1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2024 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <net/net_namespace.h>
25 #include <net/genetlink.h>
26 #include <net/cfg80211.h>
27 #include <net/sock.h>
28 #include <net/inet_connection_sock.h>
29 #include "core.h"
30 #include "nl80211.h"
31 #include "reg.h"
32 #include "rdev-ops.h"
33
34 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35 struct genl_info *info,
36 struct cfg80211_crypto_settings *settings,
37 int cipher_limit);
38
39 /* the netlink family */
40 static struct genl_family nl80211_fam;
41
42 /* multicast groups */
43 enum nl80211_multicast_groups {
44 NL80211_MCGRP_CONFIG,
45 NL80211_MCGRP_SCAN,
46 NL80211_MCGRP_REGULATORY,
47 NL80211_MCGRP_MLME,
48 NL80211_MCGRP_VENDOR,
49 NL80211_MCGRP_NAN,
50 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51 };
52
53 static const struct genl_multicast_group nl80211_mcgrps[] = {
54 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60 #ifdef CONFIG_NL80211_TESTMODE
61 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62 #endif
63 };
64
65 /* returns ERR_PTR values */
66 static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct cfg80211_registered_device * rdev,struct net * netns,struct nlattr ** attrs)67 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68 struct net *netns, struct nlattr **attrs)
69 {
70 struct wireless_dev *result = NULL;
71 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73 u64 wdev_id = 0;
74 int wiphy_idx = -1;
75 int ifidx = -1;
76
77 if (!have_ifidx && !have_wdev_id)
78 return ERR_PTR(-EINVAL);
79
80 if (have_ifidx)
81 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 if (have_wdev_id) {
83 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 wiphy_idx = wdev_id >> 32;
85 }
86
87 if (rdev) {
88 struct wireless_dev *wdev;
89
90 lockdep_assert_held(&rdev->wiphy.mtx);
91
92 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93 if (have_ifidx && wdev->netdev &&
94 wdev->netdev->ifindex == ifidx) {
95 result = wdev;
96 break;
97 }
98 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99 result = wdev;
100 break;
101 }
102 }
103
104 return result ?: ERR_PTR(-ENODEV);
105 }
106
107 ASSERT_RTNL();
108
109 for_each_rdev(rdev) {
110 struct wireless_dev *wdev;
111
112 if (wiphy_net(&rdev->wiphy) != netns)
113 continue;
114
115 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116 continue;
117
118 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119 if (have_ifidx && wdev->netdev &&
120 wdev->netdev->ifindex == ifidx) {
121 result = wdev;
122 break;
123 }
124 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125 result = wdev;
126 break;
127 }
128 }
129
130 if (result)
131 break;
132 }
133
134 if (result)
135 return result;
136 return ERR_PTR(-ENODEV);
137 }
138
139 static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net * netns,struct nlattr ** attrs)140 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141 {
142 struct cfg80211_registered_device *rdev = NULL, *tmp;
143 struct net_device *netdev;
144
145 ASSERT_RTNL();
146
147 if (!attrs[NL80211_ATTR_WIPHY] &&
148 !attrs[NL80211_ATTR_IFINDEX] &&
149 !attrs[NL80211_ATTR_WDEV])
150 return ERR_PTR(-EINVAL);
151
152 if (attrs[NL80211_ATTR_WIPHY])
153 rdev = cfg80211_rdev_by_wiphy_idx(
154 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155
156 if (attrs[NL80211_ATTR_WDEV]) {
157 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158 struct wireless_dev *wdev;
159 bool found = false;
160
161 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162 if (tmp) {
163 /* make sure wdev exists */
164 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165 if (wdev->identifier != (u32)wdev_id)
166 continue;
167 found = true;
168 break;
169 }
170
171 if (!found)
172 tmp = NULL;
173
174 if (rdev && tmp != rdev)
175 return ERR_PTR(-EINVAL);
176 rdev = tmp;
177 }
178 }
179
180 if (attrs[NL80211_ATTR_IFINDEX]) {
181 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182
183 netdev = __dev_get_by_index(netns, ifindex);
184 if (netdev) {
185 if (netdev->ieee80211_ptr)
186 tmp = wiphy_to_rdev(
187 netdev->ieee80211_ptr->wiphy);
188 else
189 tmp = NULL;
190
191 /* not wireless device -- return error */
192 if (!tmp)
193 return ERR_PTR(-EINVAL);
194
195 /* mismatch -- return error */
196 if (rdev && tmp != rdev)
197 return ERR_PTR(-EINVAL);
198
199 rdev = tmp;
200 }
201 }
202
203 if (!rdev)
204 return ERR_PTR(-ENODEV);
205
206 if (netns != wiphy_net(&rdev->wiphy))
207 return ERR_PTR(-ENODEV);
208
209 return rdev;
210 }
211
212 /*
213 * This function returns a pointer to the driver
214 * that the genl_info item that is passed refers to.
215 *
216 * The result of this can be a PTR_ERR and hence must
217 * be checked with IS_ERR() for errors.
218 */
219 static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net * netns,struct genl_info * info)220 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221 {
222 return __cfg80211_rdev_from_attrs(netns, info->attrs);
223 }
224
validate_beacon_head(const struct nlattr * attr,struct netlink_ext_ack * extack)225 static int validate_beacon_head(const struct nlattr *attr,
226 struct netlink_ext_ack *extack)
227 {
228 const u8 *data = nla_data(attr);
229 unsigned int len = nla_len(attr);
230 const struct element *elem;
231 const struct ieee80211_mgmt *mgmt = (void *)data;
232 unsigned int fixedlen, hdrlen;
233 bool s1g_bcn;
234
235 if (len < offsetofend(typeof(*mgmt), frame_control))
236 goto err;
237
238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
239 if (s1g_bcn) {
240 fixedlen = offsetof(struct ieee80211_ext,
241 u.s1g_beacon.variable);
242 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
243 } else {
244 fixedlen = offsetof(struct ieee80211_mgmt,
245 u.beacon.variable);
246 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
247 }
248
249 if (len < fixedlen)
250 goto err;
251
252 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
253 goto err;
254
255 data += fixedlen;
256 len -= fixedlen;
257
258 for_each_element(elem, data, len) {
259 /* nothing */
260 }
261
262 if (for_each_element_completed(elem, data, len))
263 return 0;
264
265 err:
266 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
267 return -EINVAL;
268 }
269
validate_ie_attr(const struct nlattr * attr,struct netlink_ext_ack * extack)270 static int validate_ie_attr(const struct nlattr *attr,
271 struct netlink_ext_ack *extack)
272 {
273 const u8 *data = nla_data(attr);
274 unsigned int len = nla_len(attr);
275 const struct element *elem;
276
277 for_each_element(elem, data, len) {
278 /* nothing */
279 }
280
281 if (for_each_element_completed(elem, data, len))
282 return 0;
283
284 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
285 return -EINVAL;
286 }
287
validate_he_capa(const struct nlattr * attr,struct netlink_ext_ack * extack)288 static int validate_he_capa(const struct nlattr *attr,
289 struct netlink_ext_ack *extack)
290 {
291 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
292 return -EINVAL;
293
294 return 0;
295 }
296
297 /* policy for the attributes */
298 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
299
300 static const struct nla_policy
301 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
302 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
303 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
304 .len = U8_MAX },
305 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
306 .len = U8_MAX },
307 };
308
309 static const struct nla_policy
310 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
311 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
312 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
313 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
314 NLA_POLICY_MAX(NLA_U8, 15),
315 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
316 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
317 NLA_POLICY_MAX(NLA_U8, 15),
318 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 },
319 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
320 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
321 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
322 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
323 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
324 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
325 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
326 };
327
328 static const struct nla_policy
329 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
330 [NL80211_PMSR_TYPE_FTM] =
331 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
332 };
333
334 static const struct nla_policy
335 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
336 [NL80211_PMSR_REQ_ATTR_DATA] =
337 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
338 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
339 };
340
341 static const struct nla_policy
342 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
343 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
344 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
345 [NL80211_PMSR_PEER_ATTR_REQ] =
346 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
347 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
348 };
349
350 static const struct nla_policy
351 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
352 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
353 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
354 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
355 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
356 [NL80211_PMSR_ATTR_PEERS] =
357 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
358 };
359
360 static const struct nla_policy
361 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
362 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
363 NLA_POLICY_RANGE(NLA_U8, 1, 20),
364 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
365 NLA_POLICY_RANGE(NLA_U8, 1, 20),
366 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
367 NLA_POLICY_RANGE(NLA_U8, 1, 20),
368 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
369 NLA_POLICY_EXACT_LEN(8),
370 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
371 NLA_POLICY_EXACT_LEN(8),
372 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
373 };
374
375 static const struct nla_policy
376 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
377 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
378 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
379 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
380 };
381
382 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
383 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
384 .len = NL80211_MAX_SUPP_RATES },
385 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
386 .len = NL80211_MAX_SUPP_HT_RATES },
387 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
388 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
389 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
390 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
391 NL80211_RATE_INFO_HE_GI_0_8,
392 NL80211_RATE_INFO_HE_GI_3_2),
393 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
394 NL80211_RATE_INFO_HE_1XLTF,
395 NL80211_RATE_INFO_HE_4XLTF),
396 };
397
398 static const struct nla_policy
399 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
400 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
401 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
402 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
403 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
404 [NL80211_TID_CONFIG_ATTR_NOACK] =
405 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
406 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
407 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
408 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
409 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
410 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
411 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
412 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
413 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
414 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
415 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
416 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
417 NLA_POLICY_NESTED(nl80211_txattr_policy),
418 };
419
420 static const struct nla_policy
421 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
422 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
423 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
424 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
425 NLA_POLICY_RANGE(NLA_BINARY,
426 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
427 IEEE80211_MAX_DATA_LEN),
428 };
429
430 static const struct nla_policy
431 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
432 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
433 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
434 .len = IEEE80211_MAX_DATA_LEN }
435 };
436
437 static const struct nla_policy
438 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
439 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
440 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
441 };
442
443 static const struct nla_policy
444 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
445 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
446 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
447 };
448
449 static const struct nla_policy
450 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
451 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
452 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
453 NLA_POLICY_MIN(NLA_U8, 1),
454 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
455 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
456 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
457 };
458
459 static const struct nla_policy
460 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
461 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
462 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
463 };
464
465 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
466 .min = 0,
467 .max = 0xffff,
468 };
469
470 static const struct netlink_range_validation q_range = {
471 .max = INT_MAX,
472 };
473
474 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
475 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
476 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
477 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
478 .len = 20-1 },
479 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
480
481 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
482 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
483 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
484 NL80211_EDMG_CHANNELS_MIN,
485 NL80211_EDMG_CHANNELS_MAX),
486 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
487 NL80211_EDMG_BW_CONFIG_MIN,
488 NL80211_EDMG_BW_CONFIG_MAX),
489
490 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
491 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
492 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
493 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
494
495 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
496 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
497 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
498 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
499 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
500 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
501
502 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
503 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
504 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
505
506 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
507 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
508
509 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
510 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
511 .len = WLAN_MAX_KEY_LEN },
512 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
513 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
514 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
515 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
516 [NL80211_ATTR_KEY_TYPE] =
517 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
518
519 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
520 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
521 [NL80211_ATTR_BEACON_HEAD] =
522 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
523 IEEE80211_MAX_DATA_LEN),
524 [NL80211_ATTR_BEACON_TAIL] =
525 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
526 IEEE80211_MAX_DATA_LEN),
527 [NL80211_ATTR_STA_AID] =
528 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
529 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
530 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
531 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
532 .len = NL80211_MAX_SUPP_RATES },
533 [NL80211_ATTR_STA_PLINK_ACTION] =
534 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
535 [NL80211_ATTR_STA_TX_POWER_SETTING] =
536 NLA_POLICY_RANGE(NLA_U8,
537 NL80211_TX_POWER_AUTOMATIC,
538 NL80211_TX_POWER_FIXED),
539 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
540 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
541 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
542 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
543 .len = IEEE80211_MAX_MESH_ID_LEN },
544 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
545
546 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
547 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
548 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
549
550 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
551 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
552 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
553 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
554 .len = NL80211_MAX_SUPP_RATES },
555 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
556
557 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
558 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
559
560 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
561
562 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
563 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
564 validate_ie_attr,
565 IEEE80211_MAX_DATA_LEN),
566 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
567 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
568
569 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
570 .len = IEEE80211_MAX_SSID_LEN },
571 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
572 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
573 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
574 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
575 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
576 NL80211_MFP_NO,
577 NL80211_MFP_OPTIONAL),
578 [NL80211_ATTR_STA_FLAGS2] =
579 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
580 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
581 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
582 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
583 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
584 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
585 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
586 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
587 [NL80211_ATTR_WPA_VERSIONS] =
588 NLA_POLICY_RANGE(NLA_U32, 0,
589 NL80211_WPA_VERSION_1 |
590 NL80211_WPA_VERSION_2 |
591 NL80211_WPA_VERSION_3),
592 [NL80211_ATTR_PID] = { .type = NLA_U32 },
593 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
594 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
595 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
596 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
597 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
598 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
599 .len = IEEE80211_MAX_DATA_LEN },
600 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
601 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
602 NL80211_PS_DISABLED,
603 NL80211_PS_ENABLED),
604 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
605 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
606 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
607 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
608 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
609 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
610 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
611 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
612 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
613 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
614 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
615 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
616 [NL80211_ATTR_STA_PLINK_STATE] =
617 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
618 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
619 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
620 [NL80211_ATTR_MESH_PEER_AID] =
621 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
622 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
623 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
624 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
625 [NL80211_ATTR_HIDDEN_SSID] =
626 NLA_POLICY_RANGE(NLA_U32,
627 NL80211_HIDDEN_SSID_NOT_IN_USE,
628 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
629 [NL80211_ATTR_IE_PROBE_RESP] =
630 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
631 IEEE80211_MAX_DATA_LEN),
632 [NL80211_ATTR_IE_ASSOC_RESP] =
633 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
634 IEEE80211_MAX_DATA_LEN),
635 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
636 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
637 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
638 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
639 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
640 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
641 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
642 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
643 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
644 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
645 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
646 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
647 .len = IEEE80211_MAX_DATA_LEN },
648 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
649 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
650 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
651 .len = NL80211_HT_CAPABILITY_LEN
652 },
653 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
654 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
655 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
656 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
657 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
658
659 /* need to include at least Auth Transaction and Status Code */
660 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
661
662 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
663 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
664 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
665 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
666 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
667 NLA_POLICY_RANGE(NLA_U32,
668 NL80211_MESH_POWER_UNKNOWN + 1,
669 NL80211_MESH_POWER_MAX),
670 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
671 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
672 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
673 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
674 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
675 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
676 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
677 .len = NL80211_VHT_CAPABILITY_LEN,
678 },
679 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
680 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
681 .len = IEEE80211_MAX_DATA_LEN },
682 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
683 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
684 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
685 [NL80211_ATTR_PEER_AID] =
686 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
687 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
688 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
689 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
690 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
691 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
692 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
693 /*
694 * The value of the Length field of the Supported Operating
695 * Classes element is between 2 and 253.
696 */
697 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
698 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
699 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
700 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
701 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
702 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
703 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
704 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
705 IEEE80211_QOS_MAP_LEN_MIN,
706 IEEE80211_QOS_MAP_LEN_MAX),
707 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
708 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
709 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
710 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
711 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
712 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
713 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
714 [NL80211_ATTR_USER_PRIO] =
715 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
716 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
717 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
718 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
719 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
720 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
721 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
722 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
723 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
724 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
725 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
726 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
727 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
728 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
729 .len = VHT_MUMIMO_GROUPS_DATA_LEN
730 },
731 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
732 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
733 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
734 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
735 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
736 .len = FILS_MAX_KEK_LEN },
737 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
738 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
739 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
740 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
741 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
742 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
743 },
744 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
745 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
746 .len = FILS_ERP_MAX_USERNAME_LEN },
747 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
748 .len = FILS_ERP_MAX_REALM_LEN },
749 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
750 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
751 .len = FILS_ERP_MAX_RRK_LEN },
752 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
753 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
754 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
755 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
756 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
757
758 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
759 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
760 [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
761 [NL80211_ATTR_HE_CAPABILITY] =
762 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
763 NL80211_HE_MAX_CAPABILITY_LEN),
764 [NL80211_ATTR_FTM_RESPONDER] =
765 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
766 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
767 [NL80211_ATTR_PEER_MEASUREMENTS] =
768 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
769 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
770 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
771 .len = SAE_PASSWORD_MAX_LEN },
772 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
773 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
774 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
775 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
776 [NL80211_ATTR_TID_CONFIG] =
777 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
778 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
779 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
780 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
781 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
782 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
783 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
784 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
785 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
786 [NL80211_ATTR_FILS_DISCOVERY] =
787 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
788 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
789 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
790 [NL80211_ATTR_S1G_CAPABILITY] =
791 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
792 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
793 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
794 [NL80211_ATTR_SAE_PWE] =
795 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
796 NL80211_SAE_PWE_BOTH),
797 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
798 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
799 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
800 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
801 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
802 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
803 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
804 [NL80211_ATTR_MBSSID_CONFIG] =
805 NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
806 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
807 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
808 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
809 [NL80211_ATTR_EHT_CAPABILITY] =
810 NLA_POLICY_RANGE(NLA_BINARY,
811 NL80211_EHT_MIN_CAPABILITY_LEN,
812 NL80211_EHT_MAX_CAPABILITY_LEN),
813 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
814 [NL80211_ATTR_MLO_LINKS] =
815 NLA_POLICY_NESTED_ARRAY(nl80211_policy),
816 [NL80211_ATTR_MLO_LINK_ID] =
817 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS),
818 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
819 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
820 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
821 [NL80211_ATTR_PUNCT_BITMAP] =
822 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
823
824 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
825 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
826 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
827 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
828 [NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
829 [NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
830 [NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
831 [NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
832 };
833
834 /* policy for the key attributes */
835 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
836 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
837 [NL80211_KEY_IDX] = { .type = NLA_U8 },
838 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
839 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
840 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
841 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
842 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
843 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
844 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
845 };
846
847 /* policy for the key default flags */
848 static const struct nla_policy
849 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
850 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
851 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
852 };
853
854 #ifdef CONFIG_PM
855 /* policy for WoWLAN attributes */
856 static const struct nla_policy
857 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
858 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
859 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
860 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
861 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
862 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
863 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
864 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
865 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
866 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
867 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
868 };
869
870 static const struct nla_policy
871 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
872 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
873 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
874 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
875 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
876 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
877 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
878 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
879 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
880 },
881 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
882 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
883 },
884 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
885 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
886 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
887 };
888 #endif /* CONFIG_PM */
889
890 /* policy for coalesce rule attributes */
891 static const struct nla_policy
892 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
893 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
894 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
895 NLA_POLICY_RANGE(NLA_U32,
896 NL80211_COALESCE_CONDITION_MATCH,
897 NL80211_COALESCE_CONDITION_NO_MATCH),
898 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
899 };
900
901 /* policy for GTK rekey offload attributes */
902 static const struct nla_policy
903 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
904 [NL80211_REKEY_DATA_KEK] = {
905 .type = NLA_BINARY,
906 .len = NL80211_KEK_EXT_LEN
907 },
908 [NL80211_REKEY_DATA_KCK] = {
909 .type = NLA_BINARY,
910 .len = NL80211_KCK_EXT_LEN_32
911 },
912 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
913 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
914 };
915
916 static const struct nla_policy
917 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
918 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
919 .len = IEEE80211_MAX_SSID_LEN },
920 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
921 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
922 };
923
924 static const struct nla_policy
925 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
926 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
927 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
928 };
929
930 static const struct nla_policy
931 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
932 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
933 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
934 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
935 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
936 },
937 };
938
939 /* policy for NAN function attributes */
940 static const struct nla_policy
941 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
942 [NL80211_NAN_FUNC_TYPE] =
943 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
944 [NL80211_NAN_FUNC_SERVICE_ID] = {
945 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
946 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
947 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
948 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
949 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
950 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
951 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
952 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
953 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
954 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
955 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
956 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
957 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
958 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
959 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
960 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
961 };
962
963 /* policy for Service Response Filter attributes */
964 static const struct nla_policy
965 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
966 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
967 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
968 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
969 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
970 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
971 };
972
973 /* policy for packet pattern attributes */
974 static const struct nla_policy
975 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
976 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
977 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
978 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
979 };
980
nl80211_prepare_wdev_dump(struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev,struct nlattr ** attrbuf)981 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
982 struct cfg80211_registered_device **rdev,
983 struct wireless_dev **wdev,
984 struct nlattr **attrbuf)
985 {
986 int err;
987
988 if (!cb->args[0]) {
989 struct nlattr **attrbuf_free = NULL;
990
991 if (!attrbuf) {
992 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
993 GFP_KERNEL);
994 if (!attrbuf)
995 return -ENOMEM;
996 attrbuf_free = attrbuf;
997 }
998
999 err = nlmsg_parse_deprecated(cb->nlh,
1000 GENL_HDRLEN + nl80211_fam.hdrsize,
1001 attrbuf, nl80211_fam.maxattr,
1002 nl80211_policy, NULL);
1003 if (err) {
1004 kfree(attrbuf_free);
1005 return err;
1006 }
1007
1008 rtnl_lock();
1009 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1010 attrbuf);
1011 kfree(attrbuf_free);
1012 if (IS_ERR(*wdev)) {
1013 rtnl_unlock();
1014 return PTR_ERR(*wdev);
1015 }
1016 *rdev = wiphy_to_rdev((*wdev)->wiphy);
1017 mutex_lock(&(*rdev)->wiphy.mtx);
1018 rtnl_unlock();
1019 /* 0 is the first index - add 1 to parse only once */
1020 cb->args[0] = (*rdev)->wiphy_idx + 1;
1021 cb->args[1] = (*wdev)->identifier;
1022 } else {
1023 /* subtract the 1 again here */
1024 struct wiphy *wiphy;
1025 struct wireless_dev *tmp;
1026
1027 rtnl_lock();
1028 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1029 if (!wiphy) {
1030 rtnl_unlock();
1031 return -ENODEV;
1032 }
1033 *rdev = wiphy_to_rdev(wiphy);
1034 *wdev = NULL;
1035
1036 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1037 if (tmp->identifier == cb->args[1]) {
1038 *wdev = tmp;
1039 break;
1040 }
1041 }
1042
1043 if (!*wdev) {
1044 rtnl_unlock();
1045 return -ENODEV;
1046 }
1047 mutex_lock(&(*rdev)->wiphy.mtx);
1048 rtnl_unlock();
1049 }
1050
1051 return 0;
1052 }
1053
1054 /* message building helper */
nl80211hdr_put(struct sk_buff * skb,u32 portid,u32 seq,int flags,u8 cmd)1055 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1056 int flags, u8 cmd)
1057 {
1058 /* since there is no private header just add the generic one */
1059 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1060 }
1061
nl80211_msg_put_wmm_rules(struct sk_buff * msg,const struct ieee80211_reg_rule * rule)1062 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1063 const struct ieee80211_reg_rule *rule)
1064 {
1065 int j;
1066 struct nlattr *nl_wmm_rules =
1067 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1068
1069 if (!nl_wmm_rules)
1070 goto nla_put_failure;
1071
1072 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1073 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1074
1075 if (!nl_wmm_rule)
1076 goto nla_put_failure;
1077
1078 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1079 rule->wmm_rule.client[j].cw_min) ||
1080 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1081 rule->wmm_rule.client[j].cw_max) ||
1082 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1083 rule->wmm_rule.client[j].aifsn) ||
1084 nla_put_u16(msg, NL80211_WMMR_TXOP,
1085 rule->wmm_rule.client[j].cot))
1086 goto nla_put_failure;
1087
1088 nla_nest_end(msg, nl_wmm_rule);
1089 }
1090 nla_nest_end(msg, nl_wmm_rules);
1091
1092 return 0;
1093
1094 nla_put_failure:
1095 return -ENOBUFS;
1096 }
1097
nl80211_msg_put_channel(struct sk_buff * msg,struct wiphy * wiphy,struct ieee80211_channel * chan,bool large)1098 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1099 struct ieee80211_channel *chan,
1100 bool large)
1101 {
1102 /* Some channels must be completely excluded from the
1103 * list to protect old user-space tools from breaking
1104 */
1105 if (!large && chan->flags &
1106 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1107 return 0;
1108 if (!large && chan->freq_offset)
1109 return 0;
1110
1111 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1112 chan->center_freq))
1113 goto nla_put_failure;
1114
1115 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1116 goto nla_put_failure;
1117
1118 if ((chan->flags & IEEE80211_CHAN_PSD) &&
1119 nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1120 goto nla_put_failure;
1121
1122 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1123 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1124 goto nla_put_failure;
1125 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1126 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1127 goto nla_put_failure;
1128 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1129 goto nla_put_failure;
1130 }
1131 if (chan->flags & IEEE80211_CHAN_RADAR) {
1132 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1133 goto nla_put_failure;
1134 if (large) {
1135 u32 time;
1136
1137 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1138
1139 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1140 chan->dfs_state))
1141 goto nla_put_failure;
1142 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1143 time))
1144 goto nla_put_failure;
1145 if (nla_put_u32(msg,
1146 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1147 chan->dfs_cac_ms))
1148 goto nla_put_failure;
1149 }
1150 }
1151
1152 if (large) {
1153 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1154 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1155 goto nla_put_failure;
1156 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1157 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1158 goto nla_put_failure;
1159 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1160 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1161 goto nla_put_failure;
1162 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1163 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1164 goto nla_put_failure;
1165 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1166 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1167 goto nla_put_failure;
1168 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1169 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1170 goto nla_put_failure;
1171 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1172 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1173 goto nla_put_failure;
1174 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1175 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1176 goto nla_put_failure;
1177 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1178 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1179 goto nla_put_failure;
1180 if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1181 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1182 goto nla_put_failure;
1183 if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1184 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1185 goto nla_put_failure;
1186 if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1187 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1188 goto nla_put_failure;
1189 if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1190 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1191 goto nla_put_failure;
1192 if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1193 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1194 goto nla_put_failure;
1195 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1196 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1197 goto nla_put_failure;
1198 if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1199 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1200 goto nla_put_failure;
1201 if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1202 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1203 goto nla_put_failure;
1204 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1205 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1206 goto nla_put_failure;
1207 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1208 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1209 goto nla_put_failure;
1210 if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) &&
1211 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR))
1212 goto nla_put_failure;
1213 if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) &&
1214 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP))
1215 goto nla_put_failure;
1216 }
1217
1218 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1219 DBM_TO_MBM(chan->max_power)))
1220 goto nla_put_failure;
1221
1222 if (large) {
1223 const struct ieee80211_reg_rule *rule =
1224 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1225
1226 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1227 if (nl80211_msg_put_wmm_rules(msg, rule))
1228 goto nla_put_failure;
1229 }
1230 }
1231
1232 return 0;
1233
1234 nla_put_failure:
1235 return -ENOBUFS;
1236 }
1237
nl80211_put_txq_stats(struct sk_buff * msg,struct cfg80211_txq_stats * txqstats,int attrtype)1238 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1239 struct cfg80211_txq_stats *txqstats,
1240 int attrtype)
1241 {
1242 struct nlattr *txqattr;
1243
1244 #define PUT_TXQVAL_U32(attr, memb) do { \
1245 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1246 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1247 return false; \
1248 } while (0)
1249
1250 txqattr = nla_nest_start_noflag(msg, attrtype);
1251 if (!txqattr)
1252 return false;
1253
1254 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1255 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1256 PUT_TXQVAL_U32(FLOWS, flows);
1257 PUT_TXQVAL_U32(DROPS, drops);
1258 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1259 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1260 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1261 PUT_TXQVAL_U32(COLLISIONS, collisions);
1262 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1263 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1264 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1265 nla_nest_end(msg, txqattr);
1266
1267 #undef PUT_TXQVAL_U32
1268 return true;
1269 }
1270
1271 /* netlink command implementations */
1272
1273 /**
1274 * nl80211_link_id - return link ID
1275 * @attrs: attributes to look at
1276 *
1277 * Returns: the link ID or 0 if not given
1278 *
1279 * Note this function doesn't do any validation of the link
1280 * ID validity wrt. links that were actually added, so it must
1281 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1282 * or if additional validation is done.
1283 */
nl80211_link_id(struct nlattr ** attrs)1284 static unsigned int nl80211_link_id(struct nlattr **attrs)
1285 {
1286 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1287
1288 if (!linkid)
1289 return 0;
1290
1291 return nla_get_u8(linkid);
1292 }
1293
nl80211_link_id_or_invalid(struct nlattr ** attrs)1294 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1295 {
1296 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1297
1298 if (!linkid)
1299 return -1;
1300
1301 return nla_get_u8(linkid);
1302 }
1303
1304 struct key_parse {
1305 struct key_params p;
1306 int idx;
1307 int type;
1308 bool def, defmgmt, defbeacon;
1309 bool def_uni, def_multi;
1310 };
1311
nl80211_parse_key_new(struct genl_info * info,struct nlattr * key,struct key_parse * k)1312 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1313 struct key_parse *k)
1314 {
1315 struct nlattr *tb[NL80211_KEY_MAX + 1];
1316 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1317 nl80211_key_policy,
1318 info->extack);
1319 if (err)
1320 return err;
1321
1322 k->def = !!tb[NL80211_KEY_DEFAULT];
1323 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1324 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1325
1326 if (k->def) {
1327 k->def_uni = true;
1328 k->def_multi = true;
1329 }
1330 if (k->defmgmt || k->defbeacon)
1331 k->def_multi = true;
1332
1333 if (tb[NL80211_KEY_IDX])
1334 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1335
1336 if (tb[NL80211_KEY_DATA]) {
1337 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1338 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1339 }
1340
1341 if (tb[NL80211_KEY_SEQ]) {
1342 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1343 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1344 }
1345
1346 if (tb[NL80211_KEY_CIPHER])
1347 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1348
1349 if (tb[NL80211_KEY_TYPE])
1350 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1351
1352 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1353 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1354
1355 err = nla_parse_nested_deprecated(kdt,
1356 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1357 tb[NL80211_KEY_DEFAULT_TYPES],
1358 nl80211_key_default_policy,
1359 info->extack);
1360 if (err)
1361 return err;
1362
1363 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1364 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1365 }
1366
1367 if (tb[NL80211_KEY_MODE])
1368 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1369
1370 return 0;
1371 }
1372
nl80211_parse_key_old(struct genl_info * info,struct key_parse * k)1373 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1374 {
1375 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1376 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1377 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1378 }
1379
1380 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1381 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1382 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1383 }
1384
1385 if (info->attrs[NL80211_ATTR_KEY_IDX])
1386 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1387
1388 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1389 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1390
1391 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1392 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1393
1394 if (k->def) {
1395 k->def_uni = true;
1396 k->def_multi = true;
1397 }
1398 if (k->defmgmt)
1399 k->def_multi = true;
1400
1401 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1402 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1403
1404 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1405 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1406 int err = nla_parse_nested_deprecated(kdt,
1407 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1408 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1409 nl80211_key_default_policy,
1410 info->extack);
1411 if (err)
1412 return err;
1413
1414 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1415 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1416 }
1417
1418 return 0;
1419 }
1420
nl80211_parse_key(struct genl_info * info,struct key_parse * k)1421 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1422 {
1423 int err;
1424
1425 memset(k, 0, sizeof(*k));
1426 k->idx = -1;
1427 k->type = -1;
1428
1429 if (info->attrs[NL80211_ATTR_KEY])
1430 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1431 else
1432 err = nl80211_parse_key_old(info, k);
1433
1434 if (err)
1435 return err;
1436
1437 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1438 (k->defbeacon ? 1 : 0) > 1) {
1439 GENL_SET_ERR_MSG(info,
1440 "key with multiple default flags is invalid");
1441 return -EINVAL;
1442 }
1443
1444 if (k->defmgmt || k->defbeacon) {
1445 if (k->def_uni || !k->def_multi) {
1446 GENL_SET_ERR_MSG(info,
1447 "defmgmt/defbeacon key must be mcast");
1448 return -EINVAL;
1449 }
1450 }
1451
1452 if (k->idx != -1) {
1453 if (k->defmgmt) {
1454 if (k->idx < 4 || k->idx > 5) {
1455 GENL_SET_ERR_MSG(info,
1456 "defmgmt key idx not 4 or 5");
1457 return -EINVAL;
1458 }
1459 } else if (k->defbeacon) {
1460 if (k->idx < 6 || k->idx > 7) {
1461 GENL_SET_ERR_MSG(info,
1462 "defbeacon key idx not 6 or 7");
1463 return -EINVAL;
1464 }
1465 } else if (k->def) {
1466 if (k->idx < 0 || k->idx > 3) {
1467 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1468 return -EINVAL;
1469 }
1470 } else {
1471 if (k->idx < 0 || k->idx > 7) {
1472 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1473 return -EINVAL;
1474 }
1475 }
1476 }
1477
1478 return 0;
1479 }
1480
1481 static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device * rdev,struct genl_info * info,bool * no_ht)1482 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1483 struct genl_info *info, bool *no_ht)
1484 {
1485 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1486 struct key_parse parse;
1487 struct nlattr *key;
1488 struct cfg80211_cached_keys *result;
1489 int rem, err, def = 0;
1490 bool have_key = false;
1491
1492 nla_for_each_nested(key, keys, rem) {
1493 have_key = true;
1494 break;
1495 }
1496
1497 if (!have_key)
1498 return NULL;
1499
1500 result = kzalloc(sizeof(*result), GFP_KERNEL);
1501 if (!result)
1502 return ERR_PTR(-ENOMEM);
1503
1504 result->def = -1;
1505
1506 nla_for_each_nested(key, keys, rem) {
1507 memset(&parse, 0, sizeof(parse));
1508 parse.idx = -1;
1509
1510 err = nl80211_parse_key_new(info, key, &parse);
1511 if (err)
1512 goto error;
1513 err = -EINVAL;
1514 if (!parse.p.key)
1515 goto error;
1516 if (parse.idx < 0 || parse.idx > 3) {
1517 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1518 goto error;
1519 }
1520 if (parse.def) {
1521 if (def) {
1522 GENL_SET_ERR_MSG(info,
1523 "only one key can be default");
1524 goto error;
1525 }
1526 def = 1;
1527 result->def = parse.idx;
1528 if (!parse.def_uni || !parse.def_multi)
1529 goto error;
1530 } else if (parse.defmgmt)
1531 goto error;
1532 err = cfg80211_validate_key_settings(rdev, &parse.p,
1533 parse.idx, false, NULL);
1534 if (err)
1535 goto error;
1536 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1537 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1538 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1539 err = -EINVAL;
1540 goto error;
1541 }
1542 result->params[parse.idx].cipher = parse.p.cipher;
1543 result->params[parse.idx].key_len = parse.p.key_len;
1544 result->params[parse.idx].key = result->data[parse.idx];
1545 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1546
1547 /* must be WEP key if we got here */
1548 if (no_ht)
1549 *no_ht = true;
1550 }
1551
1552 if (result->def < 0) {
1553 err = -EINVAL;
1554 GENL_SET_ERR_MSG(info, "need a default/TX key");
1555 goto error;
1556 }
1557
1558 return result;
1559 error:
1560 kfree(result);
1561 return ERR_PTR(err);
1562 }
1563
nl80211_key_allowed(struct wireless_dev * wdev)1564 static int nl80211_key_allowed(struct wireless_dev *wdev)
1565 {
1566 lockdep_assert_wiphy(wdev->wiphy);
1567
1568 switch (wdev->iftype) {
1569 case NL80211_IFTYPE_AP:
1570 case NL80211_IFTYPE_AP_VLAN:
1571 case NL80211_IFTYPE_P2P_GO:
1572 case NL80211_IFTYPE_MESH_POINT:
1573 break;
1574 case NL80211_IFTYPE_ADHOC:
1575 if (wdev->u.ibss.current_bss)
1576 return 0;
1577 return -ENOLINK;
1578 case NL80211_IFTYPE_STATION:
1579 case NL80211_IFTYPE_P2P_CLIENT:
1580 if (wdev->connected)
1581 return 0;
1582 return -ENOLINK;
1583 case NL80211_IFTYPE_NAN:
1584 if (wiphy_ext_feature_isset(wdev->wiphy,
1585 NL80211_EXT_FEATURE_SECURE_NAN))
1586 return 0;
1587 return -EINVAL;
1588 case NL80211_IFTYPE_UNSPECIFIED:
1589 case NL80211_IFTYPE_OCB:
1590 case NL80211_IFTYPE_MONITOR:
1591 case NL80211_IFTYPE_P2P_DEVICE:
1592 case NL80211_IFTYPE_WDS:
1593 case NUM_NL80211_IFTYPES:
1594 return -EINVAL;
1595 }
1596
1597 return 0;
1598 }
1599
nl80211_get_valid_chan(struct wiphy * wiphy,u32 freq)1600 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1601 u32 freq)
1602 {
1603 struct ieee80211_channel *chan;
1604
1605 chan = ieee80211_get_channel_khz(wiphy, freq);
1606 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1607 return NULL;
1608 return chan;
1609 }
1610
nl80211_put_iftypes(struct sk_buff * msg,u32 attr,u16 ifmodes)1611 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1612 {
1613 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1614 int i;
1615
1616 if (!nl_modes)
1617 goto nla_put_failure;
1618
1619 i = 0;
1620 while (ifmodes) {
1621 if ((ifmodes & 1) && nla_put_flag(msg, i))
1622 goto nla_put_failure;
1623 ifmodes >>= 1;
1624 i++;
1625 }
1626
1627 nla_nest_end(msg, nl_modes);
1628 return 0;
1629
1630 nla_put_failure:
1631 return -ENOBUFS;
1632 }
1633
nl80211_put_ifcomb_data(struct sk_buff * msg,bool large,int idx,const struct ieee80211_iface_combination * c,u16 nested)1634 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx,
1635 const struct ieee80211_iface_combination *c,
1636 u16 nested)
1637 {
1638 struct nlattr *nl_combi, *nl_limits;
1639 int i;
1640
1641 nl_combi = nla_nest_start_noflag(msg, idx | nested);
1642 if (!nl_combi)
1643 goto nla_put_failure;
1644
1645 nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS |
1646 nested);
1647 if (!nl_limits)
1648 goto nla_put_failure;
1649
1650 for (i = 0; i < c->n_limits; i++) {
1651 struct nlattr *nl_limit;
1652
1653 nl_limit = nla_nest_start_noflag(msg, i + 1);
1654 if (!nl_limit)
1655 goto nla_put_failure;
1656 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max))
1657 goto nla_put_failure;
1658 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1659 c->limits[i].types))
1660 goto nla_put_failure;
1661 nla_nest_end(msg, nl_limit);
1662 }
1663
1664 nla_nest_end(msg, nl_limits);
1665
1666 if (c->beacon_int_infra_match &&
1667 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1668 goto nla_put_failure;
1669 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1670 c->num_different_channels) ||
1671 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1672 c->max_interfaces))
1673 goto nla_put_failure;
1674 if (large &&
1675 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1676 c->radar_detect_widths) ||
1677 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1678 c->radar_detect_regions)))
1679 goto nla_put_failure;
1680 if (c->beacon_int_min_gcd &&
1681 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1682 c->beacon_int_min_gcd))
1683 goto nla_put_failure;
1684
1685 nla_nest_end(msg, nl_combi);
1686
1687 return 0;
1688 nla_put_failure:
1689 return -ENOBUFS;
1690 }
1691
nl80211_put_iface_combinations(struct wiphy * wiphy,struct sk_buff * msg,int attr,int radio,bool large,u16 nested)1692 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1693 struct sk_buff *msg,
1694 int attr, int radio,
1695 bool large, u16 nested)
1696 {
1697 const struct ieee80211_iface_combination *c;
1698 struct nlattr *nl_combis;
1699 int i, n;
1700
1701 nl_combis = nla_nest_start_noflag(msg, attr | nested);
1702 if (!nl_combis)
1703 goto nla_put_failure;
1704
1705 if (radio >= 0) {
1706 c = wiphy->radio[0].iface_combinations;
1707 n = wiphy->radio[0].n_iface_combinations;
1708 } else {
1709 c = wiphy->iface_combinations;
1710 n = wiphy->n_iface_combinations;
1711 }
1712 for (i = 0; i < n; i++)
1713 if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested))
1714 goto nla_put_failure;
1715
1716 nla_nest_end(msg, nl_combis);
1717
1718 return 0;
1719 nla_put_failure:
1720 return -ENOBUFS;
1721 }
1722
1723 #ifdef CONFIG_PM
nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1724 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1725 struct sk_buff *msg)
1726 {
1727 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1728 struct nlattr *nl_tcp;
1729
1730 if (!tcp)
1731 return 0;
1732
1733 nl_tcp = nla_nest_start_noflag(msg,
1734 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1735 if (!nl_tcp)
1736 return -ENOBUFS;
1737
1738 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1739 tcp->data_payload_max))
1740 return -ENOBUFS;
1741
1742 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1743 tcp->data_payload_max))
1744 return -ENOBUFS;
1745
1746 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1747 return -ENOBUFS;
1748
1749 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1750 sizeof(*tcp->tok), tcp->tok))
1751 return -ENOBUFS;
1752
1753 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1754 tcp->data_interval_max))
1755 return -ENOBUFS;
1756
1757 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1758 tcp->wake_payload_max))
1759 return -ENOBUFS;
1760
1761 nla_nest_end(msg, nl_tcp);
1762 return 0;
1763 }
1764
nl80211_send_wowlan(struct sk_buff * msg,struct cfg80211_registered_device * rdev,bool large)1765 static int nl80211_send_wowlan(struct sk_buff *msg,
1766 struct cfg80211_registered_device *rdev,
1767 bool large)
1768 {
1769 struct nlattr *nl_wowlan;
1770
1771 if (!rdev->wiphy.wowlan)
1772 return 0;
1773
1774 nl_wowlan = nla_nest_start_noflag(msg,
1775 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1776 if (!nl_wowlan)
1777 return -ENOBUFS;
1778
1779 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1780 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1781 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1782 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1783 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1784 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1785 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1786 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1787 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1788 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1789 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1790 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1791 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1792 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1793 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1794 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1795 return -ENOBUFS;
1796
1797 if (rdev->wiphy.wowlan->n_patterns) {
1798 struct nl80211_pattern_support pat = {
1799 .max_patterns = rdev->wiphy.wowlan->n_patterns,
1800 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1801 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1802 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1803 };
1804
1805 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1806 sizeof(pat), &pat))
1807 return -ENOBUFS;
1808 }
1809
1810 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1811 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1812 rdev->wiphy.wowlan->max_nd_match_sets))
1813 return -ENOBUFS;
1814
1815 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1816 return -ENOBUFS;
1817
1818 nla_nest_end(msg, nl_wowlan);
1819
1820 return 0;
1821 }
1822 #endif
1823
nl80211_send_coalesce(struct sk_buff * msg,struct cfg80211_registered_device * rdev)1824 static int nl80211_send_coalesce(struct sk_buff *msg,
1825 struct cfg80211_registered_device *rdev)
1826 {
1827 struct nl80211_coalesce_rule_support rule;
1828
1829 if (!rdev->wiphy.coalesce)
1830 return 0;
1831
1832 rule.max_rules = rdev->wiphy.coalesce->n_rules;
1833 rule.max_delay = rdev->wiphy.coalesce->max_delay;
1834 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1835 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1836 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1837 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1838
1839 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1840 return -ENOBUFS;
1841
1842 return 0;
1843 }
1844
1845 static int
nl80211_send_iftype_data(struct sk_buff * msg,const struct ieee80211_supported_band * sband,const struct ieee80211_sband_iftype_data * iftdata)1846 nl80211_send_iftype_data(struct sk_buff *msg,
1847 const struct ieee80211_supported_band *sband,
1848 const struct ieee80211_sband_iftype_data *iftdata)
1849 {
1850 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1851 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
1852
1853 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1854 iftdata->types_mask))
1855 return -ENOBUFS;
1856
1857 if (he_cap->has_he) {
1858 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1859 sizeof(he_cap->he_cap_elem.mac_cap_info),
1860 he_cap->he_cap_elem.mac_cap_info) ||
1861 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1862 sizeof(he_cap->he_cap_elem.phy_cap_info),
1863 he_cap->he_cap_elem.phy_cap_info) ||
1864 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1865 sizeof(he_cap->he_mcs_nss_supp),
1866 &he_cap->he_mcs_nss_supp) ||
1867 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1868 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1869 return -ENOBUFS;
1870 }
1871
1872 if (eht_cap->has_eht && he_cap->has_he) {
1873 u8 mcs_nss_size, ppe_thresh_size;
1874 u16 ppe_thres_hdr;
1875 bool is_ap;
1876
1877 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
1878 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
1879
1880 mcs_nss_size =
1881 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
1882 &eht_cap->eht_cap_elem,
1883 is_ap);
1884
1885 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
1886 ppe_thresh_size =
1887 ieee80211_eht_ppe_size(ppe_thres_hdr,
1888 eht_cap->eht_cap_elem.phy_cap_info);
1889
1890 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
1891 sizeof(eht_cap->eht_cap_elem.mac_cap_info),
1892 eht_cap->eht_cap_elem.mac_cap_info) ||
1893 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
1894 sizeof(eht_cap->eht_cap_elem.phy_cap_info),
1895 eht_cap->eht_cap_elem.phy_cap_info) ||
1896 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
1897 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
1898 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
1899 ppe_thresh_size, eht_cap->eht_ppe_thres))
1900 return -ENOBUFS;
1901 }
1902
1903 if (sband->band == NL80211_BAND_6GHZ &&
1904 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1905 sizeof(iftdata->he_6ghz_capa),
1906 &iftdata->he_6ghz_capa))
1907 return -ENOBUFS;
1908
1909 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
1910 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
1911 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
1912 return -ENOBUFS;
1913
1914 return 0;
1915 }
1916
nl80211_send_band_rateinfo(struct sk_buff * msg,struct ieee80211_supported_band * sband,bool large)1917 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1918 struct ieee80211_supported_band *sband,
1919 bool large)
1920 {
1921 struct nlattr *nl_rates, *nl_rate;
1922 struct ieee80211_rate *rate;
1923 int i;
1924
1925 /* add HT info */
1926 if (sband->ht_cap.ht_supported &&
1927 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1928 sizeof(sband->ht_cap.mcs),
1929 &sband->ht_cap.mcs) ||
1930 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1931 sband->ht_cap.cap) ||
1932 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1933 sband->ht_cap.ampdu_factor) ||
1934 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1935 sband->ht_cap.ampdu_density)))
1936 return -ENOBUFS;
1937
1938 /* add VHT info */
1939 if (sband->vht_cap.vht_supported &&
1940 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1941 sizeof(sband->vht_cap.vht_mcs),
1942 &sband->vht_cap.vht_mcs) ||
1943 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1944 sband->vht_cap.cap)))
1945 return -ENOBUFS;
1946
1947 if (large && sband->n_iftype_data) {
1948 struct nlattr *nl_iftype_data =
1949 nla_nest_start_noflag(msg,
1950 NL80211_BAND_ATTR_IFTYPE_DATA);
1951 const struct ieee80211_sband_iftype_data *iftd;
1952 int err;
1953
1954 if (!nl_iftype_data)
1955 return -ENOBUFS;
1956
1957 for_each_sband_iftype_data(sband, i, iftd) {
1958 struct nlattr *iftdata;
1959
1960 iftdata = nla_nest_start_noflag(msg, i + 1);
1961 if (!iftdata)
1962 return -ENOBUFS;
1963
1964 err = nl80211_send_iftype_data(msg, sband, iftd);
1965 if (err)
1966 return err;
1967
1968 nla_nest_end(msg, iftdata);
1969 }
1970
1971 nla_nest_end(msg, nl_iftype_data);
1972 }
1973
1974 /* add EDMG info */
1975 if (large && sband->edmg_cap.channels &&
1976 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1977 sband->edmg_cap.channels) ||
1978 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1979 sband->edmg_cap.bw_config)))
1980
1981 return -ENOBUFS;
1982
1983 /* add bitrates */
1984 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1985 if (!nl_rates)
1986 return -ENOBUFS;
1987
1988 for (i = 0; i < sband->n_bitrates; i++) {
1989 nl_rate = nla_nest_start_noflag(msg, i);
1990 if (!nl_rate)
1991 return -ENOBUFS;
1992
1993 rate = &sband->bitrates[i];
1994 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1995 rate->bitrate))
1996 return -ENOBUFS;
1997 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1998 nla_put_flag(msg,
1999 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
2000 return -ENOBUFS;
2001
2002 nla_nest_end(msg, nl_rate);
2003 }
2004
2005 nla_nest_end(msg, nl_rates);
2006
2007 /* S1G capabilities */
2008 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
2009 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
2010 sizeof(sband->s1g_cap.cap),
2011 sband->s1g_cap.cap) ||
2012 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
2013 sizeof(sband->s1g_cap.nss_mcs),
2014 sband->s1g_cap.nss_mcs)))
2015 return -ENOBUFS;
2016
2017 return 0;
2018 }
2019
2020 static int
nl80211_send_mgmt_stypes(struct sk_buff * msg,const struct ieee80211_txrx_stypes * mgmt_stypes)2021 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2022 const struct ieee80211_txrx_stypes *mgmt_stypes)
2023 {
2024 u16 stypes;
2025 struct nlattr *nl_ftypes, *nl_ifs;
2026 enum nl80211_iftype ift;
2027 int i;
2028
2029 if (!mgmt_stypes)
2030 return 0;
2031
2032 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2033 if (!nl_ifs)
2034 return -ENOBUFS;
2035
2036 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2037 nl_ftypes = nla_nest_start_noflag(msg, ift);
2038 if (!nl_ftypes)
2039 return -ENOBUFS;
2040 i = 0;
2041 stypes = mgmt_stypes[ift].tx;
2042 while (stypes) {
2043 if ((stypes & 1) &&
2044 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2045 (i << 4) | IEEE80211_FTYPE_MGMT))
2046 return -ENOBUFS;
2047 stypes >>= 1;
2048 i++;
2049 }
2050 nla_nest_end(msg, nl_ftypes);
2051 }
2052
2053 nla_nest_end(msg, nl_ifs);
2054
2055 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2056 if (!nl_ifs)
2057 return -ENOBUFS;
2058
2059 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2060 nl_ftypes = nla_nest_start_noflag(msg, ift);
2061 if (!nl_ftypes)
2062 return -ENOBUFS;
2063 i = 0;
2064 stypes = mgmt_stypes[ift].rx;
2065 while (stypes) {
2066 if ((stypes & 1) &&
2067 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2068 (i << 4) | IEEE80211_FTYPE_MGMT))
2069 return -ENOBUFS;
2070 stypes >>= 1;
2071 i++;
2072 }
2073 nla_nest_end(msg, nl_ftypes);
2074 }
2075 nla_nest_end(msg, nl_ifs);
2076
2077 return 0;
2078 }
2079
2080 #define CMD(op, n) \
2081 do { \
2082 if (rdev->ops->op) { \
2083 i++; \
2084 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
2085 goto nla_put_failure; \
2086 } \
2087 } while (0)
2088
nl80211_add_commands_unsplit(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2089 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2090 struct sk_buff *msg)
2091 {
2092 int i = 0;
2093
2094 /*
2095 * do *NOT* add anything into this function, new things need to be
2096 * advertised only to new versions of userspace that can deal with
2097 * the split (and they can't possibly care about new features...
2098 */
2099 CMD(add_virtual_intf, NEW_INTERFACE);
2100 CMD(change_virtual_intf, SET_INTERFACE);
2101 CMD(add_key, NEW_KEY);
2102 CMD(start_ap, START_AP);
2103 CMD(add_station, NEW_STATION);
2104 CMD(add_mpath, NEW_MPATH);
2105 CMD(update_mesh_config, SET_MESH_CONFIG);
2106 CMD(change_bss, SET_BSS);
2107 CMD(auth, AUTHENTICATE);
2108 CMD(assoc, ASSOCIATE);
2109 CMD(deauth, DEAUTHENTICATE);
2110 CMD(disassoc, DISASSOCIATE);
2111 CMD(join_ibss, JOIN_IBSS);
2112 CMD(join_mesh, JOIN_MESH);
2113 CMD(set_pmksa, SET_PMKSA);
2114 CMD(del_pmksa, DEL_PMKSA);
2115 CMD(flush_pmksa, FLUSH_PMKSA);
2116 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2117 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2118 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2119 CMD(mgmt_tx, FRAME);
2120 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2121 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2122 i++;
2123 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2124 goto nla_put_failure;
2125 }
2126 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2127 rdev->ops->join_mesh) {
2128 i++;
2129 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2130 goto nla_put_failure;
2131 }
2132 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2133 CMD(tdls_mgmt, TDLS_MGMT);
2134 CMD(tdls_oper, TDLS_OPER);
2135 }
2136 if (rdev->wiphy.max_sched_scan_reqs)
2137 CMD(sched_scan_start, START_SCHED_SCAN);
2138 CMD(probe_client, PROBE_CLIENT);
2139 CMD(set_noack_map, SET_NOACK_MAP);
2140 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2141 i++;
2142 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2143 goto nla_put_failure;
2144 }
2145 CMD(start_p2p_device, START_P2P_DEVICE);
2146 CMD(set_mcast_rate, SET_MCAST_RATE);
2147 #ifdef CONFIG_NL80211_TESTMODE
2148 CMD(testmode_cmd, TESTMODE);
2149 #endif
2150
2151 if (rdev->ops->connect || rdev->ops->auth) {
2152 i++;
2153 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2154 goto nla_put_failure;
2155 }
2156
2157 if (rdev->ops->disconnect || rdev->ops->deauth) {
2158 i++;
2159 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2160 goto nla_put_failure;
2161 }
2162
2163 return i;
2164 nla_put_failure:
2165 return -ENOBUFS;
2166 }
2167
2168 static int
nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities * cap,struct sk_buff * msg)2169 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2170 struct sk_buff *msg)
2171 {
2172 struct nlattr *ftm;
2173
2174 if (!cap->ftm.supported)
2175 return 0;
2176
2177 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2178 if (!ftm)
2179 return -ENOBUFS;
2180
2181 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2182 return -ENOBUFS;
2183 if (cap->ftm.non_asap &&
2184 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2185 return -ENOBUFS;
2186 if (cap->ftm.request_lci &&
2187 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2188 return -ENOBUFS;
2189 if (cap->ftm.request_civicloc &&
2190 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2191 return -ENOBUFS;
2192 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2193 cap->ftm.preambles))
2194 return -ENOBUFS;
2195 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2196 cap->ftm.bandwidths))
2197 return -ENOBUFS;
2198 if (cap->ftm.max_bursts_exponent >= 0 &&
2199 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2200 cap->ftm.max_bursts_exponent))
2201 return -ENOBUFS;
2202 if (cap->ftm.max_ftms_per_burst &&
2203 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2204 cap->ftm.max_ftms_per_burst))
2205 return -ENOBUFS;
2206 if (cap->ftm.trigger_based &&
2207 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2208 return -ENOBUFS;
2209 if (cap->ftm.non_trigger_based &&
2210 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2211 return -ENOBUFS;
2212
2213 nla_nest_end(msg, ftm);
2214 return 0;
2215 }
2216
nl80211_send_pmsr_capa(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2217 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2218 struct sk_buff *msg)
2219 {
2220 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2221 struct nlattr *pmsr, *caps;
2222
2223 if (!cap)
2224 return 0;
2225
2226 /*
2227 * we don't need to clean up anything here since the caller
2228 * will genlmsg_cancel() if we fail
2229 */
2230
2231 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2232 if (!pmsr)
2233 return -ENOBUFS;
2234
2235 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2236 return -ENOBUFS;
2237
2238 if (cap->report_ap_tsf &&
2239 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2240 return -ENOBUFS;
2241
2242 if (cap->randomize_mac_addr &&
2243 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2244 return -ENOBUFS;
2245
2246 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2247 if (!caps)
2248 return -ENOBUFS;
2249
2250 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2251 return -ENOBUFS;
2252
2253 nla_nest_end(msg, caps);
2254 nla_nest_end(msg, pmsr);
2255
2256 return 0;
2257 }
2258
2259 static int
nl80211_put_iftype_akm_suites(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2260 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2261 struct sk_buff *msg)
2262 {
2263 int i;
2264 struct nlattr *nested, *nested_akms;
2265 const struct wiphy_iftype_akm_suites *iftype_akms;
2266
2267 if (!rdev->wiphy.num_iftype_akm_suites ||
2268 !rdev->wiphy.iftype_akm_suites)
2269 return 0;
2270
2271 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2272 if (!nested)
2273 return -ENOBUFS;
2274
2275 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2276 nested_akms = nla_nest_start(msg, i + 1);
2277 if (!nested_akms)
2278 return -ENOBUFS;
2279
2280 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2281
2282 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2283 iftype_akms->iftypes_mask))
2284 return -ENOBUFS;
2285
2286 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2287 sizeof(u32) * iftype_akms->n_akm_suites,
2288 iftype_akms->akm_suites)) {
2289 return -ENOBUFS;
2290 }
2291 nla_nest_end(msg, nested_akms);
2292 }
2293
2294 nla_nest_end(msg, nested);
2295
2296 return 0;
2297 }
2298
2299 static int
nl80211_put_tid_config_support(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2300 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2301 struct sk_buff *msg)
2302 {
2303 struct nlattr *supp;
2304
2305 if (!rdev->wiphy.tid_config_support.vif &&
2306 !rdev->wiphy.tid_config_support.peer)
2307 return 0;
2308
2309 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2310 if (!supp)
2311 return -ENOSPC;
2312
2313 if (rdev->wiphy.tid_config_support.vif &&
2314 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2315 rdev->wiphy.tid_config_support.vif,
2316 NL80211_TID_CONFIG_ATTR_PAD))
2317 goto fail;
2318
2319 if (rdev->wiphy.tid_config_support.peer &&
2320 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2321 rdev->wiphy.tid_config_support.peer,
2322 NL80211_TID_CONFIG_ATTR_PAD))
2323 goto fail;
2324
2325 /* for now we just use the same value ... makes more sense */
2326 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2327 rdev->wiphy.tid_config_support.max_retry))
2328 goto fail;
2329 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2330 rdev->wiphy.tid_config_support.max_retry))
2331 goto fail;
2332
2333 nla_nest_end(msg, supp);
2334
2335 return 0;
2336 fail:
2337 nla_nest_cancel(msg, supp);
2338 return -ENOBUFS;
2339 }
2340
2341 static int
nl80211_put_sar_specs(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2342 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2343 struct sk_buff *msg)
2344 {
2345 struct nlattr *sar_capa, *specs, *sub_freq_range;
2346 u8 num_freq_ranges;
2347 int i;
2348
2349 if (!rdev->wiphy.sar_capa)
2350 return 0;
2351
2352 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2353
2354 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2355 if (!sar_capa)
2356 return -ENOSPC;
2357
2358 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2359 goto fail;
2360
2361 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2362 if (!specs)
2363 goto fail;
2364
2365 /* report supported freq_ranges */
2366 for (i = 0; i < num_freq_ranges; i++) {
2367 sub_freq_range = nla_nest_start(msg, i + 1);
2368 if (!sub_freq_range)
2369 goto fail;
2370
2371 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2372 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2373 goto fail;
2374
2375 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2376 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2377 goto fail;
2378
2379 nla_nest_end(msg, sub_freq_range);
2380 }
2381
2382 nla_nest_end(msg, specs);
2383 nla_nest_end(msg, sar_capa);
2384
2385 return 0;
2386 fail:
2387 nla_nest_cancel(msg, sar_capa);
2388 return -ENOBUFS;
2389 }
2390
nl80211_put_mbssid_support(struct wiphy * wiphy,struct sk_buff * msg)2391 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2392 {
2393 struct nlattr *config;
2394
2395 if (!wiphy->mbssid_max_interfaces)
2396 return 0;
2397
2398 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2399 if (!config)
2400 return -ENOBUFS;
2401
2402 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2403 wiphy->mbssid_max_interfaces))
2404 goto fail;
2405
2406 if (wiphy->ema_max_profile_periodicity &&
2407 nla_put_u8(msg,
2408 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2409 wiphy->ema_max_profile_periodicity))
2410 goto fail;
2411
2412 nla_nest_end(msg, config);
2413 return 0;
2414
2415 fail:
2416 nla_nest_cancel(msg, config);
2417 return -ENOBUFS;
2418 }
2419
nl80211_put_radio(struct wiphy * wiphy,struct sk_buff * msg,int idx)2420 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx)
2421 {
2422 const struct wiphy_radio *r = &wiphy->radio[idx];
2423 struct nlattr *radio, *freq;
2424 int i;
2425
2426 radio = nla_nest_start(msg, idx);
2427 if (!radio)
2428 return -ENOBUFS;
2429
2430 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx))
2431 goto nla_put_failure;
2432
2433 for (i = 0; i < r->n_freq_range; i++) {
2434 const struct wiphy_radio_freq_range *range = &r->freq_range[i];
2435
2436 freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE);
2437 if (!freq)
2438 goto nla_put_failure;
2439
2440 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START,
2441 range->start_freq) ||
2442 nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END,
2443 range->end_freq))
2444 goto nla_put_failure;
2445
2446 nla_nest_end(msg, freq);
2447 }
2448
2449 for (i = 0; i < r->n_iface_combinations; i++)
2450 if (nl80211_put_ifcomb_data(msg, true,
2451 NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION,
2452 &r->iface_combinations[i],
2453 NLA_F_NESTED))
2454 goto nla_put_failure;
2455
2456 nla_nest_end(msg, radio);
2457
2458 return 0;
2459
2460 nla_put_failure:
2461 return -ENOBUFS;
2462 }
2463
nl80211_put_radios(struct wiphy * wiphy,struct sk_buff * msg)2464 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg)
2465 {
2466 struct nlattr *radios;
2467 int i;
2468
2469 if (!wiphy->n_radio)
2470 return 0;
2471
2472 radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS);
2473 if (!radios)
2474 return -ENOBUFS;
2475
2476 for (i = 0; i < wiphy->n_radio; i++)
2477 if (nl80211_put_radio(wiphy, msg, i))
2478 goto fail;
2479
2480 nla_nest_end(msg, radios);
2481
2482 if (nl80211_put_iface_combinations(wiphy, msg,
2483 NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS,
2484 -1, true, NLA_F_NESTED))
2485 return -ENOBUFS;
2486
2487 return 0;
2488
2489 fail:
2490 nla_nest_cancel(msg, radios);
2491 return -ENOBUFS;
2492 }
2493
2494 struct nl80211_dump_wiphy_state {
2495 s64 filter_wiphy;
2496 long start;
2497 long split_start, band_start, chan_start, capa_start;
2498 bool split;
2499 };
2500
nl80211_send_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd,struct sk_buff * msg,u32 portid,u32 seq,int flags,struct nl80211_dump_wiphy_state * state)2501 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2502 enum nl80211_commands cmd,
2503 struct sk_buff *msg, u32 portid, u32 seq,
2504 int flags, struct nl80211_dump_wiphy_state *state)
2505 {
2506 void *hdr;
2507 struct nlattr *nl_bands, *nl_band;
2508 struct nlattr *nl_freqs, *nl_freq;
2509 struct nlattr *nl_cmds;
2510 enum nl80211_band band;
2511 struct ieee80211_channel *chan;
2512 int i;
2513 const struct ieee80211_txrx_stypes *mgmt_stypes =
2514 rdev->wiphy.mgmt_stypes;
2515 u32 features;
2516
2517 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2518 if (!hdr)
2519 return -ENOBUFS;
2520
2521 if (WARN_ON(!state))
2522 return -EINVAL;
2523
2524 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2525 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2526 wiphy_name(&rdev->wiphy)) ||
2527 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2528 cfg80211_rdev_list_generation))
2529 goto nla_put_failure;
2530
2531 if (cmd != NL80211_CMD_NEW_WIPHY)
2532 goto finish;
2533
2534 switch (state->split_start) {
2535 case 0:
2536 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2537 rdev->wiphy.retry_short) ||
2538 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2539 rdev->wiphy.retry_long) ||
2540 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2541 rdev->wiphy.frag_threshold) ||
2542 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2543 rdev->wiphy.rts_threshold) ||
2544 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2545 rdev->wiphy.coverage_class) ||
2546 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2547 rdev->wiphy.max_scan_ssids) ||
2548 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2549 rdev->wiphy.max_sched_scan_ssids) ||
2550 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2551 rdev->wiphy.max_scan_ie_len) ||
2552 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2553 rdev->wiphy.max_sched_scan_ie_len) ||
2554 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2555 rdev->wiphy.max_match_sets))
2556 goto nla_put_failure;
2557
2558 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2559 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2560 goto nla_put_failure;
2561 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2562 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2563 goto nla_put_failure;
2564 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2565 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2566 goto nla_put_failure;
2567 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2568 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2569 goto nla_put_failure;
2570 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2571 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2572 goto nla_put_failure;
2573 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2574 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2575 goto nla_put_failure;
2576 state->split_start++;
2577 if (state->split)
2578 break;
2579 fallthrough;
2580 case 1:
2581 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2582 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2583 rdev->wiphy.cipher_suites))
2584 goto nla_put_failure;
2585
2586 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2587 rdev->wiphy.max_num_pmkids))
2588 goto nla_put_failure;
2589
2590 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2591 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2592 goto nla_put_failure;
2593
2594 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2595 rdev->wiphy.available_antennas_tx) ||
2596 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2597 rdev->wiphy.available_antennas_rx))
2598 goto nla_put_failure;
2599
2600 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2601 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2602 rdev->wiphy.probe_resp_offload))
2603 goto nla_put_failure;
2604
2605 if ((rdev->wiphy.available_antennas_tx ||
2606 rdev->wiphy.available_antennas_rx) &&
2607 rdev->ops->get_antenna) {
2608 u32 tx_ant = 0, rx_ant = 0;
2609 int res;
2610
2611 res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2612 if (!res) {
2613 if (nla_put_u32(msg,
2614 NL80211_ATTR_WIPHY_ANTENNA_TX,
2615 tx_ant) ||
2616 nla_put_u32(msg,
2617 NL80211_ATTR_WIPHY_ANTENNA_RX,
2618 rx_ant))
2619 goto nla_put_failure;
2620 }
2621 }
2622
2623 state->split_start++;
2624 if (state->split)
2625 break;
2626 fallthrough;
2627 case 2:
2628 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2629 rdev->wiphy.interface_modes))
2630 goto nla_put_failure;
2631 state->split_start++;
2632 if (state->split)
2633 break;
2634 fallthrough;
2635 case 3:
2636 nl_bands = nla_nest_start_noflag(msg,
2637 NL80211_ATTR_WIPHY_BANDS);
2638 if (!nl_bands)
2639 goto nla_put_failure;
2640
2641 for (band = state->band_start;
2642 band < (state->split ?
