1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type); 27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 28 struct genl_info *info, 29 struct cfg80211_crypto_settings *settings, 30 int cipher_limit); 31 32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 33 struct genl_info *info); 34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 35 struct genl_info *info); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam = { 39 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 40 .name = "nl80211", /* have users key off the name instead */ 41 .hdrsize = 0, /* no private header */ 42 .version = 1, /* no particular meaning now */ 43 .maxattr = NL80211_ATTR_MAX, 44 .netnsok = true, 45 .pre_doit = nl80211_pre_doit, 46 .post_doit = nl80211_post_doit, 47 }; 48 49 /* internal helper: get rdev and dev */ 50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs, 51 struct cfg80211_registered_device **rdev, 52 struct net_device **dev) 53 { 54 int ifindex; 55 56 if (!attrs[NL80211_ATTR_IFINDEX]) 57 return -EINVAL; 58 59 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 60 *dev = dev_get_by_index(netns, ifindex); 61 if (!*dev) 62 return -ENODEV; 63 64 *rdev = cfg80211_get_dev_from_ifindex(netns, ifindex); 65 if (IS_ERR(*rdev)) { 66 dev_put(*dev); 67 return PTR_ERR(*rdev); 68 } 69 70 return 0; 71 } 72 73 /* policy for the attributes */ 74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 75 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 76 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 77 .len = 20-1 }, 78 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 79 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 80 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 81 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 82 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 83 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 84 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 85 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 86 87 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 88 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 89 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 90 91 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 92 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 93 94 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 95 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 96 .len = WLAN_MAX_KEY_LEN }, 97 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 98 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 99 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 100 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 101 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 102 103 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 104 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 105 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 106 .len = IEEE80211_MAX_DATA_LEN }, 107 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 108 .len = IEEE80211_MAX_DATA_LEN }, 109 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 110 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 111 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 112 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 113 .len = NL80211_MAX_SUPP_RATES }, 114 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 115 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 116 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 117 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 118 .len = IEEE80211_MAX_MESH_ID_LEN }, 119 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 120 121 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 122 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 123 124 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 125 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 126 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 127 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 128 .len = NL80211_MAX_SUPP_RATES }, 129 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 130 131 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 132 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 133 134 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 135 136 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 137 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 138 .len = IEEE80211_MAX_DATA_LEN }, 139 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 140 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 141 142 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 143 .len = IEEE80211_MAX_SSID_LEN }, 144 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 145 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 146 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 147 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 148 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 149 [NL80211_ATTR_STA_FLAGS2] = { 150 .len = sizeof(struct nl80211_sta_flag_update), 151 }, 152 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 153 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 154 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 156 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 157 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 158 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 159 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 160 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 161 .len = WLAN_PMKID_LEN }, 162 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 163 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 164 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 165 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 166 .len = IEEE80211_MAX_DATA_LEN }, 167 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 168 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 169 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 170 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 171 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 172 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 173 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 174 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 175 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 176 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 177 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 178 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 179 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 180 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 181 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 182 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 183 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 184 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 185 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 186 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 187 .len = IEEE80211_MAX_DATA_LEN }, 188 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 189 .len = IEEE80211_MAX_DATA_LEN }, 190 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 191 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 192 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 193 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 194 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 195 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 196 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 197 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 198 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 199 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 200 .len = IEEE80211_MAX_DATA_LEN }, 201 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 202 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 203 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 204 .len = NL80211_HT_CAPABILITY_LEN 205 }, 206 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 207 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 208 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 209 }; 210 211 /* policy for the key attributes */ 212 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 213 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 214 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 215 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 216 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 217 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 218 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 219 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 220 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 221 }; 222 223 /* policy for the key default flags */ 224 static const struct nla_policy 225 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 226 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 227 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 228 }; 229 230 /* policy for WoWLAN attributes */ 231 static const struct nla_policy 232 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 233 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 234 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 235 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 236 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 237 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 238 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 239 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 240 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 241 }; 242 243 /* policy for GTK rekey offload attributes */ 244 static const struct nla_policy 245 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 246 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 247 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 248 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 249 }; 250 251 static const struct nla_policy 252 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 253 [NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY, 254 .len = IEEE80211_MAX_SSID_LEN }, 255 }; 256 257 /* ifidx get helper */ 258 static int nl80211_get_ifidx(struct netlink_callback *cb) 259 { 260 int res; 261 262 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 263 nl80211_fam.attrbuf, nl80211_fam.maxattr, 264 nl80211_policy); 265 if (res) 266 return res; 267 268 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 269 return -EINVAL; 270 271 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 272 if (!res) 273 return -EINVAL; 274 return res; 275 } 276 277 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 278 struct netlink_callback *cb, 279 struct cfg80211_registered_device **rdev, 280 struct net_device **dev) 281 { 282 int ifidx = cb->args[0]; 283 int err; 284 285 if (!ifidx) 286 ifidx = nl80211_get_ifidx(cb); 287 if (ifidx < 0) 288 return ifidx; 289 290 cb->args[0] = ifidx; 291 292 rtnl_lock(); 293 294 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 295 if (!*dev) { 296 err = -ENODEV; 297 goto out_rtnl; 298 } 299 300 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 301 if (IS_ERR(*rdev)) { 302 err = PTR_ERR(*rdev); 303 goto out_rtnl; 304 } 305 306 return 0; 307 out_rtnl: 308 rtnl_unlock(); 309 return err; 310 } 311 312 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 313 { 314 cfg80211_unlock_rdev(rdev); 315 rtnl_unlock(); 316 } 317 318 /* IE validation */ 319 static bool is_valid_ie_attr(const struct nlattr *attr) 320 { 321 const u8 *pos; 322 int len; 323 324 if (!attr) 325 return true; 326 327 pos = nla_data(attr); 328 len = nla_len(attr); 329 330 while (len) { 331 u8 elemlen; 332 333 if (len < 2) 334 return false; 335 len -= 2; 336 337 elemlen = pos[1]; 338 if (elemlen > len) 339 return false; 340 341 len -= elemlen; 342 pos += 2 + elemlen; 343 } 344 345 return true; 346 } 347 348 /* message building helper */ 349 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 350 int flags, u8 cmd) 351 { 352 /* since there is no private header just add the generic one */ 353 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 354 } 355 356 static int nl80211_msg_put_channel(struct sk_buff *msg, 357 struct ieee80211_channel *chan) 358 { 359 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ, 360 chan->center_freq)) 361 goto nla_put_failure; 362 363 if ((chan->flags & IEEE80211_CHAN_DISABLED) && 364 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED)) 365 goto nla_put_failure; 366 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) && 367 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN)) 368 goto nla_put_failure; 369 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) && 370 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS)) 371 goto nla_put_failure; 372 if ((chan->flags & IEEE80211_CHAN_RADAR) && 373 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR)) 374 goto nla_put_failure; 375 376 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 377 DBM_TO_MBM(chan->max_power))) 378 goto nla_put_failure; 379 380 return 0; 381 382 nla_put_failure: 383 return -ENOBUFS; 384 } 385 386 /* netlink command implementations */ 387 388 struct key_parse { 389 struct key_params p; 390 int idx; 391 int type; 392 bool def, defmgmt; 393 bool def_uni, def_multi; 394 }; 395 396 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 397 { 398 struct nlattr *tb[NL80211_KEY_MAX + 1]; 399 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 400 nl80211_key_policy); 401 if (err) 402 return err; 403 404 k->def = !!tb[NL80211_KEY_DEFAULT]; 405 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 406 407 if (k->def) { 408 k->def_uni = true; 409 k->def_multi = true; 410 } 411 if (k->defmgmt) 412 k->def_multi = true; 413 414 if (tb[NL80211_KEY_IDX]) 415 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 416 417 if (tb[NL80211_KEY_DATA]) { 418 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 419 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 420 } 421 422 if (tb[NL80211_KEY_SEQ]) { 423 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 424 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 425 } 426 427 if (tb[NL80211_KEY_CIPHER]) 428 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 429 430 if (tb[NL80211_KEY_TYPE]) { 431 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 432 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 433 return -EINVAL; 434 } 435 436 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 437 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 438 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 439 tb[NL80211_KEY_DEFAULT_TYPES], 440 nl80211_key_default_policy); 441 if (err) 442 return err; 443 444 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 445 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 446 } 447 448 return 0; 449 } 450 451 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 452 { 453 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 454 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 455 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 456 } 457 458 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 459 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 460 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 461 } 462 463 if (info->attrs[NL80211_ATTR_KEY_IDX]) 464 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 465 466 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 467 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 468 469 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 470 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 471 472 if (k->def) { 473 k->def_uni = true; 474 k->def_multi = true; 475 } 476 if (k->defmgmt) 477 k->def_multi = true; 478 479 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 480 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 481 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 482 return -EINVAL; 483 } 484 485 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 486 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 487 int err = nla_parse_nested( 488 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 489 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 490 nl80211_key_default_policy); 491 if (err) 492 return err; 493 494 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 495 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 496 } 497 498 return 0; 499 } 500 501 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 502 { 503 int err; 504 505 memset(k, 0, sizeof(*k)); 506 k->idx = -1; 507 k->type = -1; 508 509 if (info->attrs[NL80211_ATTR_KEY]) 510 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 511 else 512 err = nl80211_parse_key_old(info, k); 513 514 if (err) 515 return err; 516 517 if (k->def && k->defmgmt) 518 return -EINVAL; 519 520 if (k->defmgmt) { 521 if (k->def_uni || !k->def_multi) 522 return -EINVAL; 523 } 524 525 if (k->idx != -1) { 526 if (k->defmgmt) { 527 if (k->idx < 4 || k->idx > 5) 528 return -EINVAL; 529 } else if (k->def) { 530 if (k->idx < 0 || k->idx > 3) 531 return -EINVAL; 532 } else { 533 if (k->idx < 0 || k->idx > 5) 534 return -EINVAL; 535 } 536 } 537 538 return 0; 539 } 540 541 static struct cfg80211_cached_keys * 542 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 543 struct nlattr *keys) 544 { 545 struct key_parse parse; 546 struct nlattr *key; 547 struct cfg80211_cached_keys *result; 548 int rem, err, def = 0; 549 550 result = kzalloc(sizeof(*result), GFP_KERNEL); 551 if (!result) 552 return ERR_PTR(-ENOMEM); 553 554 result->def = -1; 555 result->defmgmt = -1; 556 557 nla_for_each_nested(key, keys, rem) { 558 memset(&parse, 0, sizeof(parse)); 559 parse.idx = -1; 560 561 err = nl80211_parse_key_new(key, &parse); 562 if (err) 563 goto error; 564 err = -EINVAL; 565 if (!parse.p.key) 566 goto error; 567 if (parse.idx < 0 || parse.idx > 4) 568 goto error; 569 if (parse.def) { 570 if (def) 571 goto error; 572 def = 1; 573 result->def = parse.idx; 574 if (!parse.def_uni || !parse.def_multi) 575 goto error; 576 } else if (parse.defmgmt) 577 goto error; 578 err = cfg80211_validate_key_settings(rdev, &parse.p, 579 parse.idx, false, NULL); 580 if (err) 581 goto error; 582 result->params[parse.idx].cipher = parse.p.cipher; 583 result->params[parse.idx].key_len = parse.p.key_len; 584 result->params[parse.idx].key = result->data[parse.idx]; 585 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 586 } 587 588 return result; 589 error: 590 kfree(result); 591 return ERR_PTR(err); 592 } 593 594 static int nl80211_key_allowed(struct wireless_dev *wdev) 595 { 596 ASSERT_WDEV_LOCK(wdev); 597 598 switch (wdev->iftype) { 599 case NL80211_IFTYPE_AP: 600 case NL80211_IFTYPE_AP_VLAN: 601 case NL80211_IFTYPE_P2P_GO: 602 case NL80211_IFTYPE_MESH_POINT: 603 break; 604 case NL80211_IFTYPE_ADHOC: 605 if (!wdev->current_bss) 606 return -ENOLINK; 607 break; 608 case NL80211_IFTYPE_STATION: 609 case NL80211_IFTYPE_P2P_CLIENT: 610 if (wdev->sme_state != CFG80211_SME_CONNECTED) 611 return -ENOLINK; 612 break; 613 default: 614 return -EINVAL; 615 } 616 617 return 0; 618 } 619 620 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 621 { 622 struct nlattr *nl_modes = nla_nest_start(msg, attr); 623 int i; 624 625 if (!nl_modes) 626 goto nla_put_failure; 627 628 i = 0; 629 while (ifmodes) { 630 if ((ifmodes & 1) && nla_put_flag(msg, i)) 631 goto nla_put_failure; 632 ifmodes >>= 1; 633 i++; 634 } 635 636 nla_nest_end(msg, nl_modes); 637 return 0; 638 639 nla_put_failure: 640 return -ENOBUFS; 641 } 642 643 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 644 struct sk_buff *msg) 645 { 646 struct nlattr *nl_combis; 647 int i, j; 648 649 nl_combis = nla_nest_start(msg, 650 NL80211_ATTR_INTERFACE_COMBINATIONS); 651 if (!nl_combis) 652 goto nla_put_failure; 653 654 for (i = 0; i < wiphy->n_iface_combinations; i++) { 655 const struct ieee80211_iface_combination *c; 656 struct nlattr *nl_combi, *nl_limits; 657 658 c = &wiphy->iface_combinations[i]; 659 660 nl_combi = nla_nest_start(msg, i + 1); 661 if (!nl_combi) 662 goto nla_put_failure; 663 664 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 665 if (!nl_limits) 666 goto nla_put_failure; 667 668 for (j = 0; j < c->n_limits; j++) { 669 struct nlattr *nl_limit; 670 671 nl_limit = nla_nest_start(msg, j + 1); 672 if (!nl_limit) 673 goto nla_put_failure; 674 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, 675 c->limits[j].max)) 676 goto nla_put_failure; 677 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 678 c->limits[j].types)) 679 goto nla_put_failure; 680 nla_nest_end(msg, nl_limit); 681 } 682 683 nla_nest_end(msg, nl_limits); 684 685 if (c->beacon_int_infra_match && 686 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH)) 687 goto nla_put_failure; 688 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 689 c->num_different_channels) || 690 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM, 691 c->max_interfaces)) 692 goto nla_put_failure; 693 694 nla_nest_end(msg, nl_combi); 695 } 696 697 nla_nest_end(msg, nl_combis); 698 699 return 0; 700 nla_put_failure: 701 return -ENOBUFS; 702 } 703 704 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 705 struct cfg80211_registered_device *dev) 706 { 707 void *hdr; 708 struct nlattr *nl_bands, *nl_band; 709 struct nlattr *nl_freqs, *nl_freq; 710 struct nlattr *nl_rates, *nl_rate; 711 struct nlattr *nl_cmds; 712 enum ieee80211_band band; 713 struct ieee80211_channel *chan; 714 struct ieee80211_rate *rate; 715 int i; 716 const struct ieee80211_txrx_stypes *mgmt_stypes = 717 dev->wiphy.mgmt_stypes; 718 719 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 720 if (!hdr) 721 return -1; 722 723 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) || 724 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) || 725 nla_put_u32(msg, NL80211_ATTR_GENERATION, 726 cfg80211_rdev_list_generation) || 727 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 728 dev->wiphy.retry_short) || 729 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 730 dev->wiphy.retry_long) || 731 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 732 dev->wiphy.frag_threshold) || 733 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 734 dev->wiphy.rts_threshold) || 735 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 736 dev->wiphy.coverage_class) || 737 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 738 dev->wiphy.max_scan_ssids) || 739 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 740 dev->wiphy.max_sched_scan_ssids) || 741 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 742 dev->wiphy.max_scan_ie_len) || 743 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 744 dev->wiphy.max_sched_scan_ie_len) || 745 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS, 746 dev->wiphy.max_match_sets)) 747 goto nla_put_failure; 748 749 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) && 750 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN)) 751 goto nla_put_failure; 752 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) && 753 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH)) 754 goto nla_put_failure; 755 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 756 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD)) 757 goto nla_put_failure; 758 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) && 759 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT)) 760 goto nla_put_failure; 761 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) && 762 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT)) 763 goto nla_put_failure; 764 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) && 765 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP)) 766 goto nla_put_failure; 767 768 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES, 769 sizeof(u32) * dev->wiphy.n_cipher_suites, 770 dev->wiphy.cipher_suites)) 771 goto nla_put_failure; 772 773 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 774 dev->wiphy.max_num_pmkids)) 775 goto nla_put_failure; 776 777 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 778 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE)) 779 goto nla_put_failure; 780 781 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 782 dev->wiphy.available_antennas_tx) || 783 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 784 dev->wiphy.available_antennas_rx)) 785 goto nla_put_failure; 786 787 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) && 788 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 789 dev->wiphy.probe_resp_offload)) 790 goto nla_put_failure; 791 792 if ((dev->wiphy.available_antennas_tx || 793 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 794 u32 tx_ant = 0, rx_ant = 0; 795 int res; 796 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant); 797 if (!res) { 798 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, 799 tx_ant) || 800 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, 801 rx_ant)) 802 goto nla_put_failure; 803 } 804 } 805 806 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 807 dev->wiphy.interface_modes)) 808 goto nla_put_failure; 809 810 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 811 if (!nl_bands) 812 goto nla_put_failure; 813 814 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 815 if (!dev->wiphy.bands[band]) 816 continue; 817 818 nl_band = nla_nest_start(msg, band); 819 if (!nl_band) 820 goto nla_put_failure; 821 822 /* add HT info */ 823 if (dev->wiphy.bands[band]->ht_cap.ht_supported && 824 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET, 825 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 826 &dev->wiphy.bands[band]->ht_cap.mcs) || 827 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA, 828 dev->wiphy.bands[band]->ht_cap.cap) || 829 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 830 dev->wiphy.bands[band]->ht_cap.ampdu_factor) || 831 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 832 dev->wiphy.bands[band]->ht_cap.ampdu_density))) 833 goto nla_put_failure; 834 835 /* add frequencies */ 836 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 837 if (!nl_freqs) 838 goto nla_put_failure; 839 840 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 841 nl_freq = nla_nest_start(msg, i); 842 if (!nl_freq) 843 goto nla_put_failure; 844 845 chan = &dev->wiphy.bands[band]->channels[i]; 846 847 if (nl80211_msg_put_channel(msg, chan)) 848 goto nla_put_failure; 849 850 nla_nest_end(msg, nl_freq); 851 } 852 853 nla_nest_end(msg, nl_freqs); 854 855 /* add bitrates */ 856 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 857 if (!nl_rates) 858 goto nla_put_failure; 859 860 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 861 nl_rate = nla_nest_start(msg, i); 862 if (!nl_rate) 863 goto nla_put_failure; 864 865 rate = &dev->wiphy.bands[band]->bitrates[i]; 866 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE, 867 rate->bitrate)) 868 goto nla_put_failure; 869 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) && 870 nla_put_flag(msg, 871 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE)) 872 goto nla_put_failure; 873 874 nla_nest_end(msg, nl_rate); 875 } 876 877 nla_nest_end(msg, nl_rates); 878 879 nla_nest_end(msg, nl_band); 880 } 881 nla_nest_end(msg, nl_bands); 882 883 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 884 if (!nl_cmds) 885 goto nla_put_failure; 886 887 i = 0; 888 #define CMD(op, n) \ 889 do { \ 890 if (dev->ops->op) { \ 891 i++; \ 892 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \ 893 goto nla_put_failure; \ 894 } \ 895 } while (0) 896 897 CMD(add_virtual_intf, NEW_INTERFACE); 898 CMD(change_virtual_intf, SET_INTERFACE); 899 CMD(add_key, NEW_KEY); 900 CMD(start_ap, START_AP); 901 CMD(add_station, NEW_STATION); 902 CMD(add_mpath, NEW_MPATH); 903 CMD(update_mesh_config, SET_MESH_CONFIG); 904 CMD(change_bss, SET_BSS); 905 CMD(auth, AUTHENTICATE); 906 CMD(assoc, ASSOCIATE); 907 CMD(deauth, DEAUTHENTICATE); 908 CMD(disassoc, DISASSOCIATE); 909 CMD(join_ibss, JOIN_IBSS); 910 CMD(join_mesh, JOIN_MESH); 911 CMD(set_pmksa, SET_PMKSA); 912 CMD(del_pmksa, DEL_PMKSA); 913 CMD(flush_pmksa, FLUSH_PMKSA); 914 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 915 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 916 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 917 CMD(mgmt_tx, FRAME); 918 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 919 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 920 i++; 921 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS)) 922 goto nla_put_failure; 923 } 924 CMD(set_channel, SET_CHANNEL); 925 CMD(set_wds_peer, SET_WDS_PEER); 926 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 927 CMD(tdls_mgmt, TDLS_MGMT); 928 CMD(tdls_oper, TDLS_OPER); 929 } 930 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 931 CMD(sched_scan_start, START_SCHED_SCAN); 932 CMD(probe_client, PROBE_CLIENT); 933 CMD(set_noack_map, SET_NOACK_MAP); 934 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 935 i++; 936 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS)) 937 goto nla_put_failure; 938 } 939 940 #ifdef CONFIG_NL80211_TESTMODE 941 CMD(testmode_cmd, TESTMODE); 942 #endif 943 944 #undef CMD 945 946 if (dev->ops->connect || dev->ops->auth) { 947 i++; 948 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT)) 949 goto nla_put_failure; 950 } 951 952 if (dev->ops->disconnect || dev->ops->deauth) { 953 i++; 954 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT)) 955 goto nla_put_failure; 956 } 957 958 nla_nest_end(msg, nl_cmds); 959 960 if (dev->ops->remain_on_channel && 961 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) && 962 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 963 dev->wiphy.max_remain_on_channel_duration)) 964 goto nla_put_failure; 965 966 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) && 967 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) 968 goto nla_put_failure; 969 970 if (mgmt_stypes) { 971 u16 stypes; 972 struct nlattr *nl_ftypes, *nl_ifs; 973 enum nl80211_iftype ift; 974 975 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 976 if (!nl_ifs) 977 goto nla_put_failure; 978 979 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 980 nl_ftypes = nla_nest_start(msg, ift); 981 if (!nl_ftypes) 982 goto nla_put_failure; 983 i = 0; 984 stypes = mgmt_stypes[ift].tx; 985 while (stypes) { 986 if ((stypes & 1) && 987 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 988 (i << 4) | IEEE80211_FTYPE_MGMT)) 989 goto nla_put_failure; 990 stypes >>= 1; 991 i++; 992 } 993 nla_nest_end(msg, nl_ftypes); 994 } 995 996 