1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type); 27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 28 struct genl_info *info, 29 struct cfg80211_crypto_settings *settings, 30 int cipher_limit); 31 32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 33 struct genl_info *info); 34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 35 struct genl_info *info); 36 37 /* the netlink family */ 38 static struct genl_family nl80211_fam = { 39 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 40 .name = "nl80211", /* have users key off the name instead */ 41 .hdrsize = 0, /* no private header */ 42 .version = 1, /* no particular meaning now */ 43 .maxattr = NL80211_ATTR_MAX, 44 .netnsok = true, 45 .pre_doit = nl80211_pre_doit, 46 .post_doit = nl80211_post_doit, 47 }; 48 49 /* internal helper: get rdev and dev */ 50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs, 51 struct cfg80211_registered_device **rdev, 52 struct net_device **dev) 53 { 54 int ifindex; 55 56 if (!attrs[NL80211_ATTR_IFINDEX]) 57 return -EINVAL; 58 59 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 60 *dev = dev_get_by_index(netns, ifindex); 61 if (!*dev) 62 return -ENODEV; 63 64 *rdev = cfg80211_get_dev_from_ifindex(netns, ifindex); 65 if (IS_ERR(*rdev)) { 66 dev_put(*dev); 67 return PTR_ERR(*rdev); 68 } 69 70 return 0; 71 } 72 73 /* policy for the attributes */ 74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 75 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 76 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 77 .len = 20-1 }, 78 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 79 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 80 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 81 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 82 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 83 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 84 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 85 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 86 87 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 88 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 89 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 90 91 [NL80211_ATTR_MAC] = { .len = ETH_ALEN }, 92 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN }, 93 94 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 95 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 96 .len = WLAN_MAX_KEY_LEN }, 97 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 98 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 99 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 100 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 101 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 }, 102 103 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 104 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 105 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 106 .len = IEEE80211_MAX_DATA_LEN }, 107 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 108 .len = IEEE80211_MAX_DATA_LEN }, 109 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 110 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 111 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 112 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 113 .len = NL80211_MAX_SUPP_RATES }, 114 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 115 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 116 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 117 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 118 .len = IEEE80211_MAX_MESH_ID_LEN }, 119 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 120 121 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 122 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 123 124 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 125 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 126 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 127 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 128 .len = NL80211_MAX_SUPP_RATES }, 129 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 }, 130 131 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED }, 132 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG }, 133 134 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN }, 135 136 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 137 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 138 .len = IEEE80211_MAX_DATA_LEN }, 139 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 140 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 141 142 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 143 .len = IEEE80211_MAX_SSID_LEN }, 144 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 145 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 146 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 147 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 148 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 149 [NL80211_ATTR_STA_FLAGS2] = { 150 .len = sizeof(struct nl80211_sta_flag_update), 151 }, 152 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 153 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 }, 154 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 156 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 157 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 158 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 159 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 160 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 161 .len = WLAN_PMKID_LEN }, 162 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 163 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 164 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 165 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 166 .len = IEEE80211_MAX_DATA_LEN }, 167 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 168 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 169 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 170 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 171 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 172 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 173 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 174 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 }, 175 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 }, 176 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 }, 177 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 }, 178 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG }, 179 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 180 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, 181 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 }, 182 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, 183 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED }, 184 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED }, 185 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 }, 186 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY, 187 .len = IEEE80211_MAX_DATA_LEN }, 188 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY, 189 .len = IEEE80211_MAX_DATA_LEN }, 190 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG }, 191 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED }, 192 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG }, 193 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 }, 194 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 }, 195 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 }, 196 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG }, 197 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG }, 198 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG }, 199 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY, 200 .len = IEEE80211_MAX_DATA_LEN }, 201 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 }, 202 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG }, 203 [NL80211_ATTR_HT_CAPABILITY_MASK] = { 204 .len = NL80211_HT_CAPABILITY_LEN 205 }, 206 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 }, 207 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 }, 208 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, 209 }; 210 211 /* policy for the key attributes */ 212 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 213 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 214 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 215 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 216 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 }, 217 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 218 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 219 [NL80211_KEY_TYPE] = { .type = NLA_U32 }, 220 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, 221 }; 222 223 /* policy for the key default flags */ 224 static const struct nla_policy 225 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = { 226 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG }, 227 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG }, 228 }; 229 230 /* policy for WoWLAN attributes */ 231 static const struct nla_policy 232 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = { 233 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG }, 234 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG }, 235 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG }, 236 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED }, 237 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG }, 238 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG }, 239 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG }, 240 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG }, 241 }; 242 243 /* policy for GTK rekey offload attributes */ 244 static const struct nla_policy 245 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = { 246 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN }, 247 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN }, 248 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN }, 249 }; 250 251 static const struct nla_policy 252 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = { 253 [NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY, 254 .len = IEEE80211_MAX_SSID_LEN }, 255 }; 256 257 /* ifidx get helper */ 258 static int nl80211_get_ifidx(struct netlink_callback *cb) 259 { 260 int res; 261 262 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 263 nl80211_fam.attrbuf, nl80211_fam.maxattr, 264 nl80211_policy); 265 if (res) 266 return res; 267 268 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 269 return -EINVAL; 270 271 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 272 if (!res) 273 return -EINVAL; 274 return res; 275 } 276 277 static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 278 struct netlink_callback *cb, 279 struct cfg80211_registered_device **rdev, 280 struct net_device **dev) 281 { 282 int ifidx = cb->args[0]; 283 int err; 284 285 if (!ifidx) 286 ifidx = nl80211_get_ifidx(cb); 287 if (ifidx < 0) 288 return ifidx; 289 290 cb->args[0] = ifidx; 291 292 rtnl_lock(); 293 294 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 295 if (!*dev) { 296 err = -ENODEV; 297 goto out_rtnl; 298 } 299 300 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 301 if (IS_ERR(*rdev)) { 302 err = PTR_ERR(*rdev); 303 goto out_rtnl; 304 } 305 306 return 0; 307 out_rtnl: 308 rtnl_unlock(); 309 return err; 310 } 311 312 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 313 { 314 cfg80211_unlock_rdev(rdev); 315 rtnl_unlock(); 316 } 317 318 /* IE validation */ 319 static bool is_valid_ie_attr(const struct nlattr *attr) 320 { 321 const u8 *pos; 322 int len; 323 324 if (!attr) 325 return true; 326 327 pos = nla_data(attr); 328 len = nla_len(attr); 329 330 while (len) { 331 u8 elemlen; 332 333 if (len < 2) 334 return false; 335 len -= 2; 336 337 elemlen = pos[1]; 338 if (elemlen > len) 339 return false; 340 341 len -= elemlen; 342 pos += 2 + elemlen; 343 } 344 345 return true; 346 } 347 348 /* message building helper */ 349 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 350 int flags, u8 cmd) 351 { 352 /* since there is no private header just add the generic one */ 353 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 354 } 355 356 static int nl80211_msg_put_channel(struct sk_buff *msg, 357 struct ieee80211_channel *chan) 358 { 359 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 360 chan->center_freq); 361 362 if (chan->flags & IEEE80211_CHAN_DISABLED) 363 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 364 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 365 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 366 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 367 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 368 if (chan->flags & IEEE80211_CHAN_RADAR) 369 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 370 371 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 372 DBM_TO_MBM(chan->max_power)); 373 374 return 0; 375 376 nla_put_failure: 377 return -ENOBUFS; 378 } 379 380 /* netlink command implementations */ 381 382 struct key_parse { 383 struct key_params p; 384 int idx; 385 int type; 386 bool def, defmgmt; 387 bool def_uni, def_multi; 388 }; 389 390 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 391 { 392 struct nlattr *tb[NL80211_KEY_MAX + 1]; 393 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 394 nl80211_key_policy); 395 if (err) 396 return err; 397 398 k->def = !!tb[NL80211_KEY_DEFAULT]; 399 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 400 401 if (k->def) { 402 k->def_uni = true; 403 k->def_multi = true; 404 } 405 if (k->defmgmt) 406 k->def_multi = true; 407 408 if (tb[NL80211_KEY_IDX]) 409 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 410 411 if (tb[NL80211_KEY_DATA]) { 412 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 413 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 414 } 415 416 if (tb[NL80211_KEY_SEQ]) { 417 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 418 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 419 } 420 421 if (tb[NL80211_KEY_CIPHER]) 422 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 423 424 if (tb[NL80211_KEY_TYPE]) { 425 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]); 426 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 427 return -EINVAL; 428 } 429 430 if (tb[NL80211_KEY_DEFAULT_TYPES]) { 431 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 432 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 433 tb[NL80211_KEY_DEFAULT_TYPES], 434 nl80211_key_default_policy); 435 if (err) 436 return err; 437 438 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 439 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 440 } 441 442 return 0; 443 } 444 445 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 446 { 447 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 448 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 449 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 450 } 451 452 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 453 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 454 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 455 } 456 457 if (info->attrs[NL80211_ATTR_KEY_IDX]) 458 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 459 460 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 461 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 462 463 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 464 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 465 466 if (k->def) { 467 k->def_uni = true; 468 k->def_multi = true; 469 } 470 if (k->defmgmt) 471 k->def_multi = true; 472 473 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 474 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 475 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) 476 return -EINVAL; 477 } 478 479 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) { 480 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES]; 481 int err = nla_parse_nested( 482 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1, 483 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES], 484 nl80211_key_default_policy); 485 if (err) 486 return err; 487 488 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST]; 489 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST]; 490 } 491 492 return 0; 493 } 494 495 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 496 { 497 int err; 498 499 memset(k, 0, sizeof(*k)); 500 k->idx = -1; 501 k->type = -1; 502 503 if (info->attrs[NL80211_ATTR_KEY]) 504 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 505 else 506 err = nl80211_parse_key_old(info, k); 507 508 if (err) 509 return err; 510 511 if (k->def && k->defmgmt) 512 return -EINVAL; 513 514 if (k->defmgmt) { 515 if (k->def_uni || !k->def_multi) 516 return -EINVAL; 517 } 518 519 if (k->idx != -1) { 520 if (k->defmgmt) { 521 if (k->idx < 4 || k->idx > 5) 522 return -EINVAL; 523 } else if (k->def) { 524 if (k->idx < 0 || k->idx > 3) 525 return -EINVAL; 526 } else { 527 if (k->idx < 0 || k->idx > 5) 528 return -EINVAL; 529 } 530 } 531 532 return 0; 533 } 534 535 static struct cfg80211_cached_keys * 536 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 537 struct nlattr *keys) 538 { 539 struct key_parse parse; 540 struct nlattr *key; 541 struct cfg80211_cached_keys *result; 542 int rem, err, def = 0; 543 544 result = kzalloc(sizeof(*result), GFP_KERNEL); 545 if (!result) 546 return ERR_PTR(-ENOMEM); 547 548 result->def = -1; 549 result->defmgmt = -1; 550 551 nla_for_each_nested(key, keys, rem) { 552 memset(&parse, 0, sizeof(parse)); 553 parse.idx = -1; 554 555 err = nl80211_parse_key_new(key, &parse); 556 if (err) 557 goto error; 558 err = -EINVAL; 559 if (!parse.p.key) 560 goto error; 561 if (parse.idx < 0 || parse.idx > 4) 562 goto error; 563 if (parse.def) { 564 if (def) 565 goto error; 566 def = 1; 567 result->def = parse.idx; 568 if (!parse.def_uni || !parse.def_multi) 569 goto error; 570 } else if (parse.defmgmt) 571 goto error; 572 err = cfg80211_validate_key_settings(rdev, &parse.p, 573 parse.idx, false, NULL); 574 if (err) 575 goto error; 576 result->params[parse.idx].cipher = parse.p.cipher; 577 result->params[parse.idx].key_len = parse.p.key_len; 578 result->params[parse.idx].key = result->data[parse.idx]; 579 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 580 } 581 582 return result; 583 error: 584 kfree(result); 585 return ERR_PTR(err); 586 } 587 588 static int nl80211_key_allowed(struct wireless_dev *wdev) 589 { 590 ASSERT_WDEV_LOCK(wdev); 591 592 switch (wdev->iftype) { 593 case NL80211_IFTYPE_AP: 594 case NL80211_IFTYPE_AP_VLAN: 595 case NL80211_IFTYPE_P2P_GO: 596 case NL80211_IFTYPE_MESH_POINT: 597 break; 598 case NL80211_IFTYPE_ADHOC: 599 if (!wdev->current_bss) 600 return -ENOLINK; 601 break; 602 case NL80211_IFTYPE_STATION: 603 case NL80211_IFTYPE_P2P_CLIENT: 604 if (wdev->sme_state != CFG80211_SME_CONNECTED) 605 return -ENOLINK; 606 break; 607 default: 608 return -EINVAL; 609 } 610 611 return 0; 612 } 613 614 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes) 615 { 616 struct nlattr *nl_modes = nla_nest_start(msg, attr); 617 int i; 618 619 if (!nl_modes) 620 goto nla_put_failure; 621 622 i = 0; 623 while (ifmodes) { 624 if (ifmodes & 1) 625 NLA_PUT_FLAG(msg, i); 626 ifmodes >>= 1; 627 i++; 628 } 629 630 nla_nest_end(msg, nl_modes); 631 return 0; 632 633 nla_put_failure: 634 return -ENOBUFS; 635 } 636 637 static int nl80211_put_iface_combinations(struct wiphy *wiphy, 638 struct sk_buff *msg) 639 { 640 struct nlattr *nl_combis; 641 int i, j; 642 643 nl_combis = nla_nest_start(msg, 644 NL80211_ATTR_INTERFACE_COMBINATIONS); 645 if (!nl_combis) 646 goto nla_put_failure; 647 648 for (i = 0; i < wiphy->n_iface_combinations; i++) { 649 const struct ieee80211_iface_combination *c; 650 struct nlattr *nl_combi, *nl_limits; 651 652 c = &wiphy->iface_combinations[i]; 653 654 nl_combi = nla_nest_start(msg, i + 1); 655 if (!nl_combi) 656 goto nla_put_failure; 657 658 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS); 659 if (!nl_limits) 660 goto nla_put_failure; 661 662 for (j = 0; j < c->n_limits; j++) { 663 struct nlattr *nl_limit; 664 665 nl_limit = nla_nest_start(msg, j + 1); 666 if (!nl_limit) 667 goto nla_put_failure; 668 NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX, 669 c->limits[j].max); 670 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES, 671 c->limits[j].types)) 672 goto nla_put_failure; 673 nla_nest_end(msg, nl_limit); 674 } 675 676 nla_nest_end(msg, nl_limits); 677 678 if (c->beacon_int_infra_match) 679 NLA_PUT_FLAG(msg, 680 NL80211_IFACE_COMB_STA_AP_BI_MATCH); 681 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS, 682 c->num_different_channels); 683 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM, 684 c->max_interfaces); 685 686 nla_nest_end(msg, nl_combi); 687 } 688 689 nla_nest_end(msg, nl_combis); 690 691 return 0; 692 nla_put_failure: 693 return -ENOBUFS; 694 } 695 696 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 697 struct cfg80211_registered_device *dev) 698 { 699 void *hdr; 700 struct nlattr *nl_bands, *nl_band; 701 struct nlattr *nl_freqs, *nl_freq; 702 struct nlattr *nl_rates, *nl_rate; 703 struct nlattr *nl_cmds; 704 enum ieee80211_band band; 705 struct ieee80211_channel *chan; 706 struct ieee80211_rate *rate; 707 int i; 708 const struct ieee80211_txrx_stypes *mgmt_stypes = 709 dev->wiphy.mgmt_stypes; 710 711 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 712 if (!hdr) 713 return -1; 714 715 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 716 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 717 718 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 719 cfg80211_rdev_list_generation); 720 721 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 722 dev->wiphy.retry_short); 723 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 724 dev->wiphy.retry_long); 725 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 726 dev->wiphy.frag_threshold); 727 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 728 dev->wiphy.rts_threshold); 729 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 730 dev->wiphy.coverage_class); 731 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 732 dev->wiphy.max_scan_ssids); 733 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS, 734 dev->wiphy.max_sched_scan_ssids); 735 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 736 dev->wiphy.max_scan_ie_len); 737 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN, 738 dev->wiphy.max_sched_scan_ie_len); 739 NLA_PUT_U8(msg, NL80211_ATTR_MAX_MATCH_SETS, 740 dev->wiphy.max_match_sets); 741 742 if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) 743 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN); 744 if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) 745 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH); 746 if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) 747 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD); 748 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) 749 NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT); 750 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) 751 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT); 752 if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) 753 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP); 754 755 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 756 sizeof(u32) * dev->wiphy.n_cipher_suites, 757 dev->wiphy.cipher_suites); 758 759 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 760 dev->wiphy.max_num_pmkids); 761 762 if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) 763 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE); 764 765 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX, 766 dev->wiphy.available_antennas_tx); 767 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX, 768 dev->wiphy.available_antennas_rx); 769 770 if (dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) 771 NLA_PUT_U32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD, 772 dev->wiphy.probe_resp_offload); 773 774 if ((dev->wiphy.available_antennas_tx || 775 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) { 776 u32 tx_ant = 0, rx_ant = 0; 777 int res; 778 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant); 779 if (!res) { 780 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant); 781 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant); 782 } 783 } 784 785 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES, 786 dev->wiphy.interface_modes)) 787 goto nla_put_failure; 788 789 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 790 if (!nl_bands) 791 goto nla_put_failure; 792 793 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 794 if (!dev->wiphy.bands[band]) 795 continue; 796 797 nl_band = nla_nest_start(msg, band); 798 if (!nl_band) 799 goto nla_put_failure; 800 801 /* add HT info */ 802 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 803 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 804 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 805 &dev->wiphy.bands[band]->ht_cap.mcs); 806 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 807 dev->wiphy.bands[band]->ht_cap.cap); 808 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 809 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 810 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 811 dev->wiphy.bands[band]->ht_cap.ampdu_density); 812 } 813 814 /* add frequencies */ 815 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 816 if (!nl_freqs) 817 goto nla_put_failure; 818 819 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 820 nl_freq = nla_nest_start(msg, i); 821 if (!nl_freq) 822 goto nla_put_failure; 823 824 chan = &dev->wiphy.bands[band]->channels[i]; 825 826 if (nl80211_msg_put_channel(msg, chan)) 827 goto nla_put_failure; 828 829 nla_nest_end(msg, nl_freq); 830 } 831 832 nla_nest_end(msg, nl_freqs); 833 834 /* add bitrates */ 835 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 836 if (!nl_rates) 837 goto nla_put_failure; 838 839 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 840 nl_rate = nla_nest_start(msg, i); 841 if (!nl_rate) 842 goto nla_put_failure; 843 844 rate = &dev->wiphy.bands[band]->bitrates[i]; 845 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 846 rate->bitrate); 847 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 848 NLA_PUT_FLAG(msg, 849 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 850 851 nla_nest_end(msg, nl_rate); 852 } 853 854 nla_nest_end(msg, nl_rates); 855 856 nla_nest_end(msg, nl_band); 857 } 858 nla_nest_end(msg, nl_bands); 859 860 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 861 if (!nl_cmds) 862 goto nla_put_failure; 863 864 i = 0; 865 #define CMD(op, n) \ 866 do { \ 867 if (dev->ops->op) { \ 868 i++; \ 869 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 870 } \ 871 } while (0) 872 873 CMD(add_virtual_intf, NEW_INTERFACE); 874 CMD(change_virtual_intf, SET_INTERFACE); 875 CMD(add_key, NEW_KEY); 876 CMD(start_ap, START_AP); 877 CMD(add_station, NEW_STATION); 878 CMD(add_mpath, NEW_MPATH); 879 CMD(update_mesh_config, SET_MESH_CONFIG); 880 CMD(change_bss, SET_BSS); 881 CMD(auth, AUTHENTICATE); 882 CMD(assoc, ASSOCIATE); 883 CMD(deauth, DEAUTHENTICATE); 884 CMD(disassoc, DISASSOCIATE); 885 CMD(join_ibss, JOIN_IBSS); 886 CMD(join_mesh, JOIN_MESH); 887 CMD(set_pmksa, SET_PMKSA); 888 CMD(del_pmksa, DEL_PMKSA); 889 CMD(flush_pmksa, FLUSH_PMKSA); 890 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 891 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 892 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 893 CMD(mgmt_tx, FRAME); 894 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL); 895 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 896 i++; 897 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 898 } 899 CMD(set_channel, SET_CHANNEL); 900 CMD(set_wds_peer, SET_WDS_PEER); 901 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) { 902 CMD(tdls_mgmt, TDLS_MGMT); 903 CMD(tdls_oper, TDLS_OPER); 904 } 905 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) 906 CMD(sched_scan_start, START_SCHED_SCAN); 907 CMD(probe_client, PROBE_CLIENT); 908 CMD(set_noack_map, SET_NOACK_MAP); 909 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) { 910 i++; 911 NLA_PUT_U32(msg, i, NL80211_CMD_REGISTER_BEACONS); 912 } 913 914 #ifdef CONFIG_NL80211_TESTMODE 915 CMD(testmode_cmd, TESTMODE); 916 #endif 917 918 #undef CMD 919 920 if (dev->ops->connect || dev->ops->auth) { 921 i++; 922 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 923 } 924 925 if (dev->ops->disconnect || dev->ops->deauth) { 926 i++; 927 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 928 } 929 930 nla_nest_end(msg, nl_cmds); 931 932 if (dev->ops->remain_on_channel && 933 dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) 934 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION, 935 dev->wiphy.max_remain_on_channel_duration); 936 937 if (dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) 938 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 939 940 if (mgmt_stypes) { 941 u16 stypes; 942 struct nlattr *nl_ftypes, *nl_ifs; 943 enum nl80211_iftype ift; 944 945 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES); 946 if (!nl_ifs) 947 goto nla_put_failure; 948 949 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 950 nl_ftypes = nla_nest_start(msg, ift); 951 if (!nl_ftypes) 952 goto nla_put_failure; 953 i = 0; 954 stypes = mgmt_stypes[ift].tx; 955 while (stypes) { 956 if (stypes & 1) 957 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, 958 (i << 4) | IEEE80211_FTYPE_MGMT); 959 stypes >>= 1; 960 i++; 961 } 962 nla_nest_end(msg, nl_ftypes); 963 } 964 965 nla_nest_end(msg, nl_ifs); 