {}; 15658 15659 if (wdev->iftype != NL80211_IFTYPE_STATION && 15660 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 15661 return -EOPNOTSUPP; 15662 15663 if (!wiphy_ext_feature_isset(&rdev->wiphy, 15664 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 15665 return -EOPNOTSUPP; 15666 15667 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK]) 15668 return -EINVAL; 15669 15670 if (!wdev->connected) 15671 return -ENOTCONN; 15672 15673 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 15674 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN)) 15675 return -EINVAL; 15676 15677 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]); 15678 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]); 15679 if (pmk_conf.pmk_len != WLAN_PMK_LEN && 15680 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) 15681 return -EINVAL; 15682 15683 if (info->attrs[NL80211_ATTR_PMKR0_NAME]) 15684 pmk_conf.pmk_r0_name = 15685 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]); 15686 15687 return rdev_set_pmk(rdev, dev, &pmk_conf); 15688 } 15689 15690 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info) 15691 { 15692 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15693 struct net_device *dev = info->user_ptr[1]; 15694 struct wireless_dev *wdev = dev->ieee80211_ptr; 15695 const u8 *aa; 15696 15697 if (wdev->iftype != NL80211_IFTYPE_STATION && 15698 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 15699 return -EOPNOTSUPP; 15700 15701 if (!wiphy_ext_feature_isset(&rdev->wiphy, 15702 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) 15703 return -EOPNOTSUPP; 15704 15705 if (!info->attrs[NL80211_ATTR_MAC]) 15706 return -EINVAL; 15707 15708 aa = nla_data(info->attrs[NL80211_ATTR_MAC]); 15709 return rdev_del_pmk(rdev, dev, aa); 15710 } 15711 15712 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info) 15713 { 15714 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15715 struct net_device *dev = info->user_ptr[1]; 15716 struct cfg80211_external_auth_params params; 15717 15718 if (!rdev->ops->external_auth) 15719 return -EOPNOTSUPP; 15720 15721 if (!info->attrs[NL80211_ATTR_SSID] && 15722 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 15723 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 15724 return -EINVAL; 15725 15726 if (!info->attrs[NL80211_ATTR_BSSID]) 15727 return -EINVAL; 15728 15729 if (!info->attrs[NL80211_ATTR_STATUS_CODE]) 15730 return -EINVAL; 15731 15732 memset(¶ms, 0, sizeof(params)); 15733 15734 if (info->attrs[NL80211_ATTR_SSID]) { 15735 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 15736 if (params.ssid.ssid_len == 0) 15737 return -EINVAL; 15738 memcpy(params.ssid.ssid, 15739 nla_data(info->attrs[NL80211_ATTR_SSID]), 15740 params.ssid.ssid_len); 15741 } 15742 15743 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]), 15744 ETH_ALEN); 15745 15746 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 15747 15748 if (info->attrs[NL80211_ATTR_PMKID]) 15749 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 15750 15751 return rdev_external_auth(rdev, dev, ¶ms); 15752 } 15753 15754 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info) 15755 { 15756 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 15757 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15758 struct net_device *dev = info->user_ptr[1]; 15759 struct wireless_dev *wdev = dev->ieee80211_ptr; 15760 const u8 *buf; 15761 size_t len; 15762 u8 *dest; 15763 u16 proto; 15764 bool noencrypt; 15765 u64 cookie = 0; 15766 int link_id; 15767 int err; 15768 15769 if (!wiphy_ext_feature_isset(&rdev->wiphy, 15770 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) 15771 return -EOPNOTSUPP; 15772 15773 if (!rdev->ops->tx_control_port) 15774 return -EOPNOTSUPP; 15775 15776 if (!info->attrs[NL80211_ATTR_FRAME] || 15777 !info->attrs[NL80211_ATTR_MAC] || 15778 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 15779 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing"); 15780 return -EINVAL; 15781 } 15782 15783 switch (wdev->iftype) { 15784 case NL80211_IFTYPE_AP: 15785 case NL80211_IFTYPE_P2P_GO: 15786 case NL80211_IFTYPE_MESH_POINT: 15787 break; 15788 case NL80211_IFTYPE_ADHOC: 15789 if (wdev->u.ibss.current_bss) 15790 break; 15791 return -ENOTCONN; 15792 case NL80211_IFTYPE_STATION: 15793 case NL80211_IFTYPE_P2P_CLIENT: 15794 if (wdev->connected) 15795 break; 15796 return -ENOTCONN; 15797 default: 15798 return -EOPNOTSUPP; 15799 } 15800 15801 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 15802 len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 15803 dest = nla_data(info->attrs[NL80211_ATTR_MAC]); 15804 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 15805 noencrypt = 15806 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]); 15807 15808 link_id = nl80211_link_id_or_invalid(info->attrs); 15809 15810 err = rdev_tx_control_port(rdev, dev, buf, len, 15811 dest, cpu_to_be16(proto), noencrypt, link_id, 15812 dont_wait_for_ack ? NULL : &cookie); 15813 if (!err && !dont_wait_for_ack) 15814 nl_set_extack_cookie_u64(info->extack, cookie); 15815 return err; 15816 } 15817 15818 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb, 15819 struct genl_info *info) 15820 { 15821 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15822 struct net_device *dev = info->user_ptr[1]; 15823 struct wireless_dev *wdev = dev->ieee80211_ptr; 15824 struct cfg80211_ftm_responder_stats ftm_stats = {}; 15825 unsigned int link_id = nl80211_link_id(info->attrs); 15826 struct sk_buff *msg; 15827 void *hdr; 15828 struct nlattr *ftm_stats_attr; 15829 int err; 15830 15831 if (wdev->iftype != NL80211_IFTYPE_AP || 15832 !wdev->links[link_id].ap.beacon_interval) 15833 return -EOPNOTSUPP; 15834 15835 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats); 15836 if (err) 15837 return err; 15838 15839 if (!ftm_stats.filled) 15840 return -ENODATA; 15841 15842 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 15843 if (!msg) 15844 return -ENOMEM; 15845 15846 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, 15847 NL80211_CMD_GET_FTM_RESPONDER_STATS); 15848 if (!hdr) 15849 goto nla_put_failure; 15850 15851 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 15852 goto nla_put_failure; 15853 15854 ftm_stats_attr = nla_nest_start_noflag(msg, 15855 NL80211_ATTR_FTM_RESPONDER_STATS); 15856 if (!ftm_stats_attr) 15857 goto nla_put_failure; 15858 15859 #define SET_FTM(field, name, type) \ 15860 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ 15861 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \ 15862 ftm_stats.field)) \ 15863 goto nla_put_failure; } while (0) 15864 #define SET_FTM_U64(field, name) \ 15865 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ 15866 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \ 15867 ftm_stats.field, NL80211_FTM_STATS_PAD)) \ 15868 goto nla_put_failure; } while (0) 15869 15870 SET_FTM(success_num, SUCCESS_NUM, u32); 15871 SET_FTM(partial_num, PARTIAL_NUM, u32); 15872 SET_FTM(failed_num, FAILED_NUM, u32); 15873 SET_FTM(asap_num, ASAP_NUM, u32); 15874 SET_FTM(non_asap_num, NON_ASAP_NUM, u32); 15875 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC); 15876 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32); 15877 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32); 15878 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32); 15879 #undef SET_FTM 15880 15881 nla_nest_end(msg, ftm_stats_attr); 15882 15883 genlmsg_end(msg, hdr); 15884 return genlmsg_reply(msg, info); 15885 15886 nla_put_failure: 15887 nlmsg_free(msg); 15888 return -ENOBUFS; 15889 } 15890 15891 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info) 15892 { 15893 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15894 struct cfg80211_update_owe_info owe_info; 15895 struct net_device *dev = info->user_ptr[1]; 15896 15897 if (!rdev->ops->update_owe_info) 15898 return -EOPNOTSUPP; 15899 15900 if (!info->attrs[NL80211_ATTR_STATUS_CODE] || 15901 !info->attrs[NL80211_ATTR_MAC]) 15902 return -EINVAL; 15903 15904 memset(&owe_info, 0, sizeof(owe_info)); 15905 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 15906 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN); 15907 15908 if (info->attrs[NL80211_ATTR_IE]) { 15909 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 15910 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 15911 } 15912 15913 return rdev_update_owe_info(rdev, dev, &owe_info); 15914 } 15915 15916 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info) 15917 { 15918 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 15919 struct net_device *dev = info->user_ptr[1]; 15920 struct wireless_dev *wdev = dev->ieee80211_ptr; 15921 struct station_info sinfo = {}; 15922 const u8 *buf; 15923 size_t len; 15924 u8 *dest; 15925 int err; 15926 15927 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station) 15928 return -EOPNOTSUPP; 15929 15930 if (!info->attrs[NL80211_ATTR_MAC] || 15931 !info->attrs[NL80211_ATTR_FRAME]) { 15932 GENL_SET_ERR_MSG(info, "Frame or MAC missing"); 15933 return -EINVAL; 15934 } 15935 15936 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 15937 return -EOPNOTSUPP; 15938 15939 dest = nla_data(info->attrs[NL80211_ATTR_MAC]); 15940 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]); 15941 len = nla_len(info->attrs[NL80211_ATTR_FRAME]); 15942 15943 if (len < sizeof(struct ethhdr)) 15944 return -EINVAL; 15945 15946 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) || 15947 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr)) 15948 return -EINVAL; 15949 15950 err = rdev_get_station(rdev, dev, dest, &sinfo); 15951 if (err) 15952 return err; 15953 15954 cfg80211_sinfo_release_content(&sinfo); 15955 15956 return rdev_probe_mesh_link(rdev, dev, dest, buf, len); 15957 } 15958 15959 static int parse_tid_conf(struct cfg80211_registered_device *rdev, 15960 struct nlattr *attrs[], struct net_device *dev, 15961 struct cfg80211_tid_cfg *tid_conf, 15962 struct genl_info *info, const u8 *peer, 15963 unsigned int link_id) 15964 { 15965 struct netlink_ext_ack *extack = info->extack; 15966 u64 mask; 15967 int err; 15968 15969 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS]) 15970 return -EINVAL; 15971 15972 tid_conf->config_override = 15973 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]); 15974 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]); 15975 15976 if (tid_conf->config_override) { 15977 if (rdev->ops->reset_tid_config) { 15978 err = rdev_reset_tid_config(rdev, dev, peer, 15979 tid_conf->tids); 15980 if (err) 15981 return err; 15982 } else { 15983 return -EINVAL; 15984 } 15985 } 15986 15987 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) { 15988 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK); 15989 tid_conf->noack = 15990 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]); 15991 } 15992 15993 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) { 15994 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT); 15995 tid_conf->retry_short = 15996 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]); 15997 15998 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count) 15999 return -EINVAL; 16000 } 16001 16002 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) { 16003 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG); 16004 tid_conf->retry_long = 16005 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]); 16006 16007 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count) 16008 return -EINVAL; 16009 } 16010 16011 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) { 16012 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL); 16013 tid_conf->ampdu = 16014 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]); 16015 } 16016 16017 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) { 16018 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL); 16019 tid_conf->rtscts = 16020 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]); 16021 } 16022 16023 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) { 16024 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL); 16025 tid_conf->amsdu = 16026 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]); 16027 } 16028 16029 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) { 16030 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr; 16031 16032 tid_conf->txrate_type = nla_get_u8(attrs[idx]); 16033 16034 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) { 16035 attr = NL80211_TID_CONFIG_ATTR_TX_RATE; 16036 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr, 16037 &tid_conf->txrate_mask, dev, 16038 true, link_id); 16039 if (err) 16040 return err; 16041 16042 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE); 16043 } 16044 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE); 16045 } 16046 16047 if (peer) 16048 mask = rdev->wiphy.tid_config_support.peer; 16049 else 16050 mask = rdev->wiphy.tid_config_support.vif; 16051 16052 if (tid_conf->mask & ~mask) { 16053 NL_SET_ERR_MSG(extack, "unsupported TID configuration"); 16054 return -EOPNOTSUPP; 16055 } 16056 16057 return 0; 16058 } 16059 16060 static int nl80211_set_tid_config(struct sk_buff *skb, 16061 struct genl_info *info) 16062 { 16063 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16064 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1]; 16065 unsigned int link_id = nl80211_link_id(info->attrs); 16066 struct net_device *dev = info->user_ptr[1]; 16067 struct cfg80211_tid_config *tid_config; 16068 struct nlattr *tid; 16069 int conf_idx = 0, rem_conf; 16070 int ret = -EINVAL; 16071 u32 num_conf = 0; 16072 16073 if (!info->attrs[NL80211_ATTR_TID_CONFIG]) 16074 return -EINVAL; 16075 16076 if (!rdev->ops->set_tid_config) 16077 return -EOPNOTSUPP; 16078 16079 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG], 16080 rem_conf) 16081 num_conf++; 16082 16083 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf), 16084 GFP_KERNEL); 16085 if (!tid_config) 16086 return -ENOMEM; 16087 16088 tid_config->n_tid_conf = num_conf; 16089 16090 if (info->attrs[NL80211_ATTR_MAC]) 16091 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 16092 16093 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG], 16094 rem_conf) { 16095 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX, 16096 tid, NULL, NULL); 16097 16098 if (ret) 16099 goto bad_tid_conf; 16100 16101 ret = parse_tid_conf(rdev, attrs, dev, 16102 &tid_config->tid_conf[conf_idx], 16103 info, tid_config->peer, link_id); 16104 if (ret) 16105 goto bad_tid_conf; 16106 16107 conf_idx++; 16108 } 16109 16110 ret = rdev_set_tid_config(rdev, dev, tid_config); 16111 16112 bad_tid_conf: 16113 kfree(tid_config); 16114 return ret; 16115 } 16116 16117 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info) 16118 { 16119 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16120 struct cfg80211_color_change_settings params = {}; 16121 struct net_device *dev = info->user_ptr[1]; 16122 struct wireless_dev *wdev = dev->ieee80211_ptr; 16123 struct nlattr **tb; 16124 u16 offset; 16125 int err; 16126 16127 if (!rdev->ops->color_change) 16128 return -EOPNOTSUPP; 16129 16130 if (!wiphy_ext_feature_isset(&rdev->wiphy, 16131 NL80211_EXT_FEATURE_BSS_COLOR)) 16132 return -EOPNOTSUPP; 16133 16134 if (wdev->iftype != NL80211_IFTYPE_AP) 16135 return -EOPNOTSUPP; 16136 16137 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] || 16138 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] || 16139 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS]) 16140 return -EINVAL; 16141 16142 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]); 16143 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]); 16144 16145 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next, 16146 info->extack); 16147 if (err) 16148 return err; 16149 16150 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL); 16151 if (!tb) 16152 return -ENOMEM; 16153 16154 err = nla_parse_nested(tb, NL80211_ATTR_MAX, 16155 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS], 16156 nl80211_policy, info->extack); 16157 if (err) 16158 goto out; 16159 16160 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change, 16161 info->extack); 16162 if (err) 16163 goto out; 16164 16165 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) { 16166 err = -EINVAL; 16167 goto out; 16168 } 16169 16170 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) { 16171 err = -EINVAL; 16172 goto out; 16173 } 16174 16175 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]); 16176 if (offset >= params.beacon_color_change.tail_len) { 16177 err = -EINVAL; 16178 goto out; 16179 } 16180 16181 if (params.beacon_color_change.tail[offset] != params.count) { 16182 err = -EINVAL; 16183 goto out; 16184 } 16185 16186 params.counter_offset_beacon = offset; 16187 16188 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) { 16189 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) != 16190 sizeof(u16)) { 16191 err = -EINVAL; 16192 goto out; 16193 } 16194 16195 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]); 16196 if (offset >= params.beacon_color_change.probe_resp_len) { 16197 err = -EINVAL; 16198 goto out; 16199 } 16200 16201 if (params.beacon_color_change.probe_resp[offset] != 16202 params.count) { 16203 err = -EINVAL; 16204 goto out; 16205 } 16206 16207 params.counter_offset_presp = offset; 16208 } 16209 16210 params.link_id = nl80211_link_id(info->attrs); 16211 err = rdev_color_change(rdev, dev, ¶ms); 16212 16213 out: 16214 kfree(params.beacon_next.mbssid_ies); 16215 kfree(params.beacon_color_change.mbssid_ies); 16216 kfree(params.beacon_next.rnr_ies); 16217 kfree(params.beacon_color_change.rnr_ies); 16218 kfree(tb); 16219 return err; 16220 } 16221 16222 static int nl80211_set_fils_aad(struct sk_buff *skb, 16223 struct genl_info *info) 16224 { 16225 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16226 struct net_device *dev = info->user_ptr[1]; 16227 struct cfg80211_fils_aad fils_aad = {}; 16228 u8 *nonces; 16229 16230 if (!info->attrs[NL80211_ATTR_MAC] || 16231 !info->attrs[NL80211_ATTR_FILS_KEK] || 16232 !info->attrs[NL80211_ATTR_FILS_NONCES]) 16233 return -EINVAL; 16234 16235 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]); 16236 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]); 16237 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]); 16238 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]); 16239 fils_aad.snonce = nonces; 16240 fils_aad.anonce = nonces + FILS_NONCE_LEN; 16241 16242 return rdev_set_fils_aad(rdev, dev, &fils_aad); 16243 } 16244 16245 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info) 16246 { 16247 