2643 NUM_NL80211_BANDS :
2644 NL80211_BAND_60GHZ + 1);
2645 band++) {
2646 struct ieee80211_supported_band *sband;
2647
2648 /* omit higher bands for ancient software */
2649 if (band > NL80211_BAND_5GHZ && !state->split)
2650 break;
2651
2652 sband = rdev->wiphy.bands[band];
2653
2654 if (!sband)
2655 continue;
2656
2657 nl_band = nla_nest_start_noflag(msg, band);
2658 if (!nl_band)
2659 goto nla_put_failure;
2660
2661 switch (state->chan_start) {
2662 case 0:
2663 if (nl80211_send_band_rateinfo(msg, sband,
2664 state->split))
2665 goto nla_put_failure;
2666 state->chan_start++;
2667 if (state->split)
2668 break;
2669 fallthrough;
2670 default:
2671 /* add frequencies */
2672 nl_freqs = nla_nest_start_noflag(msg,
2673 NL80211_BAND_ATTR_FREQS);
2674 if (!nl_freqs)
2675 goto nla_put_failure;
2676
2677 for (i = state->chan_start - 1;
2678 i < sband->n_channels;
2679 i++) {
2680 nl_freq = nla_nest_start_noflag(msg,
2681 i);
2682 if (!nl_freq)
2683 goto nla_put_failure;
2684
2685 chan = &sband->channels[i];
2686
2687 if (nl80211_msg_put_channel(
2688 msg, &rdev->wiphy, chan,
2689 state->split))
2690 goto nla_put_failure;
2691
2692 nla_nest_end(msg, nl_freq);
2693 if (state->split)
2694 break;
2695 }
2696 if (i < sband->n_channels)
2697 state->chan_start = i + 2;
2698 else
2699 state->chan_start = 0;
2700 nla_nest_end(msg, nl_freqs);
2701 }
2702
2703 nla_nest_end(msg, nl_band);
2704
2705 if (state->split) {
2706 /* start again here */
2707 if (state->chan_start)
2708 band--;
2709 break;
2710 }
2711 }
2712 nla_nest_end(msg, nl_bands);
2713
2714 if (band < NUM_NL80211_BANDS)
2715 state->band_start = band + 1;
2716 else
2717 state->band_start = 0;
2718
2719 /* if bands & channels are done, continue outside */
2720 if (state->band_start == 0 && state->chan_start == 0)
2721 state->split_start++;
2722 if (state->split)
2723 break;
2724 fallthrough;
2725 case 4:
2726 nl_cmds = nla_nest_start_noflag(msg,
2727 NL80211_ATTR_SUPPORTED_COMMANDS);
2728 if (!nl_cmds)
2729 goto nla_put_failure;
2730
2731 i = nl80211_add_commands_unsplit(rdev, msg);
2732 if (i < 0)
2733 goto nla_put_failure;
2734 if (state->split) {
2735 CMD(crit_proto_start, CRIT_PROTOCOL_START);
2736 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2737 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2738 CMD(channel_switch, CHANNEL_SWITCH);
2739 CMD(set_qos_map, SET_QOS_MAP);
2740 if (rdev->wiphy.features &
2741 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2742 CMD(add_tx_ts, ADD_TX_TS);
2743 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2744 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2745 CMD(update_ft_ies, UPDATE_FT_IES);
2746 if (rdev->wiphy.sar_capa)
2747 CMD(set_sar_specs, SET_SAR_SPECS);
2748 }
2749 #undef CMD
2750
2751 nla_nest_end(msg, nl_cmds);
2752 state->split_start++;
2753 if (state->split)
2754 break;
2755 fallthrough;
2756 case 5:
2757 if (rdev->ops->remain_on_channel &&
2758 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2759 nla_put_u32(msg,
2760 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2761 rdev->wiphy.max_remain_on_channel_duration))
2762 goto nla_put_failure;
2763
2764 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2765 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2766 goto nla_put_failure;
2767
2768 state->split_start++;
2769 if (state->split)
2770 break;
2771 fallthrough;
2772 case 6:
2773 #ifdef CONFIG_PM
2774 if (nl80211_send_wowlan(msg, rdev, state->split))
2775 goto nla_put_failure;
2776 state->split_start++;
2777 if (state->split)
2778 break;
2779 #else
2780 state->split_start++;
2781 #endif
2782 fallthrough;
2783 case 7:
2784 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2785 rdev->wiphy.software_iftypes))
2786 goto nla_put_failure;
2787
2788 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2789 NL80211_ATTR_INTERFACE_COMBINATIONS,
2790 rdev->wiphy.n_radio ? 0 : -1,
2791 state->split, 0))
2792 goto nla_put_failure;
2793
2794 state->split_start++;
2795 if (state->split)
2796 break;
2797 fallthrough;
2798 case 8:
2799 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2800 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2801 rdev->wiphy.ap_sme_capa))
2802 goto nla_put_failure;
2803
2804 features = rdev->wiphy.features;
2805 /*
2806 * We can only add the per-channel limit information if the
2807 * dump is split, otherwise it makes it too big. Therefore
2808 * only advertise it in that case.
2809 */
2810 if (state->split)
2811 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2812 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2813 goto nla_put_failure;
2814
2815 if (rdev->wiphy.ht_capa_mod_mask &&
2816 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2817 sizeof(*rdev->wiphy.ht_capa_mod_mask),
2818 rdev->wiphy.ht_capa_mod_mask))
2819 goto nla_put_failure;
2820
2821 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2822 rdev->wiphy.max_acl_mac_addrs &&
2823 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2824 rdev->wiphy.max_acl_mac_addrs))
2825 goto nla_put_failure;
2826
2827 /*
2828 * Any information below this point is only available to
2829 * applications that can deal with it being split. This
2830 * helps ensure that newly added capabilities don't break
2831 * older tools by overrunning their buffers.
2832 *
2833 * We still increment split_start so that in the split
2834 * case we'll continue with more data in the next round,
2835 * but break unconditionally so unsplit data stops here.
2836 */
2837 if (state->split)
2838 state->split_start++;
2839 else
2840 state->split_start = 0;
2841 break;
2842 case 9:
2843 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2844 goto nla_put_failure;
2845
2846 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2847 rdev->wiphy.max_sched_scan_plans) ||
2848 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2849 rdev->wiphy.max_sched_scan_plan_interval) ||
2850 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2851 rdev->wiphy.max_sched_scan_plan_iterations))
2852 goto nla_put_failure;
2853
2854 if (rdev->wiphy.extended_capabilities &&
2855 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2856 rdev->wiphy.extended_capabilities_len,
2857 rdev->wiphy.extended_capabilities) ||
2858 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2859 rdev->wiphy.extended_capabilities_len,
2860 rdev->wiphy.extended_capabilities_mask)))
2861 goto nla_put_failure;
2862
2863 if (rdev->wiphy.vht_capa_mod_mask &&
2864 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2865 sizeof(*rdev->wiphy.vht_capa_mod_mask),
2866 rdev->wiphy.vht_capa_mod_mask))
2867 goto nla_put_failure;
2868
2869 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2870 rdev->wiphy.perm_addr))
2871 goto nla_put_failure;
2872
2873 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2874 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2875 rdev->wiphy.addr_mask))
2876 goto nla_put_failure;
2877
2878 if (rdev->wiphy.n_addresses > 1) {
2879 void *attr;
2880
2881 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2882 if (!attr)
2883 goto nla_put_failure;
2884
2885 for (i = 0; i < rdev->wiphy.n_addresses; i++)
2886 if (nla_put(msg, i + 1, ETH_ALEN,
2887 rdev->wiphy.addresses[i].addr))
2888 goto nla_put_failure;
2889
2890 nla_nest_end(msg, attr);
2891 }
2892
2893 state->split_start++;
2894 break;
2895 case 10:
2896 if (nl80211_send_coalesce(msg, rdev))
2897 goto nla_put_failure;
2898
2899 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2900 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2901 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2902 goto nla_put_failure;
2903
2904 if (rdev->wiphy.max_ap_assoc_sta &&
2905 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2906 rdev->wiphy.max_ap_assoc_sta))
2907 goto nla_put_failure;
2908
2909 state->split_start++;
2910 break;
2911 case 11:
2912 if (rdev->wiphy.n_vendor_commands) {
2913 const struct nl80211_vendor_cmd_info *info;
2914 struct nlattr *nested;
2915
2916 nested = nla_nest_start_noflag(msg,
2917 NL80211_ATTR_VENDOR_DATA);
2918 if (!nested)
2919 goto nla_put_failure;
2920
2921 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2922 info = &rdev->wiphy.vendor_commands[i].info;
2923 if (nla_put(msg, i + 1, sizeof(*info), info))
2924 goto nla_put_failure;
2925 }
2926 nla_nest_end(msg, nested);
2927 }
2928
2929 if (rdev->wiphy.n_vendor_events) {
2930 const struct nl80211_vendor_cmd_info *info;
2931 struct nlattr *nested;
2932
2933 nested = nla_nest_start_noflag(msg,
2934 NL80211_ATTR_VENDOR_EVENTS);
2935 if (!nested)
2936 goto nla_put_failure;
2937
2938 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2939 info = &rdev->wiphy.vendor_events[i];
2940 if (nla_put(msg, i + 1, sizeof(*info), info))
2941 goto nla_put_failure;
2942 }
2943 nla_nest_end(msg, nested);
2944 }
2945 state->split_start++;
2946 break;
2947 case 12:
2948 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2949 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2950 rdev->wiphy.max_num_csa_counters))
2951 goto nla_put_failure;
2952
2953 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2954 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2955 goto nla_put_failure;
2956
2957 if (rdev->wiphy.max_sched_scan_reqs &&
2958 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2959 rdev->wiphy.max_sched_scan_reqs))
2960 goto nla_put_failure;
2961
2962 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2963 sizeof(rdev->wiphy.ext_features),
2964 rdev->wiphy.ext_features))
2965 goto nla_put_failure;
2966
2967 if (rdev->wiphy.bss_select_support) {
2968 struct nlattr *nested;
2969 u32 bss_select_support = rdev->wiphy.bss_select_support;
2970
2971 nested = nla_nest_start_noflag(msg,
2972 NL80211_ATTR_BSS_SELECT);
2973 if (!nested)
2974 goto nla_put_failure;
2975
2976 i = 0;
2977 while (bss_select_support) {
2978 if ((bss_select_support & 1) &&
2979 nla_put_flag(msg, i))
2980 goto nla_put_failure;
2981 i++;
2982 bss_select_support >>= 1;
2983 }
2984 nla_nest_end(msg, nested);
2985 }
2986
2987 state->split_start++;
2988 break;
2989 case 13:
2990 if (rdev->wiphy.num_iftype_ext_capab &&
2991 rdev->wiphy.iftype_ext_capab) {
2992 struct nlattr *nested_ext_capab, *nested;
2993
2994 nested = nla_nest_start_noflag(msg,
2995 NL80211_ATTR_IFTYPE_EXT_CAPA);
2996 if (!nested)
2997 goto nla_put_failure;
2998
2999 for (i = state->capa_start;
3000 i < rdev->wiphy.num_iftype_ext_capab; i++) {
3001 const struct wiphy_iftype_ext_capab *capab;
3002
3003 capab = &rdev->wiphy.iftype_ext_capab[i];
3004
3005 nested_ext_capab = nla_nest_start_noflag(msg,
3006 i);
3007 if (!nested_ext_capab ||
3008 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
3009 capab->iftype) ||
3010 nla_put(msg, NL80211_ATTR_EXT_CAPA,
3011 capab->extended_capabilities_len,
3012 capab->extended_capabilities) ||
3013 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3014 capab->extended_capabilities_len,
3015 capab->extended_capabilities_mask))
3016 goto nla_put_failure;
3017
3018 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3019 (nla_put_u16(msg,
3020 NL80211_ATTR_EML_CAPABILITY,
3021 capab->eml_capabilities) ||
3022 nla_put_u16(msg,
3023 NL80211_ATTR_MLD_CAPA_AND_OPS,
3024 capab->mld_capa_and_ops)))
3025 goto nla_put_failure;
3026
3027 nla_nest_end(msg, nested_ext_capab);
3028 if (state->split)
3029 break;
3030 }
3031 nla_nest_end(msg, nested);
3032 if (i < rdev->wiphy.num_iftype_ext_capab) {
3033 state->capa_start = i + 1;
3034 break;
3035 }
3036 }
3037
3038 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
3039 rdev->wiphy.nan_supported_bands))
3040 goto nla_put_failure;
3041
3042 if (wiphy_ext_feature_isset(&rdev->wiphy,
3043 NL80211_EXT_FEATURE_TXQS)) {
3044 struct cfg80211_txq_stats txqstats = {};
3045 int res;
3046
3047 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
3048 if (!res &&
3049 !nl80211_put_txq_stats(msg, &txqstats,
3050 NL80211_ATTR_TXQ_STATS))
3051 goto nla_put_failure;
3052
3053 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
3054 rdev->wiphy.txq_limit))
3055 goto nla_put_failure;
3056 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
3057 rdev->wiphy.txq_memory_limit))
3058 goto nla_put_failure;
3059 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
3060 rdev->wiphy.txq_quantum))
3061 goto nla_put_failure;
3062 }
3063
3064 state->split_start++;
3065 break;
3066 case 14:
3067 if (nl80211_send_pmsr_capa(rdev, msg))
3068 goto nla_put_failure;
3069
3070 state->split_start++;
3071 break;
3072 case 15:
3073 if (rdev->wiphy.akm_suites &&
3074 nla_put(msg, NL80211_ATTR_AKM_SUITES,
3075 sizeof(u32) * rdev->wiphy.n_akm_suites,
3076 rdev->wiphy.akm_suites))
3077 goto nla_put_failure;
3078
3079 if (nl80211_put_iftype_akm_suites(rdev, msg))
3080 goto nla_put_failure;
3081
3082 if (nl80211_put_tid_config_support(rdev, msg))
3083 goto nla_put_failure;
3084 state->split_start++;
3085 break;
3086 case 16:
3087 if (nl80211_put_sar_specs(rdev, msg))
3088 goto nla_put_failure;
3089
3090 if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
3091 goto nla_put_failure;
3092
3093 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
3094 rdev->wiphy.max_num_akm_suites))
3095 goto nla_put_failure;
3096
3097 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3098 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3099
3100 if (rdev->wiphy.hw_timestamp_max_peers &&
3101 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3102 rdev->wiphy.hw_timestamp_max_peers))
3103 goto nla_put_failure;
3104
3105 state->split_start++;
3106 break;
3107 case 17:
3108 if (nl80211_put_radios(&rdev->wiphy, msg))
3109 goto nla_put_failure;
3110
3111 /* done */
3112 state->split_start = 0;
3113 break;
3114 }
3115 finish:
3116 genlmsg_end(msg, hdr);
3117 return 0;
3118
3119 nla_put_failure:
3120 genlmsg_cancel(msg, hdr);
3121 return -EMSGSIZE;
3122 }
3123
nl80211_dump_wiphy_parse(struct sk_buff * skb,struct netlink_callback * cb,struct nl80211_dump_wiphy_state * state)3124 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3125 struct netlink_callback *cb,
3126 struct nl80211_dump_wiphy_state *state)
3127 {
3128 struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
3129 int ret;
3130
3131 if (!tb)
3132 return -ENOMEM;
3133
3134 ret = nlmsg_parse_deprecated(cb->nlh,
3135 GENL_HDRLEN + nl80211_fam.hdrsize,
3136 tb, nl80211_fam.maxattr,
3137 nl80211_policy, NULL);
3138 /* ignore parse errors for backward compatibility */
3139 if (ret) {
3140 ret = 0;
3141 goto out;
3142 }
3143
3144 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3145 if (tb[NL80211_ATTR_WIPHY])
3146 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3147 if (tb[NL80211_ATTR_WDEV])
3148 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3149 if (tb[NL80211_ATTR_IFINDEX]) {
3150 struct net_device *netdev;
3151 struct cfg80211_registered_device *rdev;
3152 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3153
3154 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3155 if (!netdev) {
3156 ret = -ENODEV;
3157 goto out;
3158 }
3159 if (netdev->ieee80211_ptr) {
3160 rdev = wiphy_to_rdev(
3161 netdev->ieee80211_ptr->wiphy);
3162 state->filter_wiphy = rdev->wiphy_idx;
3163 }
3164 }
3165
3166 ret = 0;
3167 out:
3168 kfree(tb);
3169 return ret;
3170 }
3171
nl80211_dump_wiphy(struct sk_buff * skb,struct netlink_callback * cb)3172 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3173 {
3174 int idx = 0, ret;
3175 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3176 struct cfg80211_registered_device *rdev;
3177
3178 rtnl_lock();
3179 if (!state) {
3180 state = kzalloc(sizeof(*state), GFP_KERNEL);
3181 if (!state) {
3182 rtnl_unlock();
3183 return -ENOMEM;
3184 }
3185 state->filter_wiphy = -1;
3186 ret = nl80211_dump_wiphy_parse(skb, cb, state);
3187 if (ret) {
3188 kfree(state);
3189 rtnl_unlock();
3190 return ret;
3191 }
3192 cb->args[0] = (long)state;
3193 }
3194
3195 for_each_rdev(rdev) {
3196 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3197 continue;
3198 if (++idx <= state->start)
3199 continue;
3200 if (state->filter_wiphy != -1 &&
3201 state->filter_wiphy != rdev->wiphy_idx)
3202 continue;
3203 wiphy_lock(&rdev->wiphy);
3204 /* attempt to fit multiple wiphy data chunks into the skb */
3205 do {
3206 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3207 skb,
3208 NETLINK_CB(cb->skb).portid,
3209 cb->nlh->nlmsg_seq,
3210 NLM_F_MULTI, state);
3211 if (ret < 0) {
3212 /*
3213 * If sending the wiphy data didn't fit (ENOBUFS
3214 * or EMSGSIZE returned), this SKB is still
3215 * empty (so it's not too big because another
3216 * wiphy dataset is already in the skb) and
3217 * we've not tried to adjust the dump allocation
3218 * yet ... then adjust the alloc size to be
3219 * bigger, and return 1 but with the empty skb.
3220 * This results in an empty message being RX'ed
3221 * in userspace, but that is ignored.
3222 *
3223 * We can then retry with the larger buffer.
3224 */
3225 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3226 !skb->len && !state->split &&
3227 cb->min_dump_alloc < 4096) {
3228 cb->min_dump_alloc = 4096;
3229 state->split_start = 0;
3230 wiphy_unlock(&rdev->wiphy);
3231 rtnl_unlock();
3232 return 1;
3233 }
3234 idx--;
3235 break;
3236 }
3237 } while (state->split_start > 0);
3238 wiphy_unlock(&rdev->wiphy);
3239 break;
3240 }
3241 rtnl_unlock();
3242
3243 state->start = idx;
3244
3245 return skb->len;
3246 }
3247
nl80211_dump_wiphy_done(struct netlink_callback * cb)3248 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3249 {
3250 kfree((void *)cb->args[0]);
3251 return 0;
3252 }
3253
nl80211_get_wiphy(struct sk_buff * skb,struct genl_info * info)3254 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3255 {
3256 struct sk_buff *msg;
3257 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3258 struct nl80211_dump_wiphy_state state = {};
3259
3260 msg = nlmsg_new(4096, GFP_KERNEL);
3261 if (!msg)
3262 return -ENOMEM;
3263
3264 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3265 info->snd_portid, info->snd_seq, 0,
3266 &state) < 0) {
3267 nlmsg_free(msg);
3268 return -ENOBUFS;
3269 }
3270
3271 return genlmsg_reply(msg, info);
3272 }
3273
3274 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3275 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
3276 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
3277 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
3278 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
3279 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
3280 };
3281
parse_txq_params(struct nlattr * tb[],struct ieee80211_txq_params * txq_params)3282 static int parse_txq_params(struct nlattr *tb[],
3283 struct ieee80211_txq_params *txq_params)
3284 {
3285 u8 ac;
3286
3287 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3288 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3289 !tb[NL80211_TXQ_ATTR_AIFS])
3290 return -EINVAL;
3291
3292 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3293 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3294 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3295 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3296 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3297
3298 if (ac >= NL80211_NUM_ACS)
3299 return -EINVAL;
3300 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3301 return 0;
3302 }
3303
nl80211_can_set_dev_channel(struct wireless_dev * wdev)3304 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3305 {
3306 /*
3307 * You can only set the channel explicitly for some interfaces,
3308 * most have their channel managed via their respective
3309 * "establish a connection" command (connect, join, ...)
3310 *
3311 * For AP/GO and mesh mode, the channel can be set with the
3312 * channel userspace API, but is only stored and passed to the
3313 * low-level driver when the AP starts or the mesh is joined.
3314 * This is for backward compatibility, userspace can also give
3315 * the channel in the start-ap or join-mesh commands instead.
3316 *
3317 * Monitors are special as they are normally slaved to
3318 * whatever else is going on, so they have their own special
3319 * operation to set the monitor channel if possible.
3320 */
3321 return !wdev ||
3322 wdev->iftype == NL80211_IFTYPE_AP ||
3323 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3324 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3325 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3326 }
3327
_nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,bool monitor,struct cfg80211_chan_def * chandef)3328 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3329 struct genl_info *info, bool monitor,
3330 struct cfg80211_chan_def *chandef)
3331 {
3332 struct netlink_ext_ack *extack = info->extack;
3333 struct nlattr **attrs = info->attrs;
3334 u32 control_freq;
3335
3336 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3337 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3338 "Frequency is missing");
3339 return -EINVAL;
3340 }
3341
3342 control_freq = MHZ_TO_KHZ(
3343 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3344 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3345 control_freq +=
3346 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3347
3348 memset(chandef, 0, sizeof(*chandef));
3349 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3350 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3351 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3352 chandef->freq1_offset = control_freq % 1000;
3353 chandef->center_freq2 = 0;
3354
3355 if (!chandef->chan) {
3356 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3357 "Unknown channel");
3358 return -EINVAL;
3359 }
3360
3361 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3362 enum nl80211_channel_type chantype;
3363
3364 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3365
3366 switch (chantype) {
3367 case NL80211_CHAN_NO_HT:
3368 case NL80211_CHAN_HT20:
3369 case NL80211_CHAN_HT40PLUS:
3370 case NL80211_CHAN_HT40MINUS:
3371 cfg80211_chandef_create(chandef, chandef->chan,
3372 chantype);
3373 /* user input for center_freq is incorrect */
3374 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3375 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3376 NL_SET_ERR_MSG_ATTR(extack,
3377 attrs[NL80211_ATTR_CENTER_FREQ1],
3378 "bad center frequency 1");
3379 return -EINVAL;
3380 }
3381 /* center_freq2 must be zero */
3382 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3383 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3384 NL_SET_ERR_MSG_ATTR(extack,
3385 attrs[NL80211_ATTR_CENTER_FREQ2],
3386 "center frequency 2 can't be used");
3387 return -EINVAL;
3388 }
3389 break;
3390 default:
3391 NL_SET_ERR_MSG_ATTR(extack,
3392 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3393 "invalid channel type");
3394 return -EINVAL;
3395 }
3396 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3397 chandef->width =
3398 nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3399 if (chandef->chan->band == NL80211_BAND_S1GHZ) {
3400 /* User input error for channel width doesn't match channel */
3401 if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
3402 NL_SET_ERR_MSG_ATTR(extack,
3403 attrs[NL80211_ATTR_CHANNEL_WIDTH],
3404 "bad channel width");
3405 return -EINVAL;
3406 }
3407 }
3408 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3409 chandef->center_freq1 =
3410 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3411 if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
3412 chandef->freq1_offset = nla_get_u32(
3413 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
3414 else
3415 chandef->freq1_offset = 0;
3416 }
3417 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3418 chandef->center_freq2 =
3419 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3420 }
3421
3422 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3423 chandef->edmg.channels =
3424 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3425
3426 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3427 chandef->edmg.bw_config =
3428 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3429 } else {
3430 chandef->edmg.bw_config = 0;
3431 chandef->edmg.channels = 0;
3432 }
3433
3434 if (info->attrs[NL80211_ATTR_PUNCT_BITMAP]) {
3435 chandef->punctured =
3436 nla_get_u32(info->attrs[NL80211_ATTR_PUNCT_BITMAP]);
3437
3438 if (chandef->punctured &&
3439 !wiphy_ext_feature_isset(&rdev->wiphy,
3440 NL80211_EXT_FEATURE_PUNCT)) {
3441 NL_SET_ERR_MSG(extack,
3442 "driver doesn't support puncturing");
3443 return -EINVAL;
3444 }
3445 }
3446
3447 if (!cfg80211_chandef_valid(chandef)) {
3448 NL_SET_ERR_MSG(extack, "invalid channel definition");
3449 return -EINVAL;
3450 }
3451
3452 if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
3453 IEEE80211_CHAN_DISABLED,
3454 monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) {
3455 NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3456 return -EINVAL;
3457 }
3458
3459 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3460 chandef->width == NL80211_CHAN_WIDTH_10) &&
3461 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3462 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3463 return -EINVAL;
3464 }
3465
3466 return 0;
3467 }
3468
nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_chan_def * chandef)3469 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3470 struct genl_info *info,
3471 struct cfg80211_chan_def *chandef)
3472 {
3473 return _nl80211_parse_chandef(rdev, info, false, chandef);
3474 }
3475
__nl80211_set_channel(struct cfg80211_registered_device * rdev,struct net_device * dev,struct genl_info * info,int _link_id)3476 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3477 struct net_device *dev,
3478 struct genl_info *info,
3479 int _link_id)
3480 {
3481 struct cfg80211_chan_def chandef;
3482 int result;
3483 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3484 struct wireless_dev *wdev = NULL;
3485 int link_id = _link_id;
3486
3487 if (dev)
3488 wdev = dev->ieee80211_ptr;
3489 if (!nl80211_can_set_dev_channel(wdev))
3490 return -EOPNOTSUPP;
3491 if (wdev)
3492 iftype = wdev->iftype;
3493
3494 if (link_id < 0) {
3495 if (wdev && wdev->valid_links)
3496 return -EINVAL;
3497 link_id = 0;
3498 }
3499
3500 result = _nl80211_parse_chandef(rdev, info,
3501 iftype == NL80211_IFTYPE_MONITOR,
3502 &chandef);
3503 if (result)
3504 return result;
3505
3506 switch (iftype) {
3507 case NL80211_IFTYPE_AP:
3508 case NL80211_IFTYPE_P2P_GO:
3509 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3510 iftype))
3511 return -EINVAL;
3512 if (wdev->links[link_id].ap.beacon_interval) {
3513 struct ieee80211_channel *cur_chan;
3514
3515 if (!dev || !rdev->ops->set_ap_chanwidth ||
3516 !(rdev->wiphy.features &
3517 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
3518 return -EBUSY;
3519
3520 /* Only allow dynamic channel width changes */
3521 cur_chan = wdev->links[link_id].ap.chandef.chan;
3522 if (chandef.chan != cur_chan)
3523 return -EBUSY;
3524
3525 /* only allow this for regular channel widths */
3526 switch (wdev->links[link_id].ap.chandef.width) {
3527 case NL80211_CHAN_WIDTH_20_NOHT:
3528 case NL80211_CHAN_WIDTH_20:
3529 case NL80211_CHAN_WIDTH_40:
3530 case NL80211_CHAN_WIDTH_80:
3531 case NL80211_CHAN_WIDTH_80P80:
3532 case NL80211_CHAN_WIDTH_160:
3533 case NL80211_CHAN_WIDTH_320:
3534 break;
3535 default:
3536 return -EINVAL;
3537 }
3538
3539 switch (chandef.width) {
3540 case NL80211_CHAN_WIDTH_20_NOHT:
3541 case NL80211_CHAN_WIDTH_20:
3542 case NL80211_CHAN_WIDTH_40:
3543 case NL80211_CHAN_WIDTH_80:
3544 case NL80211_CHAN_WIDTH_80P80:
3545 case NL80211_CHAN_WIDTH_160:
3546 case NL80211_CHAN_WIDTH_320:
3547 break;
3548 default:
3549 return -EINVAL;
3550 }
3551
3552 result = rdev_set_ap_chanwidth(rdev, dev, link_id,
3553 &chandef);
3554 if (result)
3555 return result;
3556 wdev->links[link_id].ap.chandef = chandef;
3557 } else {
3558 wdev->u.ap.preset_chandef = chandef;
3559 }
3560 return 0;
3561 case NL80211_IFTYPE_MESH_POINT:
3562 return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3563 case NL80211_IFTYPE_MONITOR:
3564 return cfg80211_set_monitor_channel(rdev, &chandef);
3565 default:
3566 break;
3567 }
3568
3569 return -EINVAL;
3570 }
3571
nl80211_set_channel(struct sk_buff * skb,struct genl_info * info)3572 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3573 {
3574 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3575 int link_id = nl80211_link_id_or_invalid(info->attrs);
3576 struct net_device *netdev = info->user_ptr[1];
3577
3578 return __nl80211_set_channel(rdev, netdev, info, link_id);
3579 }
3580
nl80211_set_wiphy(struct sk_buff * skb,struct genl_info * info)3581 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3582 {
3583 struct cfg80211_registered_device *rdev = NULL;
3584 struct net_device *netdev = NULL;
3585 struct wireless_dev *wdev;
3586 int result = 0, rem_txq_params = 0;
3587 struct nlattr *nl_txq_params;
3588 u32 changed;
3589 u8 retry_short = 0, retry_long = 0;
3590 u32 frag_threshold = 0, rts_threshold = 0;
3591 u8 coverage_class = 0;
3592 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3593
3594 rtnl_lock();
3595 /*
3596 * Try to find the wiphy and netdev. Normally this
3597 * function shouldn't need the netdev, but this is
3598 * done for backward compatibility -- previously
3599 * setting the channel was done per wiphy, but now
3600 * it is per netdev. Previous userland like hostapd
3601 * also passed a netdev to set_wiphy, so that it is
3602 * possible to let that go to the right netdev!
3603 */
3604
3605 if (info->attrs[NL80211_ATTR_IFINDEX]) {
3606 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3607
3608 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3609 if (netdev && netdev->ieee80211_ptr)
3610 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3611 else
3612 netdev = NULL;
3613 }
3614
3615 if (!netdev) {
3616 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3617 info->attrs);
3618 if (IS_ERR(rdev)) {
3619 rtnl_unlock();
3620 return PTR_ERR(rdev);
3621 }
3622 wdev = NULL;
3623 netdev = NULL;
3624 result = 0;
3625 } else
3626 wdev = netdev->ieee80211_ptr;
3627
3628 wiphy_lock(&rdev->wiphy);
3629
3630 /*
3631 * end workaround code, by now the rdev is available
3632 * and locked, and wdev may or may not be NULL.
3633 */
3634
3635 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3636 result = cfg80211_dev_rename(
3637 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3638 rtnl_unlock();
3639
3640 if (result)
3641 goto out;
3642
3643 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3644 struct ieee80211_txq_params txq_params;
3645 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3646
3647 if (!rdev->ops->set_txq_params) {
3648 result = -EOPNOTSUPP;
3649 goto out;
3650 }
3651
3652 if (!netdev) {
3653 result = -EINVAL;
3654 goto out;
3655 }
3656
3657 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3658 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3659 result = -EINVAL;
3660 goto out;
3661 }
3662
3663 if (!netif_running(netdev)) {
3664 result = -ENETDOWN;
3665 goto out;
3666 }
3667
3668 nla_for_each_nested(nl_txq_params,
3669 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3670 rem_txq_params) {
3671 result = nla_parse_nested_deprecated(tb,
3672 NL80211_TXQ_ATTR_MAX,
3673 nl_txq_params,
3674 txq_params_policy,
3675 info->extack);
3676 if (result)
3677 goto out;
3678 result = parse_txq_params(tb, &txq_params);
3679 if (result)
3680 goto out;
3681
3682 txq_params.link_id =
3683 nl80211_link_id_or_invalid(info->attrs);
3684
3685 if (txq_params.link_id >= 0 &&
3686 !(netdev->ieee80211_ptr->valid_links &
3687 BIT(txq_params.link_id)))
3688 result = -ENOLINK;
3689 else if (txq_params.link_id >= 0 &&
3690 !netdev->ieee80211_ptr->valid_links)
3691 result = -EINVAL;
3692 else
3693 result = rdev_set_txq_params(rdev, netdev,
3694 &txq_params);
3695 if (result)
3696 goto out;
3697 }
3698 }
3699
3700 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3701 int link_id = nl80211_link_id_or_invalid(info->attrs);
3702
3703 if (wdev) {
3704 result = __nl80211_set_channel(
3705 rdev,
3706 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3707 info, link_id);
3708 } else {
3709 result = __nl80211_set_channel(rdev, netdev, info, link_id);
3710 }
3711
3712 if (result)
3713 goto out;
3714 }
3715
3716 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3717 struct wireless_dev *txp_wdev = wdev;
3718 enum nl80211_tx_power_setting type;
3719 int idx, mbm = 0;
3720
3721 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3722 txp_wdev = NULL;
3723
3724 if (!rdev->ops->set_tx_power) {
3725 result = -EOPNOTSUPP;
3726 goto out;
3727 }
3728
3729 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3730 type = nla_get_u32(info->attrs[idx]);
3731
3732 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3733 (type != NL80211_TX_POWER_AUTOMATIC)) {
3734 result = -EINVAL;
3735 goto out;
3736 }
3737
3738 if (type != NL80211_TX_POWER_AUTOMATIC) {
3739 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3740 mbm = nla_get_u32(info->attrs[idx]);
3741 }
3742
3743 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3744 if (result)
3745 goto out;
3746 }
3747
3748 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3749 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3750 u32 tx_ant, rx_ant;
3751
3752 if ((!rdev->wiphy.available_antennas_tx &&
3753 !rdev->wiphy.available_antennas_rx) ||
3754 !rdev->ops->set_antenna) {
3755 result = -EOPNOTSUPP;
3756 goto out;
3757 }
3758
3759 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3760 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3761
3762 /* reject antenna configurations which don't match the
3763 * available antenna masks, except for the "all" mask */
3764 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3765 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
3766 result = -EINVAL;
3767 goto out;
3768 }
3769
3770 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3771 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3772
3773 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3774 if (result)
3775 goto out;
3776 }
3777
3778 changed = 0;
3779
3780 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3781 retry_short = nla_get_u8(
3782 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3783
3784 changed |= WIPHY_PARAM_RETRY_SHORT;
3785 }
3786
3787 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3788 retry_long = nla_get_u8(
3789 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3790
3791 changed |= WIPHY_PARAM_RETRY_LONG;
3792 }
3793
3794 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3795 frag_threshold = nla_get_u32(
3796 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3797 if (frag_threshold < 256) {
3798 result = -EINVAL;
3799 goto out;
3800 }
3801
3802 if (frag_threshold != (u32) -1) {
3803 /*
3804 * Fragments (apart from the last one) are required to
3805 * have even length. Make the fragmentation code
3806 * simpler by stripping LSB should someone try to use
3807 * odd threshold value.
3808 */
3809 frag_threshold &= ~0x1;
3810 }
3811 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3812 }
3813
3814 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3815 rts_threshold = nla_get_u32(
3816 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3817 changed |= WIPHY_PARAM_RTS_THRESHOLD;
3818 }
3819
3820 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3821 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3822 result = -EINVAL;
3823 goto out;
3824 }
3825
3826 coverage_class = nla_get_u8(
3827 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3828 changed |= WIPHY_PARAM_COVERAGE_CLASS;
3829 }
3830
3831 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3832 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) {
3833 result = -EOPNOTSUPP;
3834 goto out;
3835 }
3836
3837 changed |= WIPHY_PARAM_DYN_ACK;
3838 }
3839
3840 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3841 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3842 NL80211_EXT_FEATURE_TXQS)) {
3843 result = -EOPNOTSUPP;
3844 goto out;
3845 }
3846 txq_limit = nla_get_u32(
3847 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3848 changed |= WIPHY_PARAM_TXQ_LIMIT;
3849 }
3850
3851 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3852 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3853 NL80211_EXT_FEATURE_TXQS)) {
3854 result = -EOPNOTSUPP;
3855 goto out;
3856 }
3857 txq_memory_limit = nla_get_u32(
3858 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3859 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3860 }
3861
3862 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3863 if (!wiphy_ext_feature_isset(&rdev->wiphy,
3864 NL80211_EXT_FEATURE_TXQS)) {
3865 result = -EOPNOTSUPP;
3866 goto out;
3867 }
3868 txq_quantum = nla_get_u32(
3869 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3870 changed |= WIPHY_PARAM_TXQ_QUANTUM;
3871 }
3872
3873 if (changed) {
3874 u8 old_retry_short, old_retry_long;
3875 u32 old_frag_threshold, old_rts_threshold;
3876 u8 old_coverage_class;
3877 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3878
3879 if (!rdev->ops->set_wiphy_params) {
3880 result = -EOPNOTSUPP;
3881 goto out;
3882 }
3883
3884 old_retry_short = rdev->wiphy.retry_short;
3885 old_retry_long = rdev->wiphy.retry_long;
3886 old_frag_threshold = rdev->wiphy.frag_threshold;
3887 old_rts_threshold = rdev->wiphy.rts_threshold;
3888 old_coverage_class = rdev->wiphy.coverage_class;
3889 old_txq_limit = rdev->wiphy.txq_limit;
3890 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3891 old_txq_quantum = rdev->wiphy.txq_quantum;
3892
3893 if (changed & WIPHY_PARAM_RETRY_SHORT)
3894 rdev->wiphy.retry_short = retry_short;
3895 if (changed & WIPHY_PARAM_RETRY_LONG)
3896 rdev->wiphy.retry_long = retry_long;
3897 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3898 rdev->wiphy.frag_threshold = frag_threshold;
3899 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3900 rdev->wiphy.rts_threshold = rts_threshold;
3901 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3902 rdev->wiphy.coverage_class = coverage_class;
3903 if (changed & WIPHY_PARAM_TXQ_LIMIT)
3904 rdev->wiphy.txq_limit = txq_limit;
3905 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3906 rdev->wiphy.txq_memory_limit = txq_memory_limit;
3907 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3908 rdev->wiphy.txq_quantum = txq_quantum;
3909
3910 result = rdev_set_wiphy_params(rdev, changed);
3911 if (result) {
3912 rdev->wiphy.retry_short = old_retry_short;
3913 rdev->wiphy.retry_long = old_retry_long;
3914 rdev->wiphy.frag_threshold = old_frag_threshold;
3915 rdev->wiphy.rts_threshold = old_rts_threshold;
3916 rdev->wiphy.coverage_class = old_coverage_class;
3917 rdev->wiphy.txq_limit = old_txq_limit;
3918 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3919 rdev->wiphy.txq_quantum = old_txq_quantum;
3920 goto out;
3921 }
3922 }
3923
3924 result = 0;
3925
3926 out:
3927 wiphy_unlock(&rdev->wiphy);
3928 return result;
3929 }
3930
nl80211_send_chandef(struct sk_buff * msg,const struct cfg80211_chan_def * chandef)3931 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
3932 {
3933 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3934 return -EINVAL;
3935
3936 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3937 chandef->chan->center_freq))
3938 return -ENOBUFS;
3939 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3940 chandef->chan->freq_offset))
3941 return -ENOBUFS;
3942 switch (chandef->width) {
3943 case NL80211_CHAN_WIDTH_20_NOHT:
3944 case NL80211_CHAN_WIDTH_20:
3945 case NL80211_CHAN_WIDTH_40:
3946 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3947 cfg80211_get_chandef_type(chandef)))
3948 return -ENOBUFS;
3949 break;
3950 default:
3951 break;
3952 }
3953 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3954 return -ENOBUFS;
3955 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3956 return -ENOBUFS;
3957 if (chandef->center_freq2 &&
3958 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3959 return -ENOBUFS;
3960 if (chandef->punctured &&
3961 nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
3962 return -ENOBUFS;
3963
3964 return 0;
3965 }
3966 EXPORT_SYMBOL(nl80211_send_chandef);
3967
nl80211_send_iface(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)3968 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3969 struct cfg80211_registered_device *rdev,
3970 struct wireless_dev *wdev,
3971 enum nl80211_commands cmd)
3972 {
3973 struct net_device *dev = wdev->netdev;
3974 void *hdr;
3975
3976 lockdep_assert_wiphy(&rdev->wiphy);
3977
3978 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3979 cmd != NL80211_CMD_DEL_INTERFACE &&
3980 cmd != NL80211_CMD_SET_INTERFACE);
3981
3982 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3983 if (!hdr)
3984 return -1;
3985
3986 if (dev &&
3987 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3988 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3989 goto nla_put_failure;
3990
3991 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3992 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3993 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3994 NL80211_ATTR_PAD) ||
3995 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3996 nla_put_u32(msg, NL80211_ATTR_GENERATION,
3997 rdev->devlist_generation ^
3998 (cfg80211_rdev_list_generation << 2)) ||
3999 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
4000 goto nla_put_failure;
4001
4002 if (rdev->ops->get_channel && !wdev->valid_links) {
4003 struct cfg80211_chan_def chandef = {};
4004 int ret;
4005
4006 ret = rdev_get_channel(rdev, wdev, 0, &chandef);
4007 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4008 goto nla_put_failure;
4009 }
4010
4011 if (rdev->ops->get_tx_power) {
4012 int dbm, ret;
4013
4014 ret = rdev_get_tx_power(rdev, wdev, &dbm);
4015 if (ret == 0 &&
4016 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4017 DBM_TO_MBM(dbm)))
4018 goto nla_put_failure;
4019 }
4020
4021 switch (wdev->iftype) {
4022 case NL80211_IFTYPE_AP:
4023 case NL80211_IFTYPE_P2P_GO:
4024 if (wdev->u.ap.ssid_len &&
4025 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
4026 wdev->u.ap.ssid))
4027 goto nla_put_failure;
4028 break;
4029 case NL80211_IFTYPE_STATION:
4030 case NL80211_IFTYPE_P2P_CLIENT:
4031 if (wdev->u.client.ssid_len &&
4032 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
4033 wdev->u.client.ssid))
4034 goto nla_put_failure;
4035 break;
4036 case NL80211_IFTYPE_ADHOC:
4037 if (wdev->u.ibss.ssid_len &&
4038 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
4039 wdev->u.ibss.ssid))
4040 goto nla_put_failure;
4041 break;
4042 default:
4043 /* nothing */
4044 break;
4045 }
4046
4047 if (rdev->ops->get_txq_stats) {
4048 struct cfg80211_txq_stats txqstats = {};
4049 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
4050
4051 if (ret == 0 &&
4052 !nl80211_put_txq_stats(msg, &txqstats,
4053 NL80211_ATTR_TXQ_STATS))
4054 goto nla_put_failure;
4055 }
4056
4057 if (wdev->valid_links) {
4058 unsigned int link_id;
4059 struct nlattr *links = nla_nest_start(msg,
4060 NL80211_ATTR_MLO_LINKS);
4061
4062 if (!links)
4063 goto nla_put_failure;
4064
4065 for_each_valid_link(wdev, link_id) {
4066 struct nlattr *link = nla_nest_start(msg, link_id + 1);
4067 struct cfg80211_chan_def chandef = {};
4068 int ret;
4069
4070 if (!link)
4071 goto nla_put_failure;
4072
4073 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
4074 goto nla_put_failure;
4075 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
4076 wdev->links[link_id].addr))
4077 goto nla_put_failure;
4078
4079 ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
4080 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4081 goto nla_put_failure;
4082
4083 nla_nest_end(msg, link);
4084 }
4085
4086 nla_nest_end(msg, links);
4087 }
4088
4089 genlmsg_end(msg, hdr);
4090 return 0;
4091
4092 nla_put_failure:
4093 genlmsg_cancel(msg, hdr);
4094 return -EMSGSIZE;
4095 }
4096
nl80211_dump_interface(struct sk_buff * skb,struct netlink_callback * cb)4097 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
4098 {
4099 int wp_idx = 0;
4100 int if_idx = 0;
4101 int wp_start = cb->args[0];
4102 int if_start = cb->args[1];
4103 int filter_wiphy = -1;
4104 struct cfg80211_registered_device *rdev;
4105 struct wireless_dev *wdev;
4106 int ret;
4107
4108 rtnl_lock();
4109 if (!cb->args[2]) {
4110 struct nl80211_dump_wiphy_state state = {
4111 .filter_wiphy = -1,
4112 };
4113
4114 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
4115 if (ret)
4116 goto out_unlock;
4117
4118 filter_wiphy = state.filter_wiphy;
4119
4120 /*
4121 * if filtering, set cb->args[2] to +1 since 0 is the default
4122 * value needed to determine that parsing is necessary.
4123 */
4124 if (filter_wiphy >= 0)
4125 cb->args[2] = filter_wiphy + 1;
4126 else
4127 cb->args[2] = -1;
4128 } else if (cb->args[2] > 0) {
4129 filter_wiphy = cb->args[2] - 1;
4130 }
4131
4132 for_each_rdev(rdev) {
4133 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4134 continue;
4135 if (wp_idx < wp_start) {
4136 wp_idx++;
4137 continue;
4138 }
4139
4140 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4141 continue;
4142
4143 if_idx = 0;
4144
4145 wiphy_lock(&rdev->wiphy);
4146 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4147 if (if_idx < if_start) {
4148 if_idx++;
4149 continue;
4150 }
4151 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4152 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4153 rdev, wdev,
4154 NL80211_CMD_NEW_INTERFACE) < 0) {
4155 wiphy_unlock(&rdev->wiphy);
4156 goto out;
4157 }
4158 if_idx++;
4159 }
4160 wiphy_unlock(&rdev->wiphy);
4161
4162 if_start = 0;
4163 wp_idx++;
4164 }
4165 out:
4166 cb->args[0] = wp_idx;
4167 cb->args[1] = if_idx;
4168
4169 ret = skb->len;
4170 out_unlock:
4171 rtnl_unlock();
4172
4173 return ret;
4174 }
4175
nl80211_get_interface(struct sk_buff * skb,struct genl_info * info)4176 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4177 {
4178 struct sk_buff *msg;
4179 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4180 struct wireless_dev *wdev = info->user_ptr[1];
4181
4182 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4183 if (!msg)
4184 return -ENOMEM;
4185
4186 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4187 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4188 nlmsg_free(msg);
4189 return -ENOBUFS;
4190 }
4191
4192 return genlmsg_reply(msg, info);
4193 }
4194
4195 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4196 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4197 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4198 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4199 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4200 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4201 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4202 };
4203
parse_monitor_flags(struct nlattr * nla,u32 * mntrflags)4204 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4205 {
4206 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4207 int flag;
4208
4209 *mntrflags = 0;
4210
4211 if (!nla)
4212 return -EINVAL;
4213
4214 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4215 return -EINVAL;
4216
4217 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4218 if (flags[flag])
4219 *mntrflags |= (1<<flag);
4220
4221 *mntrflags |= MONITOR_FLAG_CHANGED;
4222
4223 return 0;
4224 }
4225
nl80211_parse_mon_options(struct cfg80211_registered_device * rdev,enum nl80211_iftype type,struct genl_info * info,struct vif_params * params)4226 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4227 enum nl80211_iftype type,
4228 struct genl_info *info,
4229 struct vif_params *params)
4230 {
4231 bool change = false;
4232 int err;
4233
4234 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4235 if (type != NL80211_IFTYPE_MONITOR)
4236 return -EINVAL;
4237
4238 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4239 ¶ms->flags);
4240 if (err)
4241 return err;
4242
4243 change = true;
4244 }
4245
4246 if (params->flags & MONITOR_FLAG_ACTIVE &&
4247 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4248 return -EOPNOTSUPP;
4249
4250 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4251 const u8 *mumimo_groups;
4252 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4253
4254 if (type != NL80211_IFTYPE_MONITOR)
4255 return -EINVAL;
4256
4257 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4258 return -EOPNOTSUPP;
4259
4260 mumimo_groups =
4261 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4262
4263 /* bits 0 and 63 are reserved and must be zero */
4264 if ((mumimo_groups[0] & BIT(0)) ||
4265 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4266 return -EINVAL;
4267
4268 params->vht_mumimo_groups = mumimo_groups;
4269 change = true;
4270 }
4271
4272 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4273 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4274
4275 if (type != NL80211_IFTYPE_MONITOR)
4276 return -EINVAL;
4277
4278 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4279 return -EOPNOTSUPP;
4280
4281 params->vht_mumimo_follow_addr =
4282 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4283 change = true;
4284 }
4285
4286 return change ? 1 : 0;
4287 }
4288
nl80211_valid_4addr(struct cfg80211_registered_device * rdev,struct net_device * netdev,u8 use_4addr,enum nl80211_iftype iftype)4289 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4290 struct net_device *netdev, u8 use_4addr,
4291 enum nl80211_iftype iftype)
4292 {
4293 if (!use_4addr) {
4294 if (netdev && netif_is_bridge_port(netdev))
4295 return -EBUSY;
4296 return 0;
4297 }
4298
4299 switch (iftype) {
4300 case NL80211_IFTYPE_AP_VLAN:
4301 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
4302 return 0;
4303 break;
4304 case NL80211_IFTYPE_STATION:
4305 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
4306 return 0;
4307 break;
4308 default:
4309 break;
4310 }
4311
4312 return -EOPNOTSUPP;
4313 }
4314
nl80211_set_interface(struct sk_buff * skb,struct genl_info * info)4315 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
4316 {
4317 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4318 struct vif_params params;
4319 int err;
4320 enum nl80211_iftype otype, ntype;
4321 struct net_device *dev = info->user_ptr[1];
4322 bool change = false;
4323
4324 memset(¶ms, 0, sizeof(params));
4325
4326 otype = ntype = dev->ieee80211_ptr->iftype;
4327
4328 if (info->attrs[NL80211_ATTR_IFTYPE]) {
4329 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4330 if (otype != ntype)
4331 change = true;
4332 }
4333
4334 if (info->attrs[NL80211_ATTR_MESH_ID]) {
4335 struct wireless_dev *wdev = dev->ieee80211_ptr;
4336
4337 if (ntype != NL80211_IFTYPE_MESH_POINT)
4338 return -EINVAL;
4339 if (otype != NL80211_IFTYPE_MESH_POINT)
4340 return -EINVAL;
4341 if (netif_running(dev))
4342 return -EBUSY;
4343
4344 wdev->u.mesh.id_up_len =
4345 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4346 memcpy(wdev->u.mesh.id,
4347 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4348 wdev->u.mesh.id_up_len);
4349 }
4350
4351 if (info->attrs[NL80211_ATTR_4ADDR]) {
4352 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4353 change = true;
4354 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
4355 if (err)
4356 return err;
4357 } else {
4358 params.use_4addr = -1;
4359 }
4360
4361 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
4362 if (err < 0)
4363 return err;
4364 if (err > 0)
4365 change = true;
4366
4367 if (change)
4368 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
4369 else
4370 err = 0;
4371
4372 if (!err && params.use_4addr != -1)
4373 dev->ieee80211_ptr->use_4addr = params.use_4addr;
4374
4375 if (change && !err) {
4376 struct wireless_dev *wdev = dev->ieee80211_ptr;
4377
4378 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
4379 }
4380
4381 return err;
4382 }
4383
_nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4384 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4385 {
4386 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4387 struct vif_params params;
4388 struct wireless_dev *wdev;
4389 struct sk_buff *msg;
4390 int err;
4391 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
4392
4393 memset(¶ms, 0, sizeof(params));
4394
4395 if (!info->attrs[NL80211_ATTR_IFNAME])
4396 return -EINVAL;
4397
4398 if (info->attrs[NL80211_ATTR_IFTYPE])
4399 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4400
4401 if (!rdev->ops->add_virtual_intf)
4402 return -EOPNOTSUPP;
4403
4404 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
4405 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
4406 info->attrs[NL80211_ATTR_MAC]) {
4407 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
4408 ETH_ALEN);
4409 if (!is_valid_ether_addr(params.macaddr))
4410 return -EADDRNOTAVAIL;
4411 }
4412
4413 if (info->attrs[NL80211_ATTR_4ADDR]) {
4414 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4415 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
4416 if (err)
4417 return err;
4418 }
4419
4420 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
4421 return -EOPNOTSUPP;
4422
4423 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
4424 if (err < 0)
4425 return err;
4426
4427 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4428 if (!msg)
4429 return -ENOMEM;
4430
4431 wdev = rdev_add_virtual_intf(rdev,
4432 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
4433 NET_NAME_USER, type, ¶ms);
4434 if (WARN_ON(!wdev)) {
4435 nlmsg_free(msg);
4436 return -EPROTO;
4437 } else if (IS_ERR(wdev)) {
4438 nlmsg_free(msg);
4439 return PTR_ERR(wdev);
4440 }
4441
4442 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4443 wdev->owner_nlportid = info->snd_portid;
4444
4445 switch (type) {
4446 case NL80211_IFTYPE_MESH_POINT:
4447 if (!info->attrs[NL80211_ATTR_MESH_ID])
4448 break;
4449 wdev->u.mesh.id_up_len =
4450 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4451 memcpy(wdev->u.mesh.id,
4452 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4453 wdev->u.mesh.id_up_len);
4454 break;
4455 case NL80211_IFTYPE_NAN:
4456 case NL80211_IFTYPE_P2P_DEVICE:
4457 /*
4458 * P2P Device and NAN do not have a netdev, so don't go
4459 * through the netdev notifier and must be added here
4460 */
4461 cfg80211_init_wdev(wdev);
4462 cfg80211_register_wdev(rdev, wdev);
4463 break;
4464 default:
4465 break;
4466 }
4467
4468 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4469 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4470 nlmsg_free(msg);
4471 return -ENOBUFS;
4472 }
4473
4474 return genlmsg_reply(msg, info);
4475 }
4476
nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4477 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4478 {
4479 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4480 int ret;
4481
4482 /* to avoid failing a new interface creation due to pending removal */
4483 cfg80211_destroy_ifaces(rdev);
4484
4485 wiphy_lock(&rdev->wiphy);
4486 ret = _nl80211_new_interface(skb, info);
4487 wiphy_unlock(&rdev->wiphy);
4488
4489 return ret;
4490 }
4491
nl80211_del_interface(struct sk_buff * skb,struct genl_info * info)4492 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4493 {
4494 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4495 struct wireless_dev *wdev = info->user_ptr[1];
4496
4497 if (!rdev->ops->del_virtual_intf)
4498 return -EOPNOTSUPP;
4499
4500 /*
4501 * We hold RTNL, so this is safe, without RTNL opencount cannot
4502 * reach 0, and thus the rdev cannot be deleted.