966 967 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES); 968 if (!nl_ifs) 969 goto nla_put_failure; 970 971 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) { 972 nl_ftypes = nla_nest_start(msg, ift); 973 if (!nl_ftypes) 974 goto nla_put_failure; 975 i = 0; 976 stypes = mgmt_stypes[ift].rx; 977 while (stypes) { 978 if (stypes & 1) 979 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, 980 (i << 4) | IEEE80211_FTYPE_MGMT); 981 stypes >>= 1; 982 i++; 983 } 984 nla_nest_end(msg, nl_ftypes); 985 } 986 nla_nest_end(msg, nl_ifs); 987 } 988 989 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) { 990 struct nlattr *nl_wowlan; 991 992 nl_wowlan = nla_nest_start(msg, 993 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED); 994 if (!nl_wowlan) 995 goto nla_put_failure; 996 997 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) 998 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 999 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) 1000 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 1001 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) 1002 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 1003 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) 1004 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED); 1005 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) 1006 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 1007 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) 1008 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 1009 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) 1010 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 1011 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) 1012 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 1013 if (dev->wiphy.wowlan.n_patterns) { 1014 struct nl80211_wowlan_pattern_support pat = { 1015 .max_patterns = dev->wiphy.wowlan.n_patterns, 1016 .min_pattern_len = 1017 dev->wiphy.wowlan.pattern_min_len, 1018 .max_pattern_len = 1019 dev->wiphy.wowlan.pattern_max_len, 1020 }; 1021 NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN, 1022 sizeof(pat), &pat); 1023 } 1024 1025 nla_nest_end(msg, nl_wowlan); 1026 } 1027 1028 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES, 1029 dev->wiphy.software_iftypes)) 1030 goto nla_put_failure; 1031 1032 if (nl80211_put_iface_combinations(&dev->wiphy, msg)) 1033 goto nla_put_failure; 1034 1035 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) 1036 NLA_PUT_U32(msg, NL80211_ATTR_DEVICE_AP_SME, 1037 dev->wiphy.ap_sme_capa); 1038 1039 NLA_PUT_U32(msg, NL80211_ATTR_FEATURE_FLAGS, dev->wiphy.features); 1040 1041 if (dev->wiphy.ht_capa_mod_mask) 1042 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, 1043 sizeof(*dev->wiphy.ht_capa_mod_mask), 1044 dev->wiphy.ht_capa_mod_mask); 1045 1046 return genlmsg_end(msg, hdr); 1047 1048 nla_put_failure: 1049 genlmsg_cancel(msg, hdr); 1050 return -EMSGSIZE; 1051 } 1052 1053 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 1054 { 1055 int idx = 0; 1056 int start = cb->args[0]; 1057 struct cfg80211_registered_device *dev; 1058 1059 mutex_lock(&cfg80211_mutex); 1060 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 1061 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 1062 continue; 1063 if (++idx <= start) 1064 continue; 1065 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 1066 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1067 dev) < 0) { 1068 idx--; 1069 break; 1070 } 1071 } 1072 mutex_unlock(&cfg80211_mutex); 1073 1074 cb->args[0] = idx; 1075 1076 return skb->len; 1077 } 1078 1079 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 1080 { 1081 struct sk_buff *msg; 1082 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1083 1084 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1085 if (!msg) 1086 return -ENOMEM; 1087 1088 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) { 1089 nlmsg_free(msg); 1090 return -ENOBUFS; 1091 } 1092 1093 return genlmsg_reply(msg, info); 1094 } 1095 1096 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 1097 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 1098 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 1099 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 1100 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 1101 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 1102 }; 1103 1104 static int parse_txq_params(struct nlattr *tb[], 1105 struct ieee80211_txq_params *txq_params) 1106 { 1107 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] || 1108 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 1109 !tb[NL80211_TXQ_ATTR_AIFS]) 1110 return -EINVAL; 1111 1112 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]); 1113 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 1114 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 1115 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 1116 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 1117 1118 return 0; 1119 } 1120 1121 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 1122 { 1123 /* 1124 * You can only set the channel explicitly for AP, mesh 1125 * and WDS type interfaces; all others have their channel 1126 * managed via their respective "establish a connection" 1127 * command (connect, join, ...) 1128 * 1129 * Monitors are special as they are normally slaved to 1130 * whatever else is going on, so they behave as though 1131 * you tried setting the wiphy channel itself. 1132 */ 1133 return !wdev || 1134 wdev->iftype == NL80211_IFTYPE_AP || 1135 wdev->iftype == NL80211_IFTYPE_WDS || 1136 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 1137 wdev->iftype == NL80211_IFTYPE_MONITOR || 1138 wdev->iftype == NL80211_IFTYPE_P2P_GO; 1139 } 1140 1141 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 1142 struct wireless_dev *wdev, 1143 struct genl_info *info) 1144 { 1145 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 1146 u32 freq; 1147 int result; 1148 1149 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 1150 return -EINVAL; 1151 1152 if (!nl80211_can_set_dev_channel(wdev)) 1153 return -EOPNOTSUPP; 1154 1155 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1156 channel_type = nla_get_u32(info->attrs[ 1157 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1158 if (channel_type != NL80211_CHAN_NO_HT && 1159 channel_type != NL80211_CHAN_HT20 && 1160 channel_type != NL80211_CHAN_HT40PLUS && 1161 channel_type != NL80211_CHAN_HT40MINUS) 1162 return -EINVAL; 1163 } 1164 1165 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 1166 1167 mutex_lock(&rdev->devlist_mtx); 1168 if (wdev) { 1169 wdev_lock(wdev); 1170 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 1171 wdev_unlock(wdev); 1172 } else { 1173 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 1174 } 1175 mutex_unlock(&rdev->devlist_mtx); 1176 1177 return result; 1178 } 1179 1180 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 1181 { 1182 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1183 struct net_device *netdev = info->user_ptr[1]; 1184 1185 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 1186 } 1187 1188 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info) 1189 { 1190 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1191 struct net_device *dev = info->user_ptr[1]; 1192 struct wireless_dev *wdev = dev->ieee80211_ptr; 1193 const u8 *bssid; 1194 1195 if (!info->attrs[NL80211_ATTR_MAC]) 1196 return -EINVAL; 1197 1198 if (netif_running(dev)) 1199 return -EBUSY; 1200 1201 if (!rdev->ops->set_wds_peer) 1202 return -EOPNOTSUPP; 1203 1204 if (wdev->iftype != NL80211_IFTYPE_WDS) 1205 return -EOPNOTSUPP; 1206 1207 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 1208 return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid); 1209 } 1210 1211 1212 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 1213 { 1214 struct cfg80211_registered_device *rdev; 1215 struct net_device *netdev = NULL; 1216 struct wireless_dev *wdev; 1217 int result = 0, rem_txq_params = 0; 1218 struct nlattr *nl_txq_params; 1219 u32 changed; 1220 u8 retry_short = 0, retry_long = 0; 1221 u32 frag_threshold = 0, rts_threshold = 0; 1222 u8 coverage_class = 0; 1223 1224 /* 1225 * Try to find the wiphy and netdev. Normally this 1226 * function shouldn't need the netdev, but this is 1227 * done for backward compatibility -- previously 1228 * setting the channel was done per wiphy, but now 1229 * it is per netdev. Previous userland like hostapd 1230 * also passed a netdev to set_wiphy, so that it is 1231 * possible to let that go to the right netdev! 1232 */ 1233 mutex_lock(&cfg80211_mutex); 1234 1235 if (info->attrs[NL80211_ATTR_IFINDEX]) { 1236 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 1237 1238 netdev = dev_get_by_index(genl_info_net(info), ifindex); 1239 if (netdev && netdev->ieee80211_ptr) { 1240 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 1241 mutex_lock(&rdev->mtx); 1242 } else 1243 netdev = NULL; 1244 } 1245 1246 if (!netdev) { 1247 rdev = __cfg80211_rdev_from_info(info); 1248 if (IS_ERR(rdev)) { 1249 mutex_unlock(&cfg80211_mutex); 1250 return PTR_ERR(rdev); 1251 } 1252 wdev = NULL; 1253 netdev = NULL; 1254 result = 0; 1255 1256 mutex_lock(&rdev->mtx); 1257 } else if (netif_running(netdev) && 1258 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 1259 wdev = netdev->ieee80211_ptr; 1260 else 1261 wdev = NULL; 1262 1263 /* 1264 * end workaround code, by now the rdev is available 1265 * and locked, and wdev may or may not be NULL. 1266 */ 1267 1268 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 1269 result = cfg80211_dev_rename( 1270 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 1271 1272 mutex_unlock(&cfg80211_mutex); 1273 1274 if (result) 1275 goto bad_res; 1276 1277 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 1278 struct ieee80211_txq_params txq_params; 1279 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 1280 1281 if (!rdev->ops->set_txq_params) { 1282 result = -EOPNOTSUPP; 1283 goto bad_res; 1284 } 1285 1286 if (!netdev) { 1287 result = -EINVAL; 1288 goto bad_res; 1289 } 1290 1291 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 1292 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) { 1293 result = -EINVAL; 1294 goto bad_res; 1295 } 1296 1297 nla_for_each_nested(nl_txq_params, 1298 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 1299 rem_txq_params) { 1300 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 1301 nla_data(nl_txq_params), 1302 nla_len(nl_txq_params), 1303 txq_params_policy); 1304 result = parse_txq_params(tb, &txq_params); 1305 if (result) 1306 goto bad_res; 1307 1308 result = rdev->ops->set_txq_params(&rdev->wiphy, 1309 netdev, 1310 &txq_params); 1311 if (result) 1312 goto bad_res; 1313 } 1314 } 1315 1316 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 1317 result = __nl80211_set_channel(rdev, wdev, info); 1318 if (result) 1319 goto bad_res; 1320 } 1321 1322 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 1323 enum nl80211_tx_power_setting type; 1324 int idx, mbm = 0; 1325 1326 if (!rdev->ops->set_tx_power) { 1327 result = -EOPNOTSUPP; 1328 goto bad_res; 1329 } 1330 1331 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 1332 type = nla_get_u32(info->attrs[idx]); 1333 1334 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 1335 (type != NL80211_TX_POWER_AUTOMATIC)) { 1336 result = -EINVAL; 1337 goto bad_res; 1338 } 1339 1340 if (type != NL80211_TX_POWER_AUTOMATIC) { 1341 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 1342 mbm = nla_get_u32(info->attrs[idx]); 1343 } 1344 1345 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 1346 if (result) 1347 goto bad_res; 1348 } 1349 1350 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] && 1351 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) { 1352 u32 tx_ant, rx_ant; 1353 if ((!rdev->wiphy.available_antennas_tx && 1354 !rdev->wiphy.available_antennas_rx) || 1355 !rdev->ops->set_antenna) { 1356 result = -EOPNOTSUPP; 1357 goto bad_res; 1358 } 1359 1360 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]); 1361 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]); 1362 1363 /* reject antenna configurations which don't match the 1364 * available antenna masks, except for the "all" mask */ 1365 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) || 1366 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) { 1367 result = -EINVAL; 1368 goto bad_res; 1369 } 1370 1371 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx; 1372 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx; 1373 1374 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant); 1375 if (result) 1376 goto bad_res; 1377 } 1378 1379 changed = 0; 1380 1381 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 1382 retry_short = nla_get_u8( 1383 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 1384 if (retry_short == 0) { 1385 result = -EINVAL; 1386 goto bad_res; 1387 } 1388 changed |= WIPHY_PARAM_RETRY_SHORT; 1389 } 1390 1391 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 1392 retry_long = nla_get_u8( 1393 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 1394 if (retry_long == 0) { 1395 result = -EINVAL; 1396 goto bad_res; 1397 } 1398 changed |= WIPHY_PARAM_RETRY_LONG; 1399 } 1400 1401 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 1402 frag_threshold = nla_get_u32( 1403 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 1404 if (frag_threshold < 256) { 1405 result = -EINVAL; 1406 goto bad_res; 1407 } 1408 if (frag_threshold != (u32) -1) { 1409 /* 1410 * Fragments (apart from the last one) are required to 1411 * have even length. Make the fragmentation code 1412 * simpler by stripping LSB should someone try to use 1413 * odd threshold value. 1414 */ 1415 frag_threshold &= ~0x1; 1416 } 1417 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 1418 } 1419 1420 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 1421 rts_threshold = nla_get_u32( 1422 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 1423 changed |= WIPHY_PARAM_RTS_THRESHOLD; 1424 } 1425 1426 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 1427 coverage_class = nla_get_u8( 1428 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 1429 changed |= WIPHY_PARAM_COVERAGE_CLASS; 1430 } 1431 1432 if (changed) { 1433 u8 old_retry_short, old_retry_long; 1434 u32 old_frag_threshold, old_rts_threshold; 1435 u8 old_coverage_class; 1436 1437 if (!rdev->ops->set_wiphy_params) { 1438 result = -EOPNOTSUPP; 1439 goto bad_res; 1440 } 1441 1442 old_retry_short = rdev->wiphy.retry_short; 1443 old_retry_long = rdev->wiphy.retry_long; 1444 old_frag_threshold = rdev->wiphy.frag_threshold; 1445 old_rts_threshold = rdev->wiphy.rts_threshold; 1446 old_coverage_class = rdev->wiphy.coverage_class; 1447 1448 if (changed & WIPHY_PARAM_RETRY_SHORT) 1449 rdev->wiphy.retry_short = retry_short; 1450 if (changed & WIPHY_PARAM_RETRY_LONG) 1451 rdev->wiphy.retry_long = retry_long; 1452 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 1453 rdev->wiphy.frag_threshold = frag_threshold; 1454 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 1455 rdev->wiphy.rts_threshold = rts_threshold; 1456 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 1457 rdev->wiphy.coverage_class = coverage_class; 1458 1459 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 1460 if (result) { 1461 rdev->wiphy.retry_short = old_retry_short; 1462 rdev->wiphy.retry_long = old_retry_long; 1463 rdev->wiphy.frag_threshold = old_frag_threshold; 1464 rdev->wiphy.rts_threshold = old_rts_threshold; 1465 rdev->wiphy.coverage_class = old_coverage_class; 1466 } 1467 } 1468 1469 bad_res: 1470 mutex_unlock(&rdev->mtx); 1471 if (netdev) 1472 dev_put(netdev); 1473 return result; 1474 } 1475 1476 1477 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1478 struct cfg80211_registered_device *rdev, 1479 struct net_device *dev) 1480 { 1481 void *hdr; 1482 1483 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1484 if (!hdr) 1485 return -1; 1486 1487 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1488 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 1489 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 1490 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 1491 1492 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 1493 rdev->devlist_generation ^ 1494 (cfg80211_rdev_list_generation << 2)); 1495 1496 return genlmsg_end(msg, hdr); 1497 1498 nla_put_failure: 1499 genlmsg_cancel(msg, hdr); 1500 return -EMSGSIZE; 1501 } 1502 1503 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1504 { 1505 int wp_idx = 0; 1506 int if_idx = 0; 1507 int wp_start = cb->args[0]; 1508 int if_start = cb->args[1]; 1509 struct cfg80211_registered_device *rdev; 1510 struct wireless_dev *wdev; 1511 1512 mutex_lock(&cfg80211_mutex); 1513 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1514 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1515 continue; 1516 if (wp_idx < wp_start) { 1517 wp_idx++; 1518 continue; 1519 } 1520 if_idx = 0; 1521 1522 mutex_lock(&rdev->devlist_mtx); 1523 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1524 if (if_idx < if_start) { 1525 if_idx++; 1526 continue; 1527 } 1528 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1529 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1530 rdev, wdev->netdev) < 0) { 1531 mutex_unlock(&rdev->devlist_mtx); 1532 goto out; 1533 } 1534 if_idx++; 1535 } 1536 mutex_unlock(&rdev->devlist_mtx); 1537 1538 wp_idx++; 1539 } 1540 out: 1541 mutex_unlock(&cfg80211_mutex); 1542 1543 cb->args[0] = wp_idx; 1544 cb->args[1] = if_idx; 1545 1546 return skb->len; 1547 } 1548 1549 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1550 { 1551 struct sk_buff *msg; 1552 struct cfg80211_registered_device *dev = info->user_ptr[0]; 1553 struct net_device *netdev = info->user_ptr[1]; 1554 1555 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1556 if (!msg) 1557 return -ENOMEM; 1558 1559 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1560 dev, netdev) < 0) { 1561 nlmsg_free(msg); 1562 return -ENOBUFS; 1563 } 1564 1565 return genlmsg_reply(msg, info); 1566 } 1567 1568 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1569 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1570 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1571 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1572 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1573 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1574 }; 1575 1576 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1577 { 1578 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1579 int flag; 1580 1581 *mntrflags = 0; 1582 1583 if (!nla) 1584 return -EINVAL; 1585 1586 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1587 nla, mntr_flags_policy)) 1588 return -EINVAL; 1589 1590 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1591 if (flags[flag]) 1592 *mntrflags |= (1<<flag); 1593 1594 return 0; 1595 } 1596 1597 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1598 struct net_device *netdev, u8 use_4addr, 1599 enum nl80211_iftype iftype) 1600 { 1601 if (!use_4addr) { 1602 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1603 return -EBUSY; 1604 return 0; 1605 } 1606 1607 switch (iftype) { 1608 case NL80211_IFTYPE_AP_VLAN: 1609 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1610 return 0; 1611 break; 1612 case NL80211_IFTYPE_STATION: 1613 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1614 return 0; 1615 break; 1616 default: 1617 break; 1618 } 1619 1620 return -EOPNOTSUPP; 1621 } 1622 1623 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1624 { 1625 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1626 struct vif_params params; 1627 int err; 1628 enum nl80211_iftype otype, ntype; 1629 struct net_device *dev = info->user_ptr[1]; 1630 u32 _flags, *flags = NULL; 1631 bool change = false; 1632 1633 memset(¶ms, 0, sizeof(params)); 1634 1635 otype = ntype = dev->ieee80211_ptr->iftype; 1636 1637 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1638 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1639 if (otype != ntype) 1640 change = true; 1641 if (ntype > NL80211_IFTYPE_MAX) 1642 return -EINVAL; 1643 } 1644 1645 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1646 struct wireless_dev *wdev = dev->ieee80211_ptr; 1647 1648 if (ntype != NL80211_IFTYPE_MESH_POINT) 1649 return -EINVAL; 1650 if (netif_running(dev)) 1651 return -EBUSY; 1652 1653 wdev_lock(wdev); 1654 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1655 IEEE80211_MAX_MESH_ID_LEN); 1656 wdev->mesh_id_up_len = 1657 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1658 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1659 wdev->mesh_id_up_len); 1660 wdev_unlock(wdev); 1661 } 1662 1663 if (info->attrs[NL80211_ATTR_4ADDR]) { 1664 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1665 change = true; 1666 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1667 if (err) 1668 return err; 1669 } else { 1670 params.use_4addr = -1; 1671 } 1672 1673 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1674 if (ntype != NL80211_IFTYPE_MONITOR) 1675 return -EINVAL; 1676 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1677 &_flags); 1678 if (err) 1679 return err; 1680 1681 flags = &_flags; 1682 change = true; 1683 } 1684 1685 if (change) 1686 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1687 else 1688 err = 0; 1689 1690 if (!err && params.use_4addr != -1) 1691 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1692 1693 return err; 1694 } 1695 1696 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1697 { 1698 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1699 struct vif_params params; 1700 struct net_device *dev; 1701 int err; 1702 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1703 u32 flags; 1704 1705 memset(¶ms, 0, sizeof(params)); 1706 1707 if (!info->attrs[NL80211_ATTR_IFNAME]) 1708 return -EINVAL; 1709 1710 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1711 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1712 if (type > NL80211_IFTYPE_MAX) 1713 return -EINVAL; 1714 } 1715 1716 if (!rdev->ops->add_virtual_intf || 1717 !(rdev->wiphy.interface_modes & (1 << type))) 1718 return -EOPNOTSUPP; 1719 1720 if (info->attrs[NL80211_ATTR_4ADDR]) { 1721 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1722 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1723 if (err) 1724 return err; 1725 } 1726 1727 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1728 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1729 &flags); 1730 dev = rdev->ops->add_virtual_intf(&rdev->wiphy, 1731 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1732 type, err ? NULL : &flags, ¶ms); 1733 if (IS_ERR(dev)) 1734 return PTR_ERR(dev); 1735 1736 if (type == NL80211_IFTYPE_MESH_POINT && 1737 info->attrs[NL80211_ATTR_MESH_ID]) { 1738 struct wireless_dev *wdev = dev->ieee80211_ptr; 1739 1740 wdev_lock(wdev); 1741 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN != 1742 IEEE80211_MAX_MESH_ID_LEN); 1743 wdev->mesh_id_up_len = 1744 nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1745 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]), 1746 wdev->mesh_id_up_len); 1747 wdev_unlock(wdev); 1748 } 1749 1750 return 0; 1751 } 1752 1753 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1754 { 1755 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1756 struct net_device *dev = info->user_ptr[1]; 1757 1758 if (!rdev->ops->del_virtual_intf) 1759 return -EOPNOTSUPP; 1760 1761 return rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1762 } 1763 1764 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info) 1765 { 1766 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1767 struct net_device *dev = info->user_ptr[1]; 1768 u16 noack_map; 1769 1770 if (!info->attrs[NL80211_ATTR_NOACK_MAP]) 1771 return -EINVAL; 1772 1773 if (!rdev->ops->set_noack_map) 1774 return -EOPNOTSUPP; 1775 1776 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]); 1777 1778 return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map); 1779 } 1780 1781 struct get_key_cookie { 1782 struct sk_buff *msg; 1783 int error; 1784 int idx; 1785 }; 1786 1787 static void get_key_callback(void *c, struct key_params *params) 1788 { 1789 struct nlattr *key; 1790 struct get_key_cookie *cookie = c; 1791 1792 if (params->key) 1793 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1794 params->key_len, params->key); 1795 1796 if (params->seq) 1797 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1798 params->seq_len, params->seq); 1799 1800 if (params->cipher) 1801 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1802 params->cipher); 1803 1804 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1805 if (!key) 1806 goto nla_put_failure; 1807 1808 if (params->key) 1809 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1810 params->key_len, params->key); 1811 1812 if (params->seq) 1813 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1814 params->seq_len, params->seq); 1815 1816 if (params->cipher) 1817 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1818 params->cipher); 1819 1820 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1821 1822 nla_nest_end(cookie->msg, key); 1823 1824 return; 1825 nla_put_failure: 1826 cookie->error = 1; 1827 } 1828 1829 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1830 { 1831 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1832 int err; 1833 struct net_device *dev = info->user_ptr[1]; 1834 u8 key_idx = 0; 1835 const u8 *mac_addr = NULL; 1836 bool pairwise; 1837 struct get_key_cookie cookie = { 1838 .error = 0, 1839 }; 1840 void *hdr; 1841 struct sk_buff *msg; 1842 1843 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1844 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1845 1846 if (key_idx > 5) 1847 return -EINVAL; 1848 1849 if (info->attrs[NL80211_ATTR_MAC]) 1850 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1851 1852 pairwise = !!mac_addr; 1853 if (info->attrs[NL80211_ATTR_KEY_TYPE]) { 1854 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]); 1855 if (kt >= NUM_NL80211_KEYTYPES) 1856 return -EINVAL; 1857 if (kt != NL80211_KEYTYPE_GROUP && 1858 kt != NL80211_KEYTYPE_PAIRWISE) 1859 return -EINVAL; 1860 pairwise = kt == NL80211_KEYTYPE_PAIRWISE; 1861 } 1862 1863 if (!rdev->ops->get_key) 1864 return -EOPNOTSUPP; 1865 1866 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1867 if (!msg) 1868 return -ENOMEM; 1869 1870 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1871 NL80211_CMD_NEW_KEY); 1872 if (IS_ERR(hdr)) 1873 return PTR_ERR(hdr); 1874 1875 cookie.msg = msg; 1876 cookie.idx = key_idx; 1877 1878 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1879 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1880 if (mac_addr) 1881 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1882 1883 if (pairwise && mac_addr && 1884 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 1885 return -ENOENT; 1886 1887 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise, 1888 mac_addr, &cookie, get_key_callback); 1889 1890 if (err) 1891 goto free_msg; 1892 1893 if (cookie.error) 1894 goto nla_put_failure; 1895 1896 genlmsg_end(msg, hdr); 1897 return genlmsg_reply(msg, info); 1898 1899 nla_put_failure: 1900 err = -ENOBUFS; 1901 free_msg: 1902 nlmsg_free(msg); 1903 return err; 1904 } 1905 1906 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1907 { 1908 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1909 struct key_parse key; 1910 int err; 1911 struct net_device *dev = info->user_ptr[1]; 1912 1913 err = nl80211_parse_key(info, &key); 1914 if (err) 1915 return err; 1916 1917 if (key.idx < 0) 1918 return -EINVAL; 1919 1920 /* only support setting default key */ 1921 if (!key.def && !key.defmgmt) 1922 return -EINVAL; 1923 1924 wdev_lock(dev->ieee80211_ptr); 1925 1926 if (key.def) { 1927 if (!rdev->ops->set_default_key) { 1928 err = -EOPNOTSUPP; 1929 goto out; 1930 } 1931 1932 err = nl80211_key_allowed(dev->ieee80211_ptr); 1933 if (err) 1934 goto out; 1935 1936 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx, 1937 key.def_uni, key.def_multi); 1938 1939 if (err) 1940 goto out; 1941 1942 #ifdef CONFIG_CFG80211_WEXT 1943 dev->ieee80211_ptr->wext.default_key = key.idx; 1944 #endif 1945 } else { 1946 if (key.def_uni || !key.def_multi) { 1947 err = -EINVAL; 1948 goto out; 1949 } 1950 1951 if (!rdev->ops->set_default_mgmt_key) { 1952 err = -EOPNOTSUPP; 1953 goto out; 1954 } 1955 1956 err = nl80211_key_allowed(dev->ieee80211_ptr); 1957 if (err) 1958 goto out; 1959 1960 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy, 1961 dev, key.idx); 1962 if (err) 1963 goto out; 1964 1965 #ifdef CONFIG_CFG80211_WEXT 1966 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 1967 #endif 1968 } 1969 1970 out: 1971 wdev_unlock(dev->ieee80211_ptr); 1972 1973 return err; 1974 } 1975 1976 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 1977 { 1978 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 1979 int err; 1980 struct net_device *dev = info->user_ptr[1]; 1981 struct key_parse key; 1982 const u8 *mac_addr = NULL; 1983 1984 err = nl80211_parse_key(info, &key); 1985 if (err) 1986 return err; 1987 1988 if (!key.p.key) 1989 return -EINVAL; 1990 1991 if (info->attrs[NL80211_ATTR_MAC]) 1992 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1993 1994 if (key.type == -1) { 1995 if (mac_addr) 1996 key.type = NL80211_KEYTYPE_PAIRWISE; 1997 else 1998 key.type = NL80211_KEYTYPE_GROUP; 1999 } 2000 2001 /* for now */ 2002 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2003 key.type != NL80211_KEYTYPE_GROUP) 2004 return -EINVAL; 2005 2006 if (!rdev->ops->add_key) 2007 return -EOPNOTSUPP; 2008 2009 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, 2010 key.type == NL80211_KEYTYPE_PAIRWISE, 2011 mac_addr)) 2012 return -EINVAL; 2013 2014 wdev_lock(dev->ieee80211_ptr); 2015 err = nl80211_key_allowed(dev->ieee80211_ptr); 2016 if (!err) 2017 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 2018 key.type == NL80211_KEYTYPE_PAIRWISE, 2019 mac_addr, &key.p); 2020 wdev_unlock(dev->ieee80211_ptr); 2021 2022 return err; 2023 } 2024 2025 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 2026 { 2027 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2028 int err; 2029 struct net_device *dev = info->user_ptr[1]; 2030 u8 *mac_addr = NULL; 2031 struct key_parse key; 2032 2033 err = nl80211_parse_key(info, &key); 2034 if (err) 2035 return err; 2036 2037 if (info->attrs[NL80211_ATTR_MAC]) 2038 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2039 2040 if (key.type == -1) { 2041 if (mac_addr) 2042 key.type = NL80211_KEYTYPE_PAIRWISE; 2043 else 2044 key.type = NL80211_KEYTYPE_GROUP; 2045 } 2046 2047 /* for now */ 2048 if (key.type != NL80211_KEYTYPE_PAIRWISE && 2049 key.type != NL80211_KEYTYPE_GROUP) 2050 return -EINVAL; 2051 2052 if (!rdev->ops->del_key) 2053 return -EOPNOTSUPP; 2054 2055 wdev_lock(dev->ieee80211_ptr); 2056 err = nl80211_key_allowed(dev->ieee80211_ptr); 2057 2058 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr && 2059 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)) 2060 err = -ENOENT; 2061 2062 if (!err) 2063 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, 2064 key.type == NL80211_KEYTYPE_PAIRWISE, 2065 mac_addr); 2066 2067 #ifdef CONFIG_CFG80211_WEXT 2068 if (!err) { 2069 if (key.idx == dev->ieee80211_ptr->wext.default_key) 2070 dev->ieee80211_ptr->wext.default_key = -1; 2071 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 2072 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 2073 } 2074 #endif 2075 wdev_unlock(dev->ieee80211_ptr); 2076 2077 return err; 2078 } 2079 2080 static int nl80211_parse_beacon(struct genl_info *info, 2081 struct cfg80211_beacon_data *bcn) 2082 { 2083 bool haveinfo = false; 2084 2085 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) || 2086 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) || 2087 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) || 2088 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP])) 2089 return -EINVAL; 2090 2091 memset(bcn, 0, sizeof(*bcn)); 2092 2093 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 2094 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2095 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 2096 if (!bcn->head_len) 2097 return -EINVAL; 2098 haveinfo = true; 2099 } 2100 2101 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 2102 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2103 bcn->tail_len = 2104 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 2105 haveinfo = true; 2106 } 2107 2108 if (!haveinfo) 2109 return -EINVAL; 2110 2111 if (info->attrs[NL80211_ATTR_IE]) { 2112 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]); 2113 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2114 } 2115 2116 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) { 2117 bcn->proberesp_ies = 2118 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2119 bcn->proberesp_ies_len = 2120 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]); 2121 } 2122 2123 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) { 2124 bcn->assocresp_ies = 2125 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2126 bcn->assocresp_ies_len = 2127 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]); 2128 } 2129 2130 if (info->attrs[NL80211_ATTR_PROBE_RESP]) { 2131 bcn->probe_resp = 2132 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]); 2133 bcn->probe_resp_len = 2134 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]); 2135 } 2136 2137 return 0; 2138 } 2139 2140 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) 2141 { 2142 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2143 struct net_device *dev = info->user_ptr[1]; 2144 struct wireless_dev *wdev = dev->ieee80211_ptr; 2145 struct cfg80211_ap_settings params; 2146 int err; 2147 2148 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2149 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2150 return -EOPNOTSUPP; 2151 2152 if (!rdev->ops->start_ap) 2153 return -EOPNOTSUPP; 2154 2155 if (wdev->beacon_interval) 2156 return -EALREADY; 2157 2158 memset(¶ms, 0, sizeof(params)); 2159 2160 /* these are required for START_AP */ 2161 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 2162 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 2163 !info->attrs[NL80211_ATTR_BEACON_HEAD]) 2164 return -EINVAL; 2165 2166 err = nl80211_parse_beacon(info, ¶ms.beacon); 2167 if (err) 2168 return err; 2169 2170 params.beacon_interval = 2171 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 2172 params.dtim_period = 2173 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 2174 2175 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval); 2176 if (err) 2177 return err; 2178 2179 /* 2180 * In theory, some of these attributes should be required here 2181 * but since they were not used when the command was originally 2182 * added, keep them optional for old user space programs to let 2183 * them continue to work with drivers that do not need the 2184 * additional information -- drivers must check! 2185 */ 2186 if (info->attrs[NL80211_ATTR_SSID]) { 2187 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 2188 params.ssid_len = 2189 nla_len(info->attrs[NL80211_ATTR_SSID]); 2190 if (params.ssid_len == 0 || 2191 params.ssid_len > IEEE80211_MAX_SSID_LEN) 2192 return -EINVAL; 2193 } 2194 2195 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) { 2196 params.hidden_ssid = nla_get_u32( 2197 info->attrs[NL80211_ATTR_HIDDEN_SSID]); 2198 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE && 2199 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN && 2200 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS) 2201 return -EINVAL; 2202 } 2203 2204 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 2205 2206 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 2207 params.auth_type = nla_get_u32( 2208 info->attrs[NL80211_ATTR_AUTH_TYPE]); 2209 if (!nl80211_valid_auth_type(params.auth_type)) 2210 return -EINVAL; 2211 } else 2212 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 2213 2214 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto, 2215 NL80211_MAX_NR_CIPHER_SUITES); 2216 if (err) 2217 return err; 2218 2219 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) { 2220 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) 2221 return -EOPNOTSUPP; 2222 params.inactivity_timeout = nla_get_u16( 2223 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]); 2224 } 2225 2226 err = rdev->ops->start_ap(&rdev->wiphy, dev, ¶ms); 2227 if (!err) 2228 wdev->beacon_interval = params.beacon_interval; 2229 return err; 2230 } 2231 2232 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info) 2233 { 2234 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2235 struct net_device *dev = info->user_ptr[1]; 2236 struct wireless_dev *wdev = dev->ieee80211_ptr; 2237 struct cfg80211_beacon_data params; 2238 int err; 2239 2240 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2241 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2242 return -EOPNOTSUPP; 2243 2244 if (!rdev->ops->change_beacon) 2245 return -EOPNOTSUPP; 2246 2247 if (!wdev->beacon_interval) 2248 return -EINVAL; 2249 2250 err = nl80211_parse_beacon(info, ¶ms); 2251 if (err) 2252 return err; 2253 2254 return rdev->ops->change_beacon(&rdev->wiphy, dev, ¶ms); 2255 } 2256 2257 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info) 2258 { 2259 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2260 struct net_device *dev = info->user_ptr[1]; 2261 struct wireless_dev *wdev = dev->ieee80211_ptr; 2262 int err; 2263 2264 if (!rdev->ops->stop_ap) 2265 return -EOPNOTSUPP; 2266 2267 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2268 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2269 return -EOPNOTSUPP; 2270 2271 if (!wdev->beacon_interval) 2272 return -ENOENT; 2273 2274 err = rdev->ops->stop_ap(&rdev->wiphy, dev); 2275 if (!err) 2276 wdev->beacon_interval = 0; 2277 return err; 2278 } 2279 2280 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 2281 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 2282 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 2283 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 2284 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 2285 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG }, 2286 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG }, 2287 }; 2288 2289 static int parse_station_flags(struct genl_info *info, 2290 enum nl80211_iftype iftype, 2291 struct station_parameters *params) 2292 { 2293 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 2294 struct nlattr *nla; 2295 int flag; 2296 2297 /* 2298 * Try parsing the new attribute first so userspace 2299 * can specify both for older kernels. 2300 */ 2301 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 2302 if (nla) { 2303 struct nl80211_sta_flag_update *sta_flags; 2304 2305 sta_flags = nla_data(nla); 2306 params->sta_flags_mask = sta_flags->mask; 2307 params->sta_flags_set = sta_flags->set; 2308 if ((params->sta_flags_mask | 2309 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 2310 return -EINVAL; 2311 return 0; 2312 } 2313 2314 /* if present, parse the old attribute */ 2315 2316 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 2317 if (!nla) 2318 return 0; 2319 2320 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 2321 nla, sta_flags_policy)) 2322 return -EINVAL; 2323 2324 /* 2325 * Only allow certain flags for interface types so that 2326 * other attributes are silently ignored. Remember that 2327 * this is backward compatibility code with old userspace 2328 * and shouldn't be hit in other cases anyway. 2329 */ 2330 switch (iftype) { 2331 case NL80211_IFTYPE_AP: 2332 case NL80211_IFTYPE_AP_VLAN: 2333 case NL80211_IFTYPE_P2P_GO: 2334 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2335 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2336 BIT(NL80211_STA_FLAG_WME) | 2337 BIT(NL80211_STA_FLAG_MFP); 2338 break; 2339 case NL80211_IFTYPE_P2P_CLIENT: 2340 case NL80211_IFTYPE_STATION: 2341 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) | 2342 BIT(NL80211_STA_FLAG_TDLS_PEER); 2343 break; 2344 case NL80211_IFTYPE_MESH_POINT: 2345 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2346 BIT(NL80211_STA_FLAG_MFP) | 2347 BIT(NL80211_STA_FLAG_AUTHORIZED); 2348 default: 2349 return -EINVAL; 2350 } 2351 2352 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 2353 if (flags[flag]) 2354 params->sta_flags_set |= (1<<flag); 2355 2356 return 0; 2357 } 2358 2359 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, 2360 int attr) 2361 { 2362 struct nlattr *rate; 2363 u16 bitrate; 2364 2365 rate = nla_nest_start(msg, attr); 2366 if (!rate) 2367 goto nla_put_failure; 2368 2369 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 2370 bitrate = cfg80211_calculate_bitrate(info); 2371 if (bitrate > 0) 2372 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 2373 2374 if (info->flags & RATE_INFO_FLAGS_MCS) 2375 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs); 2376 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 2377 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 2378 if (info->flags & RATE_INFO_FLAGS_SHORT_GI) 2379 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 2380 2381 nla_nest_end(msg, rate); 2382 return true; 2383 2384 nla_put_failure: 2385 return false; 2386 } 2387 2388 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 2389 int flags, 2390 struct cfg80211_registered_device *rdev, 2391 struct net_device *dev, 2392 const u8 *mac_addr, struct station_info *sinfo) 2393 { 2394 void *hdr; 2395 struct nlattr *sinfoattr, *bss_param; 2396 2397 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2398 if (!hdr) 2399 return -1; 2400 2401 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2402 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 2403 2404 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 2405 2406 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 2407 if (!sinfoattr) 2408 goto nla_put_failure; 2409 if (sinfo->filled & STATION_INFO_CONNECTED_TIME) 2410 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME, 2411 sinfo->connected_time); 2412 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 2413 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 2414 sinfo->inactive_time); 2415 if (sinfo->filled & STATION_INFO_RX_BYTES) 2416 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 2417 sinfo->rx_bytes); 2418 if (sinfo->filled & STATION_INFO_TX_BYTES) 2419 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 2420 sinfo->tx_bytes); 2421 if (sinfo->filled & STATION_INFO_LLID) 2422 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 2423 sinfo->llid); 2424 if (sinfo->filled & STATION_INFO_PLID) 2425 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 2426 sinfo->plid); 2427 if (sinfo->filled & STATION_INFO_PLINK_STATE) 2428 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 2429 sinfo->plink_state); 2430 switch (rdev->wiphy.signal_type) { 2431 case CFG80211_SIGNAL_TYPE_MBM: 2432 if (sinfo->filled & STATION_INFO_SIGNAL) 2433 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 2434 sinfo->signal); 2435 if (sinfo->filled & STATION_INFO_SIGNAL_AVG) 2436 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG, 2437 sinfo->signal_avg); 2438 break; 2439 default: 2440 break; 2441 } 2442 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 2443 if (!nl80211_put_sta_rate(msg, &sinfo->txrate, 2444 NL80211_STA_INFO_TX_BITRATE)) 2445 goto nla_put_failure; 2446 } 2447 if (sinfo->filled & STATION_INFO_RX_BITRATE) { 2448 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate, 2449 NL80211_STA_INFO_RX_BITRATE)) 2450 goto nla_put_failure; 2451 } 2452 if (sinfo->filled & STATION_INFO_RX_PACKETS) 2453 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 2454 sinfo->rx_packets); 2455 if (sinfo->filled & STATION_INFO_TX_PACKETS) 2456 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 2457 sinfo->tx_packets); 2458 if (sinfo->filled & STATION_INFO_TX_RETRIES) 2459 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES, 2460 sinfo->tx_retries); 2461 if (sinfo->filled & STATION_INFO_TX_FAILED) 2462 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED, 2463 sinfo->tx_failed); 2464 if (sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) 2465 NLA_PUT_U32(msg, NL80211_STA_INFO_BEACON_LOSS, 2466 sinfo->beacon_loss_count); 2467 if (sinfo->filled & STATION_INFO_BSS_PARAM) { 2468 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM); 2469 if (!bss_param) 2470 goto nla_put_failure; 2471 2472 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) 2473 NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT); 2474 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) 2475 NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE); 2476 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) 2477 NLA_PUT_FLAG(msg, 2478 NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME); 2479 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD, 2480 sinfo->bss_param.dtim_period); 2481 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL, 2482 sinfo->bss_param.beacon_interval); 2483 2484 nla_nest_end(msg, bss_param); 2485 } 2486 if (sinfo->filled & STATION_INFO_STA_FLAGS) 2487 NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS, 2488 sizeof(struct nl80211_sta_flag_update), 2489 &sinfo->sta_flags); 2490 nla_nest_end(msg, sinfoattr); 2491 2492 if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES) 2493 NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len, 2494 sinfo->assoc_req_ies); 2495 2496 return genlmsg_end(msg, hdr); 2497 2498 nla_put_failure: 2499 genlmsg_cancel(msg, hdr); 2500 return -EMSGSIZE; 2501 } 2502 2503 static int nl80211_dump_station(struct sk_buff *skb, 2504 struct netlink_callback *cb) 2505 { 2506 struct station_info sinfo; 2507 struct cfg80211_registered_device *dev; 2508 struct net_device *netdev; 2509 u8 mac_addr[ETH_ALEN]; 2510 int sta_idx = cb->args[1]; 2511 int err; 2512 2513 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2514 if (err) 2515 return err; 2516 2517 if (!dev->ops->dump_station) { 2518 err = -EOPNOTSUPP; 2519 goto out_err; 2520 } 2521 2522 while (1) { 2523 memset(&sinfo, 0, sizeof(sinfo)); 2524 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 2525 mac_addr, &sinfo); 2526 if (err == -ENOENT) 2527 break; 2528 if (err) 2529 goto out_err; 2530 2531 if (nl80211_send_station(skb, 2532 NETLINK_CB(cb->skb).pid, 2533 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2534 dev, netdev, mac_addr, 2535 &sinfo) < 0) 2536 goto out; 2537 2538 sta_idx++; 2539 } 2540 2541 2542 out: 2543 cb->args[1] = sta_idx; 2544 err = skb->len; 2545 out_err: 2546 nl80211_finish_netdev_dump(dev); 2547 2548 return err; 2549 } 2550 2551 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 2552 { 2553 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2554 struct net_device *dev = info->user_ptr[1]; 2555 struct station_info sinfo; 2556 struct sk_buff *msg; 2557 u8 *mac_addr = NULL; 2558 int err; 2559 2560 memset(&sinfo, 0, sizeof(sinfo)); 2561 2562 if (!info->attrs[NL80211_ATTR_MAC]) 2563 return -EINVAL; 2564 2565 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2566 2567 if (!rdev->ops->get_station) 2568 return -EOPNOTSUPP; 2569 2570 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 2571 if (err) 2572 return err; 2573 2574 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2575 if (!msg) 2576 return -ENOMEM; 2577 2578 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 2579 rdev, dev, mac_addr, &sinfo) < 0) { 2580 nlmsg_free(msg); 2581 return -ENOBUFS; 2582 } 2583 2584 return genlmsg_reply(msg, info); 2585 } 2586 2587 /* 2588 * Get vlan interface making sure it is running and on the right wiphy. 2589 */ 2590 static struct net_device *get_vlan(struct genl_info *info, 2591 struct cfg80211_registered_device *rdev) 2592 { 2593 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 2594 struct net_device *v; 2595 int ret; 2596 2597 if (!vlanattr) 2598 return NULL; 2599 2600 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr)); 2601 if (!v) 2602 return ERR_PTR(-ENODEV); 2603 2604 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) { 2605 ret = -EINVAL; 2606 goto error; 2607 } 2608 2609 if (!netif_running(v)) { 2610 ret = -ENETDOWN; 2611 goto error; 2612 } 2613 2614 return v; 2615 error: 2616 dev_put(v); 2617 return ERR_PTR(ret); 2618 } 2619 2620 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 2621 { 2622 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2623 int err; 2624 struct net_device *dev = info->user_ptr[1]; 2625 struct station_parameters params; 2626 u8 *mac_addr = NULL; 2627 2628 memset(¶ms, 0, sizeof(params)); 2629 2630 params.listen_interval = -1; 2631 params.plink_state = -1; 2632 2633 if (info->attrs[NL80211_ATTR_STA_AID]) 2634 return -EINVAL; 2635 2636 if (!info->attrs[NL80211_ATTR_MAC]) 2637 return -EINVAL; 2638 2639 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2640 2641 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2642 params.supported_rates = 2643 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2644 params.supported_rates_len = 2645 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2646 } 2647 2648 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2649 params.listen_interval = 2650 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2651 2652 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2653 params.ht_capa = 2654 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2655 2656 if (!rdev->ops->change_station) 2657 return -EOPNOTSUPP; 2658 2659 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2660 return -EINVAL; 2661 2662 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2663 params.plink_action = 2664 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2665 2666 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) 2667 params.plink_state = 2668 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]); 2669 2670 switch (dev->ieee80211_ptr->iftype) { 2671 case NL80211_IFTYPE_AP: 2672 case NL80211_IFTYPE_AP_VLAN: 2673 case NL80211_IFTYPE_P2P_GO: 2674 /* disallow mesh-specific things */ 2675 if (params.plink_action) 2676 return -EINVAL; 2677 2678 /* TDLS can't be set, ... */ 2679 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2680 return -EINVAL; 2681 /* 2682 * ... but don't bother the driver with it. This works around 2683 * a hostapd/wpa_supplicant issue -- it always includes the 2684 * TLDS_PEER flag in the mask even for AP mode. 2685 */ 2686 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2687 2688 /* accept only the listed bits */ 2689 if (params.sta_flags_mask & 2690 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) | 2691 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) | 2692 BIT(NL80211_STA_FLAG_WME) | 2693 BIT(NL80211_STA_FLAG_MFP))) 2694 return -EINVAL; 2695 2696 /* must be last in here for error handling */ 2697 params.vlan = get_vlan(info, rdev); 2698 if (IS_ERR(params.vlan)) 2699 return PTR_ERR(params.vlan); 2700 break; 2701 case NL80211_IFTYPE_P2P_CLIENT: 2702 case NL80211_IFTYPE_STATION: 2703 /* 2704 * Don't allow userspace to change the TDLS_PEER flag, 2705 * but silently ignore attempts to change it since we 2706 * don't have state here to verify that it doesn't try 2707 * to change the flag. 2708 */ 2709 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2710 /* fall through */ 2711 case NL80211_IFTYPE_ADHOC: 2712 /* disallow things sta doesn't support */ 2713 if (params.plink_action) 2714 return -EINVAL; 2715 if (params.ht_capa) 2716 return -EINVAL; 2717 if (params.listen_interval >= 0) 2718 return -EINVAL; 2719 /* reject any changes other than AUTHORIZED */ 2720 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2721 return -EINVAL; 2722 break; 2723 case NL80211_IFTYPE_MESH_POINT: 2724 /* disallow things mesh doesn't support */ 2725 if (params.vlan) 2726 return -EINVAL; 2727 if (params.ht_capa) 2728 return -EINVAL; 2729 if (params.listen_interval >= 0) 2730 return -EINVAL; 2731 /* 2732 * No special handling for TDLS here -- the userspace 2733 * mesh code doesn't have this bug. 2734 */ 2735 if (params.sta_flags_mask & 2736 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) | 2737 BIT(NL80211_STA_FLAG_MFP) | 2738 BIT(NL80211_STA_FLAG_AUTHORIZED))) 2739 return -EINVAL; 2740 break; 2741 default: 2742 return -EOPNOTSUPP; 2743 } 2744 2745 /* be aware of params.vlan when changing code here */ 2746 2747 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2748 2749 if (params.vlan) 2750 dev_put(params.vlan); 2751 2752 return err; 2753 } 2754 2755 static struct nla_policy 2756 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = { 2757 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 2758 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 }, 2759 }; 2760 2761 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2762 { 2763 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2764 int err; 2765 struct net_device *dev = info->user_ptr[1]; 2766 struct station_parameters params; 2767 u8 *mac_addr = NULL; 2768 2769 memset(¶ms, 0, sizeof(params)); 2770 2771 if (!info->attrs[NL80211_ATTR_MAC]) 2772 return -EINVAL; 2773 2774 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2775 return -EINVAL; 2776 2777 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2778 return -EINVAL; 2779 2780 if (!info->attrs[NL80211_ATTR_STA_AID]) 2781 return -EINVAL; 2782 2783 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2784 params.supported_rates = 2785 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2786 params.supported_rates_len = 2787 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2788 params.listen_interval = 2789 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2790 2791 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2792 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2793 return -EINVAL; 2794 2795 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2796 params.ht_capa = 2797 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2798 2799 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2800 params.plink_action = 2801 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2802 2803 if (!rdev->ops->add_station) 2804 return -EOPNOTSUPP; 2805 2806 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms)) 2807 return -EINVAL; 2808 2809 switch (dev->ieee80211_ptr->iftype) { 2810 case NL80211_IFTYPE_AP: 2811 case NL80211_IFTYPE_AP_VLAN: 2812 case NL80211_IFTYPE_P2P_GO: 2813 /* parse WME attributes if sta is WME capable */ 2814 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) && 2815 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) && 2816 info->attrs[NL80211_ATTR_STA_WME]) { 2817 struct nlattr *tb[NL80211_STA_WME_MAX + 1]; 2818 struct nlattr *nla; 2819 2820 nla = info->attrs[NL80211_ATTR_STA_WME]; 2821 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla, 2822 nl80211_sta_wme_policy); 2823 if (err) 2824 return err; 2825 2826 if (tb[NL80211_STA_WME_UAPSD_QUEUES]) 2827 params.uapsd_queues = 2828 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]); 2829 if (params.uapsd_queues & 2830 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK) 2831 return -EINVAL; 2832 2833 if (tb[NL80211_STA_WME_MAX_SP]) 2834 params.max_sp = 2835 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]); 2836 2837 if (params.max_sp & 2838 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK) 2839 return -EINVAL; 2840 2841 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD; 2842 } 2843 /* TDLS peers cannot be added */ 2844 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2845 return -EINVAL; 2846 /* but don't bother the driver with it */ 2847 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER); 2848 2849 /* must be last in here for error handling */ 2850 params.vlan = get_vlan(info, rdev); 2851 if (IS_ERR(params.vlan)) 2852 return PTR_ERR(params.vlan); 2853 break; 2854 case NL80211_IFTYPE_MESH_POINT: 2855 /* TDLS peers cannot be added */ 2856 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) 2857 return -EINVAL; 2858 break; 2859 case NL80211_IFTYPE_STATION: 2860 /* Only TDLS peers can be added */ 2861 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) 2862 return -EINVAL; 2863 /* Can only add if TDLS ... */ 2864 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)) 2865 return -EOPNOTSUPP; 2866 /* ... with external setup is supported */ 2867 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)) 2868 return -EOPNOTSUPP; 2869 break; 2870 default: 2871 return -EOPNOTSUPP; 2872 } 2873 2874 /* be aware of params.vlan when changing code here */ 2875 2876 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2877 2878 if (params.vlan) 2879 dev_put(params.vlan); 2880 return err; 2881 } 2882 2883 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2884 { 2885 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 2886 struct net_device *dev = info->user_ptr[1]; 2887 u8 *mac_addr = NULL; 2888 2889 if (info->attrs[NL80211_ATTR_MAC]) 2890 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2891 2892 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2893 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2894 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 2895 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 2896 return -EINVAL; 2897 2898 if (!rdev->ops->del_station) 2899 return -EOPNOTSUPP; 2900 2901 return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2902 } 2903 2904 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2905 int flags, struct net_device *dev, 2906 u8 *dst, u8 *next_hop, 2907 struct mpath_info *pinfo) 2908 { 2909 void *hdr; 2910 struct nlattr *pinfoattr; 2911 2912 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2913 if (!hdr) 2914 return -1; 2915 2916 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2917 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2918 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2919 2920 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2921 2922 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2923 if (!pinfoattr) 2924 goto nla_put_failure; 2925 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2926 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2927 pinfo->frame_qlen); 2928 if (pinfo->filled & MPATH_INFO_SN) 2929 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2930 pinfo->sn); 2931 if (pinfo->filled & MPATH_INFO_METRIC) 2932 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2933 pinfo->metric); 2934 if (pinfo->filled & MPATH_INFO_EXPTIME) 2935 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2936 pinfo->exptime); 2937 if (pinfo->filled & MPATH_INFO_FLAGS) 2938 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2939 pinfo->flags); 2940 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2941 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2942 pinfo->discovery_timeout); 2943 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2944 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2945 pinfo->discovery_retries); 2946 2947 nla_nest_end(msg, pinfoattr); 2948 2949 return genlmsg_end(msg, hdr); 2950 2951 nla_put_failure: 2952 genlmsg_cancel(msg, hdr); 2953 return -EMSGSIZE; 2954 } 2955 2956 static int nl80211_dump_mpath(struct sk_buff *skb, 2957 struct netlink_callback *cb) 2958 { 2959 struct mpath_info pinfo; 2960 struct cfg80211_registered_device *dev; 2961 struct net_device *netdev; 2962 u8 dst[ETH_ALEN]; 2963 u8 next_hop[ETH_ALEN]; 2964 int path_idx = cb->args[1]; 