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16248 unsigned int link_id = nl80211_link_id(info->attrs); 16249 struct net_device *dev = info->user_ptr[1]; 16250 struct wireless_dev *wdev = dev->ieee80211_ptr; 16251 int ret; 16252 16253 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO)) 16254 return -EINVAL; 16255 16256 switch (wdev->iftype) { 16257 case NL80211_IFTYPE_AP: 16258 break; 16259 default: 16260 return -EINVAL; 16261 } 16262 16263 if (!info->attrs[NL80211_ATTR_MAC] || 16264 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC]))) 16265 return -EINVAL; 16266 16267 wdev->valid_links |= BIT(link_id); 16268 ether_addr_copy(wdev->links[link_id].addr, 16269 nla_data(info->attrs[NL80211_ATTR_MAC])); 16270 16271 ret = rdev_add_intf_link(rdev, wdev, link_id); 16272 if (ret) { 16273 wdev->valid_links &= ~BIT(link_id); 16274 eth_zero_addr(wdev->links[link_id].addr); 16275 } 16276 16277 return ret; 16278 } 16279 16280 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info) 16281 { 16282 unsigned int link_id = nl80211_link_id(info->attrs); 16283 struct net_device *dev = info->user_ptr[1]; 16284 struct wireless_dev *wdev = dev->ieee80211_ptr; 16285 16286 /* cannot remove if there's no link */ 16287 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID]) 16288 return -EINVAL; 16289 16290 switch (wdev->iftype) { 16291 case NL80211_IFTYPE_AP: 16292 break; 16293 default: 16294 return -EINVAL; 16295 } 16296 16297 cfg80211_remove_link(wdev, link_id); 16298 16299 return 0; 16300 } 16301 16302 static int 16303 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info, 16304 bool add) 16305 { 16306 struct link_station_parameters params = {}; 16307 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16308 struct net_device *dev = info->user_ptr[1]; 16309 int err; 16310 16311 if ((add && !rdev->ops->add_link_station) || 16312 (!add && !rdev->ops->mod_link_station)) 16313 return -EOPNOTSUPP; 16314 16315 if (add && !info->attrs[NL80211_ATTR_MAC]) 16316 return -EINVAL; 16317 16318 if (!info->attrs[NL80211_ATTR_MLD_ADDR]) 16319 return -EINVAL; 16320 16321 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 16322 return -EINVAL; 16323 16324 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 16325 16326 if (info->attrs[NL80211_ATTR_MAC]) { 16327 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]); 16328 if (!is_valid_ether_addr(params.link_mac)) 16329 return -EINVAL; 16330 } 16331 16332 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID]) 16333 return -EINVAL; 16334 16335 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]); 16336 16337 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 16338 params.supported_rates = 16339 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 16340 params.supported_rates_len = 16341 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 16342 } 16343 16344 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 16345 params.ht_capa = 16346 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 16347 16348 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) 16349 params.vht_capa = 16350 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]); 16351 16352 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) { 16353 params.he_capa = 16354 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 16355 params.he_capa_len = 16356 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]); 16357 16358 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) { 16359 params.eht_capa = 16360 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 16361 params.eht_capa_len = 16362 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]); 16363 16364 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa, 16365 (const u8 *)params.eht_capa, 16366 params.eht_capa_len, 16367 false)) 16368 return -EINVAL; 16369 } 16370 } 16371 16372 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]) 16373 params.he_6ghz_capa = 16374 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]); 16375 16376 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) { 16377 params.opmode_notif_used = true; 16378 params.opmode_notif = 16379 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]); 16380 } 16381 16382 err = nl80211_parse_sta_txpower_setting(info, ¶ms.txpwr, 16383 ¶ms.txpwr_set); 16384 if (err) 16385 return err; 16386 16387 if (add) 16388 return rdev_add_link_station(rdev, dev, ¶ms); 16389 16390 return rdev_mod_link_station(rdev, dev, ¶ms); 16391 } 16392 16393 static int 16394 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info) 16395 { 16396 return nl80211_add_mod_link_station(skb, info, true); 16397 } 16398 16399 static int 16400 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info) 16401 { 16402 return nl80211_add_mod_link_station(skb, info, false); 16403 } 16404 16405 static int 16406 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info) 16407 { 16408 struct link_station_del_parameters params = {}; 16409 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16410 struct net_device *dev = info->user_ptr[1]; 16411 16412 if (!rdev->ops->del_link_station) 16413 return -EOPNOTSUPP; 16414 16415 if (!info->attrs[NL80211_ATTR_MLD_ADDR] || 16416 !info->attrs[NL80211_ATTR_MLO_LINK_ID]) 16417 return -EINVAL; 16418 16419 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]); 16420 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]); 16421 16422 return rdev_del_link_station(rdev, dev, ¶ms); 16423 } 16424 16425 static int nl80211_set_hw_timestamp(struct sk_buff *skb, 16426 struct genl_info *info) 16427 { 16428 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16429 struct net_device *dev = info->user_ptr[1]; 16430 struct cfg80211_set_hw_timestamp hwts = {}; 16431 16432 if (!rdev->wiphy.hw_timestamp_max_peers) 16433 return -EOPNOTSUPP; 16434 16435 if (!info->attrs[NL80211_ATTR_MAC] && 16436 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS) 16437 return -EOPNOTSUPP; 16438 16439 if (info->attrs[NL80211_ATTR_MAC]) 16440 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]); 16441 16442 hwts.enable = 16443 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]); 16444 16445 return rdev_set_hw_timestamp(rdev, dev, &hwts); 16446 } 16447 16448 static int 16449 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info) 16450 { 16451 struct cfg80211_ttlm_params params = {}; 16452 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16453 struct net_device *dev = info->user_ptr[1]; 16454 struct wireless_dev *wdev = dev->ieee80211_ptr; 16455 16456 if (wdev->iftype != NL80211_IFTYPE_STATION && 16457 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 16458 return -EOPNOTSUPP; 16459 16460 if (!wdev->connected) 16461 return -ENOLINK; 16462 16463 if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] || 16464 !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK]) 16465 return -EINVAL; 16466 16467 nla_memcpy(params.dlink, 16468 info->attrs[NL80211_ATTR_MLO_TTLM_DLINK], 16469 sizeof(params.dlink)); 16470 nla_memcpy(params.ulink, 16471 info->attrs[NL80211_ATTR_MLO_TTLM_ULINK], 16472 sizeof(params.ulink)); 16473 16474 return rdev_set_ttlm(rdev, dev, ¶ms); 16475 } 16476 16477 #define NL80211_FLAG_NEED_WIPHY 0x01 16478 #define NL80211_FLAG_NEED_NETDEV 0x02 16479 #define NL80211_FLAG_NEED_RTNL 0x04 16480 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 16481 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 16482 NL80211_FLAG_CHECK_NETDEV_UP) 16483 #define NL80211_FLAG_NEED_WDEV 0x10 16484 /* If a netdev is associated, it must be UP, P2P must be started */ 16485 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\ 16486 NL80211_FLAG_CHECK_NETDEV_UP) 16487 #define NL80211_FLAG_CLEAR_SKB 0x20 16488 #define NL80211_FLAG_NO_WIPHY_MTX 0x40 16489 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80 16490 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100 16491 16492 #define INTERNAL_FLAG_SELECTORS(__sel) \ 16493 SELECTOR(__sel, NONE, 0) /* must be first */ \ 16494 SELECTOR(__sel, WIPHY, \ 16495 NL80211_FLAG_NEED_WIPHY) \ 16496 SELECTOR(__sel, WDEV, \ 16497 NL80211_FLAG_NEED_WDEV) \ 16498 SELECTOR(__sel, NETDEV, \ 16499 NL80211_FLAG_NEED_NETDEV) \ 16500 SELECTOR(__sel, NETDEV_LINK, \ 16501 NL80211_FLAG_NEED_NETDEV | \ 16502 NL80211_FLAG_MLO_VALID_LINK_ID) \ 16503 SELECTOR(__sel, NETDEV_NO_MLO, \ 16504 NL80211_FLAG_NEED_NETDEV | \ 16505 NL80211_FLAG_MLO_UNSUPPORTED) \ 16506 SELECTOR(__sel, WIPHY_RTNL, \ 16507 NL80211_FLAG_NEED_WIPHY | \ 16508 NL80211_FLAG_NEED_RTNL) \ 16509 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \ 16510 NL80211_FLAG_NEED_WIPHY | \ 16511 NL80211_FLAG_NEED_RTNL | \ 16512 NL80211_FLAG_NO_WIPHY_MTX) \ 16513 SELECTOR(__sel, WDEV_RTNL, \ 16514 NL80211_FLAG_NEED_WDEV | \ 16515 NL80211_FLAG_NEED_RTNL) \ 16516 SELECTOR(__sel, NETDEV_RTNL, \ 16517 NL80211_FLAG_NEED_NETDEV | \ 16518 NL80211_FLAG_NEED_RTNL) \ 16519 SELECTOR(__sel, NETDEV_UP, \ 16520 NL80211_FLAG_NEED_NETDEV_UP) \ 16521 SELECTOR(__sel, NETDEV_UP_LINK, \ 16522 NL80211_FLAG_NEED_NETDEV_UP | \ 16523 NL80211_FLAG_MLO_VALID_LINK_ID) \ 16524 SELECTOR(__sel, NETDEV_UP_NO_MLO, \ 16525 NL80211_FLAG_NEED_NETDEV_UP | \ 16526 NL80211_FLAG_MLO_UNSUPPORTED) \ 16527 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \ 16528 NL80211_FLAG_NEED_NETDEV_UP | \ 16529 NL80211_FLAG_CLEAR_SKB | \ 16530 NL80211_FLAG_MLO_UNSUPPORTED) \ 16531 SELECTOR(__sel, NETDEV_UP_NOTMX, \ 16532 NL80211_FLAG_NEED_NETDEV_UP | \ 16533 NL80211_FLAG_NO_WIPHY_MTX) \ 16534 SELECTOR(__sel, NETDEV_UP_NOTMX_MLO, \ 16535 NL80211_FLAG_NEED_NETDEV_UP | \ 16536 NL80211_FLAG_NO_WIPHY_MTX | \ 16537 NL80211_FLAG_MLO_VALID_LINK_ID) \ 16538 SELECTOR(__sel, NETDEV_UP_CLEAR, \ 16539 NL80211_FLAG_NEED_NETDEV_UP | \ 16540 NL80211_FLAG_CLEAR_SKB) \ 16541 SELECTOR(__sel, WDEV_UP, \ 16542 NL80211_FLAG_NEED_WDEV_UP) \ 16543 SELECTOR(__sel, WDEV_UP_LINK, \ 16544 NL80211_FLAG_NEED_WDEV_UP | \ 16545 NL80211_FLAG_MLO_VALID_LINK_ID) \ 16546 SELECTOR(__sel, WDEV_UP_RTNL, \ 16547 NL80211_FLAG_NEED_WDEV_UP | \ 16548 NL80211_FLAG_NEED_RTNL) \ 16549 SELECTOR(__sel, WIPHY_CLEAR, \ 16550 NL80211_FLAG_NEED_WIPHY | \ 16551 NL80211_FLAG_CLEAR_SKB) 16552 16553 enum nl80211_internal_flags_selector { 16554 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name, 16555 INTERNAL_FLAG_SELECTORS(_) 16556 #undef SELECTOR 16557 }; 16558 16559 static u32 nl80211_internal_flags[] = { 16560 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value, 16561 INTERNAL_FLAG_SELECTORS(_) 16562 #undef SELECTOR 16563 }; 16564 16565 static int nl80211_pre_doit(const struct genl_split_ops *ops, 16566 struct sk_buff *skb, 16567 struct genl_info *info) 16568 { 16569 struct cfg80211_registered_device *rdev = NULL; 16570 struct wireless_dev *wdev = NULL; 16571 struct net_device *dev = NULL; 16572 u32 internal_flags; 16573 int err; 16574 16575 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags))) 16576 return -EINVAL; 16577 16578 internal_flags = nl80211_internal_flags[ops->internal_flags]; 16579 16580 rtnl_lock(); 16581 if (internal_flags & NL80211_FLAG_NEED_WIPHY) { 16582 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info); 16583 if (IS_ERR(rdev)) { 16584 err = PTR_ERR(rdev); 16585 goto out_unlock; 16586 } 16587 info->user_ptr[0] = rdev; 16588 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV || 16589 internal_flags & NL80211_FLAG_NEED_WDEV) { 16590 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info), 16591 info->attrs); 16592 if (IS_ERR(wdev)) { 16593 err = PTR_ERR(wdev); 16594 goto out_unlock; 16595 } 16596 16597 dev = wdev->netdev; 16598 dev_hold(dev); 16599 rdev = wiphy_to_rdev(wdev->wiphy); 16600 16601 if (internal_flags & NL80211_FLAG_NEED_NETDEV) { 16602 if (!dev) { 16603 err = -EINVAL; 16604 goto out_unlock; 16605 } 16606 16607 info->user_ptr[1] = dev; 16608 } else { 16609 info->user_ptr[1] = wdev; 16610 } 16611 16612 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 16613 !wdev_running(wdev)) { 16614 err = -ENETDOWN; 16615 goto out_unlock; 16616 } 16617 16618 info->user_ptr[0] = rdev; 16619 } 16620 16621 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) { 16622 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID]; 16623 16624 if (!wdev) { 16625 err = -EINVAL; 16626 goto out_unlock; 16627 } 16628 16629 /* MLO -> require valid link ID */ 16630 if (wdev->valid_links && 16631 (!link_id || 16632 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) { 16633 err = -EINVAL; 16634 goto out_unlock; 16635 } 16636 16637 /* non-MLO -> no link ID attribute accepted */ 16638 if (!wdev->valid_links && link_id) { 16639 err = -EINVAL; 16640 goto out_unlock; 16641 } 16642 } 16643 16644 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) { 16645 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] || 16646 (wdev && wdev->valid_links)) { 16647 err = -EINVAL; 16648 goto out_unlock; 16649 } 16650 } 16651 16652 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) { 16653 wiphy_lock(&rdev->wiphy); 16654 /* we keep the mutex locked until post_doit */ 16655 __release(&rdev->wiphy.mtx); 16656 } 16657 if (!(internal_flags & NL80211_FLAG_NEED_RTNL)) 16658 rtnl_unlock(); 16659 16660 return 0; 16661 out_unlock: 16662 rtnl_unlock(); 16663 dev_put(dev); 16664 return err; 16665 } 16666 16667 static void nl80211_post_doit(const struct genl_split_ops *ops, 16668 struct sk_buff *skb, 16669 struct genl_info *info) 16670 { 16671 u32 internal_flags = nl80211_internal_flags[ops->internal_flags]; 16672 16673 if (info->user_ptr[1]) { 16674 if (internal_flags & NL80211_FLAG_NEED_WDEV) { 16675 struct wireless_dev *wdev = info->user_ptr[1]; 16676 16677 dev_put(wdev->netdev); 16678 } else { 16679 dev_put(info->user_ptr[1]); 16680 } 16681 } 16682 16683 if (info->user_ptr[0] && 16684 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) { 16685 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16686 16687 /* we kept the mutex locked since pre_doit */ 16688 __acquire(&rdev->wiphy.mtx); 16689 wiphy_unlock(&rdev->wiphy); 16690 } 16691 16692 if (internal_flags & NL80211_FLAG_NEED_RTNL) 16693 rtnl_unlock(); 16694 16695 /* If needed, clear the netlink message payload from the SKB 16696 * as it might contain key data that shouldn't stick around on 16697 * the heap after the SKB is freed. The netlink message header 16698 * is still needed for further processing, so leave it intact. 16699 */ 16700 if (internal_flags & NL80211_FLAG_CLEAR_SKB) { 16701 struct nlmsghdr *nlh = nlmsg_hdr(skb); 16702 16703 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh)); 16704 } 16705 } 16706 16707 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev, 16708 struct cfg80211_sar_specs *sar_specs, 16709 struct nlattr *spec[], int index) 16710 { 16711 u32 range_index, i; 16712 16713 if (!sar_specs || !spec) 16714 return -EINVAL; 16715 16716 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] || 16717 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]) 16718 return -EINVAL; 16719 16720 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]); 16721 16722 /* check if range_index exceeds num_freq_ranges */ 16723 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges) 16724 return -EINVAL; 16725 16726 /* check if range_index duplicates */ 16727 for (i = 0; i < index; i++) { 16728 if (sar_specs->sub_specs[i].freq_range_index == range_index) 16729 return -EINVAL; 16730 } 16731 16732 sar_specs->sub_specs[index].power = 16733 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]); 16734 16735 sar_specs->sub_specs[index].freq_range_index = range_index; 16736 16737 return 0; 16738 } 16739 16740 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info) 16741 { 16742 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 16743 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1]; 16744 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1]; 16745 struct cfg80211_sar_specs *sar_spec; 16746 enum nl80211_sar_type type; 16747 struct nlattr *spec_list; 16748 u32 specs; 16749 int rem, err; 16750 16751 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs) 16752 return -EOPNOTSUPP; 16753 16754 if (!info->attrs[NL80211_ATTR_SAR_SPEC]) 16755 return -EINVAL; 16756 16757 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX, 16758 info->attrs[NL80211_ATTR_SAR_SPEC], 16759 NULL, NULL); 16760 16761 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS]) 16762 return -EINVAL; 16763 16764 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]); 16765 if (type != rdev->wiphy.sar_capa->type) 16766 return -EINVAL; 16767 16768 specs = 0; 16769 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) 16770 specs++; 16771 16772 if (specs > rdev->wiphy.sar_capa->num_freq_ranges) 16773 return -EINVAL; 16774 16775 sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL); 16776 if (!sar_spec) 16777 return -ENOMEM; 16778 16779 sar_spec->type = type; 16780 specs = 0; 16781 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) { 16782 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX, 16783 spec_list, NULL, NULL); 16784 16785 switch (type) { 16786 case NL80211_SAR_TYPE_POWER: 16787 if (nl80211_set_sar_sub_specs(rdev, sar_spec, 16788 spec, specs)) { 16789 err = -EINVAL; 16790 goto error; 16791 } 16792 break; 16793 default: 16794 err = -EINVAL; 16795 goto error; 16796 } 16797 specs++; 16798 } 16799 16800 sar_spec->num_sub_specs = specs; 16801 16802 rdev->cur_cmd_info = info; 16803 err = rdev_set_sar_specs(rdev, sar_spec); 16804 rdev->cur_cmd_info = NULL; 16805 error: 16806 kfree(sar_spec); 16807 return err; 16808 } 16809 16810 #define SELECTOR(__sel, name, value) \ 16811 ((__sel) == (value)) ? NL80211_IFL_SEL_##name : 16812 int __missing_selector(void); 16813 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector() 16814 16815 static const struct genl_ops nl80211_ops[] = { 16816 { 16817 .cmd = NL80211_CMD_GET_WIPHY, 16818 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16819 .doit = nl80211_get_wiphy, 16820 .dumpit = nl80211_dump_wiphy, 16821 .done = nl80211_dump_wiphy_done, 16822 /* can be retrieved by unprivileged users */ 16823 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 16824 }, 16825 }; 16826 16827 static const struct genl_small_ops nl80211_small_ops[] = { 16828 { 16829 .cmd = NL80211_CMD_SET_WIPHY, 16830 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16831 .doit = nl80211_set_wiphy, 16832 .flags = GENL_UNS_ADMIN_PERM, 16833 }, 16834 { 16835 .cmd = NL80211_CMD_GET_INTERFACE, 16836 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16837 .doit = nl80211_get_interface, 16838 .dumpit = nl80211_dump_interface, 16839 /* can be retrieved by unprivileged users */ 16840 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV), 16841 }, 16842 { 16843 .cmd = NL80211_CMD_SET_INTERFACE, 