4503 *
4504 * We need to do it for the dev_close(), since that will call
4505 * the netdev notifiers, and we need to acquire the mutex there
4506 * but don't know if we get there from here or from some other
4507 * place (e.g. "ip link set ... down").
4508 */
4509 mutex_unlock(&rdev->wiphy.mtx);
4510
4511 /*
4512 * If we remove a wireless device without a netdev then clear
4513 * user_ptr[1] so that nl80211_post_doit won't dereference it
4514 * to check if it needs to do dev_put(). Otherwise it crashes
4515 * since the wdev has been freed, unlike with a netdev where
4516 * we need the dev_put() for the netdev to really be freed.
4517 */
4518 if (!wdev->netdev)
4519 info->user_ptr[1] = NULL;
4520 else
4521 dev_close(wdev->netdev);
4522
4523 mutex_lock(&rdev->wiphy.mtx);
4524
4525 return cfg80211_remove_virtual_intf(rdev, wdev);
4526 }
4527
nl80211_set_noack_map(struct sk_buff * skb,struct genl_info * info)4528 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4529 {
4530 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4531 struct net_device *dev = info->user_ptr[1];
4532 u16 noack_map;
4533
4534 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4535 return -EINVAL;
4536
4537 if (!rdev->ops->set_noack_map)
4538 return -EOPNOTSUPP;
4539
4540 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4541
4542 return rdev_set_noack_map(rdev, dev, noack_map);
4543 }
4544
nl80211_validate_key_link_id(struct genl_info * info,struct wireless_dev * wdev,int link_id,bool pairwise)4545 static int nl80211_validate_key_link_id(struct genl_info *info,
4546 struct wireless_dev *wdev,
4547 int link_id, bool pairwise)
4548 {
4549 if (pairwise) {
4550 if (link_id != -1) {
4551 GENL_SET_ERR_MSG(info,
4552 "link ID not allowed for pairwise key");
4553 return -EINVAL;
4554 }
4555
4556 return 0;
4557 }
4558
4559 if (wdev->valid_links) {
4560 if (link_id == -1) {
4561 GENL_SET_ERR_MSG(info,
4562 "link ID must for MLO group key");
4563 return -EINVAL;
4564 }
4565 if (!(wdev->valid_links & BIT(link_id))) {
4566 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
4567 return -EINVAL;
4568 }
4569 } else if (link_id != -1) {
4570 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
4571 return -EINVAL;
4572 }
4573
4574 return 0;
4575 }
4576
4577 struct get_key_cookie {
4578 struct sk_buff *msg;
4579 int error;
4580 int idx;
4581 };
4582
get_key_callback(void * c,struct key_params * params)4583 static void get_key_callback(void *c, struct key_params *params)
4584 {
4585 struct nlattr *key;
4586 struct get_key_cookie *cookie = c;
4587
4588 if ((params->seq &&
4589 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4590 params->seq_len, params->seq)) ||
4591 (params->cipher &&
4592 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4593 params->cipher)))
4594 goto nla_put_failure;
4595
4596 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4597 if (!key)
4598 goto nla_put_failure;
4599
4600 if ((params->seq &&
4601 nla_put(cookie->msg, NL80211_KEY_SEQ,
4602 params->seq_len, params->seq)) ||
4603 (params->cipher &&
4604 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4605 params->cipher)))
4606 goto nla_put_failure;
4607
4608 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4609 goto nla_put_failure;
4610
4611 nla_nest_end(cookie->msg, key);
4612
4613 return;
4614 nla_put_failure:
4615 cookie->error = 1;
4616 }
4617
nl80211_get_key(struct sk_buff * skb,struct genl_info * info)4618 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4619 {
4620 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4621 int err;
4622 struct net_device *dev = info->user_ptr[1];
4623 u8 key_idx = 0;
4624 const u8 *mac_addr = NULL;
4625 bool pairwise;
4626 struct get_key_cookie cookie = {
4627 .error = 0,
4628 };
4629 void *hdr;
4630 struct sk_buff *msg;
4631 bool bigtk_support = false;
4632 int link_id = nl80211_link_id_or_invalid(info->attrs);
4633 struct wireless_dev *wdev = dev->ieee80211_ptr;
4634
4635 if (wiphy_ext_feature_isset(&rdev->wiphy,
4636 NL80211_EXT_FEATURE_BEACON_PROTECTION))
4637 bigtk_support = true;
4638
4639 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
4640 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4641 wiphy_ext_feature_isset(&rdev->wiphy,
4642 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4643 bigtk_support = true;
4644
4645 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4646 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4647
4648 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4649 GENL_SET_ERR_MSG(info, "BIGTK not supported");
4650 return -EINVAL;
4651 }
4652 }
4653
4654 if (info->attrs[NL80211_ATTR_MAC])
4655 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4656
4657 pairwise = !!mac_addr;
4658 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4659 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4660
4661 if (kt != NL80211_KEYTYPE_GROUP &&
4662 kt != NL80211_KEYTYPE_PAIRWISE)
4663 return -EINVAL;
4664 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4665 }
4666
4667 if (!rdev->ops->get_key)
4668 return -EOPNOTSUPP;
4669
4670 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4671 return -ENOENT;
4672
4673 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4674 if (!msg)
4675 return -ENOMEM;
4676
4677 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4678 NL80211_CMD_NEW_KEY);
4679 if (!hdr)
4680 goto nla_put_failure;
4681
4682 cookie.msg = msg;
4683 cookie.idx = key_idx;
4684
4685 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4686 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4687 goto nla_put_failure;
4688 if (mac_addr &&
4689 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4690 goto nla_put_failure;
4691
4692 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
4693 if (err)
4694 goto free_msg;
4695
4696 err = rdev_get_key(rdev, dev, link_id, key_idx, pairwise, mac_addr,
4697 &cookie, get_key_callback);
4698
4699 if (err)
4700 goto free_msg;
4701
4702 if (cookie.error)
4703 goto nla_put_failure;
4704
4705 genlmsg_end(msg, hdr);
4706 return genlmsg_reply(msg, info);
4707
4708 nla_put_failure:
4709 err = -ENOBUFS;
4710 free_msg:
4711 nlmsg_free(msg);
4712 return err;
4713 }
4714
nl80211_set_key(struct sk_buff * skb,struct genl_info * info)4715 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4716 {
4717 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4718 struct key_parse key;
4719 int err;
4720 struct net_device *dev = info->user_ptr[1];
4721 int link_id = nl80211_link_id_or_invalid(info->attrs);
4722 struct wireless_dev *wdev = dev->ieee80211_ptr;
4723
4724 err = nl80211_parse_key(info, &key);
4725 if (err)
4726 return err;
4727
4728 if (key.idx < 0)
4729 return -EINVAL;
4730
4731 /* Only support setting default key and
4732 * Extended Key ID action NL80211_KEY_SET_TX.
4733 */
4734 if (!key.def && !key.defmgmt && !key.defbeacon &&
4735 !(key.p.mode == NL80211_KEY_SET_TX))
4736 return -EINVAL;
4737
4738 if (key.def) {
4739 if (!rdev->ops->set_default_key)
4740 return -EOPNOTSUPP;
4741
4742 err = nl80211_key_allowed(wdev);
4743 if (err)
4744 return err;
4745
4746 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4747 if (err)
4748 return err;
4749
4750 err = rdev_set_default_key(rdev, dev, link_id, key.idx,
4751 key.def_uni, key.def_multi);
4752
4753 if (err)
4754 return err;
4755
4756 #ifdef CONFIG_CFG80211_WEXT
4757 wdev->wext.default_key = key.idx;
4758 #endif
4759 return 0;
4760 } else if (key.defmgmt) {
4761 if (key.def_uni || !key.def_multi)
4762 return -EINVAL;
4763
4764 if (!rdev->ops->set_default_mgmt_key)
4765 return -EOPNOTSUPP;
4766
4767 err = nl80211_key_allowed(wdev);
4768 if (err)
4769 return err;
4770
4771 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4772 if (err)
4773 return err;
4774
4775 err = rdev_set_default_mgmt_key(rdev, dev, link_id, key.idx);
4776 if (err)
4777 return err;
4778
4779 #ifdef CONFIG_CFG80211_WEXT
4780 wdev->wext.default_mgmt_key = key.idx;
4781 #endif
4782 return 0;
4783 } else if (key.defbeacon) {
4784 if (key.def_uni || !key.def_multi)
4785 return -EINVAL;
4786
4787 if (!rdev->ops->set_default_beacon_key)
4788 return -EOPNOTSUPP;
4789
4790 err = nl80211_key_allowed(wdev);
4791 if (err)
4792 return err;
4793
4794 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
4795 if (err)
4796 return err;
4797
4798 return rdev_set_default_beacon_key(rdev, dev, link_id, key.idx);
4799 } else if (key.p.mode == NL80211_KEY_SET_TX &&
4800 wiphy_ext_feature_isset(&rdev->wiphy,
4801 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4802 u8 *mac_addr = NULL;
4803
4804 if (info->attrs[NL80211_ATTR_MAC])
4805 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4806
4807 if (!mac_addr || key.idx < 0 || key.idx > 1)
4808 return -EINVAL;
4809
4810 err = nl80211_validate_key_link_id(info, wdev, link_id, true);
4811 if (err)
4812 return err;
4813
4814 return rdev_add_key(rdev, dev, link_id, key.idx,
4815 NL80211_KEYTYPE_PAIRWISE,
4816 mac_addr, &key.p);
4817 }
4818
4819 return -EINVAL;
4820 }
4821
nl80211_new_key(struct sk_buff * skb,struct genl_info * info)4822 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4823 {
4824 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4825 int err;
4826 struct net_device *dev = info->user_ptr[1];
4827 struct key_parse key;
4828 const u8 *mac_addr = NULL;
4829 int link_id = nl80211_link_id_or_invalid(info->attrs);
4830 struct wireless_dev *wdev = dev->ieee80211_ptr;
4831
4832 err = nl80211_parse_key(info, &key);
4833 if (err)
4834 return err;
4835
4836 if (!key.p.key) {
4837 GENL_SET_ERR_MSG(info, "no key");
4838 return -EINVAL;
4839 }
4840
4841 if (info->attrs[NL80211_ATTR_MAC])
4842 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4843
4844 if (key.type == -1) {
4845 if (mac_addr)
4846 key.type = NL80211_KEYTYPE_PAIRWISE;
4847 else
4848 key.type = NL80211_KEYTYPE_GROUP;
4849 }
4850
4851 /* for now */
4852 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4853 key.type != NL80211_KEYTYPE_GROUP) {
4854 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4855 return -EINVAL;
4856 }
4857
4858 if (key.type == NL80211_KEYTYPE_GROUP &&
4859 info->attrs[NL80211_ATTR_VLAN_ID])
4860 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4861
4862 if (!rdev->ops->add_key)
4863 return -EOPNOTSUPP;
4864
4865 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4866 key.type == NL80211_KEYTYPE_PAIRWISE,
4867 mac_addr)) {
4868 GENL_SET_ERR_MSG(info, "key setting validation failed");
4869 return -EINVAL;
4870 }
4871
4872 err = nl80211_key_allowed(wdev);
4873 if (err)
4874 GENL_SET_ERR_MSG(info, "key not allowed");
4875
4876 if (!err)
4877 err = nl80211_validate_key_link_id(info, wdev, link_id,
4878 key.type == NL80211_KEYTYPE_PAIRWISE);
4879
4880 if (!err) {
4881 err = rdev_add_key(rdev, dev, link_id, key.idx,
4882 key.type == NL80211_KEYTYPE_PAIRWISE,
4883 mac_addr, &key.p);
4884 if (err)
4885 GENL_SET_ERR_MSG(info, "key addition failed");
4886 }
4887
4888 return err;
4889 }
4890
nl80211_del_key(struct sk_buff * skb,struct genl_info * info)4891 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4892 {
4893 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4894 int err;
4895 struct net_device *dev = info->user_ptr[1];
4896 u8 *mac_addr = NULL;
4897 struct key_parse key;
4898 int link_id = nl80211_link_id_or_invalid(info->attrs);
4899 struct wireless_dev *wdev = dev->ieee80211_ptr;
4900
4901 err = nl80211_parse_key(info, &key);
4902 if (err)
4903 return err;
4904
4905 if (info->attrs[NL80211_ATTR_MAC])
4906 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4907
4908 if (key.type == -1) {
4909 if (mac_addr)
4910 key.type = NL80211_KEYTYPE_PAIRWISE;
4911 else
4912 key.type = NL80211_KEYTYPE_GROUP;
4913 }
4914
4915 /* for now */
4916 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4917 key.type != NL80211_KEYTYPE_GROUP)
4918 return -EINVAL;
4919
4920 if (!cfg80211_valid_key_idx(rdev, key.idx,
4921 key.type == NL80211_KEYTYPE_PAIRWISE))
4922 return -EINVAL;
4923
4924 if (!rdev->ops->del_key)
4925 return -EOPNOTSUPP;
4926
4927 err = nl80211_key_allowed(wdev);
4928
4929 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4930 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4931 err = -ENOENT;
4932
4933 if (!err)
4934 err = nl80211_validate_key_link_id(info, wdev, link_id,
4935 key.type == NL80211_KEYTYPE_PAIRWISE);
4936
4937 if (!err)
4938 err = rdev_del_key(rdev, dev, link_id, key.idx,
4939 key.type == NL80211_KEYTYPE_PAIRWISE,
4940 mac_addr);
4941
4942 #ifdef CONFIG_CFG80211_WEXT
4943 if (!err) {
4944 if (key.idx == wdev->wext.default_key)
4945 wdev->wext.default_key = -1;
4946 else if (key.idx == wdev->wext.default_mgmt_key)
4947 wdev->wext.default_mgmt_key = -1;
4948 }
4949 #endif
4950
4951 return err;
4952 }
4953
4954 /* This function returns an error or the number of nested attributes */
validate_acl_mac_addrs(struct nlattr * nl_attr)4955 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4956 {
4957 struct nlattr *attr;
4958 int n_entries = 0, tmp;
4959
4960 nla_for_each_nested(attr, nl_attr, tmp) {
4961 if (nla_len(attr) != ETH_ALEN)
4962 return -EINVAL;
4963
4964 n_entries++;
4965 }
4966
4967 return n_entries;
4968 }
4969
4970 /*
4971 * This function parses ACL information and allocates memory for ACL data.
4972 * On successful return, the calling function is responsible to free the
4973 * ACL buffer returned by this function.
4974 */
parse_acl_data(struct wiphy * wiphy,struct genl_info * info)4975 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4976 struct genl_info *info)
4977 {
4978 enum nl80211_acl_policy acl_policy;
4979 struct nlattr *attr;
4980 struct cfg80211_acl_data *acl;
4981 int i = 0, n_entries, tmp;
4982
4983 if (!wiphy->max_acl_mac_addrs)
4984 return ERR_PTR(-EOPNOTSUPP);
4985
4986 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4987 return ERR_PTR(-EINVAL);
4988
4989 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4990 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4991 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4992 return ERR_PTR(-EINVAL);
4993
4994 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4995 return ERR_PTR(-EINVAL);
4996
4997 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4998 if (n_entries < 0)
4999 return ERR_PTR(n_entries);
5000
5001 if (n_entries > wiphy->max_acl_mac_addrs)
5002 return ERR_PTR(-EOPNOTSUPP);
5003
5004 acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
5005 if (!acl)
5006 return ERR_PTR(-ENOMEM);
5007 acl->n_acl_entries = n_entries;
5008
5009 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
5010 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
5011 i++;
5012 }
5013 acl->acl_policy = acl_policy;
5014
5015 return acl;
5016 }
5017
nl80211_set_mac_acl(struct sk_buff * skb,struct genl_info * info)5018 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
5019 {
5020 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5021 struct net_device *dev = info->user_ptr[1];
5022 struct cfg80211_acl_data *acl;
5023 int err;
5024
5025 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5026 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5027 return -EOPNOTSUPP;
5028
5029 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
5030 return -EINVAL;
5031
5032 acl = parse_acl_data(&rdev->wiphy, info);
5033 if (IS_ERR(acl))
5034 return PTR_ERR(acl);
5035
5036 err = rdev_set_mac_acl(rdev, dev, acl);
5037
5038 kfree(acl);
5039
5040 return err;
5041 }
5042
rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len)5043 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5044 u8 *rates, u8 rates_len)
5045 {
5046 u8 i;
5047 u32 mask = 0;
5048
5049 for (i = 0; i < rates_len; i++) {
5050 int rate = (rates[i] & 0x7f) * 5;
5051 int ridx;
5052
5053 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5054 struct ieee80211_rate *srate =
5055 &sband->bitrates[ridx];
5056 if (rate == srate->bitrate) {
5057 mask |= 1 << ridx;
5058 break;
5059 }
5060 }
5061 if (ridx == sband->n_bitrates)
5062 return 0; /* rate not found */
5063 }
5064
5065 return mask;
5066 }
5067
ht_rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len,u8 mcs[IEEE80211_HT_MCS_MASK_LEN])5068 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5069 u8 *rates, u8 rates_len,
5070 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5071 {
5072 u8 i;
5073
5074 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5075
5076 for (i = 0; i < rates_len; i++) {
5077 int ridx, rbit;
5078
5079 ridx = rates[i] / 8;
5080 rbit = BIT(rates[i] % 8);
5081
5082 /* check validity */
5083 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5084 return false;
5085
5086 /* check availability */
5087 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
5088 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5089 mcs[ridx] |= rbit;
5090 else
5091 return false;
5092 }
5093
5094 return true;
5095 }
5096
vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)5097 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
5098 {
5099 u16 mcs_mask = 0;
5100
5101 switch (vht_mcs_map) {
5102 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
5103 break;
5104 case IEEE80211_VHT_MCS_SUPPORT_0_7:
5105 mcs_mask = 0x00FF;
5106 break;
5107 case IEEE80211_VHT_MCS_SUPPORT_0_8:
5108 mcs_mask = 0x01FF;
5109 break;
5110 case IEEE80211_VHT_MCS_SUPPORT_0_9:
5111 mcs_mask = 0x03FF;
5112 break;
5113 default:
5114 break;
5115 }
5116
5117 return mcs_mask;
5118 }
5119
vht_build_mcs_mask(u16 vht_mcs_map,u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])5120 static void vht_build_mcs_mask(u16 vht_mcs_map,
5121 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
5122 {
5123 u8 nss;
5124
5125 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5126 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5127 vht_mcs_map >>= 2;
5128 }
5129 }
5130
vht_set_mcs_mask(struct ieee80211_supported_band * sband,struct nl80211_txrate_vht * txrate,u16 mcs[NL80211_VHT_NSS_MAX])5131 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5132 struct nl80211_txrate_vht *txrate,
5133 u16 mcs[NL80211_VHT_NSS_MAX])
5134 {
5135 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5136 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5137 u8 i;
5138
5139 if (!sband->vht_cap.vht_supported)
5140 return false;
5141
5142 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5143
5144 /* Build vht_mcs_mask from VHT capabilities */
5145 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5146
5147 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5148 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5149 mcs[i] = txrate->mcs[i];
5150 else
5151 return false;
5152 }
5153
5154 return true;
5155 }
5156
he_mcs_map_to_mcs_mask(u8 he_mcs_map)5157 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5158 {
5159 switch (he_mcs_map) {
5160 case IEEE80211_HE_MCS_NOT_SUPPORTED:
5161 return 0;
5162 case IEEE80211_HE_MCS_SUPPORT_0_7:
5163 return 0x00FF;
5164 case IEEE80211_HE_MCS_SUPPORT_0_9:
5165 return 0x03FF;
5166 case IEEE80211_HE_MCS_SUPPORT_0_11:
5167 return 0xFFF;
5168 default:
5169 break;
5170 }
5171 return 0;
5172 }
5173
he_build_mcs_mask(u16 he_mcs_map,u16 he_mcs_mask[NL80211_HE_NSS_MAX])5174 static void he_build_mcs_mask(u16 he_mcs_map,
5175 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5176 {
5177 u8 nss;
5178
5179 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5180 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5181 he_mcs_map >>= 2;
5182 }
5183 }
5184
he_get_txmcsmap(struct genl_info * info,unsigned int link_id,const struct ieee80211_sta_he_cap * he_cap)5185 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5186 const struct ieee80211_sta_he_cap *he_cap)
5187 {
5188 struct net_device *dev = info->user_ptr[1];
5189 struct wireless_dev *wdev = dev->ieee80211_ptr;
5190 struct cfg80211_chan_def *chandef;
5191 __le16 tx_mcs;
5192
5193 chandef = wdev_chandef(wdev, link_id);
5194 if (!chandef) {
5195 /*
5196 * This is probably broken, but we never maintained
5197 * a chandef in these cases, so it always was.
5198 */
5199 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5200 }
5201
5202 switch (chandef->width) {
5203 case NL80211_CHAN_WIDTH_80P80:
5204 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5205 break;
5206 case NL80211_CHAN_WIDTH_160:
5207 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5208 break;
5209 default:
5210 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5211 break;
5212 }
5213
5214 return le16_to_cpu(tx_mcs);
5215 }
5216
he_set_mcs_mask(struct genl_info * info,struct wireless_dev * wdev,struct ieee80211_supported_band * sband,struct nl80211_txrate_he * txrate,u16 mcs[NL80211_HE_NSS_MAX],unsigned int link_id)5217 static bool he_set_mcs_mask(struct genl_info *info,
5218 struct wireless_dev *wdev,
5219 struct ieee80211_supported_band *sband,
5220 struct nl80211_txrate_he *txrate,
5221 u16 mcs[NL80211_HE_NSS_MAX],
5222 unsigned int link_id)
5223 {
5224 const struct ieee80211_sta_he_cap *he_cap;
5225 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5226 u16 tx_mcs_map = 0;
5227 u8 i;
5228
5229 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5230 if (!he_cap)
5231 return false;
5232
5233 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5234
5235 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5236
5237 /* Build he_mcs_mask from HE capabilities */
5238 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5239
5240 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5241 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5242 mcs[i] = txrate->mcs[i];
5243 else
5244 return false;
5245 }
5246
5247 return true;
5248 }
5249
nl80211_parse_tx_bitrate_mask(struct genl_info * info,struct nlattr * attrs[],enum nl80211_attrs attr,struct cfg80211_bitrate_mask * mask,struct net_device * dev,bool default_all_enabled,unsigned int link_id)5250 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
5251 struct nlattr *attrs[],
5252 enum nl80211_attrs attr,
5253 struct cfg80211_bitrate_mask *mask,
5254 struct net_device *dev,
5255 bool default_all_enabled,
5256 unsigned int link_id)
5257 {
5258 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5259 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5260 struct wireless_dev *wdev = dev->ieee80211_ptr;
5261 int rem, i;
5262 struct nlattr *tx_rates;
5263 struct ieee80211_supported_band *sband;
5264 u16 vht_tx_mcs_map, he_tx_mcs_map;
5265
5266 memset(mask, 0, sizeof(*mask));
5267 /* Default to all rates enabled */
5268 for (i = 0; i < NUM_NL80211_BANDS; i++) {
5269 const struct ieee80211_sta_he_cap *he_cap;
5270
5271 if (!default_all_enabled)
5272 break;
5273
5274 sband = rdev->wiphy.bands[i];
5275
5276 if (!sband)
5277 continue;
5278
5279 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
5280 memcpy(mask->control[i].ht_mcs,
5281 sband->ht_cap.mcs.rx_mask,
5282 sizeof(mask->control[i].ht_mcs));
5283
5284 if (sband->vht_cap.vht_supported) {
5285 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5286 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
5287 }
5288
5289 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5290 if (!he_cap)
5291 continue;
5292
5293 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5294 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
5295
5296 mask->control[i].he_gi = 0xFF;
5297 mask->control[i].he_ltf = 0xFF;
5298 }
5299
5300 /* if no rates are given set it back to the defaults */
5301 if (!attrs[attr])
5302 goto out;
5303
5304 /* The nested attribute uses enum nl80211_band as the index. This maps
5305 * directly to the enum nl80211_band values used in cfg80211.
5306 */
5307 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5308 nla_for_each_nested(tx_rates, attrs[attr], rem) {
5309 enum nl80211_band band = nla_type(tx_rates);
5310 int err;
5311
5312 if (band < 0 || band >= NUM_NL80211_BANDS)
5313 return -EINVAL;
5314 sband = rdev->wiphy.bands[band];
5315 if (sband == NULL)
5316 return -EINVAL;
5317 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
5318 tx_rates,
5319 nl80211_txattr_policy,
5320 info->extack);
5321 if (err)
5322 return err;
5323 if (tb[NL80211_TXRATE_LEGACY]) {
5324 mask->control[band].legacy = rateset_to_mask(
5325 sband,
5326 nla_data(tb[NL80211_TXRATE_LEGACY]),
5327 nla_len(tb[NL80211_TXRATE_LEGACY]));
5328 if ((mask->control[band].legacy == 0) &&
5329 nla_len(tb[NL80211_TXRATE_LEGACY]))
5330 return -EINVAL;
5331 }
5332 if (tb[NL80211_TXRATE_HT]) {
5333 if (!ht_rateset_to_mask(
5334 sband,
5335 nla_data(tb[NL80211_TXRATE_HT]),
5336 nla_len(tb[NL80211_TXRATE_HT]),
5337 mask->control[band].ht_mcs))
5338 return -EINVAL;
5339 }
5340
5341 if (tb[NL80211_TXRATE_VHT]) {
5342 if (!vht_set_mcs_mask(
5343 sband,
5344 nla_data(tb[NL80211_TXRATE_VHT]),
5345 mask->control[band].vht_mcs))
5346 return -EINVAL;
5347 }
5348
5349 if (tb[NL80211_TXRATE_GI]) {
5350 mask->control[band].gi =
5351 nla_get_u8(tb[NL80211_TXRATE_GI]);
5352 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
5353 return -EINVAL;
5354 }
5355 if (tb[NL80211_TXRATE_HE] &&
5356 !he_set_mcs_mask(info, wdev, sband,
5357 nla_data(tb[NL80211_TXRATE_HE]),
5358 mask->control[band].he_mcs,
5359 link_id))
5360 return -EINVAL;
5361
5362 if (tb[NL80211_TXRATE_HE_GI])
5363 mask->control[band].he_gi =
5364 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
5365 if (tb[NL80211_TXRATE_HE_LTF])
5366 mask->control[band].he_ltf =
5367 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
5368
5369 if (mask->control[band].legacy == 0) {
5370 /* don't allow empty legacy rates if HT, VHT or HE
5371 * are not even supported.
5372 */
5373 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
5374 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
5375 ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
5376 return -EINVAL;
5377
5378 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5379 if (mask->control[band].ht_mcs[i])
5380 goto out;
5381
5382 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
5383 if (mask->control[band].vht_mcs[i])
5384 goto out;
5385
5386 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
5387 if (mask->control[band].he_mcs[i])
5388 goto out;
5389
5390 /* legacy and mcs rates may not be both empty */
5391 return -EINVAL;
5392 }
5393 }
5394
5395 out:
5396 return 0;
5397 }
5398
validate_beacon_tx_rate(struct cfg80211_registered_device * rdev,enum nl80211_band band,struct cfg80211_bitrate_mask * beacon_rate)5399 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
5400 enum nl80211_band band,
5401 struct cfg80211_bitrate_mask *beacon_rate)
5402 {
5403 u32 count_ht, count_vht, count_he, i;
5404 u32 rate = beacon_rate->control[band].legacy;
5405
5406 /* Allow only one rate */
5407 if (hweight32(rate) > 1)
5408 return -EINVAL;
5409
5410 count_ht = 0;
5411 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5412 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
5413 return -EINVAL;
5414 } else if (beacon_rate->control[band].ht_mcs[i]) {
5415 count_ht++;
5416 if (count_ht > 1)
5417 return -EINVAL;
5418 }
5419 if (count_ht && rate)
5420 return -EINVAL;
5421 }
5422
5423 count_vht = 0;
5424 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5425 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
5426 return -EINVAL;
5427 } else if (beacon_rate->control[band].vht_mcs[i]) {
5428 count_vht++;
5429 if (count_vht > 1)
5430 return -EINVAL;
5431 }
5432 if (count_vht && rate)
5433 return -EINVAL;
5434 }
5435
5436 count_he = 0;
5437 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5438 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
5439 return -EINVAL;
5440 } else if (beacon_rate->control[band].he_mcs[i]) {
5441 count_he++;
5442 if (count_he > 1)
5443 return -EINVAL;
5444 }
5445 if (count_he && rate)
5446 return -EINVAL;
5447 }
5448
5449 if ((count_ht && count_vht && count_he) ||
5450 (!rate && !count_ht && !count_vht && !count_he))
5451 return -EINVAL;
5452
5453 if (rate &&
5454 !wiphy_ext_feature_isset(&rdev->wiphy,
5455 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
5456 return -EINVAL;
5457 if (count_ht &&
5458 !wiphy_ext_feature_isset(&rdev->wiphy,
5459 NL80211_EXT_FEATURE_BEACON_RATE_HT))
5460 return -EINVAL;
5461 if (count_vht &&
5462 !wiphy_ext_feature_isset(&rdev->wiphy,
5463 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
5464 return -EINVAL;
5465 if (count_he &&
5466 !wiphy_ext_feature_isset(&rdev->wiphy,
5467 NL80211_EXT_FEATURE_BEACON_RATE_HE))
5468 return -EINVAL;
5469
5470 return 0;
5471 }
5472
nl80211_parse_mbssid_config(struct wiphy * wiphy,struct net_device * dev,struct nlattr * attrs,struct cfg80211_mbssid_config * config,u8 num_elems)5473 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
5474 struct net_device *dev,
5475 struct nlattr *attrs,
5476 struct cfg80211_mbssid_config *config,
5477 u8 num_elems)
5478 {
5479 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
5480
5481 if (!wiphy->mbssid_max_interfaces)
5482 return -EOPNOTSUPP;
5483
5484 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
5485 NULL) ||
5486 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
5487 return -EINVAL;
5488
5489 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
5490 if (config->ema) {
5491 if (!wiphy->ema_max_profile_periodicity)
5492 return -EOPNOTSUPP;
5493
5494 if (num_elems > wiphy->ema_max_profile_periodicity)
5495 return -EINVAL;
5496 }
5497
5498 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
5499 if (config->index >= wiphy->mbssid_max_interfaces ||
5500 (!config->index && !num_elems))
5501 return -EINVAL;
5502
5503 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
5504 u32 tx_ifindex =
5505 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
5506
5507 if ((!config->index && tx_ifindex != dev->ifindex) ||
5508 (config->index && tx_ifindex == dev->ifindex))
5509 return -EINVAL;
5510
5511 if (tx_ifindex != dev->ifindex) {
5512 struct net_device *tx_netdev =
5513 dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
5514
5515 if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
5516 tx_netdev->ieee80211_ptr->wiphy != wiphy ||
5517 tx_netdev->ieee80211_ptr->iftype !=
5518 NL80211_IFTYPE_AP) {
5519 dev_put(tx_netdev);
5520 return -EINVAL;
5521 }
5522
5523 config->tx_wdev = tx_netdev->ieee80211_ptr;
5524 } else {
5525 config->tx_wdev = dev->ieee80211_ptr;
5526 }
5527 } else if (!config->index) {
5528 config->tx_wdev = dev->ieee80211_ptr;
5529 } else {
5530 return -EINVAL;
5531 }
5532
5533 return 0;
5534 }
5535
5536 static struct cfg80211_mbssid_elems *
nl80211_parse_mbssid_elems(struct wiphy * wiphy,struct nlattr * attrs)5537 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
5538 {
5539 struct nlattr *nl_elems;
5540 struct cfg80211_mbssid_elems *elems;
5541 int rem_elems;
5542 u8 i = 0, num_elems = 0;
5543
5544 if (!wiphy->mbssid_max_interfaces)
5545 return ERR_PTR(-EINVAL);
5546
5547 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5548 if (num_elems >= 255)
5549 return ERR_PTR(-EINVAL);
5550 num_elems++;
5551 }
5552
5553 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5554 if (!elems)
5555 return ERR_PTR(-ENOMEM);
5556 elems->cnt = num_elems;
5557
5558 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5559 elems->elem[i].data = nla_data(nl_elems);
5560 elems->elem[i].len = nla_len(nl_elems);
5561 i++;
5562 }
5563 return elems;
5564 }
5565
5566 static struct cfg80211_rnr_elems *
nl80211_parse_rnr_elems(struct wiphy * wiphy,struct nlattr * attrs,struct netlink_ext_ack * extack)5567 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
5568 struct netlink_ext_ack *extack)
5569 {
5570 struct nlattr *nl_elems;
5571 struct cfg80211_rnr_elems *elems;
5572 int rem_elems;
5573 u8 i = 0, num_elems = 0;
5574
5575 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5576 int ret;
5577
5578 ret = validate_ie_attr(nl_elems, extack);
5579 if (ret)
5580 return ERR_PTR(ret);
5581
5582 num_elems++;
5583 }
5584
5585 elems = kzalloc(struct_size(elems, elem, num_elems), GFP_KERNEL);
5586 if (!elems)
5587 return ERR_PTR(-ENOMEM);
5588 elems->cnt = num_elems;
5589
5590 nla_for_each_nested(nl_elems, attrs, rem_elems) {
5591 elems->elem[i].data = nla_data(nl_elems);
5592 elems->elem[i].len = nla_len(nl_elems);
5593 i++;
5594 }
5595 return elems;
5596 }
5597
nl80211_parse_he_bss_color(struct nlattr * attrs,struct cfg80211_he_bss_color * he_bss_color)5598 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5599 struct cfg80211_he_bss_color *he_bss_color)
5600 {
5601 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5602 int err;
5603
5604 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5605 he_bss_color_policy, NULL);
5606 if (err)
5607 return err;
5608
5609 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5610 return -EINVAL;
5611
5612 he_bss_color->color =
5613 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5614 he_bss_color->enabled =
5615 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5616 he_bss_color->partial =
5617 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5618
5619 return 0;
5620 }
5621
nl80211_parse_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct cfg80211_beacon_data * bcn,struct netlink_ext_ack * extack)5622 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
5623 struct nlattr *attrs[],
5624 struct cfg80211_beacon_data *bcn,
5625 struct netlink_ext_ack *extack)
5626 {
5627 bool haveinfo = false;
5628 int err;
5629
5630 memset(bcn, 0, sizeof(*bcn));
5631
5632 bcn->link_id = nl80211_link_id(attrs);
5633
5634 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
5635 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
5636 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
5637 if (!bcn->head_len)
5638 return -EINVAL;
5639 haveinfo = true;
5640 }
5641
5642 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
5643 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
5644 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
5645 haveinfo = true;
5646 }
5647
5648 if (!haveinfo)
5649 return -EINVAL;
5650
5651 if (attrs[NL80211_ATTR_IE]) {
5652 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
5653 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
5654 }
5655
5656 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
5657 bcn->proberesp_ies =
5658 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5659 bcn->proberesp_ies_len =
5660 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
5661 }
5662
5663 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
5664 bcn->assocresp_ies =
5665 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5666 bcn->assocresp_ies_len =
5667 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
5668 }
5669
5670 if (attrs[NL80211_ATTR_PROBE_RESP]) {
5671 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5672 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5673 }
5674
5675 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5676 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5677
5678 err = nla_parse_nested_deprecated(tb,
5679 NL80211_FTM_RESP_ATTR_MAX,
5680 attrs[NL80211_ATTR_FTM_RESPONDER],
5681 NULL, NULL);
5682 if (err)
5683 return err;
5684
5685 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5686 wiphy_ext_feature_isset(&rdev->wiphy,
5687 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5688 bcn->ftm_responder = 1;
5689 else
5690 return -EOPNOTSUPP;
5691
5692 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5693 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5694 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5695 }
5696
5697 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5698 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5699 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5700 }
5701 } else {
5702 bcn->ftm_responder = -1;
5703 }
5704
5705 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5706 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
5707 &bcn->he_bss_color);
5708 if (err)
5709 return err;
5710 bcn->he_bss_color_valid = true;
5711 }
5712
5713 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
5714 struct cfg80211_mbssid_elems *mbssid =
5715 nl80211_parse_mbssid_elems(&rdev->wiphy,
5716 attrs[NL80211_ATTR_MBSSID_ELEMS]);
5717
5718 if (IS_ERR(mbssid))
5719 return PTR_ERR(mbssid);
5720
5721 bcn->mbssid_ies = mbssid;
5722
5723 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
5724 struct cfg80211_rnr_elems *rnr =
5725 nl80211_parse_rnr_elems(&rdev->wiphy,
5726 attrs[NL80211_ATTR_EMA_RNR_ELEMS],
5727 extack);
5728
5729 if (IS_ERR(rnr))
5730 return PTR_ERR(rnr);
5731
5732 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
5733 return -EINVAL;
5734
5735 bcn->rnr_ies = rnr;
5736 }
5737 }
5738
5739 return 0;
5740 }
5741
nl80211_parse_he_obss_pd(struct nlattr * attrs,struct ieee80211_he_obss_pd * he_obss_pd)5742 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5743 struct ieee80211_he_obss_pd *he_obss_pd)
5744 {
5745 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5746 int err;
5747
5748 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5749 he_obss_pd_policy, NULL);
5750 if (err)
5751 return err;
5752
5753 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5754 return -EINVAL;
5755
5756 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5757
5758 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5759 he_obss_pd->min_offset =
5760 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5761 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5762 he_obss_pd->max_offset =
5763 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5764 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5765 he_obss_pd->non_srg_max_offset =
5766 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5767
5768 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5769 return -EINVAL;
5770
5771 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5772 memcpy(he_obss_pd->bss_color_bitmap,
5773 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5774 sizeof(he_obss_pd->bss_color_bitmap));
5775
5776 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5777 memcpy(he_obss_pd->partial_bssid_bitmap,
5778 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5779 sizeof(he_obss_pd->partial_bssid_bitmap));
5780
5781 he_obss_pd->enable = true;
5782
5783 return 0;
5784 }
5785
nl80211_parse_fils_discovery(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_fils_discovery * fd)5786 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5787 struct nlattr *attrs,
5788 struct cfg80211_fils_discovery *fd)
5789 {
5790 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5791 int ret;
5792
5793 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5794 NL80211_EXT_FEATURE_FILS_DISCOVERY))
5795 return -EINVAL;
5796
5797 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5798 NULL, NULL);
5799 if (ret)
5800 return ret;
5801
5802 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
5803 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
5804 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
5805 fd->update = true;
5806 return 0;
5807 }
5808
5809 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5810 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5811 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5812 return -EINVAL;
5813
5814 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5815 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5816 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5817 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5818 fd->update = true;
5819 return 0;
5820 }
5821
5822 static int
nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_unsol_bcast_probe_resp * presp)5823 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5824 struct nlattr *attrs,
5825 struct cfg80211_unsol_bcast_probe_resp *presp)
5826 {
5827 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5828 int ret;
5829
5830 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5831 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5832 return -EINVAL;
5833
5834 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5835 attrs, NULL, NULL);
5836 if (ret)
5837 return ret;
5838
5839 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
5840 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
5841 presp->update = true;
5842 return 0;
5843 }
5844
5845 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5846 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5847 return -EINVAL;
5848
5849 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5850 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5851 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5852 presp->update = true;
5853 return 0;
5854 }
5855
nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings * params,const struct element * rates)5856 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5857 const struct element *rates)
5858 {
5859 int i;
5860
5861 if (!rates)
5862 return;
5863
5864 for (i = 0; i < rates->datalen; i++) {
5865 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5866 params->ht_required = true;
5867 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5868 params->vht_required = true;
5869 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5870 params->he_required = true;
5871 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5872 params->sae_h2e_required = true;
5873 }
5874 }
5875
5876 /*
5877 * Since the nl80211 API didn't include, from the beginning, attributes about
5878 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
5879 * benefit of drivers that rebuild IEs in the firmware.
5880 */
nl80211_calculate_ap_params(struct cfg80211_ap_settings * params)5881 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5882 {
5883 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
5884 size_t ies_len = bcn->tail_len;
5885 const u8 *ies = bcn->tail;
5886 const struct element *rates;
5887 const struct element *cap;
5888
5889 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
5890 nl80211_check_ap_rate_selectors(params, rates);
5891
5892 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5893 nl80211_check_ap_rate_selectors(params, rates);
5894
5895 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5896 if (cap && cap->datalen >= sizeof(*params->ht_cap))
5897 params->ht_cap = (void *)cap->data;
5898 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5899 if (cap && cap->datalen >= sizeof(*params->vht_cap))
5900 params->vht_cap = (void *)cap->data;
5901 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5902 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1)
5903 params->he_cap = (void *)(cap->data + 1);
5904 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5905 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1)
5906 params->he_oper = (void *)(cap->data + 1);
5907 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
5908 if (cap) {
5909 if (!cap->datalen)
5910 return -EINVAL;
5911 params->eht_cap = (void *)(cap->data + 1);
5912 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
5913 (const u8 *)params->eht_cap,
5914 cap->datalen - 1, true))
5915 return -EINVAL;
5916 }
5917 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
5918 if (cap) {
5919 if (!cap->datalen)
5920 return -EINVAL;
5921 params->eht_oper = (void *)(cap->data + 1);
5922 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper,
5923 cap->datalen - 1))
5924 return -EINVAL;
5925 }
5926 return 0;
5927 }
5928
nl80211_get_ap_channel(struct cfg80211_registered_device * rdev,struct cfg80211_ap_settings * params)5929 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5930 struct cfg80211_ap_settings *params)
5931 {
5932 struct wireless_dev *wdev;
5933
5934 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5935 if (wdev->iftype != NL80211_IFTYPE_AP &&
5936 wdev->iftype != NL80211_IFTYPE_P2P_GO)
5937 continue;
5938
5939 if (!wdev->u.ap.preset_chandef.chan)
5940 continue;
5941
5942 params->chandef = wdev->u.ap.preset_chandef;
5943 return true;
5944 }
5945
5946 return false;
5947 }
5948
nl80211_valid_auth_type(struct cfg80211_registered_device * rdev,enum nl80211_auth_type auth_type,enum nl80211_commands cmd)5949 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5950 enum nl80211_auth_type auth_type,
5951 enum nl80211_commands cmd)
5952 {
5953 if (auth_type > NL80211_AUTHTYPE_MAX)
5954 return false;
5955
5956 switch (cmd) {
5957 case NL80211_CMD_AUTHENTICATE:
5958 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5959 auth_type == NL80211_AUTHTYPE_SAE)
5960 return false;
5961 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5962 NL80211_EXT_FEATURE_FILS_STA) &&
5963 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5964 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5965 auth_type == NL80211_AUTHTYPE_FILS_PK))
5966 return false;
5967 return true;
5968 case NL80211_CMD_CONNECT:
5969 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5970 !wiphy_ext_feature_isset(&rdev->wiphy,
5971 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
5972 auth_type == NL80211_AUTHTYPE_SAE)
5973 return false;
5974
5975 /* FILS with SK PFS or PK not supported yet */
5976 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5977 auth_type == NL80211_AUTHTYPE_FILS_PK)
5978 return false;
5979 if (!wiphy_ext_feature_isset(
5980 &rdev->wiphy,
5981 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
5982 auth_type == NL80211_AUTHTYPE_FILS_SK)
5983 return false;
5984 return true;
5985 case NL80211_CMD_START_AP:
5986 if (!wiphy_ext_feature_isset(&rdev->wiphy,
5987 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
5988 auth_type == NL80211_AUTHTYPE_SAE)
5989 return false;
5990 /* FILS not supported yet */
5991 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5992 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5993 auth_type == NL80211_AUTHTYPE_FILS_PK)
5994 return false;
5995 return true;
5996 default:
5997 return false;
5998 }
5999 }
6000
nl80211_send_ap_started(struct wireless_dev * wdev,unsigned int link_id)6001 static void nl80211_send_ap_started(struct wireless_dev *wdev,
6002 unsigned int link_id)
6003 {
6004 struct wiphy *wiphy = wdev->wiphy;
6005 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6006 struct sk_buff *msg;
6007 void *hdr;
6008
6009 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6010 if (!msg)
6011 return;
6012
6013 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
6014 if (!hdr)
6015 goto out;
6016
6017 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6018 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
6019 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
6020 NL80211_ATTR_PAD) ||
6021 (wdev->u.ap.ssid_len &&
6022 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
6023 wdev->u.ap.ssid)) ||
6024 (wdev->valid_links &&
6025 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
6026 goto out;
6027
6028 genlmsg_end(msg, hdr);
6029
6030 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
6031 NL80211_MCGRP_MLME, GFP_KERNEL);
6032 return;
6033 out:
6034 nlmsg_free(msg);
6035 }
6036
nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings * params)6037 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
6038 {
6039 struct ieee80211_channel *channel = params->chandef.chan;
6040
6041 if ((params->he_cap || params->he_oper) &&
6042 (channel->flags & IEEE80211_CHAN_NO_HE))
6043 return -EOPNOTSUPP;
6044
6045 if ((params->eht_cap || params->eht_oper) &&
6046 (channel->flags & IEEE80211_CHAN_NO_EHT))
6047 return -EOPNOTSUPP;
6048
6049 return 0;
6050 }
6051
nl80211_start_ap(struct sk_buff * skb,struct genl_info * info)6052 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
6053 {
6054 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6055 struct cfg80211_beaconing_check_config beacon_check = {};
6056 unsigned int link_id = nl80211_link_id(info->attrs);
6057 struct net_device *dev = info->user_ptr[1];
6058 struct wireless_dev *wdev = dev->ieee80211_ptr;
6059 struct cfg80211_ap_settings *params;
6060 int err;
6061
6062 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6063 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6064 return -EOPNOTSUPP;
6065
6066 if (!rdev->ops->start_ap)
6067 return -EOPNOTSUPP;
6068
6069 if (wdev->links[link_id].cac_started)
6070 return -EBUSY;
6071
6072 if (wdev->links[link_id].ap.beacon_interval)
6073 return -EALREADY;
6074
6075 /* these are required for START_AP */
6076 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
6077 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
6078 !info->attrs[NL80211_ATTR_BEACON_HEAD])
6079 return -EINVAL;
6080
6081 params = kzalloc(sizeof(*params), GFP_KERNEL);
6082 if (!params)
6083 return -ENOMEM;
6084
6085 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6086 info->extack);
6087 if (err)
6088 goto out;
6089
6090 params->beacon_interval =
6091 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6092 params->dtim_period =
6093 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
6094
6095 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
6096 params->beacon_interval);
6097 if (err)
6098 goto out;
6099
6100 /*
6101 * In theory, some of these attributes should be required here
6102 * but since they were not used when the command was originally
6103 * added, keep them optional for old user space programs to let
6104 * them continue to work with drivers that do not need the
6105 * additional information -- drivers must check!
6106 */
6107 if (info->attrs[NL80211_ATTR_SSID]) {
6108 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6109 params->ssid_len =
6110 nla_len(info->attrs[NL80211_ATTR_SSID]);
6111 if (params->ssid_len == 0) {
6112 err = -EINVAL;
6113 goto out;
6114 }
6115
6116 if (wdev->u.ap.ssid_len &&
6117 (wdev->u.ap.ssid_len != params->ssid_len ||
6118 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
6119 /* require identical SSID for MLO */
6120 err = -EINVAL;
6121 goto out;
6122 }
6123 } else if (wdev->valid_links) {
6124 /* require SSID for MLO */
6125 err = -EINVAL;
6126 goto out;
6127 }
6128
6129 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
6130 params->hidden_ssid = nla_get_u32(
6131 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
6132
6133 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6134
6135 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6136 params->auth_type = nla_get_u32(
6137 info->attrs[NL80211_ATTR_AUTH_TYPE]);
6138 if (!nl80211_valid_auth_type(rdev, params->auth_type,
6139 NL80211_CMD_START_AP)) {
6140 err = -EINVAL;
6141 goto out;
6142 }
6143 } else
6144 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6145
6146 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto,
6147 NL80211_MAX_NR_CIPHER_SUITES);
6148 if (err)
6149 goto out;
6150
6151 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
6152 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
6153 err = -EOPNOTSUPP;
6154 goto out;
6155 }
6156 params->inactivity_timeout = nla_get_u16(
6157 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
6158 }
6159
6160 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6161 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6162 err = -EINVAL;
6163 goto out;
6164 }
6165 params->p2p_ctwindow =
6166 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6167 if (params->p2p_ctwindow != 0 &&
6168 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
6169 err = -EINVAL;
6170 goto out;
6171 }
6172 }
6173
6174 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6175 u8 tmp;
6176
6177 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6178 err = -EINVAL;
6179 goto out;
6180 }
6181 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6182 params->p2p_opp_ps = tmp;
6183 if (params->p2p_opp_ps != 0 &&
6184 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
6185 err = -EINVAL;
6186 goto out;
6187 }
6188 }
6189
6190 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6191 err = nl80211_parse_chandef(rdev, info, ¶ms->chandef);
6192 if (err)
6193 goto out;
6194 } else if (wdev->valid_links) {
6195 /* with MLD need to specify the channel configuration */
6196 err = -EINVAL;
6197 goto out;
6198 } else if (wdev->u.ap.preset_chandef.chan) {
6199 params->chandef = wdev->u.ap.preset_chandef;
6200 } else if (!nl80211_get_ap_channel(rdev, params)) {
6201 err = -EINVAL;
6202 goto out;
6203 }
6204
6205 beacon_check.iftype = wdev->iftype;
6206 beacon_check.relax = true;
6207 beacon_check.reg_power =
6208 cfg80211_get_6ghz_power_type(params->beacon.tail,
6209 params->beacon.tail_len);
6210 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, ¶ms->chandef,
6211 &beacon_check)) {
6212 err = -EINVAL;
6213 goto out;
6214 }
6215
6216 if (info->attrs[NL80211_ATTR_TX_RATES]) {
6217 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
6218 NL80211_ATTR_TX_RATES,
6219 ¶ms->beacon_rate,
6220 dev, false, link_id);
6221 if (err)
6222 goto out;
6223
6224 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
6225 ¶ms->beacon_rate);
6226 if (err)
6227 goto out;
6228 }
6229
6230 if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
6231 params->smps_mode =
6232 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
6233 switch (params->smps_mode) {
6234 case NL80211_SMPS_OFF:
6235 break;
6236 case NL80211_SMPS_STATIC:
6237 if (!(rdev->wiphy.features &
6238 NL80211_FEATURE_STATIC_SMPS)) {
6239 err = -EINVAL;
6240 goto out;
6241 }
6242 break;
6243 case NL80211_SMPS_DYNAMIC:
6244 if (!(rdev->wiphy.features &
6245 NL80211_FEATURE_DYNAMIC_SMPS)) {
6246 err = -EINVAL;
6247 goto out;
6248 }
6249 break;
6250 default:
6251 err = -EINVAL;
6252 goto out;
6253 }
6254 } else {
6255 params->smps_mode = NL80211_SMPS_OFF;
6256 }
6257
6258 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
6259 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
6260 err = -EOPNOTSUPP;
6261 goto out;
6262 }
6263
6264 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
6265 params->acl = parse_acl_data(&rdev->wiphy, info);
6266 if (IS_ERR(params->acl)) {
6267 err = PTR_ERR(params->acl);
6268 params->acl = NULL;
6269 goto out;
6270 }
6271 }
6272
6273 params->twt_responder =
6274 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
6275
6276 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
6277 err = nl80211_parse_he_obss_pd(
6278 info->attrs[NL80211_ATTR_HE_OBSS_PD],
6279 ¶ms->he_obss_pd);
6280 if (err)
6281 goto out;
6282 }
6283
6284 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
6285 err = nl80211_parse_fils_discovery(rdev,
6286 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
6287 ¶ms->fils_discovery);
6288 if (err)
6289 goto out;
6290 }
6291
6292 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
6293 err = nl80211_parse_unsol_bcast_probe_resp(
6294 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
6295 ¶ms->unsol_bcast_probe_resp);
6296 if (err)
6297 goto out;
6298 }
6299
6300 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
6301 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev,
6302 info->attrs[NL80211_ATTR_MBSSID_CONFIG],
6303 ¶ms->mbssid_config,
6304 params->beacon.mbssid_ies ?
6305 params->beacon.mbssid_ies->cnt :
6306 0);
6307 if (err)
6308 goto out;
6309 }
6310
6311 if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
6312 err = -EINVAL;
6313 goto out;
6314 }
6315
6316 err = nl80211_calculate_ap_params(params);
6317 if (err)
6318 goto out;
6319
6320 err = nl80211_validate_ap_phy_operation(params);
6321 if (err)
6322 goto out;
6323
6324 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
6325 params->flags = nla_get_u32(
6326 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
6327 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
6328 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
6329
6330 if (wdev->conn_owner_nlportid &&
6331 info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
6332 wdev->conn_owner_nlportid != info->snd_portid) {
6333 err = -EINVAL;
6334 goto out;
6335 }
6336
6337 /* FIXME: validate MLO/link-id against driver capabilities */
6338
6339 err = rdev_start_ap(rdev, dev, params);
6340 if (!err) {
6341 wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
6342 wdev->links[link_id].ap.chandef = params->chandef;
6343 wdev->u.ap.ssid_len = params->ssid_len;
6344 memcpy(wdev->u.ap.ssid, params->ssid,
6345 params->ssid_len);
6346
6347 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6348 wdev->conn_owner_nlportid = info->snd_portid;
6349
6350 nl80211_send_ap_started(wdev, link_id);
6351 }
6352 out:
6353 kfree(params->acl);
6354 kfree(params->beacon.mbssid_ies);
6355 if (params->mbssid_config.tx_wdev &&
6356 params->mbssid_config.tx_wdev->netdev &&
6357 params->mbssid_config.tx_wdev->netdev != dev)
6358 dev_put(params->mbssid_config.tx_wdev->netdev);
6359 kfree(params->beacon.rnr_ies);
6360 kfree(params);
6361
6362 return err;
6363 }
6364
nl80211_set_beacon(struct sk_buff * skb,struct genl_info * info)6365 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
6366 {
6367 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6368 struct cfg80211_beaconing_check_config beacon_check = {};
6369 unsigned int link_id = nl80211_link_id(info->attrs);
6370 struct net_device *dev = info->user_ptr[1];
6371 struct wireless_dev *wdev = dev->ieee80211_ptr;
6372 struct cfg80211_ap_update *params;
6373 struct nlattr *attr;
6374 int err;
6375
6376 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6377 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6378 return -EOPNOTSUPP;
6379
6380 if (!rdev->ops->change_beacon)
6381 return -EOPNOTSUPP;
6382
6383 if (!wdev->links[link_id].ap.beacon_interval)
6384 return -EINVAL;
6385
6386 params = kzalloc(sizeof(*params), GFP_KERNEL);
6387 if (!params)
6388 return -ENOMEM;
6389
6390 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6391 info->extack);
6392 if (err)
6393 goto out;
6394
6395 /* recheck beaconing is permitted with possibly changed power type */
6396 beacon_check.iftype = wdev->iftype;
6397 beacon_check.relax = true;
6398 beacon_check.reg_power =
6399 cfg80211_get_6ghz_power_type(params->beacon.tail,
6400 params->beacon.tail_len);
6401 if (!cfg80211_reg_check_beaconing(&rdev->wiphy,
6402 &wdev->links[link_id].ap.chandef,
6403 &beacon_check)) {
6404 err = -EINVAL;
6405 goto out;
6406 }
6407
6408 attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
6409 if (attr) {
6410 err = nl80211_parse_fils_discovery(rdev, attr,
6411 ¶ms->fils_discovery);
6412 if (err)
6413 goto out;
6414 }
6415
6416 attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
6417 if (attr) {
6418 err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
6419 ¶ms->unsol_bcast_probe_resp);
6420 if (err)
6421 goto out;
6422 }
6423
6424 err = rdev_change_beacon(rdev, dev, params);
6425
6426 out:
6427 kfree(params->beacon.mbssid_ies);
6428 kfree(params->beacon.rnr_ies);
6429 kfree(params);
6430 return err;
6431 }
6432
nl80211_stop_ap(struct sk_buff * skb,struct genl_info * info)6433 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
6434 {
6435 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6436 unsigned int link_id = nl80211_link_id(info->attrs);
6437 struct net_device *dev = info->user_ptr[1];
6438
6439 return cfg80211_stop_ap(rdev, dev, link_id, false);
6440 }
6441
6442 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
6443 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
6444 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
6445 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
6446 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
6447 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
6448 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
6449 };
6450
parse_station_flags(struct genl_info * info,enum nl80211_iftype iftype,struct station_parameters * params)6451 static int parse_station_flags(struct genl_info *info,
6452 enum nl80211_iftype iftype,
6453 struct station_parameters *params)
6454 {
6455 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
6456 struct nlattr *nla;
6457 int flag;
6458
6459 /*
6460 * Try parsing the new attribute first so userspace
6461 * can specify both for older kernels.