2965 int err; 2966 2967 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 2968 if (err) 2969 return err; 2970 2971 if (!dev->ops->dump_mpath) { 2972 err = -EOPNOTSUPP; 2973 goto out_err; 2974 } 2975 2976 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2977 err = -EOPNOTSUPP; 2978 goto out_err; 2979 } 2980 2981 while (1) { 2982 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 2983 dst, next_hop, &pinfo); 2984 if (err == -ENOENT) 2985 break; 2986 if (err) 2987 goto out_err; 2988 2989 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 2990 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2991 netdev, dst, next_hop, 2992 &pinfo) < 0) 2993 goto out; 2994 2995 path_idx++; 2996 } 2997 2998 2999 out: 3000 cb->args[1] = path_idx; 3001 err = skb->len; 3002 out_err: 3003 nl80211_finish_netdev_dump(dev); 3004 return err; 3005 } 3006 3007 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 3008 { 3009 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3010 int err; 3011 struct net_device *dev = info->user_ptr[1]; 3012 struct mpath_info pinfo; 3013 struct sk_buff *msg; 3014 u8 *dst = NULL; 3015 u8 next_hop[ETH_ALEN]; 3016 3017 memset(&pinfo, 0, sizeof(pinfo)); 3018 3019 if (!info->attrs[NL80211_ATTR_MAC]) 3020 return -EINVAL; 3021 3022 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3023 3024 if (!rdev->ops->get_mpath) 3025 return -EOPNOTSUPP; 3026 3027 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3028 return -EOPNOTSUPP; 3029 3030 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 3031 if (err) 3032 return err; 3033 3034 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3035 if (!msg) 3036 return -ENOMEM; 3037 3038 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 3039 dev, dst, next_hop, &pinfo) < 0) { 3040 nlmsg_free(msg); 3041 return -ENOBUFS; 3042 } 3043 3044 return genlmsg_reply(msg, info); 3045 } 3046 3047 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 3048 { 3049 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3050 struct net_device *dev = info->user_ptr[1]; 3051 u8 *dst = NULL; 3052 u8 *next_hop = NULL; 3053 3054 if (!info->attrs[NL80211_ATTR_MAC]) 3055 return -EINVAL; 3056 3057 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3058 return -EINVAL; 3059 3060 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3061 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3062 3063 if (!rdev->ops->change_mpath) 3064 return -EOPNOTSUPP; 3065 3066 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3067 return -EOPNOTSUPP; 3068 3069 return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 3070 } 3071 3072 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 3073 { 3074 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3075 struct net_device *dev = info->user_ptr[1]; 3076 u8 *dst = NULL; 3077 u8 *next_hop = NULL; 3078 3079 if (!info->attrs[NL80211_ATTR_MAC]) 3080 return -EINVAL; 3081 3082 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 3083 return -EINVAL; 3084 3085 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3086 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 3087 3088 if (!rdev->ops->add_mpath) 3089 return -EOPNOTSUPP; 3090 3091 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) 3092 return -EOPNOTSUPP; 3093 3094 return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 3095 } 3096 3097 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 3098 { 3099 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3100 struct net_device *dev = info->user_ptr[1]; 3101 u8 *dst = NULL; 3102 3103 if (info->attrs[NL80211_ATTR_MAC]) 3104 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 3105 3106 if (!rdev->ops->del_mpath) 3107 return -EOPNOTSUPP; 3108 3109 return rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 3110 } 3111 3112 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 3113 { 3114 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3115 struct net_device *dev = info->user_ptr[1]; 3116 struct bss_parameters params; 3117 3118 memset(¶ms, 0, sizeof(params)); 3119 /* default to not changing parameters */ 3120 params.use_cts_prot = -1; 3121 params.use_short_preamble = -1; 3122 params.use_short_slot_time = -1; 3123 params.ap_isolate = -1; 3124 params.ht_opmode = -1; 3125 3126 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 3127 params.use_cts_prot = 3128 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 3129 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 3130 params.use_short_preamble = 3131 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 3132 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 3133 params.use_short_slot_time = 3134 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 3135 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3136 params.basic_rates = 3137 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3138 params.basic_rates_len = 3139 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3140 } 3141 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 3142 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 3143 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) 3144 params.ht_opmode = 3145 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]); 3146 3147 if (!rdev->ops->change_bss) 3148 return -EOPNOTSUPP; 3149 3150 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 3151 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 3152 return -EOPNOTSUPP; 3153 3154 return rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 3155 } 3156 3157 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 3158 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3159 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3160 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3161 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3162 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3163 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3164 }; 3165 3166 static int parse_reg_rule(struct nlattr *tb[], 3167 struct ieee80211_reg_rule *reg_rule) 3168 { 3169 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 3170 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 3171 3172 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 3173 return -EINVAL; 3174 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 3175 return -EINVAL; 3176 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 3177 return -EINVAL; 3178 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 3179 return -EINVAL; 3180 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 3181 return -EINVAL; 3182 3183 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 3184 3185 freq_range->start_freq_khz = 3186 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 3187 freq_range->end_freq_khz = 3188 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 3189 freq_range->max_bandwidth_khz = 3190 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 3191 3192 power_rule->max_eirp = 3193 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 3194 3195 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 3196 power_rule->max_antenna_gain = 3197 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 3198 3199 return 0; 3200 } 3201 3202 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 3203 { 3204 int r; 3205 char *data = NULL; 3206 3207 /* 3208 * You should only get this when cfg80211 hasn't yet initialized 3209 * completely when built-in to the kernel right between the time 3210 * window between nl80211_init() and regulatory_init(), if that is 3211 * even possible. 3212 */ 3213 mutex_lock(&cfg80211_mutex); 3214 if (unlikely(!cfg80211_regdomain)) { 3215 mutex_unlock(&cfg80211_mutex); 3216 return -EINPROGRESS; 3217 } 3218 mutex_unlock(&cfg80211_mutex); 3219 3220 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3221 return -EINVAL; 3222 3223 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3224 3225 r = regulatory_hint_user(data); 3226 3227 return r; 3228 } 3229 3230 static int nl80211_get_mesh_config(struct sk_buff *skb, 3231 struct genl_info *info) 3232 { 3233 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3234 struct net_device *dev = info->user_ptr[1]; 3235 struct wireless_dev *wdev = dev->ieee80211_ptr; 3236 struct mesh_config cur_params; 3237 int err = 0; 3238 void *hdr; 3239 struct nlattr *pinfoattr; 3240 struct sk_buff *msg; 3241 3242 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3243 return -EOPNOTSUPP; 3244 3245 if (!rdev->ops->get_mesh_config) 3246 return -EOPNOTSUPP; 3247 3248 wdev_lock(wdev); 3249 /* If not connected, get default parameters */ 3250 if (!wdev->mesh_id_len) 3251 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params)); 3252 else 3253 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev, 3254 &cur_params); 3255 wdev_unlock(wdev); 3256 3257 if (err) 3258 return err; 3259 3260 /* Draw up a netlink message to send back */ 3261 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3262 if (!msg) 3263 return -ENOMEM; 3264 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3265 NL80211_CMD_GET_MESH_CONFIG); 3266 if (!hdr) 3267 goto out; 3268 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG); 3269 if (!pinfoattr) 3270 goto nla_put_failure; 3271 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3272 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 3273 cur_params.dot11MeshRetryTimeout); 3274 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 3275 cur_params.dot11MeshConfirmTimeout); 3276 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 3277 cur_params.dot11MeshHoldingTimeout); 3278 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 3279 cur_params.dot11MeshMaxPeerLinks); 3280 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 3281 cur_params.dot11MeshMaxRetries); 3282 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 3283 cur_params.dot11MeshTTL); 3284 NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL, 3285 cur_params.element_ttl); 3286 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 3287 cur_params.auto_open_plinks); 3288 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3289 cur_params.dot11MeshHWMPmaxPREQretries); 3290 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 3291 cur_params.path_refresh_time); 3292 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3293 cur_params.min_discovery_timeout); 3294 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3295 cur_params.dot11MeshHWMPactivePathTimeout); 3296 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3297 cur_params.dot11MeshHWMPpreqMinInterval); 3298 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3299 cur_params.dot11MeshHWMPperrMinInterval); 3300 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3301 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 3302 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 3303 cur_params.dot11MeshHWMPRootMode); 3304 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3305 cur_params.dot11MeshHWMPRannInterval); 3306 NLA_PUT_U8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3307 cur_params.dot11MeshGateAnnouncementProtocol); 3308 NLA_PUT_U8(msg, NL80211_MESHCONF_FORWARDING, 3309 cur_params.dot11MeshForwarding); 3310 NLA_PUT_U32(msg, NL80211_MESHCONF_RSSI_THRESHOLD, 3311 cur_params.rssi_threshold); 3312 nla_nest_end(msg, pinfoattr); 3313 genlmsg_end(msg, hdr); 3314 return genlmsg_reply(msg, info); 3315 3316 nla_put_failure: 3317 genlmsg_cancel(msg, hdr); 3318 out: 3319 nlmsg_free(msg); 3320 return -ENOBUFS; 3321 } 3322 3323 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 3324 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 3325 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 3326 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 3327 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 3328 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 3329 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 3330 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 }, 3331 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 3332 3333 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 3334 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 3335 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 3336 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 3337 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 3338 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 }, 3339 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 3340 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 }, 3341 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 }, 3342 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 }, 3343 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 }, 3344 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32}, 3345 }; 3346 3347 static const struct nla_policy 3348 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = { 3349 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 }, 3350 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 }, 3351 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG }, 3352 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY, 3353 .len = IEEE80211_MAX_DATA_LEN }, 3354 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG }, 3355 }; 3356 3357 static int nl80211_parse_mesh_config(struct genl_info *info, 3358 struct mesh_config *cfg, 3359 u32 *mask_out) 3360 { 3361 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 3362 u32 mask = 0; 3363 3364 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 3365 do {\ 3366 if (table[attr_num]) {\ 3367 cfg->param = nla_fn(table[attr_num]); \ 3368 mask |= (1 << (attr_num - 1)); \ 3369 } \ 3370 } while (0);\ 3371 3372 3373 if (!info->attrs[NL80211_ATTR_MESH_CONFIG]) 3374 return -EINVAL; 3375 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 3376 info->attrs[NL80211_ATTR_MESH_CONFIG], 3377 nl80211_meshconf_params_policy)) 3378 return -EINVAL; 3379 3380 /* This makes sure that there aren't more than 32 mesh config 3381 * parameters (otherwise our bitfield scheme would not work.) */ 3382 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 3383 3384 /* Fill in the params struct */ 3385 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 3386 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 3387 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 3388 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 3389 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 3390 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 3391 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 3392 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 3393 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 3394 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 3395 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 3396 mask, NL80211_MESHCONF_TTL, nla_get_u8); 3397 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 3398 mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8); 3399 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 3400 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 3401 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 3402 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 3403 nla_get_u8); 3404 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 3405 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 3406 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 3407 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 3408 nla_get_u16); 3409 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 3410 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 3411 nla_get_u32); 3412 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 3413 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 3414 nla_get_u16); 3415 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, 3416 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, 3417 nla_get_u16); 3418 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3419 dot11MeshHWMPnetDiameterTraversalTime, 3420 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 3421 nla_get_u16); 3422 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3423 dot11MeshHWMPRootMode, mask, 3424 NL80211_MESHCONF_HWMP_ROOTMODE, 3425 nla_get_u8); 3426 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3427 dot11MeshHWMPRannInterval, mask, 3428 NL80211_MESHCONF_HWMP_RANN_INTERVAL, 3429 nla_get_u16); 3430 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 3431 dot11MeshGateAnnouncementProtocol, mask, 3432 NL80211_MESHCONF_GATE_ANNOUNCEMENTS, 3433 nla_get_u8); 3434 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 3435 mask, NL80211_MESHCONF_FORWARDING, nla_get_u8); 3436 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, 3437 mask, NL80211_MESHCONF_RSSI_THRESHOLD, nla_get_u32); 3438 if (mask_out) 3439 *mask_out = mask; 3440 3441 return 0; 3442 3443 #undef FILL_IN_MESH_PARAM_IF_SET 3444 } 3445 3446 static int nl80211_parse_mesh_setup(struct genl_info *info, 3447 struct mesh_setup *setup) 3448 { 3449 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1]; 3450 3451 if (!info->attrs[NL80211_ATTR_MESH_SETUP]) 3452 return -EINVAL; 3453 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX, 3454 info->attrs[NL80211_ATTR_MESH_SETUP], 3455 nl80211_mesh_setup_params_policy)) 3456 return -EINVAL; 3457 3458 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL]) 3459 setup->path_sel_proto = 3460 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ? 3461 IEEE80211_PATH_PROTOCOL_VENDOR : 3462 IEEE80211_PATH_PROTOCOL_HWMP; 3463 3464 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC]) 3465 setup->path_metric = 3466 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ? 3467 IEEE80211_PATH_METRIC_VENDOR : 3468 IEEE80211_PATH_METRIC_AIRTIME; 3469 3470 3471 if (tb[NL80211_MESH_SETUP_IE]) { 3472 struct nlattr *ieattr = 3473 tb[NL80211_MESH_SETUP_IE]; 3474 if (!is_valid_ie_attr(ieattr)) 3475 return -EINVAL; 3476 setup->ie = nla_data(ieattr); 3477 setup->ie_len = nla_len(ieattr); 3478 } 3479 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]); 3480 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]); 3481 3482 return 0; 3483 } 3484 3485 static int nl80211_update_mesh_config(struct sk_buff *skb, 3486 struct genl_info *info) 3487 { 3488 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3489 struct net_device *dev = info->user_ptr[1]; 3490 struct wireless_dev *wdev = dev->ieee80211_ptr; 3491 struct mesh_config cfg; 3492 u32 mask; 3493 int err; 3494 3495 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) 3496 return -EOPNOTSUPP; 3497 3498 if (!rdev->ops->update_mesh_config) 3499 return -EOPNOTSUPP; 3500 3501 err = nl80211_parse_mesh_config(info, &cfg, &mask); 3502 if (err) 3503 return err; 3504 3505 wdev_lock(wdev); 3506 if (!wdev->mesh_id_len) 3507 err = -ENOLINK; 3508 3509 if (!err) 3510 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev, 3511 mask, &cfg); 3512 3513 wdev_unlock(wdev); 3514 3515 return err; 3516 } 3517 3518 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 3519 { 3520 struct sk_buff *msg; 3521 void *hdr = NULL; 3522 struct nlattr *nl_reg_rules; 3523 unsigned int i; 3524 int err = -EINVAL; 3525 3526 mutex_lock(&cfg80211_mutex); 3527 3528 if (!cfg80211_regdomain) 3529 goto out; 3530 3531 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 3532 if (!msg) { 3533 err = -ENOBUFS; 3534 goto out; 3535 } 3536 3537 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 3538 NL80211_CMD_GET_REG); 3539 if (!hdr) 3540 goto put_failure; 3541 3542 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 3543 cfg80211_regdomain->alpha2); 3544 if (cfg80211_regdomain->dfs_region) 3545 NLA_PUT_U8(msg, NL80211_ATTR_DFS_REGION, 3546 cfg80211_regdomain->dfs_region); 3547 3548 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 3549 if (!nl_reg_rules) 3550 goto nla_put_failure; 3551 3552 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 3553 struct nlattr *nl_reg_rule; 3554 const struct ieee80211_reg_rule *reg_rule; 3555 const struct ieee80211_freq_range *freq_range; 3556 const struct ieee80211_power_rule *power_rule; 3557 3558 reg_rule = &cfg80211_regdomain->reg_rules[i]; 3559 freq_range = ®_rule->freq_range; 3560 power_rule = ®_rule->power_rule; 3561 3562 nl_reg_rule = nla_nest_start(msg, i); 3563 if (!nl_reg_rule) 3564 goto nla_put_failure; 3565 3566 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 3567 reg_rule->flags); 3568 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 3569 freq_range->start_freq_khz); 3570 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 3571 freq_range->end_freq_khz); 3572 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 3573 freq_range->max_bandwidth_khz); 3574 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 3575 power_rule->max_antenna_gain); 3576 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 3577 power_rule->max_eirp); 3578 3579 nla_nest_end(msg, nl_reg_rule); 3580 } 3581 3582 nla_nest_end(msg, nl_reg_rules); 3583 3584 genlmsg_end(msg, hdr); 3585 err = genlmsg_reply(msg, info); 3586 goto out; 3587 3588 nla_put_failure: 3589 genlmsg_cancel(msg, hdr); 3590 put_failure: 3591 nlmsg_free(msg); 3592 err = -EMSGSIZE; 3593 out: 3594 mutex_unlock(&cfg80211_mutex); 3595 return err; 3596 } 3597 3598 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 3599 { 3600 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 3601 struct nlattr *nl_reg_rule; 3602 char *alpha2 = NULL; 3603 int rem_reg_rules = 0, r = 0; 3604 u32 num_rules = 0, rule_idx = 0, size_of_regd; 3605 u8 dfs_region = 0; 3606 struct ieee80211_regdomain *rd = NULL; 3607 3608 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 3609 return -EINVAL; 3610 3611 if (!info->attrs[NL80211_ATTR_REG_RULES]) 3612 return -EINVAL; 3613 3614 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 3615 3616 if (info->attrs[NL80211_ATTR_DFS_REGION]) 3617 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]); 3618 3619 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3620 rem_reg_rules) { 3621 num_rules++; 3622 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 3623 return -EINVAL; 3624 } 3625 3626 mutex_lock(&cfg80211_mutex); 3627 3628 if (!reg_is_valid_request(alpha2)) { 3629 r = -EINVAL; 3630 goto bad_reg; 3631 } 3632 3633 size_of_regd = sizeof(struct ieee80211_regdomain) + 3634 (num_rules * sizeof(struct ieee80211_reg_rule)); 3635 3636 rd = kzalloc(size_of_regd, GFP_KERNEL); 3637 if (!rd) { 3638 r = -ENOMEM; 3639 goto bad_reg; 3640 } 3641 3642 rd->n_reg_rules = num_rules; 3643 rd->alpha2[0] = alpha2[0]; 3644 rd->alpha2[1] = alpha2[1]; 3645 3646 /* 3647 * Disable DFS master mode if the DFS region was 3648 * not supported or known on this kernel. 3649 */ 3650 if (reg_supported_dfs_region(dfs_region)) 3651 rd->dfs_region = dfs_region; 3652 3653 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3654 rem_reg_rules) { 3655 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 3656 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 3657 reg_rule_policy); 3658 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 3659 if (r) 3660 goto bad_reg; 3661 3662 rule_idx++; 3663 3664 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 3665 r = -EINVAL; 3666 goto bad_reg; 3667 } 3668 } 3669 3670 BUG_ON(rule_idx != num_rules); 3671 3672 r = set_regdom(rd); 3673 3674 mutex_unlock(&cfg80211_mutex); 3675 3676 return r; 3677 3678 bad_reg: 3679 mutex_unlock(&cfg80211_mutex); 3680 kfree(rd); 3681 return r; 3682 } 3683 3684 static int validate_scan_freqs(struct nlattr *freqs) 3685 { 3686 struct nlattr *attr1, *attr2; 3687 int n_channels = 0, tmp1, tmp2; 3688 3689 nla_for_each_nested(attr1, freqs, tmp1) { 3690 n_channels++; 3691 /* 3692 * Some hardware has a limited channel list for 3693 * scanning, and it is pretty much nonsensical 3694 * to scan for a channel twice, so disallow that 3695 * and don't require drivers to check that the 3696 * channel list they get isn't longer than what 3697 * they can scan, as long as they can scan all 3698 * the channels they registered at once. 3699 */ 3700 nla_for_each_nested(attr2, freqs, tmp2) 3701 if (attr1 != attr2 && 3702 nla_get_u32(attr1) == nla_get_u32(attr2)) 3703 return 0; 3704 } 3705 3706 return n_channels; 3707 } 3708 3709 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3710 { 3711 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3712 struct net_device *dev = info->user_ptr[1]; 3713 struct cfg80211_scan_request *request; 3714 struct nlattr *attr; 3715 struct wiphy *wiphy; 3716 int err, tmp, n_ssids = 0, n_channels, i; 3717 size_t ie_len; 3718 3719 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3720 return -EINVAL; 3721 3722 wiphy = &rdev->wiphy; 3723 3724 if (!rdev->ops->scan) 3725 return -EOPNOTSUPP; 3726 3727 if (rdev->scan_req) 3728 return -EBUSY; 3729 3730 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3731 n_channels = validate_scan_freqs( 3732 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3733 if (!n_channels) 3734 return -EINVAL; 3735 } else { 3736 enum ieee80211_band band; 3737 n_channels = 0; 3738 3739 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3740 if (wiphy->bands[band]) 3741 n_channels += wiphy->bands[band]->n_channels; 3742 } 3743 3744 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3745 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3746 n_ssids++; 3747 3748 if (n_ssids > wiphy->max_scan_ssids) 3749 return -EINVAL; 3750 3751 if (info->attrs[NL80211_ATTR_IE]) 3752 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3753 else 3754 ie_len = 0; 3755 3756 if (ie_len > wiphy->max_scan_ie_len) 3757 return -EINVAL; 3758 3759 request = kzalloc(sizeof(*request) 3760 + sizeof(*request->ssids) * n_ssids 3761 + sizeof(*request->channels) * n_channels 3762 + ie_len, GFP_KERNEL); 3763 if (!request) 3764 return -ENOMEM; 3765 3766 if (n_ssids) 3767 request->ssids = (void *)&request->channels[n_channels]; 3768 request->n_ssids = n_ssids; 3769 if (ie_len) { 3770 if (request->ssids) 3771 request->ie = (void *)(request->ssids + n_ssids); 3772 else 3773 request->ie = (void *)(request->channels + n_channels); 3774 } 3775 3776 i = 0; 3777 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3778 /* user specified, bail out if channel not found */ 3779 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3780 struct ieee80211_channel *chan; 3781 3782 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3783 3784 if (!chan) { 3785 err = -EINVAL; 3786 goto out_free; 3787 } 3788 3789 /* ignore disabled channels */ 3790 if (chan->flags & IEEE80211_CHAN_DISABLED) 3791 continue; 3792 3793 request->channels[i] = chan; 3794 i++; 3795 } 3796 } else { 3797 enum ieee80211_band band; 3798 3799 /* all channels */ 3800 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3801 int j; 3802 if (!wiphy->bands[band]) 3803 continue; 3804 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3805 struct ieee80211_channel *chan; 3806 3807 chan = &wiphy->bands[band]->channels[j]; 3808 3809 if (chan->flags & IEEE80211_CHAN_DISABLED) 3810 continue; 3811 3812 request->channels[i] = chan; 3813 i++; 3814 } 3815 } 3816 } 3817 3818 if (!i) { 3819 err = -EINVAL; 3820 goto out_free; 3821 } 3822 3823 request->n_channels = i; 3824 3825 i = 0; 3826 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3827 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3828 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 3829 err = -EINVAL; 3830 goto out_free; 3831 } 3832 request->ssids[i].ssid_len = nla_len(attr); 3833 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3834 i++; 3835 } 3836 } 3837 3838 if (info->attrs[NL80211_ATTR_IE]) { 3839 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3840 memcpy((void *)request->ie, 3841 nla_data(info->attrs[NL80211_ATTR_IE]), 3842 request->ie_len); 3843 } 3844 3845 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 3846 if (wiphy->bands[i]) 3847 request->rates[i] = 3848 (1 << wiphy->bands[i]->n_bitrates) - 1; 3849 3850 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) { 3851 nla_for_each_nested(attr, 3852 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES], 3853 tmp) { 3854 enum ieee80211_band band = nla_type(attr); 3855 3856 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 3857 err = -EINVAL; 3858 goto out_free; 3859 } 3860 err = ieee80211_get_ratemask(wiphy->bands[band], 3861 nla_data(attr), 3862 nla_len(attr), 3863 &request->rates[band]); 3864 if (err) 3865 goto out_free; 3866 } 3867 } 3868 3869 request->no_cck = 3870 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 3871 3872 request->dev = dev; 3873 request->wiphy = &rdev->wiphy; 3874 3875 rdev->scan_req = request; 3876 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3877 3878 if (!err) { 3879 nl80211_send_scan_start(rdev, dev); 3880 dev_hold(dev); 3881 } else { 3882 out_free: 3883 rdev->scan_req = NULL; 3884 kfree(request); 3885 } 3886 3887 return err; 3888 } 3889 3890 static int nl80211_start_sched_scan(struct sk_buff *skb, 3891 struct genl_info *info) 3892 { 3893 struct cfg80211_sched_scan_request *request; 3894 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 3895 struct net_device *dev = info->user_ptr[1]; 3896 struct nlattr *attr; 3897 struct wiphy *wiphy; 3898 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i; 3899 u32 interval; 3900 enum ieee80211_band band; 3901 size_t ie_len; 3902 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1]; 3903 3904 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 3905 !rdev->ops->sched_scan_start) 3906 return -EOPNOTSUPP; 3907 3908 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3909 return -EINVAL; 3910 3911 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) 3912 return -EINVAL; 3913 3914 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); 3915 if (interval == 0) 3916 return -EINVAL; 3917 3918 wiphy = &rdev->wiphy; 3919 3920 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3921 