16844 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16845 .doit = nl80211_set_interface, 16846 .flags = GENL_UNS_ADMIN_PERM, 16847 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 16848 NL80211_FLAG_NEED_RTNL), 16849 }, 16850 { 16851 .cmd = NL80211_CMD_NEW_INTERFACE, 16852 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16853 .doit = nl80211_new_interface, 16854 .flags = GENL_UNS_ADMIN_PERM, 16855 .internal_flags = 16856 IFLAGS(NL80211_FLAG_NEED_WIPHY | 16857 NL80211_FLAG_NEED_RTNL | 16858 /* we take the wiphy mutex later ourselves */ 16859 NL80211_FLAG_NO_WIPHY_MTX), 16860 }, 16861 { 16862 .cmd = NL80211_CMD_DEL_INTERFACE, 16863 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16864 .doit = nl80211_del_interface, 16865 .flags = GENL_UNS_ADMIN_PERM, 16866 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 16867 NL80211_FLAG_NEED_RTNL), 16868 }, 16869 { 16870 .cmd = NL80211_CMD_GET_KEY, 16871 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16872 .doit = nl80211_get_key, 16873 .flags = GENL_UNS_ADMIN_PERM, 16874 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16875 }, 16876 { 16877 .cmd = NL80211_CMD_SET_KEY, 16878 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16879 .doit = nl80211_set_key, 16880 .flags = GENL_UNS_ADMIN_PERM, 16881 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */ 16882 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16883 NL80211_FLAG_CLEAR_SKB), 16884 }, 16885 { 16886 .cmd = NL80211_CMD_NEW_KEY, 16887 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16888 .doit = nl80211_new_key, 16889 .flags = GENL_UNS_ADMIN_PERM, 16890 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16891 NL80211_FLAG_CLEAR_SKB), 16892 }, 16893 { 16894 .cmd = NL80211_CMD_DEL_KEY, 16895 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16896 .doit = nl80211_del_key, 16897 .flags = GENL_UNS_ADMIN_PERM, 16898 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16899 }, 16900 { 16901 .cmd = NL80211_CMD_SET_BEACON, 16902 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16903 .flags = GENL_UNS_ADMIN_PERM, 16904 .doit = nl80211_set_beacon, 16905 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16906 NL80211_FLAG_MLO_VALID_LINK_ID), 16907 }, 16908 { 16909 .cmd = NL80211_CMD_START_AP, 16910 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16911 .flags = GENL_UNS_ADMIN_PERM, 16912 .doit = nl80211_start_ap, 16913 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16914 NL80211_FLAG_MLO_VALID_LINK_ID), 16915 }, 16916 { 16917 .cmd = NL80211_CMD_STOP_AP, 16918 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16919 .flags = GENL_UNS_ADMIN_PERM, 16920 .doit = nl80211_stop_ap, 16921 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16922 NL80211_FLAG_MLO_VALID_LINK_ID), 16923 }, 16924 { 16925 .cmd = NL80211_CMD_GET_STATION, 16926 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16927 .doit = nl80211_get_station, 16928 .dumpit = nl80211_dump_station, 16929 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 16930 }, 16931 { 16932 .cmd = NL80211_CMD_SET_STATION, 16933 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16934 .doit = nl80211_set_station, 16935 .flags = GENL_UNS_ADMIN_PERM, 16936 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16937 }, 16938 { 16939 .cmd = NL80211_CMD_NEW_STATION, 16940 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16941 .doit = nl80211_new_station, 16942 .flags = GENL_UNS_ADMIN_PERM, 16943 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16944 }, 16945 { 16946 .cmd = NL80211_CMD_DEL_STATION, 16947 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16948 .doit = nl80211_del_station, 16949 .flags = GENL_UNS_ADMIN_PERM, 16950 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on 16951 * whether MAC address is passed or not. If MAC address is 16952 * passed, then even during MLO, link ID is not required. 16953 */ 16954 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16955 }, 16956 { 16957 .cmd = NL80211_CMD_GET_MPATH, 16958 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16959 .doit = nl80211_get_mpath, 16960 .dumpit = nl80211_dump_mpath, 16961 .flags = GENL_UNS_ADMIN_PERM, 16962 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16963 }, 16964 { 16965 .cmd = NL80211_CMD_GET_MPP, 16966 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16967 .doit = nl80211_get_mpp, 16968 .dumpit = nl80211_dump_mpp, 16969 .flags = GENL_UNS_ADMIN_PERM, 16970 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16971 }, 16972 { 16973 .cmd = NL80211_CMD_SET_MPATH, 16974 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16975 .doit = nl80211_set_mpath, 16976 .flags = GENL_UNS_ADMIN_PERM, 16977 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16978 }, 16979 { 16980 .cmd = NL80211_CMD_NEW_MPATH, 16981 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16982 .doit = nl80211_new_mpath, 16983 .flags = GENL_UNS_ADMIN_PERM, 16984 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16985 }, 16986 { 16987 .cmd = NL80211_CMD_DEL_MPATH, 16988 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16989 .doit = nl80211_del_mpath, 16990 .flags = GENL_UNS_ADMIN_PERM, 16991 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 16992 }, 16993 { 16994 .cmd = NL80211_CMD_SET_BSS, 16995 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 16996 .doit = nl80211_set_bss, 16997 .flags = GENL_UNS_ADMIN_PERM, 16998 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 16999 NL80211_FLAG_MLO_VALID_LINK_ID), 17000 }, 17001 { 17002 .cmd = NL80211_CMD_GET_REG, 17003 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17004 .doit = nl80211_get_reg_do, 17005 .dumpit = nl80211_get_reg_dump, 17006 /* can be retrieved by unprivileged users */ 17007 }, 17008 #ifdef CONFIG_CFG80211_CRDA_SUPPORT 17009 { 17010 .cmd = NL80211_CMD_SET_REG, 17011 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17012 .doit = nl80211_set_reg, 17013 .flags = GENL_ADMIN_PERM, 17014 }, 17015 #endif 17016 { 17017 .cmd = NL80211_CMD_REQ_SET_REG, 17018 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17019 .doit = nl80211_req_set_reg, 17020 .flags = GENL_ADMIN_PERM, 17021 }, 17022 { 17023 .cmd = NL80211_CMD_RELOAD_REGDB, 17024 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17025 .doit = nl80211_reload_regdb, 17026 .flags = GENL_ADMIN_PERM, 17027 }, 17028 { 17029 .cmd = NL80211_CMD_GET_MESH_CONFIG, 17030 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17031 .doit = nl80211_get_mesh_config, 17032 /* can be retrieved by unprivileged users */ 17033 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17034 }, 17035 { 17036 .cmd = NL80211_CMD_SET_MESH_CONFIG, 17037 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17038 .doit = nl80211_update_mesh_config, 17039 .flags = GENL_UNS_ADMIN_PERM, 17040 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17041 }, 17042 { 17043 .cmd = NL80211_CMD_TRIGGER_SCAN, 17044 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17045 .doit = nl80211_trigger_scan, 17046 .flags = GENL_UNS_ADMIN_PERM, 17047 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17048 }, 17049 { 17050 .cmd = NL80211_CMD_ABORT_SCAN, 17051 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17052 .doit = nl80211_abort_scan, 17053 .flags = GENL_UNS_ADMIN_PERM, 17054 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17055 }, 17056 { 17057 .cmd = NL80211_CMD_GET_SCAN, 17058 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17059 .dumpit = nl80211_dump_scan, 17060 }, 17061 { 17062 .cmd = NL80211_CMD_START_SCHED_SCAN, 17063 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17064 .doit = nl80211_start_sched_scan, 17065 .flags = GENL_UNS_ADMIN_PERM, 17066 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17067 }, 17068 { 17069 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 17070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17071 .doit = nl80211_stop_sched_scan, 17072 .flags = GENL_UNS_ADMIN_PERM, 17073 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17074 }, 17075 { 17076 .cmd = NL80211_CMD_AUTHENTICATE, 17077 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17078 .doit = nl80211_authenticate, 17079 .flags = GENL_UNS_ADMIN_PERM, 17080 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17081 NL80211_FLAG_CLEAR_SKB), 17082 }, 17083 { 17084 .cmd = NL80211_CMD_ASSOCIATE, 17085 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17086 .doit = nl80211_associate, 17087 .flags = GENL_UNS_ADMIN_PERM, 17088 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17089 NL80211_FLAG_CLEAR_SKB), 17090 }, 17091 { 17092 .cmd = NL80211_CMD_DEAUTHENTICATE, 17093 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17094 .doit = nl80211_deauthenticate, 17095 .flags = GENL_UNS_ADMIN_PERM, 17096 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17097 }, 17098 { 17099 .cmd = NL80211_CMD_DISASSOCIATE, 17100 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17101 .doit = nl80211_disassociate, 17102 .flags = GENL_UNS_ADMIN_PERM, 17103 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17104 }, 17105 { 17106 .cmd = NL80211_CMD_JOIN_IBSS, 17107 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17108 .doit = nl80211_join_ibss, 17109 .flags = GENL_UNS_ADMIN_PERM, 17110 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17111 }, 17112 { 17113 .cmd = NL80211_CMD_LEAVE_IBSS, 17114 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17115 .doit = nl80211_leave_ibss, 17116 .flags = GENL_UNS_ADMIN_PERM, 17117 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17118 }, 17119 #ifdef CONFIG_NL80211_TESTMODE 17120 { 17121 .cmd = NL80211_CMD_TESTMODE, 17122 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17123 .doit = nl80211_testmode_do, 17124 .dumpit = nl80211_testmode_dump, 17125 .flags = GENL_UNS_ADMIN_PERM, 17126 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17127 }, 17128 #endif 17129 { 17130 .cmd = NL80211_CMD_CONNECT, 17131 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17132 .doit = nl80211_connect, 17133 .flags = GENL_UNS_ADMIN_PERM, 17134 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17135 NL80211_FLAG_CLEAR_SKB), 17136 }, 17137 { 17138 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS, 17139 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17140 .doit = nl80211_update_connect_params, 17141 .flags = GENL_ADMIN_PERM, 17142 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17143 NL80211_FLAG_CLEAR_SKB), 17144 }, 17145 { 17146 .cmd = NL80211_CMD_DISCONNECT, 17147 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17148 .doit = nl80211_disconnect, 17149 .flags = GENL_UNS_ADMIN_PERM, 17150 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17151 }, 17152 { 17153 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 17154 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17155 .doit = nl80211_wiphy_netns, 17156 .flags = GENL_UNS_ADMIN_PERM, 17157 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 17158 NL80211_FLAG_NEED_RTNL | 17159 NL80211_FLAG_NO_WIPHY_MTX), 17160 }, 17161 { 17162 .cmd = NL80211_CMD_GET_SURVEY, 17163 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17164 .dumpit = nl80211_dump_survey, 17165 }, 17166 { 17167 .cmd = NL80211_CMD_SET_PMKSA, 17168 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17169 .doit = nl80211_set_pmksa, 17170 .flags = GENL_UNS_ADMIN_PERM, 17171 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17172 NL80211_FLAG_CLEAR_SKB), 17173 }, 17174 { 17175 .cmd = NL80211_CMD_DEL_PMKSA, 17176 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17177 .doit = nl80211_del_pmksa, 17178 .flags = GENL_UNS_ADMIN_PERM, 17179 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17180 }, 17181 { 17182 .cmd = NL80211_CMD_FLUSH_PMKSA, 17183 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17184 .doit = nl80211_flush_pmksa, 17185 .flags = GENL_UNS_ADMIN_PERM, 17186 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17187 }, 17188 { 17189 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 17190 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17191 .doit = nl80211_remain_on_channel, 17192 .flags = GENL_UNS_ADMIN_PERM, 17193 /* FIXME: requiring a link ID here is probably not good */ 17194 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 17195 NL80211_FLAG_MLO_VALID_LINK_ID), 17196 }, 17197 { 17198 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 17199 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17200 .doit = nl80211_cancel_remain_on_channel, 17201 .flags = GENL_UNS_ADMIN_PERM, 17202 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17203 }, 17204 { 17205 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 17206 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17207 .doit = nl80211_set_tx_bitrate_mask, 17208 .flags = GENL_UNS_ADMIN_PERM, 17209 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17210 NL80211_FLAG_MLO_VALID_LINK_ID), 17211 }, 17212 { 17213 .cmd = NL80211_CMD_REGISTER_FRAME, 17214 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17215 .doit = nl80211_register_mgmt, 17216 .flags = GENL_UNS_ADMIN_PERM, 17217 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV), 17218 }, 17219 { 17220 .cmd = NL80211_CMD_FRAME, 17221 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17222 .doit = nl80211_tx_mgmt, 17223 .flags = GENL_UNS_ADMIN_PERM, 17224 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17225 }, 17226 { 17227 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 17228 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17229 .doit = nl80211_tx_mgmt_cancel_wait, 17230 .flags = GENL_UNS_ADMIN_PERM, 17231 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17232 }, 17233 { 17234 .cmd = NL80211_CMD_SET_POWER_SAVE, 17235 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17236 .doit = nl80211_set_power_save, 17237 .flags = GENL_UNS_ADMIN_PERM, 17238 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17239 }, 17240 { 17241 .cmd = NL80211_CMD_GET_POWER_SAVE, 17242 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17243 .doit = nl80211_get_power_save, 17244 /* can be retrieved by unprivileged users */ 17245 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17246 }, 17247 { 17248 .cmd = NL80211_CMD_SET_CQM, 17249 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17250 .doit = nl80211_set_cqm, 17251 .flags = GENL_UNS_ADMIN_PERM, 17252 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17253 }, 17254 { 17255 .cmd = NL80211_CMD_SET_CHANNEL, 17256 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17257 .doit = nl80211_set_channel, 17258 .flags = GENL_UNS_ADMIN_PERM, 17259 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17260 NL80211_FLAG_MLO_VALID_LINK_ID), 17261 }, 17262 { 17263 .cmd = NL80211_CMD_JOIN_MESH, 17264 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17265 .doit = nl80211_join_mesh, 17266 .flags = GENL_UNS_ADMIN_PERM, 17267 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17268 }, 17269 { 17270 .cmd = NL80211_CMD_LEAVE_MESH, 17271 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17272 .doit = nl80211_leave_mesh, 17273 .flags = GENL_UNS_ADMIN_PERM, 17274 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17275 }, 17276 { 17277 .cmd = NL80211_CMD_JOIN_OCB, 17278 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17279 .doit = nl80211_join_ocb, 17280 .flags = GENL_UNS_ADMIN_PERM, 17281 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17282 }, 17283 { 17284 .cmd = NL80211_CMD_LEAVE_OCB, 17285 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17286 .doit = nl80211_leave_ocb, 17287 .flags = GENL_UNS_ADMIN_PERM, 17288 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17289 }, 17290 #ifdef CONFIG_PM 17291 { 17292 .cmd = NL80211_CMD_GET_WOWLAN, 17293 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17294 .doit = nl80211_get_wowlan, 17295 /* can be retrieved by unprivileged users */ 17296 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17297 }, 17298 { 17299 .cmd = NL80211_CMD_SET_WOWLAN, 17300 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17301 .doit = nl80211_set_wowlan, 17302 .flags = GENL_UNS_ADMIN_PERM, 17303 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17304 }, 17305 #endif 17306 { 17307 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 17308 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17309 .doit = nl80211_set_rekey_data, 17310 .flags = GENL_UNS_ADMIN_PERM, 17311 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17312 NL80211_FLAG_CLEAR_SKB), 17313 }, 17314 { 17315 .cmd = NL80211_CMD_TDLS_MGMT, 17316 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17317 .doit = nl80211_tdls_mgmt, 17318 .flags = GENL_UNS_ADMIN_PERM, 17319 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17320 NL80211_FLAG_MLO_VALID_LINK_ID), 17321 }, 17322 { 17323 .cmd = NL80211_CMD_TDLS_OPER, 17324 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17325 .doit = nl80211_tdls_oper, 17326 .flags = GENL_UNS_ADMIN_PERM, 17327 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17328 }, 17329 { 17330 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 17331 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17332 .doit = nl80211_register_unexpected_frame, 17333 .flags = GENL_UNS_ADMIN_PERM, 17334 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17335 }, 17336 { 17337 .cmd = NL80211_CMD_PROBE_CLIENT, 17338 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17339 .doit = nl80211_probe_client, 17340 .flags = GENL_UNS_ADMIN_PERM, 17341 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17342 }, 17343 { 17344 .cmd = NL80211_CMD_REGISTER_BEACONS, 17345 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17346 .doit = nl80211_register_beacons, 17347 .flags = GENL_UNS_ADMIN_PERM, 17348 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17349 }, 17350 { 17351 .cmd = NL80211_CMD_SET_NOACK_MAP, 17352 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17353 .doit = nl80211_set_noack_map, 17354 .flags = GENL_UNS_ADMIN_PERM, 17355 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17356 }, 17357 { 17358 .cmd = NL80211_CMD_START_P2P_DEVICE, 17359 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17360 .doit = nl80211_start_p2p_device, 17361 .flags = GENL_UNS_ADMIN_PERM, 17362 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 17363 NL80211_FLAG_NEED_RTNL), 17364 }, 17365 { 17366 .cmd = NL80211_CMD_STOP_P2P_DEVICE, 17367 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17368 .doit = nl80211_stop_p2p_device, 17369 .flags = GENL_UNS_ADMIN_PERM, 17370 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 17371 NL80211_FLAG_NEED_RTNL), 17372 }, 17373 { 17374 .cmd = NL80211_CMD_START_NAN, 17375 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17376 .doit = nl80211_start_nan, 17377 .flags = GENL_ADMIN_PERM, 17378 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV | 17379 NL80211_FLAG_NEED_RTNL), 17380 }, 17381 { 17382 .cmd = NL80211_CMD_STOP_NAN, 17383 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17384 .doit = nl80211_stop_nan, 17385 .flags = GENL_ADMIN_PERM, 17386 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP | 17387 NL80211_FLAG_NEED_RTNL), 17388 }, 17389 { 17390 .cmd = NL80211_CMD_ADD_NAN_FUNCTION, 17391 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17392 .doit = nl80211_nan_add_func, 17393 .flags = GENL_ADMIN_PERM, 17394 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17395 }, 17396 { 17397 .cmd = NL80211_CMD_DEL_NAN_FUNCTION, 17398 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17399 .doit = nl80211_nan_del_func, 17400 .flags = GENL_ADMIN_PERM, 17401 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17402 }, 17403 { 17404 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG, 17405 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17406 .doit = nl80211_nan_change_config, 17407 .flags = GENL_ADMIN_PERM, 17408 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17409 }, 17410 { 17411 .cmd = NL80211_CMD_SET_MCAST_RATE, 17412 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17413 .doit = nl80211_set_mcast_rate, 17414 .flags = GENL_UNS_ADMIN_PERM, 17415 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17416 }, 17417 { 17418 .cmd = NL80211_CMD_SET_MAC_ACL, 17419 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17420 .doit = nl80211_set_mac_acl, 17421 .flags = GENL_UNS_ADMIN_PERM, 17422 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17423 NL80211_FLAG_MLO_UNSUPPORTED), 17424 }, 17425 { 17426 .cmd = NL80211_CMD_RADAR_DETECT, 17427 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17428 .doit = nl80211_start_radar_detection, 17429 .flags = GENL_UNS_ADMIN_PERM, 17430 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17431 NL80211_FLAG_NO_WIPHY_MTX | 17432 NL80211_FLAG_MLO_VALID_LINK_ID), 17433 }, 17434 { 17435 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES, 17436 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17437 .doit = nl80211_get_protocol_features, 17438 }, 17439 { 17440 .cmd = NL80211_CMD_UPDATE_FT_IES, 17441 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17442 .doit = nl80211_update_ft_ies, 17443 .flags = GENL_UNS_ADMIN_PERM, 17444 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17445 }, 17446 { 17447 .cmd = NL80211_CMD_CRIT_PROTOCOL_START, 17448 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17449 .doit = nl80211_crit_protocol_start, 17450 .flags = GENL_UNS_ADMIN_PERM, 17451 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17452 }, 17453 { 17454 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP, 17455 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17456 .doit = nl80211_crit_protocol_stop, 17457 .flags = GENL_UNS_ADMIN_PERM, 17458 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17459 }, 17460 { 17461 .cmd = NL80211_CMD_GET_COALESCE, 17462 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17463 .doit = nl80211_get_coalesce, 17464 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17465 }, 17466 { 17467 .cmd = NL80211_CMD_SET_COALESCE, 17468 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17469 .doit = nl80211_set_coalesce, 17470 .flags = GENL_UNS_ADMIN_PERM, 17471 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY), 17472 }, 17473 { 17474 .cmd = NL80211_CMD_CHANNEL_SWITCH, 17475 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17476 .doit = nl80211_channel_switch, 17477 .flags = GENL_UNS_ADMIN_PERM, 17478 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17479 NL80211_FLAG_MLO_VALID_LINK_ID), 17480 }, 17481 { 17482 .cmd = NL80211_CMD_VENDOR, 17483 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17484 .doit = nl80211_vendor_cmd, 17485 .dumpit = nl80211_vendor_cmd_dump, 17486 .flags = GENL_UNS_ADMIN_PERM, 17487 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 17488 NL80211_FLAG_CLEAR_SKB), 17489 }, 17490 { 17491 .cmd = NL80211_CMD_SET_QOS_MAP, 17492 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17493 .doit = nl80211_set_qos_map, 17494 .flags = GENL_UNS_ADMIN_PERM, 17495 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17496 }, 17497 { 17498 .cmd = NL80211_CMD_ADD_TX_TS, 17499 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17500 .doit = nl80211_add_tx_ts, 17501 .flags = GENL_UNS_ADMIN_PERM, 17502 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17503 NL80211_FLAG_MLO_UNSUPPORTED), 17504 }, 17505 { 17506 .cmd = NL80211_CMD_DEL_TX_TS, 17507 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17508 .doit = nl80211_del_tx_ts, 17509 .flags = GENL_UNS_ADMIN_PERM, 17510 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17511 }, 17512 { 17513 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH, 17514 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17515 .doit = nl80211_tdls_channel_switch, 17516 .flags = GENL_UNS_ADMIN_PERM, 17517 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17518 }, 17519 { 17520 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH, 17521 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17522 .doit = nl80211_tdls_cancel_channel_switch, 17523 .flags = GENL_UNS_ADMIN_PERM, 17524 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17525 }, 17526 { 17527 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST, 17528 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17529 .doit = nl80211_set_multicast_to_unicast, 17530 .flags = GENL_UNS_ADMIN_PERM, 17531 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV), 17532 }, 17533 { 17534 .cmd = NL80211_CMD_SET_PMK, 17535 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17536 .doit = nl80211_set_pmk, 17537 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17538 NL80211_FLAG_CLEAR_SKB), 17539 }, 17540 { 17541 .cmd = NL80211_CMD_DEL_PMK, 17542 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17543 .doit = nl80211_del_pmk, 17544 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17545 }, 17546 { 17547 .cmd = NL80211_CMD_EXTERNAL_AUTH, 17548 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17549 .doit = nl80211_external_auth, 17550 .flags = GENL_ADMIN_PERM, 17551 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17552 }, 17553 { 17554 .cmd = NL80211_CMD_CONTROL_PORT_FRAME, 17555 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17556 .doit = nl80211_tx_control_port, 17557 .flags = GENL_UNS_ADMIN_PERM, 17558 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17559 }, 17560 { 17561 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS, 17562 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17563 .doit = nl80211_get_ftm_responder_stats, 17564 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17565 NL80211_FLAG_MLO_VALID_LINK_ID), 17566 }, 17567 { 17568 .cmd = NL80211_CMD_PEER_MEASUREMENT_START, 17569 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17570 .doit = nl80211_pmsr_start, 17571 .flags = GENL_UNS_ADMIN_PERM, 17572 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP), 17573 }, 17574 { 17575 .cmd = NL80211_CMD_NOTIFY_RADAR, 17576 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17577 .doit = nl80211_notify_radar_detection, 17578 .flags = GENL_UNS_ADMIN_PERM, 17579 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17580 }, 17581 { 17582 .cmd = NL80211_CMD_UPDATE_OWE_INFO, 17583 .doit = nl80211_update_owe_info, 17584 .flags = GENL_ADMIN_PERM, 17585 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17586 }, 17587 { 17588 .cmd = NL80211_CMD_PROBE_MESH_LINK, 17589 .doit = nl80211_probe_mesh_link, 17590 .flags = GENL_UNS_ADMIN_PERM, 17591 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17592 }, 17593 { 17594 .cmd = NL80211_CMD_SET_TID_CONFIG, 17595 .doit = nl80211_set_tid_config, 17596 .flags = GENL_UNS_ADMIN_PERM, 17597 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV | 17598 NL80211_FLAG_MLO_VALID_LINK_ID), 17599 }, 17600 { 17601 .cmd = NL80211_CMD_SET_SAR_SPECS, 17602 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17603 .doit = nl80211_set_sar_specs, 17604 .flags = GENL_UNS_ADMIN_PERM, 17605 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY | 17606 NL80211_FLAG_NEED_RTNL), 17607 }, 17608 { 17609 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST, 17610 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17611 .doit = nl80211_color_change, 17612 .flags = GENL_UNS_ADMIN_PERM, 17613 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17614 NL80211_FLAG_MLO_VALID_LINK_ID), 17615 }, 17616 { 17617 .cmd = NL80211_CMD_SET_FILS_AAD, 17618 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 17619 .doit = nl80211_set_fils_aad, 17620 .flags = GENL_UNS_ADMIN_PERM, 17621 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17622 }, 17623 { 17624 .cmd = NL80211_CMD_ADD_LINK, 17625 .doit = nl80211_add_link, 17626 .flags = GENL_UNS_ADMIN_PERM, 17627 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17628 }, 17629 { 17630 .cmd = NL80211_CMD_REMOVE_LINK, 17631 .doit = nl80211_remove_link, 17632 .flags = GENL_UNS_ADMIN_PERM, 17633 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17634 NL80211_FLAG_MLO_VALID_LINK_ID), 17635 }, 17636 { 17637 .cmd = NL80211_CMD_ADD_LINK_STA, 17638 .doit = nl80211_add_link_station, 17639 .flags = GENL_UNS_ADMIN_PERM, 17640 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17641 NL80211_FLAG_MLO_VALID_LINK_ID), 17642 }, 17643 { 17644 .cmd = NL80211_CMD_MODIFY_LINK_STA, 17645 .doit = nl80211_modify_link_station, 17646 .flags = GENL_UNS_ADMIN_PERM, 17647 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17648 NL80211_FLAG_MLO_VALID_LINK_ID), 17649 }, 17650 { 17651 .cmd = NL80211_CMD_REMOVE_LINK_STA, 17652 .doit = nl80211_remove_link_station, 17653 .flags = GENL_UNS_ADMIN_PERM, 17654 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP | 17655 NL80211_FLAG_MLO_VALID_LINK_ID), 17656 }, 17657 { 17658 .cmd = NL80211_CMD_SET_HW_TIMESTAMP, 17659 .doit = nl80211_set_hw_timestamp, 17660 .flags = GENL_UNS_ADMIN_PERM, 17661 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17662 }, 17663 { 17664 .cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING, 17665 .doit = nl80211_set_ttlm, 17666 .flags = GENL_UNS_ADMIN_PERM, 17667 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP), 17668 }, 17669 }; 17670 17671 static struct genl_family nl80211_fam __ro_after_init = { 17672 .name = NL80211_GENL_NAME, /* have users key off the name instead */ 17673 .hdrsize = 0, /* no private header */ 17674 .version = 1, /* no particular meaning now */ 17675 .maxattr = NL80211_ATTR_MAX, 17676 .policy = nl80211_policy, 17677 .netnsok = true, 17678 .pre_doit = nl80211_pre_doit, 17679 .post_doit = nl80211_post_doit, 17680 .module = THIS_MODULE, 17681 .ops = nl80211_ops, 17682 .n_ops = ARRAY_SIZE(nl80211_ops), 17683 .small_ops = nl80211_small_ops, 17684 .n_small_ops = ARRAY_SIZE(nl80211_small_ops), 17685 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1, 17686 .mcgrps = nl80211_mcgrps, 17687 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps), 17688 .parallel_ops = true, 17689 }; 17690 17691 /* notification functions */ 17692 17693 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev, 17694 enum nl80211_commands cmd) 17695 { 17696 struct sk_buff *msg; 17697 struct nl80211_dump_wiphy_state state = {}; 17698 17699 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY && 17700 cmd != NL80211_CMD_DEL_WIPHY); 17701 17702 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17703 if (!msg) 17704 return; 17705 17706 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) { 17707 nlmsg_free(msg); 17708 return; 17709 } 17710 17711 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17712 NL80211_MCGRP_CONFIG, GFP_KERNEL); 17713 } 17714 17715 void nl80211_notify_iface(struct cfg80211_registered_device *rdev, 17716 struct wireless_dev *wdev, 17717 enum nl80211_commands cmd) 17718 { 17719 struct sk_buff *msg; 17720 17721 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17722 if (!msg) 17723 return; 17724 17725 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) { 17726 nlmsg_free(msg); 17727 return; 17728 } 17729 17730 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17731 NL80211_MCGRP_CONFIG, GFP_KERNEL); 17732 } 17733 17734 static int nl80211_add_scan_req(struct sk_buff *msg, 17735 struct cfg80211_registered_device *rdev) 17736 { 17737 struct cfg80211_scan_request *req = rdev->scan_req; 17738 struct nlattr *nest; 17739 int i; 17740 struct cfg80211_scan_info *info; 17741 17742 if (WARN_ON(!req)) 17743 return 0; 17744 17745 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS); 17746 if (!nest) 17747 goto nla_put_failure; 17748 for (i = 0; i < req->n_ssids; i++) { 17749 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 17750 goto nla_put_failure; 17751 } 17752 nla_nest_end(msg, nest); 17753 17754 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) { 17755 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ); 17756 if (!nest) 17757 goto nla_put_failure; 17758 for (i = 0; i < req->n_channels; i++) { 17759 if (nla_put_u32(msg, i, 17760 ieee80211_channel_to_khz(req->channels[i]))) 17761 goto nla_put_failure; 17762 } 17763 nla_nest_end(msg, nest); 17764 } else { 17765 nest = nla_nest_start_noflag(msg, 17766 NL80211_ATTR_SCAN_FREQUENCIES); 17767 if (!nest) 17768 goto nla_put_failure; 17769 for (i = 0; i < req->n_channels; i++) { 17770 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 17771 goto nla_put_failure; 17772 } 17773 nla_nest_end(msg, nest); 17774 } 17775 17776 if (req->ie && 17777 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 17778 goto nla_put_failure; 17779 17780 if (req->flags && 17781 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags)) 17782 goto nla_put_failure; 17783 17784 info = rdev->int_scan_req ? &rdev->int_scan_req->info : 17785 &rdev->scan_req->info; 17786 if (info->scan_start_tsf && 17787 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF, 17788 info->scan_start_tsf, NL80211_BSS_PAD) || 17789 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN, 17790 info->tsf_bssid))) 17791 goto nla_put_failure; 17792 17793 return 0; 17794 nla_put_failure: 17795 return -ENOBUFS; 17796 } 17797 17798 static int nl80211_prep_scan_msg(struct sk_buff *msg, 17799 struct cfg80211_registered_device *rdev, 17800 struct wireless_dev *wdev, 17801 u32 portid, u32 seq, int flags, 17802 u32 cmd) 17803 { 17804 void *hdr; 17805 17806 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd); 17807 if (!hdr) 17808 return -1; 17809 17810 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 17811 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 17812 wdev->netdev->ifindex)) || 17813 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 17814 NL80211_ATTR_PAD)) 17815 goto nla_put_failure; 17816 17817 /* ignore errors and send incomplete event anyway */ 17818 nl80211_add_scan_req(msg, rdev); 17819 17820 genlmsg_end(msg, hdr); 17821 return 0; 17822 17823 nla_put_failure: 17824 genlmsg_cancel(msg, hdr); 17825 return -EMSGSIZE; 17826 } 17827 17828 static int 17829 nl80211_prep_sched_scan_msg(struct sk_buff *msg, 17830 struct cfg80211_sched_scan_request *req, u32 cmd) 17831 { 17832 void *hdr; 17833 17834 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 17835 if (!hdr) 17836 return -1; 17837 17838 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, 17839 wiphy_to_rdev(req->wiphy)->wiphy_idx) || 17840 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) || 17841 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid, 17842 NL80211_ATTR_PAD)) 17843 goto nla_put_failure; 17844 17845 genlmsg_end(msg, hdr); 17846 return 0; 17847 17848 nla_put_failure: 17849 genlmsg_cancel(msg, hdr); 17850 return -EMSGSIZE; 17851 } 17852 17853 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 17854 struct wireless_dev *wdev) 17855 { 17856 struct sk_buff *msg; 17857 17858 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17859 if (!msg) 17860 return; 17861 17862 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 17863 NL80211_CMD_TRIGGER_SCAN) < 0) { 17864 nlmsg_free(msg); 17865 return; 17866 } 17867 17868 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17869 NL80211_MCGRP_SCAN, GFP_KERNEL); 17870 } 17871 17872 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev, 17873 struct wireless_dev *wdev, bool aborted) 17874 { 17875 struct sk_buff *msg; 17876 17877 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17878 if (!msg) 17879 return NULL; 17880 17881 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0, 17882 aborted ? NL80211_CMD_SCAN_ABORTED : 17883 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 17884 nlmsg_free(msg); 17885 return NULL; 17886 } 17887 17888 return msg; 17889 } 17890 17891 /* send message created by nl80211_build_scan_msg() */ 17892 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev, 17893 struct sk_buff *msg) 17894 { 17895 if (!msg) 17896 return; 17897 17898 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 17899 NL80211_MCGRP_SCAN, GFP_KERNEL); 17900 } 17901 17902 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd) 17903 { 17904 struct sk_buff *msg; 17905 17906 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17907 if (!msg) 17908 return; 17909 17910 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) { 17911 nlmsg_free(msg); 17912 return; 17913 } 17914 17915 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0, 17916 NL80211_MCGRP_SCAN, GFP_KERNEL); 17917 } 17918 17919 static bool nl80211_reg_change_event_fill(struct sk_buff *msg, 17920 struct regulatory_request *request) 17921 { 17922 /* Userspace can always count this one always being set */ 17923 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 17924 goto nla_put_failure; 17925 17926 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 17927 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17928 NL80211_REGDOM_TYPE_WORLD)) 17929 goto nla_put_failure; 17930 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 17931 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17932 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 17933 goto nla_put_failure; 17934 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 17935 request->intersect) { 17936 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17937 NL80211_REGDOM_TYPE_INTERSECTION)) 17938 goto nla_put_failure; 17939 } else { 17940 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 17941 NL80211_REGDOM_TYPE_COUNTRY) || 17942 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 17943 request->alpha2)) 17944 goto nla_put_failure; 17945 } 17946 17947 if (request->wiphy_idx != WIPHY_IDX_INVALID) { 17948 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx); 17949 17950 if (wiphy && 17951 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 17952 goto nla_put_failure; 17953 17954 if (wiphy && 17955 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED && 17956 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG)) 17957 goto nla_put_failure; 17958 } 17959 17960 return true; 17961 17962 nla_put_failure: 17963 return false; 17964 } 17965 17966 /* 17967 * This can happen on global regulatory changes or device specific settings 17968 * based on custom regulatory domains. 