nla_nest_end(msg, nl_ifs); 997 998 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 999 if (!nl_ifs) 1000 goto nla_put_failure; 1001 1002 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 1003 nl_ftypes = nla_nest_start(msg, ift); 1004 if (!nl_ftypes) 1005 goto nla_put_failure; 1006 i = 0; 1007 stypes = mgmt_stypes[ift].rx; 1008 while (stypes) { 1009 if ((stypes & 1) && 1010 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, 1011 (i << 4) | IEEE80211_FTYPE_MGMT)) 1012 goto nla_put_failure; 1013 stypes >>= 1; 1014 i++; 1015 } 1016 nla_nest_end(msg, nl_ftypes); 1017 } 1018 nla_nest_end(msg, nl_ifs); 1019 } 1020 1021 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 1022 struct nlattr *nl_wowlan; 1023 1024 nl_wowlan = nla_nest_start(msg, 1025 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 1026 if (!nl_wowlan) 1027 goto nla_put_failure; 1028 1029 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) && 1030 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 1031 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) && 1032 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 1033 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) && 1034 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 1035 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) && 1036 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) || 1037 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) && 1038 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 1039 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) && 1040 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 1041 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) && 1042 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 1043 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) && 1044 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 1045 goto nla_put_failure; 1046 if (dev->wiphy.wowlan.n_patterns) { 1047 struct nl80211_wowlan_pattern_support pat = { 1048 .max_patterns = dev->wiphy.wowlan.n_patterns, 1049 .min_pattern_len = 1050 dev->wiphy.wowlan.pattern_min_len, 1051 .max_pattern_len = 1052 dev->wiphy.wowlan.pattern_max_len, 1053 }; 1054 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1055 sizeof(pat), &pat)) 1056 goto nla_put_failure; 1057 } 1058 1059 nla_nest_end(msg, nl_wowlan); 1060 } 1061 1062 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1063 dev->wiphy.software_iftypes)) 1064 goto nla_put_failure; 1065 1066 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1067 goto nla_put_failure; 1068 1069 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) && 1070 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME, 1071 dev->wiphy.ap_sme_capa)) 1072 goto nla_put_failure; 1073 1074 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, 1075 dev->wiphy.features)) 1076 goto nla_put_failure; 1077 1078 if (dev->wiphy.ht_capa_mod_mask && 1079 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1080 sizeof(*dev->wiphy.ht_capa_mod_mask), 1081 dev->wiphy.ht_capa_mod_mask)) 1082 goto nla_put_failure; 1083 1084 return genlmsg_end(msg, hdr); 1085 1086 nla_put_failure: 1087 genlmsg_cancel(msg, hdr); 1088 return -EMSGSIZE; 1089 } 1090 1091 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1092 { 1093 int idx = 0; 1094 int start = cb->args[0]; 1095 struct cfg80211_registered_device *dev; 1096 1097 mutex_lock(&cfg80211_mutex); 1098 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1099 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1100 continue; 1101 if (++idx <= start) 1102 continue; 1103 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 1104 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1105 dev) < 0) { 1106 idx--; 1107 break; 1108 } 1109 } 1110 mutex_unlock(&cfg80211_mutex); 1111 1112 cb->args[0] = idx; 1113 1114 return skb->len; 1115 } 1116 1117 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1118 { 1119 struct sk_buff *msg; 1120 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1121 1122 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1123 if (!msg) 1124 return -ENOMEM; 1125 1126 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) { 1127 nlmsg_free(msg); 1128 return -ENOBUFS; 1129 } 1130 1131 return genlmsg_reply(msg, info); 1132 } 1133 1134 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1135 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1136 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1137 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1138 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1139 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1140 }; 1141 1142 static int parse_txq_params(struct nlattr *tb[], 1143 struct ieee80211_txq_params *txq_params) 1144 { 1145 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] || 1146 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1147 !tb[NL80211_TXQ_ATTR_AIFS]) 1148 return -EINVAL; 1149 1150 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]); 1151 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1152 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1153 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1154 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1155 1156 if (txq_params->ac >= NL80211_NUM_ACS) 1157 return -EINVAL; 1158 1159 return 0; 1160 } 1161 1162 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1163 { 1164 /* 1165 * You can only set the channel explicitly for AP, mesh 1166 * and WDS type interfaces; all others have their channel 1167 * managed via their respective "establish a connection" 1168 * command (connect, join, ...) 1169 * 1170 * Monitors are special as they are normally slaved to 1171 * whatever else is going on, so they behave as though 1172 * you tried setting the wiphy channel itself. 1173 */ 1174 return !wdev || 1175 wdev->iftype == NL80211_IFTYPE_AP || 1176 wdev->iftype == NL80211_IFTYPE_WDS || 1177 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1178 wdev->iftype == NL80211_IFTYPE_MONITOR || 1179 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1180 } 1181 1182 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1183 struct wireless_dev *wdev, 1184 struct genl_info *info) 1185 { 1186 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 1187 u32 freq; 1188 int result; 1189 1190 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1191 return -EINVAL; 1192 1193 if (!nl80211_can_set_dev_channel(wdev)) 1194 return -EOPNOTSUPP; 1195 1196 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1197 channel_type = nla_get_u32(info->attrs[ 1198 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1199 if (channel_type != NL80211_CHAN_NO_HT && 1200 channel_type != NL80211_CHAN_HT20 && 1201 channel_type != NL80211_CHAN_HT40PLUS && 1202 channel_type != NL80211_CHAN_HT40MINUS) 1203 return -EINVAL; 1204 } 1205 1206 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1207 1208 mutex_lock(&rdev->devlist_mtx); 1209 if (wdev) { 1210 wdev_lock(wdev); 1211 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 1212 wdev_unlock(wdev); 1213 } else { 1214 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 1215 } 1216 mutex_unlock(&rdev->devlist_mtx); 1217 1218 return result; 1219 } 1220 1221 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1222 { 1223 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1224 struct net_device *netdev = info->user_ptr[1]; 1225 1226 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1227 } 1228 1229 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1230 { 1231 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1232 struct net_device *dev = info->user_ptr[1]; 1233 struct wireless_dev *wdev = dev->ieee80211_ptr; 1234 const u8 *bssid; 1235 1236 if (!info->attrs[NL80211_ATTR_MAC]) 1237 return -EINVAL; 1238 1239 if (netif_running(dev)) 1240 return -EBUSY; 1241 1242 if (!rdev->ops->set_wds_peer) 1243 return -EOPNOTSUPP; 1244 1245 if (wdev->iftype != NL80211_IFTYPE_WDS) 1246 return -EOPNOTSUPP; 1247 1248 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1249 return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid); 1250 } 1251 1252 1253 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1254 { 1255 struct cfg80211_registered_device *rdev; 1256 struct net_device *netdev = NULL; 1257 struct wireless_dev *wdev; 1258 int result = 0, rem_txq_params = 0; 1259 struct nlattr *nl_txq_params; 1260 u32 changed; 1261 u8 retry_short = 0, retry_long = 0; 1262 u32 frag_threshold = 0, rts_threshold = 0; 1263 u8 coverage_class = 0; 1264 1265 /* 1266 * Try to find the wiphy and netdev. Normally this 1267 * function shouldn't need the netdev, but this is 1268 * done for backward compatibility -- previously 1269 * setting the channel was done per wiphy, but now 1270 * it is per netdev. Previous userland like hostapd 1271 * also passed a netdev to set_wiphy, so that it is 1272 * possible to let that go to the right netdev! 1273 */ 1274 mutex_lock(&cfg80211_mutex); 1275 1276 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1277 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1278 1279 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1280 if (netdev && netdev->ieee80211_ptr) { 1281 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1282 mutex_lock(&rdev->mtx); 1283 } else 1284 netdev = NULL; 1285 } 1286 1287 if (!netdev) { 1288 rdev = __cfg80211_rdev_from_info(info); 1289 if (IS_ERR(rdev)) { 1290 mutex_unlock(&cfg80211_mutex); 1291 return PTR_ERR(rdev); 1292 } 1293 wdev = NULL; 1294 netdev = NULL; 1295 result = 0; 1296 1297 mutex_lock(&rdev->mtx); 1298 } else if (netif_running(netdev) && 1299 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 1300 wdev = netdev->ieee80211_ptr; 1301 else 1302 wdev = NULL; 1303 1304 /* 1305 * end workaround code, by now the rdev is available 1306 * and locked, and wdev may or may not be NULL. 1307 */ 1308 1309 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1310 result = cfg80211_dev_rename( 1311 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1312 1313 mutex_unlock(&cfg80211_mutex); 1314 1315 if (result) 1316 goto bad_res; 1317 1318 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1319 struct ieee80211_txq_params txq_params; 1320 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1321 1322 if (!rdev->ops->set_txq_params) { 1323 result = -EOPNOTSUPP; 1324 goto bad_res; 1325 } 1326 1327 if (!netdev) { 1328 result = -EINVAL; 1329 goto bad_res; 1330 } 1331 1332 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1333 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1334 result = -EINVAL; 1335 goto bad_res; 1336 } 1337 1338 if (!netif_running(netdev)) { 1339 result = -ENETDOWN; 1340 goto bad_res; 1341 } 1342 1343 nla_for_each_nested(nl_txq_params, 1344 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1345 rem_txq_params) { 1346 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1347 nla_data(nl_txq_params), 1348 nla_len(nl_txq_params), 1349 txq_params_policy); 1350 result = parse_txq_params(tb, &txq_params); 1351 if (result) 1352 goto bad_res; 1353 1354 result = rdev->ops->set_txq_params(&rdev->wiphy, 1355 netdev, 1356 &txq_params); 1357 if (result) 1358 goto bad_res; 1359 } 1360 } 1361 1362 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1363 result = __nl80211_set_channel(rdev, wdev, info); 1364 if (result) 1365 goto bad_res; 1366 } 1367 1368 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1369 enum nl80211_tx_power_setting type; 1370 int idx, mbm = 0; 1371 1372 if (!rdev->ops->set_tx_power) { 1373 result = -EOPNOTSUPP; 1374 goto bad_res; 1375 } 1376 1377 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1378 type = nla_get_u32(info->attrs[idx]); 1379 1380 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1381 (type != NL80211_TX_POWER_AUTOMATIC)) { 1382 result = -EINVAL; 1383 goto bad_res; 1384 } 1385 1386 if (type != NL80211_TX_POWER_AUTOMATIC) { 1387 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1388 mbm = nla_get_u32(info->attrs[idx]); 1389 } 1390 1391 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 1392 if (result) 1393 goto bad_res; 1394 } 1395 1396 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1397 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1398 u32 tx_ant, rx_ant; 1399 if ((!rdev->wiphy.available_antennas_tx && 1400 !rdev->wiphy.available_antennas_rx) || 1401 !rdev->ops->set_antenna) { 1402 result = -EOPNOTSUPP; 1403 goto bad_res; 1404 } 1405 1406 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1407 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1408 1409 /* reject antenna configurations which don't match the 1410 * available antenna masks, except for the "all" mask */ 1411 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1412 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1413 result = -EINVAL; 1414 goto bad_res; 1415 } 1416 1417 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1418 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1419 1420 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant); 1421 if (result) 1422 goto bad_res; 1423 } 1424 1425 changed = 0; 1426 1427 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1428 retry_short = nla_get_u8( 1429 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1430 if (retry_short == 0) { 1431 result = -EINVAL; 1432 goto bad_res; 1433 } 1434 changed |= WIPHY_PARAM_RETRY_SHORT; 1435 } 1436 1437 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1438 retry_long = nla_get_u8( 1439 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1440 if (retry_long == 0) { 1441 result = -EINVAL; 1442 goto bad_res; 1443 } 1444 changed |= WIPHY_PARAM_RETRY_LONG; 1445 } 1446 1447 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1448 frag_threshold = nla_get_u32( 1449 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1450 if (frag_threshold < 256) { 1451 result = -EINVAL; 1452 goto bad_res; 1453 } 1454 if (frag_threshold != (u32) -1) { 1455 /* 1456 * Fragments (apart from the last one) are required to 1457 * have even length. Make the fragmentation code 1458 * simpler by stripping LSB should someone try to use 1459 * odd threshold value. 1460 */ 1461 frag_threshold &= ~0x1; 1462 } 1463 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1464 } 1465 1466 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1467 rts_threshold = nla_get_u32( 1468 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1469 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1470 } 1471 1472 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1473 coverage_class = nla_get_u8( 1474 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1475 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1476 } 1477 1478 if (changed) { 1479 u8 old_retry_short, old_retry_long; 1480 u32 old_frag_threshold, old_rts_threshold; 1481 u8 old_coverage_class; 1482 1483 if (!rdev->ops->set_wiphy_params) { 1484 result = -EOPNOTSUPP; 1485 goto bad_res; 1486 } 1487 1488 old_retry_short = rdev->wiphy.retry_short; 1489 old_retry_long = rdev->wiphy.retry_long; 1490 old_frag_threshold = rdev->wiphy.frag_threshold; 1491 old_rts_threshold = rdev->wiphy.rts_threshold; 1492 old_coverage_class = rdev->wiphy.coverage_class; 1493 1494 if (changed & WIPHY_PARAM_RETRY_SHORT) 1495 rdev->wiphy.retry_short = retry_short; 1496 if (changed & WIPHY_PARAM_RETRY_LONG) 1497 rdev->wiphy.retry_long = retry_long; 1498 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1499 rdev->wiphy.frag_threshold = frag_threshold; 1500 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1501 rdev->wiphy.rts_threshold = rts_threshold; 1502 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1503 rdev->wiphy.coverage_class = coverage_class; 1504 1505 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 1506 if (result) { 1507 rdev->wiphy.retry_short = old_retry_short; 1508 rdev->wiphy.retry_long = old_retry_long; 1509 rdev->wiphy.frag_threshold = old_frag_threshold; 1510 rdev->wiphy.rts_threshold = old_rts_threshold; 1511 rdev->wiphy.coverage_class = old_coverage_class; 1512 } 1513 } 1514 1515 bad_res: 1516 mutex_unlock(&rdev->mtx); 1517 if (netdev) 1518 dev_put(netdev); 1519 return result; 1520 } 1521 1522 1523 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1524 struct cfg80211_registered_device *rdev, 1525 struct net_device *dev) 1526 { 1527 void *hdr; 1528 1529 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1530 if (!hdr) 1531 return -1; 1532 1533 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1534 nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 1535 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) || 1536 nla_put_u32(msg, NL80211_ATTR_IFTYPE, 1537 dev->ieee80211_ptr->iftype) || 1538 nla_put_u32(msg, NL80211_ATTR_GENERATION, 1539 rdev->devlist_generation ^ 1540 (cfg80211_rdev_list_generation << 2))) 1541 goto nla_put_failure; 1542 1543 if (rdev->ops->get_channel) { 1544 struct ieee80211_channel *chan; 1545 enum nl80211_channel_type channel_type; 1546 1547 chan = rdev->ops->get_channel(&rdev->wiphy, &channel_type); 1548 if (chan && 1549 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, 1550 chan->center_freq) || 1551 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 1552 channel_type))) 1553 goto nla_put_failure; 1554 } 1555 1556 return genlmsg_end(msg, hdr); 1557 1558 nla_put_failure: 1559 genlmsg_cancel(msg, hdr); 1560 return -EMSGSIZE; 1561 } 1562 1563 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1564 { 1565 int wp_idx = 0; 1566 int if_idx = 0; 1567 int wp_start = cb->args[0]; 1568 int if_start = cb->args[1]; 1569 struct cfg80211_registered_device *rdev; 1570 struct wireless_dev *wdev; 1571 1572 mutex_lock(&cfg80211_mutex); 1573 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1574 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1575 continue; 1576 if (wp_idx < wp_start) { 1577 wp_idx++; 1578 continue; 1579 } 1580 if_idx = 0; 1581 1582 mutex_lock(&rdev->devlist_mtx); 1583 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1584 if (if_idx < if_start) { 1585 if_idx++; 1586 continue; 1587 } 1588 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1589 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1590 rdev, wdev->netdev) < 0) { 1591 mutex_unlock(&rdev->devlist_mtx); 1592 goto out; 1593 } 1594 if_idx++; 1595 } 1596 mutex_unlock(&rdev->devlist_mtx); 1597 1598 wp_idx++; 1599 } 1600 out: 1601 mutex_unlock(&cfg80211_mutex); 1602 1603 cb->args[0] = wp_idx; 1604 cb->args[1] = if_idx; 1605 1606 return skb->len; 1607 } 1608 1609 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1610 { 1611 struct sk_buff *msg; 1612 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1613 struct net_device *netdev = info->user_ptr[1]; 1614 1615 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1616 if (!msg) 1617 return -ENOMEM; 1618 1619 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1620 dev, netdev) < 0) { 1621 nlmsg_free(msg); 1622 return -ENOBUFS; 1623 } 1624 1625 return genlmsg_reply(msg, info); 1626 } 1627 1628 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1629 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1630 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1631 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1632 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1633 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1634 }; 1635 1636 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1637 { 1638 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1639 int flag; 1640 1641 *mntrflags = 0; 1642 1643 if (!nla) 1644 return -EINVAL; 1645 1646 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1647 nla, mntr_flags_policy)) 1648 return -EINVAL; 1649 1650 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1651 if (flags[flag]) 1652 *mntrflags |= (1<<flag); 1653 1654 return 0; 1655 } 1656 1657 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1658 struct net_device *netdev, u8 use_4addr, 1659 enum nl80211_iftype iftype) 1660 { 1661 if (!use_4addr) { 1662 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1663 return -EBUSY; 1664 return 0; 1665 } 1666 1667 switch (iftype) { 1668 case NL80211_IFTYPE_AP_VLAN: 1669 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1670 return 0; 1671 break; 1672 case NL80211_IFTYPE_STATION: 1673 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1674 return 0; 1675 break; 1676 default: 1677 break; 1678 } 1679 1680 return -EOPNOTSUPP; 1681 } 1682 1683 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1684 { 1685 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1686 struct vif_params params; 1687 int err; 1688 enum nl80211_iftype otype, ntype; 1689 struct net_device *dev = info->user_ptr[1]; 1690 u32 _flags, *flags = NULL; 1691 bool change = false; 1692 1693 memset(¶ms, 0, sizeof(params)); 1694 1695 otype = ntype = dev->ieee80211_ptr->iftype; 1696 1697 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1698 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1699 if (otype != ntype) 1700 change = true; 1701 if (ntype > NL80211_IFTYPE_MAX) 1702 return -EINVAL; 1703 } 1704 1705 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1706 struct wireless_dev *wdev = dev->ieee80211_ptr; 1707 1708 if (ntype != NL80211_IFTYPE_MESH_POINT) 1709 return -EINVAL; 1710 if (netif_running(dev)) 1711 return -EBUSY; 1712 1713 wdev_lock(wdev); 1714 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1715 IEEE80211_MAX_MESH_ID_LEN); 1716 wdev->mesh_id_up_len = 1717 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1718 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1719 wdev->mesh_id_up_len); 1720 wdev_unlock(wdev); 1721 } 1722 1723 if (info->attrs[NL80211_ATTR_4ADDR]) { 1724 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1725 change = true; 1726 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1727 if (err) 1728 return err; 1729 } else { 1730 params.use_4addr = -1; 1731 } 1732 1733 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1734 if (ntype != NL80211_IFTYPE_MONITOR) 1735 return -EINVAL; 1736 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1737 &_flags); 1738 if (err) 1739 return err; 1740 1741 flags = &_flags; 1742 change = true; 1743 } 1744 1745 if (change) 1746 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1747 else 1748 err = 0; 1749 1750 if (!err && params.use_4addr != -1) 1751 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1752 1753 return err; 1754 } 1755 1756 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1757 { 1758 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1759 struct vif_params params; 1760 struct net_device *dev; 1761 int err; 1762 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1763 u32 flags; 1764 1765 memset(¶ms, 0, sizeof(params)); 1766 1767 if (!info->attrs[NL80211_ATTR_IFNAME]) 1768 return -EINVAL; 1769 1770 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1771 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1772 if (type > NL80211_IFTYPE_MAX) 1773 return -EINVAL; 1774 } 1775 1776 if (!rdev->ops->add_virtual_intf || 1777 !(rdev->wiphy.interface_modes & (1 << type))) 1778 return -EOPNOTSUPP; 1779 1780 if (info->attrs[NL80211_ATTR_4ADDR]) { 1781 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1782 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1783 if (err) 1784 return err; 1785 } 1786 1787 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1788 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1789 &flags); 1790 dev = rdev->ops->add_virtual_intf(&rdev->wiphy, 1791 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1792 type, err ? NULL : &flags, ¶ms); 1793 if (IS_ERR(dev)) 1794 return PTR_ERR(dev); 1795 1796 if (type == NL80211_IFTYPE_MESH_POINT && 1797 info->attrs[NL80211_ATTR_MESH_ID]) { 1798 struct wireless_dev *wdev = dev->ieee80211_ptr; 1799 1800 wdev_lock(wdev); 1801 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1802 IEEE80211_MAX_MESH_ID_LEN); 1803 wdev->mesh_id_up_len = 1804 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1805 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1806 wdev->mesh_id_up_len); 1807 wdev_unlock(wdev); 1808 } 1809 1810 return 0; 1811 } 1812 1813 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1814 { 1815 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1816 struct net_device *dev = info->user_ptr[1]; 1817 1818 if (!rdev->ops->del_virtual_intf) 1819 return -EOPNOTSUPP; 1820 1821 return rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1822 } 1823 1824 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 1825 { 1826 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1827 struct net_device *dev = info->user_ptr[1]; 1828 u16 noack_map; 1829 1830 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 1831 return -EINVAL; 1832 1833 if (!rdev->ops->set_noack_map) 1834 return -EOPNOTSUPP; 1835 1836 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 1837 1838 return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map); 1839 } 1840 1841 struct get_key_cookie { 1842 struct sk_buff *msg; 1843 int error; 1844 int idx; 1845 }; 1846 1847 static void get_key_callback(void *c, struct key_params *params) 1848 { 1849 struct nlattr *key; 1850 struct get_key_cookie *cookie = c; 1851 1852 if ((params->key && 1853 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA, 1854 params->key_len, params->key)) || 1855 (params->seq && 1856 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ, 1857 params->seq_len, params->seq)) || 1858 (params->cipher && 1859 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1860 params->cipher))) 1861 goto nla_put_failure; 1862 1863 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1864 if (!key) 1865 goto nla_put_failure; 1866 1867 if ((params->key && 1868 nla_put(cookie->msg, NL80211_KEY_DATA, 1869 params->key_len, params->key)) || 1870 (params->seq && 1871 nla_put(cookie->msg, NL80211_KEY_SEQ, 1872 params->seq_len, params->seq)) || 1873 (params->cipher && 1874 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER, 1875 params->cipher))) 1876 goto nla_put_failure; 1877 1878 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx)) 1879 goto nla_put_failure; 1880 1881 nla_nest_end(cookie->msg, key); 1882 1883 return; 1884 nla_put_failure: 1885 cookie->error = 1; 1886 } 1887 1888 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1889 { 1890 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1891 int err; 1892 struct net_device *dev = info->user_ptr[1]; 1893 u8 key_idx = 0; 1894 const u8 *mac_addr = NULL; 1895 bool pairwise; 1896 struct get_key_cookie cookie = { 1897 .error = 0, 1898 }; 1899 void *hdr; 1900 struct sk_buff *msg; 1901 1902 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1903 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1904 1905 if (key_idx > 5) 1906 return -EINVAL; 1907 1908 if (info->attrs[NL80211_ATTR_MAC]) 1909 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1910 1911 pairwise = !!mac_addr; 1912 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 1913 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 1914 if (kt >= NUM_NL80211_KEYTYPES) 1915 return -EINVAL; 1916 if (kt != NL80211_KEYTYPE_GROUP && 1917 kt != NL80211_KEYTYPE_PAIRWISE) 1918 return -EINVAL; 1919 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 1920 } 1921 1922 if (!rdev->ops->get_key) 1923 return -EOPNOTSUPP; 1924 1925 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1926 if (!msg) 1927 return -ENOMEM; 1928 1929 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1930 NL80211_CMD_NEW_KEY); 1931 if (IS_ERR(hdr)) 1932 return PTR_ERR(hdr); 1933 1934 cookie.msg = msg; 1935 cookie.idx = key_idx; 1936 1937 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 1938 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx)) 1939 goto nla_put_failure; 1940 if (mac_addr && 1941 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 1942 goto nla_put_failure; 1943 1944 if (pairwise && mac_addr && 1945 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 1946 return -ENOENT; 1947 1948 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise, 1949 mac_addr, &cookie, get_key_callback); 1950 1951 if (err) 1952 goto free_msg; 1953 1954 if (cookie.error) 1955 goto nla_put_failure; 1956 1957 genlmsg_end(msg, hdr); 1958 return genlmsg_reply(msg, info); 1959 1960 nla_put_failure: 1961 err = -ENOBUFS; 1962 free_msg: 1963 nlmsg_free(msg); 1964 return err; 1965 } 1966 1967 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1968 { 1969 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1970 struct key_parse key; 1971 int err; 1972 struct net_device *dev = info->user_ptr[1]; 1973 1974 err = nl80211_parse_key(info, &key); 1975 if (err) 1976 return err; 1977 1978 if (key.idx < 0) 1979 return -EINVAL; 1980 1981 /* only support setting default key */ 1982 if (!key.def && !key.defmgmt) 1983 return -EINVAL; 1984 1985 wdev_lock(dev->ieee80211_ptr); 1986 1987 if (key.def) { 1988 if (!rdev->ops->set_default_key) { 1989 err = -EOPNOTSUPP; 1990 goto out; 1991 } 1992 1993 err = nl80211_key_allowed(dev->ieee80211_ptr); 1994 if (err) 1995 goto out; 1996 1997 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx, 1998 key.def_uni, key.def_multi); 1999 2000 if (err) 2001 goto out; 2002 2003 #ifdef CONFIG_CFG80211_WEXT 2004 dev->ieee80211_ptr->wext.default_key = key.idx; 2005 #endif 2006 } else { 2007 if (key.def_uni || !key.def_multi) { 2008 err = -EINVAL; 2009 goto out; 2010 } 2011 2012 if (!rdev->ops->set_default_mgmt_key) { 2013 err = -EOPNOTSUPP; 2014 goto out; 2015 } 2016 2017 err = nl80211_key_allowed(dev->ieee80211_ptr); 2018 if (err) 2019 goto out; 2020 2021 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy, 2022 dev, key.idx); 2023 if (err) 2024 goto out; 2025 2026 #ifdef CONFIG_CFG80211_WEXT 2027 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 2028 #endif 2029 } 2030 2031 out: 2032 wdev_unlock(dev->ieee80211_ptr); 2033 2034 return err; 2035 } 2036 2037 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 2038 { 2039 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2040 int err; 2041 struct net_device *dev = info->user_ptr[1]; 2042 struct key_parse key; 2043 const u8 *mac_addr = NULL; 2044 2045 err = nl80211_parse_key(info, &key); 2046 if (err) 2047 return err; 2048 2049 if (!key.p.key) 2050 return -EINVAL; 2051 2052 if (info->attrs[NL80211_ATTR_MAC]) 2053 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2054 2055 if (key.type == -1) { 2056 if (mac_addr) 2057 key.type = NL80211_KEYTYPE_PAIRWISE; 2058 else 2059 key.type = NL80211_KEYTYPE_GROUP; 2060 } 2061 2062 /* for now */ 2063 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2064 