n_channels = validate_scan_freqs( 3922 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3923 if (!n_channels) 3924 return -EINVAL; 3925 } else { 3926 n_channels = 0; 3927 3928 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3929 if (wiphy->bands[band]) 3930 n_channels += wiphy->bands[band]->n_channels; 3931 } 3932 3933 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3934 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 3935 tmp) 3936 n_ssids++; 3937 3938 if (n_ssids > wiphy->max_sched_scan_ssids) 3939 return -EINVAL; 3940 3941 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) 3942 nla_for_each_nested(attr, 3943 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 3944 tmp) 3945 n_match_sets++; 3946 3947 if (n_match_sets > wiphy->max_match_sets) 3948 return -EINVAL; 3949 3950 if (info->attrs[NL80211_ATTR_IE]) 3951 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3952 else 3953 ie_len = 0; 3954 3955 if (ie_len > wiphy->max_sched_scan_ie_len) 3956 return -EINVAL; 3957 3958 mutex_lock(&rdev->sched_scan_mtx); 3959 3960 if (rdev->sched_scan_req) { 3961 err = -EINPROGRESS; 3962 goto out; 3963 } 3964 3965 request = kzalloc(sizeof(*request) 3966 + sizeof(*request->ssids) * n_ssids 3967 + sizeof(*request->match_sets) * n_match_sets 3968 + sizeof(*request->channels) * n_channels 3969 + ie_len, GFP_KERNEL); 3970 if (!request) { 3971 err = -ENOMEM; 3972 goto out; 3973 } 3974 3975 if (n_ssids) 3976 request->ssids = (void *)&request->channels[n_channels]; 3977 request->n_ssids = n_ssids; 3978 if (ie_len) { 3979 if (request->ssids) 3980 request->ie = (void *)(request->ssids + n_ssids); 3981 else 3982 request->ie = (void *)(request->channels + n_channels); 3983 } 3984 3985 if (n_match_sets) { 3986 if (request->ie) 3987 request->match_sets = (void *)(request->ie + ie_len); 3988 else if (request->ssids) 3989 request->match_sets = 3990 (void *)(request->ssids + n_ssids); 3991 else 3992 request->match_sets = 3993 (void *)(request->channels + n_channels); 3994 } 3995 request->n_match_sets = n_match_sets; 3996 3997 i = 0; 3998 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3999 /* user specified, bail out if channel not found */ 4000 nla_for_each_nested(attr, 4001 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], 4002 tmp) { 4003 struct ieee80211_channel *chan; 4004 4005 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 4006 4007 if (!chan) { 4008 err = -EINVAL; 4009 goto out_free; 4010 } 4011 4012 /* ignore disabled channels */ 4013 if (chan->flags & IEEE80211_CHAN_DISABLED) 4014 continue; 4015 4016 request->channels[i] = chan; 4017 i++; 4018 } 4019 } else { 4020 /* all channels */ 4021 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4022 int j; 4023 if (!wiphy->bands[band]) 4024 continue; 4025 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 4026 struct ieee80211_channel *chan; 4027 4028 chan = &wiphy->bands[band]->channels[j]; 4029 4030 if (chan->flags & IEEE80211_CHAN_DISABLED) 4031 continue; 4032 4033 request->channels[i] = chan; 4034 i++; 4035 } 4036 } 4037 } 4038 4039 if (!i) { 4040 err = -EINVAL; 4041 goto out_free; 4042 } 4043 4044 request->n_channels = i; 4045 4046 i = 0; 4047 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 4048 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], 4049 tmp) { 4050 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) { 4051 err = -EINVAL; 4052 goto out_free; 4053 } 4054 request->ssids[i].ssid_len = nla_len(attr); 4055 memcpy(request->ssids[i].ssid, nla_data(attr), 4056 nla_len(attr)); 4057 i++; 4058 } 4059 } 4060 4061 i = 0; 4062 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) { 4063 nla_for_each_nested(attr, 4064 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH], 4065 tmp) { 4066 struct nlattr *ssid; 4067 4068 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX, 4069 nla_data(attr), nla_len(attr), 4070 nl80211_match_policy); 4071 ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID]; 4072 if (ssid) { 4073 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) { 4074 err = -EINVAL; 4075 goto out_free; 4076 } 4077 memcpy(request->match_sets[i].ssid.ssid, 4078 nla_data(ssid), nla_len(ssid)); 4079 request->match_sets[i].ssid.ssid_len = 4080 nla_len(ssid); 4081 } 4082 i++; 4083 } 4084 } 4085 4086 if (info->attrs[NL80211_ATTR_IE]) { 4087 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4088 memcpy((void *)request->ie, 4089 nla_data(info->attrs[NL80211_ATTR_IE]), 4090 request->ie_len); 4091 } 4092 4093 request->dev = dev; 4094 request->wiphy = &rdev->wiphy; 4095 request->interval = interval; 4096 4097 err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request); 4098 if (!err) { 4099 rdev->sched_scan_req = request; 4100 nl80211_send_sched_scan(rdev, dev, 4101 NL80211_CMD_START_SCHED_SCAN); 4102 goto out; 4103 } 4104 4105 out_free: 4106 kfree(request); 4107 out: 4108 mutex_unlock(&rdev->sched_scan_mtx); 4109 return err; 4110 } 4111 4112 static int nl80211_stop_sched_scan(struct sk_buff *skb, 4113 struct genl_info *info) 4114 { 4115 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4116 int err; 4117 4118 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || 4119 !rdev->ops->sched_scan_stop) 4120 return -EOPNOTSUPP; 4121 4122 mutex_lock(&rdev->sched_scan_mtx); 4123 err = __cfg80211_stop_sched_scan(rdev, false); 4124 mutex_unlock(&rdev->sched_scan_mtx); 4125 4126 return err; 4127 } 4128 4129 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb, 4130 u32 seq, int flags, 4131 struct cfg80211_registered_device *rdev, 4132 struct wireless_dev *wdev, 4133 struct cfg80211_internal_bss *intbss) 4134 { 4135 struct cfg80211_bss *res = &intbss->pub; 4136 void *hdr; 4137 struct nlattr *bss; 4138 4139 ASSERT_WDEV_LOCK(wdev); 4140 4141 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags, 4142 NL80211_CMD_NEW_SCAN_RESULTS); 4143 if (!hdr) 4144 return -1; 4145 4146 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 4147 4148 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 4149 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 4150 4151 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 4152 if (!bss) 4153 goto nla_put_failure; 4154 if (!is_zero_ether_addr(res->bssid)) 4155 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 4156 if (res->information_elements && res->len_information_elements) 4157 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 4158 res->len_information_elements, 4159 res->information_elements); 4160 if (res->beacon_ies && res->len_beacon_ies && 4161 res->beacon_ies != res->information_elements) 4162 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 4163 res->len_beacon_ies, res->beacon_ies); 4164 if (res->tsf) 4165 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 4166 if (res->beacon_interval) 4167 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 4168 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 4169 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 4170 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 4171 jiffies_to_msecs(jiffies - intbss->ts)); 4172 4173 switch (rdev->wiphy.signal_type) { 4174 case CFG80211_SIGNAL_TYPE_MBM: 4175 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 4176 break; 4177 case CFG80211_SIGNAL_TYPE_UNSPEC: 4178 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 4179 break; 4180 default: 4181 break; 4182 } 4183 4184 switch (wdev->iftype) { 4185 case NL80211_IFTYPE_P2P_CLIENT: 4186 case NL80211_IFTYPE_STATION: 4187 if (intbss == wdev->current_bss) 4188 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 4189 NL80211_BSS_STATUS_ASSOCIATED); 4190 break; 4191 case NL80211_IFTYPE_ADHOC: 4192 if (intbss == wdev->current_bss) 4193 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 4194 NL80211_BSS_STATUS_IBSS_JOINED); 4195 break; 4196 default: 4197 break; 4198 } 4199 4200 nla_nest_end(msg, bss); 4201 4202 return genlmsg_end(msg, hdr); 4203 4204 nla_put_failure: 4205 genlmsg_cancel(msg, hdr); 4206 return -EMSGSIZE; 4207 } 4208 4209 static int nl80211_dump_scan(struct sk_buff *skb, 4210 struct netlink_callback *cb) 4211 { 4212 struct cfg80211_registered_device *rdev; 4213 struct net_device *dev; 4214 struct cfg80211_internal_bss *scan; 4215 struct wireless_dev *wdev; 4216 int start = cb->args[1], idx = 0; 4217 int err; 4218 4219 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 4220 if (err) 4221 return err; 4222 4223 wdev = dev->ieee80211_ptr; 4224 4225 wdev_lock(wdev); 4226 spin_lock_bh(&rdev->bss_lock); 4227 cfg80211_bss_expire(rdev); 4228 4229 cb->seq = rdev->bss_generation; 4230 4231 list_for_each_entry(scan, &rdev->bss_list, list) { 4232 if (++idx <= start) 4233 continue; 4234 if (nl80211_send_bss(skb, cb, 4235 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4236 rdev, wdev, scan) < 0) { 4237 idx--; 4238 break; 4239 } 4240 } 4241 4242 spin_unlock_bh(&rdev->bss_lock); 4243 wdev_unlock(wdev); 4244 4245 cb->args[1] = idx; 4246 nl80211_finish_netdev_dump(rdev); 4247 4248 return skb->len; 4249 } 4250 4251 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 4252 int flags, struct net_device *dev, 4253 struct survey_info *survey) 4254 { 4255 void *hdr; 4256 struct nlattr *infoattr; 4257 4258 hdr = nl80211hdr_put(msg, pid, seq, flags, 4259 NL80211_CMD_NEW_SURVEY_RESULTS); 4260 if (!hdr) 4261 return -ENOMEM; 4262 4263 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 4264 4265 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 4266 if (!infoattr) 4267 goto nla_put_failure; 4268 4269 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 4270 survey->channel->center_freq); 4271 if (survey->filled & SURVEY_INFO_NOISE_DBM) 4272 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 4273 survey->noise); 4274 if (survey->filled & SURVEY_INFO_IN_USE) 4275 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE); 4276 if (survey->filled & SURVEY_INFO_CHANNEL_TIME) 4277 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME, 4278 survey->channel_time); 4279 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) 4280 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY, 4281 survey->channel_time_busy); 4282 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) 4283 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY, 4284 survey->channel_time_ext_busy); 4285 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) 4286 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX, 4287 survey->channel_time_rx); 4288 if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) 4289 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX, 4290 survey->channel_time_tx); 4291 4292 nla_nest_end(msg, infoattr); 4293 4294 return genlmsg_end(msg, hdr); 4295 4296 nla_put_failure: 4297 genlmsg_cancel(msg, hdr); 4298 return -EMSGSIZE; 4299 } 4300 4301 static int nl80211_dump_survey(struct sk_buff *skb, 4302 struct netlink_callback *cb) 4303 { 4304 struct survey_info survey; 4305 struct cfg80211_registered_device *dev; 4306 struct net_device *netdev; 4307 int survey_idx = cb->args[1]; 4308 int res; 4309 4310 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4311 if (res) 4312 return res; 4313 4314 if (!dev->ops->dump_survey) { 4315 res = -EOPNOTSUPP; 4316 goto out_err; 4317 } 4318 4319 while (1) { 4320 struct ieee80211_channel *chan; 4321 4322 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 4323 &survey); 4324 if (res == -ENOENT) 4325 break; 4326 if (res) 4327 goto out_err; 4328 4329 /* Survey without a channel doesn't make sense */ 4330 if (!survey.channel) { 4331 res = -EINVAL; 4332 goto out; 4333 } 4334 4335 chan = ieee80211_get_channel(&dev->wiphy, 4336 survey.channel->center_freq); 4337 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) { 4338 survey_idx++; 4339 continue; 4340 } 4341 4342 if (nl80211_send_survey(skb, 4343 NETLINK_CB(cb->skb).pid, 4344 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4345 netdev, 4346 &survey) < 0) 4347 goto out; 4348 survey_idx++; 4349 } 4350 4351 out: 4352 cb->args[1] = survey_idx; 4353 res = skb->len; 4354 out_err: 4355 nl80211_finish_netdev_dump(dev); 4356 return res; 4357 } 4358 4359 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 4360 { 4361 return auth_type <= NL80211_AUTHTYPE_MAX; 4362 } 4363 4364 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 4365 { 4366 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 4367 NL80211_WPA_VERSION_2)); 4368 } 4369 4370 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 4371 { 4372 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4373 struct net_device *dev = info->user_ptr[1]; 4374 struct ieee80211_channel *chan; 4375 const u8 *bssid, *ssid, *ie = NULL; 4376 int err, ssid_len, ie_len = 0; 4377 enum nl80211_auth_type auth_type; 4378 struct key_parse key; 4379 bool local_state_change; 4380 4381 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4382 return -EINVAL; 4383 4384 if (!info->attrs[NL80211_ATTR_MAC]) 4385 return -EINVAL; 4386 4387 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 4388 return -EINVAL; 4389 4390 if (!info->attrs[NL80211_ATTR_SSID]) 4391 return -EINVAL; 4392 4393 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4394 return -EINVAL; 4395 4396 err = nl80211_parse_key(info, &key); 4397 if (err) 4398 return err; 4399 4400 if (key.idx >= 0) { 4401 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP) 4402 return -EINVAL; 4403 if (!key.p.key || !key.p.key_len) 4404 return -EINVAL; 4405 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 4406 key.p.key_len != WLAN_KEY_LEN_WEP40) && 4407 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 4408 key.p.key_len != WLAN_KEY_LEN_WEP104)) 4409 return -EINVAL; 4410 if (key.idx > 4) 4411 return -EINVAL; 4412 } else { 4413 key.p.key_len = 0; 4414 key.p.key = NULL; 4415 } 4416 4417 if (key.idx >= 0) { 4418 int i; 4419 bool ok = false; 4420 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) { 4421 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) { 4422 ok = true; 4423 break; 4424 } 4425 } 4426 if (!ok) 4427 return -EINVAL; 4428 } 4429 4430 if (!rdev->ops->auth) 4431 return -EOPNOTSUPP; 4432 4433 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4434 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4435 return -EOPNOTSUPP; 4436 4437 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4438 chan = ieee80211_get_channel(&rdev->wiphy, 4439 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4440 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4441 return -EINVAL; 4442 4443 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4444 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4445 4446 if (info->attrs[NL80211_ATTR_IE]) { 4447 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4448 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4449 } 4450 4451 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4452 if (!nl80211_valid_auth_type(auth_type)) 4453 return -EINVAL; 4454 4455 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4456 4457 /* 4458 * Since we no longer track auth state, ignore 4459 * requests to only change local state. 4460 */ 4461 if (local_state_change) 4462 return 0; 4463 4464 return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 4465 ssid, ssid_len, ie, ie_len, 4466 key.p.key, key.p.key_len, key.idx); 4467 } 4468 4469 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, 4470 struct genl_info *info, 4471 struct cfg80211_crypto_settings *settings, 4472 int cipher_limit) 4473 { 4474 memset(settings, 0, sizeof(*settings)); 4475 4476 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 4477 4478 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) { 4479 u16 proto; 4480 proto = nla_get_u16( 4481 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); 4482 settings->control_port_ethertype = cpu_to_be16(proto); 4483 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) && 4484 proto != ETH_P_PAE) 4485 return -EINVAL; 4486 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]) 4487 settings->control_port_no_encrypt = true; 4488 } else 4489 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE); 4490 4491 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 4492 void *data; 4493 int len, i; 4494 4495 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4496 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 4497 settings->n_ciphers_pairwise = len / sizeof(u32); 4498 4499 if (len % sizeof(u32)) 4500 return -EINVAL; 4501 4502 if (settings->n_ciphers_pairwise > cipher_limit) 4503 return -EINVAL; 4504 4505 memcpy(settings->ciphers_pairwise, data, len); 4506 4507 for (i = 0; i < settings->n_ciphers_pairwise; i++) 4508 if (!cfg80211_supported_cipher_suite( 4509 &rdev->wiphy, 4510 settings->ciphers_pairwise[i])) 4511 return -EINVAL; 4512 } 4513 4514 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 4515 settings->cipher_group = 4516 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 4517 if (!cfg80211_supported_cipher_suite(&rdev->wiphy, 4518 settings->cipher_group)) 4519 return -EINVAL; 4520 } 4521 4522 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 4523 settings->wpa_versions = 4524 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 4525 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 4526 return -EINVAL; 4527 } 4528 4529 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 4530 void *data; 4531 int len; 4532 4533 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 4534 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 4535 settings->n_akm_suites = len / sizeof(u32); 4536 4537 if (len % sizeof(u32)) 4538 return -EINVAL; 4539 4540 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) 4541 return -EINVAL; 4542 4543 memcpy(settings->akm_suites, data, len); 4544 } 4545 4546 return 0; 4547 } 4548 4549 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 4550 { 4551 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4552 struct net_device *dev = info->user_ptr[1]; 4553 struct cfg80211_crypto_settings crypto; 4554 struct ieee80211_channel *chan; 4555 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 4556 int err, ssid_len, ie_len = 0; 4557 bool use_mfp = false; 4558 u32 flags = 0; 4559 struct ieee80211_ht_cap *ht_capa = NULL; 4560 struct ieee80211_ht_cap *ht_capa_mask = NULL; 4561 4562 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4563 return -EINVAL; 4564 4565 if (!info->attrs[NL80211_ATTR_MAC] || 4566 !info->attrs[NL80211_ATTR_SSID] || 4567 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4568 return -EINVAL; 4569 4570 if (!rdev->ops->assoc) 4571 return -EOPNOTSUPP; 4572 4573 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4574 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4575 return -EOPNOTSUPP; 4576 4577 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4578 4579 chan = ieee80211_get_channel(&rdev->wiphy, 4580 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4581 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) 4582 return -EINVAL; 4583 4584 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4585 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4586 4587 if (info->attrs[NL80211_ATTR_IE]) { 4588 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4589 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4590 } 4591 4592 if (info->attrs[NL80211_ATTR_USE_MFP]) { 4593 enum nl80211_mfp mfp = 4594 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 4595 if (mfp == NL80211_MFP_REQUIRED) 4596 use_mfp = true; 4597 else if (mfp != NL80211_MFP_NO) 4598 return -EINVAL; 4599 } 4600 4601 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 4602 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 4603 4604 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 4605 flags |= ASSOC_REQ_DISABLE_HT; 4606 4607 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 4608 ht_capa_mask = 4609 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]); 4610 4611 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 4612 if (!ht_capa_mask) 4613 return -EINVAL; 4614 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 4615 } 4616 4617 err = nl80211_crypto_settings(rdev, info, &crypto, 1); 4618 if (!err) 4619 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 4620 ssid, ssid_len, ie, ie_len, use_mfp, 4621 &crypto, flags, ht_capa, 4622 ht_capa_mask); 4623 4624 return err; 4625 } 4626 4627 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 4628 { 4629 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4630 struct net_device *dev = info->user_ptr[1]; 4631 const u8 *ie = NULL, *bssid; 4632 int ie_len = 0; 4633 u16 reason_code; 4634 bool local_state_change; 4635 4636 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4637 return -EINVAL; 4638 4639 if (!info->attrs[NL80211_ATTR_MAC]) 4640 return -EINVAL; 4641 4642 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4643 return -EINVAL; 4644 4645 if (!rdev->ops->deauth) 4646 return -EOPNOTSUPP; 4647 4648 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4649 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4650 return -EOPNOTSUPP; 4651 4652 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4653 4654 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4655 if (reason_code == 0) { 4656 /* Reason Code 0 is reserved */ 4657 return -EINVAL; 4658 } 4659 4660 if (info->attrs[NL80211_ATTR_IE]) { 4661 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4662 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4663 } 4664 4665 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4666 4667 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 4668 local_state_change); 4669 } 4670 4671 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 4672 { 4673 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4674 struct net_device *dev = info->user_ptr[1]; 4675 const u8 *ie = NULL, *bssid; 4676 int ie_len = 0; 4677 u16 reason_code; 4678 bool local_state_change; 4679 4680 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4681 return -EINVAL; 4682 4683 if (!info->attrs[NL80211_ATTR_MAC]) 4684 return -EINVAL; 4685 4686 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4687 return -EINVAL; 4688 4689 if (!rdev->ops->disassoc) 4690 return -EOPNOTSUPP; 4691 4692 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4693 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 4694 return -EOPNOTSUPP; 4695 4696 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4697 4698 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4699 if (reason_code == 0) { 4700 /* Reason Code 0 is reserved */ 4701 return -EINVAL; 4702 } 4703 4704 if (info->attrs[NL80211_ATTR_IE]) { 4705 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4706 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4707 } 4708 4709 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 4710 4711 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 4712 local_state_change); 4713 } 4714 4715 static bool 4716 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev, 4717 int mcast_rate[IEEE80211_NUM_BANDS], 4718 int rateval) 4719 { 4720 struct wiphy *wiphy = &rdev->wiphy; 4721 bool found = false; 4722 int band, i; 4723 4724 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 4725 struct ieee80211_supported_band *sband; 4726 4727 sband = wiphy->bands[band]; 4728 if (!sband) 4729 continue; 4730 4731 for (i = 0; i < sband->n_bitrates; i++) { 4732 if (sband->bitrates[i].bitrate == rateval) { 4733 mcast_rate[band] = i + 1; 4734 found = true; 4735 break; 4736 } 4737 } 4738 } 4739 4740 return found; 4741 } 4742 4743 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 4744 { 4745 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4746 struct net_device *dev = info->user_ptr[1]; 4747 struct cfg80211_ibss_params ibss; 4748 struct wiphy *wiphy; 4749 struct cfg80211_cached_keys *connkeys = NULL; 4750 int err; 4751 4752 memset(&ibss, 0, sizeof(ibss)); 4753 4754 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4755 return -EINVAL; 4756 4757 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4758 !info->attrs[NL80211_ATTR_SSID] || 4759 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4760 return -EINVAL; 4761 4762 ibss.beacon_interval = 100; 4763 4764 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 4765 ibss.beacon_interval = 4766 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 4767 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 4768 return -EINVAL; 4769 } 4770 4771 if (!rdev->ops->join_ibss) 4772 return -EOPNOTSUPP; 4773 4774 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 4775 return -EOPNOTSUPP; 4776 4777 wiphy = &rdev->wiphy; 4778 4779 if (info->attrs[NL80211_ATTR_MAC]) { 4780 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4781 4782 if (!is_valid_ether_addr(ibss.bssid)) 4783 return -EINVAL; 4784 } 4785 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4786 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4787 4788 if (info->attrs[NL80211_ATTR_IE]) { 4789 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4790 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4791 } 4792 4793 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4794 enum nl80211_channel_type channel_type; 4795 4796 channel_type = nla_get_u32( 4797 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4798 if (channel_type != NL80211_CHAN_NO_HT && 4799 channel_type != NL80211_CHAN_HT20 && 4800 channel_type != NL80211_CHAN_HT40MINUS && 4801 channel_type != NL80211_CHAN_HT40PLUS) 4802 return -EINVAL; 4803 4804 if (channel_type != NL80211_CHAN_NO_HT && 4805 !(wiphy->features & NL80211_FEATURE_HT_IBSS)) 4806 return -EINVAL; 4807 4808 ibss.channel_type = channel_type; 4809 } else { 4810 ibss.channel_type = NL80211_CHAN_NO_HT; 4811 } 4812 4813 ibss.channel = rdev_freq_to_chan(rdev, 4814 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]), 4815 ibss.channel_type); 4816 if (!ibss.channel || 4817 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 4818 ibss.channel->flags & IEEE80211_CHAN_DISABLED) 4819 return -EINVAL; 4820 4821 /* Both channels should be able to initiate communication */ 4822 if ((ibss.channel_type == NL80211_CHAN_HT40PLUS || 4823 ibss.channel_type == NL80211_CHAN_HT40MINUS) && 4824 !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel, 4825 ibss.channel_type)) 4826 return -EINVAL; 4827 4828 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 4829 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 4830 4831 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 4832 u8 *rates = 4833 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4834 int n_rates = 4835 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 4836 struct ieee80211_supported_band *sband = 4837 wiphy->bands[ibss.channel->band]; 4838 4839 err = ieee80211_get_ratemask(sband, rates, n_rates, 4840 &ibss.basic_rates); 4841 if (err) 4842 return err; 4843 } 4844 4845 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 4846 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate, 4847 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 4848 return -EINVAL; 4849 4850 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4851 connkeys = nl80211_parse_connkeys(rdev, 4852 info->attrs[NL80211_ATTR_KEYS]); 4853 if (IS_ERR(connkeys)) 4854 return PTR_ERR(connkeys); 4855 } 4856 4857 ibss.control_port = 4858 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]); 4859 4860 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 4861 if (err) 4862 kfree(connkeys); 4863 return err; 4864 } 4865 4866 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 4867 { 4868 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4869 struct net_device *dev = info->user_ptr[1]; 4870 4871 if (!rdev->ops->leave_ibss) 4872 return -EOPNOTSUPP; 4873 4874 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) 4875 return -EOPNOTSUPP; 4876 4877 return cfg80211_leave_ibss(rdev, dev, false); 4878 } 4879 4880 #ifdef CONFIG_NL80211_TESTMODE 4881 static struct genl_multicast_group nl80211_testmode_mcgrp = { 4882 .name = "testmode", 4883 }; 4884 4885 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 4886 { 4887 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 4888 int err; 4889 4890 if (!info->attrs[NL80211_ATTR_TESTDATA]) 4891 return -EINVAL; 4892 4893 err = -EOPNOTSUPP; 4894 if (rdev->ops->testmode_cmd) { 4895 rdev->testmode_info = info; 4896 err = rdev->ops->testmode_cmd(&rdev->wiphy, 4897 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 4898 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 4899 rdev->testmode_info = NULL; 4900 } 4901 4902 return err; 4903 } 4904 4905 static int nl80211_testmode_dump(struct sk_buff *skb, 4906 struct netlink_callback *cb) 4907 { 4908 struct cfg80211_registered_device *rdev; 4909 int err; 4910 long phy_idx; 4911 void *data = NULL; 4912 int data_len = 0; 4913 4914 if (cb->args[0]) { 4915 /* 4916 * 0 is a valid index, but not valid for args[0], 4917 * so we need to offset by 1. 