17969 */ 17970 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id, 17971 struct regulatory_request *request) 17972 { 17973 struct sk_buff *msg; 17974 void *hdr; 17975 17976 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 17977 if (!msg) 17978 return; 17979 17980 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id); 17981 if (!hdr) 17982 goto nla_put_failure; 17983 17984 if (!nl80211_reg_change_event_fill(msg, request)) 17985 goto nla_put_failure; 17986 17987 genlmsg_end(msg, hdr); 17988 17989 rcu_read_lock(); 17990 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 17991 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 17992 rcu_read_unlock(); 17993 17994 return; 17995 17996 nla_put_failure: 17997 nlmsg_free(msg); 17998 } 17999 18000 struct nl80211_mlme_event { 18001 enum nl80211_commands cmd; 18002 const u8 *buf; 18003 size_t buf_len; 18004 int uapsd_queues; 18005 const u8 *req_ies; 18006 size_t req_ies_len; 18007 bool reconnect; 18008 }; 18009 18010 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 18011 struct net_device *netdev, 18012 const struct nl80211_mlme_event *event, 18013 gfp_t gfp) 18014 { 18015 struct sk_buff *msg; 18016 void *hdr; 18017 18018 msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp); 18019 if (!msg) 18020 return; 18021 18022 hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd); 18023 if (!hdr) { 18024 nlmsg_free(msg); 18025 return; 18026 } 18027 18028 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18029 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18030 nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) || 18031 (event->req_ies && 18032 nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len, 18033 event->req_ies))) 18034 goto nla_put_failure; 18035 18036 if (event->reconnect && 18037 nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED)) 18038 goto nla_put_failure; 18039 18040 if (event->uapsd_queues >= 0) { 18041 struct nlattr *nla_wmm = 18042 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME); 18043 if (!nla_wmm) 18044 goto nla_put_failure; 18045 18046 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES, 18047 event->uapsd_queues)) 18048 goto nla_put_failure; 18049 18050 nla_nest_end(msg, nla_wmm); 18051 } 18052 18053 genlmsg_end(msg, hdr); 18054 18055 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18056 NL80211_MCGRP_MLME, gfp); 18057 return; 18058 18059 nla_put_failure: 18060 nlmsg_free(msg); 18061 } 18062 18063 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 18064 struct net_device *netdev, const u8 *buf, 18065 size_t len, gfp_t gfp) 18066 { 18067 struct nl80211_mlme_event event = { 18068 .cmd = NL80211_CMD_AUTHENTICATE, 18069 .buf = buf, 18070 .buf_len = len, 18071 .uapsd_queues = -1, 18072 }; 18073 18074 nl80211_send_mlme_event(rdev, netdev, &event, gfp); 18075 } 18076 18077 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 18078 struct net_device *netdev, 18079 const struct cfg80211_rx_assoc_resp_data *data) 18080 { 18081 struct nl80211_mlme_event event = { 18082 .cmd = NL80211_CMD_ASSOCIATE, 18083 .buf = data->buf, 18084 .buf_len = data->len, 18085 .uapsd_queues = data->uapsd_queues, 18086 .req_ies = data->req_ies, 18087 .req_ies_len = data->req_ies_len, 18088 }; 18089 18090 nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL); 18091 } 18092 18093 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 18094 struct net_device *netdev, const u8 *buf, 18095 size_t len, bool reconnect, gfp_t gfp) 18096 { 18097 struct nl80211_mlme_event event = { 18098 .cmd = NL80211_CMD_DEAUTHENTICATE, 18099 .buf = buf, 18100 .buf_len = len, 18101 .reconnect = reconnect, 18102 .uapsd_queues = -1, 18103 }; 18104 18105 nl80211_send_mlme_event(rdev, netdev, &event, gfp); 18106 } 18107 18108 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 18109 struct net_device *netdev, const u8 *buf, 18110 size_t len, bool reconnect, gfp_t gfp) 18111 { 18112 struct nl80211_mlme_event event = { 18113 .cmd = NL80211_CMD_DISASSOCIATE, 18114 .buf = buf, 18115 .buf_len = len, 18116 .reconnect = reconnect, 18117 .uapsd_queues = -1, 18118 }; 18119 18120 nl80211_send_mlme_event(rdev, netdev, &event, gfp); 18121 } 18122 18123 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf, 18124 size_t len) 18125 { 18126 struct wireless_dev *wdev = dev->ieee80211_ptr; 18127 struct wiphy *wiphy = wdev->wiphy; 18128 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18129 const struct ieee80211_mgmt *mgmt = (void *)buf; 18130 struct nl80211_mlme_event event = { 18131 .buf = buf, 18132 .buf_len = len, 18133 .uapsd_queues = -1, 18134 }; 18135 18136 if (WARN_ON(len < 2)) 18137 return; 18138 18139 if (ieee80211_is_deauth(mgmt->frame_control)) { 18140 event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE; 18141 } else if (ieee80211_is_disassoc(mgmt->frame_control)) { 18142 event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE; 18143 } else if (ieee80211_is_beacon(mgmt->frame_control)) { 18144 if (wdev->unprot_beacon_reported && 18145 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000) 18146 return; 18147 event.cmd = NL80211_CMD_UNPROT_BEACON; 18148 wdev->unprot_beacon_reported = jiffies; 18149 } else { 18150 return; 18151 } 18152 18153 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len); 18154 nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC); 18155 } 18156 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt); 18157 18158 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 18159 struct net_device *netdev, int cmd, 18160 const u8 *addr, gfp_t gfp) 18161 { 18162 struct sk_buff *msg; 18163 void *hdr; 18164 18165 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18166 if (!msg) 18167 return; 18168 18169 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 18170 if (!hdr) { 18171 nlmsg_free(msg); 18172 return; 18173 } 18174 18175 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18176 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18177 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 18178 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 18179 goto nla_put_failure; 18180 18181 genlmsg_end(msg, hdr); 18182 18183 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18184 NL80211_MCGRP_MLME, gfp); 18185 return; 18186 18187 nla_put_failure: 18188 nlmsg_free(msg); 18189 } 18190 18191 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 18192 struct net_device *netdev, const u8 *addr, 18193 gfp_t gfp) 18194 { 18195 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 18196 addr, gfp); 18197 } 18198 18199 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 18200 struct net_device *netdev, const u8 *addr, 18201 gfp_t gfp) 18202 { 18203 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 18204 addr, gfp); 18205 } 18206 18207 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 18208 struct net_device *netdev, 18209 struct cfg80211_connect_resp_params *cr, 18210 gfp_t gfp) 18211 { 18212 struct sk_buff *msg; 18213 void *hdr; 18214 unsigned int link; 18215 size_t link_info_size = 0; 18216 const u8 *connected_addr = cr->valid_links ? 18217 cr->ap_mld_addr : cr->links[0].bssid; 18218 18219 if (cr->valid_links) { 18220 for_each_valid_link(cr, link) { 18221 /* Nested attribute header */ 18222 link_info_size += NLA_HDRLEN; 18223 /* Link ID */ 18224 link_info_size += nla_total_size(sizeof(u8)); 18225 link_info_size += cr->links[link].addr ? 18226 nla_total_size(ETH_ALEN) : 0; 18227 link_info_size += (cr->links[link].bssid || 18228 cr->links[link].bss) ? 18229 nla_total_size(ETH_ALEN) : 0; 18230 link_info_size += nla_total_size(sizeof(u16)); 18231 } 18232 } 18233 18234 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len + 18235 cr->fils.kek_len + cr->fils.pmk_len + 18236 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size, 18237 gfp); 18238 if (!msg) 18239 return; 18240 18241 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 18242 if (!hdr) { 18243 nlmsg_free(msg); 18244 return; 18245 } 18246 18247 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18248 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18249 (connected_addr && 18250 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) || 18251 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, 18252 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE : 18253 cr->status) || 18254 (cr->status < 0 && 18255 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 18256 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON, 18257 cr->timeout_reason))) || 18258 (cr->req_ie && 18259 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) || 18260 (cr->resp_ie && 18261 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len, 18262 cr->resp_ie)) || 18263 (cr->fils.update_erp_next_seq_num && 18264 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 18265 cr->fils.erp_next_seq_num)) || 18266 (cr->status == WLAN_STATUS_SUCCESS && 18267 ((cr->fils.kek && 18268 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len, 18269 cr->fils.kek)) || 18270 (cr->fils.pmk && 18271 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) || 18272 (cr->fils.pmkid && 18273 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid))))) 18274 goto nla_put_failure; 18275 18276 if (cr->valid_links) { 18277 int i = 1; 18278 struct nlattr *nested; 18279 18280 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS); 18281 if (!nested) 18282 goto nla_put_failure; 18283 18284 for_each_valid_link(cr, link) { 18285 struct nlattr *nested_mlo_links; 18286 const u8 *bssid = cr->links[link].bss ? 18287 cr->links[link].bss->bssid : 18288 cr->links[link].bssid; 18289 18290 nested_mlo_links = nla_nest_start(msg, i); 18291 if (!nested_mlo_links) 18292 goto nla_put_failure; 18293 18294 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) || 18295 (bssid && 18296 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) || 18297 (cr->links[link].addr && 18298 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 18299 cr->links[link].addr)) || 18300 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, 18301 cr->links[link].status)) 18302 goto nla_put_failure; 18303 18304 nla_nest_end(msg, nested_mlo_links); 18305 i++; 18306 } 18307 nla_nest_end(msg, nested); 18308 } 18309 18310 genlmsg_end(msg, hdr); 18311 18312 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18313 NL80211_MCGRP_MLME, gfp); 18314 return; 18315 18316 nla_put_failure: 18317 nlmsg_free(msg); 18318 } 18319 18320 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 18321 struct net_device *netdev, 18322 struct cfg80211_roam_info *info, gfp_t gfp) 18323 { 18324 struct sk_buff *msg; 18325 void *hdr; 18326 size_t link_info_size = 0; 18327 unsigned int link; 18328 const u8 *connected_addr = info->ap_mld_addr ? 18329 info->ap_mld_addr : 18330 (info->links[0].bss ? 18331 info->links[0].bss->bssid : 18332 info->links[0].bssid); 18333 18334 if (info->valid_links) { 18335 for_each_valid_link(info, link) { 18336 /* Nested attribute header */ 18337 link_info_size += NLA_HDRLEN; 18338 /* Link ID */ 18339 link_info_size += nla_total_size(sizeof(u8)); 18340 link_info_size += info->links[link].addr ? 18341 nla_total_size(ETH_ALEN) : 0; 18342 link_info_size += (info->links[link].bssid || 18343 info->links[link].bss) ? 18344 nla_total_size(ETH_ALEN) : 0; 18345 } 18346 } 18347 18348 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len + 18349 info->fils.kek_len + info->fils.pmk_len + 18350 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) + 18351 link_info_size, gfp); 18352 if (!msg) 18353 return; 18354 18355 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 18356 if (!hdr) { 18357 nlmsg_free(msg); 18358 return; 18359 } 18360 18361 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18362 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18363 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) || 18364 (info->req_ie && 18365 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len, 18366 info->req_ie)) || 18367 (info->resp_ie && 18368 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len, 18369 info->resp_ie)) || 18370 (info->fils.update_erp_next_seq_num && 18371 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM, 18372 info->fils.erp_next_seq_num)) || 18373 (info->fils.kek && 18374 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len, 18375 info->fils.kek)) || 18376 (info->fils.pmk && 18377 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) || 18378 (info->fils.pmkid && 18379 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid))) 18380 goto nla_put_failure; 18381 18382 if (info->valid_links) { 18383 int i = 1; 18384 struct nlattr *nested; 18385 18386 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS); 18387 if (!nested) 18388 goto nla_put_failure; 18389 18390 for_each_valid_link(info, link) { 18391 struct nlattr *nested_mlo_links; 18392 const u8 *bssid = info->links[link].bss ? 18393 info->links[link].bss->bssid : 18394 info->links[link].bssid; 18395 18396 nested_mlo_links = nla_nest_start(msg, i); 18397 if (!nested_mlo_links) 18398 goto nla_put_failure; 18399 18400 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) || 18401 (bssid && 18402 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) || 18403 (info->links[link].addr && 18404 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 18405 info->links[link].addr))) 18406 goto nla_put_failure; 18407 18408 nla_nest_end(msg, nested_mlo_links); 18409 i++; 18410 } 18411 nla_nest_end(msg, nested); 18412 } 18413 18414 genlmsg_end(msg, hdr); 18415 18416 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18417 NL80211_MCGRP_MLME, gfp); 18418 return; 18419 18420 nla_put_failure: 18421 nlmsg_free(msg); 18422 } 18423 18424 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev, 18425 struct net_device *netdev, const u8 *peer_addr, 18426 const u8 *td_bitmap, u8 td_bitmap_len) 18427 { 18428 struct sk_buff *msg; 18429 void *hdr; 18430 18431 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 18432 if (!msg) 18433 return; 18434 18435 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED); 18436 if (!hdr) { 18437 nlmsg_free(msg); 18438 return; 18439 } 18440 18441 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18442 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18443 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr)) 18444 goto nla_put_failure; 18445 18446 if ((td_bitmap_len > 0) && td_bitmap) 18447 if (nla_put(msg, NL80211_ATTR_TD_BITMAP, 18448 td_bitmap_len, td_bitmap)) 18449 goto nla_put_failure; 18450 18451 genlmsg_end(msg, hdr); 18452 18453 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18454 NL80211_MCGRP_MLME, GFP_KERNEL); 18455 return; 18456 18457 nla_put_failure: 18458 nlmsg_free(msg); 18459 } 18460 18461 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 18462 struct net_device *netdev, u16 reason, 18463 const u8 *ie, size_t ie_len, bool from_ap) 18464 { 18465 struct sk_buff *msg; 18466 void *hdr; 18467 18468 msg = nlmsg_new(100 + ie_len, GFP_KERNEL); 18469 if (!msg) 18470 return; 18471 18472 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 18473 if (!hdr) { 18474 nlmsg_free(msg); 18475 return; 18476 } 18477 18478 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18479 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18480 (reason && 18481 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 18482 (from_ap && 18483 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 18484 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 18485 goto nla_put_failure; 18486 18487 genlmsg_end(msg, hdr); 18488 18489 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18490 NL80211_MCGRP_MLME, GFP_KERNEL); 18491 return; 18492 18493 nla_put_failure: 18494 nlmsg_free(msg); 18495 } 18496 18497 void cfg80211_links_removed(struct net_device *dev, u16 link_mask) 18498 { 18499 struct wireless_dev *wdev = dev->ieee80211_ptr; 18500 struct wiphy *wiphy = wdev->wiphy; 18501 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18502 struct sk_buff *msg; 18503 struct nlattr *links; 18504 void *hdr; 18505 18506 lockdep_assert_wiphy(wdev->wiphy); 18507 trace_cfg80211_links_removed(dev, link_mask); 18508 18509 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION && 18510 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)) 18511 return; 18512 18513 if (WARN_ON(!wdev->valid_links || !link_mask || 18514 (wdev->valid_links & link_mask) != link_mask || 18515 wdev->valid_links == link_mask)) 18516 return; 18517 18518 cfg80211_wdev_release_link_bsses(wdev, link_mask); 18519 wdev->valid_links &= ~link_mask; 18520 18521 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 18522 if (!msg) 18523 return; 18524 18525 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED); 18526 if (!hdr) { 18527 nlmsg_free(msg); 18528 return; 18529 } 18530 18531 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18532 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 18533 goto nla_put_failure; 18534 18535 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS); 18536 if (!links) 18537 goto nla_put_failure; 18538 18539 while (link_mask) { 18540 struct nlattr *link; 18541 int link_id = __ffs(link_mask); 18542 18543 link = nla_nest_start(msg, link_id + 1); 18544 if (!link) 18545 goto nla_put_failure; 18546 18547 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) 18548 goto nla_put_failure; 18549 18550 nla_nest_end(msg, link); 18551 link_mask &= ~(1 << link_id); 18552 } 18553 18554 nla_nest_end(msg, links); 18555 18556 genlmsg_end(msg, hdr); 18557 18558 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18559 NL80211_MCGRP_MLME, GFP_KERNEL); 18560 return; 18561 18562 nla_put_failure: 18563 nlmsg_free(msg); 18564 } 18565 EXPORT_SYMBOL(cfg80211_links_removed); 18566 18567 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 18568 struct net_device *netdev, const u8 *bssid, 18569 gfp_t gfp) 