key.type != NL80211_KEYTYPE_GROUP) 2065 return -EINVAL; 2066 2067 if (!rdev->ops->add_key) 2068 return -EOPNOTSUPP; 2069 2070 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2071 key.type == NL80211_KEYTYPE_PAIRWISE, 2072 mac_addr)) 2073 return -EINVAL; 2074 2075 wdev_lock(dev->ieee80211_ptr); 2076 err = nl80211_key_allowed(dev->ieee80211_ptr); 2077 if (!err) 2078 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 2079 key.type == NL80211_KEYTYPE_PAIRWISE, 2080 mac_addr, &key.p); 2081 wdev_unlock(dev->ieee80211_ptr); 2082 2083 return err; 2084 } 2085 2086 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2087 { 2088 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2089 int err; 2090 struct net_device *dev = info->user_ptr[1]; 2091 u8 *mac_addr = NULL; 2092 struct key_parse key; 2093 2094 err = nl80211_parse_key(info, &key); 2095 if (err) 2096 return err; 2097 2098 if (info->attrs[NL80211_ATTR_MAC]) 2099 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2100 2101 if (key.type == -1) { 2102 if (mac_addr) 2103 key.type = NL80211_KEYTYPE_PAIRWISE; 2104 else 2105 key.type = NL80211_KEYTYPE_GROUP; 2106 } 2107 2108 /* for now */ 2109 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2110 key.type != NL80211_KEYTYPE_GROUP) 2111 return -EINVAL; 2112 2113 if (!rdev->ops->del_key) 2114 return -EOPNOTSUPP; 2115 2116 wdev_lock(dev->ieee80211_ptr); 2117 err = nl80211_key_allowed(dev->ieee80211_ptr); 2118 2119 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2120 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2121 err = -ENOENT; 2122 2123 if (!err) 2124 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, 2125 key.type == NL80211_KEYTYPE_PAIRWISE, 2126 mac_addr); 2127 2128 #ifdef CONFIG_CFG80211_WEXT 2129 if (!err) { 2130 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2131 dev->ieee80211_ptr->wext.default_key = -1; 2132 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2133 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2134 } 2135 #endif 2136 wdev_unlock(dev->ieee80211_ptr); 2137 2138 return err; 2139 } 2140 2141 static int nl80211_parse_beacon(struct genl_info *info, 2142 struct cfg80211_beacon_data *bcn) 2143 { 2144 bool haveinfo = false; 2145 2146 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2147 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2148 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2149 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2150 return -EINVAL; 2151 2152 memset(bcn, 0, sizeof(*bcn)); 2153 2154 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2155 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2156 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2157 if (!bcn->head_len) 2158 return -EINVAL; 2159 haveinfo = true; 2160 } 2161 2162 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2163 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2164 bcn->tail_len = 2165 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2166 haveinfo = true; 2167 } 2168 2169 if (!haveinfo) 2170 return -EINVAL; 2171 2172 if (info->attrs[NL80211_ATTR_IE]) { 2173 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2174 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2175 } 2176 2177 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2178 bcn->proberesp_ies = 2179 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2180 bcn->proberesp_ies_len = 2181 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2182 } 2183 2184 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2185 bcn->assocresp_ies = 2186 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2187 bcn->assocresp_ies_len = 2188 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2189 } 2190 2191 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2192 bcn->probe_resp = 2193 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2194 bcn->probe_resp_len = 2195 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2196 } 2197 2198 return 0; 2199 } 2200 2201 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2202 { 2203 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2204 struct net_device *dev = info->user_ptr[1]; 2205 struct wireless_dev *wdev = dev->ieee80211_ptr; 2206 struct cfg80211_ap_settings params; 2207 int err; 2208 2209 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2210 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2211 return -EOPNOTSUPP; 2212 2213 if (!rdev->ops->start_ap) 2214 return -EOPNOTSUPP; 2215 2216 if (wdev->beacon_interval) 2217 return -EALREADY; 2218 2219 memset(¶ms, 0, sizeof(params)); 2220 2221 /* these are required for START_AP */ 2222 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2223 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2224 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2225 return -EINVAL; 2226 2227 err = nl80211_parse_beacon(info, ¶ms.beacon); 2228 if (err) 2229 return err; 2230 2231 params.beacon_interval = 2232 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2233 params.dtim_period = 2234 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2235 2236 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2237 if (err) 2238 return err; 2239 2240 /* 2241 * In theory, some of these attributes should be required here 2242 * but since they were not used when the command was originally 2243 * added, keep them optional for old user space programs to let 2244 * them continue to work with drivers that do not need the 2245 * additional information -- drivers must check! 2246 */ 2247 if (info->attrs[NL80211_ATTR_SSID]) { 2248 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2249 params.ssid_len = 2250 nla_len(info->attrs[NL80211_ATTR_SSID]); 2251 if (params.ssid_len == 0 || 2252 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2253 return -EINVAL; 2254 } 2255 2256 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2257 params.hidden_ssid = nla_get_u32( 2258 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2259 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2260 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2261 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2262 return -EINVAL; 2263 } 2264 2265 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2266 2267 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2268 params.auth_type = nla_get_u32( 2269 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2270 if (!nl80211_valid_auth_type(params.auth_type)) 2271 return -EINVAL; 2272 } else 2273 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2274 2275 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2276 NL80211_MAX_NR_CIPHER_SUITES); 2277 if (err) 2278 return err; 2279 2280 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2281 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2282 return -EOPNOTSUPP; 2283 params.inactivity_timeout = nla_get_u16( 2284 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2285 } 2286 2287 err = rdev->ops->start_ap(&rdev->wiphy, dev, ¶ms); 2288 if (!err) 2289 wdev->beacon_interval = params.beacon_interval; 2290 return err; 2291 } 2292 2293 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2294 { 2295 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2296 struct net_device *dev = info->user_ptr[1]; 2297 struct wireless_dev *wdev = dev->ieee80211_ptr; 2298 struct cfg80211_beacon_data params; 2299 int err; 2300 2301 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2302 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2303 return -EOPNOTSUPP; 2304 2305 if (!rdev->ops->change_beacon) 2306 return -EOPNOTSUPP; 2307 2308 if (!wdev->beacon_interval) 2309 return -EINVAL; 2310 2311 err = nl80211_parse_beacon(info, ¶ms); 2312 if (err) 2313 return err; 2314 2315 return rdev->ops->change_beacon(&rdev->wiphy, dev, ¶ms); 2316 } 2317 2318 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2319 { 2320 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2321 struct net_device *dev = info->user_ptr[1]; 2322 struct wireless_dev *wdev = dev->ieee80211_ptr; 2323 int err; 2324 2325 if (!rdev->ops->stop_ap) 2326 return -EOPNOTSUPP; 2327 2328 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2329 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2330 return -EOPNOTSUPP; 2331 2332 if (!wdev->beacon_interval) 2333 return -ENOENT; 2334 2335 err = rdev->ops->stop_ap(&rdev->wiphy, dev); 2336 if (!err) 2337 wdev->beacon_interval = 0; 2338 return err; 2339 } 2340 2341 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2342 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2343 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2344 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2345 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2346 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2347 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2348 }; 2349 2350 static int parse_station_flags(struct genl_info *info, 2351 enum nl80211_iftype iftype, 2352 struct station_parameters *params) 2353 { 2354 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2355 struct nlattr *nla; 2356 int flag; 2357 2358 /* 2359 * Try parsing the new attribute first so userspace 2360 * can specify both for older kernels. 2361 */ 2362 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2363 if (nla) { 2364 struct nl80211_sta_flag_update *sta_flags; 2365 2366 sta_flags = nla_data(nla); 2367 params->sta_flags_mask = sta_flags->mask; 2368 params->sta_flags_set = sta_flags->set; 2369 if ((params->sta_flags_mask | 2370 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2371 return -EINVAL; 2372 return 0; 2373 } 2374 2375 /* if present, parse the old attribute */ 2376 2377 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2378 if (!nla) 2379 return 0; 2380 2381 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2382 nla, sta_flags_policy)) 2383 return -EINVAL; 2384 2385 /* 2386 * Only allow certain flags for interface types so that 2387 * other attributes are silently ignored. Remember that 2388 * this is backward compatibility code with old userspace 2389 * and shouldn't be hit in other cases anyway. 2390 */ 2391 switch (iftype) { 2392 case NL80211_IFTYPE_AP: 2393 case NL80211_IFTYPE_AP_VLAN: 2394 case NL80211_IFTYPE_P2P_GO: 2395 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2396 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2397 BIT(NL80211_STA_FLAG_WME) | 2398 BIT(NL80211_STA_FLAG_MFP); 2399 break; 2400 case NL80211_IFTYPE_P2P_CLIENT: 2401 case NL80211_IFTYPE_STATION: 2402 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2403 BIT(NL80211_STA_FLAG_TDLS_PEER); 2404 break; 2405 case NL80211_IFTYPE_MESH_POINT: 2406 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2407 BIT(NL80211_STA_FLAG_MFP) | 2408 BIT(NL80211_STA_FLAG_AUTHORIZED); 2409 default: 2410 return -EINVAL; 2411 } 2412 2413 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 2414 if (flags[flag]) 2415 params->sta_flags_set |= (1<<flag); 2416 2417 return 0; 2418 } 2419 2420 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 2421 int attr) 2422 { 2423 struct nlattr *rate; 2424 u16 bitrate; 2425 2426 rate = nla_nest_start(msg, attr); 2427 if (!rate) 2428 goto nla_put_failure; 2429 2430 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2431 bitrate = cfg80211_calculate_bitrate(info); 2432 if ((bitrate > 0 && 2433 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate)) || 2434 ((info->flags & RATE_INFO_FLAGS_MCS) && 2435 nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) || 2436 ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) && 2437 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) || 2438 ((info->flags & RATE_INFO_FLAGS_SHORT_GI) && 2439 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))) 2440 goto nla_put_failure; 2441 2442 nla_nest_end(msg, rate); 2443 return true; 2444 2445 nla_put_failure: 2446 return false; 2447 } 2448 2449 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 2450 int flags, 2451 struct cfg80211_registered_device *rdev, 2452 struct net_device *dev, 2453 const u8 *mac_addr, struct station_info *sinfo) 2454 { 2455 void *hdr; 2456 struct nlattr *sinfoattr, *bss_param; 2457 2458 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2459 if (!hdr) 2460 return -1; 2461 2462 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2463 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) || 2464 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation)) 2465 goto nla_put_failure; 2466 2467 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2468 if (!sinfoattr) 2469 goto nla_put_failure; 2470 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) && 2471 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2472 sinfo->connected_time)) 2473 goto nla_put_failure; 2474 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) && 2475 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2476 sinfo->inactive_time)) 2477 goto nla_put_failure; 2478 if ((sinfo->filled & STATION_INFO_RX_BYTES) && 2479 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES, 2480 sinfo->rx_bytes)) 2481 goto nla_put_failure; 2482 if ((sinfo->filled & STATION_INFO_TX_BYTES) && 2483 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES, 2484 sinfo->tx_bytes)) 2485 goto nla_put_failure; 2486 if ((sinfo->filled & STATION_INFO_LLID) && 2487 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid)) 2488 goto nla_put_failure; 2489 if ((sinfo->filled & STATION_INFO_PLID) && 2490 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid)) 2491 goto nla_put_failure; 2492 if ((sinfo->filled & STATION_INFO_PLINK_STATE) && 2493 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE, 2494 sinfo->plink_state)) 2495 goto nla_put_failure; 2496 switch (rdev->wiphy.signal_type) { 2497 case CFG80211_SIGNAL_TYPE_MBM: 2498 if ((sinfo->filled & STATION_INFO_SIGNAL) && 2499 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL, 2500 sinfo->signal)) 2501 goto nla_put_failure; 2502 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) && 2503 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2504 sinfo->signal_avg)) 2505 goto nla_put_failure; 2506 break; 2507 default: 2508 break; 2509 } 2510 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 2511 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 2512 NL80211_STA_INFO_TX_BITRATE)) 2513 goto nla_put_failure; 2514 } 2515 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 2516 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 2517 NL80211_STA_INFO_RX_BITRATE)) 2518 goto nla_put_failure; 2519 } 2520 if ((sinfo->filled & STATION_INFO_RX_PACKETS) && 2521 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS, 2522 sinfo->rx_packets)) 2523 goto nla_put_failure; 2524 if ((sinfo->filled & STATION_INFO_TX_PACKETS) && 2525 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS, 2526 sinfo->tx_packets)) 2527 goto nla_put_failure; 2528 if ((sinfo->filled & STATION_INFO_TX_RETRIES) && 2529 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES, 2530 sinfo->tx_retries)) 2531 goto nla_put_failure; 2532 if ((sinfo->filled & STATION_INFO_TX_FAILED) && 2533 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED, 2534 sinfo->tx_failed)) 2535 goto nla_put_failure; 2536 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) && 2537 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS, 2538 sinfo->beacon_loss_count)) 2539 goto nla_put_failure; 2540 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 2541 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 2542 if (!bss_param) 2543 goto nla_put_failure; 2544 2545 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) && 2546 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) || 2547 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) && 2548 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) || 2549 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) && 2550 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) || 2551 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 2552 sinfo->bss_param.dtim_period) || 2553 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 2554 sinfo->bss_param.beacon_interval)) 2555 goto nla_put_failure; 2556 2557 nla_nest_end(msg, bss_param); 2558 } 2559 if ((sinfo->filled & STATION_INFO_STA_FLAGS) && 2560 nla_put(msg, NL80211_STA_INFO_STA_FLAGS, 2561 sizeof(struct nl80211_sta_flag_update), 2562 &sinfo->sta_flags)) 2563 goto nla_put_failure; 2564 if ((sinfo->filled & STATION_INFO_T_OFFSET) && 2565 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET, 2566 sinfo->t_offset)) 2567 goto nla_put_failure; 2568 nla_nest_end(msg, sinfoattr); 2569 2570 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) && 2571 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 2572 sinfo->assoc_req_ies)) 2573 goto nla_put_failure; 2574 2575 return genlmsg_end(msg, hdr); 2576 2577 nla_put_failure: 2578 genlmsg_cancel(msg, hdr); 2579 return -EMSGSIZE; 2580 } 2581 2582 static int nl80211_dump_station(struct sk_buff *skb, 2583 struct netlink_callback *cb) 2584 { 2585 struct station_info sinfo; 2586 struct cfg80211_registered_device *dev; 2587 struct net_device *netdev; 2588 u8 mac_addr[ETH_ALEN]; 2589 int sta_idx = cb->args[1]; 2590 int err; 2591 2592 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2593 if (err) 2594 return err; 2595 2596 if (!dev->ops->dump_station) { 2597 err = -EOPNOTSUPP; 2598 goto out_err; 2599 } 2600 2601 while (1) { 2602 memset(&sinfo, 0, sizeof(sinfo)); 2603 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 2604 mac_addr, &sinfo); 2605 if (err == -ENOENT) 2606 break; 2607 if (err) 2608 goto out_err; 2609 2610 if (nl80211_send_station(skb, 2611 NETLINK_CB(cb->skb).pid, 2612 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2613 dev, netdev, mac_addr, 2614 &sinfo) < 0) 2615 goto out; 2616 2617 sta_idx++; 2618 } 2619 2620 2621 out: 2622 cb->args[1] = sta_idx; 2623 err = skb->len; 2624 out_err: 2625 nl80211_finish_netdev_dump(dev); 2626 2627 return err; 2628 } 2629 2630 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 2631 { 2632 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2633 struct net_device *dev = info->user_ptr[1]; 2634 struct station_info sinfo; 2635 struct sk_buff *msg; 2636 u8 *mac_addr = NULL; 2637 int err; 2638 2639 memset(&sinfo, 0, sizeof(sinfo)); 2640 2641 if (!info->attrs[NL80211_ATTR_MAC]) 2642 return -EINVAL; 2643 2644 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2645 2646 if (!rdev->ops->get_station) 2647 return -EOPNOTSUPP; 2648 2649 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 2650 if (err) 2651 return err; 2652 2653 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2654 if (!msg) 2655 return -ENOMEM; 2656 2657 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 2658 rdev, dev, mac_addr, &sinfo) < 0) { 2659 nlmsg_free(msg); 2660 return -ENOBUFS; 2661 } 2662 2663 return genlmsg_reply(msg, info); 2664 } 2665 2666 /* 2667 * Get vlan interface making sure it is running and on the right wiphy. 2668 */ 2669 static struct net_device *get_vlan(struct genl_info *info, 2670 struct cfg80211_registered_device *rdev) 2671 { 2672 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 2673 struct net_device *v; 2674 int ret; 2675 2676 if (!vlanattr) 2677 return NULL; 2678 2679 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 2680 if (!v) 2681 return ERR_PTR(-ENODEV); 2682 2683 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 2684 ret = -EINVAL; 2685 goto error; 2686 } 2687 2688 if (!netif_running(v)) { 2689 ret = -ENETDOWN; 2690 goto error; 2691 } 2692 2693 return v; 2694 error: 2695 dev_put(v); 2696 return ERR_PTR(ret); 2697 } 2698 2699 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 2700 { 2701 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2702 int err; 2703 struct net_device *dev = info->user_ptr[1]; 2704 struct station_parameters params; 2705 u8 *mac_addr = NULL; 2706 2707 memset(¶ms, 0, sizeof(params)); 2708 2709 params.listen_interval = -1; 2710 params.plink_state = -1; 2711 2712 if (info->attrs[NL80211_ATTR_STA_AID]) 2713 return -EINVAL; 2714 2715 if (!info->attrs[NL80211_ATTR_MAC]) 2716 return -EINVAL; 2717 2718 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2719 2720 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2721 params.supported_rates = 2722 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2723 params.supported_rates_len = 2724 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2725 } 2726 2727 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2728 params.listen_interval = 2729 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2730 2731 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2732 params.ht_capa = 2733 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2734 2735 if (!rdev->ops->change_station) 2736 return -EOPNOTSUPP; 2737 2738 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2739 return -EINVAL; 2740 2741 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2742 params.plink_action = 2743 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2744 2745 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 2746 params.plink_state = 2747 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 2748 2749 switch (dev->ieee80211_ptr->iftype) { 2750 case NL80211_IFTYPE_AP: 2751 case NL80211_IFTYPE_AP_VLAN: 2752 case NL80211_IFTYPE_P2P_GO: 2753 /* disallow mesh-specific things */ 2754 if (params.plink_action) 2755 return -EINVAL; 2756 2757 /* TDLS can't be set, ... */ 2758 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2759 return -EINVAL; 2760 /* 2761 * ... but don't bother the driver with it. This works around 2762 * a hostapd/wpa_supplicant issue -- it always includes the 2763 * TLDS_PEER flag in the mask even for AP mode. 2764 */ 2765 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2766 2767 /* accept only the listed bits */ 2768 if (params.sta_flags_mask & 2769 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 2770 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2771 BIT(NL80211_STA_FLAG_WME) | 2772 BIT(NL80211_STA_FLAG_MFP))) 2773 return -EINVAL; 2774 2775 /* must be last in here for error handling */ 2776 params.vlan = get_vlan(info, rdev); 2777 if (IS_ERR(params.vlan)) 2778 return PTR_ERR(params.vlan); 2779 break; 2780 case NL80211_IFTYPE_P2P_CLIENT: 2781 case NL80211_IFTYPE_STATION: 2782 /* 2783 * Don't allow userspace to change the TDLS_PEER flag, 2784 * but silently ignore attempts to change it since we 2785 * don't have state here to verify that it doesn't try 2786 * to change the flag. 2787 */ 2788 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2789 /* fall through */ 2790 case NL80211_IFTYPE_ADHOC: 2791 /* disallow things sta doesn't support */ 2792 if (params.plink_action) 2793 return -EINVAL; 2794 if (params.ht_capa) 2795 return -EINVAL; 2796 if (params.listen_interval >= 0) 2797 return -EINVAL; 2798 /* reject any changes other than AUTHORIZED */ 2799 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2800 return -EINVAL; 2801 break; 2802 case NL80211_IFTYPE_MESH_POINT: 2803 /* disallow things mesh doesn't support */ 2804 if (params.vlan) 2805 return -EINVAL; 2806 if (params.ht_capa) 2807 return -EINVAL; 2808 if (params.listen_interval >= 0) 2809 return -EINVAL; 2810 /* 2811 * No special handling for TDLS here -- the userspace 2812 * mesh code doesn't have this bug. 2813 */ 2814 if (params.sta_flags_mask & 2815 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2816 BIT(NL80211_STA_FLAG_MFP) | 2817 BIT(NL80211_STA_FLAG_AUTHORIZED))) 2818 return -EINVAL; 2819 break; 2820 default: 2821 return -EOPNOTSUPP; 2822 } 2823 2824 /* be aware of params.vlan when changing code here */ 2825 2826 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2827 2828 if (params.vlan) 2829 dev_put(params.vlan); 2830 2831 return err; 2832 } 2833 2834 static struct nla_policy 2835 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 2836 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 2837 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 2838 }; 2839 2840 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2841 { 2842 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2843 int err; 2844 struct net_device *dev = info->user_ptr[1]; 2845 struct station_parameters params; 2846 u8 *mac_addr = NULL; 2847 2848 memset(¶ms, 0, sizeof(params)); 2849 2850 if (!info->attrs[NL80211_ATTR_MAC]) 2851 return -EINVAL; 2852 2853 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2854 return -EINVAL; 2855 2856 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2857 return -EINVAL; 2858 2859 if (!info->attrs[NL80211_ATTR_STA_AID]) 2860 return -EINVAL; 2861 2862 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2863 params.supported_rates = 2864 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2865 params.supported_rates_len = 2866 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2867 params.listen_interval = 2868 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2869 2870 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2871 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2872 return -EINVAL; 2873 2874 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2875 params.ht_capa = 2876 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2877 2878 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2879 params.plink_action = 2880 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2881 2882 if (!rdev->ops->add_station) 2883 return -EOPNOTSUPP; 2884 2885 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2886 return -EINVAL; 2887 2888 switch (dev->ieee80211_ptr->iftype) { 2889 case NL80211_IFTYPE_AP: 2890 case NL80211_IFTYPE_AP_VLAN: 2891 case NL80211_IFTYPE_P2P_GO: 2892 /* parse WME attributes if sta is WME capable */ 2893 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2894 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 2895 info->attrs[NL80211_ATTR_STA_WME]) { 2896 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 2897 struct nlattr *nla; 2898 2899 nla = info->attrs[NL80211_ATTR_STA_WME]; 2900 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 2901 nl80211_sta_wme_policy); 2902 if (err) 2903 return err; 2904 2905 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 2906 params.uapsd_queues = 2907 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 2908 if (params.uapsd_queues & 2909 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 2910 return -EINVAL; 2911 2912 if (tb[NL80211_STA_WME_MAX_SP]) 2913 params.max_sp = 2914 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 2915 2916 if (params.max_sp & 2917 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 2918 return -EINVAL; 2919 2920 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 2921 } 2922 /* TDLS peers cannot be added */ 2923 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2924 return -EINVAL; 2925 /* but don't bother the driver with it */ 2926 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2927 2928 /* must be last in here for error handling */ 2929 params.vlan = get_vlan(info, rdev); 2930 if (IS_ERR(params.vlan)) 2931 return PTR_ERR(params.vlan); 2932 break; 2933 case NL80211_IFTYPE_MESH_POINT: 2934 /* TDLS peers cannot be added */ 2935 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2936 return -EINVAL; 2937 break; 2938 case NL80211_IFTYPE_STATION: 2939 /* Only TDLS peers can be added */ 2940 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 2941 return -EINVAL; 2942 /* Can only add if TDLS ... */ 2943 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 2944 return -EOPNOTSUPP; 2945 /* ... with external setup is supported */ 2946 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 2947 return -EOPNOTSUPP; 2948 break; 2949 default: 2950 return -EOPNOTSUPP; 2951 } 2952 2953 /* be aware of params.vlan when changing code here */ 2954 2955 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2956 2957 if (params.vlan) 2958 dev_put(params.vlan); 2959 return err; 2960 } 2961 2962 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2963 { 2964 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2965 struct net_device *dev = info->user_ptr[1]; 2966 u8 *mac_addr = NULL; 2967 2968 if (info->attrs[NL80211_ATTR_MAC]) 2969 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2970 2971 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2972 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2973 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 2974 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2975 return -EINVAL; 2976 2977 if (!rdev->ops->del_station) 2978 return -EOPNOTSUPP; 2979 2980 return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2981 } 2982 2983 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2984 int flags, struct net_device *dev, 2985 u8 *dst, u8 *next_hop, 2986 struct mpath_info *pinfo) 2987 { 2988 void *hdr; 2989 struct nlattr *pinfoattr; 2990 2991 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2992 if (!hdr) 2993 return -1; 2994 2995 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 2996 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) || 2997 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) || 2998 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation)) 2999 goto nla_put_failure; 3000 3001 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 3002 if (!pinfoattr) 3003 goto nla_put_failure; 3004 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) && 3005 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 3006 pinfo->frame_qlen)) 3007 goto nla_put_failure; 3008 if (((pinfo->filled & MPATH_INFO_SN) && 3009 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) || 3010 ((pinfo->filled & MPATH_INFO_METRIC) && 3011 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC, 3012 pinfo->metric)) || 3013 ((pinfo->filled & MPATH_INFO_EXPTIME) && 3014 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME, 3015 pinfo->exptime)) || 3016 ((pinfo->filled & MPATH_INFO_FLAGS) && 3017 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS, 3018 pinfo->flags)) || 3019 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) && 3020 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 3021 pinfo->discovery_timeout)) || 3022 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) && 3023 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 3024 pinfo->discovery_retries))) 3025 goto nla_put_failure; 3026 3027 nla_nest_end(msg, pinfoattr); 3028 3029 return genlmsg_end(msg, hdr); 3030 3031 nla_put_failure: 3032 genlmsg_cancel(msg, hdr); 3033 return -EMSGSIZE; 3034 } 3035 3036 static int nl80211_dump_mpath(struct sk_buff *skb, 3037 struct