4918 */ 4919 phy_idx = cb->args[0] - 1; 4920 } else { 4921 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 4922 nl80211_fam.attrbuf, nl80211_fam.maxattr, 4923 nl80211_policy); 4924 if (err) 4925 return err; 4926 if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) { 4927 phy_idx = nla_get_u32( 4928 nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]); 4929 } else { 4930 struct net_device *netdev; 4931 4932 err = get_rdev_dev_by_ifindex(sock_net(skb->sk), 4933 nl80211_fam.attrbuf, 4934 &rdev, &netdev); 4935 if (err) 4936 return err; 4937 dev_put(netdev); 4938 phy_idx = rdev->wiphy_idx; 4939 cfg80211_unlock_rdev(rdev); 4940 } 4941 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]) 4942 cb->args[1] = 4943 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA]; 4944 } 4945 4946 if (cb->args[1]) { 4947 data = nla_data((void *)cb->args[1]); 4948 data_len = nla_len((void *)cb->args[1]); 4949 } 4950 4951 mutex_lock(&cfg80211_mutex); 4952 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx); 4953 if (!rdev) { 4954 mutex_unlock(&cfg80211_mutex); 4955 return -ENOENT; 4956 } 4957 cfg80211_lock_rdev(rdev); 4958 mutex_unlock(&cfg80211_mutex); 4959 4960 if (!rdev->ops->testmode_dump) { 4961 err = -EOPNOTSUPP; 4962 goto out_err; 4963 } 4964 4965 while (1) { 4966 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid, 4967 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4968 NL80211_CMD_TESTMODE); 4969 struct nlattr *tmdata; 4970 4971 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx) < 0) { 4972 genlmsg_cancel(skb, hdr); 4973 break; 4974 } 4975 4976 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 4977 if (!tmdata) { 4978 genlmsg_cancel(skb, hdr); 4979 break; 4980 } 4981 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb, 4982 data, data_len); 4983 nla_nest_end(skb, tmdata); 4984 4985 if (err == -ENOBUFS || err == -ENOENT) { 4986 genlmsg_cancel(skb, hdr); 4987 break; 4988 } else if (err) { 4989 genlmsg_cancel(skb, hdr); 4990 goto out_err; 4991 } 4992 4993 genlmsg_end(skb, hdr); 4994 } 4995 4996 err = skb->len; 4997 /* see above */ 4998 cb->args[0] = phy_idx + 1; 4999 out_err: 5000 cfg80211_unlock_rdev(rdev); 5001 return err; 5002 } 5003 5004 static struct sk_buff * 5005 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 5006 int approxlen, u32 pid, u32 seq, gfp_t gfp) 5007 { 5008 struct sk_buff *skb; 5009 void *hdr; 5010 struct nlattr *data; 5011 5012 skb = nlmsg_new(approxlen + 100, gfp); 5013 if (!skb) 5014 return NULL; 5015 5016 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 5017 if (!hdr) { 5018 kfree_skb(skb); 5019 return NULL; 5020 } 5021 5022 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5023 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 5024 5025 ((void **)skb->cb)[0] = rdev; 5026 ((void **)skb->cb)[1] = hdr; 5027 ((void **)skb->cb)[2] = data; 5028 5029 return skb; 5030 5031 nla_put_failure: 5032 kfree_skb(skb); 5033 return NULL; 5034 } 5035 5036 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 5037 int approxlen) 5038 { 5039 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5040 5041 if (WARN_ON(!rdev->testmode_info)) 5042 return NULL; 5043 5044 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 5045 rdev->testmode_info->snd_pid, 5046 rdev->testmode_info->snd_seq, 5047 GFP_KERNEL); 5048 } 5049 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 5050 5051 int cfg80211_testmode_reply(struct sk_buff *skb) 5052 { 5053 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 5054 void *hdr = ((void **)skb->cb)[1]; 5055 struct nlattr *data = ((void **)skb->cb)[2]; 5056 5057 if (WARN_ON(!rdev->testmode_info)) { 5058 kfree_skb(skb); 5059 return -EINVAL; 5060 } 5061 5062 nla_nest_end(skb, data); 5063 genlmsg_end(skb, hdr); 5064 return genlmsg_reply(skb, rdev->testmode_info); 5065 } 5066 EXPORT_SYMBOL(cfg80211_testmode_reply); 5067 5068 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 5069 int approxlen, gfp_t gfp) 5070 { 5071 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 5072 5073 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 5074 } 5075 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 5076 5077 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 5078 { 5079 void *hdr = ((void **)skb->cb)[1]; 5080 struct nlattr *data = ((void **)skb->cb)[2]; 5081 5082 nla_nest_end(skb, data); 5083 genlmsg_end(skb, hdr); 5084 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 5085 } 5086 EXPORT_SYMBOL(cfg80211_testmode_event); 5087 #endif 5088 5089 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 5090 { 5091 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5092 struct net_device *dev = info->user_ptr[1]; 5093 struct cfg80211_connect_params connect; 5094 struct wiphy *wiphy; 5095 struct cfg80211_cached_keys *connkeys = NULL; 5096 int err; 5097 5098 memset(&connect, 0, sizeof(connect)); 5099 5100 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 5101 return -EINVAL; 5102 5103 if (!info->attrs[NL80211_ATTR_SSID] || 5104 !nla_len(info->attrs[NL80211_ATTR_SSID])) 5105 return -EINVAL; 5106 5107 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 5108 connect.auth_type = 5109 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 5110 if (!nl80211_valid_auth_type(connect.auth_type)) 5111 return -EINVAL; 5112 } else 5113 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 5114 5115 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 5116 5117 err = nl80211_crypto_settings(rdev, info, &connect.crypto, 5118 NL80211_MAX_NR_CIPHER_SUITES); 5119 if (err) 5120 return err; 5121 5122 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5123 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5124 return -EOPNOTSUPP; 5125 5126 wiphy = &rdev->wiphy; 5127 5128 connect.bg_scan_period = -1; 5129 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] && 5130 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) { 5131 connect.bg_scan_period = 5132 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]); 5133 } 5134 5135 if (info->attrs[NL80211_ATTR_MAC]) 5136 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5137 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 5138 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 5139 5140 if (info->attrs[NL80211_ATTR_IE]) { 5141 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 5142 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 5143 } 5144 5145 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 5146 connect.channel = 5147 ieee80211_get_channel(wiphy, 5148 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 5149 if (!connect.channel || 5150 connect.channel->flags & IEEE80211_CHAN_DISABLED) 5151 return -EINVAL; 5152 } 5153 5154 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 5155 connkeys = nl80211_parse_connkeys(rdev, 5156 info->attrs[NL80211_ATTR_KEYS]); 5157 if (IS_ERR(connkeys)) 5158 return PTR_ERR(connkeys); 5159 } 5160 5161 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT])) 5162 connect.flags |= ASSOC_REQ_DISABLE_HT; 5163 5164 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5165 memcpy(&connect.ht_capa_mask, 5166 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]), 5167 sizeof(connect.ht_capa_mask)); 5168 5169 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) { 5170 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) 5171 return -EINVAL; 5172 memcpy(&connect.ht_capa, 5173 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]), 5174 sizeof(connect.ht_capa)); 5175 } 5176 5177 err = cfg80211_connect(rdev, dev, &connect, connkeys); 5178 if (err) 5179 kfree(connkeys); 5180 return err; 5181 } 5182 5183 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 5184 { 5185 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5186 struct net_device *dev = info->user_ptr[1]; 5187 u16 reason; 5188 5189 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 5190 reason = WLAN_REASON_DEAUTH_LEAVING; 5191 else 5192 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 5193 5194 if (reason == 0) 5195 return -EINVAL; 5196 5197 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5198 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5199 return -EOPNOTSUPP; 5200 5201 return cfg80211_disconnect(rdev, dev, reason, true); 5202 } 5203 5204 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 5205 { 5206 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5207 struct net *net; 5208 int err; 5209 u32 pid; 5210 5211 if (!info->attrs[NL80211_ATTR_PID]) 5212 return -EINVAL; 5213 5214 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 5215 5216 net = get_net_ns_by_pid(pid); 5217 if (IS_ERR(net)) 5218 return PTR_ERR(net); 5219 5220 err = 0; 5221 5222 /* check if anything to do */ 5223 if (!net_eq(wiphy_net(&rdev->wiphy), net)) 5224 err = cfg80211_switch_netns(rdev, net); 5225 5226 put_net(net); 5227 return err; 5228 } 5229 5230 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 5231 { 5232 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5233 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 5234 struct cfg80211_pmksa *pmksa) = NULL; 5235 struct net_device *dev = info->user_ptr[1]; 5236 struct cfg80211_pmksa pmksa; 5237 5238 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 5239 5240 if (!info->attrs[NL80211_ATTR_MAC]) 5241 return -EINVAL; 5242 5243 if (!info->attrs[NL80211_ATTR_PMKID]) 5244 return -EINVAL; 5245 5246 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 5247 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 5248 5249 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5250 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5251 return -EOPNOTSUPP; 5252 5253 switch (info->genlhdr->cmd) { 5254 case NL80211_CMD_SET_PMKSA: 5255 rdev_ops = rdev->ops->set_pmksa; 5256 break; 5257 case NL80211_CMD_DEL_PMKSA: 5258 rdev_ops = rdev->ops->del_pmksa; 5259 break; 5260 default: 5261 WARN_ON(1); 5262 break; 5263 } 5264 5265 if (!rdev_ops) 5266 return -EOPNOTSUPP; 5267 5268 return rdev_ops(&rdev->wiphy, dev, &pmksa); 5269 } 5270 5271 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 5272 { 5273 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5274 struct net_device *dev = info->user_ptr[1]; 5275 5276 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5277 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) 5278 return -EOPNOTSUPP; 5279 5280 if (!rdev->ops->flush_pmksa) 5281 return -EOPNOTSUPP; 5282 5283 return rdev->ops->flush_pmksa(&rdev->wiphy, dev); 5284 } 5285 5286 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info) 5287 { 5288 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5289 struct net_device *dev = info->user_ptr[1]; 5290 u8 action_code, dialog_token; 5291 u16 status_code; 5292 u8 *peer; 5293 5294 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5295 !rdev->ops->tdls_mgmt) 5296 return -EOPNOTSUPP; 5297 5298 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] || 5299 !info->attrs[NL80211_ATTR_STATUS_CODE] || 5300 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] || 5301 !info->attrs[NL80211_ATTR_IE] || 5302 !info->attrs[NL80211_ATTR_MAC]) 5303 return -EINVAL; 5304 5305 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5306 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]); 5307 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]); 5308 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]); 5309 5310 return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code, 5311 dialog_token, status_code, 5312 nla_data(info->attrs[NL80211_ATTR_IE]), 5313 nla_len(info->attrs[NL80211_ATTR_IE])); 5314 } 5315 5316 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info) 5317 { 5318 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5319 struct net_device *dev = info->user_ptr[1]; 5320 enum nl80211_tdls_operation operation; 5321 u8 *peer; 5322 5323 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) || 5324 !rdev->ops->tdls_oper) 5325 return -EOPNOTSUPP; 5326 5327 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] || 5328 !info->attrs[NL80211_ATTR_MAC]) 5329 return -EINVAL; 5330 5331 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]); 5332 peer = nla_data(info->attrs[NL80211_ATTR_MAC]); 5333 5334 return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation); 5335 } 5336 5337 static int nl80211_remain_on_channel(struct sk_buff *skb, 5338 struct genl_info *info) 5339 { 5340 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5341 struct net_device *dev = info->user_ptr[1]; 5342 struct ieee80211_channel *chan; 5343 struct sk_buff *msg; 5344 void *hdr; 5345 u64 cookie; 5346 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5347 u32 freq, duration; 5348 int err; 5349 5350 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 5351 !info->attrs[NL80211_ATTR_DURATION]) 5352 return -EINVAL; 5353 5354 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5355 5356 /* 5357 * We should be on that channel for at least one jiffie, 5358 * and more than 5 seconds seems excessive. 5359 */ 5360 if (!duration || !msecs_to_jiffies(duration) || 5361 duration > rdev->wiphy.max_remain_on_channel_duration) 5362 return -EINVAL; 5363 5364 if (!rdev->ops->remain_on_channel || 5365 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)) 5366 return -EOPNOTSUPP; 5367 5368 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5369 channel_type = nla_get_u32( 5370 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 5371 if (channel_type != NL80211_CHAN_NO_HT && 5372 channel_type != NL80211_CHAN_HT20 && 5373 channel_type != NL80211_CHAN_HT40PLUS && 5374 channel_type != NL80211_CHAN_HT40MINUS) 5375 return -EINVAL; 5376 } 5377 5378 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5379 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5380 if (chan == NULL) 5381 return -EINVAL; 5382 5383 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5384 if (!msg) 5385 return -ENOMEM; 5386 5387 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5388 NL80211_CMD_REMAIN_ON_CHANNEL); 5389 5390 if (IS_ERR(hdr)) { 5391 err = PTR_ERR(hdr); 5392 goto free_msg; 5393 } 5394 5395 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 5396 channel_type, duration, &cookie); 5397 5398 if (err) 5399 goto free_msg; 5400 5401 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5402 5403 genlmsg_end(msg, hdr); 5404 5405 return genlmsg_reply(msg, info); 5406 5407 nla_put_failure: 5408 err = -ENOBUFS; 5409 free_msg: 5410 nlmsg_free(msg); 5411 return err; 5412 } 5413 5414 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 5415 struct genl_info *info) 5416 { 5417 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5418 struct net_device *dev = info->user_ptr[1]; 5419 u64 cookie; 5420 5421 if (!info->attrs[NL80211_ATTR_COOKIE]) 5422 return -EINVAL; 5423 5424 if (!rdev->ops->cancel_remain_on_channel) 5425 return -EOPNOTSUPP; 5426 5427 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5428 5429 return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 5430 } 5431 5432 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 5433 u8 *rates, u8 rates_len) 5434 { 5435 u8 i; 5436 u32 mask = 0; 5437 5438 for (i = 0; i < rates_len; i++) { 5439 int rate = (rates[i] & 0x7f) * 5; 5440 int ridx; 5441 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 5442 struct ieee80211_rate *srate = 5443 &sband->bitrates[ridx]; 5444 if (rate == srate->bitrate) { 5445 mask |= 1 << ridx; 5446 break; 5447 } 5448 } 5449 if (ridx == sband->n_bitrates) 5450 return 0; /* rate not found */ 5451 } 5452 5453 return mask; 5454 } 5455 5456 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband, 5457 u8 *rates, u8 rates_len, 5458 u8 mcs[IEEE80211_HT_MCS_MASK_LEN]) 5459 { 5460 u8 i; 5461 5462 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN); 5463 5464 for (i = 0; i < rates_len; i++) { 5465 int ridx, rbit; 5466 5467 ridx = rates[i] / 8; 5468 rbit = BIT(rates[i] % 8); 5469 5470 /* check validity */ 5471 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN)) 5472 return false; 5473 5474 /* check availability */ 5475 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit) 5476 mcs[ridx] |= rbit; 5477 else 5478 return false; 5479 } 5480 5481 return true; 5482 } 5483 5484 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 5485 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 5486 .len = NL80211_MAX_SUPP_RATES }, 5487 [NL80211_TXRATE_MCS] = { .type = NLA_BINARY, 5488 .len = NL80211_MAX_SUPP_HT_RATES }, 5489 }; 5490 5491 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 5492 struct genl_info *info) 5493 { 5494 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 5495 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5496 struct cfg80211_bitrate_mask mask; 5497 int rem, i; 5498 struct net_device *dev = info->user_ptr[1]; 5499 struct nlattr *tx_rates; 5500 struct ieee80211_supported_band *sband; 5501 5502 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 5503 return -EINVAL; 5504 5505 if (!rdev->ops->set_bitrate_mask) 5506 return -EOPNOTSUPP; 5507 5508 memset(&mask, 0, sizeof(mask)); 5509 /* Default to all rates enabled */ 5510 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 5511 sband = rdev->wiphy.bands[i]; 5512 mask.control[i].legacy = 5513 sband ? (1 << sband->n_bitrates) - 1 : 0; 5514 if (sband) 5515 memcpy(mask.control[i].mcs, 5516 sband->ht_cap.mcs.rx_mask, 5517 sizeof(mask.control[i].mcs)); 5518 else 5519 memset(mask.control[i].mcs, 0, 5520 sizeof(mask.control[i].mcs)); 5521 } 5522 5523 /* 5524 * The nested attribute uses enum nl80211_band as the index. This maps 5525 * directly to the enum ieee80211_band values used in cfg80211. 5526 */ 5527 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8); 5528 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 5529 { 5530 enum ieee80211_band band = nla_type(tx_rates); 5531 if (band < 0 || band >= IEEE80211_NUM_BANDS) 5532 return -EINVAL; 5533 sband = rdev->wiphy.bands[band]; 5534 if (sband == NULL) 5535 return -EINVAL; 5536 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 5537 nla_len(tx_rates), nl80211_txattr_policy); 5538 if (tb[NL80211_TXRATE_LEGACY]) { 5539 mask.control[band].legacy = rateset_to_mask( 5540 sband, 5541 nla_data(tb[NL80211_TXRATE_LEGACY]), 5542 nla_len(tb[NL80211_TXRATE_LEGACY])); 5543 } 5544 if (tb[NL80211_TXRATE_MCS]) { 5545 if (!ht_rateset_to_mask( 5546 sband, 5547 nla_data(tb[NL80211_TXRATE_MCS]), 5548 nla_len(tb[NL80211_TXRATE_MCS]), 5549 mask.control[band].mcs)) 5550 return -EINVAL; 5551 } 5552 5553 if (mask.control[band].legacy == 0) { 5554 /* don't allow empty legacy rates if HT 5555 * is not even supported. */ 5556 if (!rdev->wiphy.bands[band]->ht_cap.ht_supported) 5557 return -EINVAL; 5558 5559 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) 5560 if (mask.control[band].mcs[i]) 5561 break; 5562 5563 /* legacy and mcs rates may not be both empty */ 5564 if (i == IEEE80211_HT_MCS_MASK_LEN) 5565 return -EINVAL; 5566 } 5567 } 5568 5569 return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 5570 } 5571 5572 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info) 5573 { 5574 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5575 struct net_device *dev = info->user_ptr[1]; 5576 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION; 5577 5578 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 5579 return -EINVAL; 5580 5581 if (info->attrs[NL80211_ATTR_FRAME_TYPE]) 5582 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]); 5583 5584 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5585 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5586 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5587 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5588 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5589 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5590 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5591 return -EOPNOTSUPP; 5592 5593 /* not much point in registering if we can't reply */ 5594 if (!rdev->ops->mgmt_tx) 5595 return -EOPNOTSUPP; 5596 5597 return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid, 5598 frame_type, 5599 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 5600 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 5601 } 5602 5603 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info) 5604 { 5605 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5606 struct net_device *dev = info->user_ptr[1]; 5607 struct ieee80211_channel *chan; 5608 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 5609 bool channel_type_valid = false; 5610 u32 freq; 5611 int err; 5612 void *hdr = NULL; 5613 u64 cookie; 5614 struct sk_buff *msg = NULL; 5615 unsigned int wait = 0; 5616 bool offchan, no_cck, dont_wait_for_ack; 5617 5618 dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK]; 5619 5620 if (!info->attrs[NL80211_ATTR_FRAME] || 5621 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 5622 return -EINVAL; 5623 5624 if (!rdev->ops->mgmt_tx) 5625 return -EOPNOTSUPP; 5626 5627 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5628 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5629 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5630 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5631 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5632 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT && 5633 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5634 return -EOPNOTSUPP; 5635 5636 if (info->attrs[NL80211_ATTR_DURATION]) { 5637 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5638 return -EINVAL; 5639 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 5640 } 5641 5642 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 5643 channel_type = nla_get_u32( 5644 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 5645 if (channel_type != NL80211_CHAN_NO_HT && 5646 channel_type != NL80211_CHAN_HT20 && 5647 channel_type != NL80211_CHAN_HT40PLUS && 5648 channel_type != NL80211_CHAN_HT40MINUS) 5649 return -EINVAL; 5650 channel_type_valid = true; 5651 } 5652 5653 offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK]; 5654 5655 if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)) 5656 return -EINVAL; 5657 5658 no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]); 5659 5660 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 5661 chan = rdev_freq_to_chan(rdev, freq, channel_type); 5662 if (chan == NULL) 5663 return -EINVAL; 5664 5665 if (!dont_wait_for_ack) { 5666 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5667 if (!msg) 5668 return -ENOMEM; 5669 5670 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5671 NL80211_CMD_FRAME); 5672 5673 if (IS_ERR(hdr)) { 5674 err = PTR_ERR(hdr); 5675 goto free_msg; 5676 } 5677 } 5678 5679 err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type, 5680 channel_type_valid, wait, 5681 nla_data(info->attrs[NL80211_ATTR_FRAME]), 5682 nla_len(info->attrs[NL80211_ATTR_FRAME]), 5683 no_cck, dont_wait_for_ack, &cookie); 5684 if (err) 5685 goto free_msg; 5686 5687 if (msg) { 5688 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5689 5690 genlmsg_end(msg, hdr); 5691 return genlmsg_reply(msg, info); 5692 } 5693 5694 return 0; 5695 5696 nla_put_failure: 5697 err = -ENOBUFS; 5698 free_msg: 5699 nlmsg_free(msg); 5700 return err; 5701 } 5702 5703 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info) 5704 { 5705 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5706 struct net_device *dev = info->user_ptr[1]; 5707 u64 cookie; 5708 5709 if (!info->attrs[NL80211_ATTR_COOKIE]) 5710 return -EINVAL; 5711 5712 if (!rdev->ops->mgmt_tx_cancel_wait) 5713 return -EOPNOTSUPP; 5714 5715 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 5716 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC && 5717 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT && 5718 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 5719 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 5720 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) 5721 return -EOPNOTSUPP; 5722 5723 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 5724 5725 return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie); 5726 } 5727 5728 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 5729 { 5730 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5731 struct wireless_dev *wdev; 5732 struct net_device *dev = info->user_ptr[1]; 5733 u8 ps_state; 5734 bool state; 5735 int err; 5736 5737 if (!info->attrs[NL80211_ATTR_PS_STATE]) 5738 return -EINVAL; 5739 5740 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 5741 5742 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) 5743 return -EINVAL; 5744 5745 wdev = dev->ieee80211_ptr; 5746 5747 if (!rdev->ops->set_power_mgmt) 5748 return -EOPNOTSUPP; 5749 5750 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 5751 5752 if (state == wdev->ps) 5753 return 0; 5754 5755 err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state, 5756 wdev->ps_timeout); 5757 if (!err) 5758 wdev->ps = state; 5759 return err; 5760 } 5761 5762 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 5763 { 5764 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5765 enum nl80211_ps_state ps_state; 5766 struct wireless_dev *wdev; 5767 struct net_device *dev = info->user_ptr[1]; 5768 struct sk_buff *msg; 5769 void *hdr; 5770 int err; 5771 5772 wdev = dev->ieee80211_ptr; 5773 5774 if (!rdev->ops->set_power_mgmt) 5775 return -EOPNOTSUPP; 5776 5777 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5778 if (!msg) 5779 return -ENOMEM; 5780 5781 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5782 NL80211_CMD_GET_POWER_SAVE); 5783 if (!hdr) { 5784 err = -ENOBUFS; 5785 goto free_msg; 5786 } 5787 5788 if (wdev->ps) 5789 ps_state = NL80211_PS_ENABLED; 5790 else 5791 ps_state = NL80211_PS_DISABLED; 5792 5793 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 5794 5795 genlmsg_end(msg, hdr); 5796 return genlmsg_reply(msg, info); 5797 5798 nla_put_failure: 5799 err = -ENOBUFS; 5800 free_msg: 5801 nlmsg_free(msg); 5802 return err; 5803 } 5804 5805 static struct nla_policy 5806 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 5807 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 5808 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 5809 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 5810 }; 5811 5812 static int nl80211_set_cqm_rssi(struct genl_info *info, 5813 s32 threshold, u32 hysteresis) 5814 { 5815 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5816 struct wireless_dev *wdev; 5817 struct net_device *dev = info->user_ptr[1]; 5818 5819 if (threshold > 0) 5820 return -EINVAL; 5821 5822 wdev = dev->ieee80211_ptr; 5823 5824 if (!rdev->ops->set_cqm_rssi_config) 5825 return -EOPNOTSUPP; 5826 5827 if (wdev->iftype != NL80211_IFTYPE_STATION && 5828 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) 5829 return -EOPNOTSUPP; 5830 5831 return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 5832 threshold, hysteresis); 5833 } 5834 5835 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 5836 { 5837 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 5838 struct nlattr *cqm; 5839 int err; 5840 5841 cqm = info->attrs[NL80211_ATTR_CQM]; 5842 if (!cqm) { 5843 err = -EINVAL; 5844 goto out; 5845 } 5846 5847 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 5848 nl80211_attr_cqm_policy); 5849 if (err) 5850 goto out; 5851 5852 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 5853 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 5854 s32 threshold; 5855 u32 hysteresis; 5856 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 5857 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 5858 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 5859 } else 5860 err = -EINVAL; 5861 5862 out: 5863 return err; 5864 } 5865 5866 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info) 5867 { 5868 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5869 struct net_device *dev = info->user_ptr[1]; 5870 struct mesh_config cfg; 5871 struct mesh_setup setup; 5872 int err; 5873 5874 /* start with default */ 5875 memcpy(&cfg, &default_mesh_config, sizeof(cfg)); 5876 memcpy(&setup, &default_mesh_setup, sizeof(setup)); 5877 5878 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) { 5879 /* and parse parameters if given */ 5880 err = nl80211_parse_mesh_config(info, &cfg, NULL); 5881 if (err) 5882 return err; 5883 } 5884 5885 if (!info->attrs[NL80211_ATTR_MESH_ID] || 5886 !nla_len(info->attrs[NL80211_ATTR_MESH_ID])) 5887 return -EINVAL; 5888 5889 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 5890 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 5891 5892 if (info->attrs[NL80211_ATTR_MCAST_RATE] && 5893 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate, 5894 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]))) 5895 return -EINVAL; 5896 5897 if (info->attrs[NL80211_ATTR_MESH_SETUP]) { 5898 /* parse additional setup parameters if given */ 5899 err = nl80211_parse_mesh_setup(info, &setup); 5900 if (err) 5901 return err; 5902 } 5903 5904 return cfg80211_join_mesh(rdev, dev, &setup, &cfg); 5905 } 5906 5907 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info) 5908 { 5909 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5910 struct net_device *dev = info->user_ptr[1]; 5911 5912 return cfg80211_leave_mesh(rdev, dev); 5913 } 5914 5915 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info) 5916 { 5917 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5918 struct sk_buff *msg; 5919 void *hdr; 5920 5921 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 5922 return -EOPNOTSUPP; 5923 5924 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5925 if (!msg) 5926 return -ENOMEM; 5927 5928 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 5929 NL80211_CMD_GET_WOWLAN); 5930 if (!hdr) 5931 goto nla_put_failure; 5932 5933 if (rdev->wowlan) { 5934 struct nlattr *nl_wowlan; 5935 5936 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 5937 if (!nl_wowlan) 5938 goto nla_put_failure; 5939 5940 if (rdev->wowlan->any) 5941 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 5942 if (rdev->wowlan->disconnect) 5943 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 5944 if (rdev->wowlan->magic_pkt) 5945 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 5946 if (rdev->wowlan->gtk_rekey_failure) 5947 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 5948 if (rdev->wowlan->eap_identity_req) 5949 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 5950 if (rdev->wowlan->four_way_handshake) 5951 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 5952 if (rdev->wowlan->rfkill_release) 5953 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 5954 if (rdev->wowlan->n_patterns) { 5955 struct nlattr *nl_pats, *nl_pat; 5956 int i, pat_len; 5957 5958 nl_pats = nla_nest_start(msg, 5959 NL80211_WOWLAN_TRIG_PKT_PATTERN); 5960 if (!nl_pats) 5961 goto nla_put_failure; 5962 5963 for (i = 0; i < rdev->wowlan->n_patterns; i++) { 5964 nl_pat = nla_nest_start(msg, i + 1); 5965 if (!nl_pat) 5966 goto nla_put_failure; 5967 pat_len = rdev->wowlan->patterns[i].pattern_len; 5968 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK, 5969 DIV_ROUND_UP(pat_len, 8), 5970 rdev->wowlan->patterns[i].mask); 5971 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN, 5972 pat_len, 5973 rdev->wowlan->patterns[i].pattern); 5974 nla_nest_end(msg, nl_pat); 5975 } 5976 nla_nest_end(msg, nl_pats); 5977 } 5978 5979 nla_nest_end(msg, nl_wowlan); 5980 } 5981 5982 genlmsg_end(msg, hdr); 5983 return genlmsg_reply(msg, info); 5984 5985 nla_put_failure: 5986 nlmsg_free(msg); 5987 return -ENOBUFS; 5988 } 5989 5990 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info) 5991 { 5992 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 5993 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG]; 5994 struct cfg80211_wowlan no_triggers = {}; 5995 struct cfg80211_wowlan new_triggers = {}; 5996 struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan; 5997 int err, i; 5998 5999 if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns) 6000 return -EOPNOTSUPP; 6001 6002 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) 6003 goto no_triggers; 6004 6005 err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG, 6006 nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6007 nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]), 6008 nl80211_wowlan_policy); 6009 if (err) 6010 return err; 6011 6012 if (tb[NL80211_WOWLAN_TRIG_ANY]) { 6013 if (!