18570 { 18571 struct sk_buff *msg; 18572 void *hdr; 18573 18574 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18575 if (!msg) 18576 return; 18577 18578 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 18579 if (!hdr) { 18580 nlmsg_free(msg); 18581 return; 18582 } 18583 18584 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18585 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18586 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 18587 goto nla_put_failure; 18588 18589 genlmsg_end(msg, hdr); 18590 18591 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18592 NL80211_MCGRP_MLME, gfp); 18593 return; 18594 18595 nla_put_failure: 18596 nlmsg_free(msg); 18597 } 18598 18599 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr, 18600 const u8 *ie, u8 ie_len, 18601 int sig_dbm, gfp_t gfp) 18602 { 18603 struct wireless_dev *wdev = dev->ieee80211_ptr; 18604 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18605 struct sk_buff *msg; 18606 void *hdr; 18607 18608 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT)) 18609 return; 18610 18611 trace_cfg80211_notify_new_peer_candidate(dev, addr); 18612 18613 msg = nlmsg_new(100 + ie_len, gfp); 18614 if (!msg) 18615 return; 18616 18617 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 18618 if (!hdr) { 18619 nlmsg_free(msg); 18620 return; 18621 } 18622 18623 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18624 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18625 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 18626 (ie_len && ie && 18627 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) || 18628 (sig_dbm && 18629 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm))) 18630 goto nla_put_failure; 18631 18632 genlmsg_end(msg, hdr); 18633 18634 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18635 NL80211_MCGRP_MLME, gfp); 18636 return; 18637 18638 nla_put_failure: 18639 nlmsg_free(msg); 18640 } 18641 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate); 18642 18643 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 18644 struct net_device *netdev, const u8 *addr, 18645 enum nl80211_key_type key_type, int key_id, 18646 const u8 *tsc, gfp_t gfp) 18647 { 18648 struct sk_buff *msg; 18649 void *hdr; 18650 18651 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18652 if (!msg) 18653 return; 18654 18655 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 18656 if (!hdr) { 18657 nlmsg_free(msg); 18658 return; 18659 } 18660 18661 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18662 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18663 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 18664 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 18665 (key_id != -1 && 18666 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 18667 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 18668 goto nla_put_failure; 18669 18670 genlmsg_end(msg, hdr); 18671 18672 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18673 NL80211_MCGRP_MLME, gfp); 18674 return; 18675 18676 nla_put_failure: 18677 nlmsg_free(msg); 18678 } 18679 18680 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 18681 struct ieee80211_channel *channel_before, 18682 struct ieee80211_channel *channel_after) 18683 { 18684 struct sk_buff *msg; 18685 void *hdr; 18686 struct nlattr *nl_freq; 18687 18688 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 18689 if (!msg) 18690 return; 18691 18692 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 18693 if (!hdr) { 18694 nlmsg_free(msg); 18695 return; 18696 } 18697 18698 /* 18699 * Since we are applying the beacon hint to a wiphy we know its 18700 * wiphy_idx is valid 18701 */ 18702 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 18703 goto nla_put_failure; 18704 18705 /* Before */ 18706 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE); 18707 if (!nl_freq) 18708 goto nla_put_failure; 18709 18710 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false)) 18711 goto nla_put_failure; 18712 nla_nest_end(msg, nl_freq); 18713 18714 /* After */ 18715 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER); 18716 if (!nl_freq) 18717 goto nla_put_failure; 18718 18719 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false)) 18720 goto nla_put_failure; 18721 nla_nest_end(msg, nl_freq); 18722 18723 genlmsg_end(msg, hdr); 18724 18725 rcu_read_lock(); 18726 genlmsg_multicast_allns(&nl80211_fam, msg, 0, 18727 NL80211_MCGRP_REGULATORY, GFP_ATOMIC); 18728 rcu_read_unlock(); 18729 18730 return; 18731 18732 nla_put_failure: 18733 nlmsg_free(msg); 18734 } 18735 18736 static void nl80211_send_remain_on_chan_event( 18737 int cmd, struct cfg80211_registered_device *rdev, 18738 struct wireless_dev *wdev, u64 cookie, 18739 struct ieee80211_channel *chan, 18740 unsigned int duration, gfp_t gfp) 18741 { 18742 struct sk_buff *msg; 18743 void *hdr; 18744 18745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18746 if (!msg) 18747 return; 18748 18749 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 18750 if (!hdr) { 18751 nlmsg_free(msg); 18752 return; 18753 } 18754 18755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18756 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 18757 wdev->netdev->ifindex)) || 18758 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 18759 NL80211_ATTR_PAD) || 18760 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 18761 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 18762 NL80211_CHAN_NO_HT) || 18763 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 18764 NL80211_ATTR_PAD)) 18765 goto nla_put_failure; 18766 18767 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 18768 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 18769 goto nla_put_failure; 18770 18771 genlmsg_end(msg, hdr); 18772 18773 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18774 NL80211_MCGRP_MLME, gfp); 18775 return; 18776 18777 nla_put_failure: 18778 nlmsg_free(msg); 18779 } 18780 18781 void cfg80211_assoc_comeback(struct net_device *netdev, 18782 const u8 *ap_addr, u32 timeout) 18783 { 18784 struct wireless_dev *wdev = netdev->ieee80211_ptr; 18785 struct wiphy *wiphy = wdev->wiphy; 18786 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18787 struct sk_buff *msg; 18788 void *hdr; 18789 18790 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout); 18791 18792 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 18793 if (!msg) 18794 return; 18795 18796 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK); 18797 if (!hdr) { 18798 nlmsg_free(msg); 18799 return; 18800 } 18801 18802 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18803 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 18804 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) || 18805 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout)) 18806 goto nla_put_failure; 18807 18808 genlmsg_end(msg, hdr); 18809 18810 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18811 NL80211_MCGRP_MLME, GFP_KERNEL); 18812 return; 18813 18814 nla_put_failure: 18815 nlmsg_free(msg); 18816 } 18817 EXPORT_SYMBOL(cfg80211_assoc_comeback); 18818 18819 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie, 18820 struct ieee80211_channel *chan, 18821 unsigned int duration, gfp_t gfp) 18822 { 18823 struct wiphy *wiphy = wdev->wiphy; 18824 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18825 18826 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration); 18827 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 18828 rdev, wdev, cookie, chan, 18829 duration, gfp); 18830 } 18831 EXPORT_SYMBOL(cfg80211_ready_on_channel); 18832 18833 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie, 18834 struct ieee80211_channel *chan, 18835 gfp_t gfp) 18836 { 18837 struct wiphy *wiphy = wdev->wiphy; 18838 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18839 18840 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan); 18841 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 18842 rdev, wdev, cookie, chan, 0, gfp); 18843 } 18844 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired); 18845 18846 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie, 18847 struct ieee80211_channel *chan, 18848 gfp_t gfp) 18849 { 18850 struct wiphy *wiphy = wdev->wiphy; 18851 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18852 18853 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan); 18854 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL, 18855 rdev, wdev, cookie, chan, 0, gfp); 18856 } 18857 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired); 18858 18859 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr, 18860 struct station_info *sinfo, gfp_t gfp) 18861 { 18862 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 18863 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18864 struct sk_buff *msg; 18865 18866 trace_cfg80211_new_sta(dev, mac_addr, sinfo); 18867 18868 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18869 if (!msg) 18870 return; 18871 18872 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0, 18873 rdev, dev, mac_addr, sinfo) < 0) { 18874 nlmsg_free(msg); 18875 return; 18876 } 18877 18878 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18879 NL80211_MCGRP_MLME, gfp); 18880 } 18881 EXPORT_SYMBOL(cfg80211_new_sta); 18882 18883 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr, 18884 struct station_info *sinfo, gfp_t gfp) 18885 { 18886 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 18887 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18888 struct sk_buff *msg; 18889 struct station_info empty_sinfo = {}; 18890 18891 if (!sinfo) 18892 sinfo = &empty_sinfo; 18893 18894 trace_cfg80211_del_sta(dev, mac_addr); 18895 18896 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 18897 if (!msg) { 18898 cfg80211_sinfo_release_content(sinfo); 18899 return; 18900 } 18901 18902 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0, 18903 rdev, dev, mac_addr, sinfo) < 0) { 18904 nlmsg_free(msg); 18905 return; 18906 } 18907 18908 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18909 NL80211_MCGRP_MLME, gfp); 18910 } 18911 EXPORT_SYMBOL(cfg80211_del_sta_sinfo); 18912 18913 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr, 18914 enum nl80211_connect_failed_reason reason, 18915 gfp_t gfp) 18916 { 18917 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 18918 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 18919 struct sk_buff *msg; 18920 void *hdr; 18921 18922 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 18923 if (!msg) 18924 return; 18925 18926 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED); 18927 if (!hdr) { 18928 nlmsg_free(msg); 18929 return; 18930 } 18931 18932 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18933 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 18934 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason)) 18935 goto nla_put_failure; 18936 18937 genlmsg_end(msg, hdr); 18938 18939 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 18940 NL80211_MCGRP_MLME, gfp); 18941 return; 18942 18943 nla_put_failure: 18944 nlmsg_free(msg); 18945 } 18946 EXPORT_SYMBOL(cfg80211_conn_failed); 18947 18948 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 18949 const u8 *addr, gfp_t gfp) 18950 { 18951 struct wireless_dev *wdev = dev->ieee80211_ptr; 18952 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 18953 struct sk_buff *msg; 18954 void *hdr; 18955 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid); 18956 18957 if (!nlportid) 18958 return false; 18959 18960 msg = nlmsg_new(100, gfp); 18961 if (!msg) 18962 return true; 18963 18964 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 18965 if (!hdr) { 18966 nlmsg_free(msg); 18967 return true; 18968 } 18969 18970 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 18971 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 18972 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 18973 goto nla_put_failure; 18974 18975 genlmsg_end(msg, hdr); 18976 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 18977 return true; 18978 18979 nla_put_failure: 18980 nlmsg_free(msg); 18981 return true; 18982 } 18983 18984 bool cfg80211_rx_spurious_frame(struct net_device *dev, 18985 const u8 *addr, gfp_t gfp) 18986 { 18987 struct wireless_dev *wdev = dev->ieee80211_ptr; 18988 bool ret; 18989 18990 trace_cfg80211_rx_spurious_frame(dev, addr); 18991 18992 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 18993 wdev->iftype != NL80211_IFTYPE_P2P_GO)) { 18994 trace_cfg80211_return_bool(false); 18995 return false; 18996 } 18997 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 18998 addr, gfp); 18999 trace_cfg80211_return_bool(ret); 19000 return ret; 19001 } 19002 EXPORT_SYMBOL(cfg80211_rx_spurious_frame); 19003 19004 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, 19005 const u8 *addr, gfp_t gfp) 19006 { 19007 struct wireless_dev *wdev = dev->ieee80211_ptr; 19008 bool ret; 19009 19010 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr); 19011 19012 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP && 19013 wdev->iftype != NL80211_IFTYPE_P2P_GO && 19014 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) { 19015 trace_cfg80211_return_bool(false); 19016 return false; 19017 } 19018 ret = __nl80211_unexpected_frame(dev, 19019 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 19020 addr, gfp); 19021 trace_cfg80211_return_bool(ret); 19022 return ret; 19023 } 19024 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame); 19025 19026 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 19027 struct wireless_dev *wdev, u32 nlportid, 19028 struct cfg80211_rx_info *info, gfp_t gfp) 19029 { 19030 struct net_device *netdev = wdev->netdev; 19031 struct sk_buff *msg; 19032 void *hdr; 19033 19034 msg = nlmsg_new(100 + info->len, gfp); 19035 if (!msg) 19036 return -ENOMEM; 19037 19038 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 19039 if (!hdr) { 19040 nlmsg_free(msg); 19041 return -ENOMEM; 19042 } 19043 19044 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19045 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 19046 netdev->ifindex)) || 19047 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19048 NL80211_ATTR_PAD) || 19049 (info->have_link_id && 19050 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) || 19051 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) || 19052 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) || 19053 (info->sig_dbm && 19054 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) || 19055 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) || 19056 (info->flags && 19057 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) || 19058 (info->rx_tstamp && nla_put_u64_64bit(msg, 19059 NL80211_ATTR_RX_HW_TIMESTAMP, 19060 info->rx_tstamp, 19061 NL80211_ATTR_PAD)) || 19062 (info->ack_tstamp && nla_put_u64_64bit(msg, 19063 NL80211_ATTR_TX_HW_TIMESTAMP, 19064 info->ack_tstamp, 19065 NL80211_ATTR_PAD))) 19066 goto nla_put_failure; 19067 19068 genlmsg_end(msg, hdr); 19069 19070 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 19071 19072 nla_put_failure: 19073 nlmsg_free(msg); 19074 return -ENOBUFS; 19075 } 19076 19077 static void nl80211_frame_tx_status(struct wireless_dev *wdev, 19078 struct cfg80211_tx_status *status, 19079 gfp_t gfp, enum nl80211_commands command) 19080 { 19081 struct wiphy *wiphy = wdev->wiphy; 19082 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19083 struct net_device *netdev = wdev->netdev; 19084 struct sk_buff *msg; 19085 void *hdr; 19086 19087 if (command == NL80211_CMD_FRAME_TX_STATUS) 19088 trace_cfg80211_mgmt_tx_status(wdev, status->cookie, 19089 status->ack); 19090 else 19091 trace_cfg80211_control_port_tx_status(wdev, status->cookie, 19092 status->ack); 19093 19094 msg = nlmsg_new(100 + status->len, gfp); 19095 if (!msg) 19096 return; 19097 19098 hdr = nl80211hdr_put(msg, 0, 0, 0, command); 19099 if (!hdr) { 19100 nlmsg_free(msg); 19101 return; 19102 } 19103 19104 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19105 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 19106 netdev->ifindex)) || 19107 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19108 NL80211_ATTR_PAD) || 19109 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) || 19110 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie, 19111 NL80211_ATTR_PAD) || 19112 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) || 19113 (status->tx_tstamp && 19114 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP, 19115 status->tx_tstamp, NL80211_ATTR_PAD)) || 19116 (status->ack_tstamp && 19117 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP, 19118 status->ack_tstamp, NL80211_ATTR_PAD))) 19119 goto nla_put_failure; 19120 19121 genlmsg_end(msg, hdr); 19122 19123 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19124 NL80211_MCGRP_MLME, gfp); 19125 return; 19126 19127 nla_put_failure: 19128 nlmsg_free(msg); 19129 } 19130 19131 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie, 19132 const u8 *buf, size_t len, bool ack, 19133 gfp_t gfp) 19134 { 19135 struct cfg80211_tx_status status = { 19136 .cookie = cookie, 19137 .buf = buf, 19138 .len = len, 19139 .ack = ack 19140 }; 19141 19142 nl80211_frame_tx_status(wdev, &status, gfp, 19143 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS); 19144 } 19145 EXPORT_SYMBOL(cfg80211_control_port_tx_status); 19146 19147 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev, 19148 struct cfg80211_tx_status *status, gfp_t gfp) 19149 { 19150 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS); 19151 } 19152 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext); 19153 19154 static int __nl80211_rx_control_port(struct net_device *dev, 19155 struct sk_buff *skb, 19156 bool unencrypted, 19157 int link_id, 19158 gfp_t gfp) 19159 { 19160 struct wireless_dev *wdev = dev->ieee80211_ptr; 19161 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19162 struct ethhdr *ehdr = eth_hdr(skb); 19163 const u8 *addr = ehdr->h_source; 19164 u16 proto = be16_to_cpu(skb->protocol); 19165 struct sk_buff *msg; 19166 void *hdr; 19167 struct nlattr *frame; 19168 19169 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid); 19170 19171 if (!nlportid) 19172 return -ENOENT; 19173 19174 msg = nlmsg_new(100 + skb->len, gfp); 19175 if (!msg) 19176 return -ENOMEM; 19177 19178 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME); 19179 if (!hdr) { 19180 nlmsg_free(msg); 19181 return -ENOBUFS; 19182 } 19183 19184 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19185 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 19186 