6462 */
6463 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
6464 if (nla) {
6465 struct nl80211_sta_flag_update *sta_flags;
6466
6467 sta_flags = nla_data(nla);
6468 params->sta_flags_mask = sta_flags->mask;
6469 params->sta_flags_set = sta_flags->set;
6470 params->sta_flags_set &= params->sta_flags_mask;
6471 if ((params->sta_flags_mask |
6472 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
6473 return -EINVAL;
6474 return 0;
6475 }
6476
6477 /* if present, parse the old attribute */
6478
6479 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
6480 if (!nla)
6481 return 0;
6482
6483 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
6484 return -EINVAL;
6485
6486 /*
6487 * Only allow certain flags for interface types so that
6488 * other attributes are silently ignored. Remember that
6489 * this is backward compatibility code with old userspace
6490 * and shouldn't be hit in other cases anyway.
6491 */
6492 switch (iftype) {
6493 case NL80211_IFTYPE_AP:
6494 case NL80211_IFTYPE_AP_VLAN:
6495 case NL80211_IFTYPE_P2P_GO:
6496 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6497 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6498 BIT(NL80211_STA_FLAG_WME) |
6499 BIT(NL80211_STA_FLAG_MFP);
6500 break;
6501 case NL80211_IFTYPE_P2P_CLIENT:
6502 case NL80211_IFTYPE_STATION:
6503 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
6504 BIT(NL80211_STA_FLAG_TDLS_PEER);
6505 break;
6506 case NL80211_IFTYPE_MESH_POINT:
6507 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6508 BIT(NL80211_STA_FLAG_MFP) |
6509 BIT(NL80211_STA_FLAG_AUTHORIZED);
6510 break;
6511 default:
6512 return -EINVAL;
6513 }
6514
6515 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
6516 if (flags[flag]) {
6517 params->sta_flags_set |= (1<<flag);
6518
6519 /* no longer support new API additions in old API */
6520 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
6521 return -EINVAL;
6522 }
6523 }
6524
6525 return 0;
6526 }
6527
nl80211_put_sta_rate(struct sk_buff * msg,struct rate_info * info,int attr)6528 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
6529 {
6530 struct nlattr *rate;
6531 u32 bitrate;
6532 u16 bitrate_compat;
6533 enum nl80211_rate_info rate_flg;
6534
6535 rate = nla_nest_start_noflag(msg, attr);
6536 if (!rate)
6537 return false;
6538
6539 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
6540 bitrate = cfg80211_calculate_bitrate(info);
6541 /* report 16-bit bitrate only if we can */
6542 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
6543 if (bitrate > 0 &&
6544 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
6545 return false;
6546 if (bitrate_compat > 0 &&
6547 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
6548 return false;
6549
6550 switch (info->bw) {
6551 case RATE_INFO_BW_1:
6552 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
6553 break;
6554 case RATE_INFO_BW_2:
6555 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
6556 break;
6557 case RATE_INFO_BW_4:
6558 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
6559 break;
6560 case RATE_INFO_BW_5:
6561 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
6562 break;
6563 case RATE_INFO_BW_8:
6564 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
6565 break;
6566 case RATE_INFO_BW_10:
6567 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
6568 break;
6569 case RATE_INFO_BW_16:
6570 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
6571 break;
6572 default:
6573 WARN_ON(1);
6574 fallthrough;
6575 case RATE_INFO_BW_20:
6576 rate_flg = 0;
6577 break;
6578 case RATE_INFO_BW_40:
6579 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
6580 break;
6581 case RATE_INFO_BW_80:
6582 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
6583 break;
6584 case RATE_INFO_BW_160:
6585 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
6586 break;
6587 case RATE_INFO_BW_HE_RU:
6588 rate_flg = 0;
6589 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
6590 break;
6591 case RATE_INFO_BW_320:
6592 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
6593 break;
6594 case RATE_INFO_BW_EHT_RU:
6595 rate_flg = 0;
6596 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS));
6597 break;
6598 }
6599
6600 if (rate_flg && nla_put_flag(msg, rate_flg))
6601 return false;
6602
6603 if (info->flags & RATE_INFO_FLAGS_MCS) {
6604 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
6605 return false;
6606 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6607 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6608 return false;
6609 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
6610 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
6611 return false;
6612 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
6613 return false;
6614 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6615 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6616 return false;
6617 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
6618 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
6619 return false;
6620 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
6621 return false;
6622 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
6623 return false;
6624 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
6625 return false;
6626 if (info->bw == RATE_INFO_BW_HE_RU &&
6627 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
6628 info->he_ru_alloc))
6629 return false;
6630 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
6631 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
6632 return false;
6633 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
6634 return false;
6635 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
6636 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
6637 return false;
6638 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
6639 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
6640 return false;
6641 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
6642 return false;
6643 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
6644 return false;
6645 if (info->bw == RATE_INFO_BW_EHT_RU &&
6646 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
6647 info->eht_ru_alloc))
6648 return false;
6649 }
6650
6651 nla_nest_end(msg, rate);
6652 return true;
6653 }
6654
nl80211_put_signal(struct sk_buff * msg,u8 mask,s8 * signal,int id)6655 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
6656 int id)
6657 {
6658 void *attr;
6659 int i = 0;
6660
6661 if (!mask)
6662 return true;
6663
6664 attr = nla_nest_start_noflag(msg, id);
6665 if (!attr)
6666 return false;
6667
6668 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
6669 if (!(mask & BIT(i)))
6670 continue;
6671
6672 if (nla_put_u8(msg, i, signal[i]))
6673 return false;
6674 }
6675
6676 nla_nest_end(msg, attr);
6677
6678 return true;
6679 }
6680
nl80211_send_station(struct sk_buff * msg,u32 cmd,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo)6681 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
6682 u32 seq, int flags,
6683 struct cfg80211_registered_device *rdev,
6684 struct net_device *dev,
6685 const u8 *mac_addr, struct station_info *sinfo)
6686 {
6687 void *hdr;
6688 struct nlattr *sinfoattr, *bss_param;
6689
6690 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
6691 if (!hdr) {
6692 cfg80211_sinfo_release_content(sinfo);
6693 return -1;
6694 }
6695
6696 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6697 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
6698 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
6699 goto nla_put_failure;
6700
6701 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
6702 if (!sinfoattr)
6703 goto nla_put_failure;
6704
6705 #define PUT_SINFO(attr, memb, type) do { \
6706 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
6707 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6708 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
6709 sinfo->memb)) \
6710 goto nla_put_failure; \
6711 } while (0)
6712 #define PUT_SINFO_U64(attr, memb) do { \
6713 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
6714 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
6715 sinfo->memb, NL80211_STA_INFO_PAD)) \
6716 goto nla_put_failure; \
6717 } while (0)
6718
6719 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
6720 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
6721 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
6722
6723 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
6724 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
6725 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
6726 (u32)sinfo->rx_bytes))
6727 goto nla_put_failure;
6728
6729 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
6730 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
6731 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
6732 (u32)sinfo->tx_bytes))
6733 goto nla_put_failure;
6734
6735 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
6736 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
6737 PUT_SINFO(LLID, llid, u16);
6738 PUT_SINFO(PLID, plid, u16);
6739 PUT_SINFO(PLINK_STATE, plink_state, u8);
6740 PUT_SINFO_U64(RX_DURATION, rx_duration);
6741 PUT_SINFO_U64(TX_DURATION, tx_duration);
6742
6743 if (wiphy_ext_feature_isset(&rdev->wiphy,
6744 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6745 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
6746
6747 switch (rdev->wiphy.signal_type) {
6748 case CFG80211_SIGNAL_TYPE_MBM:
6749 PUT_SINFO(SIGNAL, signal, u8);
6750 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
6751 break;
6752 default:
6753 break;
6754 }
6755 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
6756 if (!nl80211_put_signal(msg, sinfo->chains,
6757 sinfo->chain_signal,
6758 NL80211_STA_INFO_CHAIN_SIGNAL))
6759 goto nla_put_failure;
6760 }
6761 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
6762 if (!nl80211_put_signal(msg, sinfo->chains,
6763 sinfo->chain_signal_avg,
6764 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
6765 goto nla_put_failure;
6766 }
6767 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
6768 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
6769 NL80211_STA_INFO_TX_BITRATE))
6770 goto nla_put_failure;
6771 }
6772 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
6773 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
6774 NL80211_STA_INFO_RX_BITRATE))
6775 goto nla_put_failure;
6776 }
6777
6778 PUT_SINFO(RX_PACKETS, rx_packets, u32);
6779 PUT_SINFO(TX_PACKETS, tx_packets, u32);
6780 PUT_SINFO(TX_RETRIES, tx_retries, u32);
6781 PUT_SINFO(TX_FAILED, tx_failed, u32);
6782 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
6783 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
6784 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
6785 PUT_SINFO(LOCAL_PM, local_pm, u32);
6786 PUT_SINFO(PEER_PM, peer_pm, u32);
6787 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
6788 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
6789 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
6790
6791 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
6792 bss_param = nla_nest_start_noflag(msg,
6793 NL80211_STA_INFO_BSS_PARAM);
6794 if (!bss_param)
6795 goto nla_put_failure;
6796
6797 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
6798 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
6799 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
6800 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
6801 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
6802 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
6803 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
6804 sinfo->bss_param.dtim_period) ||
6805 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
6806 sinfo->bss_param.beacon_interval))
6807 goto nla_put_failure;
6808
6809 nla_nest_end(msg, bss_param);
6810 }
6811 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
6812 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
6813 sizeof(struct nl80211_sta_flag_update),
6814 &sinfo->sta_flags))
6815 goto nla_put_failure;
6816
6817 PUT_SINFO_U64(T_OFFSET, t_offset);
6818 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
6819 PUT_SINFO_U64(BEACON_RX, rx_beacon);
6820 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
6821 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
6822 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
6823 if (wiphy_ext_feature_isset(&rdev->wiphy,
6824 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
6825 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
6826 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
6827 }
6828
6829 #undef PUT_SINFO
6830 #undef PUT_SINFO_U64
6831
6832 if (sinfo->pertid) {
6833 struct nlattr *tidsattr;
6834 int tid;
6835
6836 tidsattr = nla_nest_start_noflag(msg,
6837 NL80211_STA_INFO_TID_STATS);
6838 if (!tidsattr)
6839 goto nla_put_failure;
6840
6841 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
6842 struct cfg80211_tid_stats *tidstats;
6843 struct nlattr *tidattr;
6844
6845 tidstats = &sinfo->pertid[tid];
6846
6847 if (!tidstats->filled)
6848 continue;
6849
6850 tidattr = nla_nest_start_noflag(msg, tid + 1);
6851 if (!tidattr)
6852 goto nla_put_failure;
6853
6854 #define PUT_TIDVAL_U64(attr, memb) do { \
6855 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
6856 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
6857 tidstats->memb, NL80211_TID_STATS_PAD)) \
6858 goto nla_put_failure; \
6859 } while (0)
6860
6861 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
6862 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
6863 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
6864 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
6865
6866 #undef PUT_TIDVAL_U64
6867 if ((tidstats->filled &
6868 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
6869 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
6870 NL80211_TID_STATS_TXQ_STATS))
6871 goto nla_put_failure;
6872
6873 nla_nest_end(msg, tidattr);
6874 }
6875
6876 nla_nest_end(msg, tidsattr);
6877 }
6878
6879 nla_nest_end(msg, sinfoattr);
6880
6881 if (sinfo->assoc_req_ies_len &&
6882 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
6883 sinfo->assoc_req_ies))
6884 goto nla_put_failure;
6885
6886 if (sinfo->assoc_resp_ies_len &&
6887 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
6888 sinfo->assoc_resp_ies))
6889 goto nla_put_failure;
6890
6891 if (sinfo->mlo_params_valid) {
6892 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
6893 sinfo->assoc_link_id))
6894 goto nla_put_failure;
6895
6896 if (!is_zero_ether_addr(sinfo->mld_addr) &&
6897 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
6898 sinfo->mld_addr))
6899 goto nla_put_failure;
6900 }
6901
6902 cfg80211_sinfo_release_content(sinfo);
6903 genlmsg_end(msg, hdr);
6904 return 0;
6905
6906 nla_put_failure:
6907 cfg80211_sinfo_release_content(sinfo);
6908 genlmsg_cancel(msg, hdr);
6909 return -EMSGSIZE;
6910 }
6911
nl80211_dump_station(struct sk_buff * skb,struct netlink_callback * cb)6912 static int nl80211_dump_station(struct sk_buff *skb,
6913 struct netlink_callback *cb)
6914 {
6915 struct station_info sinfo;
6916 struct cfg80211_registered_device *rdev;
6917 struct wireless_dev *wdev;
6918 u8 mac_addr[ETH_ALEN];
6919 int sta_idx = cb->args[2];
6920 int err;
6921
6922 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
6923 if (err)
6924 return err;
6925 /* nl80211_prepare_wdev_dump acquired it in the successful case */
6926 __acquire(&rdev->wiphy.mtx);
6927
6928 if (!wdev->netdev) {
6929 err = -EINVAL;
6930 goto out_err;
6931 }
6932
6933 if (!rdev->ops->dump_station) {
6934 err = -EOPNOTSUPP;
6935 goto out_err;
6936 }
6937
6938 while (1) {
6939 memset(&sinfo, 0, sizeof(sinfo));
6940 err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
6941 mac_addr, &sinfo);
6942 if (err == -ENOENT)
6943 break;
6944 if (err)
6945 goto out_err;
6946
6947 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6948 NETLINK_CB(cb->skb).portid,
6949 cb->nlh->nlmsg_seq, NLM_F_MULTI,
6950 rdev, wdev->netdev, mac_addr,
6951 &sinfo) < 0)
6952 goto out;
6953
6954 sta_idx++;
6955 }
6956
6957 out:
6958 cb->args[2] = sta_idx;
6959 err = skb->len;
6960 out_err:
6961 wiphy_unlock(&rdev->wiphy);
6962
6963 return err;
6964 }
6965
nl80211_get_station(struct sk_buff * skb,struct genl_info * info)6966 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6967 {
6968 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6969 struct net_device *dev = info->user_ptr[1];
6970 struct station_info sinfo;
6971 struct sk_buff *msg;
6972 u8 *mac_addr = NULL;
6973 int err;
6974
6975 memset(&sinfo, 0, sizeof(sinfo));
6976
6977 if (!info->attrs[NL80211_ATTR_MAC])
6978 return -EINVAL;
6979
6980 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6981
6982 if (!rdev->ops->get_station)
6983 return -EOPNOTSUPP;
6984
6985 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
6986 if (err)
6987 return err;
6988
6989 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6990 if (!msg) {
6991 cfg80211_sinfo_release_content(&sinfo);
6992 return -ENOMEM;
6993 }
6994
6995 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
6996 info->snd_portid, info->snd_seq, 0,
6997 rdev, dev, mac_addr, &sinfo) < 0) {
6998 nlmsg_free(msg);
6999 return -ENOBUFS;
7000 }
7001
7002 return genlmsg_reply(msg, info);
7003 }
7004
cfg80211_check_station_change(struct wiphy * wiphy,struct station_parameters * params,enum cfg80211_station_type statype)7005 int cfg80211_check_station_change(struct wiphy *wiphy,
7006 struct station_parameters *params,
7007 enum cfg80211_station_type statype)
7008 {
7009 if (params->listen_interval != -1 &&
7010 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7011 return -EINVAL;
7012
7013 if (params->support_p2p_ps != -1 &&
7014 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7015 return -EINVAL;
7016
7017 if (params->aid &&
7018 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
7019 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
7020 return -EINVAL;
7021
7022 /* When you run into this, adjust the code below for the new flag */
7023 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7024
7025 switch (statype) {
7026 case CFG80211_STA_MESH_PEER_KERNEL:
7027 case CFG80211_STA_MESH_PEER_USER:
7028 /*
7029 * No ignoring the TDLS flag here -- the userspace mesh
7030 * code doesn't have the bug of including TDLS in the
7031 * mask everywhere.
7032 */
7033 if (params->sta_flags_mask &
7034 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7035 BIT(NL80211_STA_FLAG_MFP) |
7036 BIT(NL80211_STA_FLAG_AUTHORIZED)))
7037 return -EINVAL;
7038 break;
7039 case CFG80211_STA_TDLS_PEER_SETUP:
7040 case CFG80211_STA_TDLS_PEER_ACTIVE:
7041 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7042 return -EINVAL;
7043 /* ignore since it can't change */
7044 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7045 break;
7046 default:
7047 /* disallow mesh-specific things */
7048 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
7049 return -EINVAL;
7050 if (params->local_pm)
7051 return -EINVAL;
7052 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7053 return -EINVAL;
7054 }
7055
7056 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7057 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
7058 /* TDLS can't be set, ... */
7059 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
7060 return -EINVAL;
7061 /*
7062 * ... but don't bother the driver with it. This works around
7063 * a hostapd/wpa_supplicant issue -- it always includes the
7064 * TLDS_PEER flag in the mask even for AP mode.
7065 */
7066 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7067 }
7068
7069 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
7070 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7071 /* reject other things that can't change */
7072 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
7073 return -EINVAL;
7074 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
7075 return -EINVAL;
7076 if (params->link_sta_params.supported_rates)
7077 return -EINVAL;
7078 if (params->ext_capab || params->link_sta_params.ht_capa ||
7079 params->link_sta_params.vht_capa ||
7080 params->link_sta_params.he_capa ||
7081 params->link_sta_params.eht_capa)
7082 return -EINVAL;
7083 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7084 return -EINVAL;
7085 }
7086
7087 if (statype != CFG80211_STA_AP_CLIENT &&
7088 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
7089 if (params->vlan)
7090 return -EINVAL;
7091 }
7092
7093 switch (statype) {
7094 case CFG80211_STA_AP_MLME_CLIENT:
7095 /* Use this only for authorizing/unauthorizing a station */
7096 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
7097 return -EOPNOTSUPP;
7098 break;
7099 case CFG80211_STA_AP_CLIENT:
7100 case CFG80211_STA_AP_CLIENT_UNASSOC:
7101 /* accept only the listed bits */
7102 if (params->sta_flags_mask &
7103 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7104 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7105 BIT(NL80211_STA_FLAG_ASSOCIATED) |
7106 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
7107 BIT(NL80211_STA_FLAG_WME) |
7108 BIT(NL80211_STA_FLAG_MFP) |
7109 BIT(NL80211_STA_FLAG_SPP_AMSDU)))
7110 return -EINVAL;
7111
7112 /* but authenticated/associated only if driver handles it */
7113 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7114 params->sta_flags_mask &
7115 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7116 BIT(NL80211_STA_FLAG_ASSOCIATED)))
7117 return -EINVAL;
7118 break;
7119 case CFG80211_STA_IBSS:
7120 case CFG80211_STA_AP_STA:
7121 /* reject any changes other than AUTHORIZED */
7122 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
7123 return -EINVAL;
7124 break;
7125 case CFG80211_STA_TDLS_PEER_SETUP:
7126 /* reject any changes other than AUTHORIZED or WME */
7127 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
7128 BIT(NL80211_STA_FLAG_WME)))
7129 return -EINVAL;
7130 /* force (at least) rates when authorizing */
7131 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
7132 !params->link_sta_params.supported_rates)
7133 return -EINVAL;
7134 break;
7135 case CFG80211_STA_TDLS_PEER_ACTIVE:
7136 /* reject any changes */
7137 return -EINVAL;
7138 case CFG80211_STA_MESH_PEER_KERNEL:
7139 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
7140 return -EINVAL;
7141 break;
7142 case CFG80211_STA_MESH_PEER_USER:
7143 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
7144 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
7145 return -EINVAL;
7146 break;
7147 }
7148
7149 /*
7150 * Older kernel versions ignored this attribute entirely, so don't
7151 * reject attempts to update it but mark it as unused instead so the
7152 * driver won't look at the data.
7153 */
7154 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
7155 statype != CFG80211_STA_TDLS_PEER_SETUP)
7156 params->link_sta_params.opmode_notif_used = false;
7157
7158 return 0;
7159 }
7160 EXPORT_SYMBOL(cfg80211_check_station_change);
7161
7162 /*
7163 * Get vlan interface making sure it is running and on the right wiphy.
7164 */
get_vlan(struct genl_info * info,struct cfg80211_registered_device * rdev)7165 static struct net_device *get_vlan(struct genl_info *info,
7166 struct cfg80211_registered_device *rdev)
7167 {
7168 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
7169 struct net_device *v;
7170 int ret;
7171
7172 if (!vlanattr)
7173 return NULL;
7174
7175 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
7176 if (!v)
7177 return ERR_PTR(-ENODEV);
7178
7179 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
7180 ret = -EINVAL;
7181 goto error;
7182 }
7183
7184 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
7185 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7186 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7187 ret = -EINVAL;
7188 goto error;
7189 }
7190
7191 if (!netif_running(v)) {
7192 ret = -ENETDOWN;
7193 goto error;
7194 }
7195
7196 return v;
7197 error:
7198 dev_put(v);
7199 return ERR_PTR(ret);
7200 }
7201
nl80211_parse_sta_wme(struct genl_info * info,struct station_parameters * params)7202 static int nl80211_parse_sta_wme(struct genl_info *info,
7203 struct station_parameters *params)
7204 {
7205 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
7206 struct nlattr *nla;
7207 int err;
7208
7209 /* parse WME attributes if present */
7210 if (!info->attrs[NL80211_ATTR_STA_WME])
7211 return 0;
7212
7213 nla = info->attrs[NL80211_ATTR_STA_WME];
7214 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
7215 nl80211_sta_wme_policy,
7216 info->extack);
7217 if (err)
7218 return err;
7219
7220 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
7221 params->uapsd_queues = nla_get_u8(
7222 tb[NL80211_STA_WME_UAPSD_QUEUES]);
7223 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
7224 return -EINVAL;
7225
7226 if (tb[NL80211_STA_WME_MAX_SP])
7227 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
7228
7229 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
7230 return -EINVAL;
7231
7232 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
7233
7234 return 0;
7235 }
7236
nl80211_parse_sta_channel_info(struct genl_info * info,struct station_parameters * params)7237 static int nl80211_parse_sta_channel_info(struct genl_info *info,
7238 struct station_parameters *params)
7239 {
7240 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
7241 params->supported_channels =
7242 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7243 params->supported_channels_len =
7244 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
7245 /*
7246 * Need to include at least one (first channel, number of
7247 * channels) tuple for each subband (checked in policy),
7248 * and must have proper tuples for the rest of the data as well.
7249 */
7250 if (params->supported_channels_len % 2)
7251 return -EINVAL;
7252 }
7253
7254 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
7255 params->supported_oper_classes =
7256 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7257 params->supported_oper_classes_len =
7258 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
7259 }
7260 return 0;
7261 }
7262
nl80211_set_station_tdls(struct genl_info * info,struct station_parameters * params)7263 static int nl80211_set_station_tdls(struct genl_info *info,
7264 struct station_parameters *params)
7265 {
7266 int err;
7267 /* Dummy STA entry gets updated once the peer capabilities are known */
7268 if (info->attrs[NL80211_ATTR_PEER_AID])
7269 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7270 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7271 params->link_sta_params.ht_capa =
7272 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7273 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7274 params->link_sta_params.vht_capa =
7275 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7276 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7277 params->link_sta_params.he_capa =
7278 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7279 params->link_sta_params.he_capa_len =
7280 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7281
7282 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7283 params->link_sta_params.eht_capa =
7284 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7285 params->link_sta_params.eht_capa_len =
7286 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7287
7288 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
7289 (const u8 *)params->link_sta_params.eht_capa,
7290 params->link_sta_params.eht_capa_len,
7291 false))
7292 return -EINVAL;
7293 }
7294 }
7295
7296 err = nl80211_parse_sta_channel_info(info, params);
7297 if (err)
7298 return err;
7299
7300 return nl80211_parse_sta_wme(info, params);
7301 }
7302
nl80211_parse_sta_txpower_setting(struct genl_info * info,struct sta_txpwr * txpwr,bool * txpwr_set)7303 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
7304 struct sta_txpwr *txpwr,
7305 bool *txpwr_set)
7306 {
7307 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7308 int idx;
7309
7310 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
7311 if (!rdev->ops->set_tx_power ||
7312 !wiphy_ext_feature_isset(&rdev->wiphy,
7313 NL80211_EXT_FEATURE_STA_TX_PWR))
7314 return -EOPNOTSUPP;
7315
7316 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
7317 txpwr->type = nla_get_u8(info->attrs[idx]);
7318
7319 if (txpwr->type == NL80211_TX_POWER_LIMITED) {
7320 idx = NL80211_ATTR_STA_TX_POWER;
7321
7322 if (info->attrs[idx])
7323 txpwr->power = nla_get_s16(info->attrs[idx]);
7324 else
7325 return -EINVAL;
7326 }
7327
7328 *txpwr_set = true;
7329 } else {
7330 *txpwr_set = false;
7331 }
7332
7333 return 0;
7334 }
7335
nl80211_set_station(struct sk_buff * skb,struct genl_info * info)7336 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
7337 {
7338 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7339 struct net_device *dev = info->user_ptr[1];
7340 struct station_parameters params;
7341 u8 *mac_addr;
7342 int err;
7343
7344 memset(¶ms, 0, sizeof(params));
7345
7346 if (!rdev->ops->change_station)
7347 return -EOPNOTSUPP;
7348
7349 /*
7350 * AID and listen_interval properties can be set only for unassociated
7351 * station. Include these parameters here and will check them in
7352 * cfg80211_check_station_change().
7353 */
7354 if (info->attrs[NL80211_ATTR_STA_AID])
7355 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7356
7357 if (info->attrs[NL80211_ATTR_VLAN_ID])
7358 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7359
7360 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7361 params.listen_interval =
7362 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7363 else
7364 params.listen_interval = -1;
7365
7366 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
7367 params.support_p2p_ps =
7368 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7369 else
7370 params.support_p2p_ps = -1;
7371
7372 if (!info->attrs[NL80211_ATTR_MAC])
7373 return -EINVAL;
7374
7375 params.link_sta_params.link_id =
7376 nl80211_link_id_or_invalid(info->attrs);
7377
7378 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7379 /* If MLD_ADDR attribute is set then this is an MLD station
7380 * and the MLD_ADDR attribute holds the MLD address and the
7381 * MAC attribute holds for the LINK address.
7382 * In that case, the link_id is also expected to be valid.
7383 */
7384 if (params.link_sta_params.link_id < 0)
7385 return -EINVAL;
7386
7387 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7388 params.link_sta_params.mld_mac = mac_addr;
7389 params.link_sta_params.link_mac =
7390 nla_data(info->attrs[NL80211_ATTR_MAC]);
7391 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7392 return -EINVAL;
7393 } else {
7394 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7395 }
7396
7397
7398 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
7399 params.link_sta_params.supported_rates =
7400 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7401 params.link_sta_params.supported_rates_len =
7402 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7403 }
7404
7405 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7406 params.capability =
7407 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7408 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7409 }
7410
7411 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7412 params.ext_capab =
7413 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7414 params.ext_capab_len =
7415 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7416 }
7417
7418 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
7419 return -EINVAL;
7420
7421 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7422 params.plink_action =
7423 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7424
7425 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
7426 params.plink_state =
7427 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
7428 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
7429 params.peer_aid = nla_get_u16(
7430 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
7431 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
7432 }
7433
7434 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
7435 params.local_pm = nla_get_u32(
7436 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
7437
7438 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7439 params.link_sta_params.opmode_notif_used = true;
7440 params.link_sta_params.opmode_notif =
7441 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7442 }
7443
7444 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7445 params.link_sta_params.he_6ghz_capa =
7446 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7447
7448 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7449 params.airtime_weight =
7450 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7451
7452 if (params.airtime_weight &&
7453 !wiphy_ext_feature_isset(&rdev->wiphy,
7454 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7455 return -EOPNOTSUPP;
7456
7457 err = nl80211_parse_sta_txpower_setting(info,
7458 ¶ms.link_sta_params.txpwr,
7459 ¶ms.link_sta_params.txpwr_set);
7460 if (err)
7461 return err;
7462
7463 /* Include parameters for TDLS peer (will check later) */
7464 err = nl80211_set_station_tdls(info, ¶ms);
7465 if (err)
7466 return err;
7467
7468 params.vlan = get_vlan(info, rdev);
7469 if (IS_ERR(params.vlan))
7470 return PTR_ERR(params.vlan);
7471
7472 switch (dev->ieee80211_ptr->iftype) {
7473 case NL80211_IFTYPE_AP:
7474 case NL80211_IFTYPE_AP_VLAN:
7475 case NL80211_IFTYPE_P2P_GO:
7476 case NL80211_IFTYPE_P2P_CLIENT:
7477 case NL80211_IFTYPE_STATION:
7478 case NL80211_IFTYPE_ADHOC:
7479 case NL80211_IFTYPE_MESH_POINT:
7480 break;
7481 default:
7482 err = -EOPNOTSUPP;
7483 goto out_put_vlan;
7484 }
7485
7486 /* driver will call cfg80211_check_station_change() */
7487 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
7488
7489 out_put_vlan:
7490 dev_put(params.vlan);
7491
7492 return err;
7493 }
7494
nl80211_new_station(struct sk_buff * skb,struct genl_info * info)7495 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
7496 {
7497 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7498 int err;
7499 struct net_device *dev = info->user_ptr[1];
7500 struct wireless_dev *wdev = dev->ieee80211_ptr;
7501 struct station_parameters params;
7502 u8 *mac_addr = NULL;
7503 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7504 BIT(NL80211_STA_FLAG_ASSOCIATED);
7505
7506 memset(¶ms, 0, sizeof(params));
7507
7508 if (!rdev->ops->add_station)
7509 return -EOPNOTSUPP;
7510
7511 if (!info->attrs[NL80211_ATTR_MAC])
7512 return -EINVAL;
7513
7514 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
7515 return -EINVAL;
7516
7517 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
7518 return -EINVAL;
7519
7520 if (!info->attrs[NL80211_ATTR_STA_AID] &&
7521 !info->attrs[NL80211_ATTR_PEER_AID])
7522 return -EINVAL;
7523
7524 params.link_sta_params.link_id =
7525 nl80211_link_id_or_invalid(info->attrs);
7526
7527 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
7528 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
7529 params.link_sta_params.mld_mac = mac_addr;
7530 params.link_sta_params.link_mac =
7531 nla_data(info->attrs[NL80211_ATTR_MAC]);
7532 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
7533 return -EINVAL;
7534 } else {
7535 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7536 }
7537
7538 params.link_sta_params.supported_rates =
7539 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7540 params.link_sta_params.supported_rates_len =
7541 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
7542 params.listen_interval =
7543 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
7544
7545 if (info->attrs[NL80211_ATTR_VLAN_ID])
7546 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
7547
7548 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
7549 params.support_p2p_ps =
7550 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
7551 } else {
7552 /*
7553 * if not specified, assume it's supported for P2P GO interface,
7554 * and is NOT supported for AP interface
7555 */
7556 params.support_p2p_ps =
7557 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
7558 }
7559
7560 if (info->attrs[NL80211_ATTR_PEER_AID])
7561 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
7562 else
7563 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
7564
7565 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
7566 params.capability =
7567 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
7568 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
7569 }
7570
7571 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
7572 params.ext_capab =
7573 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7574 params.ext_capab_len =
7575 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
7576 }
7577
7578 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
7579 params.link_sta_params.ht_capa =
7580 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
7581
7582 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
7583 params.link_sta_params.vht_capa =
7584 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
7585
7586 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
7587 params.link_sta_params.he_capa =
7588 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7589 params.link_sta_params.he_capa_len =
7590 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
7591
7592 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
7593 params.link_sta_params.eht_capa =
7594 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7595 params.link_sta_params.eht_capa_len =
7596 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
7597
7598 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
7599 (const u8 *)params.link_sta_params.eht_capa,
7600 params.link_sta_params.eht_capa_len,
7601 false))
7602 return -EINVAL;
7603 }
7604 }
7605
7606 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
7607 params.link_sta_params.he_6ghz_capa =
7608 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
7609
7610 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
7611 params.link_sta_params.opmode_notif_used = true;
7612 params.link_sta_params.opmode_notif =
7613 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
7614 }
7615
7616 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
7617 params.plink_action =
7618 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
7619
7620 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
7621 params.airtime_weight =
7622 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
7623
7624 if (params.airtime_weight &&
7625 !wiphy_ext_feature_isset(&rdev->wiphy,
7626 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7627 return -EOPNOTSUPP;
7628
7629 err = nl80211_parse_sta_txpower_setting(info,
7630 ¶ms.link_sta_params.txpwr,
7631 ¶ms.link_sta_params.txpwr_set);
7632 if (err)
7633 return err;
7634
7635 err = nl80211_parse_sta_channel_info(info, ¶ms);
7636 if (err)
7637 return err;
7638
7639 err = nl80211_parse_sta_wme(info, ¶ms);
7640 if (err)
7641 return err;
7642
7643 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
7644 return -EINVAL;
7645
7646 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
7647 * as userspace might just pass through the capabilities from the IEs
7648 * directly, rather than enforcing this restriction and returning an
7649 * error in this case.
7650 */
7651 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
7652 params.link_sta_params.ht_capa = NULL;
7653 params.link_sta_params.vht_capa = NULL;
7654
7655 /* HE and EHT require WME */
7656 if (params.link_sta_params.he_capa_len ||
7657 params.link_sta_params.he_6ghz_capa ||
7658 params.link_sta_params.eht_capa_len)
7659 return -EINVAL;
7660 }
7661
7662 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
7663 if (params.link_sta_params.he_6ghz_capa &&
7664 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
7665 return -EINVAL;
7666
7667 /* When you run into this, adjust the code below for the new flag */
7668 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
7669
7670 switch (dev->ieee80211_ptr->iftype) {
7671 case NL80211_IFTYPE_AP:
7672 case NL80211_IFTYPE_AP_VLAN:
7673 case NL80211_IFTYPE_P2P_GO:
7674 /* ignore WME attributes if iface/sta is not capable */
7675 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
7676 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
7677 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7678
7679 /* TDLS peers cannot be added */
7680 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7681 info->attrs[NL80211_ATTR_PEER_AID])
7682 return -EINVAL;
7683 /* but don't bother the driver with it */
7684 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
7685
7686 /* allow authenticated/associated only if driver handles it */
7687 if (!(rdev->wiphy.features &
7688 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
7689 params.sta_flags_mask & auth_assoc)
7690 return -EINVAL;
7691
7692 if (!wiphy_ext_feature_isset(&rdev->wiphy,
7693 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
7694 params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
7695 return -EINVAL;
7696
7697 /* Older userspace, or userspace wanting to be compatible with
7698 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
7699 * and assoc flags in the mask, but assumes the station will be
7700 * added as associated anyway since this was the required driver
7701 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
7702 * introduced.
7703 * In order to not bother drivers with this quirk in the API
7704 * set the flags in both the mask and set for new stations in
7705 * this case.
7706 */
7707 if (!(params.sta_flags_mask & auth_assoc)) {
7708 params.sta_flags_mask |= auth_assoc;
7709 params.sta_flags_set |= auth_assoc;
7710 }
7711
7712 /* must be last in here for error handling */
7713 params.vlan = get_vlan(info, rdev);
7714 if (IS_ERR(params.vlan))
7715 return PTR_ERR(params.vlan);
7716 break;
7717 case NL80211_IFTYPE_MESH_POINT:
7718 /* ignore uAPSD data */
7719 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7720
7721 /* associated is disallowed */
7722 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
7723 return -EINVAL;
7724 /* TDLS peers cannot be added */
7725 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
7726 info->attrs[NL80211_ATTR_PEER_AID])
7727 return -EINVAL;
7728 break;
7729 case NL80211_IFTYPE_STATION:
7730 case NL80211_IFTYPE_P2P_CLIENT:
7731 /* ignore uAPSD data */
7732 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
7733
7734 /* these are disallowed */
7735 if (params.sta_flags_mask &
7736 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
7737 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
7738 return -EINVAL;
7739 /* Only TDLS peers can be added */
7740 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
7741 return -EINVAL;
7742 /* Can only add if TDLS ... */
7743 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
7744 return -EOPNOTSUPP;
7745 /* ... with external setup is supported */
7746 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
7747 return -EOPNOTSUPP;
7748 /*
7749 * Older wpa_supplicant versions always mark the TDLS peer
7750 * as authorized, but it shouldn't yet be.
7751 */
7752 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
7753 break;
7754 default:
7755 return -EOPNOTSUPP;
7756 }
7757
7758 /* be aware of params.vlan when changing code here */
7759
7760 if (wdev->valid_links) {
7761 if (params.link_sta_params.link_id < 0) {
7762 err = -EINVAL;
7763 goto out;
7764 }
7765 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
7766 err = -ENOLINK;
7767 goto out;
7768 }
7769 } else {
7770 if (params.link_sta_params.link_id >= 0) {
7771 err = -EINVAL;
7772 goto out;
7773 }
7774 }
7775 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
7776 out:
7777 dev_put(params.vlan);
7778 return err;
7779 }
7780
nl80211_del_station(struct sk_buff * skb,struct genl_info * info)7781 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
7782 {
7783 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7784 struct net_device *dev = info->user_ptr[1];
7785 struct wireless_dev *wdev = dev->ieee80211_ptr;
7786 struct station_del_parameters params;
7787 int link_id = nl80211_link_id_or_invalid(info->attrs);
7788
7789 memset(¶ms, 0, sizeof(params));
7790
7791 if (info->attrs[NL80211_ATTR_MAC])
7792 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
7793
7794 switch (wdev->iftype) {
7795 case NL80211_IFTYPE_AP:
7796 case NL80211_IFTYPE_AP_VLAN:
7797 case NL80211_IFTYPE_MESH_POINT:
7798 case NL80211_IFTYPE_P2P_GO:
7799 /* always accept these */
7800 break;
7801 case NL80211_IFTYPE_ADHOC:
7802 /* conditionally accept */
7803 if (wiphy_ext_feature_isset(&rdev->wiphy,
7804 NL80211_EXT_FEATURE_DEL_IBSS_STA))
7805 break;
7806 return -EINVAL;
7807 default:
7808 return -EINVAL;
7809 }
7810
7811 if (!rdev->ops->del_station)
7812 return -EOPNOTSUPP;
7813
7814 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
7815 params.subtype =
7816 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
7817 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
7818 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
7819 return -EINVAL;
7820 } else {
7821 /* Default to Deauthentication frame */
7822 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
7823 }
7824
7825 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
7826 params.reason_code =
7827 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7828 if (params.reason_code == 0)
7829 return -EINVAL; /* 0 is reserved */
7830 } else {
7831 /* Default to reason code 2 */
7832 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
7833 }
7834
7835 /* Link ID not expected in case of non-ML operation */
7836 if (!wdev->valid_links && link_id != -1)
7837 return -EINVAL;
7838
7839 /* If given, a valid link ID should be passed during MLO */
7840 if (wdev->valid_links && link_id >= 0 &&
7841 !(wdev->valid_links & BIT(link_id)))
7842 return -EINVAL;
7843
7844 params.link_id = link_id;
7845
7846 return rdev_del_station(rdev, dev, ¶ms);
7847 }
7848
nl80211_send_mpath(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,u8 * dst,u8 * next_hop,struct mpath_info * pinfo)7849 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
7850 int flags, struct net_device *dev,
7851 u8 *dst, u8 *next_hop,
7852 struct mpath_info *pinfo)
7853 {
7854 void *hdr;
7855 struct nlattr *pinfoattr;
7856
7857 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
7858 if (!hdr)
7859 return -1;
7860
7861 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7862 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
7863 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
7864 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
7865 goto nla_put_failure;
7866
7867 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
7868 if (!pinfoattr)
7869 goto nla_put_failure;
7870 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
7871 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
7872 pinfo->frame_qlen))
7873 goto nla_put_failure;
7874 if (((pinfo->filled & MPATH_INFO_SN) &&
7875 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
7876 ((pinfo->filled & MPATH_INFO_METRIC) &&
7877 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
7878 pinfo->metric)) ||
7879 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
7880 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
7881 pinfo->exptime)) ||
7882 ((pinfo->filled & MPATH_INFO_FLAGS) &&
7883 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
7884 pinfo->flags)) ||
7885 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
7886 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
7887 pinfo->discovery_timeout)) ||
7888 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
7889 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
7890 pinfo->discovery_retries)) ||
7891 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
7892 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
7893 pinfo->hop_count)) ||
7894 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
7895 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
7896 pinfo->path_change_count)))
7897 goto nla_put_failure;
7898
7899 nla_nest_end(msg, pinfoattr);
7900
7901 genlmsg_end(msg, hdr);
7902 return 0;
7903
7904 nla_put_failure:
7905 genlmsg_cancel(msg, hdr);
7906 return -EMSGSIZE;
7907 }
7908
nl80211_dump_mpath(struct sk_buff * skb,struct netlink_callback * cb)7909 static int nl80211_dump_mpath(struct sk_buff *skb,
7910 struct netlink_callback *cb)
7911 {
7912 struct mpath_info pinfo;
7913 struct cfg80211_registered_device *rdev;
7914 struct wireless_dev *wdev;
7915 u8 dst[ETH_ALEN];
7916 u8 next_hop[ETH_ALEN];
7917 int path_idx = cb->args[2];
7918 int err;
7919
7920 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
7921 if (err)
7922 return err;
7923 /* nl80211_prepare_wdev_dump acquired it in the successful case */
7924 __acquire(&rdev->wiphy.mtx);
7925
7926 if (!rdev->ops->dump_mpath) {
7927 err = -EOPNOTSUPP;
7928 goto out_err;
7929 }
7930
7931 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7932 err = -EOPNOTSUPP;
7933 goto out_err;
7934 }
7935
7936 while (1) {
7937 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
7938 next_hop, &pinfo);
7939 if (err == -ENOENT)
7940 break;
7941 if (err)
7942 goto out_err;
7943
7944 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7945 cb->nlh->nlmsg_seq, NLM_F_MULTI,
7946 wdev->netdev, dst, next_hop,
7947 &pinfo) < 0)
7948 goto out;
7949
7950 path_idx++;
7951 }
7952
7953 out:
7954 cb->args[2] = path_idx;
7955 err = skb->len;
7956 out_err:
7957 wiphy_unlock(&rdev->wiphy);
7958 return err;
7959 }
7960
nl80211_get_mpath(struct sk_buff * skb,struct genl_info * info)7961 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
7962 {
7963 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7964 int err;
7965 struct net_device *dev = info->user_ptr[1];
7966 struct mpath_info pinfo;
7967 struct sk_buff *msg;
7968 u8 *dst = NULL;
7969 u8 next_hop[ETH_ALEN];
7970
7971 memset(&pinfo, 0, sizeof(pinfo));
7972
7973 if (!info->attrs[NL80211_ATTR_MAC])
7974 return -EINVAL;
7975
7976 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7977
7978 if (!rdev->ops->get_mpath)
7979 return -EOPNOTSUPP;
7980
7981 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7982 return -EOPNOTSUPP;
7983
7984 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
7985 if (err)
7986 return err;
7987
7988 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7989 if (!msg)
7990 return -ENOMEM;
7991
7992 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
7993 dev, dst, next_hop, &pinfo) < 0) {
7994 nlmsg_free(msg);
7995 return -ENOBUFS;
7996 }
7997
7998 return genlmsg_reply(msg, info);
7999 }
8000
nl80211_set_mpath(struct sk_buff * skb,struct genl_info * info)8001 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
8002 {
8003 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8004 struct net_device *dev = info->user_ptr[1];
8005 u8 *dst = NULL;
8006 u8 *next_hop = NULL;
8007
8008 if (!info->attrs[NL80211_ATTR_MAC])
8009 return -EINVAL;
8010
8011 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8012 return -EINVAL;
8013
8014 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8015 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8016
8017 if (!rdev->ops->change_mpath)
8018 return -EOPNOTSUPP;
8019
8020 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8021 return -EOPNOTSUPP;
8022
8023 return rdev_change_mpath(rdev, dev, dst, next_hop);
8024 }
8025
nl80211_new_mpath(struct sk_buff * skb,struct genl_info * info)8026 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
8027 {
8028 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8029 struct net_device *dev = info->user_ptr[1];
8030 u8 *dst = NULL;
8031 u8 *next_hop = NULL;
8032
8033 if (!info->attrs[NL80211_ATTR_MAC])
8034 return -EINVAL;
8035
8036 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
8037 return -EINVAL;
8038
8039 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8040 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
8041
8042 if (!rdev->ops->add_mpath)
8043 return -EOPNOTSUPP;
8044
8045 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8046 return -EOPNOTSUPP;
8047
8048 return rdev_add_mpath(rdev, dev, dst, next_hop);
8049 }
8050
nl80211_del_mpath(struct sk_buff * skb,struct genl_info * info)8051 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
8052 {
8053 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8054 struct net_device *dev = info->user_ptr[1];
8055 u8 *dst = NULL;
8056
8057 if (info->attrs[NL80211_ATTR_MAC])
8058 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8059
8060 if (!rdev->ops->del_mpath)
8061 return -EOPNOTSUPP;
8062
8063 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8064 return -EOPNOTSUPP;
8065
8066 return rdev_del_mpath(rdev, dev, dst);
8067 }
8068
nl80211_get_mpp(struct sk_buff * skb,struct genl_info * info)8069 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
8070 {
8071 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8072 int err;
8073 struct net_device *dev = info->user_ptr[1];
8074 struct mpath_info pinfo;
8075 struct sk_buff *msg;
8076 u8 *dst = NULL;
8077 u8 mpp[ETH_ALEN];
8078
8079 memset(&pinfo, 0, sizeof(pinfo));
8080
8081 if (!info->attrs[NL80211_ATTR_MAC])
8082 return -EINVAL;
8083
8084 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
8085
8086 if (!rdev->ops->get_mpp)
8087 return -EOPNOTSUPP;
8088
8089 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
8090 return -EOPNOTSUPP;
8091
8092 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
8093 if (err)
8094 return err;
8095
8096 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8097 if (!msg)
8098 return -ENOMEM;
8099
8100 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
8101 dev, dst, mpp, &pinfo) < 0) {
8102 nlmsg_free(msg);
8103 return -ENOBUFS;
8104 }
8105
8106 return genlmsg_reply(msg, info);
8107 }
8108
nl80211_dump_mpp(struct sk_buff * skb,struct netlink_callback * cb)8109 static int nl80211_dump_mpp(struct sk_buff *skb,
8110 struct netlink_callback *cb)
8111 {
8112 struct mpath_info pinfo;
8113 struct cfg80211_registered_device *rdev;
8114 struct wireless_dev *wdev;
8115 u8 dst[ETH_ALEN];
8116 u8 mpp[ETH_ALEN];
8117 int path_idx = cb->args[2];
8118 int err;
8119
8120 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
8121 if (err)
8122 return err;
8123 /* nl80211_prepare_wdev_dump acquired it in the successful case */
8124 __acquire(&rdev->wiphy.mtx);
8125
8126 if (!rdev->ops->dump_mpp) {
8127 err = -EOPNOTSUPP;
8128 goto out_err;
8129 }
8130
8131 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
8132 err = -EOPNOTSUPP;
8133 goto out_err;
8134 }
8135
8136 while (1) {
8137 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
8138 mpp, &pinfo);
8139 if (err == -ENOENT)
8140 break;
8141 if (err)
8142 goto out_err;
8143
8144 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
8145 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8146 wdev->netdev, dst, mpp,
8147 &pinfo) < 0)
8148 goto out;
8149
8150 path_idx++;
8151 }
8152
8153 out:
8154 cb->args[2] = path_idx;
8155 err = skb->len;
8156 out_err:
8157 wiphy_unlock(&rdev->wiphy);
8158 return err;
8159 }
8160
nl80211_set_bss(struct sk_buff * skb,struct genl_info * info)8161 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
8162 {
8163 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8164 struct net_device *dev = info->user_ptr[1];
8165 struct bss_parameters params;
8166
8167 memset(¶ms, 0, sizeof(params));
8168 params.link_id = nl80211_link_id_or_invalid(info->attrs);
8169 /* default to not changing parameters */
8170 params.use_cts_prot = -1;
8171 params.use_short_preamble = -1;
8172 params.use_short_slot_time = -1;
8173 params.ap_isolate = -1;
8174 params.ht_opmode = -1;
8175 params.p2p_ctwindow = -1;
8176 params.p2p_opp_ps = -1;
8177
8178 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
8179 params.use_cts_prot =
8180 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
8181 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
8182 params.use_short_preamble =
8183 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
8184 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
8185 params.use_short_slot_time =
8186 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
8187 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8188 params.basic_rates =
8189 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8190 params.basic_rates_len =
8191 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8192 }
8193 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
8194 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
8195 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
8196 params.ht_opmode =
8197 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
8198
8199 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
8200 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8201 return -EINVAL;
8202 params.p2p_ctwindow =
8203 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
8204 if (params.p2p_ctwindow != 0 &&
8205 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
8206 return -EINVAL;
8207 }
8208
8209 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
8210 u8 tmp;
8211
8212 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8213 return -EINVAL;
8214 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
8215 params.p2p_opp_ps = tmp;
8216 if (params.p2p_opp_ps &&
8217 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
8218 return -EINVAL;
8219 }
8220
8221 if (!rdev->ops->change_bss)
8222 return -EOPNOTSUPP;
8223
8224 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8225 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
8226 return -EOPNOTSUPP;
8227
8228 return rdev_change_bss(rdev, dev, ¶ms);
8229 }
8230
nl80211_req_set_reg(struct sk_buff * skb,struct genl_info * info)8231 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
8232 {
8233 char *data = NULL;
8234 bool is_indoor;
8235 enum nl80211_user_reg_hint_type user_reg_hint_type;
8236 u32 owner_nlportid;
8237
8238 /*
8239 * You should only get this when cfg80211 hasn't yet initialized
8240 * completely when built-in to the kernel right between the time
8241 * window between nl80211_init() and regulatory_init(), if that is
8242 * even possible.