(wowlan->flags & WIPHY_WOWLAN_ANY)) 6014 return -EINVAL; 6015 new_triggers.any = true; 6016 } 6017 6018 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) { 6019 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT)) 6020 return -EINVAL; 6021 new_triggers.disconnect = true; 6022 } 6023 6024 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) { 6025 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT)) 6026 return -EINVAL; 6027 new_triggers.magic_pkt = true; 6028 } 6029 6030 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED]) 6031 return -EINVAL; 6032 6033 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) { 6034 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)) 6035 return -EINVAL; 6036 new_triggers.gtk_rekey_failure = true; 6037 } 6038 6039 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) { 6040 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)) 6041 return -EINVAL; 6042 new_triggers.eap_identity_req = true; 6043 } 6044 6045 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) { 6046 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)) 6047 return -EINVAL; 6048 new_triggers.four_way_handshake = true; 6049 } 6050 6051 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) { 6052 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE)) 6053 return -EINVAL; 6054 new_triggers.rfkill_release = true; 6055 } 6056 6057 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) { 6058 struct nlattr *pat; 6059 int n_patterns = 0; 6060 int rem, pat_len, mask_len; 6061 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT]; 6062 6063 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6064 rem) 6065 n_patterns++; 6066 if (n_patterns > wowlan->n_patterns) 6067 return -EINVAL; 6068 6069 new_triggers.patterns = kcalloc(n_patterns, 6070 sizeof(new_triggers.patterns[0]), 6071 GFP_KERNEL); 6072 if (!new_triggers.patterns) 6073 return -ENOMEM; 6074 6075 new_triggers.n_patterns = n_patterns; 6076 i = 0; 6077 6078 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN], 6079 rem) { 6080 nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT, 6081 nla_data(pat), nla_len(pat), NULL); 6082 err = -EINVAL; 6083 if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] || 6084 !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]) 6085 goto error; 6086 pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]); 6087 mask_len = DIV_ROUND_UP(pat_len, 8); 6088 if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) != 6089 mask_len) 6090 goto error; 6091 if (pat_len > wowlan->pattern_max_len || 6092 pat_len < wowlan->pattern_min_len) 6093 goto error; 6094 6095 new_triggers.patterns[i].mask = 6096 kmalloc(mask_len + pat_len, GFP_KERNEL); 6097 if (!new_triggers.patterns[i].mask) { 6098 err = -ENOMEM; 6099 goto error; 6100 } 6101 new_triggers.patterns[i].pattern = 6102 new_triggers.patterns[i].mask + mask_len; 6103 memcpy(new_triggers.patterns[i].mask, 6104 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]), 6105 mask_len); 6106 new_triggers.patterns[i].pattern_len = pat_len; 6107 memcpy(new_triggers.patterns[i].pattern, 6108 nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]), 6109 pat_len); 6110 i++; 6111 } 6112 } 6113 6114 if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) { 6115 struct cfg80211_wowlan *ntrig; 6116 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), 6117 GFP_KERNEL); 6118 if (!ntrig) { 6119 err = -ENOMEM; 6120 goto error; 6121 } 6122 cfg80211_rdev_free_wowlan(rdev); 6123 rdev->wowlan = ntrig; 6124 } else { 6125 no_triggers: 6126 cfg80211_rdev_free_wowlan(rdev); 6127 rdev->wowlan = NULL; 6128 } 6129 6130 return 0; 6131 error: 6132 for (i = 0; i < new_triggers.n_patterns; i++) 6133 kfree(new_triggers.patterns[i].mask); 6134 kfree(new_triggers.patterns); 6135 return err; 6136 } 6137 6138 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 6139 { 6140 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6141 struct net_device *dev = info->user_ptr[1]; 6142 struct wireless_dev *wdev = dev->ieee80211_ptr; 6143 struct nlattr *tb[NUM_NL80211_REKEY_DATA]; 6144 struct cfg80211_gtk_rekey_data rekey_data; 6145 int err; 6146 6147 if (!info->attrs[NL80211_ATTR_REKEY_DATA]) 6148 return -EINVAL; 6149 6150 err = nla_parse(tb, MAX_NL80211_REKEY_DATA, 6151 nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]), 6152 nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]), 6153 nl80211_rekey_policy); 6154 if (err) 6155 return err; 6156 6157 if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN) 6158 return -ERANGE; 6159 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN) 6160 return -ERANGE; 6161 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN) 6162 return -ERANGE; 6163 6164 memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]), 6165 NL80211_KEK_LEN); 6166 memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]), 6167 NL80211_KCK_LEN); 6168 memcpy(rekey_data.replay_ctr, 6169 nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]), 6170 NL80211_REPLAY_CTR_LEN); 6171 6172 wdev_lock(wdev); 6173 if (!wdev->current_bss) { 6174 err = -ENOTCONN; 6175 goto out; 6176 } 6177 6178 if (!rdev->ops->set_rekey_data) { 6179 err = -EOPNOTSUPP; 6180 goto out; 6181 } 6182 6183 err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data); 6184 out: 6185 wdev_unlock(wdev); 6186 return err; 6187 } 6188 6189 static int nl80211_register_unexpected_frame(struct sk_buff *skb, 6190 struct genl_info *info) 6191 { 6192 struct net_device *dev = info->user_ptr[1]; 6193 struct wireless_dev *wdev = dev->ieee80211_ptr; 6194 6195 if (wdev->iftype != NL80211_IFTYPE_AP && 6196 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6197 return -EINVAL; 6198 6199 if (wdev->ap_unexpected_nlpid) 6200 return -EBUSY; 6201 6202 wdev->ap_unexpected_nlpid = info->snd_pid; 6203 return 0; 6204 } 6205 6206 static int nl80211_probe_client(struct sk_buff *skb, 6207 struct genl_info *info) 6208 { 6209 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6210 struct net_device *dev = info->user_ptr[1]; 6211 struct wireless_dev *wdev = dev->ieee80211_ptr; 6212 struct sk_buff *msg; 6213 void *hdr; 6214 const u8 *addr; 6215 u64 cookie; 6216 int err; 6217 6218 if (wdev->iftype != NL80211_IFTYPE_AP && 6219 wdev->iftype != NL80211_IFTYPE_P2P_GO) 6220 return -EOPNOTSUPP; 6221 6222 if (!info->attrs[NL80211_ATTR_MAC]) 6223 return -EINVAL; 6224 6225 if (!rdev->ops->probe_client) 6226 return -EOPNOTSUPP; 6227 6228 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6229 if (!msg) 6230 return -ENOMEM; 6231 6232 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 6233 NL80211_CMD_PROBE_CLIENT); 6234 6235 if (IS_ERR(hdr)) { 6236 err = PTR_ERR(hdr); 6237 goto free_msg; 6238 } 6239 6240 addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 6241 6242 err = rdev->ops->probe_client(&rdev->wiphy, dev, addr, &cookie); 6243 if (err) 6244 goto free_msg; 6245 6246 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 6247 6248 genlmsg_end(msg, hdr); 6249 6250 return genlmsg_reply(msg, info); 6251 6252 nla_put_failure: 6253 err = -ENOBUFS; 6254 free_msg: 6255 nlmsg_free(msg); 6256 return err; 6257 } 6258 6259 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info) 6260 { 6261 struct cfg80211_registered_device *rdev = info->user_ptr[0]; 6262 6263 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS)) 6264 return -EOPNOTSUPP; 6265 6266 if (rdev->ap_beacons_nlpid) 6267 return -EBUSY; 6268 6269 rdev->ap_beacons_nlpid = info->snd_pid; 6270 6271 return 0; 6272 } 6273 6274 #define NL80211_FLAG_NEED_WIPHY 0x01 6275 #define NL80211_FLAG_NEED_NETDEV 0x02 6276 #define NL80211_FLAG_NEED_RTNL 0x04 6277 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08 6278 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\ 6279 NL80211_FLAG_CHECK_NETDEV_UP) 6280 6281 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb, 6282 struct genl_info *info) 6283 { 6284 struct cfg80211_registered_device *rdev; 6285 struct net_device *dev; 6286 int err; 6287 bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL; 6288 6289 if (rtnl) 6290 rtnl_lock(); 6291 6292 if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) { 6293 rdev = cfg80211_get_dev_from_info(info); 6294 if (IS_ERR(rdev)) { 6295 if (rtnl) 6296 rtnl_unlock(); 6297 return PTR_ERR(rdev); 6298 } 6299 info->user_ptr[0] = rdev; 6300 } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) { 6301 err = get_rdev_dev_by_ifindex(genl_info_net(info), info->attrs, 6302 &rdev, &dev); 6303 if (err) { 6304 if (rtnl) 6305 rtnl_unlock(); 6306 return err; 6307 } 6308 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP && 6309 !netif_running(dev)) { 6310 cfg80211_unlock_rdev(rdev); 6311 dev_put(dev); 6312 if (rtnl) 6313 rtnl_unlock(); 6314 return -ENETDOWN; 6315 } 6316 info->user_ptr[0] = rdev; 6317 info->user_ptr[1] = dev; 6318 } 6319 6320 return 0; 6321 } 6322 6323 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb, 6324 struct genl_info *info) 6325 { 6326 if (info->user_ptr[0]) 6327 cfg80211_unlock_rdev(info->user_ptr[0]); 6328 if (info->user_ptr[1]) 6329 dev_put(info->user_ptr[1]); 6330 if (ops->internal_flags & NL80211_FLAG_NEED_RTNL) 6331 rtnl_unlock(); 6332 } 6333 6334 static struct genl_ops nl80211_ops[] = { 6335 { 6336 .cmd = NL80211_CMD_GET_WIPHY, 6337 .doit = nl80211_get_wiphy, 6338 .dumpit = nl80211_dump_wiphy, 6339 .policy = nl80211_policy, 6340 /* can be retrieved by unprivileged users */ 6341 .internal_flags = NL80211_FLAG_NEED_WIPHY, 6342 }, 6343 { 6344 .cmd = NL80211_CMD_SET_WIPHY, 6345 .doit = nl80211_set_wiphy, 6346 .policy = nl80211_policy, 6347 .flags = GENL_ADMIN_PERM, 6348 .internal_flags = NL80211_FLAG_NEED_RTNL, 6349 }, 6350 { 6351 .cmd = NL80211_CMD_GET_INTERFACE, 6352 .doit = nl80211_get_interface, 6353 .dumpit = nl80211_dump_interface, 6354 .policy = nl80211_policy, 6355 /* can be retrieved by unprivileged users */ 6356 .internal_flags = NL80211_FLAG_NEED_NETDEV, 6357 }, 6358 { 6359 .cmd = NL80211_CMD_SET_INTERFACE, 6360 .doit = nl80211_set_interface, 6361 .policy = nl80211_policy, 6362 .flags = GENL_ADMIN_PERM, 6363 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6364 NL80211_FLAG_NEED_RTNL, 6365 }, 6366 { 6367 .cmd = NL80211_CMD_NEW_INTERFACE, 6368 .doit = nl80211_new_interface, 6369 .policy = nl80211_policy, 6370 .flags = GENL_ADMIN_PERM, 6371 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6372 NL80211_FLAG_NEED_RTNL, 6373 }, 6374 { 6375 .cmd = NL80211_CMD_DEL_INTERFACE, 6376 .doit = nl80211_del_interface, 6377 .policy = nl80211_policy, 6378 .flags = GENL_ADMIN_PERM, 6379 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6380 NL80211_FLAG_NEED_RTNL, 6381 }, 6382 { 6383 .cmd = NL80211_CMD_GET_KEY, 6384 .doit = nl80211_get_key, 6385 .policy = nl80211_policy, 6386 .flags = GENL_ADMIN_PERM, 6387 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6388 NL80211_FLAG_NEED_RTNL, 6389 }, 6390 { 6391 .cmd = NL80211_CMD_SET_KEY, 6392 .doit = nl80211_set_key, 6393 .policy = nl80211_policy, 6394 .flags = GENL_ADMIN_PERM, 6395 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6396 NL80211_FLAG_NEED_RTNL, 6397 }, 6398 { 6399 .cmd = NL80211_CMD_NEW_KEY, 6400 .doit = nl80211_new_key, 6401 .policy = nl80211_policy, 6402 .flags = GENL_ADMIN_PERM, 6403 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6404 NL80211_FLAG_NEED_RTNL, 6405 }, 6406 { 6407 .cmd = NL80211_CMD_DEL_KEY, 6408 .doit = nl80211_del_key, 6409 .policy = nl80211_policy, 6410 .flags = GENL_ADMIN_PERM, 6411 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6412 NL80211_FLAG_NEED_RTNL, 6413 }, 6414 { 6415 .cmd = NL80211_CMD_SET_BEACON, 6416 .policy = nl80211_policy, 6417 .flags = GENL_ADMIN_PERM, 6418 .doit = nl80211_set_beacon, 6419 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6420 NL80211_FLAG_NEED_RTNL, 6421 }, 6422 { 6423 .cmd = NL80211_CMD_START_AP, 6424 .policy = nl80211_policy, 6425 .flags = GENL_ADMIN_PERM, 6426 .doit = nl80211_start_ap, 6427 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6428 NL80211_FLAG_NEED_RTNL, 6429 }, 6430 { 6431 .cmd = NL80211_CMD_STOP_AP, 6432 .policy = nl80211_policy, 6433 .flags = GENL_ADMIN_PERM, 6434 .doit = nl80211_stop_ap, 6435 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6436 NL80211_FLAG_NEED_RTNL, 6437 }, 6438 { 6439 .cmd = NL80211_CMD_GET_STATION, 6440 .doit = nl80211_get_station, 6441 .dumpit = nl80211_dump_station, 6442 .policy = nl80211_policy, 6443 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6444 NL80211_FLAG_NEED_RTNL, 6445 }, 6446 { 6447 .cmd = NL80211_CMD_SET_STATION, 6448 .doit = nl80211_set_station, 6449 .policy = nl80211_policy, 6450 .flags = GENL_ADMIN_PERM, 6451 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6452 NL80211_FLAG_NEED_RTNL, 6453 }, 6454 { 6455 .cmd = NL80211_CMD_NEW_STATION, 6456 .doit = nl80211_new_station, 6457 .policy = nl80211_policy, 6458 .flags = GENL_ADMIN_PERM, 6459 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6460 NL80211_FLAG_NEED_RTNL, 6461 }, 6462 { 6463 .cmd = NL80211_CMD_DEL_STATION, 6464 .doit = nl80211_del_station, 6465 .policy = nl80211_policy, 6466 .flags = GENL_ADMIN_PERM, 6467 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6468 NL80211_FLAG_NEED_RTNL, 6469 }, 6470 { 6471 .cmd = NL80211_CMD_GET_MPATH, 6472 .doit = nl80211_get_mpath, 6473 .dumpit = nl80211_dump_mpath, 6474 .policy = nl80211_policy, 6475 .flags = GENL_ADMIN_PERM, 6476 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6477 NL80211_FLAG_NEED_RTNL, 6478 }, 6479 { 6480 .cmd = NL80211_CMD_SET_MPATH, 6481 .doit = nl80211_set_mpath, 6482 .policy = nl80211_policy, 6483 .flags = GENL_ADMIN_PERM, 6484 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6485 NL80211_FLAG_NEED_RTNL, 6486 }, 6487 { 6488 .cmd = NL80211_CMD_NEW_MPATH, 6489 .doit = nl80211_new_mpath, 6490 .policy = nl80211_policy, 6491 .flags = GENL_ADMIN_PERM, 6492 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6493 NL80211_FLAG_NEED_RTNL, 6494 }, 6495 { 6496 .cmd = NL80211_CMD_DEL_MPATH, 6497 .doit = nl80211_del_mpath, 6498 .policy = nl80211_policy, 6499 .flags = GENL_ADMIN_PERM, 6500 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6501 NL80211_FLAG_NEED_RTNL, 6502 }, 6503 { 6504 .cmd = NL80211_CMD_SET_BSS, 6505 .doit = nl80211_set_bss, 6506 .policy = nl80211_policy, 6507 .flags = GENL_ADMIN_PERM, 6508 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6509 NL80211_FLAG_NEED_RTNL, 6510 }, 6511 { 6512 .cmd = NL80211_CMD_GET_REG, 6513 .doit = nl80211_get_reg, 6514 .policy = nl80211_policy, 6515 /* can be retrieved by unprivileged users */ 6516 }, 6517 { 6518 .cmd = NL80211_CMD_SET_REG, 6519 .doit = nl80211_set_reg, 6520 .policy = nl80211_policy, 6521 .flags = GENL_ADMIN_PERM, 6522 }, 6523 { 6524 .cmd = NL80211_CMD_REQ_SET_REG, 6525 .doit = nl80211_req_set_reg, 6526 .policy = nl80211_policy, 6527 .flags = GENL_ADMIN_PERM, 6528 }, 6529 { 6530 .cmd = NL80211_CMD_GET_MESH_CONFIG, 6531 .doit = nl80211_get_mesh_config, 6532 .policy = nl80211_policy, 6533 /* can be retrieved by unprivileged users */ 6534 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6535 NL80211_FLAG_NEED_RTNL, 6536 }, 6537 { 6538 .cmd = NL80211_CMD_SET_MESH_CONFIG, 6539 .doit = nl80211_update_mesh_config, 6540 .policy = nl80211_policy, 6541 .flags = GENL_ADMIN_PERM, 6542 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6543 NL80211_FLAG_NEED_RTNL, 6544 }, 6545 { 6546 .cmd = NL80211_CMD_TRIGGER_SCAN, 6547 .doit = nl80211_trigger_scan, 6548 .policy = nl80211_policy, 6549 .flags = GENL_ADMIN_PERM, 6550 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6551 NL80211_FLAG_NEED_RTNL, 6552 }, 6553 { 6554 .cmd = NL80211_CMD_GET_SCAN, 6555 .policy = nl80211_policy, 6556 .dumpit = nl80211_dump_scan, 6557 }, 6558 { 6559 .cmd = NL80211_CMD_START_SCHED_SCAN, 6560 .doit = nl80211_start_sched_scan, 6561 .policy = nl80211_policy, 6562 .flags = GENL_ADMIN_PERM, 6563 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6564 NL80211_FLAG_NEED_RTNL, 6565 }, 6566 { 6567 .cmd = NL80211_CMD_STOP_SCHED_SCAN, 6568 .doit = nl80211_stop_sched_scan, 6569 .policy = nl80211_policy, 6570 .flags = GENL_ADMIN_PERM, 6571 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6572 NL80211_FLAG_NEED_RTNL, 6573 }, 6574 { 6575 .cmd = NL80211_CMD_AUTHENTICATE, 6576 .doit = nl80211_authenticate, 6577 .policy = nl80211_policy, 6578 .flags = GENL_ADMIN_PERM, 6579 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6580 NL80211_FLAG_NEED_RTNL, 6581 }, 6582 { 6583 .cmd = NL80211_CMD_ASSOCIATE, 6584 .doit = nl80211_associate, 6585 .policy = nl80211_policy, 6586 .flags = GENL_ADMIN_PERM, 6587 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6588 NL80211_FLAG_NEED_RTNL, 6589 }, 6590 { 6591 .cmd = NL80211_CMD_DEAUTHENTICATE, 6592 .doit = nl80211_deauthenticate, 6593 .policy = nl80211_policy, 6594 .flags = GENL_ADMIN_PERM, 6595 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6596 NL80211_FLAG_NEED_RTNL, 6597 }, 6598 { 6599 .cmd = NL80211_CMD_DISASSOCIATE, 6600 .doit = nl80211_disassociate, 6601 .policy = nl80211_policy, 6602 .flags = GENL_ADMIN_PERM, 6603 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6604 NL80211_FLAG_NEED_RTNL, 6605 }, 6606 { 6607 .cmd = NL80211_CMD_JOIN_IBSS, 6608 .doit = nl80211_join_ibss, 6609 .policy = nl80211_policy, 6610 .flags = GENL_ADMIN_PERM, 6611 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6612 NL80211_FLAG_NEED_RTNL, 6613 }, 6614 { 6615 .cmd = NL80211_CMD_LEAVE_IBSS, 6616 .doit = nl80211_leave_ibss, 6617 .policy = nl80211_policy, 6618 .flags = GENL_ADMIN_PERM, 6619 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6620 NL80211_FLAG_NEED_RTNL, 6621 }, 6622 #ifdef CONFIG_NL80211_TESTMODE 6623 { 6624 .cmd = NL80211_CMD_TESTMODE, 6625 .doit = nl80211_testmode_do, 6626 .dumpit = nl80211_testmode_dump, 6627 .policy = nl80211_policy, 6628 .flags = GENL_ADMIN_PERM, 6629 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6630 NL80211_FLAG_NEED_RTNL, 6631 }, 6632 #endif 6633 { 6634 .cmd = NL80211_CMD_CONNECT, 6635 .doit = nl80211_connect, 6636 .policy = nl80211_policy, 6637 .flags = GENL_ADMIN_PERM, 6638 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6639 NL80211_FLAG_NEED_RTNL, 6640 }, 6641 { 6642 .cmd = NL80211_CMD_DISCONNECT, 6643 .doit = nl80211_disconnect, 6644 .policy = nl80211_policy, 6645 .flags = GENL_ADMIN_PERM, 6646 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6647 NL80211_FLAG_NEED_RTNL, 6648 }, 6649 { 6650 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 6651 .doit = nl80211_wiphy_netns, 6652 .policy = nl80211_policy, 6653 .flags = GENL_ADMIN_PERM, 6654 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6655 NL80211_FLAG_NEED_RTNL, 6656 }, 6657 { 6658 .cmd = NL80211_CMD_GET_SURVEY, 6659 .policy = nl80211_policy, 6660 .dumpit = nl80211_dump_survey, 6661 }, 6662 { 6663 .cmd = NL80211_CMD_SET_PMKSA, 6664 .doit = nl80211_setdel_pmksa, 6665 .policy = nl80211_policy, 6666 .flags = GENL_ADMIN_PERM, 6667 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6668 NL80211_FLAG_NEED_RTNL, 6669 }, 6670 { 6671 .cmd = NL80211_CMD_DEL_PMKSA, 6672 .doit = nl80211_setdel_pmksa, 6673 .policy = nl80211_policy, 6674 .flags = GENL_ADMIN_PERM, 6675 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6676 NL80211_FLAG_NEED_RTNL, 6677 }, 6678 { 6679 .cmd = NL80211_CMD_FLUSH_PMKSA, 6680 .doit = nl80211_flush_pmksa, 6681 .policy = nl80211_policy, 6682 .flags = GENL_ADMIN_PERM, 6683 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6684 NL80211_FLAG_NEED_RTNL, 6685 }, 6686 { 6687 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 6688 .doit = nl80211_remain_on_channel, 6689 .policy = nl80211_policy, 6690 .flags = GENL_ADMIN_PERM, 6691 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6692 NL80211_FLAG_NEED_RTNL, 6693 }, 6694 { 6695 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 6696 .doit = nl80211_cancel_remain_on_channel, 6697 .policy = nl80211_policy, 6698 .flags = GENL_ADMIN_PERM, 6699 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6700 NL80211_FLAG_NEED_RTNL, 6701 }, 6702 { 6703 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 6704 .doit = nl80211_set_tx_bitrate_mask, 6705 .policy = nl80211_policy, 6706 .flags = GENL_ADMIN_PERM, 6707 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6708 NL80211_FLAG_NEED_RTNL, 6709 }, 6710 { 6711 .cmd = NL80211_CMD_REGISTER_FRAME, 6712 .doit = nl80211_register_mgmt, 6713 .policy = nl80211_policy, 6714 .flags = GENL_ADMIN_PERM, 6715 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6716 NL80211_FLAG_NEED_RTNL, 6717 }, 6718 { 6719 .cmd = NL80211_CMD_FRAME, 6720 .doit = nl80211_tx_mgmt, 6721 .policy = nl80211_policy, 6722 .flags = GENL_ADMIN_PERM, 6723 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6724 NL80211_FLAG_NEED_RTNL, 6725 }, 6726 { 6727 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL, 6728 .doit = nl80211_tx_mgmt_cancel_wait, 6729 .policy = nl80211_policy, 6730 .flags = GENL_ADMIN_PERM, 6731 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6732 NL80211_FLAG_NEED_RTNL, 6733 }, 6734 { 6735 .cmd = NL80211_CMD_SET_POWER_SAVE, 6736 .doit = nl80211_set_power_save, 6737 .policy = nl80211_policy, 6738 .flags = GENL_ADMIN_PERM, 6739 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6740 NL80211_FLAG_NEED_RTNL, 6741 }, 6742 { 6743 .cmd = NL80211_CMD_GET_POWER_SAVE, 6744 .doit = nl80211_get_power_save, 6745 .policy = nl80211_policy, 6746 /* can be retrieved by unprivileged users */ 6747 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6748 NL80211_FLAG_NEED_RTNL, 6749 }, 6750 { 6751 .cmd = NL80211_CMD_SET_CQM, 6752 .doit = nl80211_set_cqm, 6753 .policy = nl80211_policy, 6754 .flags = GENL_ADMIN_PERM, 6755 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6756 NL80211_FLAG_NEED_RTNL, 6757 }, 6758 { 6759 .cmd = NL80211_CMD_SET_CHANNEL, 6760 .doit = nl80211_set_channel, 6761 .policy = nl80211_policy, 6762 .flags = GENL_ADMIN_PERM, 6763 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6764 NL80211_FLAG_NEED_RTNL, 6765 }, 6766 { 6767 .cmd = NL80211_CMD_SET_WDS_PEER, 6768 .doit = nl80211_set_wds_peer, 6769 .policy = nl80211_policy, 6770 .flags = GENL_ADMIN_PERM, 6771 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6772 NL80211_FLAG_NEED_RTNL, 6773 }, 6774 { 6775 .cmd = NL80211_CMD_JOIN_MESH, 6776 .doit = nl80211_join_mesh, 6777 .policy = nl80211_policy, 6778 .flags = GENL_ADMIN_PERM, 6779 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6780 NL80211_FLAG_NEED_RTNL, 6781 }, 6782 { 6783 .cmd = NL80211_CMD_LEAVE_MESH, 6784 .doit = nl80211_leave_mesh, 6785 .policy = nl80211_policy, 6786 .flags = GENL_ADMIN_PERM, 6787 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6788 NL80211_FLAG_NEED_RTNL, 6789 }, 6790 { 6791 .cmd = NL80211_CMD_GET_WOWLAN, 6792 .doit = nl80211_get_wowlan, 6793 .policy = nl80211_policy, 6794 /* can be retrieved by unprivileged users */ 6795 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6796 NL80211_FLAG_NEED_RTNL, 6797 }, 6798 { 6799 .cmd = NL80211_CMD_SET_WOWLAN, 6800 .doit = nl80211_set_wowlan, 6801 .policy = nl80211_policy, 6802 .flags = GENL_ADMIN_PERM, 6803 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6804 NL80211_FLAG_NEED_RTNL, 6805 }, 6806 { 6807 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD, 6808 .doit = nl80211_set_rekey_data, 6809 .policy = nl80211_policy, 6810 .flags = GENL_ADMIN_PERM, 6811 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6812 NL80211_FLAG_NEED_RTNL, 6813 }, 6814 { 6815 .cmd = NL80211_CMD_TDLS_MGMT, 6816 .doit = nl80211_tdls_mgmt, 6817 .policy = nl80211_policy, 6818 .flags = GENL_ADMIN_PERM, 6819 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6820 NL80211_FLAG_NEED_RTNL, 6821 }, 6822 { 6823 .cmd = NL80211_CMD_TDLS_OPER, 6824 .doit = nl80211_tdls_oper, 6825 .policy = nl80211_policy, 6826 .flags = GENL_ADMIN_PERM, 6827 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 6828 NL80211_FLAG_NEED_RTNL, 6829 }, 6830 { 6831 .cmd = NL80211_CMD_UNEXPECTED_FRAME, 6832 .doit = nl80211_register_unexpected_frame, 6833 .policy = nl80211_policy, 6834 .flags = GENL_ADMIN_PERM, 6835 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6836 NL80211_FLAG_NEED_RTNL, 6837 }, 6838 { 6839 .cmd = NL80211_CMD_PROBE_CLIENT, 6840 .doit = nl80211_probe_client, 6841 .policy = nl80211_policy, 6842 .flags = GENL_ADMIN_PERM, 6843 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6844 NL80211_FLAG_NEED_RTNL, 6845 }, 6846 { 6847 .cmd = NL80211_CMD_REGISTER_BEACONS, 6848 .doit = nl80211_register_beacons, 6849 .policy = nl80211_policy, 6850 .flags = GENL_ADMIN_PERM, 6851 .internal_flags = NL80211_FLAG_NEED_WIPHY | 6852 NL80211_FLAG_NEED_RTNL, 6853 }, 6854 { 6855 .cmd = NL80211_CMD_SET_NOACK_MAP, 6856 .doit = nl80211_set_noack_map, 6857 .policy = nl80211_policy, 6858 .flags = GENL_ADMIN_PERM, 6859 .internal_flags = NL80211_FLAG_NEED_NETDEV | 6860 NL80211_FLAG_NEED_RTNL, 6861 }, 6862 6863 }; 6864 6865 static struct genl_multicast_group nl80211_mlme_mcgrp = { 6866 .name = "mlme", 6867 }; 6868 6869 /* multicast groups */ 6870 static struct genl_multicast_group nl80211_config_mcgrp = { 6871 .name = "config", 6872 }; 6873 static struct genl_multicast_group nl80211_scan_mcgrp = { 6874 .name = "scan", 6875 }; 6876 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 6877 .name = "regulatory", 6878 }; 6879 6880 /* notification functions */ 6881 6882 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 6883 { 6884 struct sk_buff *msg; 6885 6886 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 6887 if (!msg) 6888 return; 6889 6890 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 6891 nlmsg_free(msg); 6892 return; 6893 } 6894 6895 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6896 nl80211_config_mcgrp.id, GFP_KERNEL); 6897 } 6898 6899 static int nl80211_add_scan_req(struct sk_buff *msg, 6900 struct cfg80211_registered_device *rdev) 6901 { 6902 struct cfg80211_scan_request *req = rdev->scan_req; 6903 struct nlattr *nest; 6904 int i; 6905 6906 ASSERT_RDEV_LOCK(rdev); 6907 6908 if (WARN_ON(!req)) 6909 return 0; 6910 6911 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 6912 if (!nest) 6913 goto nla_put_failure; 6914 for (i = 0; i < req->n_ssids; i++) 6915 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 6916 nla_nest_end(msg, nest); 6917 6918 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 6919 if (!nest) 6920 goto nla_put_failure; 6921 for (i = 0; i < req->n_channels; i++) 6922 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 6923 nla_nest_end(msg, nest); 6924 6925 if (req->ie) 6926 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 6927 6928 return 0; 6929 nla_put_failure: 6930 return -ENOBUFS; 6931 } 6932 6933 static int nl80211_send_scan_msg(struct sk_buff *msg, 6934 struct cfg80211_registered_device *rdev, 6935 struct net_device *netdev, 6936 u32 pid, u32 seq, int flags, 6937 u32 cmd) 6938 { 6939 void *hdr; 6940 6941 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 6942 if (!hdr) 6943 return -1; 6944 6945 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6946 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6947 6948 /* ignore errors and send incomplete event anyway */ 6949 nl80211_add_scan_req(msg, rdev); 6950 6951 return genlmsg_end(msg, hdr); 6952 6953 nla_put_failure: 6954 genlmsg_cancel(msg, hdr); 6955 return -EMSGSIZE; 6956 } 6957 6958 static int 6959 nl80211_send_sched_scan_msg(struct sk_buff *msg, 6960 struct cfg80211_registered_device *rdev, 6961 struct net_device *netdev, 6962 u32 pid, u32 seq, int flags, u32 cmd) 6963 { 6964 void *hdr; 6965 6966 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 6967 if (!hdr) 6968 return -1; 6969 6970 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6971 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6972 6973 return genlmsg_end(msg, hdr); 6974 6975 nla_put_failure: 6976 genlmsg_cancel(msg, hdr); 6977 return -EMSGSIZE; 6978 } 6979 6980 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 6981 struct net_device *netdev) 6982 { 6983 struct sk_buff *msg; 6984 6985 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 6986 if (!msg) 6987 return; 6988 6989 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 6990 NL80211_CMD_TRIGGER_SCAN) < 0) { 6991 nlmsg_free(msg); 6992 return; 6993 } 6994 6995 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6996 nl80211_scan_mcgrp.id, GFP_KERNEL); 6997 } 6998 6999 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 7000 struct net_device *netdev) 7001 { 7002 struct sk_buff *msg; 7003 7004 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7005 if (!msg) 7006 return; 7007 7008 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7009 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 7010 nlmsg_free(msg); 7011 return; 7012 } 7013 7014 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7015 nl80211_scan_mcgrp.id, GFP_KERNEL); 7016 } 7017 7018 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 7019 struct net_device *netdev) 7020 { 7021 struct sk_buff *msg; 7022 7023 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7024 if (!msg) 7025 return; 7026 7027 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 7028 NL80211_CMD_SCAN_ABORTED) < 0) { 7029 nlmsg_free(msg); 7030 return; 7031 } 7032 7033 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7034 nl80211_scan_mcgrp.id, GFP_KERNEL); 7035 } 7036 7037 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev, 7038 struct net_device *netdev) 7039 { 7040 struct sk_buff *msg; 7041 7042 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7043 if (!msg) 7044 return; 7045 7046 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, 7047 NL80211_CMD_SCHED_SCAN_RESULTS) < 0) { 7048 nlmsg_free(msg); 7049 return; 7050 } 7051 7052 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7053 nl80211_scan_mcgrp.id, GFP_KERNEL); 7054 } 7055 7056 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev, 7057 struct net_device *netdev, u32 cmd) 7058 { 7059 struct sk_buff *msg; 7060 7061 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7062 if (!msg) 7063 return; 7064 7065 if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) { 7066 nlmsg_free(msg); 7067 return; 7068 } 7069 7070 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7071 nl80211_scan_mcgrp.id, GFP_KERNEL); 7072 } 7073 7074 /* 7075 * This can happen on global regulatory changes or device specific settings 7076 * based on custom world regulatory domains. 