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19187 NL80211_ATTR_PAD) || 19188 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 19189 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) || 19190 (link_id >= 0 && 19191 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) || 19192 (unencrypted && nla_put_flag(msg, 19193 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) 19194 goto nla_put_failure; 19195 19196 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len); 19197 if (!frame) 19198 goto nla_put_failure; 19199 19200 skb_copy_bits(skb, 0, nla_data(frame), skb->len); 19201 genlmsg_end(msg, hdr); 19202 19203 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 19204 19205 nla_put_failure: 19206 nlmsg_free(msg); 19207 return -ENOBUFS; 19208 } 19209 19210 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb, 19211 bool unencrypted, int link_id) 19212 { 19213 int ret; 19214 19215 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id); 19216 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id, 19217 GFP_ATOMIC); 19218 trace_cfg80211_return_bool(ret == 0); 19219 return ret == 0; 19220 } 19221 EXPORT_SYMBOL(cfg80211_rx_control_port); 19222 19223 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev, 19224 const char *mac, gfp_t gfp) 19225 { 19226 struct wireless_dev *wdev = dev->ieee80211_ptr; 19227 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19228 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19229 void **cb; 19230 19231 if (!msg) 19232 return NULL; 19233 19234 cb = (void **)msg->cb; 19235 19236 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 19237 if (!cb[0]) { 19238 nlmsg_free(msg); 19239 return NULL; 19240 } 19241 19242 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19243 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 19244 goto nla_put_failure; 19245 19246 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 19247 goto nla_put_failure; 19248 19249 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM); 19250 if (!cb[1]) 19251 goto nla_put_failure; 19252 19253 cb[2] = rdev; 19254 19255 return msg; 19256 nla_put_failure: 19257 nlmsg_free(msg); 19258 return NULL; 19259 } 19260 19261 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp) 19262 { 19263 void **cb = (void **)msg->cb; 19264 struct cfg80211_registered_device *rdev = cb[2]; 19265 19266 nla_nest_end(msg, cb[1]); 19267 genlmsg_end(msg, cb[0]); 19268 19269 memset(msg->cb, 0, sizeof(msg->cb)); 19270 19271 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19272 NL80211_MCGRP_MLME, gfp); 19273 } 19274 19275 void cfg80211_cqm_rssi_notify(struct net_device *dev, 19276 enum nl80211_cqm_rssi_threshold_event rssi_event, 19277 s32 rssi_level, gfp_t gfp) 19278 { 19279 struct wireless_dev *wdev = dev->ieee80211_ptr; 19280 struct cfg80211_cqm_config *cqm_config; 19281 19282 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level); 19283 19284 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW && 19285 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH)) 19286 return; 19287 19288 rcu_read_lock(); 19289 cqm_config = rcu_dereference(wdev->cqm_config); 19290 if (cqm_config) { 19291 cqm_config->last_rssi_event_value = rssi_level; 19292 cqm_config->last_rssi_event_type = rssi_event; 19293 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work); 19294 } 19295 rcu_read_unlock(); 19296 } 19297 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify); 19298 19299 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work) 19300 { 19301 struct wireless_dev *wdev = container_of(work, struct wireless_dev, 19302 cqm_rssi_work); 19303 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19304 enum nl80211_cqm_rssi_threshold_event rssi_event; 19305 struct cfg80211_cqm_config *cqm_config; 19306 struct sk_buff *msg; 19307 s32 rssi_level; 19308 19309 cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config); 19310 if (!cqm_config) 19311 return; 19312 19313 if (cqm_config->use_range_api) 19314 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config); 19315 19316 rssi_level = cqm_config->last_rssi_event_value; 19317 rssi_event = cqm_config->last_rssi_event_type; 19318 19319 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL); 19320 if (!msg) 19321 return; 19322 19323 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 19324 rssi_event)) 19325 goto nla_put_failure; 19326 19327 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL, 19328 rssi_level)) 19329 goto nla_put_failure; 19330 19331 cfg80211_send_cqm(msg, GFP_KERNEL); 19332 19333 return; 19334 19335 nla_put_failure: 19336 nlmsg_free(msg); 19337 } 19338 19339 void cfg80211_cqm_txe_notify(struct net_device *dev, 19340 const u8 *peer, u32 num_packets, 19341 u32 rate, u32 intvl, gfp_t gfp) 19342 { 19343 struct sk_buff *msg; 19344 19345 msg = cfg80211_prepare_cqm(dev, peer, gfp); 19346 if (!msg) 19347 return; 19348 19349 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets)) 19350 goto nla_put_failure; 19351 19352 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate)) 19353 goto nla_put_failure; 19354 19355 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl)) 19356 goto nla_put_failure; 19357 19358 cfg80211_send_cqm(msg, gfp); 19359 return; 19360 19361 nla_put_failure: 19362 nlmsg_free(msg); 19363 } 19364 EXPORT_SYMBOL(cfg80211_cqm_txe_notify); 19365 19366 void cfg80211_cqm_pktloss_notify(struct net_device *dev, 19367 const u8 *peer, u32 num_packets, gfp_t gfp) 19368 { 19369 struct sk_buff *msg; 19370 19371 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets); 19372 19373 msg = cfg80211_prepare_cqm(dev, peer, gfp); 19374 if (!msg) 19375 return; 19376 19377 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 19378 goto nla_put_failure; 19379 19380 cfg80211_send_cqm(msg, gfp); 19381 return; 19382 19383 nla_put_failure: 19384 nlmsg_free(msg); 19385 } 19386 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify); 19387 19388 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp) 19389 { 19390 struct sk_buff *msg; 19391 19392 msg = cfg80211_prepare_cqm(dev, NULL, gfp); 19393 if (!msg) 19394 return; 19395 19396 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT)) 19397 goto nla_put_failure; 19398 19399 cfg80211_send_cqm(msg, gfp); 19400 return; 19401 19402 nla_put_failure: 19403 nlmsg_free(msg); 19404 } 19405 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify); 19406 19407 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 19408 struct net_device *netdev, const u8 *bssid, 19409 const u8 *replay_ctr, gfp_t gfp) 19410 { 19411 struct sk_buff *msg; 19412 struct nlattr *rekey_attr; 19413 void *hdr; 19414 19415 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19416 if (!msg) 19417 return; 19418 19419 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 19420 if (!hdr) { 19421 nlmsg_free(msg); 19422 return; 19423 } 19424 19425 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19426 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 19427 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 19428 goto nla_put_failure; 19429 19430 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA); 19431 if (!rekey_attr) 19432 goto nla_put_failure; 19433 19434 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 19435 NL80211_REPLAY_CTR_LEN, replay_ctr)) 19436 goto nla_put_failure; 19437 19438 nla_nest_end(msg, rekey_attr); 19439 19440 genlmsg_end(msg, hdr); 19441 19442 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19443 NL80211_MCGRP_MLME, gfp); 19444 return; 19445 19446 nla_put_failure: 19447 nlmsg_free(msg); 19448 } 19449 19450 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid, 19451 const u8 *replay_ctr, gfp_t gfp) 19452 { 19453 struct wireless_dev *wdev = dev->ieee80211_ptr; 19454 struct wiphy *wiphy = wdev->wiphy; 19455 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19456 19457 trace_cfg80211_gtk_rekey_notify(dev, bssid); 19458 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp); 19459 } 19460 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify); 19461 19462 static void 19463 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 19464 struct net_device *netdev, int index, 19465 const u8 *bssid, bool preauth, gfp_t gfp) 19466 { 19467 struct sk_buff *msg; 19468 struct nlattr *attr; 19469 void *hdr; 19470 19471 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19472 if (!msg) 19473 return; 19474 19475 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 19476 if (!hdr) { 19477 nlmsg_free(msg); 19478 return; 19479 } 19480 19481 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19482 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 19483 goto nla_put_failure; 19484 19485 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE); 19486 if (!attr) 19487 goto nla_put_failure; 19488 19489 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 19490 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 19491 (preauth && 19492 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 19493 goto nla_put_failure; 19494 19495 nla_nest_end(msg, attr); 19496 19497 genlmsg_end(msg, hdr); 19498 19499 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19500 NL80211_MCGRP_MLME, gfp); 19501 return; 19502 19503 nla_put_failure: 19504 nlmsg_free(msg); 19505 } 19506 19507 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index, 19508 const u8 *bssid, bool preauth, gfp_t gfp) 19509 { 19510 struct wireless_dev *wdev = dev->ieee80211_ptr; 19511 struct wiphy *wiphy = wdev->wiphy; 19512 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19513 19514 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth); 19515 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp); 19516 } 19517 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify); 19518 19519 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 19520 struct net_device *netdev, 19521 unsigned int link_id, 19522 struct cfg80211_chan_def *chandef, 19523 gfp_t gfp, 19524 enum nl80211_commands notif, 19525 u8 count, bool quiet) 19526 { 19527 struct wireless_dev *wdev = netdev->ieee80211_ptr; 19528 struct sk_buff *msg; 19529 void *hdr; 19530 19531 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19532 if (!msg) 19533 return; 19534 19535 hdr = nl80211hdr_put(msg, 0, 0, 0, notif); 19536 if (!hdr) { 19537 nlmsg_free(msg); 19538 return; 19539 } 19540 19541 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 19542 goto nla_put_failure; 19543 19544 if (wdev->valid_links && 19545 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) 19546 goto nla_put_failure; 19547 19548 if (nl80211_send_chandef(msg, chandef)) 19549 goto nla_put_failure; 19550 19551 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) { 19552 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)) 19553 goto nla_put_failure; 19554 if (quiet && 19555 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX)) 19556 goto nla_put_failure; 19557 } 19558 19559 genlmsg_end(msg, hdr); 19560 19561 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19562 NL80211_MCGRP_MLME, gfp); 19563 return; 19564 19565 nla_put_failure: 19566 nlmsg_free(msg); 19567 } 19568 19569 void cfg80211_ch_switch_notify(struct net_device *dev, 19570 struct cfg80211_chan_def *chandef, 19571 unsigned int link_id) 19572 { 19573 struct wireless_dev *wdev = dev->ieee80211_ptr; 19574 struct wiphy *wiphy = wdev->wiphy; 19575 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19576 19577 lockdep_assert_wiphy(wdev->wiphy); 19578 WARN_INVALID_LINK_ID(wdev, link_id); 19579 19580 trace_cfg80211_ch_switch_notify(dev, chandef, link_id); 19581 19582 switch (wdev->iftype) { 19583 case NL80211_IFTYPE_STATION: 19584 case NL80211_IFTYPE_P2P_CLIENT: 19585 if (!WARN_ON(!wdev->links[link_id].client.current_bss)) 19586 cfg80211_update_assoc_bss_entry(wdev, link_id, 19587 chandef->chan); 19588 break; 19589 case NL80211_IFTYPE_MESH_POINT: 19590 wdev->u.mesh.chandef = *chandef; 19591 wdev->u.mesh.preset_chandef = *chandef; 19592 break; 19593 case NL80211_IFTYPE_AP: 19594 case NL80211_IFTYPE_P2P_GO: 19595 wdev->links[link_id].ap.chandef = *chandef; 19596 break; 19597 case NL80211_IFTYPE_ADHOC: 19598 wdev->u.ibss.chandef = *chandef; 19599 break; 19600 default: 19601 WARN_ON(1); 19602 break; 19603 } 19604 19605 cfg80211_schedule_channels_check(wdev); 19606 cfg80211_sched_dfs_chan_update(rdev); 19607 19608 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL, 19609 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false); 19610 } 19611 EXPORT_SYMBOL(cfg80211_ch_switch_notify); 19612 19613 void cfg80211_ch_switch_started_notify(struct net_device *dev, 19614 struct cfg80211_chan_def *chandef, 19615 unsigned int link_id, u8 count, 19616 bool quiet) 19617 { 19618 struct wireless_dev *wdev = dev->ieee80211_ptr; 19619 struct wiphy *wiphy = wdev->wiphy; 19620 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19621 19622 lockdep_assert_wiphy(wdev->wiphy); 19623 WARN_INVALID_LINK_ID(wdev, link_id); 19624 19625 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id); 19626 19627 19628 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL, 19629 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, 19630 count, quiet); 19631 } 19632 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify); 19633 19634 int cfg80211_bss_color_notify(struct net_device *dev, 19635 enum nl80211_commands cmd, u8 count, 19636 u64 color_bitmap, u8 link_id) 19637 { 19638 struct wireless_dev *wdev = dev->ieee80211_ptr; 19639 struct wiphy *wiphy = wdev->wiphy; 19640 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19641 struct sk_buff *msg; 19642 void *hdr; 19643 19644 lockdep_assert_wiphy(wdev->wiphy); 19645 19646 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap); 19647 19648 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 19649 if (!msg) 19650 return -ENOMEM; 19651 19652 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 19653 if (!hdr) 19654 goto nla_put_failure; 19655 19656 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 19657 goto nla_put_failure; 19658 19659 if (wdev->valid_links && 19660 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) 19661 goto nla_put_failure; 19662 19663 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED && 19664 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count)) 19665 goto nla_put_failure; 19666 19667 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION && 19668 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP, 19669 color_bitmap, NL80211_ATTR_PAD)) 19670 goto nla_put_failure; 19671 19672 genlmsg_end(msg, hdr); 19673 19674 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), 19675 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL); 19676 19677 nla_put_failure: 19678 nlmsg_free(msg); 19679 return -EINVAL; 19680 } 19681 EXPORT_SYMBOL(cfg80211_bss_color_notify); 19682 19683 void 19684 nl80211_radar_notify(struct cfg80211_registered_device *rdev, 19685 const struct cfg80211_chan_def *chandef, 19686 enum nl80211_radar_event event, 19687 struct net_device *netdev, gfp_t gfp) 19688 { 19689 struct sk_buff *msg; 19690 void *hdr; 19691 19692 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19693 if (!msg) 19694 return; 19695 19696 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT); 19697 if (!hdr) { 19698 nlmsg_free(msg); 19699 return; 19700 } 19701 19702 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 19703 goto nla_put_failure; 19704 19705 /* NOP and radar events don't need a netdev parameter */ 19706 if (netdev) { 19707 struct wireless_dev *wdev = netdev->ieee80211_ptr; 19708 19709 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 19710 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19711 NL80211_ATTR_PAD)) 19712 goto nla_put_failure; 19713 } 19714 19715 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event)) 19716 goto nla_put_failure; 19717 19718 if (nl80211_send_chandef(msg, chandef)) 19719 goto nla_put_failure; 19720 19721 genlmsg_end(msg, hdr); 19722 19723 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19724 NL80211_MCGRP_MLME, gfp); 19725 return; 19726 19727 nla_put_failure: 19728 nlmsg_free(msg); 19729 } 19730 19731 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac, 19732 struct sta_opmode_info *sta_opmode, 19733 gfp_t gfp) 19734 { 19735 struct sk_buff *msg; 19736 struct wireless_dev *wdev = dev->ieee80211_ptr; 19737 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19738 void *hdr; 19739 19740 if (WARN_ON(!mac)) 19741 return; 19742 19743 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19744 if (!msg) 19745 return; 19746 19747 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED); 19748 if (!hdr) { 19749 nlmsg_free(msg); 19750 return; 19751 } 19752 19753 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 19754 goto nla_put_failure; 19755 19756 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 19757 goto nla_put_failure; 19758 19759 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac)) 19760 goto nla_put_failure; 19761 19762 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) && 19763 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode)) 19764 goto nla_put_failure; 19765 19766 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) && 19767 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw)) 19768 goto nla_put_failure; 19769 19770 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) && 19771 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss)) 19772 goto nla_put_failure; 19773 19774 genlmsg_end(msg, hdr); 19775 19776 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19777 NL80211_MCGRP_MLME, gfp); 19778 19779 return; 19780 19781 nla_put_failure: 19782 nlmsg_free(msg); 19783 } 19784 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify); 19785 19786 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 19787 u64 cookie, bool acked, s32 ack_signal, 19788 bool is_valid_ack_signal, gfp_t gfp) 19789 { 19790 struct wireless_dev *wdev = dev->ieee80211_ptr; 19791 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19792 struct sk_buff *msg; 19793 void *hdr; 19794 19795 trace_cfg80211_probe_status(dev, addr, cookie, acked); 19796 19797 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 19798 19799 if (!msg) 19800 return; 19801 19802 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 19803 if (!hdr) { 19804 nlmsg_free(msg); 19805 return; 19806 } 19807 19808 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19809 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 19810 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 19811 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie, 19812 NL80211_ATTR_PAD) || 19813 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) || 