netlink_callback *cb) 3038 { 3039 struct mpath_info pinfo; 3040 struct cfg80211_registered_device *dev; 3041 struct net_device *netdev; 3042 u8 dst[ETH_ALEN]; 3043 u8 next_hop[ETH_ALEN]; 3044 int path_idx = cb->args[1]; 3045 int err; 3046 3047 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3048 if (err) 3049 return err; 3050 3051 if (!dev->ops->dump_mpath) { 3052 err = -EOPNOTSUPP; 3053 goto out_err; 3054 } 3055 3056 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 3057 err = -EOPNOTSUPP; 3058 goto out_err; 3059 } 3060 3061 while (1) { 3062 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 3063 dst, next_hop, &pinfo); 3064 if (err == -ENOENT) 3065 break; 3066 if (err) 3067 goto out_err; 3068 3069 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 3070 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3071 netdev, dst, next_hop, 3072 &pinfo) < 0) 3073 goto out; 3074 3075 path_idx++; 3076 } 3077 3078 3079 out: 3080 cb->args[1] = path_idx; 3081 err = skb->len; 3082 out_err: 3083 nl80211_finish_netdev_dump(dev); 3084 return err; 3085 } 3086 3087 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3088 { 3089 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3090 int err; 3091 struct net_device *dev = info->user_ptr[1]; 3092 struct mpath_info pinfo; 3093 struct sk_buff *msg; 3094 u8 *dst = NULL; 3095 u8 next_hop[ETH_ALEN]; 3096 3097 memset(&pinfo, 0, sizeof(pinfo)); 3098 3099 if (!info->attrs[NL80211_ATTR_MAC]) 3100 return -EINVAL; 3101 3102 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3103 3104 if (!rdev->ops->get_mpath) 3105 return -EOPNOTSUPP; 3106 3107 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3108 return -EOPNOTSUPP; 3109 3110 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 3111 if (err) 3112 return err; 3113 3114 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3115 if (!msg) 3116 return -ENOMEM; 3117 3118 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 3119 dev, dst, next_hop, &pinfo) < 0) { 3120 nlmsg_free(msg); 3121 return -ENOBUFS; 3122 } 3123 3124 return genlmsg_reply(msg, info); 3125 } 3126 3127 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3128 { 3129 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3130 struct net_device *dev = info->user_ptr[1]; 3131 u8 *dst = NULL; 3132 u8 *next_hop = NULL; 3133 3134 if (!info->attrs[NL80211_ATTR_MAC]) 3135 return -EINVAL; 3136 3137 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3138 return -EINVAL; 3139 3140 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3141 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3142 3143 if (!rdev->ops->change_mpath) 3144 return -EOPNOTSUPP; 3145 3146 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3147 return -EOPNOTSUPP; 3148 3149 return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 3150 } 3151 3152 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3153 { 3154 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3155 struct net_device *dev = info->user_ptr[1]; 3156 u8 *dst = NULL; 3157 u8 *next_hop = NULL; 3158 3159 if (!info->attrs[NL80211_ATTR_MAC]) 3160 return -EINVAL; 3161 3162 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3163 return -EINVAL; 3164 3165 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3166 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3167 3168 if (!rdev->ops->add_mpath) 3169 return -EOPNOTSUPP; 3170 3171 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3172 return -EOPNOTSUPP; 3173 3174 return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 3175 } 3176 3177 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3178 { 3179 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3180 struct net_device *dev = info->user_ptr[1]; 3181 u8 *dst = NULL; 3182 3183 if (info->attrs[NL80211_ATTR_MAC]) 3184 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3185 3186 if (!rdev->ops->del_mpath) 3187 return -EOPNOTSUPP; 3188 3189 return rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 3190 } 3191 3192 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3193 { 3194 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3195 struct net_device *dev = info->user_ptr[1]; 3196 struct bss_parameters params; 3197 3198 memset(¶ms, 0, sizeof(params)); 3199 /* default to not changing parameters */ 3200 params.use_cts_prot = -1; 3201 params.use_short_preamble = -1; 3202 params.use_short_slot_time = -1; 3203 params.ap_isolate = -1; 3204 params.ht_opmode = -1; 3205 3206 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 3207 params.use_cts_prot = 3208 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 3209 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 3210 params.use_short_preamble = 3211 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 3212 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 3213 params.use_short_slot_time = 3214 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 3215 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3216 params.basic_rates = 3217 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3218 params.basic_rates_len = 3219 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3220 } 3221 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 3222 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 3223 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 3224 params.ht_opmode = 3225 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 3226 3227 if (!rdev->ops->change_bss) 3228 return -EOPNOTSUPP; 3229 3230 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3231 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3232 return -EOPNOTSUPP; 3233 3234 return rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 3235 } 3236 3237 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 3238 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3239 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3240 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3241 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3242 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3243 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3244 }; 3245 3246 static int parse_reg_rule(struct nlattr *tb[], 3247 struct ieee80211_reg_rule *reg_rule) 3248 { 3249 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 3250 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 3251 3252 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 3253 return -EINVAL; 3254 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 3255 return -EINVAL; 3256 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 3257 return -EINVAL; 3258 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 3259 return -EINVAL; 3260 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 3261 return -EINVAL; 3262 3263 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 3264 3265 freq_range->start_freq_khz = 3266 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 3267 freq_range->end_freq_khz = 3268 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 3269 freq_range->max_bandwidth_khz = 3270 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 3271 3272 power_rule->max_eirp = 3273 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 3274 3275 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 3276 power_rule->max_antenna_gain = 3277 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 3278 3279 return 0; 3280 } 3281 3282 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 3283 { 3284 int r; 3285 char *data = NULL; 3286 3287 /* 3288 * You should only get this when cfg80211 hasn't yet initialized 3289 * completely when built-in to the kernel right between the time 3290 * window between nl80211_init() and regulatory_init(), if that is 3291 * even possible. 3292 */ 3293 mutex_lock(&cfg80211_mutex); 3294 if (unlikely(!cfg80211_regdomain)) { 3295 mutex_unlock(&cfg80211_mutex); 3296 return -EINPROGRESS; 3297 } 3298 mutex_unlock(&cfg80211_mutex); 3299 3300 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3301 return -EINVAL; 3302 3303 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3304 3305 r = regulatory_hint_user(data); 3306 3307 return r; 3308 } 3309 3310 static int nl80211_get_mesh_config(struct sk_buff *skb, 3311 struct genl_info *info) 3312 { 3313 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3314 struct net_device *dev = info->user_ptr[1]; 3315 struct wireless_dev *wdev = dev->ieee80211_ptr; 3316 struct mesh_config cur_params; 3317 int err = 0; 3318 void *hdr; 3319 struct nlattr *pinfoattr; 3320 struct sk_buff *msg; 3321 3322 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3323 return -EOPNOTSUPP; 3324 3325 if (!rdev->ops->get_mesh_config) 3326 return -EOPNOTSUPP; 3327 3328 wdev_lock(wdev); 3329 /* If not connected, get default parameters */ 3330 if (!wdev->mesh_id_len) 3331 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 3332 else 3333 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev, 3334 &cur_params); 3335 wdev_unlock(wdev); 3336 3337 if (err) 3338 return err; 3339 3340 /* Draw up a netlink message to send back */ 3341 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3342 if (!msg) 3343 return -ENOMEM; 3344 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3345 NL80211_CMD_GET_MESH_CONFIG); 3346 if (!hdr) 3347 goto out; 3348 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3349 if (!pinfoattr) 3350 goto nla_put_failure; 3351 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 3352 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3353 cur_params.dot11MeshRetryTimeout) || 3354 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3355 cur_params.dot11MeshConfirmTimeout) || 3356 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3357 cur_params.dot11MeshHoldingTimeout) || 3358 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3359 cur_params.dot11MeshMaxPeerLinks) || 3360 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES, 3361 cur_params.dot11MeshMaxRetries) || 3362 nla_put_u8(msg, NL80211_MESHCONF_TTL, 3363 cur_params.dot11MeshTTL) || 3364 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3365 cur_params.element_ttl) || 3366 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3367 cur_params.auto_open_plinks) || 3368 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3369 cur_params.dot11MeshNbrOffsetMaxNeighbor) || 3370 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3371 cur_params.dot11MeshHWMPmaxPREQretries) || 3372 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3373 cur_params.path_refresh_time) || 3374 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3375 cur_params.min_discovery_timeout) || 3376 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3377 cur_params.dot11MeshHWMPactivePathTimeout) || 3378 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3379 cur_params.dot11MeshHWMPpreqMinInterval) || 3380 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3381 cur_params.dot11MeshHWMPperrMinInterval) || 3382 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3383 cur_params.dot11MeshHWMPnetDiameterTraversalTime) || 3384 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3385 cur_params.dot11MeshHWMPRootMode) || 3386 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3387 cur_params.dot11MeshHWMPRannInterval) || 3388 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3389 cur_params.dot11MeshGateAnnouncementProtocol) || 3390 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING, 3391 cur_params.dot11MeshForwarding) || 3392 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3393 cur_params.rssi_threshold) || 3394 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE, 3395 cur_params.ht_opmode)) 3396 goto nla_put_failure; 3397 nla_nest_end(msg, pinfoattr); 3398 genlmsg_end(msg, hdr); 3399 return genlmsg_reply(msg, info); 3400 3401 nla_put_failure: 3402 genlmsg_cancel(msg, hdr); 3403 out: 3404 nlmsg_free(msg); 3405 return -ENOBUFS; 3406 } 3407 3408 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 3409 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 3410 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 3411 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 3412 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 3413 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 3414 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 3415 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 3416 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 3417 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 }, 3418 3419 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 3420 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 3421 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 3422 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 3423 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 3424 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 3425 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 3426 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 3427 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 3428 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 3429 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 3430 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32}, 3431 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16}, 3432 }; 3433 3434 static const struct nla_policy 3435 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 3436 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 }, 3437 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 3438 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 3439 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 3440 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 3441 .len = IEEE80211_MAX_DATA_LEN }, 3442 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 3443 }; 3444 3445 static int nl80211_parse_mesh_config(struct genl_info *info, 3446 struct mesh_config *cfg, 3447 u32 *mask_out) 3448 { 3449 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 3450 u32 mask = 0; 3451 3452 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 3453 do {\ 3454 if (table[attr_num]) {\ 3455 cfg->param = nla_fn(table[attr_num]); \ 3456 mask |= (1 << (attr_num - 1)); \ 3457 } \ 3458 } while (0);\ 3459 3460 3461 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 3462 return -EINVAL; 3463 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 3464 info->attrs[NL80211_ATTR_MESH_CONFIG], 3465 nl80211_meshconf_params_policy)) 3466 return -EINVAL; 3467 3468 /* This makes sure that there aren't more than 32 mesh config 3469 * parameters (otherwise our bitfield scheme would not work.) */ 3470 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 3471 3472 /* Fill in the params struct */ 3473 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 3474 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 3475 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 3476 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 3477 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 3478 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 3479 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 3480 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 3481 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 3482 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 3483 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 3484 mask, NL80211_MESHCONF_TTL, nla_get_u8); 3485 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 3486 mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8); 3487 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 3488 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 3489 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, 3490 mask, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, 3491 nla_get_u32); 3492 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 3493 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3494 nla_get_u8); 3495 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 3496 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 3497 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 3498 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3499 nla_get_u16); 3500 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 3501 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3502 nla_get_u32); 3503 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 3504 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3505 nla_get_u16); 3506 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 3507 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3508 nla_get_u16); 3509 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3510 dot11MeshHWMPnetDiameterTraversalTime, 3511 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3512 nla_get_u16); 3513 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3514 dot11MeshHWMPRootMode, mask, 3515 NL80211_MESHCONF_HWMP_ROOTMODE, 3516 nla_get_u8); 3517 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3518 dot11MeshHWMPRannInterval, mask, 3519 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3520 nla_get_u16); 3521 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3522 dot11MeshGateAnnouncementProtocol, mask, 3523 NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3524 nla_get_u8); 3525 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 3526 mask, NL80211_MESHCONF_FORWARDING, nla_get_u8); 3527 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 3528 mask, NL80211_MESHCONF_RSSI_THRESHOLD, nla_get_u32); 3529 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 3530 mask, NL80211_MESHCONF_HT_OPMODE, nla_get_u16); 3531 if (mask_out) 3532 *mask_out = mask; 3533 3534 return 0; 3535 3536 #undef FILL_IN_MESH_PARAM_IF_SET 3537 } 3538 3539 static int nl80211_parse_mesh_setup(struct genl_info *info, 3540 struct mesh_setup *setup) 3541 { 3542 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 3543 3544 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 3545 return -EINVAL; 3546 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 3547 info->attrs[NL80211_ATTR_MESH_SETUP], 3548 nl80211_mesh_setup_params_policy)) 3549 return -EINVAL; 3550 3551 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC]) 3552 setup->sync_method = 3553 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ? 3554 IEEE80211_SYNC_METHOD_VENDOR : 3555 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET; 3556 3557 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 3558 setup->path_sel_proto = 3559 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 3560 IEEE80211_PATH_PROTOCOL_VENDOR : 3561 IEEE80211_PATH_PROTOCOL_HWMP; 3562 3563 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 3564 setup->path_metric = 3565 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 3566 IEEE80211_PATH_METRIC_VENDOR : 3567 IEEE80211_PATH_METRIC_AIRTIME; 3568 3569 3570 if (tb[NL80211_MESH_SETUP_IE]) { 3571 struct nlattr *ieattr = 3572 tb[NL80211_MESH_SETUP_IE]; 3573 if (!is_valid_ie_attr(ieattr)) 3574 return -EINVAL; 3575 setup->ie = nla_data(ieattr); 3576 setup->ie_len = nla_len(ieattr); 3577 } 3578 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 3579 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 3580 3581 return 0; 3582 } 3583 3584 static int nl80211_update_mesh_config(struct sk_buff *skb, 3585 struct genl_info *info) 3586 { 3587 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3588 struct net_device *dev = info->user_ptr[1]; 3589 struct wireless_dev *wdev = dev->ieee80211_ptr; 3590 struct mesh_config cfg; 3591 u32 mask; 3592 int err; 3593 3594 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3595 return -EOPNOTSUPP; 3596 3597 if (!rdev->ops->update_mesh_config) 3598 return -EOPNOTSUPP; 3599 3600 err = nl80211_parse_mesh_config(info, &cfg, &mask); 3601 if (err) 3602 return err; 3603 3604 wdev_lock(wdev); 3605 if (!wdev->mesh_id_len) 3606 err = -ENOLINK; 3607 3608 if (!err) 3609 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev, 3610 mask, &cfg); 3611 3612 wdev_unlock(wdev); 3613 3614 return err; 3615 } 3616 3617 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 3618 { 3619 struct sk_buff *msg; 3620 void *hdr = NULL; 3621 struct nlattr *nl_reg_rules; 3622 unsigned int i; 3623 int err = -EINVAL; 3624 3625 mutex_lock(&cfg80211_mutex); 3626 3627 if (!cfg80211_regdomain) 3628 goto out; 3629 3630 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3631 if (!msg) { 3632 err = -ENOBUFS; 3633 goto out; 3634 } 3635 3636 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3637 NL80211_CMD_GET_REG); 3638 if (!hdr) 3639 goto put_failure; 3640 3641 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 3642 cfg80211_regdomain->alpha2) || 3643 (cfg80211_regdomain->dfs_region && 3644 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, 3645 cfg80211_regdomain->dfs_region))) 3646 goto nla_put_failure; 3647 3648 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 3649 if (!nl_reg_rules) 3650 goto nla_put_failure; 3651 3652 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 3653 struct nlattr *nl_reg_rule; 3654 const struct ieee80211_reg_rule *reg_rule; 3655 const struct ieee80211_freq_range *freq_range; 3656 const struct ieee80211_power_rule *power_rule; 3657 3658 reg_rule = &cfg80211_regdomain->reg_rules[i]; 3659 freq_range = ®_rule->freq_range; 3660 power_rule = ®_rule->power_rule; 3661 3662 nl_reg_rule = nla_nest_start(msg, i); 3663 if (!nl_reg_rule) 3664 goto nla_put_failure; 3665 3666 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS, 3667 reg_rule->flags) || 3668 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START, 3669 freq_range->start_freq_khz) || 3670 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END, 3671 freq_range->end_freq_khz) || 3672 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 3673 freq_range->max_bandwidth_khz) || 3674 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 3675 power_rule->max_antenna_gain) || 3676 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 3677 power_rule->max_eirp)) 3678 goto nla_put_failure; 3679 3680 nla_nest_end(msg, nl_reg_rule); 3681 } 3682 3683 nla_nest_end(msg, nl_reg_rules); 3684 3685 genlmsg_end(msg, hdr); 3686 err = genlmsg_reply(msg, info); 3687 goto out; 3688 3689 nla_put_failure: 3690 genlmsg_cancel(msg, hdr); 3691 put_failure: 3692 nlmsg_free(msg); 3693 err = -EMSGSIZE; 3694 out: 3695 mutex_unlock(&cfg80211_mutex); 3696 return err; 3697 } 3698 3699 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 3700 { 3701 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 3702 struct nlattr *nl_reg_rule; 3703 char *alpha2 = NULL; 3704 int rem_reg_rules = 0, r = 0; 3705 u32 num_rules = 0, rule_idx = 0, size_of_regd; 3706 u8 dfs_region = 0; 3707 struct ieee80211_regdomain *rd = NULL; 3708 3709 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3710 return -EINVAL; 3711 3712 if (!info->attrs[NL80211_ATTR_REG_RULES]) 3713 return -EINVAL; 3714 3715 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3716 3717 if (info->attrs[NL80211_ATTR_DFS_REGION]) 3718 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 3719 3720 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3721 rem_reg_rules) { 3722 num_rules++; 3723 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 3724 return -EINVAL; 3725 } 3726 3727 mutex_lock(&cfg80211_mutex); 3728 3729 if (!reg_is_valid_request(alpha2)) { 3730 r = -EINVAL; 3731 goto bad_reg; 3732 } 3733 3734 size_of_regd = sizeof(struct ieee80211_regdomain) + 3735 (num_rules * sizeof(struct ieee80211_reg_rule)); 3736 3737 rd = kzalloc(size_of_regd, GFP_KERNEL); 3738 if (!rd) { 3739 r = -ENOMEM; 3740 goto bad_reg; 3741 } 3742 3743 rd->n_reg_rules = num_rules; 3744 rd->alpha2[0] = alpha2[0]; 3745 rd->alpha2[1] = alpha2[1]; 3746 3747 /* 3748 * Disable DFS master mode if the DFS region was 3749 * not supported or known on this kernel. 3750 */ 3751 if (reg_supported_dfs_region(dfs_region)) 3752 rd->dfs_region = dfs_region; 3753 3754 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3755 rem_reg_rules) { 3756 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 3757 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 3758 reg_rule_policy); 3759 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 3760 if (r) 3761 goto bad_reg; 3762 3763 rule_idx++; 3764 3765 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 3766 r = -EINVAL; 3767 goto bad_reg; 3768 } 3769 } 3770 3771 BUG_ON(rule_idx != num_rules); 3772 3773 r = set_regdom(rd); 3774 3775 mutex_unlock(&cfg80211_mutex); 3776 3777 return r; 3778 3779 bad_reg: 3780 mutex_unlock(&cfg80211_mutex); 3781 kfree(rd); 3782 return r; 3783 } 3784 3785 static int validate_scan_freqs(struct nlattr *freqs) 3786 { 3787 struct nlattr *attr1, *attr2; 3788 int n_channels = 0, tmp1, tmp2; 3789 3790 nla_for_each_nested(attr1, freqs, tmp1) { 3791 n_channels++; 3792 /* 3793 * Some hardware has a limited channel list for 3794 * scanning, and it is pretty much nonsensical 3795 * to scan for a channel twice, so disallow that 3796 * and don't require drivers to check that the 3797 * channel list they get isn't longer than what 3798 * they can scan, as long as they can scan all 3799 * the channels they registered at once. 3800 */ 3801 nla_for_each_nested(attr2, freqs, tmp2) 3802 if (attr1 != attr2 && 3803 nla_get_u32(attr1) == nla_get_u32(attr2)) 3804 return 0; 3805 } 3806 3807 return n_channels; 3808 } 3809 3810 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3811 { 3812 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3813 struct net_device *dev = info->user_ptr[1]; 3814 struct cfg80211_scan_request *request; 3815 struct nlattr *attr; 3816 struct wiphy *wiphy; 3817 int err, tmp, n_ssids = 0, n_channels, i; 3818 size_t ie_len; 3819 3820 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3821 return -EINVAL; 3822 3823 wiphy = &rdev->wiphy; 3824 3825 if (!rdev->ops->scan) 3826 return -EOPNOTSUPP; 3827 3828 if (rdev->scan_req) 3829 return -EBUSY; 3830 3831 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3832 n_channels = validate_scan_freqs( 3833 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3834 if (!n_channels) 3835 return -EINVAL; 3836 } else { 3837 enum ieee80211_band band; 3838 n_channels = 0; 3839 3840 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3841 if (wiphy->bands[band]) 3842 n_channels += wiphy->bands[band]->n_channels; 3843 } 3844 3845 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3846 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3847 n_ssids++; 3848 3849 if (n_ssids > wiphy->max_scan_ssids) 3850 return -EINVAL; 3851 3852 if (info->attrs[NL80211_ATTR_IE]) 3853 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3854 else 3855 ie_len = 0; 3856 3857 if (ie_len > wiphy->max_scan_ie_len) 3858 return -EINVAL; 3859 3860 request = kzalloc(sizeof(*request) 3861 + sizeof(*request->ssids) * n_ssids 3862 + sizeof(*request->channels) * n_channels 3863 + ie_len, GFP_KERNEL); 3864 if (!request) 3865 return -ENOMEM; 3866 3867 if (n_ssids) 3868 request->ssids = (void *)&request->channels[n_channels]; 3869 request->n_ssids = n_ssids; 3870 if (ie_len) { 3871 if (request->ssids) 3872 request->ie = (void *)(request->ssids + n_ssids); 3873 else 3874 request->ie = (void *)(request->channels + n_channels); 3875 } 3876 3877 i = 0; 3878 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3879 /* user specified, bail out if channel not found */ 3880 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3881 struct ieee80211_channel *chan; 3882 3883 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3884 3885 if (!chan) { 3886 err = -EINVAL; 3887 goto out_free; 3888 } 3889 3890 /* ignore disabled channels */ 3891 if (chan->flags & IEEE80211_CHAN_DISABLED) 3892 continue; 3893 3894 request->channels[i] = chan; 3895 i++; 3896 } 3897 } else { 3898 enum ieee80211_band band; 3899 3900 /* all channels */ 3901 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3902 int j; 3903 if (!wiphy->bands[band]) 3904 continue; 3905 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3906 struct ieee80211_channel *chan; 3907 3908 chan = &wiphy->bands[band]->channels[j]; 3909 3910 if (chan->flags & IEEE80211_CHAN_DISABLED) 3911 continue; 3912 3913 request->channels[i] = chan; 3914 i++; 3915 } 3916 } 3917 } 3918 3919 if (!i) { 3920 err = -EINVAL; 3921 goto out_free; 3922 } 3923 3924 request->n_channels = i; 3925 3926 i = 0; 3927 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3928 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3929 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 3930 err = -EINVAL; 3931 goto out_free; 3932 } 3933 request->ssids[i].ssid_len = nla_len(attr); 3934 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3935 i++; 3936 } 3937 } 3938 3939 if (info->attrs[NL80211_ATTR_IE]) { 3940 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3941 memcpy((void *)request->ie, 3942 nla_data(info->attrs[NL80211_ATTR_IE]), 3943 request->ie_len); 3944 } 3945 3946 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 3947 if (wiphy->bands[i]) 3948 request->rates[i] = 3949 (1 << wiphy->bands[i]->n_bitrates) - 1; 3950 3951 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 3952 nla_for_each_nested(attr, 3953 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 3954 tmp) { 3955 enum ieee80211_band band = nla_type(attr); 3956 3957 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 3958 err = -EINVAL; 3959 goto out_free; 3960 } 3961 err = ieee80211_get_ratemask(wiphy->bands[band], 3962 nla_data(attr), 3963 nla_len(attr), 3964 &request->rates[band]); 3965 if (err) 3966 goto out_free; 3967 } 3968 } 3969 3970 request->no_cck = 3971 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 3972 3973 request->dev = dev; 3974 request->wiphy = &rdev->wiphy; 3975 3976 rdev->scan_req = request; 3977 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3978 3979 if (!err) { 3980 nl80211_send_scan_start(rdev, dev); 3981 dev_hold(dev); 3982 } else { 3983 out_free: 3984 rdev->scan_req = NULL; 3985 kfree(request); 3986 } 3987 3988 return err; 3989 } 3990 3991 static int nl80211_start_sched_scan(struct sk_buff *skb, 3992 struct genl_info *info) 3993 { 3994 struct cfg80211_sched_scan_request *request; 3995 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3996 struct net_device *dev = info->user_ptr[1]; 3997 struct nlattr *attr; 3998 struct wiphy *wiphy; 3999 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 4000 u32 interval; 4001 enum ieee80211_band band; 4002 size_t ie_len; 4003 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 4004 4005 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4006 !rdev->ops->sched_scan_start) 4007 return -EOPNOTSUPP; 4008 4009 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4010 return -EINVAL; 4011 4012 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 4013 return -EINVAL; 4014 4015 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 4016 if (interval == 0) 4017 return -EINVAL; 4018 4019 wiphy = &rdev->wiphy; 4020 4021 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4022 n_channels = validate_scan_freqs( 4023 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 4024 if (!n_channels) 4025 return -EINVAL; 4026 } else { 4027 n_channels = 0; 4028 4029 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 4030 if (wiphy->bands[band]) 4031 n_channels += wiphy->bands[band]->n_channels; 4032 } 4033 4034 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 4035 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4036 tmp) 4037 n_ssids++; 4038 4039 if (n_ssids > wiphy->max_sched_scan_ssids) 4040 return -EINVAL; 4041 4042 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 4043 nla_for_each_nested(attr, 4044 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4045 tmp) 4046 n_match_sets++; 4047 4048 if (n_match_sets > wiphy->max_match_sets) 4049 return -EINVAL; 4050 4051 if (info->attrs[NL80211_ATTR_IE]) 4052 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4053 else 4054 ie_len = 0; 4055 4056 if (ie_len > wiphy->max_sched_scan_ie_len) 4057 return -EINVAL; 4058 4059 mutex_lock(&rdev->sched_scan_mtx); 4060 4061 if (rdev->sched_scan_req) { 4062 err = -EINPROGRESS; 4063 goto out; 4064 } 4065 4066 request = kzalloc(sizeof(*request) 4067 + sizeof(*request->ssids) * n_ssids 4068 + sizeof(*request->match_sets) * n_match_sets 4069 + sizeof(*request->channels) * n_channels 4070 + ie_len, GFP_KERNEL); 4071 if (!request) { 4072 err = -ENOMEM; 4073 goto out; 4074 } 4075 4076 if (n_ssids) 4077 request->ssids = (void *)&request->channels[n_channels]; 4078 request->n_ssids = n_ssids; 4079 if (ie_len) { 4080 if (request->ssids) 4081 request->ie = (void *)(request->ssids + n_ssids); 4082 else 4083 request->ie = (void *)(request->channels + n_channels); 4084 } 4085 4086 if (n_match_sets) { 4087 if (request->ie) 4088 request->match_sets = (void *)(request->ie + ie_len); 4089 else if (request->ssids) 4090 request->match_sets = 4091 (void *)(request->ssids + n_ssids); 4092 else 4093 request->match_sets = 4094 (void *)(request->channels + n_channels); 4095 } 4096 request->n_match_sets = n_match_sets; 4097 4098 i = 0; 4099 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 4100 /* user specified, bail out if channel not found */ 4101 nla_for_each_nested(attr, 4102 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4103 tmp) { 4104 struct ieee80211_channel *chan; 4105 4106 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4107 4108 if (!chan) { 4109 err = -EINVAL; 4110 goto out_free; 4111 } 4112 4113 /* ignore disabled channels */ 4114 if (chan->flags & IEEE80211_CHAN_DISABLED) 4115 continue; 4116 4117 request->channels[i] = chan; 4118 i++; 4119 } 4120 } else { 4121 /* all channels */ 4122 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4123 int j; 4124 if (!wiphy->bands[band]) 4125 continue; 4126 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4127 struct ieee80211_channel *chan; 4128 4129 chan = &wiphy->bands[band]->channels[j]; 4130 4131 if (chan->flags & IEEE80211_CHAN_DISABLED) 4132 continue; 4133 4134 request->channels[i] = chan; 4135 i++; 4136 } 4137 } 4138 } 4139 4140 if (!i) { 4141 err = -EINVAL; 4142 goto out_free; 4143 } 4144 4145 request->n_channels = i; 4146 4147 i = 0; 4148 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4149 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4150 tmp) { 4151 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4152 err = -EINVAL; 4153 goto out_free; 4154 } 4155 request->ssids[i].ssid_len = nla_len(attr); 4156 memcpy(request->ssids[i].ssid, nla_data(attr), 4157 nla_len(attr)); 4158 i++; 4159 } 4160 } 4161 4162 i = 0; 4163 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 4164 nla_for_each_nested(attr, 4165 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4166 tmp) { 4167 struct nlattr *ssid; 4168 4169 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 4170 nla_data(attr), nla_len(attr), 4171 nl80211_match_policy); 4172 ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID]; 4173 if (ssid) { 4174 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 4175 err = -EINVAL; 4176 goto out_free; 4177 } 4178 memcpy(request->match_sets[i].ssid.ssid, 4179 nla_data(ssid), nla_len(ssid)); 4180 request->match_sets[i].ssid.ssid_len = 4181 nla_len(ssid); 4182 } 4183 i++; 4184 } 4185 } 4186 4187 if (info->attrs[NL80211_ATTR_IE]) { 4188 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4189 memcpy((void *)request->ie, 4190 nla_data(info->attrs[NL80211_ATTR_IE]), 4191 request->ie_len); 4192 } 4193 4194 request->dev = dev; 4195 request->wiphy = &rdev->wiphy; 4196 request->interval = interval; 4197 4198 err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request); 4199 if (!err) { 4200 rdev->sched_scan_req = request; 4201 nl80211_send_sched_scan(rdev, dev, 4202 NL80211_CMD_START_SCHED_SCAN); 4203 goto out; 4204 } 4205 4206 out_free: 4207 kfree(request); 4208 out: 4209 mutex_unlock(&rdev->sched_scan_mtx); 4210 return err; 4211 } 4212 4213 static int nl80211_stop_sched_scan(struct sk_buff *skb, 4214 struct genl_info *info) 4215 { 4216 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4217 int err; 4218 4219 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4220 !rdev->ops->sched_scan_stop) 4221 return -EOPNOTSUPP; 4222 4223 mutex_lock(&rdev->sched_scan_mtx); 4224 err = __cfg80211_stop_sched_scan(rdev, false); 4225 mutex_unlock(&rdev->sched_scan_mtx); 4226 4227 return err; 4228 } 4229 4230 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 4231 u32 seq, int flags, 4232 struct cfg80211_registered_device *rdev, 4233 struct wireless_dev *wdev, 4234 struct cfg80211_internal_bss *intbss) 4235 { 4236 struct cfg80211_bss *res = &intbss->pub; 4237 void *hdr; 4238 struct nlattr *bss; 4239 4240 ASSERT_WDEV_LOCK(wdev); 4241 4242 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags, 4243 NL80211_CMD_NEW_SCAN_RESULTS); 4244 if (!hdr) 4245 return -1; 4246 4247 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4248 4249 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 4250 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 4251 goto nla_put_failure; 4252 4253 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4254 if (!bss) 4255 goto nla_put_failure; 4256 if ((!is_zero_ether_addr(res->bssid) && 4257 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) || 4258 (res->information_elements && res->len_information_elements && 4259 nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4260 res->len_information_elements, 4261 res->information_elements)) || 4262 (res->beacon_ies && res->len_beacon_ies && 4263 res->beacon_ies != res->information_elements && 4264 nla_put(msg, NL80211_BSS_BEACON_IES, 4265 res->len_beacon_ies, res->beacon_ies))) 4266 goto nla_put_failure; 4267 if (res->tsf && 4268 nla_put_u64(msg, NL80211_BSS_TSF, res->tsf)) 4269 goto nla_put_failure; 4270 if (res->beacon_interval && 4271 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval)) 4272 goto nla_put_failure; 4273 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) || 4274 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) || 4275 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO, 4276 jiffies_to_msecs(jiffies - intbss->ts))) 4277 goto nla_put_failure; 4278 4279 switch (rdev->wiphy.signal_type) { 4280 case CFG80211_SIGNAL_TYPE_MBM: 4281 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal)) 4282 goto nla_put_failure; 4283 break; 4284 case CFG80211_SIGNAL_TYPE_UNSPEC: 4285 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal)) 4286 goto nla_put_failure; 4287 break; 4288 default: 4289 break; 4290 } 4291 4292 switch (wdev->iftype) { 4293 case NL80211_IFTYPE_P2P_CLIENT: 4294 case NL80211_IFTYPE_STATION: 4295 if (intbss == wdev->current_bss && 4296 nla_put_u32(msg, NL80211_BSS_STATUS, 4297 NL80211_BSS_STATUS_ASSOCIATED)) 4298 goto nla_put_failure; 4299 break; 4300 case NL80211_IFTYPE_ADHOC: 4301 if (intbss == wdev->current_bss && 4302 nla_put_u32(msg, NL80211_BSS_STATUS, 4303 NL80211_BSS_STATUS_IBSS_JOINED)) 4304 goto nla_put_failure; 4305 break; 4306 default: 4307 break; 4308 } 4309 4310 nla_nest_end(msg, bss); 4311 4312 return genlmsg_end(msg, hdr); 4313 4314 nla_put_failure: 4315 genlmsg_cancel(msg, hdr); 4316 return -EMSGSIZE; 4317 } 4318 4319 static int nl80211_dump_scan(struct sk_buff *skb, 4320 struct netlink_callback *cb) 4321 { 4322 struct cfg80211_registered_device *rdev; 4323 struct net_device *dev; 4324 struct cfg80211_internal_bss *scan; 4325 struct wireless_dev *wdev; 4326 int start = cb->args[1], idx = 0; 4327 int err; 4328 4329 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 4330 if (err) 4331 return err; 4332 4333 wdev = dev->ieee80211_ptr; 4334 4335 wdev_lock(wdev); 4336 spin_lock_bh(&rdev->bss_lock); 4337 cfg80211_bss_expire(rdev); 4338 4339 cb->seq = rdev->bss_generation; 4340 4341 list_for_each_entry(scan, &rdev->bss_list, list) { 4342 if (++idx <= start) 4343 continue; 4344 if (nl80211_send_bss(skb, cb, 4345 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4346 rdev, wdev, scan) < 0) { 4347 idx--; 4348 break; 4349 } 4350 } 4351 4352 spin_unlock_bh(&rdev->bss_lock); 4353 wdev_unlock(wdev); 4354 4355 cb->args[1] = idx; 4356 nl80211_finish_netdev_dump(rdev); 4357 4358 return skb->len; 4359 } 4360 4361 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 4362 int flags, struct net_device *dev, 4363 struct survey_info *survey) 4364 { 4365 void *hdr; 4366 struct nlattr *infoattr; 4367 4368 hdr = nl80211hdr_put(msg, pid, seq, flags, 4369 NL80211_CMD_NEW_SURVEY_RESULTS); 4370 if (!hdr) 4371 return -ENOMEM; 4372 4373 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) 4374 goto nla_put_failure; 4375 4376 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4377 if (!infoattr) 4378 goto nla_put_failure; 4379 4380 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4381 survey->channel->center_freq)) 4382 goto nla_put_failure; 4383 4384 if ((survey->filled & SURVEY_INFO_NOISE_DBM) && 4385 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise)) 4386 goto nla_put_failure; 4387 if ((survey->filled & SURVEY_INFO_IN_USE) && 4388 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE)) 4389 goto nla_put_failure; 4390 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) && 4391 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4392 survey->channel_time)) 4393 goto nla_put_failure; 4394 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) && 4395 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4396 survey->channel_time_busy)) 4397 goto nla_put_failure; 4398 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) && 4399 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4400 survey->channel_time_ext_busy)) 4401 goto nla_put_failure; 4402 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) && 4403 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4404 survey->channel_time_rx)) 4405 goto nla_put_failure; 4406 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) && 4407 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4408 survey->channel_time_tx)) 4409 goto nla_put_failure; 4410 4411 nla_nest_end(msg, infoattr); 4412 4413 return genlmsg_end(msg, hdr); 4414 4415 nla_put_failure: 4416 genlmsg_cancel(msg, hdr); 4417 return -EMSGSIZE; 4418 } 4419 4420 static int nl80211_dump_survey(struct sk_buff *skb, 4421 struct netlink_callback *cb) 4422 { 4423 struct survey_info survey; 4424 struct cfg80211_registered_device *dev; 4425 struct net_device *netdev; 4426 int survey_idx = cb->args[1]; 4427 int res; 4428 4429 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4430 if (res) 4431 return res; 4432 4433 if (!dev->ops->dump_survey) { 4434 res = -EOPNOTSUPP; 4435 goto out_err; 4436 } 4437 4438 while (1) { 4439 struct ieee80211_channel *chan; 4440 4441 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 4442 &survey); 4443 if (res == -ENOENT) 4444 break; 4445 if (res) 4446 goto out_err; 4447 4448 /* Survey without a channel doesn't make sense */ 4449 if (!survey.channel) { 4450 res = -EINVAL; 4451 goto out; 4452 } 4453 4454 chan = ieee80211_get_channel(&dev->wiphy, 4455 survey.channel->center_freq); 4456 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 4457 survey_idx++; 4458 continue; 4459 } 4460 4461 if (nl80211_send_survey(skb, 4462 NETLINK_CB(cb->skb).pid, 4463 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4464 netdev, 4465 &survey) < 0) 4466 goto out; 4467 survey_idx++; 4468 } 4469 4470 out: 4471 cb->args[1] = survey_idx; 4472 res = skb->len; 4473 out_err: 4474 nl80211_finish_netdev_dump(dev); 4475 return res; 4476 } 4477 4478 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 4479 { 4480 return auth_type <= NL80211_AUTHTYPE_MAX; 4481 } 4482 4483 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 4484 { 4485 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 4486 NL80211_WPA_VERSION_2)); 4487 } 4488 4489 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 4490 { 4491 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4492 struct net_device *dev = info->user_ptr[1]; 4493 struct ieee80211_channel *chan; 4494 const u8 *bssid, *ssid, *ie = NULL; 4495 int err, ssid_len, ie_len = 0; 4496 enum nl80211_auth_type auth_type; 4497 struct key_parse key; 4498 bool local_state_change; 4499 4500 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4501 return -EINVAL; 4502 4503 if (!info->attrs[NL80211_ATTR_MAC]) 4504 return -EINVAL; 4505 4506 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 4507 return -EINVAL; 4508 4509 if (!info->attrs[NL80211_ATTR_SSID]) 4510 return -EINVAL; 4511 4512 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4513 return -EINVAL; 4514 4515 err = nl80211_parse_key(info, &key); 4516 if (err) 4517 return err; 4518 4519 if (key.idx >= 0) { 4520 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 4521 return -EINVAL; 4522 if (!key.p.key || !key.p.key_len) 4523 return -EINVAL; 4524 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 4525 key.p.key_len != WLAN_KEY_LEN_WEP40) && 4526 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 4527 key.p.key_len != WLAN_KEY_LEN_WEP104)) 4528 return -EINVAL; 4529 if (key.idx > 4) 4530 return -EINVAL; 4531 } else { 4532 key.p.key_len = 0; 4533 key.p.key = NULL; 4534 } 4535 4536 if (key.idx >= 0) { 4537 int i; 4538 bool ok = false; 4539 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 4540 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 4541 ok = true; 4542 break; 4543 } 4544 } 4545 if (!ok) 4546 return -EINVAL; 4547 } 4548 4549 if (!rdev->ops->auth) 4550 return -EOPNOTSUPP; 4551 4552 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4553 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4554 return -EOPNOTSUPP; 4555 4556 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4557 chan = ieee80211_get_channel(&rdev->wiphy, 4558 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4559 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4560 return -EINVAL; 4561 4562 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4563 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4564 4565 if (info->attrs[NL80211_ATTR_IE]) { 4566 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4567 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4568 } 4569 4570 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4571 if (!nl80211_valid_auth_type(auth_type)) 4572 return -EINVAL; 4573 4574 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4575 4576 /* 4577 * Since we no longer track auth state, ignore 4578 * requests to only change local state. 4579 */ 4580 if (local_state_change) 4581 return 0; 4582 4583 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 4584 ssid, ssid_len, ie, ie_len, 4585 key.p.key, key.p.key_len, key.idx); 4586 } 4587 4588 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 4589 struct genl_info *info, 4590 struct cfg80211_crypto_settings *settings, 4591 int cipher_limit) 4592 { 4593 memset(settings, 0, sizeof(*settings)); 4594 4595 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 4596 4597 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 4598 u16 proto; 4599 proto = nla_get_u16( 4600 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 4601 settings->control_port_ethertype = cpu_to_be16(proto); 4602 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 4603 proto != ETH_P_PAE) 4604 return -EINVAL; 4605 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 4606 settings->control_port_no_encrypt = true; 4607 } else 4608 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 4609 4610 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 4611 void *data; 4612 int len, i; 4613 4614 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4615 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4616 settings->n_ciphers_pairwise = len / sizeof(u32); 4617 4618 if (len % sizeof(u32)) 4619 return -EINVAL; 4620 4621 if (settings->n_ciphers_pairwise > cipher_limit) 4622 return -EINVAL; 4623 4624 memcpy(settings->ciphers_pairwise, data, len); 4625 4626 for (i = 0; i < settings->n_ciphers_pairwise; i++) 4627 if (!cfg80211_supported_cipher_suite( 4628 &rdev->wiphy, 4629 settings->ciphers_pairwise[i])) 4630 return -EINVAL; 4631 } 4632 4633 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 4634 settings->cipher_group = 4635 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 4636 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 4637 settings->cipher_group)) 4638 return -EINVAL; 4639 } 4640 4641 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 4642 settings->wpa_versions = 4643 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 4644 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 4645 return -EINVAL; 4646 } 4647 4648 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 4649 void *data; 4650 int len; 4651 4652 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 4653 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 4654 settings->n_akm_suites = len / sizeof(u32); 4655 4656 if (len % sizeof(u32)) 4657 return -EINVAL; 4658 4659 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 4660 return -EINVAL; 4661 4662 memcpy(settings->akm_suites, data, len); 4663 } 4664 4665 return 0; 4666 } 4667 4668 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 4669 { 4670 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4671 struct net_device *dev = info->user_ptr[1]; 4672 struct cfg80211_crypto_settings crypto; 4673 struct ieee80211_channel *chan; 4674 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 4675 int err, ssid_len, ie_len = 0; 4676 bool use_mfp = false; 4677 u32 flags = 0; 4678 struct ieee80211_ht_cap *ht_capa = NULL; 4679 struct ieee80211_ht_cap *ht_capa_mask = NULL; 4680 4681 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4682 return -EINVAL; 4683 4684 if (!info->attrs[NL80211_ATTR_MAC] || 4685 !info->attrs[NL80211_ATTR_SSID] || 4686 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4687 return -EINVAL; 4688 4689 if (!rdev->ops->assoc) 4690 return -EOPNOTSUPP; 4691 4692 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4693 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4694 return -EOPNOTSUPP; 4695 4696 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4697 4698 chan = ieee80211_get_channel(&rdev->wiphy, 4699 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4700 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4701 return -EINVAL; 4702 4703 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4704 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4705 4706 if (info->attrs[NL80211_ATTR_IE]) { 4707 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4708 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4709 } 4710 4711 if (info->attrs[NL80211_ATTR_USE_MFP]) { 4712 enum nl80211_mfp mfp = 4713 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 4714 if (mfp == NL80211_MFP_REQUIRED) 4715 use_mfp = true; 4716 else if (mfp != NL80211_MFP_NO) 4717 return -EINVAL; 4718 } 4719 4720 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 4721 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 4722 4723 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 4724 flags |= ASSOC_REQ_DISABLE_HT; 4725 4726 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 4727 ht_capa_mask = 4728 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 4729 4730 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 4731 if (!ht_capa_mask) 4732 return -EINVAL; 4733 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 4734 } 4735 4736 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 4737 if (!err) 4738 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 4739 ssid, ssid_len, ie, ie_len, use_mfp, 4740 &crypto, flags, ht_capa, 4741 ht_capa_mask); 4742 4743 return err; 4744 } 4745 4746 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 4747 { 4748 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4749 struct net_device *dev = info->user_ptr[1]; 4750 const u8 *ie = NULL, *bssid; 4751 int ie_len = 0; 4752 u16 reason_code; 4753 bool local_state_change; 4754 4755 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4756 return -EINVAL; 4757 4758 if (!info->attrs[NL80211_ATTR_MAC]) 4759 return -EINVAL; 4760 4761 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4762 return -EINVAL; 4763 4764 if (!rdev->ops->deauth) 4765 return -EOPNOTSUPP; 4766 4767 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4768 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4769 return -EOPNOTSUPP; 4770 4771 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4772 4773 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4774 if (reason_code == 0) { 4775 /* Reason Code 0 is reserved */ 4776 return -EINVAL; 4777 } 4778 4779 if (info->attrs[NL80211_ATTR_IE]) { 4780 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4781 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4782 } 4783 4784 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4785 4786 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 4787 local_state_change); 4788 } 4789 4790 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 4791 { 4792 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4793 struct net_device *dev = info->user_ptr[1]; 4794 const u8 *ie = NULL, *bssid; 4795 int ie_len = 0; 4796 u16 reason_code; 4797 bool local_state_change; 4798 4799 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4800 return -EINVAL; 4801 4802 if (!info->attrs[NL80211_ATTR_MAC]) 4803 return -EINVAL; 4804 4805 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4806 return -EINVAL; 4807 4808 if (!rdev->ops->disassoc) 4809 return -EOPNOTSUPP; 4810 4811 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4812 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4813 return -EOPNOTSUPP; 4814 4815 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4816 4817 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4818 if (reason_code == 0) { 4819 /* Reason Code 0 is reserved */ 4820 return -EINVAL; 4821 } 4822 4823 if (info->attrs[NL80211_ATTR_IE]) { 4824 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4825 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4826 } 4827 4828 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4829 4830 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 4831 local_state_change); 4832 } 4833 4834 static bool 4835 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 4836 int mcast_rate[IEEE80211_NUM_BANDS], 4837 int rateval) 4838 { 4839 struct wiphy *wiphy = &rdev->wiphy; 4840 bool found = false; 4841 int band, i; 4842 4843 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4844 struct ieee80211_supported_band *sband; 4845 4846 sband = wiphy->bands[band]; 4847 if (!sband) 4848 continue; 4849 4850 for (i = 0; i < sband->n_bitrates; i++) { 4851 if (sband->bitrates[i].bitrate == rateval) { 4852 mcast_rate[band] = i + 1; 4853 found = true; 4854 break; 4855 } 4856 } 4857 } 4858 4859 return found; 4860 } 4861 4862 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 4863 { 4864 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4865 struct net_device *dev = info->user_ptr[1]; 4866 struct cfg80211_ibss_params ibss; 4867 struct wiphy *wiphy; 4868 struct cfg80211_cached_keys *connkeys = NULL; 4869 int err; 4870 4871 memset(&ibss, 0, sizeof(ibss)); 4872 4873 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4874 return -EINVAL; 4875 4876 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4877 !info->attrs[NL80211_ATTR_SSID] || 4878 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4879 return -EINVAL; 4880 4881 ibss.beacon_interval = 100; 4882 4883 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 4884 ibss.beacon_interval = 4885 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 4886 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 4887 return -EINVAL; 4888 } 4889 4890 if (!rdev->ops->join_ibss) 4891 return -EOPNOTSUPP; 4892 4893 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 4894 return -EOPNOTSUPP; 4895 4896 wiphy = &rdev->wiphy; 4897 4898 if (info->attrs[NL80211_ATTR_MAC]) { 4899 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4900 4901 if (!is_valid_ether_addr(ibss.bssid)) 4902 return -EINVAL; 4903 } 4904 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4905 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4906 4907 if (info->attrs[NL80211_ATTR_IE]) { 4908 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4909 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4910 } 4911 4912 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4913 enum nl80211_channel_type channel_type; 4914 4915 channel_type = nla_get_u32( 4916 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4917 if (channel_type != NL80211_CHAN_NO_HT && 4918 channel_type != NL80211_CHAN_HT20 && 4919 channel_type != NL80211_CHAN_HT40MINUS && 4920 channel_type != NL80211_CHAN_HT40PLUS) 4921 return -EINVAL; 4922 4923 if (channel_type != NL80211_CHAN_NO_HT && 4924 !(wiphy->features & NL80211_FEATURE_HT_IBSS)) 4925 return -EINVAL; 4926 4927 ibss.channel_type = channel_type; 4928 } else { 4929 ibss.channel_type = NL80211_CHAN_NO_HT; 4930 } 4931 4932 ibss.channel = rdev_freq_to_chan(rdev, 4933 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 4934 ibss.channel_type); 4935 if (!ibss.channel || 4936 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 4937 ibss.channel->flags & IEEE80211_CHAN_DISABLED) 4938 return -EINVAL; 4939 4940 /* Both channels should be able to initiate communication */ 4941 if ((ibss.channel_type == NL80211_CHAN_HT40PLUS || 4942 ibss.channel_type == NL80211_CHAN_HT40MINUS) && 4943 !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel, 4944 ibss.channel_type)) 4945 return -EINVAL; 4946 4947 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 4948 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 4949 4950 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 4951 u8 *rates = 4952 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4953 int n_rates = 4954 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4955 struct ieee80211_supported_band *sband = 4956 wiphy->bands[ibss.channel->band]; 4957 4958 err = ieee80211_get_ratemask(sband, rates, n_rates, 4959 &ibss.basic_rates); 4960 if (err) 4961 return err; 4962 } 4963 4964 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 4965 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 4966 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 4967 return -EINVAL; 4968 4969 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4970 connkeys = nl80211_parse_connkeys(rdev, 4971 info->attrs[NL80211_ATTR_KEYS]); 4972 if (IS_ERR(connkeys)) 4973 return PTR_ERR(connkeys); 4974 } 4975 4976 ibss.control_port = 4977 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 4978 4979 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 4980 if (err) 4981 kfree(connkeys); 4982 return err; 4983 } 4984 4985 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 4986 { 4987 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4988 struct net_device *dev = info->user_ptr[1]; 4989 4990 if (!rdev->ops->leave_ibss) 4991 return -EOPNOTSUPP; 4992 4993 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 4994 return -EOPNOTSUPP; 4995 4996 return cfg80211_leave_ibss(rdev, dev, false); 4997 } 4998 4999 #ifdef CONFIG_NL80211_TESTMODE 5000 static struct genl_multicast_group nl80211_testmode_mcgrp = { 5001 .name = "testmode", 5002 }; 5003 5004 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 5005 { 5006 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5007 int err; 5008 5009 if (!info->attrs[NL80211_ATTR_TESTDATA]) 5010 return -EINVAL; 5011 5012 err = -EOPNOTSUPP; 5013 if (rdev->ops->testmode_cmd) { 5014 rdev->testmode_info = info; 5015 err = rdev->ops->testmode_cmd(&rdev->wiphy, 5016 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 5017 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 5018 rdev->testmode_info = NULL; 5019 } 5020 5021 return err; 5022 } 5023 5024 static int nl80211_testmode_dump(struct sk_buff *skb, 5025 struct netlink_callback *cb) 5026 { 5027 struct cfg80211_registered_device *rdev; 5028 int err; 5029 long phy_idx; 5030 void *data = NULL; 5031 int data_len = 0; 5032 5033 if (cb->args[0]) { 5034 /* 5035 * 0 is a valid index, but not valid for args[0], 5036 * so we need to offset by 1. 