8243 */
8244 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
8245 return -EINPROGRESS;
8246
8247 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
8248 user_reg_hint_type =
8249 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
8250 else
8251 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
8252
8253 switch (user_reg_hint_type) {
8254 case NL80211_USER_REG_HINT_USER:
8255 case NL80211_USER_REG_HINT_CELL_BASE:
8256 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8257 return -EINVAL;
8258
8259 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8260 return regulatory_hint_user(data, user_reg_hint_type);
8261 case NL80211_USER_REG_HINT_INDOOR:
8262 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8263 owner_nlportid = info->snd_portid;
8264 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
8265 } else {
8266 owner_nlportid = 0;
8267 is_indoor = true;
8268 }
8269
8270 regulatory_hint_indoor(is_indoor, owner_nlportid);
8271 return 0;
8272 default:
8273 return -EINVAL;
8274 }
8275 }
8276
nl80211_reload_regdb(struct sk_buff * skb,struct genl_info * info)8277 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
8278 {
8279 return reg_reload_regdb();
8280 }
8281
nl80211_get_mesh_config(struct sk_buff * skb,struct genl_info * info)8282 static int nl80211_get_mesh_config(struct sk_buff *skb,
8283 struct genl_info *info)
8284 {
8285 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8286 struct net_device *dev = info->user_ptr[1];
8287 struct wireless_dev *wdev = dev->ieee80211_ptr;
8288 struct mesh_config cur_params;
8289 int err = 0;
8290 void *hdr;
8291 struct nlattr *pinfoattr;
8292 struct sk_buff *msg;
8293
8294 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8295 return -EOPNOTSUPP;
8296
8297 if (!rdev->ops->get_mesh_config)
8298 return -EOPNOTSUPP;
8299
8300 /* If not connected, get default parameters */
8301 if (!wdev->u.mesh.id_len)
8302 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
8303 else
8304 err = rdev_get_mesh_config(rdev, dev, &cur_params);
8305
8306 if (err)
8307 return err;
8308
8309 /* Draw up a netlink message to send back */
8310 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8311 if (!msg)
8312 return -ENOMEM;
8313 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8314 NL80211_CMD_GET_MESH_CONFIG);
8315 if (!hdr)
8316 goto out;
8317 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
8318 if (!pinfoattr)
8319 goto nla_put_failure;
8320 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8321 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
8322 cur_params.dot11MeshRetryTimeout) ||
8323 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
8324 cur_params.dot11MeshConfirmTimeout) ||
8325 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
8326 cur_params.dot11MeshHoldingTimeout) ||
8327 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
8328 cur_params.dot11MeshMaxPeerLinks) ||
8329 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
8330 cur_params.dot11MeshMaxRetries) ||
8331 nla_put_u8(msg, NL80211_MESHCONF_TTL,
8332 cur_params.dot11MeshTTL) ||
8333 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
8334 cur_params.element_ttl) ||
8335 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8336 cur_params.auto_open_plinks) ||
8337 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8338 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
8339 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8340 cur_params.dot11MeshHWMPmaxPREQretries) ||
8341 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
8342 cur_params.path_refresh_time) ||
8343 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8344 cur_params.min_discovery_timeout) ||
8345 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8346 cur_params.dot11MeshHWMPactivePathTimeout) ||
8347 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8348 cur_params.dot11MeshHWMPpreqMinInterval) ||
8349 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8350 cur_params.dot11MeshHWMPperrMinInterval) ||
8351 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8352 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
8353 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
8354 cur_params.dot11MeshHWMPRootMode) ||
8355 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8356 cur_params.dot11MeshHWMPRannInterval) ||
8357 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8358 cur_params.dot11MeshGateAnnouncementProtocol) ||
8359 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
8360 cur_params.dot11MeshForwarding) ||
8361 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
8362 cur_params.rssi_threshold) ||
8363 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
8364 cur_params.ht_opmode) ||
8365 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8366 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
8367 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8368 cur_params.dot11MeshHWMProotInterval) ||
8369 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8370 cur_params.dot11MeshHWMPconfirmationInterval) ||
8371 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
8372 cur_params.power_mode) ||
8373 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
8374 cur_params.dot11MeshAwakeWindowDuration) ||
8375 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
8376 cur_params.plink_timeout) ||
8377 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
8378 cur_params.dot11MeshConnectedToMeshGate) ||
8379 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
8380 cur_params.dot11MeshNolearn) ||
8381 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
8382 cur_params.dot11MeshConnectedToAuthServer))
8383 goto nla_put_failure;
8384 nla_nest_end(msg, pinfoattr);
8385 genlmsg_end(msg, hdr);
8386 return genlmsg_reply(msg, info);
8387
8388 nla_put_failure:
8389 out:
8390 nlmsg_free(msg);
8391 return -ENOBUFS;
8392 }
8393
8394 static const struct nla_policy
8395 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
8396 [NL80211_MESHCONF_RETRY_TIMEOUT] =
8397 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8398 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
8399 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8400 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
8401 NLA_POLICY_RANGE(NLA_U16, 1, 255),
8402 [NL80211_MESHCONF_MAX_PEER_LINKS] =
8403 NLA_POLICY_RANGE(NLA_U16, 0, 255),
8404 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
8405 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8406 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
8407 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
8408 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
8409 NLA_POLICY_RANGE(NLA_U32, 1, 255),
8410 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
8411 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
8412 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
8413 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
8414 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
8415 NLA_POLICY_MIN(NLA_U16, 1),
8416 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
8417 NLA_POLICY_MIN(NLA_U16, 1),
8418 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
8419 NLA_POLICY_MIN(NLA_U16, 1),
8420 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
8421 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
8422 NLA_POLICY_MIN(NLA_U16, 1),
8423 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
8424 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
8425 [NL80211_MESHCONF_RSSI_THRESHOLD] =
8426 NLA_POLICY_RANGE(NLA_S32, -255, 0),
8427 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
8428 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
8429 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
8430 NLA_POLICY_MIN(NLA_U16, 1),
8431 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
8432 NLA_POLICY_MIN(NLA_U16, 1),
8433 [NL80211_MESHCONF_POWER_MODE] =
8434 NLA_POLICY_RANGE(NLA_U32,
8435 NL80211_MESH_POWER_ACTIVE,
8436 NL80211_MESH_POWER_MAX),
8437 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
8438 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
8439 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8440 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8441 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
8442 };
8443
8444 static const struct nla_policy
8445 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
8446 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
8447 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
8448 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
8449 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
8450 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
8451 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
8452 [NL80211_MESH_SETUP_IE] =
8453 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
8454 IEEE80211_MAX_DATA_LEN),
8455 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
8456 };
8457
nl80211_parse_mesh_config(struct genl_info * info,struct mesh_config * cfg,u32 * mask_out)8458 static int nl80211_parse_mesh_config(struct genl_info *info,
8459 struct mesh_config *cfg,
8460 u32 *mask_out)
8461 {
8462 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
8463 u32 mask = 0;
8464 u16 ht_opmode;
8465
8466 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
8467 do { \
8468 if (tb[attr]) { \
8469 cfg->param = fn(tb[attr]); \
8470 mask |= BIT((attr) - 1); \
8471 } \
8472 } while (0)
8473
8474 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
8475 return -EINVAL;
8476 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
8477 return -EINVAL;
8478
8479 /* This makes sure that there aren't more than 32 mesh config
8480 * parameters (otherwise our bitfield scheme would not work.) */
8481 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
8482
8483 /* Fill in the params struct */
8484 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
8485 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
8486 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
8487 NL80211_MESHCONF_CONFIRM_TIMEOUT,
8488 nla_get_u16);
8489 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
8490 NL80211_MESHCONF_HOLDING_TIMEOUT,
8491 nla_get_u16);
8492 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
8493 NL80211_MESHCONF_MAX_PEER_LINKS,
8494 nla_get_u16);
8495 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
8496 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
8497 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
8498 NL80211_MESHCONF_TTL, nla_get_u8);
8499 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
8500 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
8501 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
8502 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
8503 nla_get_u8);
8504 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
8505 mask,
8506 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
8507 nla_get_u32);
8508 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
8509 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
8510 nla_get_u8);
8511 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
8512 NL80211_MESHCONF_PATH_REFRESH_TIME,
8513 nla_get_u32);
8514 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
8515 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
8516 return -EINVAL;
8517 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
8518 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
8519 nla_get_u16);
8520 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
8521 mask,
8522 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
8523 nla_get_u32);
8524 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
8525 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
8526 cfg->dot11MeshHWMPactivePathTimeout > 65535))
8527 return -EINVAL;
8528 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
8529 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
8530 nla_get_u16);
8531 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
8532 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
8533 nla_get_u16);
8534 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8535 dot11MeshHWMPnetDiameterTraversalTime, mask,
8536 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
8537 nla_get_u16);
8538 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
8539 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
8540 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
8541 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
8542 nla_get_u16);
8543 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
8544 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
8545 nla_get_u8);
8546 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
8547 NL80211_MESHCONF_FORWARDING, nla_get_u8);
8548 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
8549 NL80211_MESHCONF_RSSI_THRESHOLD,
8550 nla_get_s32);
8551 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
8552 NL80211_MESHCONF_CONNECTED_TO_GATE,
8553 nla_get_u8);
8554 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
8555 NL80211_MESHCONF_CONNECTED_TO_AS,
8556 nla_get_u8);
8557 /*
8558 * Check HT operation mode based on
8559 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
8560 */
8561 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
8562 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
8563
8564 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
8565 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
8566 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
8567 return -EINVAL;
8568
8569 /* NON_HT_STA bit is reserved, but some programs set it */
8570 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
8571
8572 cfg->ht_opmode = ht_opmode;
8573 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
8574 }
8575 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
8576 dot11MeshHWMPactivePathToRootTimeout, mask,
8577 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
8578 nla_get_u32);
8579 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
8580 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
8581 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
8582 return -EINVAL;
8583 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
8584 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
8585 nla_get_u16);
8586 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
8587 mask,
8588 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
8589 nla_get_u16);
8590 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
8591 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
8592 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
8593 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
8594 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
8595 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
8596 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
8597 NL80211_MESHCONF_NOLEARN, nla_get_u8);
8598 if (mask_out)
8599 *mask_out = mask;
8600
8601 return 0;
8602
8603 #undef FILL_IN_MESH_PARAM_IF_SET
8604 }
8605
nl80211_parse_mesh_setup(struct genl_info * info,struct mesh_setup * setup)8606 static int nl80211_parse_mesh_setup(struct genl_info *info,
8607 struct mesh_setup *setup)
8608 {
8609 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8610 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
8611
8612 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
8613 return -EINVAL;
8614 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
8615 return -EINVAL;
8616
8617 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
8618 setup->sync_method =
8619 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
8620 IEEE80211_SYNC_METHOD_VENDOR :
8621 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
8622
8623 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
8624 setup->path_sel_proto =
8625 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
8626 IEEE80211_PATH_PROTOCOL_VENDOR :
8627 IEEE80211_PATH_PROTOCOL_HWMP;
8628
8629 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
8630 setup->path_metric =
8631 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
8632 IEEE80211_PATH_METRIC_VENDOR :
8633 IEEE80211_PATH_METRIC_AIRTIME;
8634
8635 if (tb[NL80211_MESH_SETUP_IE]) {
8636 struct nlattr *ieattr =
8637 tb[NL80211_MESH_SETUP_IE];
8638 setup->ie = nla_data(ieattr);
8639 setup->ie_len = nla_len(ieattr);
8640 }
8641 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
8642 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
8643 return -EINVAL;
8644 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
8645 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
8646 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
8647 if (setup->is_secure)
8648 setup->user_mpm = true;
8649
8650 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
8651 if (!setup->user_mpm)
8652 return -EINVAL;
8653 setup->auth_id =
8654 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
8655 }
8656
8657 return 0;
8658 }
8659
nl80211_update_mesh_config(struct sk_buff * skb,struct genl_info * info)8660 static int nl80211_update_mesh_config(struct sk_buff *skb,
8661 struct genl_info *info)
8662 {
8663 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8664 struct net_device *dev = info->user_ptr[1];
8665 struct wireless_dev *wdev = dev->ieee80211_ptr;
8666 struct mesh_config cfg = {};
8667 u32 mask;
8668 int err;
8669
8670 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
8671 return -EOPNOTSUPP;
8672
8673 if (!rdev->ops->update_mesh_config)
8674 return -EOPNOTSUPP;
8675
8676 err = nl80211_parse_mesh_config(info, &cfg, &mask);
8677 if (err)
8678 return err;
8679
8680 if (!wdev->u.mesh.id_len)
8681 err = -ENOLINK;
8682
8683 if (!err)
8684 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
8685
8686 return err;
8687 }
8688
nl80211_put_regdom(const struct ieee80211_regdomain * regdom,struct sk_buff * msg)8689 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
8690 struct sk_buff *msg)
8691 {
8692 struct nlattr *nl_reg_rules;
8693 unsigned int i;
8694
8695 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
8696 (regdom->dfs_region &&
8697 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
8698 goto nla_put_failure;
8699
8700 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
8701 if (!nl_reg_rules)
8702 goto nla_put_failure;
8703
8704 for (i = 0; i < regdom->n_reg_rules; i++) {
8705 struct nlattr *nl_reg_rule;
8706 const struct ieee80211_reg_rule *reg_rule;
8707 const struct ieee80211_freq_range *freq_range;
8708 const struct ieee80211_power_rule *power_rule;
8709 unsigned int max_bandwidth_khz;
8710
8711 reg_rule = ®dom->reg_rules[i];
8712 freq_range = ®_rule->freq_range;
8713 power_rule = ®_rule->power_rule;
8714
8715 nl_reg_rule = nla_nest_start_noflag(msg, i);
8716 if (!nl_reg_rule)
8717 goto nla_put_failure;
8718
8719 max_bandwidth_khz = freq_range->max_bandwidth_khz;
8720 if (!max_bandwidth_khz)
8721 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
8722 reg_rule);
8723
8724 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
8725 reg_rule->flags) ||
8726 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
8727 freq_range->start_freq_khz) ||
8728 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
8729 freq_range->end_freq_khz) ||
8730 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
8731 max_bandwidth_khz) ||
8732 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
8733 power_rule->max_antenna_gain) ||
8734 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
8735 power_rule->max_eirp) ||
8736 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
8737 reg_rule->dfs_cac_ms))
8738 goto nla_put_failure;
8739
8740 if ((reg_rule->flags & NL80211_RRF_PSD) &&
8741 nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
8742 reg_rule->psd))
8743 goto nla_put_failure;
8744
8745 nla_nest_end(msg, nl_reg_rule);
8746 }
8747
8748 nla_nest_end(msg, nl_reg_rules);
8749 return 0;
8750
8751 nla_put_failure:
8752 return -EMSGSIZE;
8753 }
8754
nl80211_get_reg_do(struct sk_buff * skb,struct genl_info * info)8755 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
8756 {
8757 const struct ieee80211_regdomain *regdom = NULL;
8758 struct cfg80211_registered_device *rdev;
8759 struct wiphy *wiphy = NULL;
8760 struct sk_buff *msg;
8761 int err = -EMSGSIZE;
8762 void *hdr;
8763
8764 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8765 if (!msg)
8766 return -ENOBUFS;
8767
8768 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8769 NL80211_CMD_GET_REG);
8770 if (!hdr)
8771 goto put_failure;
8772
8773 rtnl_lock();
8774
8775 if (info->attrs[NL80211_ATTR_WIPHY]) {
8776 bool self_managed;
8777
8778 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
8779 if (IS_ERR(rdev)) {
8780 err = PTR_ERR(rdev);
8781 goto nla_put_failure;
8782 }
8783
8784 wiphy = &rdev->wiphy;
8785 self_managed = wiphy->regulatory_flags &
8786 REGULATORY_WIPHY_SELF_MANAGED;
8787
8788 rcu_read_lock();
8789
8790 regdom = get_wiphy_regdom(wiphy);
8791
8792 /* a self-managed-reg device must have a private regdom */
8793 if (WARN_ON(!regdom && self_managed)) {
8794 err = -EINVAL;
8795 goto nla_put_failure_rcu;
8796 }
8797
8798 if (regdom &&
8799 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8800 goto nla_put_failure_rcu;
8801 } else {
8802 rcu_read_lock();
8803 }
8804
8805 if (!wiphy && reg_last_request_cell_base() &&
8806 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8807 NL80211_USER_REG_HINT_CELL_BASE))
8808 goto nla_put_failure_rcu;
8809
8810 if (!regdom)
8811 regdom = rcu_dereference(cfg80211_regdomain);
8812
8813 if (nl80211_put_regdom(regdom, msg))
8814 goto nla_put_failure_rcu;
8815
8816 rcu_read_unlock();
8817
8818 genlmsg_end(msg, hdr);
8819 rtnl_unlock();
8820 return genlmsg_reply(msg, info);
8821
8822 nla_put_failure_rcu:
8823 rcu_read_unlock();
8824 nla_put_failure:
8825 rtnl_unlock();
8826 put_failure:
8827 nlmsg_free(msg);
8828 return err;
8829 }
8830
nl80211_send_regdom(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct wiphy * wiphy,const struct ieee80211_regdomain * regdom)8831 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
8832 u32 seq, int flags, struct wiphy *wiphy,
8833 const struct ieee80211_regdomain *regdom)
8834 {
8835 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8836 NL80211_CMD_GET_REG);
8837
8838 if (!hdr)
8839 return -1;
8840
8841 genl_dump_check_consistent(cb, hdr);
8842
8843 if (nl80211_put_regdom(regdom, msg))
8844 goto nla_put_failure;
8845
8846 if (!wiphy && reg_last_request_cell_base() &&
8847 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
8848 NL80211_USER_REG_HINT_CELL_BASE))
8849 goto nla_put_failure;
8850
8851 if (wiphy &&
8852 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8853 goto nla_put_failure;
8854
8855 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
8856 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
8857 goto nla_put_failure;
8858
8859 genlmsg_end(msg, hdr);
8860 return 0;
8861
8862 nla_put_failure:
8863 genlmsg_cancel(msg, hdr);
8864 return -EMSGSIZE;
8865 }
8866
nl80211_get_reg_dump(struct sk_buff * skb,struct netlink_callback * cb)8867 static int nl80211_get_reg_dump(struct sk_buff *skb,
8868 struct netlink_callback *cb)
8869 {
8870 const struct ieee80211_regdomain *regdom = NULL;
8871 struct cfg80211_registered_device *rdev;
8872 int err, reg_idx, start = cb->args[2];
8873
8874 rcu_read_lock();
8875
8876 if (cfg80211_regdomain && start == 0) {
8877 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8878 NLM_F_MULTI, NULL,
8879 rcu_dereference(cfg80211_regdomain));
8880 if (err < 0)
8881 goto out_err;
8882 }
8883
8884 /* the global regdom is idx 0 */
8885 reg_idx = 1;
8886 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
8887 regdom = get_wiphy_regdom(&rdev->wiphy);
8888 if (!regdom)
8889 continue;
8890
8891 if (++reg_idx <= start)
8892 continue;
8893
8894 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
8895 NLM_F_MULTI, &rdev->wiphy, regdom);
8896 if (err < 0) {
8897 reg_idx--;
8898 break;
8899 }
8900 }
8901
8902 cb->args[2] = reg_idx;
8903 err = skb->len;
8904 out_err:
8905 rcu_read_unlock();
8906 return err;
8907 }
8908
8909 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
8910 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
8911 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
8912 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
8913 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
8914 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
8915 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
8916 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
8917 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
8918 };
8919
parse_reg_rule(struct nlattr * tb[],struct ieee80211_reg_rule * reg_rule)8920 static int parse_reg_rule(struct nlattr *tb[],
8921 struct ieee80211_reg_rule *reg_rule)
8922 {
8923 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
8924 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
8925
8926 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
8927 return -EINVAL;
8928 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
8929 return -EINVAL;
8930 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
8931 return -EINVAL;
8932 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
8933 return -EINVAL;
8934 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
8935 return -EINVAL;
8936
8937 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
8938
8939 freq_range->start_freq_khz =
8940 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
8941 freq_range->end_freq_khz =
8942 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
8943 freq_range->max_bandwidth_khz =
8944 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
8945
8946 power_rule->max_eirp =
8947 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
8948
8949 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
8950 power_rule->max_antenna_gain =
8951 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
8952
8953 if (tb[NL80211_ATTR_DFS_CAC_TIME])
8954 reg_rule->dfs_cac_ms =
8955 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
8956
8957 return 0;
8958 }
8959
nl80211_set_reg(struct sk_buff * skb,struct genl_info * info)8960 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
8961 {
8962 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
8963 struct nlattr *nl_reg_rule;
8964 char *alpha2;
8965 int rem_reg_rules, r;
8966 u32 num_rules = 0, rule_idx = 0;
8967 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
8968 struct ieee80211_regdomain *rd;
8969
8970 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
8971 return -EINVAL;
8972
8973 if (!info->attrs[NL80211_ATTR_REG_RULES])
8974 return -EINVAL;
8975
8976 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
8977
8978 if (info->attrs[NL80211_ATTR_DFS_REGION])
8979 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
8980
8981 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
8982 rem_reg_rules) {
8983 num_rules++;
8984 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
8985 return -EINVAL;
8986 }
8987
8988 rtnl_lock();
8989 if (!reg_is_valid_request(alpha2)) {
8990 r = -EINVAL;
8991 goto out;
8992 }
8993
8994 rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
8995 if (!rd) {
8996 r = -ENOMEM;
8997 goto out;
8998 }
8999
9000 rd->n_reg_rules = num_rules;
9001 rd->alpha2[0] = alpha2[0];
9002 rd->alpha2[1] = alpha2[1];
9003
9004 /*
9005 * Disable DFS master mode if the DFS region was
9006 * not supported or known on this kernel.
9007 */
9008 if (reg_supported_dfs_region(dfs_region))
9009 rd->dfs_region = dfs_region;
9010
9011 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
9012 rem_reg_rules) {
9013 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
9014 nl_reg_rule, reg_rule_policy,
9015 info->extack);
9016 if (r)
9017 goto bad_reg;
9018 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
9019 if (r)
9020 goto bad_reg;
9021
9022 rule_idx++;
9023
9024 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
9025 r = -EINVAL;
9026 goto bad_reg;
9027 }
9028 }
9029
9030 r = set_regdom(rd, REGD_SOURCE_CRDA);
9031 /* set_regdom takes ownership of rd */
9032 rd = NULL;
9033 bad_reg:
9034 kfree(rd);
9035 out:
9036 rtnl_unlock();
9037 return r;
9038 }
9039 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
9040
validate_scan_freqs(struct nlattr * freqs)9041 static int validate_scan_freqs(struct nlattr *freqs)
9042 {
9043 struct nlattr *attr1, *attr2;
9044 int n_channels = 0, tmp1, tmp2;
9045
9046 nla_for_each_nested(attr1, freqs, tmp1)
9047 if (nla_len(attr1) != sizeof(u32))
9048 return 0;
9049
9050 nla_for_each_nested(attr1, freqs, tmp1) {
9051 n_channels++;
9052 /*
9053 * Some hardware has a limited channel list for
9054 * scanning, and it is pretty much nonsensical
9055 * to scan for a channel twice, so disallow that
9056 * and don't require drivers to check that the
9057 * channel list they get isn't longer than what
9058 * they can scan, as long as they can scan all
9059 * the channels they registered at once.
9060 */
9061 nla_for_each_nested(attr2, freqs, tmp2)
9062 if (attr1 != attr2 &&
9063 nla_get_u32(attr1) == nla_get_u32(attr2))
9064 return 0;
9065 }
9066
9067 return n_channels;
9068 }
9069
is_band_valid(struct wiphy * wiphy,enum nl80211_band b)9070 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
9071 {
9072 return b < NUM_NL80211_BANDS && wiphy->bands[b];
9073 }
9074
parse_bss_select(struct nlattr * nla,struct wiphy * wiphy,struct cfg80211_bss_selection * bss_select)9075 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
9076 struct cfg80211_bss_selection *bss_select)
9077 {
9078 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
9079 struct nlattr *nest;
9080 int err;
9081 bool found = false;
9082 int i;
9083
9084 /* only process one nested attribute */
9085 nest = nla_data(nla);
9086 if (!nla_ok(nest, nla_len(nest)))
9087 return -EINVAL;
9088
9089 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
9090 nest, nl80211_bss_select_policy,
9091 NULL);
9092 if (err)
9093 return err;
9094
9095 /* only one attribute may be given */
9096 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
9097 if (attr[i]) {
9098 if (found)
9099 return -EINVAL;
9100 found = true;
9101 }
9102 }
9103
9104 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
9105
9106 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
9107 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
9108
9109 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
9110 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
9111 bss_select->param.band_pref =
9112 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
9113 if (!is_band_valid(wiphy, bss_select->param.band_pref))
9114 return -EINVAL;
9115 }
9116
9117 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
9118 struct nl80211_bss_select_rssi_adjust *adj_param;
9119
9120 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
9121 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
9122 bss_select->param.adjust.band = adj_param->band;
9123 bss_select->param.adjust.delta = adj_param->delta;
9124 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
9125 return -EINVAL;
9126 }
9127
9128 /* user-space did not provide behaviour attribute */
9129 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
9130 return -EINVAL;
9131
9132 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
9133 return -EINVAL;
9134
9135 return 0;
9136 }
9137
nl80211_parse_random_mac(struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask)9138 int nl80211_parse_random_mac(struct nlattr **attrs,
9139 u8 *mac_addr, u8 *mac_addr_mask)
9140 {
9141 int i;
9142
9143 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
9144 eth_zero_addr(mac_addr);
9145 eth_zero_addr(mac_addr_mask);
9146 mac_addr[0] = 0x2;
9147 mac_addr_mask[0] = 0x3;
9148
9149 return 0;
9150 }
9151
9152 /* need both or none */
9153 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
9154 return -EINVAL;
9155
9156 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
9157 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
9158
9159 /* don't allow or configure an mcast address */
9160 if (!is_multicast_ether_addr(mac_addr_mask) ||
9161 is_multicast_ether_addr(mac_addr))
9162 return -EINVAL;
9163
9164 /*
9165 * allow users to pass a MAC address that has bits set outside
9166 * of the mask, but don't bother drivers with having to deal
9167 * with such bits
9168 */
9169 for (i = 0; i < ETH_ALEN; i++)
9170 mac_addr[i] &= mac_addr_mask[i];
9171
9172 return 0;
9173 }
9174
cfg80211_off_channel_oper_allowed(struct wireless_dev * wdev,struct ieee80211_channel * chan)9175 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
9176 struct ieee80211_channel *chan)
9177 {
9178 unsigned int link_id;
9179 bool all_ok = true;
9180
9181 lockdep_assert_wiphy(wdev->wiphy);
9182
9183 if (!cfg80211_beaconing_iface_active(wdev))
9184 return true;
9185
9186 /*
9187 * FIXME: check if we have a free HW resource/link for chan
9188 *
9189 * This, as well as the FIXME below, requires knowing the link
9190 * capabilities of the hardware.
9191 */
9192
9193 /* we cannot leave radar channels */
9194 for_each_valid_link(wdev, link_id) {
9195 struct cfg80211_chan_def *chandef;
9196
9197 chandef = wdev_chandef(wdev, link_id);
9198 if (!chandef || !chandef->chan)
9199 continue;
9200
9201 /*
9202 * FIXME: don't require all_ok, but rather check only the
9203 * correct HW resource/link onto which 'chan' falls,
9204 * as only that link leaves the channel for doing
9205 * the off-channel operation.
9206 */
9207
9208 if (chandef->chan->flags & IEEE80211_CHAN_RADAR)
9209 all_ok = false;
9210 }
9211
9212 if (all_ok)
9213 return true;
9214
9215 return regulatory_pre_cac_allowed(wdev->wiphy);
9216 }
9217
nl80211_check_scan_feat(struct wiphy * wiphy,u32 flags,u32 flag,enum nl80211_ext_feature_index feat)9218 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
9219 enum nl80211_ext_feature_index feat)
9220 {
9221 if (!(flags & flag))
9222 return true;
9223 if (wiphy_ext_feature_isset(wiphy, feat))
9224 return true;
9225 return false;
9226 }
9227
9228 static int
nl80211_check_scan_flags(struct wiphy * wiphy,struct wireless_dev * wdev,void * request,struct nlattr ** attrs,bool is_sched_scan)9229 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
9230 void *request, struct nlattr **attrs,
9231 bool is_sched_scan)
9232 {
9233 u8 *mac_addr, *mac_addr_mask;
9234 u32 *flags;
9235 enum nl80211_feature_flags randomness_flag;
9236
9237 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
9238 return 0;
9239
9240 if (is_sched_scan) {
9241 struct cfg80211_sched_scan_request *req = request;
9242
9243 randomness_flag = wdev ?
9244 NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
9245 NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
9246 flags = &req->flags;
9247 mac_addr = req->mac_addr;
9248 mac_addr_mask = req->mac_addr_mask;
9249 } else {
9250 struct cfg80211_scan_request *req = request;
9251
9252 randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
9253 flags = &req->flags;
9254 mac_addr = req->mac_addr;
9255 mac_addr_mask = req->mac_addr_mask;
9256 }
9257
9258 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
9259
9260 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
9261 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
9262 !nl80211_check_scan_feat(wiphy, *flags,
9263 NL80211_SCAN_FLAG_LOW_SPAN,
9264 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
9265 !nl80211_check_scan_feat(wiphy, *flags,
9266 NL80211_SCAN_FLAG_LOW_POWER,
9267 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
9268 !nl80211_check_scan_feat(wiphy, *flags,
9269 NL80211_SCAN_FLAG_HIGH_ACCURACY,
9270 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
9271 !nl80211_check_scan_feat(wiphy, *flags,
9272 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
9273 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
9274 !nl80211_check_scan_feat(wiphy, *flags,
9275 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
9276 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
9277 !nl80211_check_scan_feat(wiphy, *flags,
9278 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
9279 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
9280 !nl80211_check_scan_feat(wiphy, *flags,
9281 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
9282 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
9283 !nl80211_check_scan_feat(wiphy, *flags,
9284 NL80211_SCAN_FLAG_RANDOM_SN,
9285 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
9286 !nl80211_check_scan_feat(wiphy, *flags,
9287 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
9288 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
9289 return -EOPNOTSUPP;
9290
9291 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
9292 int err;
9293
9294 if (!(wiphy->features & randomness_flag) ||
9295 (wdev && wdev->connected))
9296 return -EOPNOTSUPP;
9297
9298 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
9299 if (err)
9300 return err;
9301 }
9302
9303 return 0;
9304 }
9305
nl80211_trigger_scan(struct sk_buff * skb,struct genl_info * info)9306 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
9307 {
9308 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9309 struct wireless_dev *wdev = info->user_ptr[1];
9310 struct cfg80211_scan_request *request;
9311 struct nlattr *scan_freqs = NULL;
9312 bool scan_freqs_khz = false;
9313 struct nlattr *attr;
9314 struct wiphy *wiphy;
9315 int err, tmp, n_ssids = 0, n_channels, i;
9316 size_t ie_len, size;
9317 size_t ssids_offset, ie_offset;
9318
9319 wiphy = &rdev->wiphy;
9320
9321 if (wdev->iftype == NL80211_IFTYPE_NAN)
9322 return -EOPNOTSUPP;
9323
9324 if (!rdev->ops->scan)
9325 return -EOPNOTSUPP;
9326
9327 if (rdev->scan_req || rdev->scan_msg)
9328 return -EBUSY;
9329
9330 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
9331 if (!wiphy_ext_feature_isset(wiphy,
9332 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
9333 return -EOPNOTSUPP;
9334 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
9335 scan_freqs_khz = true;
9336 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
9337 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
9338
9339 if (scan_freqs) {
9340 n_channels = validate_scan_freqs(scan_freqs);
9341 if (!n_channels)
9342 return -EINVAL;
9343 } else {
9344 n_channels = ieee80211_get_num_supported_channels(wiphy);
9345 }
9346
9347 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
9348 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
9349 n_ssids++;
9350
9351 if (n_ssids > wiphy->max_scan_ssids)
9352 return -EINVAL;
9353
9354 if (info->attrs[NL80211_ATTR_IE])
9355 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9356 else
9357 ie_len = 0;
9358
9359 if (ie_len > wiphy->max_scan_ie_len)
9360 return -EINVAL;
9361
9362 size = struct_size(request, channels, n_channels);
9363 ssids_offset = size;
9364 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9365 ie_offset = size;
9366 size = size_add(size, ie_len);
9367 request = kzalloc(size, GFP_KERNEL);
9368 if (!request)
9369 return -ENOMEM;
9370 request->n_channels = n_channels;
9371
9372 if (n_ssids)
9373 request->ssids = (void *)request + ssids_offset;
9374 request->n_ssids = n_ssids;
9375 if (ie_len)
9376 request->ie = (void *)request + ie_offset;
9377
9378 i = 0;
9379 if (scan_freqs) {
9380 /* user specified, bail out if channel not found */
9381 nla_for_each_nested(attr, scan_freqs, tmp) {
9382 struct ieee80211_channel *chan;
9383 int freq = nla_get_u32(attr);
9384
9385 if (!scan_freqs_khz)
9386 freq = MHZ_TO_KHZ(freq);
9387
9388 chan = ieee80211_get_channel_khz(wiphy, freq);
9389 if (!chan) {
9390 err = -EINVAL;
9391 goto out_free;
9392 }
9393
9394 /* ignore disabled channels */
9395 if (chan->flags & IEEE80211_CHAN_DISABLED)
9396 continue;
9397
9398 request->channels[i] = chan;
9399 i++;
9400 }
9401 } else {
9402 enum nl80211_band band;
9403
9404 /* all channels */
9405 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9406 int j;
9407
9408 if (!wiphy->bands[band])
9409 continue;
9410 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9411 struct ieee80211_channel *chan;
9412
9413 chan = &wiphy->bands[band]->channels[j];
9414
9415 if (chan->flags & IEEE80211_CHAN_DISABLED)
9416 continue;
9417
9418 request->channels[i] = chan;
9419 i++;
9420 }
9421 }
9422 }
9423
9424 if (!i) {
9425 err = -EINVAL;
9426 goto out_free;
9427 }
9428
9429 request->n_channels = i;
9430
9431 for (i = 0; i < request->n_channels; i++) {
9432 struct ieee80211_channel *chan = request->channels[i];
9433
9434 /* if we can go off-channel to the target channel we're good */
9435 if (cfg80211_off_channel_oper_allowed(wdev, chan))
9436 continue;
9437
9438 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
9439 err = -EBUSY;
9440 goto out_free;
9441 }
9442 }
9443
9444 i = 0;
9445 if (n_ssids) {
9446 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
9447 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9448 err = -EINVAL;
9449 goto out_free;
9450 }
9451 request->ssids[i].ssid_len = nla_len(attr);
9452 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
9453 i++;
9454 }
9455 }
9456
9457 if (info->attrs[NL80211_ATTR_IE]) {
9458 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9459 memcpy((void *)request->ie,
9460 nla_data(info->attrs[NL80211_ATTR_IE]),
9461 request->ie_len);
9462 }
9463
9464 for (i = 0; i < NUM_NL80211_BANDS; i++)
9465 if (wiphy->bands[i])
9466 request->rates[i] =
9467 (1 << wiphy->bands[i]->n_bitrates) - 1;
9468
9469 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
9470 nla_for_each_nested(attr,
9471 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
9472 tmp) {
9473 enum nl80211_band band = nla_type(attr);
9474
9475 if (band < 0 || band >= NUM_NL80211_BANDS) {
9476 err = -EINVAL;
9477 goto out_free;
9478 }
9479
9480 if (!wiphy->bands[band])
9481 continue;
9482
9483 err = ieee80211_get_ratemask(wiphy->bands[band],
9484 nla_data(attr),
9485 nla_len(attr),
9486 &request->rates[band]);
9487 if (err)
9488 goto out_free;
9489 }
9490 }
9491
9492 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
9493 request->duration =
9494 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
9495 request->duration_mandatory =
9496 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
9497 }
9498
9499 err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
9500 false);
9501 if (err)
9502 goto out_free;
9503
9504 request->no_cck =
9505 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
9506
9507 /* Initial implementation used NL80211_ATTR_MAC to set the specific
9508 * BSSID to scan for. This was problematic because that same attribute
9509 * was already used for another purpose (local random MAC address). The
9510 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
9511 * compatibility with older userspace components, also use the
9512 * NL80211_ATTR_MAC value here if it can be determined to be used for
9513 * the specific BSSID use case instead of the random MAC address
9514 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
9515 */
9516 if (info->attrs[NL80211_ATTR_BSSID])
9517 memcpy(request->bssid,
9518 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
9519 else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
9520 info->attrs[NL80211_ATTR_MAC])
9521 memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
9522 ETH_ALEN);
9523 else
9524 eth_broadcast_addr(request->bssid);
9525
9526 request->tsf_report_link_id = nl80211_link_id_or_invalid(info->attrs);
9527 request->wdev = wdev;
9528 request->wiphy = &rdev->wiphy;
9529 request->scan_start = jiffies;
9530
9531 rdev->scan_req = request;
9532 err = cfg80211_scan(rdev);
9533
9534 if (err)
9535 goto out_free;
9536
9537 nl80211_send_scan_start(rdev, wdev);
9538 dev_hold(wdev->netdev);
9539
9540 return 0;
9541
9542 out_free:
9543 rdev->scan_req = NULL;
9544 kfree(request);
9545
9546 return err;
9547 }
9548
nl80211_abort_scan(struct sk_buff * skb,struct genl_info * info)9549 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
9550 {
9551 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9552 struct wireless_dev *wdev = info->user_ptr[1];
9553
9554 if (!rdev->ops->abort_scan)
9555 return -EOPNOTSUPP;
9556
9557 if (rdev->scan_msg)
9558 return 0;
9559
9560 if (!rdev->scan_req)
9561 return -ENOENT;
9562
9563 rdev_abort_scan(rdev, wdev);
9564 return 0;
9565 }
9566
9567 static int
nl80211_parse_sched_scan_plans(struct wiphy * wiphy,int n_plans,struct cfg80211_sched_scan_request * request,struct nlattr ** attrs)9568 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
9569 struct cfg80211_sched_scan_request *request,
9570 struct nlattr **attrs)
9571 {
9572 int tmp, err, i = 0;
9573 struct nlattr *attr;
9574
9575 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9576 u32 interval;
9577
9578 /*
9579 * If scan plans are not specified,
9580 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
9581 * case one scan plan will be set with the specified scan
9582 * interval and infinite number of iterations.
9583 */
9584 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
9585 if (!interval)
9586 return -EINVAL;
9587
9588 request->scan_plans[0].interval =
9589 DIV_ROUND_UP(interval, MSEC_PER_SEC);
9590 if (!request->scan_plans[0].interval)
9591 return -EINVAL;
9592
9593 if (request->scan_plans[0].interval >
9594 wiphy->max_sched_scan_plan_interval)
9595 request->scan_plans[0].interval =
9596 wiphy->max_sched_scan_plan_interval;
9597
9598 return 0;
9599 }
9600
9601 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
9602 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
9603
9604 if (WARN_ON(i >= n_plans))
9605 return -EINVAL;
9606
9607 err = nla_parse_nested_deprecated(plan,
9608 NL80211_SCHED_SCAN_PLAN_MAX,
9609 attr, nl80211_plan_policy,
9610 NULL);
9611 if (err)
9612 return err;
9613
9614 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
9615 return -EINVAL;
9616
9617 request->scan_plans[i].interval =
9618 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
9619 if (!request->scan_plans[i].interval ||
9620 request->scan_plans[i].interval >
9621 wiphy->max_sched_scan_plan_interval)
9622 return -EINVAL;
9623
9624 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
9625 request->scan_plans[i].iterations =
9626 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
9627 if (!request->scan_plans[i].iterations ||
9628 (request->scan_plans[i].iterations >
9629 wiphy->max_sched_scan_plan_iterations))
9630 return -EINVAL;
9631 } else if (i < n_plans - 1) {
9632 /*
9633 * All scan plans but the last one must specify
9634 * a finite number of iterations
9635 */
9636 return -EINVAL;
9637 }
9638
9639 i++;
9640 }
9641
9642 /*
9643 * The last scan plan must not specify the number of
9644 * iterations, it is supposed to run infinitely
9645 */
9646 if (request->scan_plans[n_plans - 1].iterations)
9647 return -EINVAL;
9648
9649 return 0;
9650 }
9651
9652 static struct cfg80211_sched_scan_request *
nl80211_parse_sched_scan(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,int max_match_sets)9653 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
9654 struct nlattr **attrs, int max_match_sets)
9655 {
9656 struct cfg80211_sched_scan_request *request;
9657 struct nlattr *attr;
9658 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
9659 enum nl80211_band band;
9660 size_t ie_len, size;
9661 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
9662 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
9663
9664 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9665 n_channels = validate_scan_freqs(
9666 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
9667 if (!n_channels)
9668 return ERR_PTR(-EINVAL);
9669 } else {
9670 n_channels = ieee80211_get_num_supported_channels(wiphy);
9671 }
9672
9673 if (attrs[NL80211_ATTR_SCAN_SSIDS])
9674 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9675 tmp)
9676 n_ssids++;
9677
9678 if (n_ssids > wiphy->max_sched_scan_ssids)
9679 return ERR_PTR(-EINVAL);
9680
9681 /*
9682 * First, count the number of 'real' matchsets. Due to an issue with
9683 * the old implementation, matchsets containing only the RSSI attribute
9684 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
9685 * RSSI for all matchsets, rather than their own matchset for reporting
9686 * all APs with a strong RSSI. This is needed to be compatible with
9687 * older userspace that treated a matchset with only the RSSI as the
9688 * global RSSI for all other matchsets - if there are other matchsets.
9689 */
9690 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9691 nla_for_each_nested(attr,
9692 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9693 tmp) {
9694 struct nlattr *rssi;
9695
9696 err = nla_parse_nested_deprecated(tb,
9697 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9698 attr,
9699 nl80211_match_policy,
9700 NULL);
9701 if (err)
9702 return ERR_PTR(err);
9703
9704 /* SSID and BSSID are mutually exclusive */
9705 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
9706 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
9707 return ERR_PTR(-EINVAL);
9708
9709 /* add other standalone attributes here */
9710 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
9711 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
9712 n_match_sets++;
9713 continue;
9714 }
9715 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9716 if (rssi)
9717 default_match_rssi = nla_get_s32(rssi);
9718 }
9719 }
9720
9721 /* However, if there's no other matchset, add the RSSI one */
9722 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
9723 n_match_sets = 1;
9724
9725 if (n_match_sets > max_match_sets)
9726 return ERR_PTR(-EINVAL);
9727
9728 if (attrs[NL80211_ATTR_IE])
9729 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
9730 else
9731 ie_len = 0;
9732
9733 if (ie_len > wiphy->max_sched_scan_ie_len)
9734 return ERR_PTR(-EINVAL);
9735
9736 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
9737 /*
9738 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
9739 * each scan plan already specifies its own interval
9740 */
9741 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9742 return ERR_PTR(-EINVAL);
9743
9744 nla_for_each_nested(attr,
9745 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
9746 n_plans++;
9747 } else {
9748 /*
9749 * The scan interval attribute is kept for backward
9750 * compatibility. If no scan plans are specified and sched scan
9751 * interval is specified, one scan plan will be set with this
9752 * scan interval and infinite number of iterations.
9753 */
9754 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
9755 return ERR_PTR(-EINVAL);
9756
9757 n_plans = 1;
9758 }
9759
9760 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
9761 return ERR_PTR(-EINVAL);
9762
9763 if (!wiphy_ext_feature_isset(
9764 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
9765 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
9766 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
9767 return ERR_PTR(-EINVAL);
9768
9769 size = struct_size(request, channels, n_channels);
9770 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
9771 size = size_add(size, array_size(sizeof(*request->match_sets),
9772 n_match_sets));
9773 size = size_add(size, array_size(sizeof(*request->scan_plans),
9774 n_plans));
9775 size = size_add(size, ie_len);
9776 request = kzalloc(size, GFP_KERNEL);
9777 if (!request)
9778 return ERR_PTR(-ENOMEM);
9779
9780 if (n_ssids)
9781 request->ssids = (void *)request +
9782 struct_size(request, channels, n_channels);
9783 request->n_ssids = n_ssids;
9784 if (ie_len) {
9785 if (n_ssids)
9786 request->ie = (void *)(request->ssids + n_ssids);
9787 else
9788 request->ie = (void *)(request->channels + n_channels);
9789 }
9790
9791 if (n_match_sets) {
9792 if (request->ie)
9793 request->match_sets = (void *)(request->ie + ie_len);
9794 else if (n_ssids)
9795 request->match_sets =
9796 (void *)(request->ssids + n_ssids);
9797 else
9798 request->match_sets =
9799 (void *)(request->channels + n_channels);
9800 }
9801 request->n_match_sets = n_match_sets;
9802
9803 if (n_match_sets)
9804 request->scan_plans = (void *)(request->match_sets +
9805 n_match_sets);
9806 else if (request->ie)
9807 request->scan_plans = (void *)(request->ie + ie_len);
9808 else if (n_ssids)
9809 request->scan_plans = (void *)(request->ssids + n_ssids);
9810 else
9811 request->scan_plans = (void *)(request->channels + n_channels);
9812
9813 request->n_scan_plans = n_plans;
9814
9815 i = 0;
9816 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
9817 /* user specified, bail out if channel not found */
9818 nla_for_each_nested(attr,
9819 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
9820 tmp) {
9821 struct ieee80211_channel *chan;
9822
9823 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
9824
9825 if (!chan) {
9826 err = -EINVAL;
9827 goto out_free;
9828 }
9829
9830 /* ignore disabled channels */
9831 if (chan->flags & IEEE80211_CHAN_DISABLED)
9832 continue;
9833
9834 request->channels[i] = chan;
9835 i++;
9836 }
9837 } else {
9838 /* all channels */
9839 for (band = 0; band < NUM_NL80211_BANDS; band++) {
9840 int j;
9841
9842 if (!wiphy->bands[band])
9843 continue;
9844 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
9845 struct ieee80211_channel *chan;
9846
9847 chan = &wiphy->bands[band]->channels[j];
9848
9849 if (chan->flags & IEEE80211_CHAN_DISABLED)
9850 continue;
9851
9852 request->channels[i] = chan;
9853 i++;
9854 }
9855 }
9856 }
9857
9858 if (!i) {
9859 err = -EINVAL;
9860 goto out_free;
9861 }
9862
9863 request->n_channels = i;
9864
9865 i = 0;
9866 if (n_ssids) {
9867 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
9868 tmp) {
9869 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
9870 err = -EINVAL;
9871 goto out_free;
9872 }
9873 request->ssids[i].ssid_len = nla_len(attr);
9874 memcpy(request->ssids[i].ssid, nla_data(attr),
9875 nla_len(attr));
9876 i++;
9877 }
9878 }
9879
9880 i = 0;
9881 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
9882 nla_for_each_nested(attr,
9883 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
9884 tmp) {
9885 struct nlattr *ssid, *bssid, *rssi;
9886
9887 err = nla_parse_nested_deprecated(tb,
9888 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
9889 attr,
9890 nl80211_match_policy,
9891 NULL);
9892 if (err)
9893 goto out_free;
9894 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
9895 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
9896
9897 if (!ssid && !bssid) {
9898 i++;
9899 continue;
9900 }
9901
9902 if (WARN_ON(i >= n_match_sets)) {
9903 /* this indicates a programming error,
9904 * the loop above should have verified
9905 * things properly
9906 */
9907 err = -EINVAL;
9908 goto out_free;
9909 }
9910
9911 if (ssid) {
9912 memcpy(request->match_sets[i].ssid.ssid,
9913 nla_data(ssid), nla_len(ssid));
9914 request->match_sets[i].ssid.ssid_len =
9915 nla_len(ssid);
9916 }
9917 if (bssid)
9918 memcpy(request->match_sets[i].bssid,
9919 nla_data(bssid), ETH_ALEN);
9920
9921 /* special attribute - old implementation w/a */
9922 request->match_sets[i].rssi_thold = default_match_rssi;
9923 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
9924 if (rssi)
9925 request->match_sets[i].rssi_thold =
9926 nla_get_s32(rssi);
9927 i++;
9928 }
9929
9930 /* there was no other matchset, so the RSSI one is alone */
9931 if (i == 0 && n_match_sets)
9932 request->match_sets[0].rssi_thold = default_match_rssi;
9933
9934 request->min_rssi_thold = INT_MAX;
9935 for (i = 0; i < n_match_sets; i++)
9936 request->min_rssi_thold =
9937 min(request->match_sets[i].rssi_thold,
9938 request->min_rssi_thold);
9939 } else {
9940 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
9941 }
9942
9943 if (ie_len) {
9944 request->ie_len = ie_len;
9945 memcpy((void *)request->ie,
9946 nla_data(attrs[NL80211_ATTR_IE]),
9947 request->ie_len);
9948 }
9949
9950 err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
9951 if (err)
9952 goto out_free;
9953
9954 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
9955 request->delay =
9956 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
9957
9958 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
9959 request->relative_rssi = nla_get_s8(
9960 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
9961 request->relative_rssi_set = true;
9962 }
9963
9964 if (request->relative_rssi_set &&
9965 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
9966 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
9967
9968 rssi_adjust = nla_data(
9969 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
9970 request->rssi_adjust.band = rssi_adjust->band;
9971 request->rssi_adjust.delta = rssi_adjust->delta;
9972 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
9973 err = -EINVAL;
9974 goto out_free;
9975 }
9976 }
9977
9978 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
9979 if (err)
9980 goto out_free;
9981
9982 request->scan_start = jiffies;
9983
9984 return request;
9985
9986 out_free:
9987 kfree(request);
9988 return ERR_PTR(err);
9989 }
9990
nl80211_start_sched_scan(struct sk_buff * skb,struct genl_info * info)9991 static int nl80211_start_sched_scan(struct sk_buff *skb,
9992 struct genl_info *info)
9993 {
9994 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9995 struct net_device *dev = info->user_ptr[1];
9996 struct wireless_dev *wdev = dev->ieee80211_ptr;
9997 struct cfg80211_sched_scan_request *sched_scan_req;
9998 bool want_multi;
9999 int err;
10000
10001 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
10002 return -EOPNOTSUPP;
10003
10004 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
10005 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
10006 if (err)
10007 return err;
10008
10009 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
10010 info->attrs,
10011 rdev->wiphy.max_match_sets);
10012
10013 err = PTR_ERR_OR_ZERO(sched_scan_req);
10014 if (err)
10015 goto out_err;
10016
10017 /* leave request id zero for legacy request
10018 * or if driver does not support multi-scheduled scan
10019 */
10020 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
10021 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
10022
10023 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
10024 if (err)
10025 goto out_free;
10026
10027 sched_scan_req->dev = dev;
10028 sched_scan_req->wiphy = &rdev->wiphy;
10029
10030 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10031 sched_scan_req->owner_nlportid = info->snd_portid;
10032
10033 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
10034
10035 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
10036 return 0;
10037
10038 out_free:
10039 kfree(sched_scan_req);
10040 out_err:
10041 return err;
10042 }
10043
nl80211_stop_sched_scan(struct sk_buff * skb,struct genl_info * info)10044 static int nl80211_stop_sched_scan(struct sk_buff *skb,
10045 struct genl_info *info)
10046 {
10047 struct cfg80211_sched_scan_request *req;
10048 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10049 u64 cookie;
10050
10051 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
10052 return -EOPNOTSUPP;
10053
10054 if (info->attrs[NL80211_ATTR_COOKIE]) {
10055 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10056 return __cfg80211_stop_sched_scan(rdev, cookie, false);
10057 }
10058
10059 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
10060 struct cfg80211_sched_scan_request,
10061 list);
10062 if (!req || req->reqid ||
10063 (req->owner_nlportid &&
10064 req->owner_nlportid != info->snd_portid))
10065 return -ENOENT;
10066
10067 return cfg80211_stop_sched_scan_req(rdev, req, false);
10068 }
10069
nl80211_start_radar_detection(struct sk_buff * skb,struct genl_info * info)10070 static int nl80211_start_radar_detection(struct sk_buff *skb,
10071 struct genl_info *info)
10072 {
10073 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10074 struct net_device *dev = info->user_ptr[1];
10075 struct wireless_dev *wdev = dev->ieee80211_ptr;
10076 int link_id = nl80211_link_id(info->attrs);
10077 struct wiphy *wiphy = wdev->wiphy;
10078 struct cfg80211_chan_def chandef;
10079 enum nl80211_dfs_regions dfs_region;
10080 unsigned int cac_time_ms;
10081 int err = -EINVAL;
10082
10083 flush_delayed_work(&rdev->dfs_update_channels_wk);
10084
10085 switch (wdev->iftype) {
10086 case NL80211_IFTYPE_AP:
10087 case NL80211_IFTYPE_P2P_GO:
10088 case NL80211_IFTYPE_MESH_POINT:
10089 case NL80211_IFTYPE_ADHOC:
10090 break;
10091 default:
10092 /* caution - see cfg80211_beaconing_iface_active() below */
10093 return -EINVAL;
10094 }
10095
10096 wiphy_lock(wiphy);
10097
10098 dfs_region = reg_get_dfs_region(wiphy);
10099 if (dfs_region == NL80211_DFS_UNSET)
10100 goto unlock;
10101
10102 err = nl80211_parse_chandef(rdev, info, &chandef);
10103 if (err)
10104 goto unlock;
10105
10106 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10107 if (err < 0)
10108 goto unlock;
10109
10110 if (err == 0) {
10111 err = -EINVAL;
10112 goto unlock;
10113 }
10114
10115 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef)) {
10116 err = -EINVAL;
10117 goto unlock;
10118 }
10119
10120 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND])) {
10121 err = cfg80211_start_background_radar_detection(rdev, wdev,
10122 &chandef);
10123 goto unlock;
10124 }
10125
10126 if (cfg80211_beaconing_iface_active(wdev)) {
10127 /* During MLO other link(s) can beacon, only the current link
10128 * can not already beacon
10129 */
10130 if (wdev->valid_links &&
10131 !wdev->links[link_id].ap.beacon_interval) {
10132 /* nothing */
10133 } else {
10134 err = -EBUSY;
10135 goto unlock;
10136 }
10137 }
10138
10139 if (wdev->links[link_id].cac_started) {
10140 err = -EBUSY;
10141 goto unlock;
10142 }
10143
10144 /* CAC start is offloaded to HW and can't be started manually */
10145 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD)) {
10146 err = -EOPNOTSUPP;
10147 goto unlock;
10148 }
10149
10150 if (!rdev->ops->start_radar_detection) {
10151 err = -EOPNOTSUPP;
10152 goto unlock;
10153 }
10154
10155 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
10156 if (WARN_ON(!cac_time_ms))
10157 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
10158
10159 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms,
10160 link_id);
10161 if (!err) {
10162 switch (wdev->iftype) {
10163 case NL80211_IFTYPE_AP:
10164 case NL80211_IFTYPE_P2P_GO:
10165 wdev->links[0].ap.chandef = chandef;
10166 break;
10167 case NL80211_IFTYPE_ADHOC:
10168 wdev->u.ibss.chandef = chandef;
10169 break;
10170 case NL80211_IFTYPE_MESH_POINT:
10171 wdev->u.mesh.chandef = chandef;
10172 break;
10173 default:
10174 break;
10175 }
10176 wdev->links[link_id].cac_started = true;
10177 wdev->links[link_id].cac_start_time = jiffies;
10178 wdev->links[link_id].cac_time_ms = cac_time_ms;
10179 }
10180 unlock:
10181 wiphy_unlock(wiphy);
10182
10183 return err;
10184 }
10185
nl80211_notify_radar_detection(struct sk_buff * skb,struct genl_info * info)10186 static int nl80211_notify_radar_detection(struct sk_buff *skb,
10187 struct genl_info *info)
10188 {
10189 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10190 struct net_device *dev = info->user_ptr[1];
10191 struct wireless_dev *wdev = dev->ieee80211_ptr;
10192 struct wiphy *wiphy = wdev->wiphy;
10193 struct cfg80211_chan_def chandef;
10194 enum nl80211_dfs_regions dfs_region;
10195 int err;
10196
10197 dfs_region = reg_get_dfs_region(wiphy);
10198 if (dfs_region == NL80211_DFS_UNSET) {
10199 GENL_SET_ERR_MSG(info,
10200 "DFS Region is not set. Unexpected Radar indication");
10201 return -EINVAL;
10202 }
10203
10204 err = nl80211_parse_chandef(rdev, info, &chandef);
10205 if (err) {
10206 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
10207 return err;
10208 }
10209
10210 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
10211 if (err < 0) {
10212 GENL_SET_ERR_MSG(info, "chandef is invalid");
10213 return err;
10214 }
10215
10216 if (err == 0) {
10217 GENL_SET_ERR_MSG(info,
10218 "Unexpected Radar indication for chandef/iftype");
10219 return -EINVAL;
10220 }
10221
10222 /* Do not process this notification if radar is already detected
10223 * by kernel on this channel, and return success.
10224 */
10225 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
10226 return 0;
10227
10228 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
10229
10230 cfg80211_sched_dfs_chan_update(rdev);
10231
10232 rdev->radar_chandef = chandef;
10233
10234 /* Propagate this notification to other radios as well */
10235 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
10236
10237 return 0;
10238 }
10239
nl80211_parse_counter_offsets(struct cfg80211_registered_device * rdev,const u8 * data,size_t datalen,int first_count,struct nlattr * attr,const u16 ** offsets,unsigned int * n_offsets)10240 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
10241 const u8 *data, size_t datalen,
10242 int first_count, struct nlattr *attr,
10243 const u16 **offsets, unsigned int *n_offsets)
10244 {
10245 int i;
10246
10247 *n_offsets = 0;
10248
10249 if (!attr)
10250 return 0;
10251
10252 if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
10253 return -EINVAL;
10254
10255 *n_offsets = nla_len(attr) / sizeof(u16);
10256 if (rdev->wiphy.max_num_csa_counters &&
10257 (*n_offsets > rdev->wiphy.max_num_csa_counters))
10258 return -EINVAL;
10259
10260 *offsets = nla_data(attr);
10261
10262 /* sanity checks - counters should fit and be the same */
10263 for (i = 0; i < *n_offsets; i++) {
10264 u16 offset = (*offsets)[i];
10265
10266 if (offset >= datalen)
10267 return -EINVAL;
10268
10269 if (first_count != -1 && data[offset] != first_count)
10270 return -EINVAL;
10271 }
10272
10273 return 0;
10274 }
10275
nl80211_channel_switch(struct sk_buff * skb,struct genl_info * info)10276 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
10277 {
10278 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10279 unsigned int link_id = nl80211_link_id(info->attrs);
10280 struct net_device *dev = info->user_ptr[1];
10281 struct wireless_dev *wdev = dev->ieee80211_ptr;
10282 struct cfg80211_csa_settings params;
10283 struct nlattr **csa_attrs = NULL;
10284 int err;
10285 bool need_new_beacon = false;
10286 bool need_handle_dfs_flag = true;
10287 u32 cs_count;
10288
10289 if (!rdev->ops->channel_switch ||
10290 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
10291 return -EOPNOTSUPP;
10292
10293 switch (dev->ieee80211_ptr->iftype) {
10294 case NL80211_IFTYPE_AP:
10295 case NL80211_IFTYPE_P2P_GO:
10296 need_new_beacon = true;
10297 /* For all modes except AP the handle_dfs flag needs to be
10298 * supplied to tell the kernel that userspace will handle radar
10299 * events when they happen. Otherwise a switch to a channel
10300 * requiring DFS will be rejected.
10301 */
10302 need_handle_dfs_flag = false;
10303
10304 /* useless if AP is not running */
10305 if (!wdev->links[link_id].ap.beacon_interval)
10306 return -ENOTCONN;
10307 break;
10308 case NL80211_IFTYPE_ADHOC:
10309 if (!wdev->u.ibss.ssid_len)
10310 return -ENOTCONN;
10311 break;
10312 case NL80211_IFTYPE_MESH_POINT:
10313 if (!wdev->u.mesh.id_len)
10314 return -ENOTCONN;
10315 break;
10316 default:
10317 return -EOPNOTSUPP;
10318 }
10319
10320 memset(¶ms, 0, sizeof(params));
10321 params.beacon_csa.ftm_responder = -1;
10322
10323 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10324 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
10325 return -EINVAL;
10326
10327 /* only important for AP, IBSS and mesh create IEs internally */
10328 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
10329 return -EINVAL;
10330
10331 /* Even though the attribute is u32, the specification says
10332 * u8, so let's make sure we don't overflow.
10333 */
10334 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
10335 if (cs_count > 255)
10336 return -EINVAL;
10337
10338 params.count = cs_count;
10339
10340 if (!need_new_beacon)
10341 goto skip_beacons;
10342
10343 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after,
10344 info->extack);
10345 if (err)
10346 goto free;
10347
10348 csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
10349 GFP_KERNEL);
10350 if (!csa_attrs) {
10351 err = -ENOMEM;
10352 goto free;
10353 }
10354
10355 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
10356 info->attrs[NL80211_ATTR_CSA_IES],
10357 nl80211_policy, info->extack);
10358 if (err)
10359 goto free;
10360
10361 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa,
10362 info->extack);
10363 if (err)
10364 goto free;
10365
10366 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
10367 err = -EINVAL;
10368 goto free;
10369 }
10370
10371 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
10372 params.beacon_csa.tail_len,
10373 params.count,
10374 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
10375 ¶ms.counter_offsets_beacon,
10376 ¶ms.n_counter_offsets_beacon);
10377 if (err)
10378 goto free;
10379
10380 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
10381 params.beacon_csa.probe_resp_len,
10382 params.count,
10383 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
10384 ¶ms.counter_offsets_presp,
10385 ¶ms.n_counter_offsets_presp);
10386 if (err)
10387 goto free;
10388
10389 skip_beacons:
10390 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
10391 if (err)
10392 goto free;
10393
10394 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
10395 wdev->iftype)) {
10396 err = -EINVAL;
10397 goto free;
10398 }
10399
10400 err = cfg80211_chandef_dfs_required(wdev->wiphy,
10401 ¶ms.chandef,
10402 wdev->iftype);
10403 if (err < 0)
10404 goto free;
10405
10406 if (err > 0) {
10407 params.radar_required = true;
10408 if (need_handle_dfs_flag &&
10409 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
10410 err = -EINVAL;
10411 goto free;
10412 }
10413 }
10414
10415 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
10416 params.block_tx = true;
10417
10418 params.link_id = link_id;
10419 err = rdev_channel_switch(rdev, dev, ¶ms);
10420
10421 free:
10422 kfree(params.beacon_after.mbssid_ies);
10423 kfree(params.beacon_csa.mbssid_ies);
10424 kfree(params.beacon_after.rnr_ies);
10425 kfree(params.beacon_csa.rnr_ies);
10426 kfree(csa_attrs);
10427 return err;
10428 }
10429
nl80211_send_bss(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct cfg80211_internal_bss * intbss)10430 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
10431 u32 seq, int flags,
10432 struct cfg80211_registered_device *rdev,
10433 struct wireless_dev *wdev,
10434 struct cfg80211_internal_bss *intbss)
10435 {
10436 struct cfg80211_bss *res = &intbss->pub;
10437 const struct cfg80211_bss_ies *ies;
10438 unsigned int link_id;
10439 void *hdr;
10440 struct nlattr *bss;
10441
10442 lockdep_assert_wiphy(wdev->wiphy);
10443
10444 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
10445 NL80211_CMD_NEW_SCAN_RESULTS);
10446 if (!hdr)
10447 return -1;
10448
10449 genl_dump_check_consistent(cb, hdr);
10450
10451 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
10452 goto nla_put_failure;
10453 if (wdev->netdev &&
10454 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
10455 goto nla_put_failure;
10456 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
10457 NL80211_ATTR_PAD))
10458 goto nla_put_failure;
10459
10460 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
10461 if (!bss)
10462 goto nla_put_failure;
10463 if ((!is_zero_ether_addr(res->bssid) &&
10464 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
10465 goto nla_put_failure;
10466
10467 rcu_read_lock();
10468 /* indicate whether we have probe response data or not */
10469 if (rcu_access_pointer(res->proberesp_ies) &&
10470 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
10471 goto fail_unlock_rcu;
10472
10473 /* this pointer prefers to be pointed to probe response data
10474 * but is always valid
10475 */
10476 ies = rcu_dereference(res->ies);
10477 if (ies) {
10478 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
10479 NL80211_BSS_PAD))
10480 goto fail_unlock_rcu;
10481 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
10482 ies->len, ies->data))
10483 goto fail_unlock_rcu;
10484 }
10485
10486 /* and this pointer is always (unless driver didn't know) beacon data */
10487 ies = rcu_dereference(res->beacon_ies);
10488 if (ies && ies->from_beacon) {
10489 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
10490 NL80211_BSS_PAD))
10491 goto fail_unlock_rcu;
10492 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
10493 ies->len, ies->data))
10494 goto fail_unlock_rcu;
10495 }
10496 rcu_read_unlock();
10497
10498 if (res->beacon_interval &&
10499 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
10500 goto nla_put_failure;
10501 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
10502 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
10503 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
10504 res->channel->freq_offset) ||
10505 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
10506 jiffies_to_msecs(jiffies - intbss->ts)))
10507 goto nla_put_failure;
10508
10509 if (intbss->parent_tsf &&
10510 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
10511 intbss->parent_tsf, NL80211_BSS_PAD) ||
10512 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
10513 intbss->parent_bssid)))
10514 goto nla_put_failure;
10515
10516 if (intbss->ts_boottime &&
10517 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
10518 intbss->ts_boottime, NL80211_BSS_PAD))
10519 goto nla_put_failure;
10520
10521 if (!nl80211_put_signal(msg, intbss->pub.chains,
10522 intbss->pub.chain_signal,
10523 NL80211_BSS_CHAIN_SIGNAL))
10524 goto nla_put_failure;
10525
10526 if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) {
10527 switch (rdev->wiphy.signal_type) {
10528 case CFG80211_SIGNAL_TYPE_MBM:
10529 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM,
10530 res->signal))
10531 goto nla_put_failure;
10532 break;
10533 case CFG80211_SIGNAL_TYPE_UNSPEC:
10534 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC,
10535 res->signal))
10536 goto nla_put_failure;
10537 break;
10538 default:
10539 break;
10540 }
10541 }
10542
10543 switch (wdev->iftype) {
10544 case NL80211_IFTYPE_P2P_CLIENT:
10545 case NL80211_IFTYPE_STATION:
10546 for_each_valid_link(wdev, link_id) {
10547 if (intbss == wdev->links[link_id].client.current_bss &&
10548 (nla_put_u32(msg, NL80211_BSS_STATUS,
10549 NL80211_BSS_STATUS_ASSOCIATED) ||
10550 (wdev->valid_links &&
10551 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
10552 link_id) ||
10553 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
10554 wdev->u.client.connected_addr)))))
10555 goto nla_put_failure;
10556 }
10557 break;
10558 case NL80211_IFTYPE_ADHOC:
10559 if (intbss == wdev->u.ibss.current_bss &&
10560 nla_put_u32(msg, NL80211_BSS_STATUS,
10561 NL80211_BSS_STATUS_IBSS_JOINED))
10562 goto nla_put_failure;
10563 break;
10564 default:
10565 break;
10566 }
10567
10568 if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
10569 goto nla_put_failure;
10570
10571 if (res->cannot_use_reasons &&
10572 nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
10573 res->cannot_use_reasons,
10574 NL80211_BSS_PAD))
10575 goto nla_put_failure;
10576
10577 nla_nest_end(msg, bss);
10578
10579 genlmsg_end(msg, hdr);
10580 return 0;
10581
10582 fail_unlock_rcu:
10583 rcu_read_unlock();
10584 nla_put_failure:
10585 genlmsg_cancel(msg, hdr);
10586 return -EMSGSIZE;
10587 }
10588
nl80211_dump_scan(struct sk_buff * skb,struct netlink_callback * cb)10589 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
10590 {
10591 struct cfg80211_registered_device *rdev;
10592 struct cfg80211_internal_bss *scan;
10593 struct wireless_dev *wdev;
10594 struct nlattr **attrbuf;
10595 int start = cb->args[2], idx = 0;
10596 bool dump_include_use_data;
10597 int err;
10598
10599 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10600 if (!attrbuf)
10601 return -ENOMEM;
10602
10603 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10604 if (err) {
10605 kfree(attrbuf);
10606 return err;
10607 }
10608 /* nl80211_prepare_wdev_dump acquired it in the successful case */
10609 __acquire(&rdev->wiphy.mtx);
10610
10611 dump_include_use_data =
10612 attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
10613 kfree(attrbuf);
10614
10615 spin_lock_bh(&rdev->bss_lock);
10616
10617 /*
10618 * dump_scan will be called multiple times to break up the scan results
10619 * into multiple messages. It is unlikely that any more bss-es will be
10620 * expired after the first call, so only call only call this on the
10621 * first dump_scan invocation.