19814 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL, 19815 ack_signal))) 19816 goto nla_put_failure; 19817 19818 genlmsg_end(msg, hdr); 19819 19820 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 19821 NL80211_MCGRP_MLME, gfp); 19822 return; 19823 19824 nla_put_failure: 19825 nlmsg_free(msg); 19826 } 19827 EXPORT_SYMBOL(cfg80211_probe_status); 19828 19829 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame, 19830 size_t len, int freq, int sig_dbm) 19831 { 19832 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 19833 struct sk_buff *msg; 19834 void *hdr; 19835 struct cfg80211_beacon_registration *reg; 19836 19837 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm); 19838 19839 spin_lock_bh(&rdev->beacon_registrations_lock); 19840 list_for_each_entry(reg, &rdev->beacon_registrations, list) { 19841 msg = nlmsg_new(len + 100, GFP_ATOMIC); 19842 if (!msg) { 19843 spin_unlock_bh(&rdev->beacon_registrations_lock); 19844 return; 19845 } 19846 19847 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 19848 if (!hdr) 19849 goto nla_put_failure; 19850 19851 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19852 (freq && 19853 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 19854 KHZ_TO_MHZ(freq)) || 19855 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, 19856 freq % 1000))) || 19857 (sig_dbm && 19858 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 19859 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 19860 goto nla_put_failure; 19861 19862 genlmsg_end(msg, hdr); 19863 19864 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid); 19865 } 19866 spin_unlock_bh(&rdev->beacon_registrations_lock); 19867 return; 19868 19869 nla_put_failure: 19870 spin_unlock_bh(&rdev->beacon_registrations_lock); 19871 nlmsg_free(msg); 19872 } 19873 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz); 19874 19875 #ifdef CONFIG_PM 19876 static int cfg80211_net_detect_results(struct sk_buff *msg, 19877 struct cfg80211_wowlan_wakeup *wakeup) 19878 { 19879 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect; 19880 struct nlattr *nl_results, *nl_match, *nl_freqs; 19881 int i, j; 19882 19883 nl_results = nla_nest_start_noflag(msg, 19884 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS); 19885 if (!nl_results) 19886 return -EMSGSIZE; 19887 19888 for (i = 0; i < nd->n_matches; i++) { 19889 struct cfg80211_wowlan_nd_match *match = nd->matches[i]; 19890 19891 nl_match = nla_nest_start_noflag(msg, i); 19892 if (!nl_match) 19893 break; 19894 19895 /* The SSID attribute is optional in nl80211, but for 19896 * simplicity reasons it's always present in the 19897 * cfg80211 structure. If a driver can't pass the 19898 * SSID, that needs to be changed. A zero length SSID 19899 * is still a valid SSID (wildcard), so it cannot be 19900 * used for this purpose. 19901 */ 19902 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len, 19903 match->ssid.ssid)) { 19904 nla_nest_cancel(msg, nl_match); 19905 goto out; 19906 } 19907 19908 if (match->n_channels) { 19909 nl_freqs = nla_nest_start_noflag(msg, 19910 NL80211_ATTR_SCAN_FREQUENCIES); 19911 if (!nl_freqs) { 19912 nla_nest_cancel(msg, nl_match); 19913 goto out; 19914 } 19915 19916 for (j = 0; j < match->n_channels; j++) { 19917 if (nla_put_u32(msg, j, match->channels[j])) { 19918 nla_nest_cancel(msg, nl_freqs); 19919 nla_nest_cancel(msg, nl_match); 19920 goto out; 19921 } 19922 } 19923 19924 nla_nest_end(msg, nl_freqs); 19925 } 19926 19927 nla_nest_end(msg, nl_match); 19928 } 19929 19930 out: 19931 nla_nest_end(msg, nl_results); 19932 return 0; 19933 } 19934 19935 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev, 19936 struct cfg80211_wowlan_wakeup *wakeup, 19937 gfp_t gfp) 19938 { 19939 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 19940 struct sk_buff *msg; 19941 void *hdr; 19942 int size = 200; 19943 19944 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup); 19945 19946 if (wakeup) 19947 size += wakeup->packet_present_len; 19948 19949 msg = nlmsg_new(size, gfp); 19950 if (!msg) 19951 return; 19952 19953 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN); 19954 if (!hdr) 19955 goto free_msg; 19956 19957 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 19958 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 19959 NL80211_ATTR_PAD)) 19960 goto free_msg; 19961 19962 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX, 19963 wdev->netdev->ifindex)) 19964 goto free_msg; 19965 19966 if (wakeup) { 19967 struct nlattr *reasons; 19968 19969 reasons = nla_nest_start_noflag(msg, 19970 NL80211_ATTR_WOWLAN_TRIGGERS); 19971 if (!reasons) 19972 goto free_msg; 19973 19974 if (wakeup->disconnect && 19975 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) 19976 goto free_msg; 19977 if (wakeup->magic_pkt && 19978 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) 19979 goto free_msg; 19980 if (wakeup->gtk_rekey_failure && 19981 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) 19982 goto free_msg; 19983 if (wakeup->eap_identity_req && 19984 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) 19985 goto free_msg; 19986 if (wakeup->four_way_handshake && 19987 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) 19988 goto free_msg; 19989 if (wakeup->rfkill_release && 19990 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)) 19991 goto free_msg; 19992 19993 if (wakeup->pattern_idx >= 0 && 19994 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 19995 wakeup->pattern_idx)) 19996 goto free_msg; 19997 19998 if (wakeup->tcp_match && 19999 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH)) 20000 goto free_msg; 20001 20002 if (wakeup->tcp_connlost && 20003 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST)) 20004 goto free_msg; 20005 20006 if (wakeup->tcp_nomoretokens && 20007 nla_put_flag(msg, 20008 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS)) 20009 goto free_msg; 20010 20011 if (wakeup->unprot_deauth_disassoc && 20012 nla_put_flag(msg, 20013 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC)) 20014 goto free_msg; 20015 20016 if (wakeup->packet) { 20017 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211; 20018 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN; 20019 20020 if (!wakeup->packet_80211) { 20021 pkt_attr = 20022 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023; 20023 len_attr = 20024 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN; 20025 } 20026 20027 if (wakeup->packet_len && 20028 nla_put_u32(msg, len_attr, wakeup->packet_len)) 20029 goto free_msg; 20030 20031 if (nla_put(msg, pkt_attr, wakeup->packet_present_len, 20032 wakeup->packet)) 20033 goto free_msg; 20034 } 20035 20036 if (wakeup->net_detect && 20037 cfg80211_net_detect_results(msg, wakeup)) 20038 goto free_msg; 20039 20040 nla_nest_end(msg, reasons); 20041 } 20042 20043 genlmsg_end(msg, hdr); 20044 20045 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 20046 NL80211_MCGRP_MLME, gfp); 20047 return; 20048 20049 free_msg: 20050 nlmsg_free(msg); 20051 } 20052 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup); 20053 #endif 20054 20055 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer, 20056 enum nl80211_tdls_operation oper, 20057 u16 reason_code, gfp_t gfp) 20058 { 20059 struct wireless_dev *wdev = dev->ieee80211_ptr; 20060 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 20061 struct sk_buff *msg; 20062 void *hdr; 20063 20064 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper, 20065 reason_code); 20066 20067 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 20068 if (!msg) 20069 return; 20070 20071 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER); 20072 if (!hdr) { 20073 nlmsg_free(msg); 20074 return; 20075 } 20076 20077 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20078 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 20079 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) || 20080 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) || 20081 (reason_code > 0 && 20082 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) 20083 goto nla_put_failure; 20084 20085 genlmsg_end(msg, hdr); 20086 20087 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 20088 NL80211_MCGRP_MLME, gfp); 20089 return; 20090 20091 nla_put_failure: 20092 nlmsg_free(msg); 20093 } 20094 EXPORT_SYMBOL(cfg80211_tdls_oper_request); 20095 20096 static int nl80211_netlink_notify(struct notifier_block * nb, 20097 unsigned long state, 20098 void *_notify) 20099 { 20100 struct netlink_notify *notify = _notify; 20101 struct cfg80211_registered_device *rdev; 20102 struct wireless_dev *wdev; 20103 struct cfg80211_beacon_registration *reg, *tmp; 20104 20105 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC) 20106 return NOTIFY_DONE; 20107 20108 rcu_read_lock(); 20109 20110 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 20111 struct cfg80211_sched_scan_request *sched_scan_req; 20112 20113 list_for_each_entry_rcu(sched_scan_req, 20114 &rdev->sched_scan_req_list, 20115 list) { 20116 if (sched_scan_req->owner_nlportid == notify->portid) { 20117 sched_scan_req->nl_owner_dead = true; 20118 wiphy_work_queue(&rdev->wiphy, 20119 &rdev->sched_scan_stop_wk); 20120 } 20121 } 20122 20123 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) { 20124 cfg80211_mlme_unregister_socket(wdev, notify->portid); 20125 20126 if (wdev->owner_nlportid == notify->portid) { 20127 wdev->nl_owner_dead = true; 20128 schedule_work(&rdev->destroy_work); 20129 } else if (wdev->conn_owner_nlportid == notify->portid) { 20130 schedule_work(&wdev->disconnect_wk); 20131 } 20132 20133 cfg80211_release_pmsr(wdev, notify->portid); 20134 } 20135 20136 spin_lock_bh(&rdev->beacon_registrations_lock); 20137 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations, 20138 list) { 20139 if (reg->nlportid == notify->portid) { 20140 list_del(®->list); 20141 kfree(reg); 20142 break; 20143 } 20144 } 20145 spin_unlock_bh(&rdev->beacon_registrations_lock); 20146 } 20147 20148 rcu_read_unlock(); 20149 20150 /* 20151 * It is possible that the user space process that is controlling the 20152 * indoor setting disappeared, so notify the regulatory core. 20153 */ 20154 regulatory_netlink_notify(notify->portid); 20155 return NOTIFY_OK; 20156 } 20157 20158 static struct notifier_block nl80211_netlink_notifier = { 20159 .notifier_call = nl80211_netlink_notify, 20160 }; 20161 20162 void cfg80211_ft_event(struct net_device *netdev, 20163 struct cfg80211_ft_event_params *ft_event) 20164 { 20165 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 20166 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 20167 struct sk_buff *msg; 20168 void *hdr; 20169 20170 trace_cfg80211_ft_event(wiphy, netdev, ft_event); 20171 20172 if (!ft_event->target_ap) 20173 return; 20174 20175 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len, 20176 GFP_KERNEL); 20177 if (!msg) 20178 return; 20179 20180 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT); 20181 if (!hdr) 20182 goto out; 20183 20184 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20185 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 20186 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap)) 20187 goto out; 20188 20189 if (ft_event->ies && 20190 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies)) 20191 goto out; 20192 if (ft_event->ric_ies && 20193 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len, 20194 ft_event->ric_ies)) 20195 goto out; 20196 20197 genlmsg_end(msg, hdr); 20198 20199 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 20200 NL80211_MCGRP_MLME, GFP_KERNEL); 20201 return; 20202 out: 20203 nlmsg_free(msg); 20204 } 20205 EXPORT_SYMBOL(cfg80211_ft_event); 20206 20207 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp) 20208 { 20209 struct cfg80211_registered_device *rdev; 20210 struct sk_buff *msg; 20211 void *hdr; 20212 u32 nlportid; 20213 20214 rdev = wiphy_to_rdev(wdev->wiphy); 20215 if (!rdev->crit_proto_nlportid) 20216 return; 20217 20218 nlportid = rdev->crit_proto_nlportid; 20219 rdev->crit_proto_nlportid = 0; 20220 20221 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 20222 if (!msg) 20223 return; 20224 20225 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP); 20226 if (!hdr) 20227 goto nla_put_failure; 20228 20229 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20230 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 20231 NL80211_ATTR_PAD)) 20232 goto nla_put_failure; 20233 20234 genlmsg_end(msg, hdr); 20235 20236 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid); 20237 return; 20238 20239 nla_put_failure: 20240 nlmsg_free(msg); 20241 } 20242 EXPORT_SYMBOL(cfg80211_crit_proto_stopped); 20243 20244 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id) 20245 { 20246 struct wiphy *wiphy = wdev->wiphy; 20247 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 20248 struct sk_buff *msg; 20249 void *hdr; 20250 20251 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 20252 if (!msg) 20253 return; 20254 20255 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP); 20256 if (!hdr) 20257 goto out; 20258 20259 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20260 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) || 20261 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev), 20262 NL80211_ATTR_PAD) || 20263 (wdev->valid_links && 20264 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))) 20265 goto out; 20266 20267 genlmsg_end(msg, hdr); 20268 20269 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0, 20270 NL80211_MCGRP_MLME, GFP_KERNEL); 20271 return; 20272 out: 20273 nlmsg_free(msg); 20274 } 20275 20276 int cfg80211_external_auth_request(struct net_device *dev, 20277 struct cfg80211_external_auth_params *params, 20278 gfp_t gfp) 20279 { 20280 struct wireless_dev *wdev = dev->ieee80211_ptr; 20281 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 20282 struct sk_buff *msg; 20283 void *hdr; 20284 20285 if (!wdev->conn_owner_nlportid) 20286 return -EINVAL; 20287 20288 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 20289 if (!msg) 20290 return -ENOMEM; 20291 20292 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH); 20293 if (!hdr) 20294 goto nla_put_failure; 20295 20296 /* Some historical mistakes in drivers <-> userspace interface (notably 20297 * between drivers and wpa_supplicant) led to a big-endian conversion 20298 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is 20299 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the 20300 * benefit of older wpa_supplicant versions, send this particular value 20301 * in big-endian. Note that newer wpa_supplicant will also detect this 20302 * particular value in big endian still, so it all continues to work. 20303 */ 20304 if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) { 20305 if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES, 20306 cpu_to_be32(WLAN_AKM_SUITE_SAE))) 20307 goto nla_put_failure; 20308 } else { 20309 if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, 20310 params->key_mgmt_suite)) 20311 goto nla_put_failure; 20312 } 20313 20314 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20315 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 20316 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION, 20317 params->action) || 20318 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) || 20319 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len, 20320 params->ssid.ssid) || 20321 (!is_zero_ether_addr(params->mld_addr) && 20322 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr))) 20323 goto nla_put_failure; 20324 20325 genlmsg_end(msg, hdr); 20326 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, 20327 wdev->conn_owner_nlportid); 20328 return 0; 20329 20330 nla_put_failure: 20331 nlmsg_free(msg); 20332 return -ENOBUFS; 20333 } 20334 EXPORT_SYMBOL(cfg80211_external_auth_request); 20335 20336 void cfg80211_update_owe_info_event(struct net_device *netdev, 20337 struct cfg80211_update_owe_info *owe_info, 20338 gfp_t gfp) 20339 { 20340 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy; 20341 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy); 20342 struct sk_buff *msg; 20343 void *hdr; 20344 20345 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info); 20346 20347 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 20348 if (!msg) 20349 return; 20350 20351 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO); 20352 if (!hdr) 20353 goto nla_put_failure; 20354 20355 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 20356 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 20357 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer)) 20358 goto nla_put_failure; 20359 20360 if (!owe_info->ie_len || 20361 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie)) 20362 goto nla_put_failure; 20363 20364 if (owe_info->assoc_link_id != -1) { 20365 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, 20366 owe_info->assoc_link_id)) 20367 goto nla_put_failure; 20368 20369 if (!is_zero_ether_addr(owe_info->peer_mld_addr) && 20370 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, 20371 owe_info->peer_mld_addr)) 20372 goto nla_put_failure; 20373 } 20374 20375 genlmsg_end(msg, hdr); 20376 20377 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0, 20378 NL80211_MCGRP_MLME, gfp); 20379 return; 20380 20381 nla_put_failure: 20382 genlmsg_cancel(msg, hdr); 20383 nlmsg_free(msg); 20384 } 20385 EXPORT_SYMBOL(cfg80211_update_owe_info_event); 20386 20387 void cfg80211_schedule_channels_check(struct wireless_dev *wdev) 20388 { 20389 struct wiphy *wiphy = wdev->wiphy; 20390 20391 /* Schedule channels check if NO_IR or DFS relaxations are supported */ 20392 if (wdev->iftype == NL80211_IFTYPE_STATION && 20393 (wiphy_ext_feature_isset(wiphy, 20394 NL80211_EXT_FEATURE_DFS_CONCURRENT) || 20395 (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) && 20396 wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR))) 20397 reg_check_channels(); 20398 } 20399 EXPORT_SYMBOL(cfg80211_schedule_channels_check); 20400 20401 /* initialisation/exit functions */ 20402 20403 int __init nl80211_init(void) 20404 { 20405 int err; 20406 20407 err = genl_register_family(&nl80211_fam); 20408 if (err) 20409 return err; 20410 20411 err = netlink_register_notifier(&nl80211_netlink_notifier); 20412 if (err) 20413 goto err_out; 20414 20415 return 0; 20416 err_out: 20417 genl_unregister_family(&nl80211_fam); 20418 return err; 20419 } 20420 20421 void nl80211_exit(void) 20422 { 20423 netlink_unregister_notifier(&nl80211_netlink_notifier); 20424 genl_unregister_family(&nl80211_fam); 20425 } 20426