5037 */ 5038 phy_idx = cb->args[0] - 1; 5039 } else { 5040 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 5041 nl80211_fam.attrbuf, nl80211_fam.maxattr, 5042 nl80211_policy); 5043 if (err) 5044 return err; 5045 if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) { 5046 phy_idx = nla_get_u32( 5047 nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]); 5048 } else { 5049 struct net_device *netdev; 5050 5051 err = get_rdev_dev_by_ifindex(sock_net(skb->sk), 5052 nl80211_fam.attrbuf, 5053 &rdev, &netdev); 5054 if (err) 5055 return err; 5056 dev_put(netdev); 5057 phy_idx = rdev->wiphy_idx; 5058 cfg80211_unlock_rdev(rdev); 5059 } 5060 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 5061 cb->args[1] = 5062 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 5063 } 5064 5065 if (cb->args[1]) { 5066 data = nla_data((void *)cb->args[1]); 5067 data_len = nla_len((void *)cb->args[1]); 5068 } 5069 5070 mutex_lock(&cfg80211_mutex); 5071 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 5072 if (!rdev) { 5073 mutex_unlock(&cfg80211_mutex); 5074 return -ENOENT; 5075 } 5076 cfg80211_lock_rdev(rdev); 5077 mutex_unlock(&cfg80211_mutex); 5078 5079 if (!rdev->ops->testmode_dump) { 5080 err = -EOPNOTSUPP; 5081 goto out_err; 5082 } 5083 5084 while (1) { 5085 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid, 5086 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5087 NL80211_CMD_TESTMODE); 5088 struct nlattr *tmdata; 5089 5090 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) { 5091 genlmsg_cancel(skb, hdr); 5092 break; 5093 } 5094 5095 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5096 if (!tmdata) { 5097 genlmsg_cancel(skb, hdr); 5098 break; 5099 } 5100 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb, 5101 data, data_len); 5102 nla_nest_end(skb, tmdata); 5103 5104 if (err == -ENOBUFS || err == -ENOENT) { 5105 genlmsg_cancel(skb, hdr); 5106 break; 5107 } else if (err) { 5108 genlmsg_cancel(skb, hdr); 5109 goto out_err; 5110 } 5111 5112 genlmsg_end(skb, hdr); 5113 } 5114 5115 err = skb->len; 5116 /* see above */ 5117 cb->args[0] = phy_idx + 1; 5118 out_err: 5119 cfg80211_unlock_rdev(rdev); 5120 return err; 5121 } 5122 5123 static struct sk_buff * 5124 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 5125 int approxlen, u32 pid, u32 seq, gfp_t gfp) 5126 { 5127 struct sk_buff *skb; 5128 void *hdr; 5129 struct nlattr *data; 5130 5131 skb = nlmsg_new(approxlen + 100, gfp); 5132 if (!skb) 5133 return NULL; 5134 5135 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 5136 if (!hdr) { 5137 kfree_skb(skb); 5138 return NULL; 5139 } 5140 5141 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx)) 5142 goto nla_put_failure; 5143 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5144 5145 ((void **)skb->cb)[0] = rdev; 5146 ((void **)skb->cb)[1] = hdr; 5147 ((void **)skb->cb)[2] = data; 5148 5149 return skb; 5150 5151 nla_put_failure: 5152 kfree_skb(skb); 5153 return NULL; 5154 } 5155 5156 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 5157 int approxlen) 5158 { 5159 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5160 5161 if (WARN_ON(!rdev->testmode_info)) 5162 return NULL; 5163 5164 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 5165 rdev->testmode_info->snd_pid, 5166 rdev->testmode_info->snd_seq, 5167 GFP_KERNEL); 5168 } 5169 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 5170 5171 int cfg80211_testmode_reply(struct sk_buff *skb) 5172 { 5173 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 5174 void *hdr = ((void **)skb->cb)[1]; 5175 struct nlattr *data = ((void **)skb->cb)[2]; 5176 5177 if (WARN_ON(!rdev->testmode_info)) { 5178 kfree_skb(skb); 5179 return -EINVAL; 5180 } 5181 5182 nla_nest_end(skb, data); 5183 genlmsg_end(skb, hdr); 5184 return genlmsg_reply(skb, rdev->testmode_info); 5185 } 5186 EXPORT_SYMBOL(cfg80211_testmode_reply); 5187 5188 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 5189 int approxlen, gfp_t gfp) 5190 { 5191 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5192 5193 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 5194 } 5195 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 5196 5197 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 5198 { 5199 void *hdr = ((void **)skb->cb)[1]; 5200 struct nlattr *data = ((void **)skb->cb)[2]; 5201 5202 nla_nest_end(skb, data); 5203 genlmsg_end(skb, hdr); 5204 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 5205 } 5206 EXPORT_SYMBOL(cfg80211_testmode_event); 5207 #endif 5208 5209 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 5210 { 5211 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5212 struct net_device *dev = info->user_ptr[1]; 5213 struct cfg80211_connect_params connect; 5214 struct wiphy *wiphy; 5215 struct cfg80211_cached_keys *connkeys = NULL; 5216 int err; 5217 5218 memset(&connect, 0, sizeof(connect)); 5219 5220 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5221 return -EINVAL; 5222 5223 if (!info->attrs[NL80211_ATTR_SSID] || 5224 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5225 return -EINVAL; 5226 5227 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5228 connect.auth_type = 5229 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5230 if (!nl80211_valid_auth_type(connect.auth_type)) 5231 return -EINVAL; 5232 } else 5233 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5234 5235 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 5236 5237 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 5238 NL80211_MAX_NR_CIPHER_SUITES); 5239 if (err) 5240 return err; 5241 5242 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5243 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5244 return -EOPNOTSUPP; 5245 5246 wiphy = &rdev->wiphy; 5247 5248 connect.bg_scan_period = -1; 5249 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 5250 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 5251 connect.bg_scan_period = 5252 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 5253 } 5254 5255 if (info->attrs[NL80211_ATTR_MAC]) 5256 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5257 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5258 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5259 5260 if (info->attrs[NL80211_ATTR_IE]) { 5261 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5262 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5263 } 5264 5265 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5266 connect.channel = 5267 ieee80211_get_channel(wiphy, 5268 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5269 if (!connect.channel || 5270 connect.channel->flags & IEEE80211_CHAN_DISABLED) 5271 return -EINVAL; 5272 } 5273 5274 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5275 connkeys = nl80211_parse_connkeys(rdev, 5276 info->attrs[NL80211_ATTR_KEYS]); 5277 if (IS_ERR(connkeys)) 5278 return PTR_ERR(connkeys); 5279 } 5280 5281 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5282 connect.flags |= ASSOC_REQ_DISABLE_HT; 5283 5284 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5285 memcpy(&connect.ht_capa_mask, 5286 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 5287 sizeof(connect.ht_capa_mask)); 5288 5289 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5290 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5291 return -EINVAL; 5292 memcpy(&connect.ht_capa, 5293 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 5294 sizeof(connect.ht_capa)); 5295 } 5296 5297 err = cfg80211_connect(rdev, dev, &connect, connkeys); 5298 if (err) 5299 kfree(connkeys); 5300 return err; 5301 } 5302 5303 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 5304 { 5305 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5306 struct net_device *dev = info->user_ptr[1]; 5307 u16 reason; 5308 5309 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5310 reason = WLAN_REASON_DEAUTH_LEAVING; 5311 else 5312 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5313 5314 if (reason == 0) 5315 return -EINVAL; 5316 5317 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5318 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5319 return -EOPNOTSUPP; 5320 5321 return cfg80211_disconnect(rdev, dev, reason, true); 5322 } 5323 5324 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 5325 { 5326 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5327 struct net *net; 5328 int err; 5329 u32 pid; 5330 5331 if (!info->attrs[NL80211_ATTR_PID]) 5332 return -EINVAL; 5333 5334 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 5335 5336 net = get_net_ns_by_pid(pid); 5337 if (IS_ERR(net)) 5338 return PTR_ERR(net); 5339 5340 err = 0; 5341 5342 /* check if anything to do */ 5343 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 5344 err = cfg80211_switch_netns(rdev, net); 5345 5346 put_net(net); 5347 return err; 5348 } 5349 5350 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 5351 { 5352 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5353 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 5354 struct cfg80211_pmksa *pmksa) = NULL; 5355 struct net_device *dev = info->user_ptr[1]; 5356 struct cfg80211_pmksa pmksa; 5357 5358 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 5359 5360 if (!info->attrs[NL80211_ATTR_MAC]) 5361 return -EINVAL; 5362 5363 if (!info->attrs[NL80211_ATTR_PMKID]) 5364 return -EINVAL; 5365 5366 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 5367 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5368 5369 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5370 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5371 return -EOPNOTSUPP; 5372 5373 switch (info->genlhdr->cmd) { 5374 case NL80211_CMD_SET_PMKSA: 5375 rdev_ops = rdev->ops->set_pmksa; 5376 break; 5377 case NL80211_CMD_DEL_PMKSA: 5378 rdev_ops = rdev->ops->del_pmksa; 5379 break; 5380 default: 5381 WARN_ON(1); 5382 break; 5383 } 5384 5385 if (!rdev_ops) 5386 return -EOPNOTSUPP; 5387 5388 return rdev_ops(&rdev->wiphy, dev, &pmksa); 5389 } 5390 5391 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 5392 { 5393 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5394 struct net_device *dev = info->user_ptr[1]; 5395 5396 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5397 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5398 return -EOPNOTSUPP; 5399 5400 if (!rdev->ops->flush_pmksa) 5401 return -EOPNOTSUPP; 5402 5403 return rdev->ops->flush_pmksa(&rdev->wiphy, dev); 5404 } 5405 5406 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 5407 { 5408 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5409 struct net_device *dev = info->user_ptr[1]; 5410 u8 action_code, dialog_token; 5411 u16 status_code; 5412 u8 *peer; 5413 5414 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5415 !rdev->ops->tdls_mgmt) 5416 return -EOPNOTSUPP; 5417 5418 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 5419 !info->attrs[NL80211_ATTR_STATUS_CODE] || 5420 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 5421 !info->attrs[NL80211_ATTR_IE] || 5422 !info->attrs[NL80211_ATTR_MAC]) 5423 return -EINVAL; 5424 5425 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5426 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 5427 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 5428 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 5429 5430 return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code, 5431 dialog_token, status_code, 5432 nla_data(info->attrs[NL80211_ATTR_IE]), 5433 nla_len(info->attrs[NL80211_ATTR_IE])); 5434 } 5435 5436 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 5437 { 5438 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5439 struct net_device *dev = info->user_ptr[1]; 5440 enum nl80211_tdls_operation operation; 5441 u8 *peer; 5442 5443 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5444 !rdev->ops->tdls_oper) 5445 return -EOPNOTSUPP; 5446 5447 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 5448 !info->attrs[NL80211_ATTR_MAC]) 5449 return -EINVAL; 5450 5451 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 5452 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5453 5454 return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation); 5455 } 5456 5457 static int nl80211_remain_on_channel(struct sk_buff *skb, 5458 struct genl_info *info) 5459 { 5460 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5461 struct net_device *dev = info->user_ptr[1]; 5462 struct ieee80211_channel *chan; 5463 struct sk_buff *msg; 5464 void *hdr; 5465 u64 cookie; 5466 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5467 u32 freq, duration; 5468 int err; 5469 5470 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5471 !info->attrs[NL80211_ATTR_DURATION]) 5472 return -EINVAL; 5473 5474 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5475 5476 /* 5477 * We should be on that channel for at least one jiffie, 5478 * and more than 5 seconds seems excessive. 5479 */ 5480 if (!duration || !msecs_to_jiffies(duration) || 5481 duration > rdev->wiphy.max_remain_on_channel_duration) 5482 return -EINVAL; 5483 5484 if (!rdev->ops->remain_on_channel || 5485 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 5486 return -EOPNOTSUPP; 5487 5488 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5489 channel_type = nla_get_u32( 5490 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 5491 if (channel_type != NL80211_CHAN_NO_HT && 5492 channel_type != NL80211_CHAN_HT20 && 5493 channel_type != NL80211_CHAN_HT40PLUS && 5494 channel_type != NL80211_CHAN_HT40MINUS) 5495 return -EINVAL; 5496 } 5497 5498 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5499 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5500 if (chan == NULL) 5501 return -EINVAL; 5502 5503 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5504 if (!msg) 5505 return -ENOMEM; 5506 5507 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5508 NL80211_CMD_REMAIN_ON_CHANNEL); 5509 5510 if (IS_ERR(hdr)) { 5511 err = PTR_ERR(hdr); 5512 goto free_msg; 5513 } 5514 5515 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 5516 channel_type, duration, &cookie); 5517 5518 if (err) 5519 goto free_msg; 5520 5521 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 5522 goto nla_put_failure; 5523 5524 genlmsg_end(msg, hdr); 5525 5526 return genlmsg_reply(msg, info); 5527 5528 nla_put_failure: 5529 err = -ENOBUFS; 5530 free_msg: 5531 nlmsg_free(msg); 5532 return err; 5533 } 5534 5535 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 5536 struct genl_info *info) 5537 { 5538 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5539 struct net_device *dev = info->user_ptr[1]; 5540 u64 cookie; 5541 5542 if (!info->attrs[NL80211_ATTR_COOKIE]) 5543 return -EINVAL; 5544 5545 if (!rdev->ops->cancel_remain_on_channel) 5546 return -EOPNOTSUPP; 5547 5548 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5549 5550 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 5551 } 5552 5553 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5554 u8 *rates, u8 rates_len) 5555 { 5556 u8 i; 5557 u32 mask = 0; 5558 5559 for (i = 0; i < rates_len; i++) { 5560 int rate = (rates[i] & 0x7f) * 5; 5561 int ridx; 5562 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 5563 struct ieee80211_rate *srate = 5564 &sband->bitrates[ridx]; 5565 if (rate == srate->bitrate) { 5566 mask |= 1 << ridx; 5567 break; 5568 } 5569 } 5570 if (ridx == sband->n_bitrates) 5571 return 0; /* rate not found */ 5572 } 5573 5574 return mask; 5575 } 5576 5577 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 5578 u8 *rates, u8 rates_len, 5579 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 5580 { 5581 u8 i; 5582 5583 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 5584 5585 for (i = 0; i < rates_len; i++) { 5586 int ridx, rbit; 5587 5588 ridx = rates[i] / 8; 5589 rbit = BIT(rates[i] % 8); 5590 5591 /* check validity */ 5592 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 5593 return false; 5594 5595 /* check availability */ 5596 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 5597 mcs[ridx] |= rbit; 5598 else 5599 return false; 5600 } 5601 5602 return true; 5603 } 5604 5605 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 5606 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 5607 .len = NL80211_MAX_SUPP_RATES }, 5608 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 5609 .len = NL80211_MAX_SUPP_HT_RATES }, 5610 }; 5611 5612 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 5613 struct genl_info *info) 5614 { 5615 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5616 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5617 struct cfg80211_bitrate_mask mask; 5618 int rem, i; 5619 struct net_device *dev = info->user_ptr[1]; 5620 struct nlattr *tx_rates; 5621 struct ieee80211_supported_band *sband; 5622 5623 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 5624 return -EINVAL; 5625 5626 if (!rdev->ops->set_bitrate_mask) 5627 return -EOPNOTSUPP; 5628 5629 memset(&mask, 0, sizeof(mask)); 5630 /* Default to all rates enabled */ 5631 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 5632 sband = rdev->wiphy.bands[i]; 5633 mask.control[i].legacy = 5634 sband ? (1 << sband->n_bitrates) - 1 : 0; 5635 if (sband) 5636 memcpy(mask.control[i].mcs, 5637 sband->ht_cap.mcs.rx_mask, 5638 sizeof(mask.control[i].mcs)); 5639 else 5640 memset(mask.control[i].mcs, 0, 5641 sizeof(mask.control[i].mcs)); 5642 } 5643 5644 /* 5645 * The nested attribute uses enum nl80211_band as the index. This maps 5646 * directly to the enum ieee80211_band values used in cfg80211. 5647 */ 5648 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 5649 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 5650 { 5651 enum ieee80211_band band = nla_type(tx_rates); 5652 if (band < 0 || band >= IEEE80211_NUM_BANDS) 5653 return -EINVAL; 5654 sband = rdev->wiphy.bands[band]; 5655 if (sband == NULL) 5656 return -EINVAL; 5657 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 5658 nla_len(tx_rates), nl80211_txattr_policy); 5659 if (tb[NL80211_TXRATE_LEGACY]) { 5660 mask.control[band].legacy = rateset_to_mask( 5661 sband, 5662 nla_data(tb[NL80211_TXRATE_LEGACY]), 5663 nla_len(tb[NL80211_TXRATE_LEGACY])); 5664 if ((mask.control[band].legacy == 0) && 5665 nla_len(tb[NL80211_TXRATE_LEGACY])) 5666 return -EINVAL; 5667 } 5668 if (tb[NL80211_TXRATE_MCS]) { 5669 if (!ht_rateset_to_mask( 5670 sband, 5671 nla_data(tb[NL80211_TXRATE_MCS]), 5672 nla_len(tb[NL80211_TXRATE_MCS]), 5673 mask.control[band].mcs)) 5674 return -EINVAL; 5675 } 5676 5677 if (mask.control[band].legacy == 0) { 5678 /* don't allow empty legacy rates if HT 5679 * is not even supported. */ 5680 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 5681 return -EINVAL; 5682 5683 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 5684 if (mask.control[band].mcs[i]) 5685 break; 5686 5687 /* legacy and mcs rates may not be both empty */ 5688 if (i == IEEE80211_HT_MCS_MASK_LEN) 5689 return -EINVAL; 5690 } 5691 } 5692 5693 return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 5694 } 5695 5696 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 5697 { 5698 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5699 struct net_device *dev = info->user_ptr[1]; 5700 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 5701 5702 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 5703 return -EINVAL; 5704 5705 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 5706 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 5707 5708 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5709 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5710 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5711 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5712 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5713 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5714 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5715 return -EOPNOTSUPP; 5716 5717 /* not much point in registering if we can't reply */ 5718 if (!rdev->ops->mgmt_tx) 5719 return -EOPNOTSUPP; 5720 5721 return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid, 5722 frame_type, 5723 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 5724 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 5725 } 5726 5727 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 5728 { 5729 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5730 struct net_device *dev = info->user_ptr[1]; 5731 struct ieee80211_channel *chan; 5732 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5733 bool channel_type_valid = false; 5734 u32 freq; 5735 int err; 5736 void *hdr = NULL; 5737 u64 cookie; 5738 struct sk_buff *msg = NULL; 5739 unsigned int wait = 0; 5740 bool offchan, no_cck, dont_wait_for_ack; 5741 5742 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 5743 5744 if (!info->attrs[NL80211_ATTR_FRAME] || 5745 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5746 return -EINVAL; 5747 5748 if (!rdev->ops->mgmt_tx) 5749 return -EOPNOTSUPP; 5750 5751 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5752 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5753 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5754 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5755 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5756 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5757 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5758 return -EOPNOTSUPP; 5759 5760 if (info->attrs[NL80211_ATTR_DURATION]) { 5761 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5762 return -EINVAL; 5763 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5764 } 5765 5766 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5767 channel_type = nla_get_u32( 5768 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 5769 if (channel_type != NL80211_CHAN_NO_HT && 5770 channel_type != NL80211_CHAN_HT20 && 5771 channel_type != NL80211_CHAN_HT40PLUS && 5772 channel_type != NL80211_CHAN_HT40MINUS) 5773 return -EINVAL; 5774 channel_type_valid = true; 5775 } 5776 5777 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 5778 5779 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5780 return -EINVAL; 5781 5782 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 5783 5784 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5785 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5786 if (chan == NULL) 5787 return -EINVAL; 5788 5789 if (!dont_wait_for_ack) { 5790 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5791 if (!msg) 5792 return -ENOMEM; 5793 5794 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5795 NL80211_CMD_FRAME); 5796 5797 if (IS_ERR(hdr)) { 5798 err = PTR_ERR(hdr); 5799 goto free_msg; 5800 } 5801 } 5802 5803 err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type, 5804 channel_type_valid, wait, 5805 nla_data(info->attrs[NL80211_ATTR_FRAME]), 5806 nla_len(info->attrs[NL80211_ATTR_FRAME]), 5807 no_cck, dont_wait_for_ack, &cookie); 5808 if (err) 5809 goto free_msg; 5810 5811 if (msg) { 5812 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 5813 goto nla_put_failure; 5814 5815 genlmsg_end(msg, hdr); 5816 return genlmsg_reply(msg, info); 5817 } 5818 5819 return 0; 5820 5821 nla_put_failure: 5822 err = -ENOBUFS; 5823 free_msg: 5824 nlmsg_free(msg); 5825 return err; 5826 } 5827 5828 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 5829 { 5830 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5831 struct net_device *dev = info->user_ptr[1]; 5832 u64 cookie; 5833 5834 if (!info->attrs[NL80211_ATTR_COOKIE]) 5835 return -EINVAL; 5836 5837 if (!rdev->ops->mgmt_tx_cancel_wait) 5838 return -EOPNOTSUPP; 5839 5840 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5841 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5842 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5843 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5844 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5845 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5846 return -EOPNOTSUPP; 5847 5848 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5849 5850 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie); 5851 } 5852 5853 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 5854 { 5855 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5856 struct wireless_dev *wdev; 5857 struct net_device *dev = info->user_ptr[1]; 5858 u8 ps_state; 5859 bool state; 5860 int err; 5861 5862 if (!info->attrs[NL80211_ATTR_PS_STATE]) 5863 return -EINVAL; 5864 5865 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 5866 5867 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 5868 return -EINVAL; 5869 5870 wdev = dev->ieee80211_ptr; 5871 5872 if (!rdev->ops->set_power_mgmt) 5873 return -EOPNOTSUPP; 5874 5875 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 5876 5877 if (state == wdev->ps) 5878 return 0; 5879 5880 err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state, 5881 wdev->ps_timeout); 5882 if (!err) 5883 wdev->ps = state; 5884 return err; 5885 } 5886 5887 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 5888 { 5889 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5890 enum nl80211_ps_state ps_state; 5891 struct wireless_dev *wdev; 5892 struct net_device *dev = info->user_ptr[1]; 5893 struct sk_buff *msg; 5894 void *hdr; 5895 int err; 5896 5897 wdev = dev->ieee80211_ptr; 5898 5899 if (!rdev->ops->set_power_mgmt) 5900 return -EOPNOTSUPP; 5901 5902 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5903 if (!msg) 5904 return -ENOMEM; 5905 5906 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5907 NL80211_CMD_GET_POWER_SAVE); 5908 if (!hdr) { 5909 err = -ENOBUFS; 5910 goto free_msg; 5911 } 5912 5913 if (wdev->ps) 5914 ps_state = NL80211_PS_ENABLED; 5915 else 5916 ps_state = NL80211_PS_DISABLED; 5917 5918 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state)) 5919 goto nla_put_failure; 5920 5921 genlmsg_end(msg, hdr); 5922 return genlmsg_reply(msg, info); 5923 5924 nla_put_failure: 5925 err = -ENOBUFS; 5926 free_msg: 5927 nlmsg_free(msg); 5928 return err; 5929 } 5930 5931 static struct nla_policy 5932 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 5933 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 5934 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 5935 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 5936 }; 5937 5938 static int nl80211_set_cqm_rssi(struct genl_info *info, 5939 s32 threshold, u32 hysteresis) 5940 { 5941 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5942 struct wireless_dev *wdev; 5943 struct net_device *dev = info->user_ptr[1]; 5944 5945 if (threshold > 0) 5946 return -EINVAL; 5947 5948 wdev = dev->ieee80211_ptr; 5949 5950 if (!rdev->ops->set_cqm_rssi_config) 5951 return -EOPNOTSUPP; 5952 5953 if (wdev->iftype != NL80211_IFTYPE_STATION && 5954 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 5955 return -EOPNOTSUPP; 5956 5957 return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 5958 threshold, hysteresis); 5959 } 5960 5961 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 5962 { 5963 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 5964 struct nlattr *cqm; 5965 int err; 5966 5967 cqm = info->attrs[NL80211_ATTR_CQM]; 5968 if (!cqm) { 5969 err = -EINVAL; 5970 goto out; 5971 } 5972 5973 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 5974 nl80211_attr_cqm_policy); 5975 if (err) 5976 goto out; 5977 5978 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 5979 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 5980 s32 threshold; 5981 u32 hysteresis; 5982 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 5983 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 5984 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 5985 } else 5986 err = -EINVAL; 5987 5988 out: 5989 return err; 5990 } 5991 5992 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 5993 { 5994 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5995 struct net_device *dev = info->user_ptr[1]; 5996 struct mesh_config cfg; 5997 struct mesh_setup setup; 5998 int err; 5999 6000 /* start with default */ 6001 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 6002 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 6003 6004 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 6005 /* and parse parameters if given */ 6006 err = nl80211_parse_mesh_config(info, &cfg, NULL); 6007 if (err) 6008 return err; 6009 } 6010 6011 if (!info->attrs[NL80211_ATTR_MESH_ID] || 6012 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 6013 return -EINVAL; 6014 6015 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 6016 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 6017 6018 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 6019 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 6020 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 6021 return -EINVAL; 6022 6023 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 6024 /* parse additional setup parameters if given */ 6025 err = nl80211_parse_mesh_setup(info, &setup); 6026 if (err) 6027 return err; 6028 } 6029 6030 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 6031 } 6032 6033 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 6034 { 6035 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6036 struct net_device *dev = info->user_ptr[1]; 6037 6038 return cfg80211_leave_mesh(rdev, dev); 6039 } 6040 6041 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 6042 { 6043 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6044 struct sk_buff *msg; 6045 void *hdr; 6046 6047 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6048 return -EOPNOTSUPP; 6049 6050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6051 if (!msg) 6052 return -ENOMEM; 6053 6054 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6055 NL80211_CMD_GET_WOWLAN); 6056 if (!hdr) 6057 goto nla_put_failure; 6058 6059 if (rdev->wowlan) { 6060 struct nlattr *nl_wowlan; 6061 6062 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 6063 if (!nl_wowlan) 6064 goto nla_put_failure; 6065 6066 if ((rdev->wowlan->any && 6067 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) || 6068 (rdev->wowlan->disconnect && 6069 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) || 6070 (rdev->wowlan->magic_pkt && 6071 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) || 6072 (rdev->wowlan->gtk_rekey_failure && 6073 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) || 6074 (rdev->wowlan->eap_identity_req && 6075 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) || 6076 (rdev->wowlan->four_way_handshake && 6077 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) || 6078 (rdev->wowlan->rfkill_release && 6079 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) 6080 goto nla_put_failure; 6081 if (rdev->wowlan->n_patterns) { 6082 struct nlattr *nl_pats, *nl_pat; 6083 int i, pat_len; 6084 6085 nl_pats = nla_nest_start(msg, 6086 NL80211_WOWLAN_TRIG_PKT_PATTERN); 6087 if (!nl_pats) 6088 goto nla_put_failure; 6089 6090 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 6091 nl_pat = nla_nest_start(msg, i + 1); 6092 if (!nl_pat) 6093 goto nla_put_failure; 6094 pat_len = rdev->wowlan->patterns[i].pattern_len; 6095 if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK, 6096 DIV_ROUND_UP(pat_len, 8), 6097 rdev->wowlan->patterns[i].mask) || 6098 nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 6099 pat_len, 6100 rdev->wowlan->patterns[i].pattern)) 6101 goto nla_put_failure; 