10622 */
10623 if (start == 0)
10624 cfg80211_bss_expire(rdev);
10625
10626 cb->seq = rdev->bss_generation;
10627
10628 list_for_each_entry(scan, &rdev->bss_list, list) {
10629 if (++idx <= start)
10630 continue;
10631 if (!dump_include_use_data &&
10632 !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
10633 continue;
10634 if (nl80211_send_bss(skb, cb,
10635 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10636 rdev, wdev, scan) < 0) {
10637 idx--;
10638 break;
10639 }
10640 }
10641
10642 spin_unlock_bh(&rdev->bss_lock);
10643
10644 cb->args[2] = idx;
10645 wiphy_unlock(&rdev->wiphy);
10646
10647 return skb->len;
10648 }
10649
nl80211_send_survey(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,bool allow_radio_stats,struct survey_info * survey)10650 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
10651 int flags, struct net_device *dev,
10652 bool allow_radio_stats,
10653 struct survey_info *survey)
10654 {
10655 void *hdr;
10656 struct nlattr *infoattr;
10657
10658 /* skip radio stats if userspace didn't request them */
10659 if (!survey->channel && !allow_radio_stats)
10660 return 0;
10661
10662 hdr = nl80211hdr_put(msg, portid, seq, flags,
10663 NL80211_CMD_NEW_SURVEY_RESULTS);
10664 if (!hdr)
10665 return -ENOMEM;
10666
10667 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
10668 goto nla_put_failure;
10669
10670 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
10671 if (!infoattr)
10672 goto nla_put_failure;
10673
10674 if (survey->channel &&
10675 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
10676 survey->channel->center_freq))
10677 goto nla_put_failure;
10678
10679 if (survey->channel && survey->channel->freq_offset &&
10680 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
10681 survey->channel->freq_offset))
10682 goto nla_put_failure;
10683
10684 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
10685 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
10686 goto nla_put_failure;
10687 if ((survey->filled & SURVEY_INFO_IN_USE) &&
10688 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
10689 goto nla_put_failure;
10690 if ((survey->filled & SURVEY_INFO_TIME) &&
10691 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
10692 survey->time, NL80211_SURVEY_INFO_PAD))
10693 goto nla_put_failure;
10694 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
10695 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
10696 survey->time_busy, NL80211_SURVEY_INFO_PAD))
10697 goto nla_put_failure;
10698 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
10699 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
10700 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
10701 goto nla_put_failure;
10702 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
10703 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
10704 survey->time_rx, NL80211_SURVEY_INFO_PAD))
10705 goto nla_put_failure;
10706 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
10707 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
10708 survey->time_tx, NL80211_SURVEY_INFO_PAD))
10709 goto nla_put_failure;
10710 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
10711 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
10712 survey->time_scan, NL80211_SURVEY_INFO_PAD))
10713 goto nla_put_failure;
10714 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
10715 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
10716 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
10717 goto nla_put_failure;
10718
10719 nla_nest_end(msg, infoattr);
10720
10721 genlmsg_end(msg, hdr);
10722 return 0;
10723
10724 nla_put_failure:
10725 genlmsg_cancel(msg, hdr);
10726 return -EMSGSIZE;
10727 }
10728
nl80211_dump_survey(struct sk_buff * skb,struct netlink_callback * cb)10729 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
10730 {
10731 struct nlattr **attrbuf;
10732 struct survey_info survey;
10733 struct cfg80211_registered_device *rdev;
10734 struct wireless_dev *wdev;
10735 int survey_idx = cb->args[2];
10736 int res;
10737 bool radio_stats;
10738
10739 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
10740 if (!attrbuf)
10741 return -ENOMEM;
10742
10743 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
10744 if (res) {
10745 kfree(attrbuf);
10746 return res;
10747 }
10748 /* nl80211_prepare_wdev_dump acquired it in the successful case */
10749 __acquire(&rdev->wiphy.mtx);
10750
10751 /* prepare_wdev_dump parsed the attributes */
10752 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
10753
10754 if (!wdev->netdev) {
10755 res = -EINVAL;
10756 goto out_err;
10757 }
10758
10759 if (!rdev->ops->dump_survey) {
10760 res = -EOPNOTSUPP;
10761 goto out_err;
10762 }
10763
10764 while (1) {
10765 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
10766 if (res == -ENOENT)
10767 break;
10768 if (res)
10769 goto out_err;
10770
10771 /* don't send disabled channels, but do send non-channel data */
10772 if (survey.channel &&
10773 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
10774 survey_idx++;
10775 continue;
10776 }
10777
10778 if (nl80211_send_survey(skb,
10779 NETLINK_CB(cb->skb).portid,
10780 cb->nlh->nlmsg_seq, NLM_F_MULTI,
10781 wdev->netdev, radio_stats, &survey) < 0)
10782 goto out;
10783 survey_idx++;
10784 }
10785
10786 out:
10787 cb->args[2] = survey_idx;
10788 res = skb->len;
10789 out_err:
10790 kfree(attrbuf);
10791 wiphy_unlock(&rdev->wiphy);
10792 return res;
10793 }
10794
nl80211_authenticate(struct sk_buff * skb,struct genl_info * info)10795 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
10796 {
10797 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10798 struct net_device *dev = info->user_ptr[1];
10799 struct ieee80211_channel *chan;
10800 const u8 *bssid, *ssid;
10801 int err, ssid_len;
10802 enum nl80211_auth_type auth_type;
10803 struct key_parse key;
10804 bool local_state_change;
10805 struct cfg80211_auth_request req = {};
10806 u32 freq;
10807
10808 if (!info->attrs[NL80211_ATTR_MAC])
10809 return -EINVAL;
10810
10811 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
10812 return -EINVAL;
10813
10814 if (!info->attrs[NL80211_ATTR_SSID])
10815 return -EINVAL;
10816
10817 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10818 return -EINVAL;
10819
10820 err = nl80211_parse_key(info, &key);
10821 if (err)
10822 return err;
10823
10824 if (key.idx >= 0) {
10825 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
10826 return -EINVAL;
10827 if (!key.p.key || !key.p.key_len)
10828 return -EINVAL;
10829 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
10830 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
10831 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
10832 key.p.key_len != WLAN_KEY_LEN_WEP104))
10833 return -EINVAL;
10834 if (key.idx > 3)
10835 return -EINVAL;
10836 } else {
10837 key.p.key_len = 0;
10838 key.p.key = NULL;
10839 }
10840
10841 if (key.idx >= 0) {
10842 int i;
10843 bool ok = false;
10844
10845 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
10846 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
10847 ok = true;
10848 break;
10849 }
10850 }
10851 if (!ok)
10852 return -EINVAL;
10853 }
10854
10855 if (!rdev->ops->auth)
10856 return -EOPNOTSUPP;
10857
10858 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10859 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10860 return -EOPNOTSUPP;
10861
10862 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10863 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10864 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10865 freq +=
10866 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10867
10868 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
10869 if (!chan)
10870 return -EINVAL;
10871
10872 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10873 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10874
10875 if (info->attrs[NL80211_ATTR_IE]) {
10876 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10877 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10878 }
10879
10880 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10881 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
10882 return -EINVAL;
10883
10884 if ((auth_type == NL80211_AUTHTYPE_SAE ||
10885 auth_type == NL80211_AUTHTYPE_FILS_SK ||
10886 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
10887 auth_type == NL80211_AUTHTYPE_FILS_PK) &&
10888 !info->attrs[NL80211_ATTR_AUTH_DATA])
10889 return -EINVAL;
10890
10891 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
10892 if (auth_type != NL80211_AUTHTYPE_SAE &&
10893 auth_type != NL80211_AUTHTYPE_FILS_SK &&
10894 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
10895 auth_type != NL80211_AUTHTYPE_FILS_PK)
10896 return -EINVAL;
10897 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
10898 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
10899 }
10900
10901 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10902
10903 /*
10904 * Since we no longer track auth state, ignore
10905 * requests to only change local state.
10906 */
10907 if (local_state_change)
10908 return 0;
10909
10910 req.auth_type = auth_type;
10911 req.key = key.p.key;
10912 req.key_len = key.p.key_len;
10913 req.key_idx = key.idx;
10914 req.link_id = nl80211_link_id_or_invalid(info->attrs);
10915 if (req.link_id >= 0) {
10916 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
10917 return -EINVAL;
10918 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
10919 return -EINVAL;
10920 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
10921 if (!is_valid_ether_addr(req.ap_mld_addr))
10922 return -EINVAL;
10923 }
10924
10925 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
10926 IEEE80211_BSS_TYPE_ESS,
10927 IEEE80211_PRIVACY_ANY);
10928 if (!req.bss)
10929 return -ENOENT;
10930
10931 err = cfg80211_mlme_auth(rdev, dev, &req);
10932
10933 cfg80211_put_bss(&rdev->wiphy, req.bss);
10934
10935 return err;
10936 }
10937
validate_pae_over_nl80211(struct cfg80211_registered_device * rdev,struct genl_info * info)10938 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
10939 struct genl_info *info)
10940 {
10941 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10942 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
10943 return -EINVAL;
10944 }
10945
10946 if (!rdev->ops->tx_control_port ||
10947 !wiphy_ext_feature_isset(&rdev->wiphy,
10948 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
10949 return -EOPNOTSUPP;
10950
10951 return 0;
10952 }
10953
nl80211_crypto_settings(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_crypto_settings * settings,int cipher_limit)10954 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
10955 struct genl_info *info,
10956 struct cfg80211_crypto_settings *settings,
10957 int cipher_limit)
10958 {
10959 memset(settings, 0, sizeof(*settings));
10960
10961 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
10962
10963 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
10964 u16 proto;
10965
10966 proto = nla_get_u16(
10967 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
10968 settings->control_port_ethertype = cpu_to_be16(proto);
10969 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
10970 proto != ETH_P_PAE)
10971 return -EINVAL;
10972 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
10973 settings->control_port_no_encrypt = true;
10974 } else
10975 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
10976
10977 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10978 int r = validate_pae_over_nl80211(rdev, info);
10979
10980 if (r < 0)
10981 return r;
10982
10983 settings->control_port_over_nl80211 = true;
10984
10985 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
10986 settings->control_port_no_preauth = true;
10987 }
10988
10989 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
10990 void *data;
10991 int len, i;
10992
10993 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
10994 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
10995 settings->n_ciphers_pairwise = len / sizeof(u32);
10996
10997 if (len % sizeof(u32))
10998 return -EINVAL;
10999
11000 if (settings->n_ciphers_pairwise > cipher_limit)
11001 return -EINVAL;
11002
11003 memcpy(settings->ciphers_pairwise, data, len);
11004
11005 for (i = 0; i < settings->n_ciphers_pairwise; i++)
11006 if (!cfg80211_supported_cipher_suite(
11007 &rdev->wiphy,
11008 settings->ciphers_pairwise[i]))
11009 return -EINVAL;
11010 }
11011
11012 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
11013 settings->cipher_group =
11014 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
11015 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
11016 settings->cipher_group))
11017 return -EINVAL;
11018 }
11019
11020 if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
11021 settings->wpa_versions =
11022 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
11023
11024 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
11025 void *data;
11026 int len;
11027
11028 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
11029 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
11030 settings->n_akm_suites = len / sizeof(u32);
11031
11032 if (len % sizeof(u32))
11033 return -EINVAL;
11034
11035 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
11036 return -EINVAL;
11037
11038 memcpy(settings->akm_suites, data, len);
11039 }
11040
11041 if (info->attrs[NL80211_ATTR_PMK]) {
11042 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
11043 return -EINVAL;
11044 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11045 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
11046 !wiphy_ext_feature_isset(&rdev->wiphy,
11047 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
11048 return -EINVAL;
11049 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11050 }
11051
11052 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
11053 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11054 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
11055 !wiphy_ext_feature_isset(&rdev->wiphy,
11056 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
11057 return -EINVAL;
11058 settings->sae_pwd =
11059 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11060 settings->sae_pwd_len =
11061 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
11062 }
11063
11064 if (info->attrs[NL80211_ATTR_SAE_PWE])
11065 settings->sae_pwe =
11066 nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
11067 else
11068 settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
11069
11070 return 0;
11071 }
11072
nl80211_assoc_bss(struct cfg80211_registered_device * rdev,const u8 * ssid,int ssid_len,struct nlattr ** attrs,int assoc_link_id,int link_id)11073 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
11074 const u8 *ssid, int ssid_len,
11075 struct nlattr **attrs,
11076 int assoc_link_id, int link_id)
11077 {
11078 struct ieee80211_channel *chan;
11079 struct cfg80211_bss *bss;
11080 const u8 *bssid;
11081 u32 freq, use_for = 0;
11082
11083 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
11084 return ERR_PTR(-EINVAL);
11085
11086 bssid = nla_data(attrs[NL80211_ATTR_MAC]);
11087
11088 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
11089 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
11090 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
11091
11092 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
11093 if (!chan)
11094 return ERR_PTR(-EINVAL);
11095
11096 if (assoc_link_id >= 0)
11097 use_for = NL80211_BSS_USE_FOR_MLD_LINK;
11098 if (assoc_link_id == link_id)
11099 use_for |= NL80211_BSS_USE_FOR_NORMAL;
11100
11101 bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
11102 ssid, ssid_len,
11103 IEEE80211_BSS_TYPE_ESS,
11104 IEEE80211_PRIVACY_ANY,
11105 use_for);
11106 if (!bss)
11107 return ERR_PTR(-ENOENT);
11108
11109 return bss;
11110 }
11111
nl80211_associate(struct sk_buff * skb,struct genl_info * info)11112 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
11113 {
11114 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11115 struct net_device *dev = info->user_ptr[1];
11116 struct cfg80211_assoc_request req = {};
11117 struct nlattr **attrs = NULL;
11118 const u8 *ap_addr, *ssid;
11119 unsigned int link_id;
11120 int err, ssid_len;
11121
11122 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11123 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11124 return -EPERM;
11125
11126 if (!info->attrs[NL80211_ATTR_SSID])
11127 return -EINVAL;
11128
11129 if (!rdev->ops->assoc)
11130 return -EOPNOTSUPP;
11131
11132 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11133 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11134 return -EOPNOTSUPP;
11135
11136 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11137 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11138
11139 if (info->attrs[NL80211_ATTR_IE]) {
11140 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11141 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11142
11143 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11144 req.ie, req.ie_len)) {
11145 NL_SET_ERR_MSG_ATTR(info->extack,
11146 info->attrs[NL80211_ATTR_IE],
11147 "non-inheritance makes no sense");
11148 return -EINVAL;
11149 }
11150 }
11151
11152 if (info->attrs[NL80211_ATTR_USE_MFP]) {
11153 enum nl80211_mfp mfp =
11154 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
11155 if (mfp == NL80211_MFP_REQUIRED)
11156 req.use_mfp = true;
11157 else if (mfp != NL80211_MFP_NO)
11158 return -EINVAL;
11159 }
11160
11161 if (info->attrs[NL80211_ATTR_PREV_BSSID])
11162 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
11163
11164 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
11165 req.flags |= ASSOC_REQ_DISABLE_HT;
11166
11167 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11168 memcpy(&req.ht_capa_mask,
11169 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11170 sizeof(req.ht_capa_mask));
11171
11172 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11173 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11174 return -EINVAL;
11175 memcpy(&req.ht_capa,
11176 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11177 sizeof(req.ht_capa));
11178 }
11179
11180 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
11181 req.flags |= ASSOC_REQ_DISABLE_VHT;
11182
11183 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
11184 req.flags |= ASSOC_REQ_DISABLE_HE;
11185
11186 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
11187 req.flags |= ASSOC_REQ_DISABLE_EHT;
11188
11189 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11190 memcpy(&req.vht_capa_mask,
11191 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
11192 sizeof(req.vht_capa_mask));
11193
11194 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
11195 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
11196 return -EINVAL;
11197 memcpy(&req.vht_capa,
11198 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
11199 sizeof(req.vht_capa));
11200 }
11201
11202 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
11203 if (!((rdev->wiphy.features &
11204 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
11205 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
11206 !wiphy_ext_feature_isset(&rdev->wiphy,
11207 NL80211_EXT_FEATURE_RRM))
11208 return -EINVAL;
11209 req.flags |= ASSOC_REQ_USE_RRM;
11210 }
11211
11212 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
11213 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
11214 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
11215 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
11216 return -EINVAL;
11217 req.fils_nonces =
11218 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
11219 }
11220
11221 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
11222 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
11223 return -EINVAL;
11224 memcpy(&req.s1g_capa_mask,
11225 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
11226 sizeof(req.s1g_capa_mask));
11227 }
11228
11229 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
11230 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
11231 return -EINVAL;
11232 memcpy(&req.s1g_capa,
11233 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
11234 sizeof(req.s1g_capa));
11235 }
11236
11237 if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
11238 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11239 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
11240 GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
11241 return -EINVAL;
11242 }
11243 req.flags |= ASSOC_REQ_SPP_AMSDU;
11244 }
11245
11246 req.link_id = nl80211_link_id_or_invalid(info->attrs);
11247
11248 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11249 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(*attrs);
11250 struct nlattr *link;
11251 int rem = 0;
11252
11253 if (req.link_id < 0)
11254 return -EINVAL;
11255
11256 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
11257 return -EINVAL;
11258
11259 if (info->attrs[NL80211_ATTR_MAC] ||
11260 info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11261 !info->attrs[NL80211_ATTR_MLD_ADDR])
11262 return -EINVAL;
11263
11264 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
11265 ap_addr = req.ap_mld_addr;
11266
11267 attrs = kzalloc(attrsize, GFP_KERNEL);
11268 if (!attrs)
11269 return -ENOMEM;
11270
11271 nla_for_each_nested(link,
11272 info->attrs[NL80211_ATTR_MLO_LINKS],
11273 rem) {
11274 memset(attrs, 0, attrsize);
11275
11276 nla_parse_nested(attrs, NL80211_ATTR_MAX,
11277 link, NULL, NULL);
11278
11279 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
11280 err = -EINVAL;
11281 NL_SET_BAD_ATTR(info->extack, link);
11282 goto free;
11283 }
11284
11285 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
11286 /* cannot use the same link ID again */
11287 if (req.links[link_id].bss) {
11288 err = -EINVAL;
11289 NL_SET_BAD_ATTR(info->extack, link);
11290 goto free;
11291 }
11292 req.links[link_id].bss =
11293 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
11294 req.link_id, link_id);
11295 if (IS_ERR(req.links[link_id].bss)) {
11296 err = PTR_ERR(req.links[link_id].bss);
11297 req.links[link_id].bss = NULL;
11298 NL_SET_ERR_MSG_ATTR(info->extack,
11299 link, "Error fetching BSS for link");
11300 goto free;
11301 }
11302
11303 if (attrs[NL80211_ATTR_IE]) {
11304 req.links[link_id].elems =
11305 nla_data(attrs[NL80211_ATTR_IE]);
11306 req.links[link_id].elems_len =
11307 nla_len(attrs[NL80211_ATTR_IE]);
11308
11309 if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
11310 req.links[link_id].elems,
11311 req.links[link_id].elems_len)) {
11312 NL_SET_ERR_MSG_ATTR(info->extack,
11313 attrs[NL80211_ATTR_IE],
11314 "cannot deal with fragmentation");
11315 err = -EINVAL;
11316 goto free;
11317 }
11318
11319 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
11320 req.links[link_id].elems,
11321 req.links[link_id].elems_len)) {
11322 NL_SET_ERR_MSG_ATTR(info->extack,
11323 attrs[NL80211_ATTR_IE],
11324 "cannot deal with non-inheritance");
11325 err = -EINVAL;
11326 goto free;
11327 }
11328 }
11329
11330 req.links[link_id].disabled =
11331 nla_get_flag(attrs[NL80211_ATTR_MLO_LINK_DISABLED]);
11332 }
11333
11334 if (!req.links[req.link_id].bss) {
11335 err = -EINVAL;
11336 goto free;
11337 }
11338
11339 if (req.links[req.link_id].elems_len) {
11340 GENL_SET_ERR_MSG(info,
11341 "cannot have per-link elems on assoc link");
11342 err = -EINVAL;
11343 goto free;
11344 }
11345
11346 if (req.links[req.link_id].disabled) {
11347 GENL_SET_ERR_MSG(info,
11348 "cannot have assoc link disabled");
11349 err = -EINVAL;
11350 goto free;
11351 }
11352
11353 kfree(attrs);
11354 attrs = NULL;
11355 } else {
11356 if (req.link_id >= 0)
11357 return -EINVAL;
11358
11359 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
11360 -1, -1);
11361 if (IS_ERR(req.bss))
11362 return PTR_ERR(req.bss);
11363 ap_addr = req.bss->bssid;
11364 }
11365
11366 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
11367 if (!err) {
11368 struct nlattr *link;
11369 int rem = 0;
11370
11371 err = cfg80211_mlme_assoc(rdev, dev, &req,
11372 info->extack);
11373
11374 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
11375 dev->ieee80211_ptr->conn_owner_nlportid =
11376 info->snd_portid;
11377 memcpy(dev->ieee80211_ptr->disconnect_bssid,
11378 ap_addr, ETH_ALEN);
11379 }
11380
11381 /* Report error from first problematic link */
11382 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
11383 nla_for_each_nested(link,
11384 info->attrs[NL80211_ATTR_MLO_LINKS],
11385 rem) {
11386 struct nlattr *link_id_attr =
11387 nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
11388
11389 if (!link_id_attr)
11390 continue;
11391
11392 link_id = nla_get_u8(link_id_attr);
11393
11394 if (link_id == req.link_id)
11395 continue;
11396
11397 if (!req.links[link_id].error ||
11398 WARN_ON(req.links[link_id].error > 0))
11399 continue;
11400
11401 WARN_ON(err >= 0);
11402
11403 NL_SET_BAD_ATTR(info->extack, link);
11404 err = req.links[link_id].error;
11405 break;
11406 }
11407 }
11408 }
11409
11410 free:
11411 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
11412 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
11413 cfg80211_put_bss(&rdev->wiphy, req.bss);
11414 kfree(attrs);
11415
11416 return err;
11417 }
11418
nl80211_deauthenticate(struct sk_buff * skb,struct genl_info * info)11419 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
11420 {
11421 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11422 struct net_device *dev = info->user_ptr[1];
11423 const u8 *ie = NULL, *bssid;
11424 int ie_len = 0;
11425 u16 reason_code;
11426 bool local_state_change;
11427
11428 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11429 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11430 return -EPERM;
11431
11432 if (!info->attrs[NL80211_ATTR_MAC])
11433 return -EINVAL;
11434
11435 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11436 return -EINVAL;
11437
11438 if (!rdev->ops->deauth)
11439 return -EOPNOTSUPP;
11440
11441 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11442 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11443 return -EOPNOTSUPP;
11444
11445 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11446
11447 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11448 if (reason_code == 0) {
11449 /* Reason Code 0 is reserved */
11450 return -EINVAL;
11451 }
11452
11453 if (info->attrs[NL80211_ATTR_IE]) {
11454 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11455 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11456 }
11457
11458 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11459
11460 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
11461 local_state_change);
11462 }
11463
nl80211_disassociate(struct sk_buff * skb,struct genl_info * info)11464 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
11465 {
11466 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11467 struct net_device *dev = info->user_ptr[1];
11468 const u8 *ie = NULL, *bssid;
11469 int ie_len = 0;
11470 u16 reason_code;
11471 bool local_state_change;
11472
11473 if (dev->ieee80211_ptr->conn_owner_nlportid &&
11474 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11475 return -EPERM;
11476
11477 if (!info->attrs[NL80211_ATTR_MAC])
11478 return -EINVAL;
11479
11480 if (!info->attrs[NL80211_ATTR_REASON_CODE])
11481 return -EINVAL;
11482
11483 if (!rdev->ops->disassoc)
11484 return -EOPNOTSUPP;
11485
11486 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11487 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11488 return -EOPNOTSUPP;
11489
11490 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11491
11492 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11493 if (reason_code == 0) {
11494 /* Reason Code 0 is reserved */
11495 return -EINVAL;
11496 }
11497
11498 if (info->attrs[NL80211_ATTR_IE]) {
11499 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11500 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11501 }
11502
11503 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
11504
11505 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
11506 local_state_change);
11507 }
11508
11509 static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device * rdev,int mcast_rate[NUM_NL80211_BANDS],int rateval)11510 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
11511 int mcast_rate[NUM_NL80211_BANDS],
11512 int rateval)
11513 {
11514 struct wiphy *wiphy = &rdev->wiphy;
11515 bool found = false;
11516 int band, i;
11517
11518 for (band = 0; band < NUM_NL80211_BANDS; band++) {
11519 struct ieee80211_supported_band *sband;
11520
11521 sband = wiphy->bands[band];
11522 if (!sband)
11523 continue;
11524
11525 for (i = 0; i < sband->n_bitrates; i++) {
11526 if (sband->bitrates[i].bitrate == rateval) {
11527 mcast_rate[band] = i + 1;
11528 found = true;
11529 break;
11530 }
11531 }
11532 }
11533
11534 return found;
11535 }
11536
nl80211_join_ibss(struct sk_buff * skb,struct genl_info * info)11537 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
11538 {
11539 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11540 struct net_device *dev = info->user_ptr[1];
11541 struct cfg80211_ibss_params ibss;
11542 struct wiphy *wiphy;
11543 struct cfg80211_cached_keys *connkeys = NULL;
11544 int err;
11545
11546 memset(&ibss, 0, sizeof(ibss));
11547
11548 if (!info->attrs[NL80211_ATTR_SSID] ||
11549 !nla_len(info->attrs[NL80211_ATTR_SSID]))
11550 return -EINVAL;
11551
11552 ibss.beacon_interval = 100;
11553
11554 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
11555 ibss.beacon_interval =
11556 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11557
11558 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
11559 ibss.beacon_interval);
11560 if (err)
11561 return err;
11562
11563 if (!rdev->ops->join_ibss)
11564 return -EOPNOTSUPP;
11565
11566 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11567 return -EOPNOTSUPP;
11568
11569 wiphy = &rdev->wiphy;
11570
11571 if (info->attrs[NL80211_ATTR_MAC]) {
11572 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11573
11574 if (!is_valid_ether_addr(ibss.bssid))
11575 return -EINVAL;
11576 }
11577 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11578 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11579
11580 if (info->attrs[NL80211_ATTR_IE]) {
11581 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
11582 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11583 }
11584
11585 err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
11586 if (err)
11587 return err;
11588
11589 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
11590 NL80211_IFTYPE_ADHOC))
11591 return -EINVAL;
11592
11593 switch (ibss.chandef.width) {
11594 case NL80211_CHAN_WIDTH_5:
11595 case NL80211_CHAN_WIDTH_10:
11596 case NL80211_CHAN_WIDTH_20_NOHT:
11597 break;
11598 case NL80211_CHAN_WIDTH_20:
11599 case NL80211_CHAN_WIDTH_40:
11600 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11601 return -EINVAL;
11602 break;
11603 case NL80211_CHAN_WIDTH_80:
11604 case NL80211_CHAN_WIDTH_80P80:
11605 case NL80211_CHAN_WIDTH_160:
11606 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
11607 return -EINVAL;
11608 if (!wiphy_ext_feature_isset(&rdev->wiphy,
11609 NL80211_EXT_FEATURE_VHT_IBSS))
11610 return -EINVAL;
11611 break;
11612 case NL80211_CHAN_WIDTH_320:
11613 return -EINVAL;
11614 default:
11615 return -EINVAL;
11616 }
11617
11618 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
11619 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
11620
11621 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11622 u8 *rates =
11623 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11624 int n_rates =
11625 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11626 struct ieee80211_supported_band *sband =
11627 wiphy->bands[ibss.chandef.chan->band];
11628
11629 err = ieee80211_get_ratemask(sband, rates, n_rates,
11630 &ibss.basic_rates);
11631 if (err)
11632 return err;
11633 }
11634
11635 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11636 memcpy(&ibss.ht_capa_mask,
11637 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
11638 sizeof(ibss.ht_capa_mask));
11639
11640 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
11641 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
11642 return -EINVAL;
11643 memcpy(&ibss.ht_capa,
11644 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
11645 sizeof(ibss.ht_capa));
11646 }
11647
11648 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11649 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
11650 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11651 return -EINVAL;
11652
11653 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
11654 bool no_ht = false;
11655
11656 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
11657 if (IS_ERR(connkeys))
11658 return PTR_ERR(connkeys);
11659
11660 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
11661 no_ht) {
11662 kfree_sensitive(connkeys);
11663 return -EINVAL;
11664 }
11665 }
11666
11667 ibss.control_port =
11668 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
11669
11670 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11671 int r = validate_pae_over_nl80211(rdev, info);
11672
11673 if (r < 0) {
11674 kfree_sensitive(connkeys);
11675 return r;
11676 }
11677
11678 ibss.control_port_over_nl80211 = true;
11679 }
11680
11681 ibss.userspace_handles_dfs =
11682 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11683
11684 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
11685 if (err)
11686 kfree_sensitive(connkeys);
11687 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
11688 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11689
11690 return err;
11691 }
11692
nl80211_leave_ibss(struct sk_buff * skb,struct genl_info * info)11693 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
11694 {
11695 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11696 struct net_device *dev = info->user_ptr[1];
11697
11698 if (!rdev->ops->leave_ibss)
11699 return -EOPNOTSUPP;
11700
11701 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
11702 return -EOPNOTSUPP;
11703
11704 return cfg80211_leave_ibss(rdev, dev, false);
11705 }
11706
nl80211_set_mcast_rate(struct sk_buff * skb,struct genl_info * info)11707 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
11708 {
11709 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11710 struct net_device *dev = info->user_ptr[1];
11711 int mcast_rate[NUM_NL80211_BANDS];
11712 u32 nla_rate;
11713
11714 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
11715 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
11716 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
11717 return -EOPNOTSUPP;
11718
11719 if (!rdev->ops->set_mcast_rate)
11720 return -EOPNOTSUPP;
11721
11722 memset(mcast_rate, 0, sizeof(mcast_rate));
11723
11724 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
11725 return -EINVAL;
11726
11727 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
11728 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
11729 return -EINVAL;
11730
11731 return rdev_set_mcast_rate(rdev, dev, mcast_rate);
11732 }
11733
11734 static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,int approxlen,u32 portid,u32 seq,enum nl80211_commands cmd,enum nl80211_attrs attr,const struct nl80211_vendor_cmd_info * info,gfp_t gfp)11735 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
11736 struct wireless_dev *wdev, int approxlen,
11737 u32 portid, u32 seq, enum nl80211_commands cmd,
11738 enum nl80211_attrs attr,
11739 const struct nl80211_vendor_cmd_info *info,
11740 gfp_t gfp)
11741 {
11742 struct sk_buff *skb;
11743 void *hdr;
11744 struct nlattr *data;
11745
11746 skb = nlmsg_new(approxlen + 100, gfp);
11747 if (!skb)
11748 return NULL;
11749
11750 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
11751 if (!hdr) {
11752 kfree_skb(skb);
11753 return NULL;
11754 }
11755
11756 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11757 goto nla_put_failure;
11758
11759 if (info) {
11760 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
11761 info->vendor_id))
11762 goto nla_put_failure;
11763 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
11764 info->subcmd))
11765 goto nla_put_failure;
11766 }
11767
11768 if (wdev) {
11769 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
11770 wdev_id(wdev), NL80211_ATTR_PAD))
11771 goto nla_put_failure;
11772 if (wdev->netdev &&
11773 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
11774 wdev->netdev->ifindex))
11775 goto nla_put_failure;
11776 }
11777
11778 data = nla_nest_start_noflag(skb, attr);
11779 if (!data)
11780 goto nla_put_failure;
11781
11782 ((void **)skb->cb)[0] = rdev;
11783 ((void **)skb->cb)[1] = hdr;
11784 ((void **)skb->cb)[2] = data;
11785
11786 return skb;
11787
11788 nla_put_failure:
11789 kfree_skb(skb);
11790 return NULL;
11791 }
11792
__cfg80211_alloc_event_skb(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_commands cmd,enum nl80211_attrs attr,unsigned int portid,int vendor_event_idx,int approxlen,gfp_t gfp)11793 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
11794 struct wireless_dev *wdev,
11795 enum nl80211_commands cmd,
11796 enum nl80211_attrs attr,
11797 unsigned int portid,
11798 int vendor_event_idx,
11799 int approxlen, gfp_t gfp)
11800 {
11801 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11802 const struct nl80211_vendor_cmd_info *info;
11803
11804 switch (cmd) {
11805 case NL80211_CMD_TESTMODE:
11806 if (WARN_ON(vendor_event_idx != -1))
11807 return NULL;
11808 info = NULL;
11809 break;
11810 case NL80211_CMD_VENDOR:
11811 if (WARN_ON(vendor_event_idx < 0 ||
11812 vendor_event_idx >= wiphy->n_vendor_events))
11813 return NULL;
11814 info = &wiphy->vendor_events[vendor_event_idx];
11815 break;
11816 default:
11817 WARN_ON(1);
11818 return NULL;
11819 }
11820
11821 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
11822 cmd, attr, info, gfp);
11823 }
11824 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
11825
__cfg80211_send_event_skb(struct sk_buff * skb,gfp_t gfp)11826 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
11827 {
11828 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
11829 void *hdr = ((void **)skb->cb)[1];
11830 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
11831 struct nlattr *data = ((void **)skb->cb)[2];
11832 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
11833
11834 /* clear CB data for netlink core to own from now on */
11835 memset(skb->cb, 0, sizeof(skb->cb));
11836
11837 nla_nest_end(skb, data);
11838 genlmsg_end(skb, hdr);
11839
11840 if (nlhdr->nlmsg_pid) {
11841 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
11842 nlhdr->nlmsg_pid);
11843 } else {
11844 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
11845 mcgrp = NL80211_MCGRP_VENDOR;
11846
11847 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
11848 skb, 0, mcgrp, gfp);
11849 }
11850 }
11851 EXPORT_SYMBOL(__cfg80211_send_event_skb);
11852
11853 #ifdef CONFIG_NL80211_TESTMODE
nl80211_testmode_do(struct sk_buff * skb,struct genl_info * info)11854 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
11855 {
11856 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11857 struct wireless_dev *wdev;
11858 int err;
11859
11860 lockdep_assert_held(&rdev->wiphy.mtx);
11861
11862 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
11863 info->attrs);
11864
11865 if (!rdev->ops->testmode_cmd)
11866 return -EOPNOTSUPP;
11867
11868 if (IS_ERR(wdev)) {
11869 err = PTR_ERR(wdev);
11870 if (err != -EINVAL)
11871 return err;
11872 wdev = NULL;
11873 } else if (wdev->wiphy != &rdev->wiphy) {
11874 return -EINVAL;
11875 }
11876
11877 if (!info->attrs[NL80211_ATTR_TESTDATA])
11878 return -EINVAL;
11879
11880 rdev->cur_cmd_info = info;
11881 err = rdev_testmode_cmd(rdev, wdev,
11882 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
11883 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
11884 rdev->cur_cmd_info = NULL;
11885
11886 return err;
11887 }
11888
nl80211_testmode_dump(struct sk_buff * skb,struct netlink_callback * cb)11889 static int nl80211_testmode_dump(struct sk_buff *skb,
11890 struct netlink_callback *cb)
11891 {
11892 struct cfg80211_registered_device *rdev;
11893 struct nlattr **attrbuf = NULL;
11894 int err;
11895 long phy_idx;
11896 void *data = NULL;
11897 int data_len = 0;
11898
11899 rtnl_lock();
11900
11901 if (cb->args[0]) {
11902 /*
11903 * 0 is a valid index, but not valid for args[0],
11904 * so we need to offset by 1.
11905 */
11906 phy_idx = cb->args[0] - 1;
11907
11908 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
11909 if (!rdev) {
11910 err = -ENOENT;
11911 goto out_err;
11912 }
11913 } else {
11914 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
11915 GFP_KERNEL);
11916 if (!attrbuf) {
11917 err = -ENOMEM;
11918 goto out_err;
11919 }
11920
11921 err = nlmsg_parse_deprecated(cb->nlh,
11922 GENL_HDRLEN + nl80211_fam.hdrsize,
11923 attrbuf, nl80211_fam.maxattr,
11924 nl80211_policy, NULL);
11925 if (err)
11926 goto out_err;
11927
11928 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
11929 if (IS_ERR(rdev)) {
11930 err = PTR_ERR(rdev);
11931 goto out_err;
11932 }
11933 phy_idx = rdev->wiphy_idx;
11934
11935 if (attrbuf[NL80211_ATTR_TESTDATA])
11936 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
11937 }
11938
11939 if (cb->args[1]) {
11940 data = nla_data((void *)cb->args[1]);
11941 data_len = nla_len((void *)cb->args[1]);
11942 }
11943
11944 if (!rdev->ops->testmode_dump) {
11945 err = -EOPNOTSUPP;
11946 goto out_err;
11947 }
11948
11949 while (1) {
11950 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
11951 cb->nlh->nlmsg_seq, NLM_F_MULTI,
11952 NL80211_CMD_TESTMODE);
11953 struct nlattr *tmdata;
11954
11955 if (!hdr)
11956 break;
11957
11958 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
11959 genlmsg_cancel(skb, hdr);
11960 break;
11961 }
11962
11963 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
11964 if (!tmdata) {
11965 genlmsg_cancel(skb, hdr);
11966 break;
11967 }
11968 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
11969 nla_nest_end(skb, tmdata);
11970
11971 if (err == -ENOBUFS || err == -ENOENT) {
11972 genlmsg_cancel(skb, hdr);
11973 break;
11974 } else if (err) {
11975 genlmsg_cancel(skb, hdr);
11976 goto out_err;
11977 }
11978
11979 genlmsg_end(skb, hdr);
11980 }
11981
11982 err = skb->len;
11983 /* see above */
11984 cb->args[0] = phy_idx + 1;
11985 out_err:
11986 kfree(attrbuf);
11987 rtnl_unlock();
11988 return err;
11989 }
11990 #endif
11991
nl80211_connect(struct sk_buff * skb,struct genl_info * info)11992 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
11993 {
11994 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11995 struct net_device *dev = info->user_ptr[1];
11996 struct cfg80211_connect_params connect;
11997 struct wiphy *wiphy;
11998 struct cfg80211_cached_keys *connkeys = NULL;
11999 u32 freq = 0;
12000 int err;
12001
12002 memset(&connect, 0, sizeof(connect));
12003
12004 if (!info->attrs[NL80211_ATTR_SSID] ||
12005 !nla_len(info->attrs[NL80211_ATTR_SSID]))
12006 return -EINVAL;
12007
12008 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12009 connect.auth_type =
12010 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12011 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
12012 NL80211_CMD_CONNECT))
12013 return -EINVAL;
12014 } else
12015 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
12016
12017 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
12018
12019 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
12020 !wiphy_ext_feature_isset(&rdev->wiphy,
12021 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
12022 return -EINVAL;
12023 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
12024
12025 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
12026 NL80211_MAX_NR_CIPHER_SUITES);
12027 if (err)
12028 return err;
12029
12030 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12031 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12032 return -EOPNOTSUPP;
12033
12034 wiphy = &rdev->wiphy;
12035
12036 connect.bg_scan_period = -1;
12037 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
12038 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
12039 connect.bg_scan_period =
12040 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
12041 }
12042
12043 if (info->attrs[NL80211_ATTR_MAC])
12044 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12045 else if (info->attrs[NL80211_ATTR_MAC_HINT])
12046 connect.bssid_hint =
12047 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
12048 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12049 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12050
12051 if (info->attrs[NL80211_ATTR_IE]) {
12052 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12053 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12054 }
12055
12056 if (info->attrs[NL80211_ATTR_USE_MFP]) {
12057 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
12058 if (connect.mfp == NL80211_MFP_OPTIONAL &&
12059 !wiphy_ext_feature_isset(&rdev->wiphy,
12060 NL80211_EXT_FEATURE_MFP_OPTIONAL))
12061 return -EOPNOTSUPP;
12062 } else {
12063 connect.mfp = NL80211_MFP_NO;
12064 }
12065
12066 if (info->attrs[NL80211_ATTR_PREV_BSSID])
12067 connect.prev_bssid =
12068 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
12069
12070 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
12071 freq = MHZ_TO_KHZ(nla_get_u32(
12072 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
12073 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12074 freq +=
12075 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12076
12077 if (freq) {
12078 connect.channel = nl80211_get_valid_chan(wiphy, freq);
12079 if (!connect.channel)
12080 return -EINVAL;
12081 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
12082 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
12083 freq = MHZ_TO_KHZ(freq);
12084 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
12085 if (!connect.channel_hint)
12086 return -EINVAL;
12087 }
12088
12089 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
12090 connect.edmg.channels =
12091 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
12092
12093 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
12094 connect.edmg.bw_config =
12095 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
12096 }
12097
12098 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
12099 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
12100 if (IS_ERR(connkeys))
12101 return PTR_ERR(connkeys);
12102 }
12103
12104 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
12105 connect.flags |= ASSOC_REQ_DISABLE_HT;
12106
12107 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12108 memcpy(&connect.ht_capa_mask,
12109 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12110 sizeof(connect.ht_capa_mask));
12111
12112 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12113 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
12114 kfree_sensitive(connkeys);
12115 return -EINVAL;
12116 }
12117 memcpy(&connect.ht_capa,
12118 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12119 sizeof(connect.ht_capa));
12120 }
12121
12122 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
12123 connect.flags |= ASSOC_REQ_DISABLE_VHT;
12124
12125 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
12126 connect.flags |= ASSOC_REQ_DISABLE_HE;
12127
12128 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
12129 connect.flags |= ASSOC_REQ_DISABLE_EHT;
12130
12131 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12132 memcpy(&connect.vht_capa_mask,
12133 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
12134 sizeof(connect.vht_capa_mask));
12135
12136 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
12137 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
12138 kfree_sensitive(connkeys);
12139 return -EINVAL;
12140 }
12141 memcpy(&connect.vht_capa,
12142 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
12143 sizeof(connect.vht_capa));
12144 }
12145
12146 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
12147 if (!((rdev->wiphy.features &
12148 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
12149 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
12150 !wiphy_ext_feature_isset(&rdev->wiphy,
12151 NL80211_EXT_FEATURE_RRM)) {
12152 kfree_sensitive(connkeys);
12153 return -EINVAL;
12154 }
12155 connect.flags |= ASSOC_REQ_USE_RRM;
12156 }
12157
12158 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
12159 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
12160 kfree_sensitive(connkeys);
12161 return -EOPNOTSUPP;
12162 }
12163
12164 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
12165 /* bss selection makes no sense if bssid is set */
12166 if (connect.bssid) {
12167 kfree_sensitive(connkeys);
12168 return -EINVAL;
12169 }
12170
12171 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
12172 wiphy, &connect.bss_select);
12173 if (err) {
12174 kfree_sensitive(connkeys);
12175 return err;
12176 }
12177 }
12178
12179 if (wiphy_ext_feature_isset(&rdev->wiphy,
12180 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
12181 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12182 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12183 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12184 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12185 connect.fils_erp_username =
12186 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12187 connect.fils_erp_username_len =
12188 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12189 connect.fils_erp_realm =
12190 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12191 connect.fils_erp_realm_len =
12192 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12193 connect.fils_erp_next_seq_num =
12194 nla_get_u16(
12195 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12196 connect.fils_erp_rrk =
12197 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12198 connect.fils_erp_rrk_len =
12199 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12200 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12201 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12202 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12203 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12204 kfree_sensitive(connkeys);
12205 return -EINVAL;
12206 }
12207
12208 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
12209 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12210 kfree_sensitive(connkeys);
12211 GENL_SET_ERR_MSG(info,
12212 "external auth requires connection ownership");
12213 return -EINVAL;
12214 }
12215 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
12216 }
12217
12218 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
12219 connect.flags |= CONNECT_REQ_MLO_SUPPORT;
12220
12221 err = cfg80211_connect(rdev, dev, &connect, connkeys,
12222 connect.prev_bssid);
12223 if (err)
12224 kfree_sensitive(connkeys);
12225
12226 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12227 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
12228 if (connect.bssid)
12229 memcpy(dev->ieee80211_ptr->disconnect_bssid,
12230 connect.bssid, ETH_ALEN);
12231 else
12232 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
12233 }
12234
12235 return err;
12236 }
12237
nl80211_update_connect_params(struct sk_buff * skb,struct genl_info * info)12238 static int nl80211_update_connect_params(struct sk_buff *skb,
12239 struct genl_info *info)
12240 {
12241 struct cfg80211_connect_params connect = {};
12242 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12243 struct net_device *dev = info->user_ptr[1];
12244 struct wireless_dev *wdev = dev->ieee80211_ptr;
12245 bool fils_sk_offload;
12246 u32 auth_type;
12247 u32 changed = 0;
12248
12249 if (!rdev->ops->update_connect_params)
12250 return -EOPNOTSUPP;
12251
12252 if (info->attrs[NL80211_ATTR_IE]) {
12253 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12254 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12255 changed |= UPDATE_ASSOC_IES;
12256 }
12257
12258 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
12259 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
12260
12261 /*
12262 * when driver supports fils-sk offload all attributes must be
12263 * provided. So the else covers "fils-sk-not-all" and
12264 * "no-fils-sk-any".
12265 */
12266 if (fils_sk_offload &&
12267 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
12268 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
12269 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
12270 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12271 connect.fils_erp_username =
12272 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12273 connect.fils_erp_username_len =
12274 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
12275 connect.fils_erp_realm =
12276 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12277 connect.fils_erp_realm_len =
12278 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
12279 connect.fils_erp_next_seq_num =
12280 nla_get_u16(
12281 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
12282 connect.fils_erp_rrk =
12283 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12284 connect.fils_erp_rrk_len =
12285 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
12286 changed |= UPDATE_FILS_ERP_INFO;
12287 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
12288 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
12289 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
12290 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
12291 return -EINVAL;
12292 }
12293
12294 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
12295 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12296 if (!nl80211_valid_auth_type(rdev, auth_type,
12297 NL80211_CMD_CONNECT))
12298 return -EINVAL;
12299
12300 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
12301 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
12302 return -EINVAL;
12303
12304 connect.auth_type = auth_type;
12305 changed |= UPDATE_AUTH_TYPE;
12306 }
12307
12308 if (!wdev->connected)
12309 return -ENOLINK;
12310
12311 return rdev_update_connect_params(rdev, dev, &connect, changed);
12312 }
12313
nl80211_disconnect(struct sk_buff * skb,struct genl_info * info)12314 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
12315 {
12316 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12317 struct net_device *dev = info->user_ptr[1];
12318 u16 reason;
12319
12320 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12321 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12322 return -EPERM;
12323
12324 if (!info->attrs[NL80211_ATTR_REASON_CODE])
12325 reason = WLAN_REASON_DEAUTH_LEAVING;
12326 else
12327 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
12328
12329 if (reason == 0)
12330 return -EINVAL;
12331
12332 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12333 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12334 return -EOPNOTSUPP;
12335
12336 return cfg80211_disconnect(rdev, dev, reason, true);
12337 }
12338
nl80211_wiphy_netns(struct sk_buff * skb,struct genl_info * info)12339 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
12340 {
12341 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12342 struct net *net;
12343 int err;
12344
12345 if (info->attrs[NL80211_ATTR_PID]) {
12346 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
12347
12348 net = get_net_ns_by_pid(pid);
12349 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
12350 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
12351
12352 net = get_net_ns_by_fd(fd);
12353 } else {
12354 return -EINVAL;
12355 }
12356
12357 if (IS_ERR(net))
12358 return PTR_ERR(net);
12359
12360 err = 0;
12361
12362 /* check if anything to do */
12363 if (!net_eq(wiphy_net(&rdev->wiphy), net))
12364 err = cfg80211_switch_netns(rdev, net);
12365
12366 put_net(net);
12367 return err;
12368 }
12369
nl80211_set_pmksa(struct sk_buff * skb,struct genl_info * info)12370 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
12371 {
12372 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12373 struct net_device *dev = info->user_ptr[1];
12374 struct cfg80211_pmksa pmksa;
12375 bool ap_pmksa_caching_support = false;
12376
12377 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12378
12379 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12380 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12381
12382 if (!info->attrs[NL80211_ATTR_PMKID])
12383 return -EINVAL;
12384
12385 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12386
12387 if (info->attrs[NL80211_ATTR_MAC]) {
12388 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12389 } else if (info->attrs[NL80211_ATTR_SSID] &&
12390 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12391 info->attrs[NL80211_ATTR_PMK]) {
12392 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12393 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12394 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12395 } else {
12396 return -EINVAL;
12397 }
12398
12399 if (info->attrs[NL80211_ATTR_PMK]) {
12400 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12401 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
12402 }
12403
12404 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
12405 pmksa.pmk_lifetime =
12406 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
12407
12408 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
12409 pmksa.pmk_reauth_threshold =
12410 nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
12411
12412 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12413 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12414 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12415 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12416 ap_pmksa_caching_support))
12417 return -EOPNOTSUPP;
12418
12419 if (!rdev->ops->set_pmksa)
12420 return -EOPNOTSUPP;
12421
12422 return rdev_set_pmksa(rdev, dev, &pmksa);
12423 }
12424
nl80211_del_pmksa(struct sk_buff * skb,struct genl_info * info)12425 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
12426 {
12427 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12428 struct net_device *dev = info->user_ptr[1];
12429 struct cfg80211_pmksa pmksa;
12430 bool sae_offload_support = false;
12431 bool owe_offload_support = false;
12432 bool ap_pmksa_caching_support = false;
12433
12434 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
12435
12436 sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12437 NL80211_EXT_FEATURE_SAE_OFFLOAD);
12438 owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
12439 NL80211_EXT_FEATURE_OWE_OFFLOAD);
12440 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
12441 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
12442
12443 if (info->attrs[NL80211_ATTR_PMKID])
12444 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
12445
12446 if (info->attrs[NL80211_ATTR_MAC]) {
12447 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12448 } else if (info->attrs[NL80211_ATTR_SSID]) {
12449 /* SSID based pmksa flush suppported only for FILS,
12450 * OWE/SAE OFFLOAD cases
12451 */
12452 if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
12453 info->attrs[NL80211_ATTR_PMK]) {
12454 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
12455 } else if (!sae_offload_support && !owe_offload_support) {
12456 return -EINVAL;
12457 }
12458 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12459 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12460 } else {
12461 return -EINVAL;
12462 }
12463
12464 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12465 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
12466 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
12467 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
12468 ap_pmksa_caching_support))
12469 return -EOPNOTSUPP;
12470
12471 if (!rdev->ops->del_pmksa)
12472 return -EOPNOTSUPP;
12473
12474 return rdev_del_pmksa(rdev, dev, &pmksa);
12475 }
12476
nl80211_flush_pmksa(struct sk_buff * skb,struct genl_info * info)12477 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
12478 {
12479 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12480 struct net_device *dev = info->user_ptr[1];
12481
12482 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12483 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12484 return -EOPNOTSUPP;
12485
12486 if (!rdev->ops->flush_pmksa)
12487 return -EOPNOTSUPP;
12488
12489 return rdev_flush_pmksa(rdev, dev);
12490 }
12491
nl80211_tdls_mgmt(struct sk_buff * skb,struct genl_info * info)12492 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
12493 {
12494 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12495 struct net_device *dev = info->user_ptr[1];
12496 u8 action_code, dialog_token;
12497 u32 peer_capability = 0;
12498 u16 status_code;
12499 u8 *peer;
12500 int link_id;
12501 bool initiator;
12502
12503 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12504 !rdev->ops->tdls_mgmt)
12505 return -EOPNOTSUPP;
12506
12507 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
12508 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
12509 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
12510 !info->attrs[NL80211_ATTR_IE] ||
12511 !info->attrs[NL80211_ATTR_MAC])
12512 return -EINVAL;
12513
12514 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12515 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
12516 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
12517 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
12518 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
12519 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
12520 peer_capability =
12521 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
12522 link_id = nl80211_link_id_or_invalid(info->attrs);
12523
12524 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
12525 dialog_token, status_code, peer_capability,
12526 initiator,
12527 nla_data(info->attrs[NL80211_ATTR_IE]),
12528 nla_len(info->attrs[NL80211_ATTR_IE]));
12529 }
12530
nl80211_tdls_oper(struct sk_buff * skb,struct genl_info * info)12531 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
12532 {
12533 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12534 struct net_device *dev = info->user_ptr[1];
12535 enum nl80211_tdls_operation operation;
12536 u8 *peer;
12537
12538 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
12539 !rdev->ops->tdls_oper)
12540 return -EOPNOTSUPP;
12541
12542 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
12543 !info->attrs[NL80211_ATTR_MAC])
12544 return -EINVAL;
12545
12546 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
12547 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12548
12549 return rdev_tdls_oper(rdev, dev, peer, operation);
12550 }
12551
nl80211_remain_on_channel(struct sk_buff * skb,struct genl_info * info)12552 static int nl80211_remain_on_channel(struct sk_buff *skb,
12553 struct genl_info *info)
12554 {
12555 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12556 unsigned int link_id = nl80211_link_id(info->attrs);
12557 struct wireless_dev *wdev = info->user_ptr[1];
12558 struct cfg80211_chan_def chandef;
12559 struct sk_buff *msg;
12560 void *hdr;
12561 u64 cookie;
12562 u32 duration;
12563 int err;
12564
12565 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12566 !info->attrs[NL80211_ATTR_DURATION])
12567 return -EINVAL;
12568
12569 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12570
12571 if (!rdev->ops->remain_on_channel ||
12572 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
12573 return -EOPNOTSUPP;
12574
12575 /*
12576 * We should be on that channel for at least a minimum amount of
12577 * time (10ms) but no longer than the driver supports.
12578 */
12579 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12580 duration > rdev->wiphy.max_remain_on_channel_duration)
12581 return -EINVAL;
12582
12583 err = nl80211_parse_chandef(rdev, info, &chandef);
12584 if (err)
12585 return err;
12586
12587 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
12588 const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
12589
12590 oper_chandef = wdev_chandef(wdev, link_id);
12591
12592 if (WARN_ON(!oper_chandef)) {
12593 /* cannot happen since we must beacon to get here */
12594 WARN_ON(1);
12595 return -EBUSY;
12596 }
12597
12598 /* note: returns first one if identical chandefs */
12599 compat_chandef = cfg80211_chandef_compatible(&chandef,
12600 oper_chandef);
12601
12602 if (compat_chandef != &chandef)
12603 return -EBUSY;
12604 }
12605
12606 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12607 if (!msg)
12608 return -ENOMEM;
12609
12610 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12611 NL80211_CMD_REMAIN_ON_CHANNEL);
12612 if (!hdr) {
12613 err = -ENOBUFS;
12614 goto free_msg;
12615 }
12616
12617 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
12618 duration, &cookie);
12619
12620 if (err)
12621 goto free_msg;
12622
12623 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12624 NL80211_ATTR_PAD))
12625 goto nla_put_failure;
12626
12627 genlmsg_end(msg, hdr);
12628
12629 return genlmsg_reply(msg, info);
12630
12631 nla_put_failure:
12632 err = -ENOBUFS;
12633 free_msg:
12634 nlmsg_free(msg);
12635 return err;
12636 }
12637
nl80211_cancel_remain_on_channel(struct sk_buff * skb,struct genl_info * info)12638 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
12639 struct genl_info *info)
12640 {
12641 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12642 struct wireless_dev *wdev = info->user_ptr[1];
12643 u64 cookie;
12644
12645 if (!info->attrs[NL80211_ATTR_COOKIE])
12646 return -EINVAL;
12647
12648 if (!rdev->ops->cancel_remain_on_channel)
12649 return -EOPNOTSUPP;
12650
12651 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12652
12653 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
12654 }
12655
nl80211_set_tx_bitrate_mask(struct sk_buff * skb,struct genl_info * info)12656 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
12657 struct genl_info *info)
12658 {
12659 struct cfg80211_bitrate_mask mask;
12660 unsigned int link_id = nl80211_link_id(info->attrs);
12661 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12662 struct net_device *dev = info->user_ptr[1];
12663 int err;
12664
12665 if (!rdev->ops->set_bitrate_mask)
12666 return -EOPNOTSUPP;
12667
12668 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
12669 NL80211_ATTR_TX_RATES, &mask,
12670 dev, true, link_id);
12671 if (err)
12672 return err;
12673
12674 return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
12675 }
12676
nl80211_register_mgmt(struct sk_buff * skb,struct genl_info * info)12677 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
12678 {
12679 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12680 struct wireless_dev *wdev = info->user_ptr[1];
12681 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
12682
12683 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
12684 return -EINVAL;
12685
12686 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
12687 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
12688
12689 switch (wdev->iftype) {
12690 case NL80211_IFTYPE_STATION:
12691 case NL80211_IFTYPE_ADHOC:
12692 case NL80211_IFTYPE_P2P_CLIENT:
12693 case NL80211_IFTYPE_AP:
12694 case NL80211_IFTYPE_AP_VLAN:
12695 case NL80211_IFTYPE_MESH_POINT:
12696 case NL80211_IFTYPE_P2P_GO:
12697 case NL80211_IFTYPE_P2P_DEVICE:
12698 break;
12699 case NL80211_IFTYPE_NAN:
12700 if (!wiphy_ext_feature_isset(wdev->wiphy,
12701 NL80211_EXT_FEATURE_SECURE_NAN))
12702 return -EOPNOTSUPP;
12703 break;
12704 default:
12705 return -EOPNOTSUPP;
12706 }
12707
12708 /* not much point in registering if we can't reply */
12709 if (!rdev->ops->mgmt_tx)
12710 return -EOPNOTSUPP;
12711
12712 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
12713 !wiphy_ext_feature_isset(&rdev->wiphy,
12714 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
12715 GENL_SET_ERR_MSG(info,
12716 "multicast RX registrations are not supported");
12717 return -EOPNOTSUPP;
12718 }
12719
12720 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
12721 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12722 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
12723 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
12724 info->extack);
12725 }
12726
nl80211_tx_mgmt(struct sk_buff * skb,struct genl_info * info)12727 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
12728 {
12729 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12730 struct wireless_dev *wdev = info->user_ptr[1];
12731 struct cfg80211_chan_def chandef;
12732 int err;
12733 void *hdr = NULL;
12734 u64 cookie;
12735 struct sk_buff *msg = NULL;
12736 struct cfg80211_mgmt_tx_params params = {
12737 .dont_wait_for_ack =
12738 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
12739 };
12740
12741 if (!info->attrs[NL80211_ATTR_FRAME])
12742 return -EINVAL;
12743
12744 if (!rdev->ops->mgmt_tx)
12745 return -EOPNOTSUPP;
12746
12747 switch (wdev->iftype) {
12748 case NL80211_IFTYPE_P2P_DEVICE:
12749 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
12750 return -EINVAL;
12751 break;
12752 case NL80211_IFTYPE_STATION:
12753 case NL80211_IFTYPE_ADHOC:
12754 case NL80211_IFTYPE_P2P_CLIENT:
12755 case NL80211_IFTYPE_AP:
12756 case NL80211_IFTYPE_AP_VLAN:
12757 case NL80211_IFTYPE_MESH_POINT:
12758 case NL80211_IFTYPE_P2P_GO:
12759 break;
12760 case NL80211_IFTYPE_NAN:
12761 if (!wiphy_ext_feature_isset(wdev->wiphy,
12762 NL80211_EXT_FEATURE_SECURE_NAN))
12763 return -EOPNOTSUPP;
12764 break;
12765 default:
12766 return -EOPNOTSUPP;
12767 }
12768
12769 if (info->attrs[NL80211_ATTR_DURATION]) {
12770 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12771 return -EINVAL;
12772 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
12773
12774 /*
12775 * We should wait on the channel for at least a minimum amount
12776 * of time (10ms) but no longer than the driver supports.