7077 */ 7078 void nl80211_send_reg_change_event(struct regulatory_request *request) 7079 { 7080 struct sk_buff *msg; 7081 void *hdr; 7082 7083 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 7084 if (!msg) 7085 return; 7086 7087 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 7088 if (!hdr) { 7089 nlmsg_free(msg); 7090 return; 7091 } 7092 7093 /* Userspace can always count this one always being set */ 7094 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 7095 7096 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 7097 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7098 NL80211_REGDOM_TYPE_WORLD); 7099 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 7100 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7101 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 7102 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 7103 request->intersect) 7104 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7105 NL80211_REGDOM_TYPE_INTERSECTION); 7106 else { 7107 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 7108 NL80211_REGDOM_TYPE_COUNTRY); 7109 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 7110 } 7111 7112 if (wiphy_idx_valid(request->wiphy_idx)) 7113 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 7114 7115 genlmsg_end(msg, hdr); 7116 7117 rcu_read_lock(); 7118 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7119 GFP_ATOMIC); 7120 rcu_read_unlock(); 7121 7122 return; 7123 7124 nla_put_failure: 7125 genlmsg_cancel(msg, hdr); 7126 nlmsg_free(msg); 7127 } 7128 7129 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 7130 struct net_device *netdev, 7131 const u8 *buf, size_t len, 7132 enum nl80211_commands cmd, gfp_t gfp) 7133 { 7134 struct sk_buff *msg; 7135 void *hdr; 7136 7137 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7138 if (!msg) 7139 return; 7140 7141 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7142 if (!hdr) { 7143 nlmsg_free(msg); 7144 return; 7145 } 7146 7147 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7148 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7149 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7150 7151 genlmsg_end(msg, hdr); 7152 7153 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7154 nl80211_mlme_mcgrp.id, gfp); 7155 return; 7156 7157 nla_put_failure: 7158 genlmsg_cancel(msg, hdr); 7159 nlmsg_free(msg); 7160 } 7161 7162 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 7163 struct net_device *netdev, const u8 *buf, 7164 size_t len, gfp_t gfp) 7165 { 7166 nl80211_send_mlme_event(rdev, netdev, buf, len, 7167 NL80211_CMD_AUTHENTICATE, gfp); 7168 } 7169 7170 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 7171 struct net_device *netdev, const u8 *buf, 7172 size_t len, gfp_t gfp) 7173 { 7174 nl80211_send_mlme_event(rdev, netdev, buf, len, 7175 NL80211_CMD_ASSOCIATE, gfp); 7176 } 7177 7178 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 7179 struct net_device *netdev, const u8 *buf, 7180 size_t len, gfp_t gfp) 7181 { 7182 nl80211_send_mlme_event(rdev, netdev, buf, len, 7183 NL80211_CMD_DEAUTHENTICATE, gfp); 7184 } 7185 7186 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 7187 struct net_device *netdev, const u8 *buf, 7188 size_t len, gfp_t gfp) 7189 { 7190 nl80211_send_mlme_event(rdev, netdev, buf, len, 7191 NL80211_CMD_DISASSOCIATE, gfp); 7192 } 7193 7194 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev, 7195 struct net_device *netdev, const u8 *buf, 7196 size_t len, gfp_t gfp) 7197 { 7198 nl80211_send_mlme_event(rdev, netdev, buf, len, 7199 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp); 7200 } 7201 7202 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev, 7203 struct net_device *netdev, const u8 *buf, 7204 size_t len, gfp_t gfp) 7205 { 7206 nl80211_send_mlme_event(rdev, netdev, buf, len, 7207 NL80211_CMD_UNPROT_DISASSOCIATE, gfp); 7208 } 7209 7210 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 7211 struct net_device *netdev, int cmd, 7212 const u8 *addr, gfp_t gfp) 7213 { 7214 struct sk_buff *msg; 7215 void *hdr; 7216 7217 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7218 if (!msg) 7219 return; 7220 7221 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7222 if (!hdr) { 7223 nlmsg_free(msg); 7224 return; 7225 } 7226 7227 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7228 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7229 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 7230 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7231 7232 genlmsg_end(msg, hdr); 7233 7234 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7235 nl80211_mlme_mcgrp.id, gfp); 7236 return; 7237 7238 nla_put_failure: 7239 genlmsg_cancel(msg, hdr); 7240 nlmsg_free(msg); 7241 } 7242 7243 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 7244 struct net_device *netdev, const u8 *addr, 7245 gfp_t gfp) 7246 { 7247 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 7248 addr, gfp); 7249 } 7250 7251 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 7252 struct net_device *netdev, const u8 *addr, 7253 gfp_t gfp) 7254 { 7255 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 7256 addr, gfp); 7257 } 7258 7259 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 7260 struct net_device *netdev, const u8 *bssid, 7261 const u8 *req_ie, size_t req_ie_len, 7262 const u8 *resp_ie, size_t resp_ie_len, 7263 u16 status, gfp_t gfp) 7264 { 7265 struct sk_buff *msg; 7266 void *hdr; 7267 7268 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7269 if (!msg) 7270 return; 7271 7272 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 7273 if (!hdr) { 7274 nlmsg_free(msg); 7275 return; 7276 } 7277 7278 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7279 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7280 if (bssid) 7281 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7282 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 7283 if (req_ie) 7284 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 7285 if (resp_ie) 7286 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 7287 7288 genlmsg_end(msg, hdr); 7289 7290 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7291 nl80211_mlme_mcgrp.id, gfp); 7292 return; 7293 7294 nla_put_failure: 7295 genlmsg_cancel(msg, hdr); 7296 nlmsg_free(msg); 7297 7298 } 7299 7300 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 7301 struct net_device *netdev, const u8 *bssid, 7302 const u8 *req_ie, size_t req_ie_len, 7303 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 7304 { 7305 struct sk_buff *msg; 7306 void *hdr; 7307 7308 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7309 if (!msg) 7310 return; 7311 7312 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 7313 if (!hdr) { 7314 nlmsg_free(msg); 7315 return; 7316 } 7317 7318 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7319 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7320 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7321 if (req_ie) 7322 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 7323 if (resp_ie) 7324 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 7325 7326 genlmsg_end(msg, hdr); 7327 7328 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7329 nl80211_mlme_mcgrp.id, gfp); 7330 return; 7331 7332 nla_put_failure: 7333 genlmsg_cancel(msg, hdr); 7334 nlmsg_free(msg); 7335 7336 } 7337 7338 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 7339 struct net_device *netdev, u16 reason, 7340 const u8 *ie, size_t ie_len, bool from_ap) 7341 { 7342 struct sk_buff *msg; 7343 void *hdr; 7344 7345 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 7346 if (!msg) 7347 return; 7348 7349 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 7350 if (!hdr) { 7351 nlmsg_free(msg); 7352 return; 7353 } 7354 7355 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7356 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7357 if (from_ap && reason) 7358 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 7359 if (from_ap) 7360 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 7361 if (ie) 7362 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 7363 7364 genlmsg_end(msg, hdr); 7365 7366 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7367 nl80211_mlme_mcgrp.id, GFP_KERNEL); 7368 return; 7369 7370 nla_put_failure: 7371 genlmsg_cancel(msg, hdr); 7372 nlmsg_free(msg); 7373 7374 } 7375 7376 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 7377 struct net_device *netdev, const u8 *bssid, 7378 gfp_t gfp) 7379 { 7380 struct sk_buff *msg; 7381 void *hdr; 7382 7383 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7384 if (!msg) 7385 return; 7386 7387 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 7388 if (!hdr) { 7389 nlmsg_free(msg); 7390 return; 7391 } 7392 7393 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7394 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7395 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7396 7397 genlmsg_end(msg, hdr); 7398 7399 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7400 nl80211_mlme_mcgrp.id, gfp); 7401 return; 7402 7403 nla_put_failure: 7404 genlmsg_cancel(msg, hdr); 7405 nlmsg_free(msg); 7406 } 7407 7408 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev, 7409 struct net_device *netdev, 7410 const u8 *macaddr, const u8* ie, u8 ie_len, 7411 gfp_t gfp) 7412 { 7413 struct sk_buff *msg; 7414 void *hdr; 7415 7416 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7417 if (!msg) 7418 return; 7419 7420 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE); 7421 if (!hdr) { 7422 nlmsg_free(msg); 7423 return; 7424 } 7425 7426 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7427 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7428 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr); 7429 if (ie_len && ie) 7430 NLA_PUT(msg, NL80211_ATTR_IE, ie_len , ie); 7431 7432 genlmsg_end(msg, hdr); 7433 7434 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7435 nl80211_mlme_mcgrp.id, gfp); 7436 return; 7437 7438 nla_put_failure: 7439 genlmsg_cancel(msg, hdr); 7440 nlmsg_free(msg); 7441 } 7442 7443 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 7444 struct net_device *netdev, const u8 *addr, 7445 enum nl80211_key_type key_type, int key_id, 7446 const u8 *tsc, gfp_t gfp) 7447 { 7448 struct sk_buff *msg; 7449 void *hdr; 7450 7451 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7452 if (!msg) 7453 return; 7454 7455 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 7456 if (!hdr) { 7457 nlmsg_free(msg); 7458 return; 7459 } 7460 7461 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7462 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7463 if (addr) 7464 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7465 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 7466 if (key_id != -1) 7467 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 7468 if (tsc) 7469 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 7470 7471 genlmsg_end(msg, hdr); 7472 7473 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7474 nl80211_mlme_mcgrp.id, gfp); 7475 return; 7476 7477 nla_put_failure: 7478 genlmsg_cancel(msg, hdr); 7479 nlmsg_free(msg); 7480 } 7481 7482 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 7483 struct ieee80211_channel *channel_before, 7484 struct ieee80211_channel *channel_after) 7485 { 7486 struct sk_buff *msg; 7487 void *hdr; 7488 struct nlattr *nl_freq; 7489 7490 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 7491 if (!msg) 7492 return; 7493 7494 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 7495 if (!hdr) { 7496 nlmsg_free(msg); 7497 return; 7498 } 7499 7500 /* 7501 * Since we are applying the beacon hint to a wiphy we know its 7502 * wiphy_idx is valid 7503 */ 7504 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 7505 7506 /* Before */ 7507 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 7508 if (!nl_freq) 7509 goto nla_put_failure; 7510 if (nl80211_msg_put_channel(msg, channel_before)) 7511 goto nla_put_failure; 7512 nla_nest_end(msg, nl_freq); 7513 7514 /* After */ 7515 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 7516 if (!nl_freq) 7517 goto nla_put_failure; 7518 if (nl80211_msg_put_channel(msg, channel_after)) 7519 goto nla_put_failure; 7520 nla_nest_end(msg, nl_freq); 7521 7522 genlmsg_end(msg, hdr); 7523 7524 rcu_read_lock(); 7525 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 7526 GFP_ATOMIC); 7527 rcu_read_unlock(); 7528 7529 return; 7530 7531 nla_put_failure: 7532 genlmsg_cancel(msg, hdr); 7533 nlmsg_free(msg); 7534 } 7535 7536 static void nl80211_send_remain_on_chan_event( 7537 int cmd, struct cfg80211_registered_device *rdev, 7538 struct net_device *netdev, u64 cookie, 7539 struct ieee80211_channel *chan, 7540 enum nl80211_channel_type channel_type, 7541 unsigned int duration, gfp_t gfp) 7542 { 7543 struct sk_buff *msg; 7544 void *hdr; 7545 7546 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7547 if (!msg) 7548 return; 7549 7550 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7551 if (!hdr) { 7552 nlmsg_free(msg); 7553 return; 7554 } 7555 7556 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7557 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7558 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 7559 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 7560 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7561 7562 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 7563 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 7564 7565 genlmsg_end(msg, hdr); 7566 7567 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7568 nl80211_mlme_mcgrp.id, gfp); 7569 return; 7570 7571 nla_put_failure: 7572 genlmsg_cancel(msg, hdr); 7573 nlmsg_free(msg); 7574 } 7575 7576 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 7577 struct net_device *netdev, u64 cookie, 7578 struct ieee80211_channel *chan, 7579 enum nl80211_channel_type channel_type, 7580 unsigned int duration, gfp_t gfp) 7581 { 7582 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 7583 rdev, netdev, cookie, chan, 7584 channel_type, duration, gfp); 7585 } 7586 7587 void nl80211_send_remain_on_channel_cancel( 7588 struct cfg80211_registered_device *rdev, struct net_device *netdev, 7589 u64 cookie, struct ieee80211_channel *chan, 7590 enum nl80211_channel_type channel_type, gfp_t gfp) 7591 { 7592 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 7593 rdev, netdev, cookie, chan, 7594 channel_type, 0, gfp); 7595 } 7596 7597 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 7598 struct net_device *dev, const u8 *mac_addr, 7599 struct station_info *sinfo, gfp_t gfp) 7600 { 7601 struct sk_buff *msg; 7602 7603 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7604 if (!msg) 7605 return; 7606 7607 if (nl80211_send_station(msg, 0, 0, 0, 7608 rdev, dev, mac_addr, sinfo) < 0) { 7609 nlmsg_free(msg); 7610 return; 7611 } 7612 7613 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7614 nl80211_mlme_mcgrp.id, gfp); 7615 } 7616 7617 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev, 7618 struct net_device *dev, const u8 *mac_addr, 7619 gfp_t gfp) 7620 { 7621 struct sk_buff *msg; 7622 void *hdr; 7623 7624 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7625 if (!msg) 7626 return; 7627 7628 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION); 7629 if (!hdr) { 7630 nlmsg_free(msg); 7631 return; 7632 } 7633 7634 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7635 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 7636 7637 genlmsg_end(msg, hdr); 7638 7639 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7640 nl80211_mlme_mcgrp.id, gfp); 7641 return; 7642 7643 nla_put_failure: 7644 genlmsg_cancel(msg, hdr); 7645 nlmsg_free(msg); 7646 } 7647 7648 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd, 7649 const u8 *addr, gfp_t gfp) 7650 { 7651 struct wireless_dev *wdev = dev->ieee80211_ptr; 7652 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 7653 struct sk_buff *msg; 7654 void *hdr; 7655 int err; 7656 u32 nlpid = ACCESS_ONCE(wdev->ap_unexpected_nlpid); 7657 7658 if (!nlpid) 7659 return false; 7660 7661 msg = nlmsg_new(100, gfp); 7662 if (!msg) 7663 return true; 7664 7665 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 7666 if (!hdr) { 7667 nlmsg_free(msg); 7668 return true; 7669 } 7670 7671 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7672 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7673 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7674 7675 err = genlmsg_end(msg, hdr); 7676 if (err < 0) { 7677 nlmsg_free(msg); 7678 return true; 7679 } 7680 7681 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7682 return true; 7683 7684 nla_put_failure: 7685 genlmsg_cancel(msg, hdr); 7686 nlmsg_free(msg); 7687 return true; 7688 } 7689 7690 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp) 7691 { 7692 return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME, 7693 addr, gfp); 7694 } 7695 7696 bool nl80211_unexpected_4addr_frame(struct net_device *dev, 7697 const u8 *addr, gfp_t gfp) 7698 { 7699 return __nl80211_unexpected_frame(dev, 7700 NL80211_CMD_UNEXPECTED_4ADDR_FRAME, 7701 addr, gfp); 7702 } 7703 7704 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev, 7705 struct net_device *netdev, u32 nlpid, 7706 int freq, int sig_dbm, 7707 const u8 *buf, size_t len, gfp_t gfp) 7708 { 7709 struct sk_buff *msg; 7710 void *hdr; 7711 7712 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7713 if (!msg) 7714 return -ENOMEM; 7715 7716 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 7717 if (!hdr) { 7718 nlmsg_free(msg); 7719 return -ENOMEM; 7720 } 7721 7722 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7723 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7724 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 7725 if (sig_dbm) 7726 NLA_PUT_U32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm); 7727 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7728 7729 genlmsg_end(msg, hdr); 7730 7731 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 7732 7733 nla_put_failure: 7734 genlmsg_cancel(msg, hdr); 7735 nlmsg_free(msg); 7736 return -ENOBUFS; 7737 } 7738 7739 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev, 7740 struct net_device *netdev, u64 cookie, 7741 const u8 *buf, size_t len, bool ack, 7742 gfp_t gfp) 7743 { 7744 struct sk_buff *msg; 7745 void *hdr; 7746 7747 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 7748 if (!msg) 7749 return; 7750 7751 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS); 7752 if (!hdr) { 7753 nlmsg_free(msg); 7754 return; 7755 } 7756 7757 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7758 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7759 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 7760 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7761 if (ack) 7762 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 7763 7764 genlmsg_end(msg, hdr); 7765 7766 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 7767 return; 7768 7769 nla_put_failure: 7770 genlmsg_cancel(msg, hdr); 7771 nlmsg_free(msg); 7772 } 7773 7774 void 7775 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 7776 struct net_device *netdev, 7777 enum nl80211_cqm_rssi_threshold_event rssi_event, 7778 gfp_t gfp) 7779 { 7780 struct sk_buff *msg; 7781 struct nlattr *pinfoattr; 7782 void *hdr; 7783 7784 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7785 if (!msg) 7786 return; 7787 7788 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 7789 if (!hdr) { 7790 nlmsg_free(msg); 7791 return; 7792 } 7793 7794 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7795 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7796 7797 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 7798 if (!pinfoattr) 7799 goto nla_put_failure; 7800 7801 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 7802 rssi_event); 7803 7804 nla_nest_end(msg, pinfoattr); 7805 7806 genlmsg_end(msg, hdr); 7807 7808 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7809 nl80211_mlme_mcgrp.id, gfp); 7810 return; 7811 7812 nla_put_failure: 7813 genlmsg_cancel(msg, hdr); 7814 nlmsg_free(msg); 7815 } 7816 7817 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev, 7818 struct net_device *netdev, const u8 *bssid, 7819 const u8 *replay_ctr, gfp_t gfp) 7820 { 7821 struct sk_buff *msg; 7822 struct nlattr *rekey_attr; 7823 void *hdr; 7824 7825 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7826 if (!msg) 7827 return; 7828 7829 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 7830 if (!hdr) { 7831 nlmsg_free(msg); 7832 return; 7833 } 7834 7835 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7836 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7837 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 7838 7839 rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 7840 if (!rekey_attr) 7841 goto nla_put_failure; 7842 7843 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, 7844 NL80211_REPLAY_CTR_LEN, replay_ctr); 7845 7846 nla_nest_end(msg, rekey_attr); 7847 7848 genlmsg_end(msg, hdr); 7849 7850 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7851 nl80211_mlme_mcgrp.id, gfp); 7852 return; 7853 7854 nla_put_failure: 7855 genlmsg_cancel(msg, hdr); 7856 nlmsg_free(msg); 7857 } 7858 7859 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev, 7860 struct net_device *netdev, int index, 7861 const u8 *bssid, bool preauth, gfp_t gfp) 7862 { 7863 struct sk_buff *msg; 7864 struct nlattr *attr; 7865 void *hdr; 7866 7867 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7868 if (!msg) 7869 return; 7870 7871 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE); 7872 if (!hdr) { 7873 nlmsg_free(msg); 7874 return; 7875 } 7876 7877 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7878 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7879 7880 attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE); 7881 if (!attr) 7882 goto nla_put_failure; 7883 7884 NLA_PUT_U32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index); 7885 NLA_PUT(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid); 7886 if (preauth) 7887 NLA_PUT_FLAG(msg, NL80211_PMKSA_CANDIDATE_PREAUTH); 7888 7889 nla_nest_end(msg, attr); 7890 7891 genlmsg_end(msg, hdr); 7892 7893 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7894 nl80211_mlme_mcgrp.id, gfp); 7895 return; 7896 7897 nla_put_failure: 7898 genlmsg_cancel(msg, hdr); 7899 nlmsg_free(msg); 7900 } 7901 7902 void 7903 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev, 7904 struct net_device *netdev, const u8 *peer, 7905 u32 num_packets, gfp_t gfp) 7906 { 7907 struct sk_buff *msg; 7908 struct nlattr *pinfoattr; 7909 void *hdr; 7910 7911 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7912 if (!msg) 7913 return; 7914 7915 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 7916 if (!hdr) { 7917 nlmsg_free(msg); 7918 return; 7919 } 7920 7921 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7922 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 7923 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 7924 7925 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 7926 if (!pinfoattr) 7927 goto nla_put_failure; 7928 7929 NLA_PUT_U32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets); 7930 7931 nla_nest_end(msg, pinfoattr); 7932 7933 genlmsg_end(msg, hdr); 7934 7935 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7936 nl80211_mlme_mcgrp.id, gfp); 7937 return; 7938 7939 nla_put_failure: 7940 genlmsg_cancel(msg, hdr); 7941 nlmsg_free(msg); 7942 } 7943 7944 void cfg80211_probe_status(struct net_device *dev, const u8 *addr, 7945 u64 cookie, bool acked, gfp_t gfp) 7946 { 7947 struct wireless_dev *wdev = dev->ieee80211_ptr; 7948 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 7949 struct sk_buff *msg; 7950 void *hdr; 7951 int err; 7952 7953 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 7954 if (!msg) 7955 return; 7956 7957 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT); 7958 if (!hdr) { 7959 nlmsg_free(msg); 7960 return; 7961 } 7962 7963 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 7964 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 7965 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7966 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 7967 if (acked) 7968 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 7969 7970 err = genlmsg_end(msg, hdr); 7971 if (err < 0) { 7972 nlmsg_free(msg); 7973 return; 7974 } 7975 7976 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 7977 nl80211_mlme_mcgrp.id, gfp); 7978 return; 7979 7980 nla_put_failure: 7981 genlmsg_cancel(msg, hdr); 7982 nlmsg_free(msg); 7983 } 7984 EXPORT_SYMBOL(cfg80211_probe_status); 7985 7986 void cfg80211_report_obss_beacon(struct wiphy *wiphy, 7987 const u8 *frame, size_t len, 7988 int freq, int sig_dbm, gfp_t gfp) 7989 { 7990 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 7991 struct sk_buff *msg; 7992 void *hdr; 7993 u32 nlpid = ACCESS_ONCE(rdev->ap_beacons_nlpid); 7994 7995 if (!nlpid) 7996 return; 7997 7998 msg = nlmsg_new(len + 100, gfp); 7999 if (!msg) 8000 return; 8001 8002 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME); 8003 if (!hdr) { 8004 nlmsg_free(msg); 8005 return; 8006 } 8007 8008 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 8009 if (freq) 8010 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 8011 if (sig_dbm) 8012 NLA_PUT_U32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm); 8013 NLA_PUT(msg, NL80211_ATTR_FRAME, len, frame); 8014 8015 genlmsg_end(msg, hdr); 8016 8017 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 8018 return; 8019 8020 nla_put_failure: 8021 genlmsg_cancel(msg, hdr); 8022 nlmsg_free(msg); 8023 } 8024 EXPORT_SYMBOL(cfg80211_report_obss_beacon); 8025 8026 static int nl80211_netlink_notify(struct notifier_block * nb, 8027 unsigned long state, 8028 void *_notify) 8029 { 8030 struct netlink_notify *notify = _notify; 8031 struct cfg80211_registered_device *rdev; 8032 struct wireless_dev *wdev; 8033 8034 if (state != NETLINK_URELEASE) 8035 return NOTIFY_DONE; 8036 8037 rcu_read_lock(); 8038 8039 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) { 8040 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 8041 cfg80211_mlme_unregister_socket(wdev, notify->pid); 8042 if (rdev->ap_beacons_nlpid == notify->pid) 8043 rdev->ap_beacons_nlpid = 0; 8044 } 8045 8046 rcu_read_unlock(); 8047 8048 return NOTIFY_DONE; 8049 } 8050 8051 static struct notifier_block nl80211_netlink_notifier = { 8052 .notifier_call = nl80211_netlink_notify, 8053 }; 8054 8055 /* initialisation/exit functions */ 8056 8057 int nl80211_init(void) 8058 { 8059 int err; 8060 8061 err = genl_register_family_with_ops(&nl80211_fam, 8062 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 8063 if (err) 8064 return err; 8065 8066 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 8067 if (err) 8068 goto err_out; 8069 8070 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 8071 if (err) 8072 goto err_out; 8073 8074 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 8075 if (err) 8076 goto err_out; 8077 8078 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 8079 if (err) 8080 goto err_out; 8081 8082 #ifdef CONFIG_NL80211_TESTMODE 8083 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 8084 if (err) 8085 goto err_out; 8086 #endif 8087 8088 err = netlink_register_notifier(&nl80211_netlink_notifier); 8089 if (err) 8090 goto err_out; 8091 8092 return 0; 8093 err_out: 8094 genl_unregister_family(&nl80211_fam); 8095 return err; 8096 } 8097 8098 void nl80211_exit(void) 8099 { 8100 netlink_unregister_notifier(&nl80211_netlink_notifier); 8101 genl_unregister_family(&nl80211_fam); 8102 } 8103