6102 nla_nest_end(msg, nl_pat); 6103 } 6104 nla_nest_end(msg, nl_pats); 6105 } 6106 6107 nla_nest_end(msg, nl_wowlan); 6108 } 6109 6110 genlmsg_end(msg, hdr); 6111 return genlmsg_reply(msg, info); 6112 6113 nla_put_failure: 6114 nlmsg_free(msg); 6115 return -ENOBUFS; 6116 } 6117 6118 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 6119 { 6120 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6121 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 6122 struct cfg80211_wowlan no_triggers = {}; 6123 struct cfg80211_wowlan new_triggers = {}; 6124 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 6125 int err, i; 6126 bool prev_enabled = rdev->wowlan; 6127 6128 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6129 return -EOPNOTSUPP; 6130 6131 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) 6132 goto no_triggers; 6133 6134 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6135 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6136 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6137 nl80211_wowlan_policy); 6138 if (err) 6139 return err; 6140 6141 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 6142 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 6143 return -EINVAL; 6144 new_triggers.any = true; 6145 } 6146 6147 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 6148 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 6149 return -EINVAL; 6150 new_triggers.disconnect = true; 6151 } 6152 6153 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 6154 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 6155 return -EINVAL; 6156 new_triggers.magic_pkt = true; 6157 } 6158 6159 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 6160 return -EINVAL; 6161 6162 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 6163 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 6164 return -EINVAL; 6165 new_triggers.gtk_rekey_failure = true; 6166 } 6167 6168 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 6169 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 6170 return -EINVAL; 6171 new_triggers.eap_identity_req = true; 6172 } 6173 6174 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 6175 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 6176 return -EINVAL; 6177 new_triggers.four_way_handshake = true; 6178 } 6179 6180 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 6181 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 6182 return -EINVAL; 6183 new_triggers.rfkill_release = true; 6184 } 6185 6186 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 6187 struct nlattr *pat; 6188 int n_patterns = 0; 6189 int rem, pat_len, mask_len; 6190 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 6191 6192 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6193 rem) 6194 n_patterns++; 6195 if (n_patterns > wowlan->n_patterns) 6196 return -EINVAL; 6197 6198 new_triggers.patterns = kcalloc(n_patterns, 6199 sizeof(new_triggers.patterns[0]), 6200 GFP_KERNEL); 6201 if (!new_triggers.patterns) 6202 return -ENOMEM; 6203 6204 new_triggers.n_patterns = n_patterns; 6205 i = 0; 6206 6207 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6208 rem) { 6209 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 6210 nla_data(pat), nla_len(pat), NULL); 6211 err = -EINVAL; 6212 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 6213 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 6214 goto error; 6215 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 6216 mask_len = DIV_ROUND_UP(pat_len, 8); 6217 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 6218 mask_len) 6219 goto error; 6220 if (pat_len > wowlan->pattern_max_len || 6221 pat_len < wowlan->pattern_min_len) 6222 goto error; 6223 6224 new_triggers.patterns[i].mask = 6225 kmalloc(mask_len + pat_len, GFP_KERNEL); 6226 if (!new_triggers.patterns[i].mask) { 6227 err = -ENOMEM; 6228 goto error; 6229 } 6230 new_triggers.patterns[i].pattern = 6231 new_triggers.patterns[i].mask + mask_len; 6232 memcpy(new_triggers.patterns[i].mask, 6233 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 6234 mask_len); 6235 new_triggers.patterns[i].pattern_len = pat_len; 6236 memcpy(new_triggers.patterns[i].pattern, 6237 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 6238 pat_len); 6239 i++; 6240 } 6241 } 6242 6243 if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) { 6244 struct cfg80211_wowlan *ntrig; 6245 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), 6246 GFP_KERNEL); 6247 if (!ntrig) { 6248 err = -ENOMEM; 6249 goto error; 6250 } 6251 cfg80211_rdev_free_wowlan(rdev); 6252 rdev->wowlan = ntrig; 6253 } else { 6254 no_triggers: 6255 cfg80211_rdev_free_wowlan(rdev); 6256 rdev->wowlan = NULL; 6257 } 6258 6259 if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan) 6260 rdev->ops->set_wakeup(&rdev->wiphy, rdev->wowlan); 6261 6262 return 0; 6263 error: 6264 for (i = 0; i < new_triggers.n_patterns; i++) 6265 kfree(new_triggers.patterns[i].mask); 6266 kfree(new_triggers.patterns); 6267 return err; 6268 } 6269 6270 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 6271 { 6272 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6273 struct net_device *dev = info->user_ptr[1]; 6274 struct wireless_dev *wdev = dev->ieee80211_ptr; 6275 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 6276 struct cfg80211_gtk_rekey_data rekey_data; 6277 int err; 6278 6279 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 6280 return -EINVAL; 6281 6282 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 6283 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 6284 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 6285 nl80211_rekey_policy); 6286 if (err) 6287 return err; 6288 6289 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 6290 return -ERANGE; 6291 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 6292 return -ERANGE; 6293 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 6294 return -ERANGE; 6295 6296 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 6297 NL80211_KEK_LEN); 6298 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 6299 NL80211_KCK_LEN); 6300 memcpy(rekey_data.replay_ctr, 6301 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 6302 NL80211_REPLAY_CTR_LEN); 6303 6304 wdev_lock(wdev); 6305 if (!wdev->current_bss) { 6306 err = -ENOTCONN; 6307 goto out; 6308 } 6309 6310 if (!rdev->ops->set_rekey_data) { 6311 err = -EOPNOTSUPP; 6312 goto out; 6313 } 6314 6315 err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data); 6316 out: 6317 wdev_unlock(wdev); 6318 return err; 6319 } 6320 6321 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 6322 struct genl_info *info) 6323 { 6324 struct net_device *dev = info->user_ptr[1]; 6325 struct wireless_dev *wdev = dev->ieee80211_ptr; 6326 6327 if (wdev->iftype != NL80211_IFTYPE_AP && 6328 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6329 return -EINVAL; 6330 6331 if (wdev->ap_unexpected_nlpid) 6332 return -EBUSY; 6333 6334 wdev->ap_unexpected_nlpid = info->snd_pid; 6335 return 0; 6336 } 6337 6338 static int nl80211_probe_client(struct sk_buff *skb, 6339 struct genl_info *info) 6340 { 6341 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6342 struct net_device *dev = info->user_ptr[1]; 6343 struct wireless_dev *wdev = dev->ieee80211_ptr; 6344 struct sk_buff *msg; 6345 void *hdr; 6346 const u8 *addr; 6347 u64 cookie; 6348 int err; 6349 6350 if (wdev->iftype != NL80211_IFTYPE_AP && 6351 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6352 return -EOPNOTSUPP; 6353 6354 if (!info->attrs[NL80211_ATTR_MAC]) 6355 return -EINVAL; 6356 6357 if (!rdev->ops->probe_client) 6358 return -EOPNOTSUPP; 6359 6360 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6361 if (!msg) 6362 return -ENOMEM; 6363 6364 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6365 NL80211_CMD_PROBE_CLIENT); 6366 6367 if (IS_ERR(hdr)) { 6368 err = PTR_ERR(hdr); 6369 goto free_msg; 6370 } 6371 6372 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6373 6374 err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie); 6375 if (err) 6376 goto free_msg; 6377 6378 if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 6379 goto nla_put_failure; 6380 6381 genlmsg_end(msg, hdr); 6382 6383 return genlmsg_reply(msg, info); 6384 6385 nla_put_failure: 6386 err = -ENOBUFS; 6387 free_msg: 6388 nlmsg_free(msg); 6389 return err; 6390 } 6391 6392 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 6393 { 6394 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6395 6396 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 6397 return -EOPNOTSUPP; 6398 6399 if (rdev->ap_beacons_nlpid) 6400 return -EBUSY; 6401 6402 rdev->ap_beacons_nlpid = info->snd_pid; 6403 6404 return 0; 6405 } 6406 6407 #define NL80211_FLAG_NEED_WIPHY 0x01 6408 #define NL80211_FLAG_NEED_NETDEV 0x02 6409 #define NL80211_FLAG_NEED_RTNL 0x04 6410 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 6411 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6412 NL80211_FLAG_CHECK_NETDEV_UP) 6413 6414 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 6415 struct genl_info *info) 6416 { 6417 struct cfg80211_registered_device *rdev; 6418 struct net_device *dev; 6419 int err; 6420 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 6421 6422 if (rtnl) 6423 rtnl_lock(); 6424 6425 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 6426 rdev = cfg80211_get_dev_from_info(info); 6427 if (IS_ERR(rdev)) { 6428 if (rtnl) 6429 rtnl_unlock(); 6430 return PTR_ERR(rdev); 6431 } 6432 info->user_ptr[0] = rdev; 6433 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 6434 err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs, 6435 &rdev, &dev); 6436 if (err) { 6437 if (rtnl) 6438 rtnl_unlock(); 6439 return err; 6440 } 6441 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 6442 !netif_running(dev)) { 6443 cfg80211_unlock_rdev(rdev); 6444 dev_put(dev); 6445 if (rtnl) 6446 rtnl_unlock(); 6447 return -ENETDOWN; 6448 } 6449 info->user_ptr[0] = rdev; 6450 info->user_ptr[1] = dev; 6451 } 6452 6453 return 0; 6454 } 6455 6456 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 6457 struct genl_info *info) 6458 { 6459 if (info->user_ptr[0]) 6460 cfg80211_unlock_rdev(info->user_ptr[0]); 6461 if (info->user_ptr[1]) 6462 dev_put(info->user_ptr[1]); 6463 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 6464 rtnl_unlock(); 6465 } 6466 6467 static struct genl_ops nl80211_ops[] = { 6468 { 6469 .cmd = NL80211_CMD_GET_WIPHY, 6470 .doit = nl80211_get_wiphy, 6471 .dumpit = nl80211_dump_wiphy, 6472 .policy = nl80211_policy, 6473 /* can be retrieved by unprivileged users */ 6474 .internal_flags = NL80211_FLAG_NEED_WIPHY, 6475 }, 6476 { 6477 .cmd = NL80211_CMD_SET_WIPHY, 6478 .doit = nl80211_set_wiphy, 6479 .policy = nl80211_policy, 6480 .flags = GENL_ADMIN_PERM, 6481 .internal_flags = NL80211_FLAG_NEED_RTNL, 6482 }, 6483 { 6484 .cmd = NL80211_CMD_GET_INTERFACE, 6485 .doit = nl80211_get_interface, 6486 .dumpit = nl80211_dump_interface, 6487 .policy = nl80211_policy, 6488 /* can be retrieved by unprivileged users */ 6489 .internal_flags = NL80211_FLAG_NEED_NETDEV, 6490 }, 6491 { 6492 .cmd = NL80211_CMD_SET_INTERFACE, 6493 .doit = nl80211_set_interface, 6494 .policy = nl80211_policy, 6495 .flags = GENL_ADMIN_PERM, 6496 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6497 NL80211_FLAG_NEED_RTNL, 6498 }, 6499 { 6500 .cmd = NL80211_CMD_NEW_INTERFACE, 6501 .doit = nl80211_new_interface, 6502 .policy = nl80211_policy, 6503 .flags = GENL_ADMIN_PERM, 6504 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6505 NL80211_FLAG_NEED_RTNL, 6506 }, 6507 { 6508 .cmd = NL80211_CMD_DEL_INTERFACE, 6509 .doit = nl80211_del_interface, 6510 .policy = nl80211_policy, 6511 .flags = GENL_ADMIN_PERM, 6512 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6513 NL80211_FLAG_NEED_RTNL, 6514 }, 6515 { 6516 .cmd = NL80211_CMD_GET_KEY, 6517 .doit = nl80211_get_key, 6518 .policy = nl80211_policy, 6519 .flags = GENL_ADMIN_PERM, 6520 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6521 NL80211_FLAG_NEED_RTNL, 6522 }, 6523 { 6524 .cmd = NL80211_CMD_SET_KEY, 6525 .doit = nl80211_set_key, 6526 .policy = nl80211_policy, 6527 .flags = GENL_ADMIN_PERM, 6528 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6529 NL80211_FLAG_NEED_RTNL, 6530 }, 6531 { 6532 .cmd = NL80211_CMD_NEW_KEY, 6533 .doit = nl80211_new_key, 6534 .policy = nl80211_policy, 6535 .flags = GENL_ADMIN_PERM, 6536 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6537 NL80211_FLAG_NEED_RTNL, 6538 }, 6539 { 6540 .cmd = NL80211_CMD_DEL_KEY, 6541 .doit = nl80211_del_key, 6542 .policy = nl80211_policy, 6543 .flags = GENL_ADMIN_PERM, 6544 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6545 NL80211_FLAG_NEED_RTNL, 6546 }, 6547 { 6548 .cmd = NL80211_CMD_SET_BEACON, 6549 .policy = nl80211_policy, 6550 .flags = GENL_ADMIN_PERM, 6551 .doit = nl80211_set_beacon, 6552 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6553 NL80211_FLAG_NEED_RTNL, 6554 }, 6555 { 6556 .cmd = NL80211_CMD_START_AP, 6557 .policy = nl80211_policy, 6558 .flags = GENL_ADMIN_PERM, 6559 .doit = nl80211_start_ap, 6560 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6561 NL80211_FLAG_NEED_RTNL, 6562 }, 6563 { 6564 .cmd = NL80211_CMD_STOP_AP, 6565 .policy = nl80211_policy, 6566 .flags = GENL_ADMIN_PERM, 6567 .doit = nl80211_stop_ap, 6568 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6569 NL80211_FLAG_NEED_RTNL, 6570 }, 6571 { 6572 .cmd = NL80211_CMD_GET_STATION, 6573 .doit = nl80211_get_station, 6574 .dumpit = nl80211_dump_station, 6575 .policy = nl80211_policy, 6576 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6577 NL80211_FLAG_NEED_RTNL, 6578 }, 6579 { 6580 .cmd = NL80211_CMD_SET_STATION, 6581 .doit = nl80211_set_station, 6582 .policy = nl80211_policy, 6583 .flags = GENL_ADMIN_PERM, 6584 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6585 NL80211_FLAG_NEED_RTNL, 6586 }, 6587 { 6588 .cmd = NL80211_CMD_NEW_STATION, 6589 .doit = nl80211_new_station, 6590 .policy = nl80211_policy, 6591 .flags = GENL_ADMIN_PERM, 6592 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6593 NL80211_FLAG_NEED_RTNL, 6594 }, 6595 { 6596 .cmd = NL80211_CMD_DEL_STATION, 6597 .doit = nl80211_del_station, 6598 .policy = nl80211_policy, 6599 .flags = GENL_ADMIN_PERM, 6600 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6601 NL80211_FLAG_NEED_RTNL, 6602 }, 6603 { 6604 .cmd = NL80211_CMD_GET_MPATH, 6605 .doit = nl80211_get_mpath, 6606 .dumpit = nl80211_dump_mpath, 6607 .policy = nl80211_policy, 6608 .flags = GENL_ADMIN_PERM, 6609 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6610 NL80211_FLAG_NEED_RTNL, 6611 }, 6612 { 6613 .cmd = NL80211_CMD_SET_MPATH, 6614 .doit = nl80211_set_mpath, 6615 .policy = nl80211_policy, 6616 .flags = GENL_ADMIN_PERM, 6617 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6618 NL80211_FLAG_NEED_RTNL, 6619 }, 6620 { 6621 .cmd = NL80211_CMD_NEW_MPATH, 6622 .doit = nl80211_new_mpath, 6623 .policy = nl80211_policy, 6624 .flags = GENL_ADMIN_PERM, 6625 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6626 NL80211_FLAG_NEED_RTNL, 6627 }, 6628 { 6629 .cmd = NL80211_CMD_DEL_MPATH, 6630 .doit = nl80211_del_mpath, 6631 .policy = nl80211_policy, 6632 .flags = GENL_ADMIN_PERM, 6633 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6634 NL80211_FLAG_NEED_RTNL, 6635 }, 6636 { 6637 .cmd = NL80211_CMD_SET_BSS, 6638 .doit = nl80211_set_bss, 6639 .policy = nl80211_policy, 6640 .flags = GENL_ADMIN_PERM, 6641 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6642 NL80211_FLAG_NEED_RTNL, 6643 }, 6644 { 6645 .cmd = NL80211_CMD_GET_REG, 6646 .doit = nl80211_get_reg, 6647 .policy = nl80211_policy, 6648 /* can be retrieved by unprivileged users */ 6649 }, 6650 { 6651 .cmd = NL80211_CMD_SET_REG, 6652 .doit = nl80211_set_reg, 6653 .policy = nl80211_policy, 6654 .flags = GENL_ADMIN_PERM, 6655 }, 6656 { 6657 .cmd = NL80211_CMD_REQ_SET_REG, 6658 .doit = nl80211_req_set_reg, 6659 .policy = nl80211_policy, 6660 .flags = GENL_ADMIN_PERM, 6661 }, 6662 { 6663 .cmd = NL80211_CMD_GET_MESH_CONFIG, 6664 .doit = nl80211_get_mesh_config, 6665 .policy = nl80211_policy, 6666 /* can be retrieved by unprivileged users */ 6667 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6668 NL80211_FLAG_NEED_RTNL, 6669 }, 6670 { 6671 .cmd = NL80211_CMD_SET_MESH_CONFIG, 6672 .doit = nl80211_update_mesh_config, 6673 .policy = nl80211_policy, 6674 .flags = GENL_ADMIN_PERM, 6675 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6676 NL80211_FLAG_NEED_RTNL, 6677 }, 6678 { 6679 .cmd = NL80211_CMD_TRIGGER_SCAN, 6680 .doit = nl80211_trigger_scan, 6681 .policy = nl80211_policy, 6682 .flags = GENL_ADMIN_PERM, 6683 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6684 NL80211_FLAG_NEED_RTNL, 6685 }, 6686 { 6687 .cmd = NL80211_CMD_GET_SCAN, 6688 .policy = nl80211_policy, 6689 .dumpit = nl80211_dump_scan, 6690 }, 6691 { 6692 .cmd = NL80211_CMD_START_SCHED_SCAN, 6693 .doit = nl80211_start_sched_scan, 6694 .policy = nl80211_policy, 6695 .flags = GENL_ADMIN_PERM, 6696 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6697 NL80211_FLAG_NEED_RTNL, 6698 }, 6699 { 6700 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 6701 .doit = nl80211_stop_sched_scan, 6702 .policy = nl80211_policy, 6703 .flags = GENL_ADMIN_PERM, 6704 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6705 NL80211_FLAG_NEED_RTNL, 6706 }, 6707 { 6708 .cmd = NL80211_CMD_AUTHENTICATE, 6709 .doit = nl80211_authenticate, 6710 .policy = nl80211_policy, 6711 .flags = GENL_ADMIN_PERM, 6712 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6713 NL80211_FLAG_NEED_RTNL, 6714 }, 6715 { 6716 .cmd = NL80211_CMD_ASSOCIATE, 6717 .doit = nl80211_associate, 6718 .policy = nl80211_policy, 6719 .flags = GENL_ADMIN_PERM, 6720 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6721 NL80211_FLAG_NEED_RTNL, 6722 }, 6723 { 6724 .cmd = NL80211_CMD_DEAUTHENTICATE, 6725 .doit = nl80211_deauthenticate, 6726 .policy = nl80211_policy, 6727 .flags = GENL_ADMIN_PERM, 6728 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6729 NL80211_FLAG_NEED_RTNL, 6730 }, 6731 { 6732 .cmd = NL80211_CMD_DISASSOCIATE, 6733 .doit = nl80211_disassociate, 6734 .policy = nl80211_policy, 6735 .flags = GENL_ADMIN_PERM, 6736 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6737 NL80211_FLAG_NEED_RTNL, 6738 }, 6739 { 6740 .cmd = NL80211_CMD_JOIN_IBSS, 6741 .doit = nl80211_join_ibss, 6742 .policy = nl80211_policy, 6743 .flags = GENL_ADMIN_PERM, 6744 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6745 NL80211_FLAG_NEED_RTNL, 6746 }, 6747 { 6748 .cmd = NL80211_CMD_LEAVE_IBSS, 6749 .doit = nl80211_leave_ibss, 6750 .policy = nl80211_policy, 6751 .flags = GENL_ADMIN_PERM, 6752 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6753 NL80211_FLAG_NEED_RTNL, 6754 }, 6755 #ifdef CONFIG_NL80211_TESTMODE 6756 { 6757 .cmd = NL80211_CMD_TESTMODE, 6758 .doit = nl80211_testmode_do, 6759 .dumpit = nl80211_testmode_dump, 6760 .policy = nl80211_policy, 6761 .flags = GENL_ADMIN_PERM, 6762 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6763 NL80211_FLAG_NEED_RTNL, 6764 }, 6765 #endif 6766 { 6767 .cmd = NL80211_CMD_CONNECT, 6768 .doit = nl80211_connect, 6769 .policy = nl80211_policy, 6770 .flags = GENL_ADMIN_PERM, 6771 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6772 NL80211_FLAG_NEED_RTNL, 6773 }, 6774 { 6775 .cmd = NL80211_CMD_DISCONNECT, 6776 .doit = nl80211_disconnect, 6777 .policy = nl80211_policy, 6778 .flags = GENL_ADMIN_PERM, 6779 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6780 NL80211_FLAG_NEED_RTNL, 6781 }, 6782 { 6783 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 6784 .doit = nl80211_wiphy_netns, 6785 .policy = nl80211_policy, 6786 .flags = GENL_ADMIN_PERM, 6787 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6788 NL80211_FLAG_NEED_RTNL, 6789 }, 6790 { 6791 .cmd = NL80211_CMD_GET_SURVEY, 6792 .policy = nl80211_policy, 6793 .dumpit = nl80211_dump_survey, 6794 }, 6795 { 6796 .cmd = NL80211_CMD_SET_PMKSA, 6797 .doit = nl80211_setdel_pmksa, 6798 .policy = nl80211_policy, 6799 .flags = GENL_ADMIN_PERM, 6800 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6801 NL80211_FLAG_NEED_RTNL, 6802 }, 6803 { 6804 .cmd = NL80211_CMD_DEL_PMKSA, 6805 .doit = nl80211_setdel_pmksa, 6806 .policy = nl80211_policy, 6807 .flags = GENL_ADMIN_PERM, 6808 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6809 NL80211_FLAG_NEED_RTNL, 6810 }, 6811 { 6812 .cmd = NL80211_CMD_FLUSH_PMKSA, 6813 .doit = nl80211_flush_pmksa, 6814 .policy = nl80211_policy, 6815 .flags = GENL_ADMIN_PERM, 6816 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6817 NL80211_FLAG_NEED_RTNL, 6818 }, 6819 { 6820 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 6821 .doit = nl80211_remain_on_channel, 6822 .policy = nl80211_policy, 6823 .flags = GENL_ADMIN_PERM, 6824 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6825 NL80211_FLAG_NEED_RTNL, 6826 }, 6827 { 6828 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 6829 .doit = nl80211_cancel_remain_on_channel, 6830 .policy = nl80211_policy, 6831 .flags = GENL_ADMIN_PERM, 6832 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6833 NL80211_FLAG_NEED_RTNL, 6834 }, 6835 { 6836 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 6837 .doit = nl80211_set_tx_bitrate_mask, 6838 .policy = nl80211_policy, 6839 .flags = GENL_ADMIN_PERM, 6840 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6841 NL80211_FLAG_NEED_RTNL, 6842 }, 6843 { 6844 .cmd = NL80211_CMD_REGISTER_FRAME, 6845 .doit = nl80211_register_mgmt, 6846 .policy = nl80211_policy, 6847 .flags = GENL_ADMIN_PERM, 6848 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6849 NL80211_FLAG_NEED_RTNL, 6850 }, 6851 { 6852 .cmd = NL80211_CMD_FRAME, 6853 .doit = nl80211_tx_mgmt, 6854 .policy = nl80211_policy, 6855 .flags = GENL_ADMIN_PERM, 6856 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6857 NL80211_FLAG_NEED_RTNL, 6858 }, 6859 { 6860 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 6861 .doit = nl80211_tx_mgmt_cancel_wait, 6862 .policy = nl80211_policy, 6863 .flags = GENL_ADMIN_PERM, 6864 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6865 NL80211_FLAG_NEED_RTNL, 6866 }, 6867 { 6868 .cmd = NL80211_CMD_SET_POWER_SAVE, 6869 .doit = nl80211_set_power_save, 6870 .policy = nl80211_policy, 6871 .flags = GENL_ADMIN_PERM, 6872 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6873 NL80211_FLAG_NEED_RTNL, 6874 }, 6875 { 6876 .cmd = NL80211_CMD_GET_POWER_SAVE, 6877 .doit = nl80211_get_power_save, 6878 .policy = nl80211_policy, 6879 /* can be retrieved by unprivileged users */ 6880 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6881 NL80211_FLAG_NEED_RTNL, 6882 }, 6883 { 6884 .cmd = NL80211_CMD_SET_CQM, 6885 .doit = nl80211_set_cqm, 6886 .policy = nl80211_policy, 6887 .flags = GENL_ADMIN_PERM, 6888 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6889 NL80211_FLAG_NEED_RTNL, 6890 }, 6891 { 6892 .cmd = NL80211_CMD_SET_CHANNEL, 6893 .doit = nl80211_set_channel, 6894 .policy = nl80211_policy, 6895 .flags = GENL_ADMIN_PERM, 6896 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6897 NL80211_FLAG_NEED_RTNL, 6898 }, 6899 { 6900 .cmd = NL80211_CMD_SET_WDS_PEER, 6901 .doit = nl80211_set_wds_peer, 6902 .policy = nl80211_policy, 6903 .flags = GENL_ADMIN_PERM, 6904 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6905 NL80211_FLAG_NEED_RTNL, 6906 }, 6907 { 6908 .cmd = NL80211_CMD_JOIN_MESH, 6909 .doit = nl80211_join_mesh, 6910 .policy = nl80211_policy, 6911 .flags = GENL_ADMIN_PERM, 6912 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6913 NL80211_FLAG_NEED_RTNL, 6914 }, 6915 { 6916 .cmd = NL80211_CMD_LEAVE_MESH, 6917 .doit = nl80211_leave_mesh, 6918 .policy = nl80211_policy, 6919 .flags = GENL_ADMIN_PERM, 6920 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6921 NL80211_FLAG_NEED_RTNL, 6922 }, 6923 { 6924 .cmd = NL80211_CMD_GET_WOWLAN, 6925 .doit = nl80211_get_wowlan, 6926 .policy = nl80211_policy, 6927 /* can be retrieved by unprivileged users */ 6928 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6929 NL80211_FLAG_NEED_RTNL, 6930 }, 6931 { 6932 .cmd = NL80211_CMD_SET_WOWLAN, 6933 .doit = nl80211_set_wowlan, 6934 .policy = nl80211_policy, 6935 .flags = GENL_ADMIN_PERM, 6936 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6937 NL80211_FLAG_NEED_RTNL, 6938 }, 6939 { 6940 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 6941 .doit = nl80211_set_rekey_data, 6942 .policy = nl80211_policy, 6943 .flags = GENL_ADMIN_PERM, 6944 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6945 NL80211_FLAG_NEED_RTNL, 6946 }, 6947 { 6948 .cmd = NL80211_CMD_TDLS_MGMT, 6949 .doit = nl80211_tdls_mgmt, 6950 .policy = nl80211_policy, 6951 .flags = GENL_ADMIN_PERM, 6952 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6953 NL80211_FLAG_NEED_RTNL, 6954 }, 6955 { 6956 .cmd = NL80211_CMD_TDLS_OPER, 6957 .doit = nl80211_tdls_oper, 6958 .policy = nl80211_policy, 6959 .flags = GENL_ADMIN_PERM, 6960 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6961 NL80211_FLAG_NEED_RTNL, 6962 }, 6963 { 6964 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 6965 .doit = nl80211_register_unexpected_frame, 6966 .policy = nl80211_policy, 6967 .flags = GENL_ADMIN_PERM, 6968 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6969 NL80211_FLAG_NEED_RTNL, 6970 }, 6971 { 6972 .cmd = NL80211_CMD_PROBE_CLIENT, 6973 .doit = nl80211_probe_client, 6974 .policy = nl80211_policy, 6975 .flags = GENL_ADMIN_PERM, 6976 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6977 NL80211_FLAG_NEED_RTNL, 6978 }, 6979 { 6980 .cmd = NL80211_CMD_REGISTER_BEACONS, 6981 .doit = nl80211_register_beacons, 6982 .policy = nl80211_policy, 6983 .flags = GENL_ADMIN_PERM, 6984 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6985 NL80211_FLAG_NEED_RTNL, 6986 }, 6987 { 6988 .cmd = NL80211_CMD_SET_NOACK_MAP, 6989 .doit = nl80211_set_noack_map, 6990 .policy = nl80211_policy, 6991 .flags = GENL_ADMIN_PERM, 6992 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6993 NL80211_FLAG_NEED_RTNL, 6994 }, 6995 6996 }; 6997 6998 static struct genl_multicast_group nl80211_mlme_mcgrp = { 6999 .name = "mlme", 7000 }; 7001 7002 /* multicast groups */ 7003 static struct genl_multicast_group nl80211_config_mcgrp = { 7004 .name = "config", 7005 }; 7006 static struct genl_multicast_group nl80211_scan_mcgrp = { 7007 .name = "scan", 7008 }; 7009 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 7010 .name = "regulatory", 7011 }; 7012 7013 /* notification functions */ 7014 7015 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 7016 { 7017 struct sk_buff *msg; 7018 7019 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7020 if (!msg) 7021 return; 7022 7023 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 7024 nlmsg_free(msg); 7025 return; 7026 } 7027 7028 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7029 nl80211_config_mcgrp.id, GFP_KERNEL); 7030 } 7031 7032 static int nl80211_add_scan_req(struct sk_buff *msg, 7033 struct cfg80211_registered_device *rdev) 7034 { 7035 struct cfg80211_scan_request *req = rdev->scan_req; 7036 struct nlattr *nest; 7037 int i; 7038 7039 ASSERT_RDEV_LOCK(rdev); 7040 7041 if (WARN_ON(!req)) 7042 return 0; 7043 7044 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 7045 if (!nest) 7046 goto nla_put_failure; 7047 for (i = 0; i < req->n_ssids; i++) { 7048 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid)) 7049 goto nla_put_failure; 7050 } 7051 nla_nest_end(msg, nest); 7052 7053 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 7054 if (!nest) 7055 goto nla_put_failure; 7056 for (i = 0; i < req->n_channels; i++) { 7057 if (nla_put_u32(msg, i, req->channels[i]->center_freq)) 7058 goto nla_put_failure; 7059 } 7060 nla_nest_end(msg, nest); 7061 7062 if (req->ie && 7063 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie)) 7064 goto nla_put_failure; 7065 7066 return 0; 7067 nla_put_failure: 7068 return -ENOBUFS; 7069 } 7070 7071 static int nl80211_send_scan_msg(struct sk_buff *msg, 7072 struct cfg80211_registered_device *rdev, 7073 struct net_device *netdev, 7074 u32 pid, u32 seq, int flags, 7075 u32 cmd) 7076 { 7077 void *hdr; 7078 7079 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 7080 if (!hdr) 7081 return -1; 7082 7083 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7084 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7085 goto nla_put_failure; 7086 7087 /* ignore errors and send incomplete event anyway */ 7088 nl80211_add_scan_req(msg, rdev); 7089 7090 return genlmsg_end(msg, hdr); 7091 7092 nla_put_failure: 7093 genlmsg_cancel(msg, hdr); 7094 return -EMSGSIZE; 7095 } 7096 7097 static int 7098 nl80211_send_sched_scan_msg(struct sk_buff *msg, 7099 struct cfg80211_registered_device *rdev, 7100 struct net_device *netdev, 7101 u32 pid, u32 seq, int flags, u32 cmd) 7102 { 7103 void *hdr; 7104 7105 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 7106 if (!hdr) 7107 return -1; 7108 7109 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7110 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7111 goto nla_put_failure; 7112 7113 return genlmsg_end(msg, hdr); 7114 7115 nla_put_failure: 7116 genlmsg_cancel(msg, hdr); 7117 return -EMSGSIZE; 7118 } 7119 7120 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 7121 struct net_device *netdev) 7122 { 7123 struct sk_buff *msg; 7124 7125 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7126 if (!msg) 7127 return; 7128 7129 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7130 NL80211_CMD_TRIGGER_SCAN) < 0) { 7131 nlmsg_free(msg); 7132 return; 7133 } 7134 7135 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7136 nl80211_scan_mcgrp.id, GFP_KERNEL); 7137 } 7138 7139 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7140 struct net_device *netdev) 7141 { 7142 struct sk_buff *msg; 7143 7144 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7145 if (!msg) 7146 return; 7147 7148 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7149 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7150 nlmsg_free(msg); 7151 return; 7152 } 7153 7154 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7155 nl80211_scan_mcgrp.id, GFP_KERNEL); 7156 } 7157 7158 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7159 struct net_device *netdev) 7160 { 7161 struct sk_buff *msg; 7162 7163 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7164 if (!msg) 7165 return; 7166 7167 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7168 NL80211_CMD_SCAN_ABORTED) < 0) { 7169 nlmsg_free(msg); 7170 return; 7171 } 7172 7173 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7174 nl80211_scan_mcgrp.id, GFP_KERNEL); 7175 } 7176 7177 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 7178 struct net_device *netdev) 7179 { 7180 struct sk_buff *msg; 7181 7182 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7183 if (!msg) 7184 return; 7185 7186 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 7187 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 7188 nlmsg_free(msg); 7189 return; 7190 } 7191 7192 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7193 nl80211_scan_mcgrp.id, GFP_KERNEL); 7194 } 7195 7196 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 7197 struct net_device *netdev, u32 cmd) 7198 { 7199 struct sk_buff *msg; 7200 7201 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7202 if (!msg) 7203 return; 7204 7205 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 7206 nlmsg_free(msg); 7207 return; 7208 } 7209 7210 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7211 nl80211_scan_mcgrp.id, GFP_KERNEL); 7212 } 7213 7214 /* 7215 * This can happen on global regulatory changes or device specific settings 7216 * based on custom world regulatory domains. 