12777 */
12778 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
12779 params.wait > rdev->wiphy.max_remain_on_channel_duration)
12780 return -EINVAL;
12781 }
12782
12783 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
12784
12785 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
12786 return -EINVAL;
12787
12788 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
12789
12790 /* get the channel if any has been specified, otherwise pass NULL to
12791 * the driver. The latter will use the current one
12792 */
12793 chandef.chan = NULL;
12794 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
12795 err = nl80211_parse_chandef(rdev, info, &chandef);
12796 if (err)
12797 return err;
12798 }
12799
12800 if (!chandef.chan && params.offchan)
12801 return -EINVAL;
12802
12803 if (params.offchan &&
12804 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
12805 return -EBUSY;
12806
12807 params.link_id = nl80211_link_id_or_invalid(info->attrs);
12808 /*
12809 * This now races due to the unlock, but we cannot check
12810 * the valid links for the _station_ anyway, so that's up
12811 * to the driver.
12812 */
12813 if (params.link_id >= 0 &&
12814 !(wdev->valid_links & BIT(params.link_id)))
12815 return -EINVAL;
12816
12817 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
12818 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
12819
12820 err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
12821 info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
12822 ¶ms.csa_offsets,
12823 ¶ms.n_csa_offsets);
12824 if (err)
12825 return err;
12826
12827 if (!params.dont_wait_for_ack) {
12828 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12829 if (!msg)
12830 return -ENOMEM;
12831
12832 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12833 NL80211_CMD_FRAME);
12834 if (!hdr) {
12835 err = -ENOBUFS;
12836 goto free_msg;
12837 }
12838 }
12839
12840 params.chan = chandef.chan;
12841 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
12842 if (err)
12843 goto free_msg;
12844
12845 if (msg) {
12846 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12847 NL80211_ATTR_PAD))
12848 goto nla_put_failure;
12849
12850 genlmsg_end(msg, hdr);
12851 return genlmsg_reply(msg, info);
12852 }
12853
12854 return 0;
12855
12856 nla_put_failure:
12857 err = -ENOBUFS;
12858 free_msg:
12859 nlmsg_free(msg);
12860 return err;
12861 }
12862
nl80211_tx_mgmt_cancel_wait(struct sk_buff * skb,struct genl_info * info)12863 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
12864 {
12865 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12866 struct wireless_dev *wdev = info->user_ptr[1];
12867 u64 cookie;
12868
12869 if (!info->attrs[NL80211_ATTR_COOKIE])
12870 return -EINVAL;
12871
12872 if (!rdev->ops->mgmt_tx_cancel_wait)
12873 return -EOPNOTSUPP;
12874
12875 switch (wdev->iftype) {
12876 case NL80211_IFTYPE_STATION:
12877 case NL80211_IFTYPE_ADHOC:
12878 case NL80211_IFTYPE_P2P_CLIENT:
12879 case NL80211_IFTYPE_AP:
12880 case NL80211_IFTYPE_AP_VLAN:
12881 case NL80211_IFTYPE_P2P_GO:
12882 case NL80211_IFTYPE_P2P_DEVICE:
12883 break;
12884 case NL80211_IFTYPE_NAN:
12885 if (!wiphy_ext_feature_isset(wdev->wiphy,
12886 NL80211_EXT_FEATURE_SECURE_NAN))
12887 return -EOPNOTSUPP;
12888 break;
12889 default:
12890 return -EOPNOTSUPP;
12891 }
12892
12893 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12894
12895 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
12896 }
12897
nl80211_set_power_save(struct sk_buff * skb,struct genl_info * info)12898 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
12899 {
12900 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12901 struct wireless_dev *wdev;
12902 struct net_device *dev = info->user_ptr[1];
12903 u8 ps_state;
12904 bool state;
12905 int err;
12906
12907 if (!info->attrs[NL80211_ATTR_PS_STATE])
12908 return -EINVAL;
12909
12910 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
12911
12912 wdev = dev->ieee80211_ptr;
12913
12914 if (!rdev->ops->set_power_mgmt)
12915 return -EOPNOTSUPP;
12916
12917 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
12918
12919 if (state == wdev->ps)
12920 return 0;
12921
12922 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
12923 if (!err)
12924 wdev->ps = state;
12925 return err;
12926 }
12927
nl80211_get_power_save(struct sk_buff * skb,struct genl_info * info)12928 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
12929 {
12930 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12931 enum nl80211_ps_state ps_state;
12932 struct wireless_dev *wdev;
12933 struct net_device *dev = info->user_ptr[1];
12934 struct sk_buff *msg;
12935 void *hdr;
12936 int err;
12937
12938 wdev = dev->ieee80211_ptr;
12939
12940 if (!rdev->ops->set_power_mgmt)
12941 return -EOPNOTSUPP;
12942
12943 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12944 if (!msg)
12945 return -ENOMEM;
12946
12947 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12948 NL80211_CMD_GET_POWER_SAVE);
12949 if (!hdr) {
12950 err = -ENOBUFS;
12951 goto free_msg;
12952 }
12953
12954 if (wdev->ps)
12955 ps_state = NL80211_PS_ENABLED;
12956 else
12957 ps_state = NL80211_PS_DISABLED;
12958
12959 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
12960 goto nla_put_failure;
12961
12962 genlmsg_end(msg, hdr);
12963 return genlmsg_reply(msg, info);
12964
12965 nla_put_failure:
12966 err = -ENOBUFS;
12967 free_msg:
12968 nlmsg_free(msg);
12969 return err;
12970 }
12971
12972 static const struct nla_policy
12973 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
12974 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
12975 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
12976 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
12977 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
12978 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
12979 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
12980 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
12981 };
12982
nl80211_set_cqm_txe(struct genl_info * info,u32 rate,u32 pkts,u32 intvl)12983 static int nl80211_set_cqm_txe(struct genl_info *info,
12984 u32 rate, u32 pkts, u32 intvl)
12985 {
12986 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12987 struct net_device *dev = info->user_ptr[1];
12988 struct wireless_dev *wdev = dev->ieee80211_ptr;
12989
12990 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
12991 return -EINVAL;
12992
12993 if (!rdev->ops->set_cqm_txe_config)
12994 return -EOPNOTSUPP;
12995
12996 if (wdev->iftype != NL80211_IFTYPE_STATION &&
12997 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
12998 return -EOPNOTSUPP;
12999
13000 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
13001 }
13002
cfg80211_cqm_rssi_update(struct cfg80211_registered_device * rdev,struct net_device * dev,struct cfg80211_cqm_config * cqm_config)13003 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
13004 struct net_device *dev,
13005 struct cfg80211_cqm_config *cqm_config)
13006 {
13007 struct wireless_dev *wdev = dev->ieee80211_ptr;
13008 s32 last, low, high;
13009 u32 hyst;
13010 int i, n, low_index;
13011 int err;
13012
13013 /*
13014 * Obtain current RSSI value if possible, if not and no RSSI threshold
13015 * event has been received yet, we should receive an event after a
13016 * connection is established and enough beacons received to calculate
13017 * the average.
13018 */
13019 if (!cqm_config->last_rssi_event_value &&
13020 wdev->links[0].client.current_bss &&
13021 rdev->ops->get_station) {
13022 struct station_info sinfo = {};
13023 u8 *mac_addr;
13024
13025 mac_addr = wdev->links[0].client.current_bss->pub.bssid;
13026
13027 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
13028 if (err)
13029 return err;
13030
13031 cfg80211_sinfo_release_content(&sinfo);
13032 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
13033 cqm_config->last_rssi_event_value =
13034 (s8) sinfo.rx_beacon_signal_avg;
13035 }
13036
13037 last = cqm_config->last_rssi_event_value;
13038 hyst = cqm_config->rssi_hyst;
13039 n = cqm_config->n_rssi_thresholds;
13040
13041 for (i = 0; i < n; i++) {
13042 i = array_index_nospec(i, n);
13043 if (last < cqm_config->rssi_thresholds[i])
13044 break;
13045 }
13046
13047 low_index = i - 1;
13048 if (low_index >= 0) {
13049 low_index = array_index_nospec(low_index, n);
13050 low = cqm_config->rssi_thresholds[low_index] - hyst;
13051 } else {
13052 low = S32_MIN;
13053 }
13054 if (i < n) {
13055 i = array_index_nospec(i, n);
13056 high = cqm_config->rssi_thresholds[i] + hyst - 1;
13057 } else {
13058 high = S32_MAX;
13059 }
13060
13061 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
13062 }
13063
nl80211_set_cqm_rssi(struct genl_info * info,const s32 * thresholds,int n_thresholds,u32 hysteresis)13064 static int nl80211_set_cqm_rssi(struct genl_info *info,
13065 const s32 *thresholds, int n_thresholds,
13066 u32 hysteresis)
13067 {
13068 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13069 struct cfg80211_cqm_config *cqm_config = NULL, *old;
13070 struct net_device *dev = info->user_ptr[1];
13071 struct wireless_dev *wdev = dev->ieee80211_ptr;
13072 s32 prev = S32_MIN;
13073 int i, err;
13074
13075 /* Check all values negative and sorted */
13076 for (i = 0; i < n_thresholds; i++) {
13077 if (thresholds[i] > 0 || thresholds[i] <= prev)
13078 return -EINVAL;
13079
13080 prev = thresholds[i];
13081 }
13082
13083 if (wdev->iftype != NL80211_IFTYPE_STATION &&
13084 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13085 return -EOPNOTSUPP;
13086
13087 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
13088 n_thresholds = 0;
13089
13090 old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
13091
13092 /* if already disabled just succeed */
13093 if (!n_thresholds && !old)
13094 return 0;
13095
13096 if (n_thresholds > 1) {
13097 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13098 NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
13099 !rdev->ops->set_cqm_rssi_range_config)
13100 return -EOPNOTSUPP;
13101 } else {
13102 if (!rdev->ops->set_cqm_rssi_config)
13103 return -EOPNOTSUPP;
13104 }
13105
13106 if (n_thresholds) {
13107 cqm_config = kzalloc(struct_size(cqm_config, rssi_thresholds,
13108 n_thresholds),
13109 GFP_KERNEL);
13110 if (!cqm_config)
13111 return -ENOMEM;
13112
13113 cqm_config->rssi_hyst = hysteresis;
13114 cqm_config->n_rssi_thresholds = n_thresholds;
13115 memcpy(cqm_config->rssi_thresholds, thresholds,
13116 flex_array_size(cqm_config, rssi_thresholds,
13117 n_thresholds));
13118 cqm_config->use_range_api = n_thresholds > 1 ||
13119 !rdev->ops->set_cqm_rssi_config;
13120
13121 rcu_assign_pointer(wdev->cqm_config, cqm_config);
13122
13123 if (cqm_config->use_range_api)
13124 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
13125 else
13126 err = rdev_set_cqm_rssi_config(rdev, dev,
13127 thresholds[0],
13128 hysteresis);
13129 } else {
13130 RCU_INIT_POINTER(wdev->cqm_config, NULL);
13131 /* if enabled as range also disable via range */
13132 if (old->use_range_api)
13133 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
13134 else
13135 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
13136 }
13137
13138 if (err) {
13139 rcu_assign_pointer(wdev->cqm_config, old);
13140 kfree_rcu(cqm_config, rcu_head);
13141 } else {
13142 kfree_rcu(old, rcu_head);
13143 }
13144
13145 return err;
13146 }
13147
nl80211_set_cqm(struct sk_buff * skb,struct genl_info * info)13148 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
13149 {
13150 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
13151 struct nlattr *cqm;
13152 int err;
13153
13154 cqm = info->attrs[NL80211_ATTR_CQM];
13155 if (!cqm)
13156 return -EINVAL;
13157
13158 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
13159 nl80211_attr_cqm_policy,
13160 info->extack);
13161 if (err)
13162 return err;
13163
13164 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
13165 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
13166 const s32 *thresholds =
13167 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13168 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
13169 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
13170
13171 if (len % 4)
13172 return -EINVAL;
13173
13174 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
13175 hysteresis);
13176 }
13177
13178 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
13179 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
13180 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
13181 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
13182 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
13183 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
13184
13185 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
13186 }
13187
13188 return -EINVAL;
13189 }
13190
nl80211_join_ocb(struct sk_buff * skb,struct genl_info * info)13191 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
13192 {
13193 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13194 struct net_device *dev = info->user_ptr[1];
13195 struct ocb_setup setup = {};
13196 int err;
13197
13198 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13199 if (err)
13200 return err;
13201
13202 return cfg80211_join_ocb(rdev, dev, &setup);
13203 }
13204
nl80211_leave_ocb(struct sk_buff * skb,struct genl_info * info)13205 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
13206 {
13207 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13208 struct net_device *dev = info->user_ptr[1];
13209
13210 return cfg80211_leave_ocb(rdev, dev);
13211 }
13212
nl80211_join_mesh(struct sk_buff * skb,struct genl_info * info)13213 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
13214 {
13215 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13216 struct net_device *dev = info->user_ptr[1];
13217 struct mesh_config cfg;
13218 struct mesh_setup setup;
13219 int err;
13220
13221 /* start with default */
13222 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
13223 memcpy(&setup, &default_mesh_setup, sizeof(setup));
13224
13225 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
13226 /* and parse parameters if given */
13227 err = nl80211_parse_mesh_config(info, &cfg, NULL);
13228 if (err)
13229 return err;
13230 }
13231
13232 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
13233 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
13234 return -EINVAL;
13235
13236 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
13237 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
13238
13239 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
13240 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
13241 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
13242 return -EINVAL;
13243
13244 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
13245 setup.beacon_interval =
13246 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
13247
13248 err = cfg80211_validate_beacon_int(rdev,
13249 NL80211_IFTYPE_MESH_POINT,
13250 setup.beacon_interval);
13251 if (err)
13252 return err;
13253 }
13254
13255 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
13256 setup.dtim_period =
13257 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
13258 if (setup.dtim_period < 1 || setup.dtim_period > 100)
13259 return -EINVAL;
13260 }
13261
13262 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
13263 /* parse additional setup parameters if given */
13264 err = nl80211_parse_mesh_setup(info, &setup);
13265 if (err)
13266 return err;
13267 }
13268
13269 if (setup.user_mpm)
13270 cfg.auto_open_plinks = false;
13271
13272 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
13273 err = nl80211_parse_chandef(rdev, info, &setup.chandef);
13274 if (err)
13275 return err;
13276 } else {
13277 /* __cfg80211_join_mesh() will sort it out */
13278 setup.chandef.chan = NULL;
13279 }
13280
13281 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
13282 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13283 int n_rates =
13284 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13285 struct ieee80211_supported_band *sband;
13286
13287 if (!setup.chandef.chan)
13288 return -EINVAL;
13289
13290 sband = rdev->wiphy.bands[setup.chandef.chan->band];
13291
13292 err = ieee80211_get_ratemask(sband, rates, n_rates,
13293 &setup.basic_rates);
13294 if (err)
13295 return err;
13296 }
13297
13298 if (info->attrs[NL80211_ATTR_TX_RATES]) {
13299 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
13300 NL80211_ATTR_TX_RATES,
13301 &setup.beacon_rate,
13302 dev, false, 0);
13303 if (err)
13304 return err;
13305
13306 if (!setup.chandef.chan)
13307 return -EINVAL;
13308
13309 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
13310 &setup.beacon_rate);
13311 if (err)
13312 return err;
13313 }
13314
13315 setup.userspace_handles_dfs =
13316 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
13317
13318 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
13319 int r = validate_pae_over_nl80211(rdev, info);
13320
13321 if (r < 0)
13322 return r;
13323
13324 setup.control_port_over_nl80211 = true;
13325 }
13326
13327 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
13328 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
13329 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13330
13331 return err;
13332 }
13333
nl80211_leave_mesh(struct sk_buff * skb,struct genl_info * info)13334 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
13335 {
13336 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13337 struct net_device *dev = info->user_ptr[1];
13338
13339 return cfg80211_leave_mesh(rdev, dev);
13340 }
13341
13342 #ifdef CONFIG_PM
nl80211_send_wowlan_patterns(struct sk_buff * msg,struct cfg80211_registered_device * rdev)13343 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
13344 struct cfg80211_registered_device *rdev)
13345 {
13346 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
13347 struct nlattr *nl_pats, *nl_pat;
13348 int i, pat_len;
13349
13350 if (!wowlan->n_patterns)
13351 return 0;
13352
13353 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
13354 if (!nl_pats)
13355 return -ENOBUFS;
13356
13357 for (i = 0; i < wowlan->n_patterns; i++) {
13358 nl_pat = nla_nest_start_noflag(msg, i + 1);
13359 if (!nl_pat)
13360 return -ENOBUFS;
13361 pat_len = wowlan->patterns[i].pattern_len;
13362 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
13363 wowlan->patterns[i].mask) ||
13364 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
13365 wowlan->patterns[i].pattern) ||
13366 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
13367 wowlan->patterns[i].pkt_offset))
13368 return -ENOBUFS;
13369 nla_nest_end(msg, nl_pat);
13370 }
13371 nla_nest_end(msg, nl_pats);
13372
13373 return 0;
13374 }
13375
nl80211_send_wowlan_tcp(struct sk_buff * msg,struct cfg80211_wowlan_tcp * tcp)13376 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
13377 struct cfg80211_wowlan_tcp *tcp)
13378 {
13379 struct nlattr *nl_tcp;
13380
13381 if (!tcp)
13382 return 0;
13383
13384 nl_tcp = nla_nest_start_noflag(msg,
13385 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
13386 if (!nl_tcp)
13387 return -ENOBUFS;
13388
13389 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
13390 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
13391 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
13392 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
13393 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
13394 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
13395 tcp->payload_len, tcp->payload) ||
13396 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
13397 tcp->data_interval) ||
13398 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
13399 tcp->wake_len, tcp->wake_data) ||
13400 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
13401 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
13402 return -ENOBUFS;
13403
13404 if (tcp->payload_seq.len &&
13405 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
13406 sizeof(tcp->payload_seq), &tcp->payload_seq))
13407 return -ENOBUFS;
13408
13409 if (tcp->payload_tok.len &&
13410 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
13411 sizeof(tcp->payload_tok) + tcp->tokens_size,
13412 &tcp->payload_tok))
13413 return -ENOBUFS;
13414
13415 nla_nest_end(msg, nl_tcp);
13416
13417 return 0;
13418 }
13419
nl80211_send_wowlan_nd(struct sk_buff * msg,struct cfg80211_sched_scan_request * req)13420 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
13421 struct cfg80211_sched_scan_request *req)
13422 {
13423 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
13424 int i;
13425
13426 if (!req)
13427 return 0;
13428
13429 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
13430 if (!nd)
13431 return -ENOBUFS;
13432
13433 if (req->n_scan_plans == 1 &&
13434 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
13435 req->scan_plans[0].interval * 1000))
13436 return -ENOBUFS;
13437
13438 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
13439 return -ENOBUFS;
13440
13441 if (req->relative_rssi_set) {
13442 struct nl80211_bss_select_rssi_adjust rssi_adjust;
13443
13444 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
13445 req->relative_rssi))
13446 return -ENOBUFS;
13447
13448 rssi_adjust.band = req->rssi_adjust.band;
13449 rssi_adjust.delta = req->rssi_adjust.delta;
13450 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
13451 sizeof(rssi_adjust), &rssi_adjust))
13452 return -ENOBUFS;
13453 }
13454
13455 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
13456 if (!freqs)
13457 return -ENOBUFS;
13458
13459 for (i = 0; i < req->n_channels; i++) {
13460 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
13461 return -ENOBUFS;
13462 }
13463
13464 nla_nest_end(msg, freqs);
13465
13466 if (req->n_match_sets) {
13467 matches = nla_nest_start_noflag(msg,
13468 NL80211_ATTR_SCHED_SCAN_MATCH);
13469 if (!matches)
13470 return -ENOBUFS;
13471
13472 for (i = 0; i < req->n_match_sets; i++) {
13473 match = nla_nest_start_noflag(msg, i);
13474 if (!match)
13475 return -ENOBUFS;
13476
13477 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
13478 req->match_sets[i].ssid.ssid_len,
13479 req->match_sets[i].ssid.ssid))
13480 return -ENOBUFS;
13481 nla_nest_end(msg, match);
13482 }
13483 nla_nest_end(msg, matches);
13484 }
13485
13486 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
13487 if (!scan_plans)
13488 return -ENOBUFS;
13489
13490 for (i = 0; i < req->n_scan_plans; i++) {
13491 scan_plan = nla_nest_start_noflag(msg, i + 1);
13492 if (!scan_plan)
13493 return -ENOBUFS;
13494
13495 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
13496 req->scan_plans[i].interval) ||
13497 (req->scan_plans[i].iterations &&
13498 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
13499 req->scan_plans[i].iterations)))
13500 return -ENOBUFS;
13501 nla_nest_end(msg, scan_plan);
13502 }
13503 nla_nest_end(msg, scan_plans);
13504
13505 nla_nest_end(msg, nd);
13506
13507 return 0;
13508 }
13509
nl80211_get_wowlan(struct sk_buff * skb,struct genl_info * info)13510 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
13511 {
13512 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13513 struct sk_buff *msg;
13514 void *hdr;
13515 u32 size = NLMSG_DEFAULT_SIZE;
13516
13517 if (!rdev->wiphy.wowlan)
13518 return -EOPNOTSUPP;
13519
13520 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
13521 /* adjust size to have room for all the data */
13522 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
13523 rdev->wiphy.wowlan_config->tcp->payload_len +
13524 rdev->wiphy.wowlan_config->tcp->wake_len +
13525 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
13526 }
13527
13528 msg = nlmsg_new(size, GFP_KERNEL);
13529 if (!msg)
13530 return -ENOMEM;
13531
13532 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13533 NL80211_CMD_GET_WOWLAN);
13534 if (!hdr)
13535 goto nla_put_failure;
13536
13537 if (rdev->wiphy.wowlan_config) {
13538 struct nlattr *nl_wowlan;
13539
13540 nl_wowlan = nla_nest_start_noflag(msg,
13541 NL80211_ATTR_WOWLAN_TRIGGERS);
13542 if (!nl_wowlan)
13543 goto nla_put_failure;
13544
13545 if ((rdev->wiphy.wowlan_config->any &&
13546 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
13547 (rdev->wiphy.wowlan_config->disconnect &&
13548 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
13549 (rdev->wiphy.wowlan_config->magic_pkt &&
13550 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
13551 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
13552 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
13553 (rdev->wiphy.wowlan_config->eap_identity_req &&
13554 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
13555 (rdev->wiphy.wowlan_config->four_way_handshake &&
13556 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
13557 (rdev->wiphy.wowlan_config->rfkill_release &&
13558 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
13559 goto nla_put_failure;
13560
13561 if (nl80211_send_wowlan_patterns(msg, rdev))
13562 goto nla_put_failure;
13563
13564 if (nl80211_send_wowlan_tcp(msg,
13565 rdev->wiphy.wowlan_config->tcp))
13566 goto nla_put_failure;
13567
13568 if (nl80211_send_wowlan_nd(
13569 msg,
13570 rdev->wiphy.wowlan_config->nd_config))
13571 goto nla_put_failure;
13572
13573 nla_nest_end(msg, nl_wowlan);
13574 }
13575
13576 genlmsg_end(msg, hdr);
13577 return genlmsg_reply(msg, info);
13578
13579 nla_put_failure:
13580 nlmsg_free(msg);
13581 return -ENOBUFS;
13582 }
13583
nl80211_parse_wowlan_tcp(struct cfg80211_registered_device * rdev,struct nlattr * attr,struct cfg80211_wowlan * trig)13584 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
13585 struct nlattr *attr,
13586 struct cfg80211_wowlan *trig)
13587 {
13588 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
13589 struct cfg80211_wowlan_tcp *cfg;
13590 struct nl80211_wowlan_tcp_data_token *tok = NULL;
13591 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
13592 u32 size;
13593 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
13594 int err, port;
13595
13596 if (!rdev->wiphy.wowlan->tcp)
13597 return -EINVAL;
13598
13599 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
13600 nl80211_wowlan_tcp_policy, NULL);
13601 if (err)
13602 return err;
13603
13604 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
13605 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
13606 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
13607 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
13608 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
13609 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
13610 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
13611 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
13612 return -EINVAL;
13613
13614 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
13615 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
13616 return -EINVAL;
13617
13618 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
13619 rdev->wiphy.wowlan->tcp->data_interval_max ||
13620 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
13621 return -EINVAL;
13622
13623 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
13624 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
13625 return -EINVAL;
13626
13627 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
13628 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
13629 return -EINVAL;
13630
13631 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
13632 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13633
13634 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
13635 tokens_size = tokln - sizeof(*tok);
13636
13637 if (!tok->len || tokens_size % tok->len)
13638 return -EINVAL;
13639 if (!rdev->wiphy.wowlan->tcp->tok)
13640 return -EINVAL;
13641 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
13642 return -EINVAL;
13643 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
13644 return -EINVAL;
13645 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
13646 return -EINVAL;
13647 if (tok->offset + tok->len > data_size)
13648 return -EINVAL;
13649 }
13650
13651 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
13652 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
13653 if (!rdev->wiphy.wowlan->tcp->seq)
13654 return -EINVAL;
13655 if (seq->len == 0 || seq->len > 4)
13656 return -EINVAL;
13657 if (seq->len + seq->offset > data_size)
13658 return -EINVAL;
13659 }
13660
13661 size = sizeof(*cfg);
13662 size += data_size;
13663 size += wake_size + wake_mask_size;
13664 size += tokens_size;
13665
13666 cfg = kzalloc(size, GFP_KERNEL);
13667 if (!cfg)
13668 return -ENOMEM;
13669 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
13670 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
13671 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
13672 ETH_ALEN);
13673 if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
13674 port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
13675 else
13676 port = 0;
13677 #ifdef CONFIG_INET
13678 /* allocate a socket and port for it and use it */
13679 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
13680 IPPROTO_TCP, &cfg->sock, 1);
13681 if (err) {
13682 kfree(cfg);
13683 return err;
13684 }
13685 if (inet_csk_get_port(cfg->sock->sk, port)) {
13686 sock_release(cfg->sock);
13687 kfree(cfg);
13688 return -EADDRINUSE;
13689 }
13690 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
13691 #else
13692 if (!port) {
13693 kfree(cfg);
13694 return -EINVAL;
13695 }
13696 cfg->src_port = port;
13697 #endif
13698
13699 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
13700 cfg->payload_len = data_size;
13701 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
13702 memcpy((void *)cfg->payload,
13703 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
13704 data_size);
13705 if (seq)
13706 cfg->payload_seq = *seq;
13707 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
13708 cfg->wake_len = wake_size;
13709 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
13710 memcpy((void *)cfg->wake_data,
13711 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
13712 wake_size);
13713 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
13714 data_size + wake_size;
13715 memcpy((void *)cfg->wake_mask,
13716 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
13717 wake_mask_size);
13718 if (tok) {
13719 cfg->tokens_size = tokens_size;
13720 cfg->payload_tok = *tok;
13721 memcpy(cfg->payload_tok.token_stream, tok->token_stream,
13722 tokens_size);
13723 }
13724
13725 trig->tcp = cfg;
13726
13727 return 0;
13728 }
13729
nl80211_parse_wowlan_nd(struct cfg80211_registered_device * rdev,const struct wiphy_wowlan_support * wowlan,struct nlattr * attr,struct cfg80211_wowlan * trig)13730 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
13731 const struct wiphy_wowlan_support *wowlan,
13732 struct nlattr *attr,
13733 struct cfg80211_wowlan *trig)
13734 {
13735 struct nlattr **tb;
13736 int err;
13737
13738 tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
13739 if (!tb)
13740 return -ENOMEM;
13741
13742 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
13743 err = -EOPNOTSUPP;
13744 goto out;
13745 }
13746
13747 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
13748 nl80211_policy, NULL);
13749 if (err)
13750 goto out;
13751
13752 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
13753 wowlan->max_nd_match_sets);
13754 err = PTR_ERR_OR_ZERO(trig->nd_config);
13755 if (err)
13756 trig->nd_config = NULL;
13757
13758 out:
13759 kfree(tb);
13760 return err;
13761 }
13762
nl80211_set_wowlan(struct sk_buff * skb,struct genl_info * info)13763 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
13764 {
13765 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13766 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
13767 struct cfg80211_wowlan new_triggers = {};
13768 struct cfg80211_wowlan *ntrig;
13769 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
13770 int err, i;
13771 bool prev_enabled = rdev->wiphy.wowlan_config;
13772 bool regular = false;
13773
13774 if (!wowlan)
13775 return -EOPNOTSUPP;
13776
13777 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
13778 cfg80211_rdev_free_wowlan(rdev);
13779 rdev->wiphy.wowlan_config = NULL;
13780 goto set_wakeup;
13781 }
13782
13783 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
13784 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
13785 nl80211_wowlan_policy, info->extack);
13786 if (err)
13787 return err;
13788
13789 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
13790 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
13791 return -EINVAL;
13792 new_triggers.any = true;
13793 }
13794
13795 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
13796 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
13797 return -EINVAL;
13798 new_triggers.disconnect = true;
13799 regular = true;
13800 }
13801
13802 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
13803 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
13804 return -EINVAL;
13805 new_triggers.magic_pkt = true;
13806 regular = true;
13807 }
13808
13809 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
13810 return -EINVAL;
13811
13812 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
13813 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
13814 return -EINVAL;
13815 new_triggers.gtk_rekey_failure = true;
13816 regular = true;
13817 }
13818
13819 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
13820 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
13821 return -EINVAL;
13822 new_triggers.eap_identity_req = true;
13823 regular = true;
13824 }
13825
13826 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
13827 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
13828 return -EINVAL;
13829 new_triggers.four_way_handshake = true;
13830 regular = true;
13831 }
13832
13833 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
13834 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
13835 return -EINVAL;
13836 new_triggers.rfkill_release = true;
13837 regular = true;
13838 }
13839
13840 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
13841 struct nlattr *pat;
13842 int n_patterns = 0;
13843 int rem, pat_len, mask_len, pkt_offset;
13844 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
13845
13846 regular = true;
13847
13848 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13849 rem)
13850 n_patterns++;
13851 if (n_patterns > wowlan->n_patterns)
13852 return -EINVAL;
13853
13854 new_triggers.patterns = kcalloc(n_patterns,
13855 sizeof(new_triggers.patterns[0]),
13856 GFP_KERNEL);
13857 if (!new_triggers.patterns)
13858 return -ENOMEM;
13859
13860 new_triggers.n_patterns = n_patterns;
13861 i = 0;
13862
13863 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
13864 rem) {
13865 u8 *mask_pat;
13866
13867 err = nla_parse_nested_deprecated(pat_tb,
13868 MAX_NL80211_PKTPAT,
13869 pat,
13870 nl80211_packet_pattern_policy,
13871 info->extack);
13872 if (err)
13873 goto error;
13874
13875 err = -EINVAL;
13876 if (!pat_tb[NL80211_PKTPAT_MASK] ||
13877 !pat_tb[NL80211_PKTPAT_PATTERN])
13878 goto error;
13879 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
13880 mask_len = DIV_ROUND_UP(pat_len, 8);
13881 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
13882 goto error;
13883 if (pat_len > wowlan->pattern_max_len ||
13884 pat_len < wowlan->pattern_min_len)
13885 goto error;
13886
13887 if (!pat_tb[NL80211_PKTPAT_OFFSET])
13888 pkt_offset = 0;
13889 else
13890 pkt_offset = nla_get_u32(
13891 pat_tb[NL80211_PKTPAT_OFFSET]);
13892 if (pkt_offset > wowlan->max_pkt_offset)
13893 goto error;
13894 new_triggers.patterns[i].pkt_offset = pkt_offset;
13895
13896 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
13897 if (!mask_pat) {
13898 err = -ENOMEM;
13899 goto error;
13900 }
13901 new_triggers.patterns[i].mask = mask_pat;
13902 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
13903 mask_len);
13904 mask_pat += mask_len;
13905 new_triggers.patterns[i].pattern = mask_pat;
13906 new_triggers.patterns[i].pattern_len = pat_len;
13907 memcpy(mask_pat,
13908 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
13909 pat_len);
13910 i++;
13911 }
13912 }
13913
13914 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
13915 regular = true;
13916 err = nl80211_parse_wowlan_tcp(
13917 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
13918 &new_triggers);
13919 if (err)
13920 goto error;
13921 }
13922
13923 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
13924 regular = true;
13925 err = nl80211_parse_wowlan_nd(
13926 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
13927 &new_triggers);
13928 if (err)
13929 goto error;
13930 }
13931
13932 /* The 'any' trigger means the device continues operating more or less
13933 * as in its normal operation mode and wakes up the host on most of the
13934 * normal interrupts (like packet RX, ...)
13935 * It therefore makes little sense to combine with the more constrained
13936 * wakeup trigger modes.
13937 */
13938 if (new_triggers.any && regular) {
13939 err = -EINVAL;
13940 goto error;
13941 }
13942
13943 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
13944 if (!ntrig) {
13945 err = -ENOMEM;
13946 goto error;
13947 }
13948 cfg80211_rdev_free_wowlan(rdev);
13949 rdev->wiphy.wowlan_config = ntrig;
13950
13951 set_wakeup:
13952 if (rdev->ops->set_wakeup &&
13953 prev_enabled != !!rdev->wiphy.wowlan_config)
13954 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
13955
13956 return 0;
13957 error:
13958 for (i = 0; i < new_triggers.n_patterns; i++)
13959 kfree(new_triggers.patterns[i].mask);
13960 kfree(new_triggers.patterns);
13961 if (new_triggers.tcp && new_triggers.tcp->sock)
13962 sock_release(new_triggers.tcp->sock);
13963 kfree(new_triggers.tcp);
13964 kfree(new_triggers.nd_config);
13965 return err;
13966 }
13967 #endif
13968
nl80211_send_coalesce_rules(struct sk_buff * msg,struct cfg80211_registered_device * rdev)13969 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
13970 struct cfg80211_registered_device *rdev)
13971 {
13972 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
13973 int i, j, pat_len;
13974 struct cfg80211_coalesce_rules *rule;
13975
13976 if (!rdev->coalesce->n_rules)
13977 return 0;
13978
13979 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
13980 if (!nl_rules)
13981 return -ENOBUFS;
13982
13983 for (i = 0; i < rdev->coalesce->n_rules; i++) {
13984 nl_rule = nla_nest_start_noflag(msg, i + 1);
13985 if (!nl_rule)
13986 return -ENOBUFS;
13987
13988 rule = &rdev->coalesce->rules[i];
13989 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
13990 rule->delay))
13991 return -ENOBUFS;
13992
13993 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
13994 rule->condition))
13995 return -ENOBUFS;
13996
13997 nl_pats = nla_nest_start_noflag(msg,
13998 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
13999 if (!nl_pats)
14000 return -ENOBUFS;
14001
14002 for (j = 0; j < rule->n_patterns; j++) {
14003 nl_pat = nla_nest_start_noflag(msg, j + 1);
14004 if (!nl_pat)
14005 return -ENOBUFS;
14006 pat_len = rule->patterns[j].pattern_len;
14007 if (nla_put(msg, NL80211_PKTPAT_MASK,
14008 DIV_ROUND_UP(pat_len, 8),
14009 rule->patterns[j].mask) ||
14010 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
14011 rule->patterns[j].pattern) ||
14012 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
14013 rule->patterns[j].pkt_offset))
14014 return -ENOBUFS;
14015 nla_nest_end(msg, nl_pat);
14016 }
14017 nla_nest_end(msg, nl_pats);
14018 nla_nest_end(msg, nl_rule);
14019 }
14020 nla_nest_end(msg, nl_rules);
14021
14022 return 0;
14023 }
14024
nl80211_get_coalesce(struct sk_buff * skb,struct genl_info * info)14025 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
14026 {
14027 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14028 struct sk_buff *msg;
14029 void *hdr;
14030
14031 if (!rdev->wiphy.coalesce)
14032 return -EOPNOTSUPP;
14033
14034 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14035 if (!msg)
14036 return -ENOMEM;
14037
14038 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14039 NL80211_CMD_GET_COALESCE);
14040 if (!hdr)
14041 goto nla_put_failure;
14042
14043 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
14044 goto nla_put_failure;
14045
14046 genlmsg_end(msg, hdr);
14047 return genlmsg_reply(msg, info);
14048
14049 nla_put_failure:
14050 nlmsg_free(msg);
14051 return -ENOBUFS;
14052 }
14053
cfg80211_free_coalesce(struct cfg80211_coalesce * coalesce)14054 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce)
14055 {
14056 int i, j;
14057 struct cfg80211_coalesce_rules *rule;
14058
14059 if (!coalesce)
14060 return;
14061
14062 for (i = 0; i < coalesce->n_rules; i++) {
14063 rule = &coalesce->rules[i];
14064 if (!rule)
14065 continue;
14066 for (j = 0; j < rule->n_patterns; j++)
14067 kfree(rule->patterns[j].mask);
14068 kfree(rule->patterns);
14069 }
14070 kfree(coalesce);
14071 }
14072
nl80211_parse_coalesce_rule(struct cfg80211_registered_device * rdev,struct nlattr * rule,struct cfg80211_coalesce_rules * new_rule)14073 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
14074 struct nlattr *rule,
14075 struct cfg80211_coalesce_rules *new_rule)
14076 {
14077 int err, i;
14078 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14079 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
14080 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
14081 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
14082
14083 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
14084 rule, nl80211_coalesce_policy, NULL);
14085 if (err)
14086 return err;
14087
14088 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
14089 new_rule->delay =
14090 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
14091 if (new_rule->delay > coalesce->max_delay)
14092 return -EINVAL;
14093
14094 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
14095 new_rule->condition =
14096 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
14097
14098 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
14099 return -EINVAL;
14100
14101 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14102 rem)
14103 n_patterns++;
14104 if (n_patterns > coalesce->n_patterns)
14105 return -EINVAL;
14106
14107 new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
14108 GFP_KERNEL);
14109 if (!new_rule->patterns)
14110 return -ENOMEM;
14111
14112 new_rule->n_patterns = n_patterns;
14113 i = 0;
14114
14115 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
14116 rem) {
14117 u8 *mask_pat;
14118
14119 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
14120 pat,
14121 nl80211_packet_pattern_policy,
14122 NULL);
14123 if (err)
14124 return err;
14125
14126 if (!pat_tb[NL80211_PKTPAT_MASK] ||
14127 !pat_tb[NL80211_PKTPAT_PATTERN])
14128 return -EINVAL;
14129 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
14130 mask_len = DIV_ROUND_UP(pat_len, 8);
14131 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
14132 return -EINVAL;
14133 if (pat_len > coalesce->pattern_max_len ||
14134 pat_len < coalesce->pattern_min_len)
14135 return -EINVAL;
14136
14137 if (!pat_tb[NL80211_PKTPAT_OFFSET])
14138 pkt_offset = 0;
14139 else
14140 pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
14141 if (pkt_offset > coalesce->max_pkt_offset)
14142 return -EINVAL;
14143 new_rule->patterns[i].pkt_offset = pkt_offset;
14144
14145 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
14146 if (!mask_pat)
14147 return -ENOMEM;
14148
14149 new_rule->patterns[i].mask = mask_pat;
14150 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
14151 mask_len);
14152
14153 mask_pat += mask_len;
14154 new_rule->patterns[i].pattern = mask_pat;
14155 new_rule->patterns[i].pattern_len = pat_len;
14156 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
14157 pat_len);
14158 i++;
14159 }
14160
14161 return 0;
14162 }
14163
nl80211_set_coalesce(struct sk_buff * skb,struct genl_info * info)14164 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
14165 {
14166 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14167 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
14168 struct cfg80211_coalesce *new_coalesce;
14169 int err, rem_rule, n_rules = 0, i;
14170 struct nlattr *rule;
14171
14172 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
14173 return -EOPNOTSUPP;
14174
14175 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
14176 cfg80211_free_coalesce(rdev->coalesce);
14177 rdev->coalesce = NULL;
14178 rdev_set_coalesce(rdev, NULL);
14179 return 0;
14180 }
14181
14182 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14183 rem_rule)
14184 n_rules++;
14185 if (n_rules > coalesce->n_rules)
14186 return -EINVAL;
14187
14188 new_coalesce = kzalloc(struct_size(new_coalesce, rules, n_rules),
14189 GFP_KERNEL);
14190 if (!new_coalesce)
14191 return -ENOMEM;
14192
14193 new_coalesce->n_rules = n_rules;
14194 i = 0;
14195
14196 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
14197 rem_rule) {
14198 err = nl80211_parse_coalesce_rule(rdev, rule,
14199 &new_coalesce->rules[i]);
14200 if (err)
14201 goto error;
14202
14203 i++;
14204 }
14205
14206 err = rdev_set_coalesce(rdev, new_coalesce);
14207 if (err)
14208 goto error;
14209
14210 cfg80211_free_coalesce(rdev->coalesce);
14211 rdev->coalesce = new_coalesce;
14212
14213 return 0;
14214 error:
14215 cfg80211_free_coalesce(new_coalesce);
14216
14217 return err;
14218 }
14219
nl80211_set_rekey_data(struct sk_buff * skb,struct genl_info * info)14220 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
14221 {
14222 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14223 struct net_device *dev = info->user_ptr[1];
14224 struct wireless_dev *wdev = dev->ieee80211_ptr;
14225 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
14226 struct cfg80211_gtk_rekey_data rekey_data = {};
14227 int err;
14228
14229 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
14230 return -EINVAL;
14231
14232 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
14233 info->attrs[NL80211_ATTR_REKEY_DATA],
14234 nl80211_rekey_policy, info->extack);
14235 if (err)
14236 return err;
14237
14238 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
14239 !tb[NL80211_REKEY_DATA_KCK])
14240 return -EINVAL;
14241 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
14242 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14243 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
14244 return -ERANGE;
14245 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
14246 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
14247 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
14248 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
14249 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
14250 return -ERANGE;
14251
14252 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
14253 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
14254 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
14255 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
14256 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
14257 if (tb[NL80211_REKEY_DATA_AKM])
14258 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
14259
14260 if (!wdev->connected)
14261 return -ENOTCONN;
14262
14263 if (!rdev->ops->set_rekey_data)
14264 return -EOPNOTSUPP;
14265
14266 return rdev_set_rekey_data(rdev, dev, &rekey_data);
14267 }
14268
nl80211_register_unexpected_frame(struct sk_buff * skb,struct genl_info * info)14269 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
14270 struct genl_info *info)
14271 {
14272 struct net_device *dev = info->user_ptr[1];
14273 struct wireless_dev *wdev = dev->ieee80211_ptr;
14274
14275 if (wdev->iftype != NL80211_IFTYPE_AP &&
14276 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14277 return -EINVAL;
14278
14279 if (wdev->ap_unexpected_nlportid)
14280 return -EBUSY;
14281
14282 wdev->ap_unexpected_nlportid = info->snd_portid;
14283 return 0;
14284 }
14285
nl80211_probe_client(struct sk_buff * skb,struct genl_info * info)14286 static int nl80211_probe_client(struct sk_buff *skb,
14287 struct genl_info *info)
14288 {
14289 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14290 struct net_device *dev = info->user_ptr[1];
14291 struct wireless_dev *wdev = dev->ieee80211_ptr;
14292 struct sk_buff *msg;
14293 void *hdr;
14294 const u8 *addr;
14295 u64 cookie;
14296 int err;
14297
14298 if (wdev->iftype != NL80211_IFTYPE_AP &&
14299 wdev->iftype != NL80211_IFTYPE_P2P_GO)
14300 return -EOPNOTSUPP;
14301
14302 if (!info->attrs[NL80211_ATTR_MAC])
14303 return -EINVAL;
14304
14305 if (!rdev->ops->probe_client)
14306 return -EOPNOTSUPP;
14307
14308 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14309 if (!msg)
14310 return -ENOMEM;
14311
14312 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14313 NL80211_CMD_PROBE_CLIENT);
14314 if (!hdr) {
14315 err = -ENOBUFS;
14316 goto free_msg;
14317 }
14318
14319 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14320
14321 err = rdev_probe_client(rdev, dev, addr, &cookie);
14322 if (err)
14323 goto free_msg;
14324
14325 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14326 NL80211_ATTR_PAD))
14327 goto nla_put_failure;
14328
14329 genlmsg_end(msg, hdr);
14330
14331 return genlmsg_reply(msg, info);
14332
14333 nla_put_failure:
14334 err = -ENOBUFS;
14335 free_msg:
14336 nlmsg_free(msg);
14337 return err;
14338 }
14339
nl80211_register_beacons(struct sk_buff * skb,struct genl_info * info)14340 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
14341 {
14342 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14343 struct cfg80211_beacon_registration *reg, *nreg;
14344 int rv;
14345
14346 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
14347 return -EOPNOTSUPP;
14348
14349 nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
14350 if (!nreg)
14351 return -ENOMEM;
14352
14353 /* First, check if already registered. */
14354 spin_lock_bh(&rdev->beacon_registrations_lock);
14355 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
14356 if (reg->nlportid == info->snd_portid) {
14357 rv = -EALREADY;
14358 goto out_err;
14359 }
14360 }
14361 /* Add it to the list */
14362 nreg->nlportid = info->snd_portid;
14363 list_add(&nreg->list, &rdev->beacon_registrations);
14364
14365 spin_unlock_bh(&rdev->beacon_registrations_lock);
14366
14367 return 0;
14368 out_err:
14369 spin_unlock_bh(&rdev->beacon_registrations_lock);
14370 kfree(nreg);
14371 return rv;
14372 }
14373
nl80211_start_p2p_device(struct sk_buff * skb,struct genl_info * info)14374 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
14375 {
14376 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14377 struct wireless_dev *wdev = info->user_ptr[1];
14378 int err;
14379
14380 if (!rdev->ops->start_p2p_device)
14381 return -EOPNOTSUPP;
14382
14383 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14384 return -EOPNOTSUPP;
14385
14386 if (wdev_running(wdev))
14387 return 0;
14388
14389 if (rfkill_blocked(rdev->wiphy.rfkill))
14390 return -ERFKILL;
14391
14392 err = rdev_start_p2p_device(rdev, wdev);
14393 if (err)
14394 return err;
14395
14396 wdev->is_running = true;
14397 rdev->opencount++;
14398
14399 return 0;
14400 }
14401
nl80211_stop_p2p_device(struct sk_buff * skb,struct genl_info * info)14402 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
14403 {
14404 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14405 struct wireless_dev *wdev = info->user_ptr[1];
14406
14407 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
14408 return -EOPNOTSUPP;
14409
14410 if (!rdev->ops->stop_p2p_device)
14411 return -EOPNOTSUPP;
14412
14413 cfg80211_stop_p2p_device(rdev, wdev);
14414
14415 return 0;
14416 }
14417
nl80211_start_nan(struct sk_buff * skb,struct genl_info * info)14418 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
14419 {
14420 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14421 struct wireless_dev *wdev = info->user_ptr[1];
14422 struct cfg80211_nan_conf conf = {};
14423 int err;
14424
14425 if (wdev->iftype != NL80211_IFTYPE_NAN)
14426 return -EOPNOTSUPP;
14427
14428 if (wdev_running(wdev))
14429 return -EEXIST;
14430
14431 if (rfkill_blocked(rdev->wiphy.rfkill))
14432 return -ERFKILL;
14433
14434 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
14435 return -EINVAL;
14436
14437 conf.master_pref =
14438 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14439
14440 if (info->attrs[NL80211_ATTR_BANDS]) {
14441 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14442
14443 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14444 return -EOPNOTSUPP;
14445
14446 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14447 return -EINVAL;
14448
14449 conf.bands = bands;
14450 }
14451
14452 err = rdev_start_nan(rdev, wdev, &conf);
14453 if (err)
14454 return err;
14455
14456 wdev->is_running = true;
14457 rdev->opencount++;
14458
14459 return 0;
14460 }
14461
nl80211_stop_nan(struct sk_buff * skb,struct genl_info * info)14462 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
14463 {
14464 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14465 struct wireless_dev *wdev = info->user_ptr[1];
14466
14467 if (wdev->iftype != NL80211_IFTYPE_NAN)
14468 return -EOPNOTSUPP;
14469
14470 cfg80211_stop_nan(rdev, wdev);
14471
14472 return 0;
14473 }
14474
validate_nan_filter(struct nlattr * filter_attr)14475 static int validate_nan_filter(struct nlattr *filter_attr)
14476 {
14477 struct nlattr *attr;
14478 int len = 0, n_entries = 0, rem;
14479
14480 nla_for_each_nested(attr, filter_attr, rem) {
14481 len += nla_len(attr);
14482 n_entries++;
14483 }
14484
14485 if (len >= U8_MAX)
14486 return -EINVAL;
14487
14488 return n_entries;
14489 }
14490
handle_nan_filter(struct nlattr * attr_filter,struct cfg80211_nan_func * func,bool tx)14491 static int handle_nan_filter(struct nlattr *attr_filter,
14492 struct cfg80211_nan_func *func,
14493 bool tx)
14494 {
14495 struct nlattr *attr;
14496 int n_entries, rem, i;
14497 struct cfg80211_nan_func_filter *filter;
14498
14499 n_entries = validate_nan_filter(attr_filter);
14500 if (n_entries < 0)
14501 return n_entries;
14502
14503 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
14504
14505 filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
14506 if (!filter)
14507 return -ENOMEM;
14508
14509 i = 0;
14510 nla_for_each_nested(attr, attr_filter, rem) {
14511 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
14512 if (!filter[i].filter)
14513 goto err;
14514
14515 filter[i].len = nla_len(attr);
14516 i++;
14517 }
14518 if (tx) {
14519 func->num_tx_filters = n_entries;
14520 func->tx_filters = filter;
14521 } else {
14522 func->num_rx_filters = n_entries;
14523 func->rx_filters = filter;
14524 }
14525
14526 return 0;
14527
14528 err:
14529 i = 0;
14530 nla_for_each_nested(attr, attr_filter, rem) {
14531 kfree(filter[i].filter);
14532 i++;
14533 }
14534 kfree(filter);
14535 return -ENOMEM;
14536 }
14537
nl80211_nan_add_func(struct sk_buff * skb,struct genl_info * info)14538 static int nl80211_nan_add_func(struct sk_buff *skb,
14539 struct genl_info *info)
14540 {
14541 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14542 struct wireless_dev *wdev = info->user_ptr[1];
14543 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
14544 struct cfg80211_nan_func *func;
14545 struct sk_buff *msg = NULL;
14546 void *hdr = NULL;
14547 int err = 0;
14548
14549 if (wdev->iftype != NL80211_IFTYPE_NAN)
14550 return -EOPNOTSUPP;
14551
14552 if (!wdev_running(wdev))
14553 return -ENOTCONN;
14554
14555 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
14556 return -EINVAL;
14557
14558 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
14559 info->attrs[NL80211_ATTR_NAN_FUNC],
14560 nl80211_nan_func_policy,
14561 info->extack);
14562 if (err)
14563 return err;
14564
14565 func = kzalloc(sizeof(*func), GFP_KERNEL);
14566 if (!func)
14567 return -ENOMEM;
14568
14569 func->cookie = cfg80211_assign_cookie(rdev);
14570
14571 if (!tb[NL80211_NAN_FUNC_TYPE]) {
14572 err = -EINVAL;
14573 goto out;
14574 }
14575
14576
14577 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
14578
14579 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
14580 err = -EINVAL;
14581 goto out;
14582 }
14583
14584 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
14585 sizeof(func->service_id));
14586
14587 func->close_range =
14588 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
14589
14590 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
14591 func->serv_spec_info_len =
14592 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
14593 func->serv_spec_info =
14594 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
14595 func->serv_spec_info_len,
14596 GFP_KERNEL);
14597 if (!func->serv_spec_info) {
14598 err = -ENOMEM;
14599 goto out;
14600 }
14601 }
14602
14603 if (tb[NL80211_NAN_FUNC_TTL])
14604 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
14605
14606 switch (func->type) {
14607 case NL80211_NAN_FUNC_PUBLISH:
14608 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
14609 err = -EINVAL;
14610 goto out;
14611 }
14612
14613 func->publish_type =
14614 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
14615 func->publish_bcast =
14616 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
14617
14618 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
14619 func->publish_bcast) {
14620 err = -EINVAL;
14621 goto out;
14622 }
14623 break;
14624 case NL80211_NAN_FUNC_SUBSCRIBE:
14625 func->subscribe_active =
14626 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
14627 break;
14628 case NL80211_NAN_FUNC_FOLLOW_UP:
14629 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
14630 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
14631 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
14632 err = -EINVAL;
14633 goto out;
14634 }
14635
14636 func->followup_id =
14637 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
14638 func->followup_reqid =
14639 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
14640 memcpy(func->followup_dest.addr,
14641 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
14642 sizeof(func->followup_dest.addr));
14643 if (func->ttl) {
14644 err = -EINVAL;
14645 goto out;
14646 }
14647 break;
14648 default:
14649 err = -EINVAL;
14650 goto out;
14651 }
14652
14653 if (tb[NL80211_NAN_FUNC_SRF]) {
14654 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
14655
14656 err = nla_parse_nested_deprecated(srf_tb,
14657 NL80211_NAN_SRF_ATTR_MAX,
14658 tb[NL80211_NAN_FUNC_SRF],
14659 nl80211_nan_srf_policy,
14660 info->extack);
14661 if (err)
14662 goto out;
14663
14664 func->srf_include =
14665 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
14666
14667 if (srf_tb[NL80211_NAN_SRF_BF]) {
14668 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
14669 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
14670 err = -EINVAL;
14671 goto out;
14672 }
14673
14674 func->srf_bf_len =
14675 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
14676 func->srf_bf =
14677 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
14678 func->srf_bf_len, GFP_KERNEL);
14679 if (!func->srf_bf) {
14680 err = -ENOMEM;
14681 goto out;
14682 }
14683
14684 func->srf_bf_idx =
14685 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
14686 } else {
14687 struct nlattr *attr, *mac_attr =
14688 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
14689 int n_entries, rem, i = 0;
14690
14691 if (!mac_attr) {
14692 err = -EINVAL;
14693 goto out;
14694 }
14695
14696 n_entries = validate_acl_mac_addrs(mac_attr);
14697 if (n_entries <= 0) {
14698 err = -EINVAL;
14699 goto out;
14700 }
14701
14702 func->srf_num_macs = n_entries;
14703 func->srf_macs =
14704 kcalloc(n_entries, sizeof(*func->srf_macs),
14705 GFP_KERNEL);
14706 if (!func->srf_macs) {
14707 err = -ENOMEM;
14708 goto out;
14709 }
14710
14711 nla_for_each_nested(attr, mac_attr, rem)
14712 memcpy(func->srf_macs[i++].addr, nla_data(attr),
14713 sizeof(*func->srf_macs));
14714 }
14715 }
14716
14717 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
14718 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
14719 func, true);
14720 if (err)
14721 goto out;
14722 }
14723
14724 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
14725 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
14726 func, false);
14727 if (err)
14728 goto out;
14729 }
14730
14731 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14732 if (!msg) {
14733 err = -ENOMEM;
14734 goto out;
14735 }
14736
14737 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14738 NL80211_CMD_ADD_NAN_FUNCTION);
14739 /* This can't really happen - we just allocated 4KB */
14740 if (WARN_ON(!hdr)) {
14741 err = -ENOMEM;
14742 goto out;
14743 }
14744
14745 err = rdev_add_nan_func(rdev, wdev, func);
14746 out:
14747 if (err < 0) {
14748 cfg80211_free_nan_func(func);
14749 nlmsg_free(msg);
14750 return err;
14751 }
14752
14753 /* propagate the instance id and cookie to userspace */
14754 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
14755 NL80211_ATTR_PAD))
14756 goto nla_put_failure;
14757
14758 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14759 if (!func_attr)
14760 goto nla_put_failure;
14761
14762 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
14763 func->instance_id))
14764 goto nla_put_failure;
14765
14766 nla_nest_end(msg, func_attr);
14767
14768 genlmsg_end(msg, hdr);
14769 return genlmsg_reply(msg, info);
14770
14771 nla_put_failure:
14772 nlmsg_free(msg);
14773 return -ENOBUFS;
14774 }
14775
nl80211_nan_del_func(struct sk_buff * skb,struct genl_info * info)14776 static int nl80211_nan_del_func(struct sk_buff *skb,
14777 struct genl_info *info)
14778 {
14779 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14780 struct wireless_dev *wdev = info->user_ptr[1];
14781 u64 cookie;
14782
14783 if (wdev->iftype != NL80211_IFTYPE_NAN)
14784 return -EOPNOTSUPP;
14785
14786 if (!wdev_running(wdev))
14787 return -ENOTCONN;
14788
14789 if (!info->attrs[NL80211_ATTR_COOKIE])
14790 return -EINVAL;
14791
14792 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14793
14794 rdev_del_nan_func(rdev, wdev, cookie);
14795
14796 return 0;
14797 }
14798
nl80211_nan_change_config(struct sk_buff * skb,struct genl_info * info)14799 static int nl80211_nan_change_config(struct sk_buff *skb,
14800 struct genl_info *info)
14801 {
14802 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14803 struct wireless_dev *wdev = info->user_ptr[1];
14804 struct cfg80211_nan_conf conf = {};
14805 u32 changed = 0;
14806
14807 if (wdev->iftype != NL80211_IFTYPE_NAN)
14808 return -EOPNOTSUPP;
14809
14810 if (!wdev_running(wdev))
14811 return -ENOTCONN;
14812
14813 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
14814 conf.master_pref =
14815 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
14816 if (conf.master_pref <= 1 || conf.master_pref == 255)
14817 return -EINVAL;
14818
14819 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
14820 }
14821
14822 if (info->attrs[NL80211_ATTR_BANDS]) {
14823 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
14824
14825 if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
14826 return -EOPNOTSUPP;
14827
14828 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
14829 return -EINVAL;
14830
14831 conf.bands = bands;
14832 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
14833 }
14834
14835 if (!changed)
14836 return -EINVAL;
14837
14838 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
14839 }
14840
cfg80211_nan_match(struct wireless_dev * wdev,struct cfg80211_nan_match_params * match,gfp_t gfp)14841 void cfg80211_nan_match(struct wireless_dev *wdev,
14842 struct cfg80211_nan_match_params *match, gfp_t gfp)
14843 {
14844 struct wiphy *wiphy = wdev->wiphy;
14845 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14846 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
14847 struct sk_buff *msg;
14848 void *hdr;
14849
14850 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
14851 return;
14852
14853 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14854 if (!msg)
14855 return;
14856
14857 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
14858 if (!hdr) {
14859 nlmsg_free(msg);
14860 return;
14861 }
14862
14863 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14864 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14865 wdev->netdev->ifindex)) ||
14866 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14867 NL80211_ATTR_PAD))
14868 goto nla_put_failure;
14869
14870 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
14871 NL80211_ATTR_PAD) ||
14872 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
14873 goto nla_put_failure;
14874
14875 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
14876 if (!match_attr)
14877 goto nla_put_failure;
14878
14879 local_func_attr = nla_nest_start_noflag(msg,
14880 NL80211_NAN_MATCH_FUNC_LOCAL);
14881 if (!local_func_attr)
14882 goto nla_put_failure;
14883
14884 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
14885 goto nla_put_failure;