7217 */ 7218 void nl80211_send_reg_change_event(struct regulatory_request *request) 7219 { 7220 struct sk_buff *msg; 7221 void *hdr; 7222 7223 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7224 if (!msg) 7225 return; 7226 7227 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 7228 if (!hdr) { 7229 nlmsg_free(msg); 7230 return; 7231 } 7232 7233 /* Userspace can always count this one always being set */ 7234 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator)) 7235 goto nla_put_failure; 7236 7237 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') { 7238 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7239 NL80211_REGDOM_TYPE_WORLD)) 7240 goto nla_put_failure; 7241 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') { 7242 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7243 NL80211_REGDOM_TYPE_CUSTOM_WORLD)) 7244 goto nla_put_failure; 7245 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 7246 request->intersect) { 7247 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7248 NL80211_REGDOM_TYPE_INTERSECTION)) 7249 goto nla_put_failure; 7250 } else { 7251 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE, 7252 NL80211_REGDOM_TYPE_COUNTRY) || 7253 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, 7254 request->alpha2)) 7255 goto nla_put_failure; 7256 } 7257 7258 if (wiphy_idx_valid(request->wiphy_idx) && 7259 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx)) 7260 goto nla_put_failure; 7261 7262 genlmsg_end(msg, hdr); 7263 7264 rcu_read_lock(); 7265 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7266 GFP_ATOMIC); 7267 rcu_read_unlock(); 7268 7269 return; 7270 7271 nla_put_failure: 7272 genlmsg_cancel(msg, hdr); 7273 nlmsg_free(msg); 7274 } 7275 7276 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 7277 struct net_device *netdev, 7278 const u8 *buf, size_t len, 7279 enum nl80211_commands cmd, gfp_t gfp) 7280 { 7281 struct sk_buff *msg; 7282 void *hdr; 7283 7284 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7285 if (!msg) 7286 return; 7287 7288 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7289 if (!hdr) { 7290 nlmsg_free(msg); 7291 return; 7292 } 7293 7294 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7295 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7296 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 7297 goto nla_put_failure; 7298 7299 genlmsg_end(msg, hdr); 7300 7301 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7302 nl80211_mlme_mcgrp.id, gfp); 7303 return; 7304 7305 nla_put_failure: 7306 genlmsg_cancel(msg, hdr); 7307 nlmsg_free(msg); 7308 } 7309 7310 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 7311 struct net_device *netdev, const u8 *buf, 7312 size_t len, gfp_t gfp) 7313 { 7314 nl80211_send_mlme_event(rdev, netdev, buf, len, 7315 NL80211_CMD_AUTHENTICATE, gfp); 7316 } 7317 7318 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 7319 struct net_device *netdev, const u8 *buf, 7320 size_t len, gfp_t gfp) 7321 { 7322 nl80211_send_mlme_event(rdev, netdev, buf, len, 7323 NL80211_CMD_ASSOCIATE, gfp); 7324 } 7325 7326 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 7327 struct net_device *netdev, const u8 *buf, 7328 size_t len, gfp_t gfp) 7329 { 7330 nl80211_send_mlme_event(rdev, netdev, buf, len, 7331 NL80211_CMD_DEAUTHENTICATE, gfp); 7332 } 7333 7334 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 7335 struct net_device *netdev, const u8 *buf, 7336 size_t len, gfp_t gfp) 7337 { 7338 nl80211_send_mlme_event(rdev, netdev, buf, len, 7339 NL80211_CMD_DISASSOCIATE, gfp); 7340 } 7341 7342 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 7343 struct net_device *netdev, const u8 *buf, 7344 size_t len, gfp_t gfp) 7345 { 7346 nl80211_send_mlme_event(rdev, netdev, buf, len, 7347 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 7348 } 7349 7350 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 7351 struct net_device *netdev, const u8 *buf, 7352 size_t len, gfp_t gfp) 7353 { 7354 nl80211_send_mlme_event(rdev, netdev, buf, len, 7355 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 7356 } 7357 7358 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 7359 struct net_device *netdev, int cmd, 7360 const u8 *addr, gfp_t gfp) 7361 { 7362 struct sk_buff *msg; 7363 void *hdr; 7364 7365 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7366 if (!msg) 7367 return; 7368 7369 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7370 if (!hdr) { 7371 nlmsg_free(msg); 7372 return; 7373 } 7374 7375 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7376 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7377 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) || 7378 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 7379 goto nla_put_failure; 7380 7381 genlmsg_end(msg, hdr); 7382 7383 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7384 nl80211_mlme_mcgrp.id, gfp); 7385 return; 7386 7387 nla_put_failure: 7388 genlmsg_cancel(msg, hdr); 7389 nlmsg_free(msg); 7390 } 7391 7392 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 7393 struct net_device *netdev, const u8 *addr, 7394 gfp_t gfp) 7395 { 7396 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 7397 addr, gfp); 7398 } 7399 7400 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 7401 struct net_device *netdev, const u8 *addr, 7402 gfp_t gfp) 7403 { 7404 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 7405 addr, gfp); 7406 } 7407 7408 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 7409 struct net_device *netdev, const u8 *bssid, 7410 const u8 *req_ie, size_t req_ie_len, 7411 const u8 *resp_ie, size_t resp_ie_len, 7412 u16 status, gfp_t gfp) 7413 { 7414 struct sk_buff *msg; 7415 void *hdr; 7416 7417 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7418 if (!msg) 7419 return; 7420 7421 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 7422 if (!hdr) { 7423 nlmsg_free(msg); 7424 return; 7425 } 7426 7427 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7428 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7429 (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) || 7430 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) || 7431 (req_ie && 7432 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 7433 (resp_ie && 7434 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 7435 goto nla_put_failure; 7436 7437 genlmsg_end(msg, hdr); 7438 7439 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7440 nl80211_mlme_mcgrp.id, gfp); 7441 return; 7442 7443 nla_put_failure: 7444 genlmsg_cancel(msg, hdr); 7445 nlmsg_free(msg); 7446 7447 } 7448 7449 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 7450 struct net_device *netdev, const u8 *bssid, 7451 const u8 *req_ie, size_t req_ie_len, 7452 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 7453 { 7454 struct sk_buff *msg; 7455 void *hdr; 7456 7457 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7458 if (!msg) 7459 return; 7460 7461 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 7462 if (!hdr) { 7463 nlmsg_free(msg); 7464 return; 7465 } 7466 7467 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7468 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7469 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) || 7470 (req_ie && 7471 nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) || 7472 (resp_ie && 7473 nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie))) 7474 goto nla_put_failure; 7475 7476 genlmsg_end(msg, hdr); 7477 7478 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7479 nl80211_mlme_mcgrp.id, gfp); 7480 return; 7481 7482 nla_put_failure: 7483 genlmsg_cancel(msg, hdr); 7484 nlmsg_free(msg); 7485 7486 } 7487 7488 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 7489 struct net_device *netdev, u16 reason, 7490 const u8 *ie, size_t ie_len, bool from_ap) 7491 { 7492 struct sk_buff *msg; 7493 void *hdr; 7494 7495 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7496 if (!msg) 7497 return; 7498 7499 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 7500 if (!hdr) { 7501 nlmsg_free(msg); 7502 return; 7503 } 7504 7505 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7506 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7507 (from_ap && reason && 7508 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) || 7509 (from_ap && 7510 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) || 7511 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) 7512 goto nla_put_failure; 7513 7514 genlmsg_end(msg, hdr); 7515 7516 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7517 nl80211_mlme_mcgrp.id, GFP_KERNEL); 7518 return; 7519 7520 nla_put_failure: 7521 genlmsg_cancel(msg, hdr); 7522 nlmsg_free(msg); 7523 7524 } 7525 7526 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 7527 struct net_device *netdev, const u8 *bssid, 7528 gfp_t gfp) 7529 { 7530 struct sk_buff *msg; 7531 void *hdr; 7532 7533 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7534 if (!msg) 7535 return; 7536 7537 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 7538 if (!hdr) { 7539 nlmsg_free(msg); 7540 return; 7541 } 7542 7543 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7544 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7545 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 7546 goto nla_put_failure; 7547 7548 genlmsg_end(msg, hdr); 7549 7550 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7551 nl80211_mlme_mcgrp.id, gfp); 7552 return; 7553 7554 nla_put_failure: 7555 genlmsg_cancel(msg, hdr); 7556 nlmsg_free(msg); 7557 } 7558 7559 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 7560 struct net_device *netdev, 7561 const u8 *macaddr, const u8* ie, u8 ie_len, 7562 gfp_t gfp) 7563 { 7564 struct sk_buff *msg; 7565 void *hdr; 7566 7567 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7568 if (!msg) 7569 return; 7570 7571 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 7572 if (!hdr) { 7573 nlmsg_free(msg); 7574 return; 7575 } 7576 7577 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7578 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7579 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) || 7580 (ie_len && ie && 7581 nla_put(msg, NL80211_ATTR_IE, ie_len , ie))) 7582 goto nla_put_failure; 7583 7584 genlmsg_end(msg, hdr); 7585 7586 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7587 nl80211_mlme_mcgrp.id, gfp); 7588 return; 7589 7590 nla_put_failure: 7591 genlmsg_cancel(msg, hdr); 7592 nlmsg_free(msg); 7593 } 7594 7595 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 7596 struct net_device *netdev, const u8 *addr, 7597 enum nl80211_key_type key_type, int key_id, 7598 const u8 *tsc, gfp_t gfp) 7599 { 7600 struct sk_buff *msg; 7601 void *hdr; 7602 7603 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7604 if (!msg) 7605 return; 7606 7607 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 7608 if (!hdr) { 7609 nlmsg_free(msg); 7610 return; 7611 } 7612 7613 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7614 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7615 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) || 7616 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) || 7617 (key_id != -1 && 7618 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) || 7619 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc))) 7620 goto nla_put_failure; 7621 7622 genlmsg_end(msg, hdr); 7623 7624 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7625 nl80211_mlme_mcgrp.id, gfp); 7626 return; 7627 7628 nla_put_failure: 7629 genlmsg_cancel(msg, hdr); 7630 nlmsg_free(msg); 7631 } 7632 7633 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 7634 struct ieee80211_channel *channel_before, 7635 struct ieee80211_channel *channel_after) 7636 { 7637 struct sk_buff *msg; 7638 void *hdr; 7639 struct nlattr *nl_freq; 7640 7641 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 7642 if (!msg) 7643 return; 7644 7645 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 7646 if (!hdr) { 7647 nlmsg_free(msg); 7648 return; 7649 } 7650 7651 /* 7652 * Since we are applying the beacon hint to a wiphy we know its 7653 * wiphy_idx is valid 7654 */ 7655 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy))) 7656 goto nla_put_failure; 7657 7658 /* Before */ 7659 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 7660 if (!nl_freq) 7661 goto nla_put_failure; 7662 if (nl80211_msg_put_channel(msg, channel_before)) 7663 goto nla_put_failure; 7664 nla_nest_end(msg, nl_freq); 7665 7666 /* After */ 7667 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 7668 if (!nl_freq) 7669 goto nla_put_failure; 7670 if (nl80211_msg_put_channel(msg, channel_after)) 7671 goto nla_put_failure; 7672 nla_nest_end(msg, nl_freq); 7673 7674 genlmsg_end(msg, hdr); 7675 7676 rcu_read_lock(); 7677 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7678 GFP_ATOMIC); 7679 rcu_read_unlock(); 7680 7681 return; 7682 7683 nla_put_failure: 7684 genlmsg_cancel(msg, hdr); 7685 nlmsg_free(msg); 7686 } 7687 7688 static void nl80211_send_remain_on_chan_event( 7689 int cmd, struct cfg80211_registered_device *rdev, 7690 struct net_device *netdev, u64 cookie, 7691 struct ieee80211_channel *chan, 7692 enum nl80211_channel_type channel_type, 7693 unsigned int duration, gfp_t gfp) 7694 { 7695 struct sk_buff *msg; 7696 void *hdr; 7697 7698 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7699 if (!msg) 7700 return; 7701 7702 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7703 if (!hdr) { 7704 nlmsg_free(msg); 7705 return; 7706 } 7707 7708 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7709 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7710 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) || 7711 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type) || 7712 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) 7713 goto nla_put_failure; 7714 7715 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL && 7716 nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) 7717 goto nla_put_failure; 7718 7719 genlmsg_end(msg, hdr); 7720 7721 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7722 nl80211_mlme_mcgrp.id, gfp); 7723 return; 7724 7725 nla_put_failure: 7726 genlmsg_cancel(msg, hdr); 7727 nlmsg_free(msg); 7728 } 7729 7730 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 7731 struct net_device *netdev, u64 cookie, 7732 struct ieee80211_channel *chan, 7733 enum nl80211_channel_type channel_type, 7734 unsigned int duration, gfp_t gfp) 7735 { 7736 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 7737 rdev, netdev, cookie, chan, 7738 channel_type, duration, gfp); 7739 } 7740 7741 void nl80211_send_remain_on_channel_cancel( 7742 struct cfg80211_registered_device *rdev, struct net_device *netdev, 7743 u64 cookie, struct ieee80211_channel *chan, 7744 enum nl80211_channel_type channel_type, gfp_t gfp) 7745 { 7746 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 7747 rdev, netdev, cookie, chan, 7748 channel_type, 0, gfp); 7749 } 7750 7751 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 7752 struct net_device *dev, const u8 *mac_addr, 7753 struct station_info *sinfo, gfp_t gfp) 7754 { 7755 struct sk_buff *msg; 7756 7757 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7758 if (!msg) 7759 return; 7760 7761 if (nl80211_send_station(msg, 0, 0, 0, 7762 rdev, dev, mac_addr, sinfo) < 0) { 7763 nlmsg_free(msg); 7764 return; 7765 } 7766 7767 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7768 nl80211_mlme_mcgrp.id, gfp); 7769 } 7770 7771 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 7772 struct net_device *dev, const u8 *mac_addr, 7773 gfp_t gfp) 7774 { 7775 struct sk_buff *msg; 7776 void *hdr; 7777 7778 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7779 if (!msg) 7780 return; 7781 7782 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 7783 if (!hdr) { 7784 nlmsg_free(msg); 7785 return; 7786 } 7787 7788 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7789 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr)) 7790 goto nla_put_failure; 7791 7792 genlmsg_end(msg, hdr); 7793 7794 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7795 nl80211_mlme_mcgrp.id, gfp); 7796 return; 7797 7798 nla_put_failure: 7799 genlmsg_cancel(msg, hdr); 7800 nlmsg_free(msg); 7801 } 7802 7803 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 7804 const u8 *addr, gfp_t gfp) 7805 { 7806 struct wireless_dev *wdev = dev->ieee80211_ptr; 7807 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 7808 struct sk_buff *msg; 7809 void *hdr; 7810 int err; 7811 u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid); 7812 7813 if (!nlpid) 7814 return false; 7815 7816 msg = nlmsg_new(100, gfp); 7817 if (!msg) 7818 return true; 7819 7820 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7821 if (!hdr) { 7822 nlmsg_free(msg); 7823 return true; 7824 } 7825 7826 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7827 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 7828 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) 7829 goto nla_put_failure; 7830 7831 err = genlmsg_end(msg, hdr); 7832 if (err < 0) { 7833 nlmsg_free(msg); 7834 return true; 7835 } 7836 7837 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7838 return true; 7839 7840 nla_put_failure: 7841 genlmsg_cancel(msg, hdr); 7842 nlmsg_free(msg); 7843 return true; 7844 } 7845 7846 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 7847 { 7848 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 7849 addr, gfp); 7850 } 7851 7852 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 7853 const u8 *addr, gfp_t gfp) 7854 { 7855 return __nl80211_unexpected_frame(dev, 7856 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 7857 addr, gfp); 7858 } 7859 7860 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 7861 struct net_device *netdev, u32 nlpid, 7862 int freq, int sig_dbm, 7863 const u8 *buf, size_t len, gfp_t gfp) 7864 { 7865 struct sk_buff *msg; 7866 void *hdr; 7867 7868 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7869 if (!msg) 7870 return -ENOMEM; 7871 7872 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 7873 if (!hdr) { 7874 nlmsg_free(msg); 7875 return -ENOMEM; 7876 } 7877 7878 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7879 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7880 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 7881 (sig_dbm && 7882 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 7883 nla_put(msg, NL80211_ATTR_FRAME, len, buf)) 7884 goto nla_put_failure; 7885 7886 genlmsg_end(msg, hdr); 7887 7888 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7889 7890 nla_put_failure: 7891 genlmsg_cancel(msg, hdr); 7892 nlmsg_free(msg); 7893 return -ENOBUFS; 7894 } 7895 7896 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 7897 struct net_device *netdev, u64 cookie, 7898 const u8 *buf, size_t len, bool ack, 7899 gfp_t gfp) 7900 { 7901 struct sk_buff *msg; 7902 void *hdr; 7903 7904 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7905 if (!msg) 7906 return; 7907 7908 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 7909 if (!hdr) { 7910 nlmsg_free(msg); 7911 return; 7912 } 7913 7914 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7915 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7916 nla_put(msg, NL80211_ATTR_FRAME, len, buf) || 7917 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 7918 (ack && nla_put_flag(msg, NL80211_ATTR_ACK))) 7919 goto nla_put_failure; 7920 7921 genlmsg_end(msg, hdr); 7922 7923 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 7924 return; 7925 7926 nla_put_failure: 7927 genlmsg_cancel(msg, hdr); 7928 nlmsg_free(msg); 7929 } 7930 7931 void 7932 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 7933 struct net_device *netdev, 7934 enum nl80211_cqm_rssi_threshold_event rssi_event, 7935 gfp_t gfp) 7936 { 7937 struct sk_buff *msg; 7938 struct nlattr *pinfoattr; 7939 void *hdr; 7940 7941 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7942 if (!msg) 7943 return; 7944 7945 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 7946 if (!hdr) { 7947 nlmsg_free(msg); 7948 return; 7949 } 7950 7951 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7952 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 7953 goto nla_put_failure; 7954 7955 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 7956 if (!pinfoattr) 7957 goto nla_put_failure; 7958 7959 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 7960 rssi_event)) 7961 goto nla_put_failure; 7962 7963 nla_nest_end(msg, pinfoattr); 7964 7965 genlmsg_end(msg, hdr); 7966 7967 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7968 nl80211_mlme_mcgrp.id, gfp); 7969 return; 7970 7971 nla_put_failure: 7972 genlmsg_cancel(msg, hdr); 7973 nlmsg_free(msg); 7974 } 7975 7976 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 7977 struct net_device *netdev, const u8 *bssid, 7978 const u8 *replay_ctr, gfp_t gfp) 7979 { 7980 struct sk_buff *msg; 7981 struct nlattr *rekey_attr; 7982 void *hdr; 7983 7984 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7985 if (!msg) 7986 return; 7987 7988 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 7989 if (!hdr) { 7990 nlmsg_free(msg); 7991 return; 7992 } 7993 7994 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 7995 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 7996 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) 7997 goto nla_put_failure; 7998 7999 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 8000 if (!rekey_attr) 8001 goto nla_put_failure; 8002 8003 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, 8004 NL80211_REPLAY_CTR_LEN, replay_ctr)) 8005 goto nla_put_failure; 8006 8007 nla_nest_end(msg, rekey_attr); 8008 8009 genlmsg_end(msg, hdr); 8010 8011 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8012 nl80211_mlme_mcgrp.id, gfp); 8013 return; 8014 8015 nla_put_failure: 8016 genlmsg_cancel(msg, hdr); 8017 nlmsg_free(msg); 8018 } 8019 8020 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 8021 struct net_device *netdev, int index, 8022 const u8 *bssid, bool preauth, gfp_t gfp) 8023 { 8024 struct sk_buff *msg; 8025 struct nlattr *attr; 8026 void *hdr; 8027 8028 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8029 if (!msg) 8030 return; 8031 8032 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 8033 if (!hdr) { 8034 nlmsg_free(msg); 8035 return; 8036 } 8037 8038 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8039 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex)) 8040 goto nla_put_failure; 8041 8042 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 8043 if (!attr) 8044 goto nla_put_failure; 8045 8046 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) || 8047 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) || 8048 (preauth && 8049 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH))) 8050 goto nla_put_failure; 8051 8052 nla_nest_end(msg, attr); 8053 8054 genlmsg_end(msg, hdr); 8055 8056 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8057 nl80211_mlme_mcgrp.id, gfp); 8058 return; 8059 8060 nla_put_failure: 8061 genlmsg_cancel(msg, hdr); 8062 nlmsg_free(msg); 8063 } 8064 8065 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev, 8066 struct net_device *netdev, int freq, 8067 enum nl80211_channel_type type, gfp_t gfp) 8068 { 8069 struct sk_buff *msg; 8070 void *hdr; 8071 8072 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8073 if (!msg) 8074 return; 8075 8076 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY); 8077 if (!hdr) { 8078 nlmsg_free(msg); 8079 return; 8080 } 8081 8082 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8083 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) || 8084 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, type)) 8085 goto nla_put_failure; 8086 8087 genlmsg_end(msg, hdr); 8088 8089 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8090 nl80211_mlme_mcgrp.id, gfp); 8091 return; 8092 8093 nla_put_failure: 8094 genlmsg_cancel(msg, hdr); 8095 nlmsg_free(msg); 8096 } 8097 8098 void 8099 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 8100 struct net_device *netdev, const u8 *peer, 8101 u32 num_packets, gfp_t gfp) 8102 { 8103 struct sk_buff *msg; 8104 struct nlattr *pinfoattr; 8105 void *hdr; 8106 8107 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8108 if (!msg) 8109 return; 8110 8111 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 8112 if (!hdr) { 8113 nlmsg_free(msg); 8114 return; 8115 } 8116 8117 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8118 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) || 8119 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) 8120 goto nla_put_failure; 8121 8122 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 8123 if (!pinfoattr) 8124 goto nla_put_failure; 8125 8126 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets)) 8127 goto nla_put_failure; 8128 8129 nla_nest_end(msg, pinfoattr); 8130 8131 genlmsg_end(msg, hdr); 8132 8133 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8134 nl80211_mlme_mcgrp.id, gfp); 8135 return; 8136 8137 nla_put_failure: 8138 genlmsg_cancel(msg, hdr); 8139 nlmsg_free(msg); 8140 } 8141 8142 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 8143 u64 cookie, bool acked, gfp_t gfp) 8144 { 8145 struct wireless_dev *wdev = dev->ieee80211_ptr; 8146 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 8147 struct sk_buff *msg; 8148 void *hdr; 8149 int err; 8150 8151 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 8152 if (!msg) 8153 return; 8154 8155 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 8156 if (!hdr) { 8157 nlmsg_free(msg); 8158 return; 8159 } 8160 8161 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8162 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) || 8163 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || 8164 nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) || 8165 (acked && nla_put_flag(msg, NL80211_ATTR_ACK))) 8166 goto nla_put_failure; 8167 8168 err = genlmsg_end(msg, hdr); 8169 if (err < 0) { 8170 nlmsg_free(msg); 8171 return; 8172 } 8173 8174 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 8175 nl80211_mlme_mcgrp.id, gfp); 8176 return; 8177 8178 nla_put_failure: 8179 genlmsg_cancel(msg, hdr); 8180 nlmsg_free(msg); 8181 } 8182 EXPORT_SYMBOL(cfg80211_probe_status); 8183 8184 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 8185 const u8 *frame, size_t len, 8186 int freq, int sig_dbm, gfp_t gfp) 8187 { 8188 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 8189 struct sk_buff *msg; 8190 void *hdr; 8191 u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid); 8192 8193 if (!nlpid) 8194 return; 8195 8196 msg = nlmsg_new(len + 100, gfp); 8197 if (!msg) 8198 return; 8199 8200 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8201 if (!hdr) { 8202 nlmsg_free(msg); 8203 return; 8204 } 8205 8206 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) || 8207 (freq && 8208 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) || 8209 (sig_dbm && 8210 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) || 8211 nla_put(msg, NL80211_ATTR_FRAME, len, frame)) 8212 goto nla_put_failure; 8213 8214 genlmsg_end(msg, hdr); 8215 8216 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 8217 return; 8218 8219 nla_put_failure: 8220 genlmsg_cancel(msg, hdr); 8221 nlmsg_free(msg); 8222 } 8223 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 8224 8225 static int nl80211_netlink_notify(struct notifier_block * nb, 8226 unsigned long state, 8227 void *_notify) 8228 { 8229 struct netlink_notify *notify = _notify; 8230 struct cfg80211_registered_device *rdev; 8231 struct wireless_dev *wdev; 8232 8233 if (state != NETLINK_URELEASE) 8234 return NOTIFY_DONE; 8235 8236 rcu_read_lock(); 8237 8238 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8239 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 8240 cfg80211_mlme_unregister_socket(wdev, notify->pid); 8241 if (rdev->ap_beacons_nlpid == notify->pid) 8242 rdev->ap_beacons_nlpid = 0; 8243 } 8244 8245 rcu_read_unlock(); 8246 8247 return NOTIFY_DONE; 8248 } 8249 8250 static struct notifier_block nl80211_netlink_notifier = { 8251 .notifier_call = nl80211_netlink_notify, 8252 }; 8253 8254 /* initialisation/exit functions */ 8255 8256 int nl80211_init(void) 8257 { 8258 int err; 8259 8260 err = genl_register_family_with_ops(&nl80211_fam, 8261 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 8262 if (err) 8263 return err; 8264 8265 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 8266 if (err) 8267 goto err_out; 8268 8269 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 8270 if (err) 8271 goto err_out; 8272 8273 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 8274 if (err) 8275 goto err_out; 8276 8277 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 8278 if (err) 8279 goto err_out; 8280 8281 #ifdef CONFIG_NL80211_TESTMODE 8282 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 8283 if (err) 8284 goto err_out; 8285 #endif 8286 8287 err = netlink_register_notifier(&nl80211_netlink_notifier); 8288 if (err) 8289 goto err_out; 8290 8291 return 0; 8292 err_out: 8293 genl_unregister_family(&nl80211_fam); 8294 return err; 8295 } 8296 8297 void nl80211_exit(void) 8298 { 8299 netlink_unregister_notifier(&nl80211_netlink_notifier); 8300 genl_unregister_family(&nl80211_fam); 8301 } 8302