14886
14887 nla_nest_end(msg, local_func_attr);
14888
14889 peer_func_attr = nla_nest_start_noflag(msg,
14890 NL80211_NAN_MATCH_FUNC_PEER);
14891 if (!peer_func_attr)
14892 goto nla_put_failure;
14893
14894 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
14895 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
14896 goto nla_put_failure;
14897
14898 if (match->info && match->info_len &&
14899 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
14900 match->info))
14901 goto nla_put_failure;
14902
14903 nla_nest_end(msg, peer_func_attr);
14904 nla_nest_end(msg, match_attr);
14905 genlmsg_end(msg, hdr);
14906
14907 if (!wdev->owner_nlportid)
14908 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14909 msg, 0, NL80211_MCGRP_NAN, gfp);
14910 else
14911 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14912 wdev->owner_nlportid);
14913
14914 return;
14915
14916 nla_put_failure:
14917 nlmsg_free(msg);
14918 }
14919 EXPORT_SYMBOL(cfg80211_nan_match);
14920
cfg80211_nan_func_terminated(struct wireless_dev * wdev,u8 inst_id,enum nl80211_nan_func_term_reason reason,u64 cookie,gfp_t gfp)14921 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
14922 u8 inst_id,
14923 enum nl80211_nan_func_term_reason reason,
14924 u64 cookie, gfp_t gfp)
14925 {
14926 struct wiphy *wiphy = wdev->wiphy;
14927 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14928 struct sk_buff *msg;
14929 struct nlattr *func_attr;
14930 void *hdr;
14931
14932 if (WARN_ON(!inst_id))
14933 return;
14934
14935 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14936 if (!msg)
14937 return;
14938
14939 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
14940 if (!hdr) {
14941 nlmsg_free(msg);
14942 return;
14943 }
14944
14945 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14946 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14947 wdev->netdev->ifindex)) ||
14948 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14949 NL80211_ATTR_PAD))
14950 goto nla_put_failure;
14951
14952 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14953 NL80211_ATTR_PAD))
14954 goto nla_put_failure;
14955
14956 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
14957 if (!func_attr)
14958 goto nla_put_failure;
14959
14960 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
14961 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
14962 goto nla_put_failure;
14963
14964 nla_nest_end(msg, func_attr);
14965 genlmsg_end(msg, hdr);
14966
14967 if (!wdev->owner_nlportid)
14968 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
14969 msg, 0, NL80211_MCGRP_NAN, gfp);
14970 else
14971 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
14972 wdev->owner_nlportid);
14973
14974 return;
14975
14976 nla_put_failure:
14977 nlmsg_free(msg);
14978 }
14979 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
14980
nl80211_get_protocol_features(struct sk_buff * skb,struct genl_info * info)14981 static int nl80211_get_protocol_features(struct sk_buff *skb,
14982 struct genl_info *info)
14983 {
14984 void *hdr;
14985 struct sk_buff *msg;
14986
14987 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14988 if (!msg)
14989 return -ENOMEM;
14990
14991 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14992 NL80211_CMD_GET_PROTOCOL_FEATURES);
14993 if (!hdr)
14994 goto nla_put_failure;
14995
14996 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
14997 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
14998 goto nla_put_failure;
14999
15000 genlmsg_end(msg, hdr);
15001 return genlmsg_reply(msg, info);
15002
15003 nla_put_failure:
15004 kfree_skb(msg);
15005 return -ENOBUFS;
15006 }
15007
nl80211_update_ft_ies(struct sk_buff * skb,struct genl_info * info)15008 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
15009 {
15010 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15011 struct cfg80211_update_ft_ies_params ft_params;
15012 struct net_device *dev = info->user_ptr[1];
15013
15014 if (!rdev->ops->update_ft_ies)
15015 return -EOPNOTSUPP;
15016
15017 if (!info->attrs[NL80211_ATTR_MDID] ||
15018 !info->attrs[NL80211_ATTR_IE])
15019 return -EINVAL;
15020
15021 memset(&ft_params, 0, sizeof(ft_params));
15022 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
15023 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15024 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15025
15026 return rdev_update_ft_ies(rdev, dev, &ft_params);
15027 }
15028
nl80211_crit_protocol_start(struct sk_buff * skb,struct genl_info * info)15029 static int nl80211_crit_protocol_start(struct sk_buff *skb,
15030 struct genl_info *info)
15031 {
15032 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15033 struct wireless_dev *wdev = info->user_ptr[1];
15034 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
15035 u16 duration;
15036 int ret;
15037
15038 if (!rdev->ops->crit_proto_start)
15039 return -EOPNOTSUPP;
15040
15041 if (WARN_ON(!rdev->ops->crit_proto_stop))
15042 return -EINVAL;
15043
15044 if (rdev->crit_proto_nlportid)
15045 return -EBUSY;
15046
15047 /* determine protocol if provided */
15048 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
15049 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
15050
15051 if (proto >= NUM_NL80211_CRIT_PROTO)
15052 return -EINVAL;
15053
15054 /* timeout must be provided */
15055 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
15056 return -EINVAL;
15057
15058 duration =
15059 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
15060
15061 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
15062 if (!ret)
15063 rdev->crit_proto_nlportid = info->snd_portid;
15064
15065 return ret;
15066 }
15067
nl80211_crit_protocol_stop(struct sk_buff * skb,struct genl_info * info)15068 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
15069 struct genl_info *info)
15070 {
15071 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15072 struct wireless_dev *wdev = info->user_ptr[1];
15073
15074 if (!rdev->ops->crit_proto_stop)
15075 return -EOPNOTSUPP;
15076
15077 if (rdev->crit_proto_nlportid) {
15078 rdev->crit_proto_nlportid = 0;
15079 rdev_crit_proto_stop(rdev, wdev);
15080 }
15081 return 0;
15082 }
15083
nl80211_vendor_check_policy(const struct wiphy_vendor_command * vcmd,struct nlattr * attr,struct netlink_ext_ack * extack)15084 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
15085 struct nlattr *attr,
15086 struct netlink_ext_ack *extack)
15087 {
15088 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
15089 if (attr->nla_type & NLA_F_NESTED) {
15090 NL_SET_ERR_MSG_ATTR(extack, attr,
15091 "unexpected nested data");
15092 return -EINVAL;
15093 }
15094
15095 return 0;
15096 }
15097
15098 if (!(attr->nla_type & NLA_F_NESTED)) {
15099 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
15100 return -EINVAL;
15101 }
15102
15103 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
15104 }
15105
nl80211_vendor_cmd(struct sk_buff * skb,struct genl_info * info)15106 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
15107 {
15108 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15109 struct wireless_dev *wdev =
15110 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
15111 info->attrs);
15112 int i, err;
15113 u32 vid, subcmd;
15114
15115 if (!rdev->wiphy.vendor_commands)
15116 return -EOPNOTSUPP;
15117
15118 if (IS_ERR(wdev)) {
15119 err = PTR_ERR(wdev);
15120 if (err != -EINVAL)
15121 return err;
15122 wdev = NULL;
15123 } else if (wdev->wiphy != &rdev->wiphy) {
15124 return -EINVAL;
15125 }
15126
15127 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
15128 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
15129 return -EINVAL;
15130
15131 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
15132 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
15133 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
15134 const struct wiphy_vendor_command *vcmd;
15135 void *data = NULL;
15136 int len = 0;
15137
15138 vcmd = &rdev->wiphy.vendor_commands[i];
15139
15140 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15141 continue;
15142
15143 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15144 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15145 if (!wdev)
15146 return -EINVAL;
15147 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15148 !wdev->netdev)
15149 return -EINVAL;
15150
15151 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15152 if (!wdev_running(wdev))
15153 return -ENETDOWN;
15154 }
15155 } else {
15156 wdev = NULL;
15157 }
15158
15159 if (!vcmd->doit)
15160 return -EOPNOTSUPP;
15161
15162 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
15163 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15164 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
15165
15166 err = nl80211_vendor_check_policy(vcmd,
15167 info->attrs[NL80211_ATTR_VENDOR_DATA],
15168 info->extack);
15169 if (err)
15170 return err;
15171 }
15172
15173 rdev->cur_cmd_info = info;
15174 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
15175 rdev->cur_cmd_info = NULL;
15176 return err;
15177 }
15178
15179 return -EOPNOTSUPP;
15180 }
15181
nl80211_prepare_vendor_dump(struct sk_buff * skb,struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)15182 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
15183 struct netlink_callback *cb,
15184 struct cfg80211_registered_device **rdev,
15185 struct wireless_dev **wdev)
15186 {
15187 struct nlattr **attrbuf;
15188 u32 vid, subcmd;
15189 unsigned int i;
15190 int vcmd_idx = -1;
15191 int err;
15192 void *data = NULL;
15193 unsigned int data_len = 0;
15194
15195 if (cb->args[0]) {
15196 /* subtract the 1 again here */
15197 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
15198 struct wireless_dev *tmp;
15199
15200 if (!wiphy)
15201 return -ENODEV;
15202 *rdev = wiphy_to_rdev(wiphy);
15203 *wdev = NULL;
15204
15205 if (cb->args[1]) {
15206 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
15207 if (tmp->identifier == cb->args[1] - 1) {
15208 *wdev = tmp;
15209 break;
15210 }
15211 }
15212 }
15213
15214 /* keep rtnl locked in successful case */
15215 return 0;
15216 }
15217
15218 attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
15219 if (!attrbuf)
15220 return -ENOMEM;
15221
15222 err = nlmsg_parse_deprecated(cb->nlh,
15223 GENL_HDRLEN + nl80211_fam.hdrsize,
15224 attrbuf, nl80211_fam.maxattr,
15225 nl80211_policy, NULL);
15226 if (err)
15227 goto out;
15228
15229 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
15230 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
15231 err = -EINVAL;
15232 goto out;
15233 }
15234
15235 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
15236 if (IS_ERR(*wdev))
15237 *wdev = NULL;
15238
15239 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
15240 if (IS_ERR(*rdev)) {
15241 err = PTR_ERR(*rdev);
15242 goto out;
15243 }
15244
15245 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
15246 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
15247
15248 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
15249 const struct wiphy_vendor_command *vcmd;
15250
15251 vcmd = &(*rdev)->wiphy.vendor_commands[i];
15252
15253 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
15254 continue;
15255
15256 if (!vcmd->dumpit) {
15257 err = -EOPNOTSUPP;
15258 goto out;
15259 }
15260
15261 vcmd_idx = i;
15262 break;
15263 }
15264
15265 if (vcmd_idx < 0) {
15266 err = -EOPNOTSUPP;
15267 goto out;
15268 }
15269
15270 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
15271 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15272 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
15273
15274 err = nl80211_vendor_check_policy(
15275 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
15276 attrbuf[NL80211_ATTR_VENDOR_DATA],
15277 cb->extack);
15278 if (err)
15279 goto out;
15280 }
15281
15282 /* 0 is the first index - add 1 to parse only once */
15283 cb->args[0] = (*rdev)->wiphy_idx + 1;
15284 /* add 1 to know if it was NULL */
15285 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
15286 cb->args[2] = vcmd_idx;
15287 cb->args[3] = (unsigned long)data;
15288 cb->args[4] = data_len;
15289
15290 /* keep rtnl locked in successful case */
15291 err = 0;
15292 out:
15293 kfree(attrbuf);
15294 return err;
15295 }
15296
nl80211_vendor_cmd_dump(struct sk_buff * skb,struct netlink_callback * cb)15297 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
15298 struct netlink_callback *cb)
15299 {
15300 struct cfg80211_registered_device *rdev;
15301 struct wireless_dev *wdev;
15302 unsigned int vcmd_idx;
15303 const struct wiphy_vendor_command *vcmd;
15304 void *data;
15305 int data_len;
15306 int err;
15307 struct nlattr *vendor_data;
15308
15309 rtnl_lock();
15310 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
15311 if (err)
15312 goto out;
15313
15314 vcmd_idx = cb->args[2];
15315 data = (void *)cb->args[3];
15316 data_len = cb->args[4];
15317 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
15318
15319 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
15320 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
15321 if (!wdev) {
15322 err = -EINVAL;
15323 goto out;
15324 }
15325 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
15326 !wdev->netdev) {
15327 err = -EINVAL;
15328 goto out;
15329 }
15330
15331 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
15332 if (!wdev_running(wdev)) {
15333 err = -ENETDOWN;
15334 goto out;
15335 }
15336 }
15337 }
15338
15339 while (1) {
15340 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
15341 cb->nlh->nlmsg_seq, NLM_F_MULTI,
15342 NL80211_CMD_VENDOR);
15343 if (!hdr)
15344 break;
15345
15346 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15347 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
15348 wdev_id(wdev),
15349 NL80211_ATTR_PAD))) {
15350 genlmsg_cancel(skb, hdr);
15351 break;
15352 }
15353
15354 vendor_data = nla_nest_start_noflag(skb,
15355 NL80211_ATTR_VENDOR_DATA);
15356 if (!vendor_data) {
15357 genlmsg_cancel(skb, hdr);
15358 break;
15359 }
15360
15361 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
15362 (unsigned long *)&cb->args[5]);
15363 nla_nest_end(skb, vendor_data);
15364
15365 if (err == -ENOBUFS || err == -ENOENT) {
15366 genlmsg_cancel(skb, hdr);
15367 break;
15368 } else if (err <= 0) {
15369 genlmsg_cancel(skb, hdr);
15370 goto out;
15371 }
15372
15373 genlmsg_end(skb, hdr);
15374 }
15375
15376 err = skb->len;
15377 out:
15378 rtnl_unlock();
15379 return err;
15380 }
15381
__cfg80211_alloc_reply_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int approxlen)15382 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
15383 enum nl80211_commands cmd,
15384 enum nl80211_attrs attr,
15385 int approxlen)
15386 {
15387 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15388
15389 if (WARN_ON(!rdev->cur_cmd_info))
15390 return NULL;
15391
15392 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
15393 rdev->cur_cmd_info->snd_portid,
15394 rdev->cur_cmd_info->snd_seq,
15395 cmd, attr, NULL, GFP_KERNEL);
15396 }
15397 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
15398
cfg80211_vendor_cmd_reply(struct sk_buff * skb)15399 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
15400 {
15401 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
15402 void *hdr = ((void **)skb->cb)[1];
15403 struct nlattr *data = ((void **)skb->cb)[2];
15404
15405 /* clear CB data for netlink core to own from now on */
15406 memset(skb->cb, 0, sizeof(skb->cb));
15407
15408 if (WARN_ON(!rdev->cur_cmd_info)) {
15409 kfree_skb(skb);
15410 return -EINVAL;
15411 }
15412
15413 nla_nest_end(skb, data);
15414 genlmsg_end(skb, hdr);
15415 return genlmsg_reply(skb, rdev->cur_cmd_info);
15416 }
15417 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
15418
cfg80211_vendor_cmd_get_sender(struct wiphy * wiphy)15419 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
15420 {
15421 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15422
15423 if (WARN_ON(!rdev->cur_cmd_info))
15424 return 0;
15425
15426 return rdev->cur_cmd_info->snd_portid;
15427 }
15428 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
15429
nl80211_set_qos_map(struct sk_buff * skb,struct genl_info * info)15430 static int nl80211_set_qos_map(struct sk_buff *skb,
15431 struct genl_info *info)
15432 {
15433 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15434 struct cfg80211_qos_map *qos_map = NULL;
15435 struct net_device *dev = info->user_ptr[1];
15436 u8 *pos, len, num_des, des_len, des;
15437 int ret;
15438
15439 if (!rdev->ops->set_qos_map)
15440 return -EOPNOTSUPP;
15441
15442 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
15443 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
15444 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
15445
15446 if (len % 2)
15447 return -EINVAL;
15448
15449 qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
15450 if (!qos_map)
15451 return -ENOMEM;
15452
15453 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
15454 if (num_des) {
15455 des_len = num_des *
15456 sizeof(struct cfg80211_dscp_exception);
15457 memcpy(qos_map->dscp_exception, pos, des_len);
15458 qos_map->num_des = num_des;
15459 for (des = 0; des < num_des; des++) {
15460 if (qos_map->dscp_exception[des].up > 7) {
15461 kfree(qos_map);
15462 return -EINVAL;
15463 }
15464 }
15465 pos += des_len;
15466 }
15467 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
15468 }
15469
15470 ret = nl80211_key_allowed(dev->ieee80211_ptr);
15471 if (!ret)
15472 ret = rdev_set_qos_map(rdev, dev, qos_map);
15473
15474 kfree(qos_map);
15475 return ret;
15476 }
15477
nl80211_add_tx_ts(struct sk_buff * skb,struct genl_info * info)15478 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
15479 {
15480 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15481 struct net_device *dev = info->user_ptr[1];
15482 struct wireless_dev *wdev = dev->ieee80211_ptr;
15483 const u8 *peer;
15484 u8 tsid, up;
15485 u16 admitted_time = 0;
15486
15487 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
15488 return -EOPNOTSUPP;
15489
15490 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
15491 !info->attrs[NL80211_ATTR_USER_PRIO])
15492 return -EINVAL;
15493
15494 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15495 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
15496
15497 /* WMM uses TIDs 0-7 even for TSPEC */
15498 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
15499 /* TODO: handle 802.11 TSPEC/admission control
15500 * need more attributes for that (e.g. BA session requirement);
15501 * change the WMM adminssion test above to allow both then
15502 */
15503 return -EINVAL;
15504 }
15505
15506 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15507
15508 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
15509 admitted_time =
15510 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
15511 if (!admitted_time)
15512 return -EINVAL;
15513 }
15514
15515 switch (wdev->iftype) {
15516 case NL80211_IFTYPE_STATION:
15517 case NL80211_IFTYPE_P2P_CLIENT:
15518 if (wdev->connected)
15519 break;
15520 return -ENOTCONN;
15521 default:
15522 return -EOPNOTSUPP;
15523 }
15524
15525 return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
15526 }
15527
nl80211_del_tx_ts(struct sk_buff * skb,struct genl_info * info)15528 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
15529 {
15530 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15531 struct net_device *dev = info->user_ptr[1];
15532 const u8 *peer;
15533 u8 tsid;
15534
15535 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
15536 return -EINVAL;
15537
15538 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
15539 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
15540
15541 return rdev_del_tx_ts(rdev, dev, tsid, peer);
15542 }
15543
nl80211_tdls_channel_switch(struct sk_buff * skb,struct genl_info * info)15544 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
15545 struct genl_info *info)
15546 {
15547 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15548 struct net_device *dev = info->user_ptr[1];
15549 struct wireless_dev *wdev = dev->ieee80211_ptr;
15550 struct cfg80211_chan_def chandef = {};
15551 const u8 *addr;
15552 u8 oper_class;
15553 int err;
15554
15555 if (!rdev->ops->tdls_channel_switch ||
15556 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15557 return -EOPNOTSUPP;
15558
15559 switch (dev->ieee80211_ptr->iftype) {
15560 case NL80211_IFTYPE_STATION:
15561 case NL80211_IFTYPE_P2P_CLIENT:
15562 break;
15563 default:
15564 return -EOPNOTSUPP;
15565 }
15566
15567 if (!info->attrs[NL80211_ATTR_MAC] ||
15568 !info->attrs[NL80211_ATTR_OPER_CLASS])
15569 return -EINVAL;
15570
15571 err = nl80211_parse_chandef(rdev, info, &chandef);
15572 if (err)
15573 return err;
15574
15575 /*
15576 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
15577 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
15578 * specification is not defined for them.
15579 */
15580 if (chandef.chan->band == NL80211_BAND_2GHZ &&
15581 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
15582 chandef.width != NL80211_CHAN_WIDTH_20)
15583 return -EINVAL;
15584
15585 /* we will be active on the TDLS link */
15586 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
15587 wdev->iftype))
15588 return -EINVAL;
15589
15590 /* don't allow switching to DFS channels */
15591 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
15592 return -EINVAL;
15593
15594 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15595 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
15596
15597 return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
15598 }
15599
nl80211_tdls_cancel_channel_switch(struct sk_buff * skb,struct genl_info * info)15600 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
15601 struct genl_info *info)
15602 {
15603 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15604 struct net_device *dev = info->user_ptr[1];
15605 const u8 *addr;
15606
15607 if (!rdev->ops->tdls_channel_switch ||
15608 !rdev->ops->tdls_cancel_channel_switch ||
15609 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
15610 return -EOPNOTSUPP;
15611
15612 switch (dev->ieee80211_ptr->iftype) {
15613 case NL80211_IFTYPE_STATION:
15614 case NL80211_IFTYPE_P2P_CLIENT:
15615 break;
15616 default:
15617 return -EOPNOTSUPP;
15618 }
15619
15620 if (!info->attrs[NL80211_ATTR_MAC])
15621 return -EINVAL;
15622
15623 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15624
15625 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
15626
15627 return 0;
15628 }
15629
nl80211_set_multicast_to_unicast(struct sk_buff * skb,struct genl_info * info)15630 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
15631 struct genl_info *info)
15632 {
15633 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15634 struct net_device *dev = info->user_ptr[1];
15635 struct wireless_dev *wdev = dev->ieee80211_ptr;
15636 const struct nlattr *nla;
15637 bool enabled;
15638
15639 if (!rdev->ops->set_multicast_to_unicast)
15640 return -EOPNOTSUPP;
15641
15642 if (wdev->iftype != NL80211_IFTYPE_AP &&
15643 wdev->iftype != NL80211_IFTYPE_P2P_GO)
15644 return -EOPNOTSUPP;
15645
15646 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
15647 enabled = nla_get_flag(nla);
15648
15649 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
15650 }
15651
nl80211_set_pmk(struct sk_buff * skb,struct genl_info * info)15652 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
15653 {
15654 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15655 struct net_device *dev = info->user_ptr[1];
15656 struct wireless_dev *wdev = dev->ieee80211_ptr;
15657 struct cfg80211_pmk_conf pmk_conf = {};
15658
15659 if (wdev->iftype != NL80211_IFTYPE_STATION &&
15660 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15661 return -EOPNOTSUPP;
15662
15663 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15664 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15665 return -EOPNOTSUPP;
15666
15667 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
15668 return -EINVAL;
15669
15670 if (!wdev->connected)
15671 return -ENOTCONN;
15672
15673 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15674 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
15675 return -EINVAL;
15676
15677 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
15678 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
15679 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
15680 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
15681 return -EINVAL;
15682
15683 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
15684 pmk_conf.pmk_r0_name =
15685 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
15686
15687 return rdev_set_pmk(rdev, dev, &pmk_conf);
15688 }
15689
nl80211_del_pmk(struct sk_buff * skb,struct genl_info * info)15690 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
15691 {
15692 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15693 struct net_device *dev = info->user_ptr[1];
15694 struct wireless_dev *wdev = dev->ieee80211_ptr;
15695 const u8 *aa;
15696
15697 if (wdev->iftype != NL80211_IFTYPE_STATION &&
15698 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
15699 return -EOPNOTSUPP;
15700
15701 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15702 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
15703 return -EOPNOTSUPP;
15704
15705 if (!info->attrs[NL80211_ATTR_MAC])
15706 return -EINVAL;
15707
15708 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
15709 return rdev_del_pmk(rdev, dev, aa);
15710 }
15711
nl80211_external_auth(struct sk_buff * skb,struct genl_info * info)15712 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
15713 {
15714 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15715 struct net_device *dev = info->user_ptr[1];
15716 struct cfg80211_external_auth_params params;
15717
15718 if (!rdev->ops->external_auth)
15719 return -EOPNOTSUPP;
15720
15721 if (!info->attrs[NL80211_ATTR_SSID] &&
15722 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
15723 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
15724 return -EINVAL;
15725
15726 if (!info->attrs[NL80211_ATTR_BSSID])
15727 return -EINVAL;
15728
15729 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
15730 return -EINVAL;
15731
15732 memset(¶ms, 0, sizeof(params));
15733
15734 if (info->attrs[NL80211_ATTR_SSID]) {
15735 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
15736 if (params.ssid.ssid_len == 0)
15737 return -EINVAL;
15738 memcpy(params.ssid.ssid,
15739 nla_data(info->attrs[NL80211_ATTR_SSID]),
15740 params.ssid.ssid_len);
15741 }
15742
15743 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
15744 ETH_ALEN);
15745
15746 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15747
15748 if (info->attrs[NL80211_ATTR_PMKID])
15749 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
15750
15751 return rdev_external_auth(rdev, dev, ¶ms);
15752 }
15753
nl80211_tx_control_port(struct sk_buff * skb,struct genl_info * info)15754 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
15755 {
15756 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
15757 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15758 struct net_device *dev = info->user_ptr[1];
15759 struct wireless_dev *wdev = dev->ieee80211_ptr;
15760 const u8 *buf;
15761 size_t len;
15762 u8 *dest;
15763 u16 proto;
15764 bool noencrypt;
15765 u64 cookie = 0;
15766 int link_id;
15767 int err;
15768
15769 if (!wiphy_ext_feature_isset(&rdev->wiphy,
15770 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
15771 return -EOPNOTSUPP;
15772
15773 if (!rdev->ops->tx_control_port)
15774 return -EOPNOTSUPP;
15775
15776 if (!info->attrs[NL80211_ATTR_FRAME] ||
15777 !info->attrs[NL80211_ATTR_MAC] ||
15778 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
15779 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
15780 return -EINVAL;
15781 }
15782
15783 switch (wdev->iftype) {
15784 case NL80211_IFTYPE_AP:
15785 case NL80211_IFTYPE_P2P_GO:
15786 case NL80211_IFTYPE_MESH_POINT:
15787 break;
15788 case NL80211_IFTYPE_ADHOC:
15789 if (wdev->u.ibss.current_bss)
15790 break;
15791 return -ENOTCONN;
15792 case NL80211_IFTYPE_STATION:
15793 case NL80211_IFTYPE_P2P_CLIENT:
15794 if (wdev->connected)
15795 break;
15796 return -ENOTCONN;
15797 default:
15798 return -EOPNOTSUPP;
15799 }
15800
15801 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15802 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15803 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15804 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
15805 noencrypt =
15806 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
15807
15808 link_id = nl80211_link_id_or_invalid(info->attrs);
15809
15810 err = rdev_tx_control_port(rdev, dev, buf, len,
15811 dest, cpu_to_be16(proto), noencrypt, link_id,
15812 dont_wait_for_ack ? NULL : &cookie);
15813 if (!err && !dont_wait_for_ack)
15814 nl_set_extack_cookie_u64(info->extack, cookie);
15815 return err;
15816 }
15817
nl80211_get_ftm_responder_stats(struct sk_buff * skb,struct genl_info * info)15818 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
15819 struct genl_info *info)
15820 {
15821 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15822 struct net_device *dev = info->user_ptr[1];
15823 struct wireless_dev *wdev = dev->ieee80211_ptr;
15824 struct cfg80211_ftm_responder_stats ftm_stats = {};
15825 unsigned int link_id = nl80211_link_id(info->attrs);
15826 struct sk_buff *msg;
15827 void *hdr;
15828 struct nlattr *ftm_stats_attr;
15829 int err;
15830
15831 if (wdev->iftype != NL80211_IFTYPE_AP ||
15832 !wdev->links[link_id].ap.beacon_interval)
15833 return -EOPNOTSUPP;
15834
15835 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
15836 if (err)
15837 return err;
15838
15839 if (!ftm_stats.filled)
15840 return -ENODATA;
15841
15842 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15843 if (!msg)
15844 return -ENOMEM;
15845
15846 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15847 NL80211_CMD_GET_FTM_RESPONDER_STATS);
15848 if (!hdr)
15849 goto nla_put_failure;
15850
15851 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15852 goto nla_put_failure;
15853
15854 ftm_stats_attr = nla_nest_start_noflag(msg,
15855 NL80211_ATTR_FTM_RESPONDER_STATS);
15856 if (!ftm_stats_attr)
15857 goto nla_put_failure;
15858
15859 #define SET_FTM(field, name, type) \
15860 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15861 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
15862 ftm_stats.field)) \
15863 goto nla_put_failure; } while (0)
15864 #define SET_FTM_U64(field, name) \
15865 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
15866 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
15867 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
15868 goto nla_put_failure; } while (0)
15869
15870 SET_FTM(success_num, SUCCESS_NUM, u32);
15871 SET_FTM(partial_num, PARTIAL_NUM, u32);
15872 SET_FTM(failed_num, FAILED_NUM, u32);
15873 SET_FTM(asap_num, ASAP_NUM, u32);
15874 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
15875 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
15876 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
15877 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
15878 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
15879 #undef SET_FTM
15880
15881 nla_nest_end(msg, ftm_stats_attr);
15882
15883 genlmsg_end(msg, hdr);
15884 return genlmsg_reply(msg, info);
15885
15886 nla_put_failure:
15887 nlmsg_free(msg);
15888 return -ENOBUFS;
15889 }
15890
nl80211_update_owe_info(struct sk_buff * skb,struct genl_info * info)15891 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
15892 {
15893 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15894 struct cfg80211_update_owe_info owe_info;
15895 struct net_device *dev = info->user_ptr[1];
15896
15897 if (!rdev->ops->update_owe_info)
15898 return -EOPNOTSUPP;
15899
15900 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
15901 !info->attrs[NL80211_ATTR_MAC])
15902 return -EINVAL;
15903
15904 memset(&owe_info, 0, sizeof(owe_info));
15905 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
15906 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
15907
15908 if (info->attrs[NL80211_ATTR_IE]) {
15909 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
15910 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
15911 }
15912
15913 return rdev_update_owe_info(rdev, dev, &owe_info);
15914 }
15915
nl80211_probe_mesh_link(struct sk_buff * skb,struct genl_info * info)15916 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
15917 {
15918 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15919 struct net_device *dev = info->user_ptr[1];
15920 struct wireless_dev *wdev = dev->ieee80211_ptr;
15921 struct station_info sinfo = {};
15922 const u8 *buf;
15923 size_t len;
15924 u8 *dest;
15925 int err;
15926
15927 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
15928 return -EOPNOTSUPP;
15929
15930 if (!info->attrs[NL80211_ATTR_MAC] ||
15931 !info->attrs[NL80211_ATTR_FRAME]) {
15932 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
15933 return -EINVAL;
15934 }
15935
15936 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
15937 return -EOPNOTSUPP;
15938
15939 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
15940 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
15941 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
15942
15943 if (len < sizeof(struct ethhdr))
15944 return -EINVAL;
15945
15946 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
15947 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
15948 return -EINVAL;
15949
15950 err = rdev_get_station(rdev, dev, dest, &sinfo);
15951 if (err)
15952 return err;
15953
15954 cfg80211_sinfo_release_content(&sinfo);
15955
15956 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
15957 }
15958
parse_tid_conf(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct net_device * dev,struct cfg80211_tid_cfg * tid_conf,struct genl_info * info,const u8 * peer,unsigned int link_id)15959 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
15960 struct nlattr *attrs[], struct net_device *dev,
15961 struct cfg80211_tid_cfg *tid_conf,
15962 struct genl_info *info, const u8 *peer,
15963 unsigned int link_id)
15964 {
15965 struct netlink_ext_ack *extack = info->extack;
15966 u64 mask;
15967 int err;
15968
15969 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
15970 return -EINVAL;
15971
15972 tid_conf->config_override =
15973 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
15974 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
15975
15976 if (tid_conf->config_override) {
15977 if (rdev->ops->reset_tid_config) {
15978 err = rdev_reset_tid_config(rdev, dev, peer,
15979 tid_conf->tids);
15980 if (err)
15981 return err;
15982 } else {
15983 return -EINVAL;
15984 }
15985 }
15986
15987 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
15988 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
15989 tid_conf->noack =
15990 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
15991 }
15992
15993 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
15994 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
15995 tid_conf->retry_short =
15996 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
15997
15998 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
15999 return -EINVAL;
16000 }
16001
16002 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
16003 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
16004 tid_conf->retry_long =
16005 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
16006
16007 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
16008 return -EINVAL;
16009 }
16010
16011 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
16012 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
16013 tid_conf->ampdu =
16014 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
16015 }
16016
16017 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
16018 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
16019 tid_conf->rtscts =
16020 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
16021 }
16022
16023 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
16024 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
16025 tid_conf->amsdu =
16026 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
16027 }
16028
16029 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
16030 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
16031
16032 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
16033
16034 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
16035 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
16036 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
16037 &tid_conf->txrate_mask, dev,
16038 true, link_id);
16039 if (err)
16040 return err;
16041
16042 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
16043 }
16044 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
16045 }
16046
16047 if (peer)
16048 mask = rdev->wiphy.tid_config_support.peer;
16049 else
16050 mask = rdev->wiphy.tid_config_support.vif;
16051
16052 if (tid_conf->mask & ~mask) {
16053 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
16054 return -EOPNOTSUPP;
16055 }
16056
16057 return 0;
16058 }
16059
nl80211_set_tid_config(struct sk_buff * skb,struct genl_info * info)16060 static int nl80211_set_tid_config(struct sk_buff *skb,
16061 struct genl_info *info)
16062 {
16063 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16064 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
16065 unsigned int link_id = nl80211_link_id(info->attrs);
16066 struct net_device *dev = info->user_ptr[1];
16067 struct cfg80211_tid_config *tid_config;
16068 struct nlattr *tid;
16069 int conf_idx = 0, rem_conf;
16070 int ret = -EINVAL;
16071 u32 num_conf = 0;
16072
16073 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
16074 return -EINVAL;
16075
16076 if (!rdev->ops->set_tid_config)
16077 return -EOPNOTSUPP;
16078
16079 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16080 rem_conf)
16081 num_conf++;
16082
16083 tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
16084 GFP_KERNEL);
16085 if (!tid_config)
16086 return -ENOMEM;
16087
16088 tid_config->n_tid_conf = num_conf;
16089
16090 if (info->attrs[NL80211_ATTR_MAC])
16091 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
16092
16093 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
16094 rem_conf) {
16095 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
16096 tid, NULL, NULL);
16097
16098 if (ret)
16099 goto bad_tid_conf;
16100
16101 ret = parse_tid_conf(rdev, attrs, dev,
16102 &tid_config->tid_conf[conf_idx],
16103 info, tid_config->peer, link_id);
16104 if (ret)
16105 goto bad_tid_conf;
16106
16107 conf_idx++;
16108 }
16109
16110 ret = rdev_set_tid_config(rdev, dev, tid_config);
16111
16112 bad_tid_conf:
16113 kfree(tid_config);
16114 return ret;
16115 }
16116
nl80211_color_change(struct sk_buff * skb,struct genl_info * info)16117 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
16118 {
16119 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16120 struct cfg80211_color_change_settings params = {};
16121 struct net_device *dev = info->user_ptr[1];
16122 struct wireless_dev *wdev = dev->ieee80211_ptr;
16123 struct nlattr **tb;
16124 u16 offset;
16125 int err;
16126
16127 if (!rdev->ops->color_change)
16128 return -EOPNOTSUPP;
16129
16130 if (!wiphy_ext_feature_isset(&rdev->wiphy,
16131 NL80211_EXT_FEATURE_BSS_COLOR))
16132 return -EOPNOTSUPP;
16133
16134 if (wdev->iftype != NL80211_IFTYPE_AP)
16135 return -EOPNOTSUPP;
16136
16137 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
16138 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
16139 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
16140 return -EINVAL;
16141
16142 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
16143 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
16144
16145 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next,
16146 info->extack);
16147 if (err)
16148 return err;
16149
16150 tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
16151 if (!tb)
16152 return -ENOMEM;
16153
16154 err = nla_parse_nested(tb, NL80211_ATTR_MAX,
16155 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
16156 nl80211_policy, info->extack);
16157 if (err)
16158 goto out;
16159
16160 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change,
16161 info->extack);
16162 if (err)
16163 goto out;
16164
16165 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
16166 err = -EINVAL;
16167 goto out;
16168 }
16169
16170 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
16171 err = -EINVAL;
16172 goto out;
16173 }
16174
16175 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
16176 if (offset >= params.beacon_color_change.tail_len) {
16177 err = -EINVAL;
16178 goto out;
16179 }
16180
16181 if (params.beacon_color_change.tail[offset] != params.count) {
16182 err = -EINVAL;
16183 goto out;
16184 }
16185
16186 params.counter_offset_beacon = offset;
16187
16188 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
16189 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
16190 sizeof(u16)) {
16191 err = -EINVAL;
16192 goto out;
16193 }
16194
16195 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
16196 if (offset >= params.beacon_color_change.probe_resp_len) {
16197 err = -EINVAL;
16198 goto out;
16199 }
16200
16201 if (params.beacon_color_change.probe_resp[offset] !=
16202 params.count) {
16203 err = -EINVAL;
16204 goto out;
16205 }
16206
16207 params.counter_offset_presp = offset;
16208 }
16209
16210 params.link_id = nl80211_link_id(info->attrs);
16211 err = rdev_color_change(rdev, dev, ¶ms);
16212
16213 out:
16214 kfree(params.beacon_next.mbssid_ies);
16215 kfree(params.beacon_color_change.mbssid_ies);
16216 kfree(params.beacon_next.rnr_ies);
16217 kfree(params.beacon_color_change.rnr_ies);
16218 kfree(tb);
16219 return err;
16220 }
16221
nl80211_set_fils_aad(struct sk_buff * skb,struct genl_info * info)16222 static int nl80211_set_fils_aad(struct sk_buff *skb,
16223 struct genl_info *info)
16224 {
16225 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16226 struct net_device *dev = info->user_ptr[1];
16227 struct cfg80211_fils_aad fils_aad = {};
16228 u8 *nonces;
16229
16230 if (!info->attrs[NL80211_ATTR_MAC] ||
16231 !info->attrs[NL80211_ATTR_FILS_KEK] ||
16232 !info->attrs[NL80211_ATTR_FILS_NONCES])
16233 return -EINVAL;
16234
16235 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16236 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
16237 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
16238 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
16239 fils_aad.snonce = nonces;
16240 fils_aad.anonce = nonces + FILS_NONCE_LEN;
16241
16242 return rdev_set_fils_aad(rdev, dev, &fils_aad);
16243 }
16244
nl80211_add_link(struct sk_buff * skb,struct genl_info * info)16245 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
16246 {
16247 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16248 unsigned int link_id = nl80211_link_id(info->attrs);
16249 struct net_device *dev = info->user_ptr[1];
16250 struct wireless_dev *wdev = dev->ieee80211_ptr;
16251 int ret;
16252
16253 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
16254 return -EINVAL;
16255
16256 switch (wdev->iftype) {
16257 case NL80211_IFTYPE_AP:
16258 break;
16259 default:
16260 return -EINVAL;
16261 }
16262
16263 if (!info->attrs[NL80211_ATTR_MAC] ||
16264 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
16265 return -EINVAL;
16266
16267 wdev->valid_links |= BIT(link_id);
16268 ether_addr_copy(wdev->links[link_id].addr,
16269 nla_data(info->attrs[NL80211_ATTR_MAC]));
16270
16271 ret = rdev_add_intf_link(rdev, wdev, link_id);
16272 if (ret) {
16273 wdev->valid_links &= ~BIT(link_id);
16274 eth_zero_addr(wdev->links[link_id].addr);
16275 }
16276
16277 return ret;
16278 }
16279
nl80211_remove_link(struct sk_buff * skb,struct genl_info * info)16280 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
16281 {
16282 unsigned int link_id = nl80211_link_id(info->attrs);
16283 struct net_device *dev = info->user_ptr[1];
16284 struct wireless_dev *wdev = dev->ieee80211_ptr;
16285
16286 /* cannot remove if there's no link */
16287 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16288 return -EINVAL;
16289
16290 switch (wdev->iftype) {
16291 case NL80211_IFTYPE_AP:
16292 break;
16293 default:
16294 return -EINVAL;
16295 }
16296
16297 cfg80211_remove_link(wdev, link_id);
16298
16299 return 0;
16300 }
16301
16302 static int
nl80211_add_mod_link_station(struct sk_buff * skb,struct genl_info * info,bool add)16303 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
16304 bool add)
16305 {
16306 struct link_station_parameters params = {};
16307 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16308 struct net_device *dev = info->user_ptr[1];
16309 int err;
16310
16311 if ((add && !rdev->ops->add_link_station) ||
16312 (!add && !rdev->ops->mod_link_station))
16313 return -EOPNOTSUPP;
16314
16315 if (add && !info->attrs[NL80211_ATTR_MAC])
16316 return -EINVAL;
16317
16318 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
16319 return -EINVAL;
16320
16321 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
16322 return -EINVAL;
16323
16324 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16325
16326 if (info->attrs[NL80211_ATTR_MAC]) {
16327 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
16328 if (!is_valid_ether_addr(params.link_mac))
16329 return -EINVAL;
16330 }
16331
16332 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
16333 return -EINVAL;
16334
16335 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16336
16337 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
16338 params.supported_rates =
16339 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16340 params.supported_rates_len =
16341 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
16342 }
16343
16344 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
16345 params.ht_capa =
16346 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
16347
16348 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
16349 params.vht_capa =
16350 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
16351
16352 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
16353 params.he_capa =
16354 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16355 params.he_capa_len =
16356 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
16357
16358 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
16359 params.eht_capa =
16360 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16361 params.eht_capa_len =
16362 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
16363
16364 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
16365 (const u8 *)params.eht_capa,
16366 params.eht_capa_len,
16367 false))
16368 return -EINVAL;
16369 }
16370 }
16371
16372 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
16373 params.he_6ghz_capa =
16374 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
16375
16376 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
16377 params.opmode_notif_used = true;
16378 params.opmode_notif =
16379 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
16380 }
16381
16382 err = nl80211_parse_sta_txpower_setting(info, ¶ms.txpwr,
16383 ¶ms.txpwr_set);
16384 if (err)
16385 return err;
16386
16387 if (add)
16388 return rdev_add_link_station(rdev, dev, ¶ms);
16389
16390 return rdev_mod_link_station(rdev, dev, ¶ms);
16391 }
16392
16393 static int
nl80211_add_link_station(struct sk_buff * skb,struct genl_info * info)16394 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
16395 {
16396 return nl80211_add_mod_link_station(skb, info, true);
16397 }
16398
16399 static int
nl80211_modify_link_station(struct sk_buff * skb,struct genl_info * info)16400 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
16401 {
16402 return nl80211_add_mod_link_station(skb, info, false);
16403 }
16404
16405 static int
nl80211_remove_link_station(struct sk_buff * skb,struct genl_info * info)16406 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
16407 {
16408 struct link_station_del_parameters params = {};
16409 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16410 struct net_device *dev = info->user_ptr[1];
16411
16412 if (!rdev->ops->del_link_station)
16413 return -EOPNOTSUPP;
16414
16415 if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
16416 !info->attrs[NL80211_ATTR_MLO_LINK_ID])
16417 return -EINVAL;
16418
16419 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
16420 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
16421
16422 return rdev_del_link_station(rdev, dev, ¶ms);
16423 }
16424
nl80211_set_hw_timestamp(struct sk_buff * skb,struct genl_info * info)16425 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
16426 struct genl_info *info)
16427 {
16428 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16429 struct net_device *dev = info->user_ptr[1];
16430 struct cfg80211_set_hw_timestamp hwts = {};
16431
16432 if (!rdev->wiphy.hw_timestamp_max_peers)
16433 return -EOPNOTSUPP;
16434
16435 if (!info->attrs[NL80211_ATTR_MAC] &&
16436 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
16437 return -EOPNOTSUPP;
16438
16439 if (info->attrs[NL80211_ATTR_MAC])
16440 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16441
16442 hwts.enable =
16443 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
16444
16445 return rdev_set_hw_timestamp(rdev, dev, &hwts);
16446 }
16447
16448 static int
nl80211_set_ttlm(struct sk_buff * skb,struct genl_info * info)16449 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
16450 {
16451 struct cfg80211_ttlm_params params = {};
16452 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16453 struct net_device *dev = info->user_ptr[1];
16454 struct wireless_dev *wdev = dev->ieee80211_ptr;
16455
16456 if (wdev->iftype != NL80211_IFTYPE_STATION &&
16457 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
16458 return -EOPNOTSUPP;
16459
16460 if (!wdev->connected)
16461 return -ENOLINK;
16462
16463 if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
16464 !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
16465 return -EINVAL;
16466
16467 nla_memcpy(params.dlink,
16468 info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
16469 sizeof(params.dlink));
16470 nla_memcpy(params.ulink,
16471 info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
16472 sizeof(params.ulink));
16473
16474 return rdev_set_ttlm(rdev, dev, ¶ms);
16475 }
16476
16477 #define NL80211_FLAG_NEED_WIPHY 0x01
16478 #define NL80211_FLAG_NEED_NETDEV 0x02
16479 #define NL80211_FLAG_NEED_RTNL 0x04
16480 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
16481 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
16482 NL80211_FLAG_CHECK_NETDEV_UP)
16483 #define NL80211_FLAG_NEED_WDEV 0x10
16484 /* If a netdev is associated, it must be UP, P2P must be started */
16485 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
16486 NL80211_FLAG_CHECK_NETDEV_UP)
16487 #define NL80211_FLAG_CLEAR_SKB 0x20
16488 #define NL80211_FLAG_NO_WIPHY_MTX 0x40
16489 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80
16490 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100
16491
16492 #define INTERNAL_FLAG_SELECTORS(__sel) \
16493 SELECTOR(__sel, NONE, 0) /* must be first */ \
16494 SELECTOR(__sel, WIPHY, \
16495 NL80211_FLAG_NEED_WIPHY) \
16496 SELECTOR(__sel, WDEV, \
16497 NL80211_FLAG_NEED_WDEV) \
16498 SELECTOR(__sel, NETDEV, \
16499 NL80211_FLAG_NEED_NETDEV) \
16500 SELECTOR(__sel, NETDEV_LINK, \
16501 NL80211_FLAG_NEED_NETDEV | \
16502 NL80211_FLAG_MLO_VALID_LINK_ID) \
16503 SELECTOR(__sel, NETDEV_NO_MLO, \
16504 NL80211_FLAG_NEED_NETDEV | \
16505 NL80211_FLAG_MLO_UNSUPPORTED) \
16506 SELECTOR(__sel, WIPHY_RTNL, \
16507 NL80211_FLAG_NEED_WIPHY | \
16508 NL80211_FLAG_NEED_RTNL) \
16509 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \
16510 NL80211_FLAG_NEED_WIPHY | \
16511 NL80211_FLAG_NEED_RTNL | \
16512 NL80211_FLAG_NO_WIPHY_MTX) \
16513 SELECTOR(__sel, WDEV_RTNL, \
16514 NL80211_FLAG_NEED_WDEV | \
16515 NL80211_FLAG_NEED_RTNL) \
16516 SELECTOR(__sel, NETDEV_RTNL, \
16517 NL80211_FLAG_NEED_NETDEV | \
16518 NL80211_FLAG_NEED_RTNL) \
16519 SELECTOR(__sel, NETDEV_UP, \
16520 NL80211_FLAG_NEED_NETDEV_UP) \
16521 SELECTOR(__sel, NETDEV_UP_LINK, \
16522 NL80211_FLAG_NEED_NETDEV_UP | \
16523 NL80211_FLAG_MLO_VALID_LINK_ID) \
16524 SELECTOR(__sel, NETDEV_UP_NO_MLO, \
16525 NL80211_FLAG_NEED_NETDEV_UP | \
16526 NL80211_FLAG_MLO_UNSUPPORTED) \
16527 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \
16528 NL80211_FLAG_NEED_NETDEV_UP | \
16529 NL80211_FLAG_CLEAR_SKB | \
16530 NL80211_FLAG_MLO_UNSUPPORTED) \
16531 SELECTOR(__sel, NETDEV_UP_NOTMX, \
16532 NL80211_FLAG_NEED_NETDEV_UP | \
16533 NL80211_FLAG_NO_WIPHY_MTX) \
16534 SELECTOR(__sel, NETDEV_UP_NOTMX_MLO, \
16535 NL80211_FLAG_NEED_NETDEV_UP | \
16536 NL80211_FLAG_NO_WIPHY_MTX | \
16537 NL80211_FLAG_MLO_VALID_LINK_ID) \
16538 SELECTOR(__sel, NETDEV_UP_CLEAR, \
16539 NL80211_FLAG_NEED_NETDEV_UP | \
16540 NL80211_FLAG_CLEAR_SKB) \
16541 SELECTOR(__sel, WDEV_UP, \
16542 NL80211_FLAG_NEED_WDEV_UP) \
16543 SELECTOR(__sel, WDEV_UP_LINK, \
16544 NL80211_FLAG_NEED_WDEV_UP | \
16545 NL80211_FLAG_MLO_VALID_LINK_ID) \
16546 SELECTOR(__sel, WDEV_UP_RTNL, \
16547 NL80211_FLAG_NEED_WDEV_UP | \
16548 NL80211_FLAG_NEED_RTNL) \
16549 SELECTOR(__sel, WIPHY_CLEAR, \
16550 NL80211_FLAG_NEED_WIPHY | \
16551 NL80211_FLAG_CLEAR_SKB)
16552
16553 enum nl80211_internal_flags_selector {
16554 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name,
16555 INTERNAL_FLAG_SELECTORS(_)
16556 #undef SELECTOR
16557 };
16558
16559 static u32 nl80211_internal_flags[] = {
16560 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value,
16561 INTERNAL_FLAG_SELECTORS(_)
16562 #undef SELECTOR
16563 };
16564
nl80211_pre_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)16565 static int nl80211_pre_doit(const struct genl_split_ops *ops,
16566 struct sk_buff *skb,
16567 struct genl_info *info)
16568 {
16569 struct cfg80211_registered_device *rdev = NULL;
16570 struct wireless_dev *wdev = NULL;
16571 struct net_device *dev = NULL;
16572 u32 internal_flags;
16573 int err;
16574
16575 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
16576 return -EINVAL;
16577
16578 internal_flags = nl80211_internal_flags[ops->internal_flags];
16579
16580 rtnl_lock();
16581 if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
16582 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
16583 if (IS_ERR(rdev)) {
16584 err = PTR_ERR(rdev);
16585 goto out_unlock;
16586 }
16587 info->user_ptr[0] = rdev;
16588 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
16589 internal_flags & NL80211_FLAG_NEED_WDEV) {
16590 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
16591 info->attrs);
16592 if (IS_ERR(wdev)) {
16593 err = PTR_ERR(wdev);
16594 goto out_unlock;
16595 }
16596
16597 dev = wdev->netdev;
16598 dev_hold(dev);
16599 rdev = wiphy_to_rdev(wdev->wiphy);
16600
16601 if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
16602 if (!dev) {
16603 err = -EINVAL;
16604 goto out_unlock;
16605 }
16606
16607 info->user_ptr[1] = dev;
16608 } else {
16609 info->user_ptr[1] = wdev;
16610 }
16611
16612 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
16613 !wdev_running(wdev)) {
16614 err = -ENETDOWN;
16615 goto out_unlock;
16616 }
16617
16618 info->user_ptr[0] = rdev;
16619 }
16620
16621 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
16622 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
16623
16624 if (!wdev) {
16625 err = -EINVAL;
16626 goto out_unlock;
16627 }
16628
16629 /* MLO -> require valid link ID */
16630 if (wdev->valid_links &&
16631 (!link_id ||
16632 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
16633 err = -EINVAL;
16634 goto out_unlock;
16635 }
16636
16637 /* non-MLO -> no link ID attribute accepted */
16638 if (!wdev->valid_links && link_id) {
16639 err = -EINVAL;
16640 goto out_unlock;
16641 }
16642 }
16643
16644 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
16645 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
16646 (wdev && wdev->valid_links)) {
16647 err = -EINVAL;
16648 goto out_unlock;
16649 }
16650 }
16651
16652 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16653 wiphy_lock(&rdev->wiphy);
16654 /* we keep the mutex locked until post_doit */
16655 __release(&rdev->wiphy.mtx);
16656 }
16657 if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
16658 rtnl_unlock();
16659
16660 return 0;
16661 out_unlock:
16662 rtnl_unlock();
16663 dev_put(dev);
16664 return err;
16665 }
16666
nl80211_post_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)16667 static void nl80211_post_doit(const struct genl_split_ops *ops,
16668 struct sk_buff *skb,
16669 struct genl_info *info)
16670 {
16671 u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
16672
16673 if (info->user_ptr[1]) {
16674 if (internal_flags & NL80211_FLAG_NEED_WDEV) {
16675 struct wireless_dev *wdev = info->user_ptr[1];
16676
16677 dev_put(wdev->netdev);
16678 } else {
16679 dev_put(info->user_ptr[1]);
16680 }
16681 }
16682
16683 if (info->user_ptr[0] &&
16684 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
16685 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16686
16687 /* we kept the mutex locked since pre_doit */
16688 __acquire(&rdev->wiphy.mtx);
16689 wiphy_unlock(&rdev->wiphy);
16690 }
16691
16692 if (internal_flags & NL80211_FLAG_NEED_RTNL)
16693 rtnl_unlock();
16694
16695 /* If needed, clear the netlink message payload from the SKB
16696 * as it might contain key data that shouldn't stick around on
16697 * the heap after the SKB is freed. The netlink message header
16698 * is still needed for further processing, so leave it intact.
16699 */
16700 if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
16701 struct nlmsghdr *nlh = nlmsg_hdr(skb);
16702
16703 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
16704 }
16705 }
16706
nl80211_set_sar_sub_specs(struct cfg80211_registered_device * rdev,struct cfg80211_sar_specs * sar_specs,struct nlattr * spec[],int index)16707 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
16708 struct cfg80211_sar_specs *sar_specs,
16709 struct nlattr *spec[], int index)
16710 {
16711 u32 range_index, i;
16712
16713 if (!sar_specs || !spec)
16714 return -EINVAL;
16715
16716 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
16717 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
16718 return -EINVAL;
16719
16720 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
16721
16722 /* check if range_index exceeds num_freq_ranges */
16723 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
16724 return -EINVAL;
16725
16726 /* check if range_index duplicates */
16727 for (i = 0; i < index; i++) {
16728 if (sar_specs->sub_specs[i].freq_range_index == range_index)
16729 return -EINVAL;
16730 }
16731
16732 sar_specs->sub_specs[index].power =
16733 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
16734
16735 sar_specs->sub_specs[index].freq_range_index = range_index;
16736
16737 return 0;
16738 }
16739
nl80211_set_sar_specs(struct sk_buff * skb,struct genl_info * info)16740 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
16741 {
16742 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16743 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
16744 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
16745 struct cfg80211_sar_specs *sar_spec;
16746 enum nl80211_sar_type type;
16747 struct nlattr *spec_list;
16748 u32 specs;
16749 int rem, err;
16750
16751 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
16752 return -EOPNOTSUPP;
16753
16754 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
16755 return -EINVAL;
16756
16757 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
16758 info->attrs[NL80211_ATTR_SAR_SPEC],
16759 NULL, NULL);
16760
16761 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
16762 return -EINVAL;
16763
16764 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
16765 if (type != rdev->wiphy.sar_capa->type)
16766 return -EINVAL;
16767
16768 specs = 0;
16769 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
16770 specs++;
16771
16772 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
16773 return -EINVAL;
16774
16775 sar_spec = kzalloc(struct_size(sar_spec, sub_specs, specs), GFP_KERNEL);
16776 if (!sar_spec)
16777 return -ENOMEM;
16778
16779 sar_spec->type = type;
16780 specs = 0;
16781 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
16782 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
16783 spec_list, NULL, NULL);
16784
16785 switch (type) {
16786 case NL80211_SAR_TYPE_POWER:
16787 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
16788 spec, specs)) {
16789 err = -EINVAL;
16790 goto error;
16791 }
16792 break;
16793 default:
16794 err = -EINVAL;
16795 goto error;
16796 }
16797 specs++;
16798 }
16799
16800 sar_spec->num_sub_specs = specs;
16801
16802 rdev->cur_cmd_info = info;
16803 err = rdev_set_sar_specs(rdev, sar_spec);
16804 rdev->cur_cmd_info = NULL;
16805 error:
16806 kfree(sar_spec);
16807 return err;
16808 }
16809
16810 #define SELECTOR(__sel, name, value) \
16811 ((__sel) == (value)) ? NL80211_IFL_SEL_##name :
16812 int __missing_selector(void);
16813 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
16814
16815 static const struct genl_ops nl80211_ops[] = {
16816 {
16817 .cmd = NL80211_CMD_GET_WIPHY,
16818 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16819 .doit = nl80211_get_wiphy,
16820 .dumpit = nl80211_dump_wiphy,
16821 .done = nl80211_dump_wiphy_done,
16822 /* can be retrieved by unprivileged users */
16823 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
16824 },
16825 };
16826
16827 static const struct genl_small_ops nl80211_small_ops[] = {
16828 {
16829 .cmd = NL80211_CMD_SET_WIPHY,
16830 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16831 .doit = nl80211_set_wiphy,
16832 .flags = GENL_UNS_ADMIN_PERM,
16833 },
16834 {
16835 .cmd = NL80211_CMD_GET_INTERFACE,
16836 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16837 .doit = nl80211_get_interface,
16838 .dumpit = nl80211_dump_interface,
16839 /* can be retrieved by unprivileged users */
16840 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
16841 },
16842 {
16843 .cmd = NL80211_CMD_SET_INTERFACE,
16844 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16845 .doit = nl80211_set_interface,
16846 .flags = GENL_UNS_ADMIN_PERM,
16847 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
16848 NL80211_FLAG_NEED_RTNL),
16849 },
16850 {
16851 .cmd = NL80211_CMD_NEW_INTERFACE,
16852 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16853 .doit = nl80211_new_interface,
16854 .flags = GENL_UNS_ADMIN_PERM,
16855 .internal_flags =
16856 IFLAGS(NL80211_FLAG_NEED_WIPHY |
16857 NL80211_FLAG_NEED_RTNL |
16858 /* we take the wiphy mutex later ourselves */
16859 NL80211_FLAG_NO_WIPHY_MTX),
16860 },
16861 {
16862 .cmd = NL80211_CMD_DEL_INTERFACE,
16863 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16864 .doit = nl80211_del_interface,
16865 .flags = GENL_UNS_ADMIN_PERM,
16866 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
16867 NL80211_FLAG_NEED_RTNL),
16868 },
16869 {
16870 .cmd = NL80211_CMD_GET_KEY,
16871 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16872 .doit = nl80211_get_key,
16873 .flags = GENL_UNS_ADMIN_PERM,
16874 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16875 },
16876 {
16877 .cmd = NL80211_CMD_SET_KEY,
16878 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16879 .doit = nl80211_set_key,
16880 .flags = GENL_UNS_ADMIN_PERM,
16881 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
16882 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16883 NL80211_FLAG_CLEAR_SKB),
16884 },
16885 {
16886 .cmd = NL80211_CMD_NEW_KEY,
16887 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16888 .doit = nl80211_new_key,
16889 .flags = GENL_UNS_ADMIN_PERM,
16890 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16891 NL80211_FLAG_CLEAR_SKB),
16892 },
16893 {
16894 .cmd = NL80211_CMD_DEL_KEY,
16895 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16896 .doit = nl80211_del_key,
16897 .flags = GENL_UNS_ADMIN_PERM,
16898 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16899 },
16900 {
16901 .cmd = NL80211_CMD_SET_BEACON,
16902 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16903 .flags = GENL_UNS_ADMIN_PERM,
16904 .doit = nl80211_set_beacon,
16905 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16906 NL80211_FLAG_MLO_VALID_LINK_ID),
16907 },
16908 {
16909 .cmd = NL80211_CMD_START_AP,
16910 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16911 .flags = GENL_UNS_ADMIN_PERM,
16912 .doit = nl80211_start_ap,
16913 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16914 NL80211_FLAG_MLO_VALID_LINK_ID),
16915 },
16916 {
16917 .cmd = NL80211_CMD_STOP_AP,
16918 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16919 .flags = GENL_UNS_ADMIN_PERM,
16920 .doit = nl80211_stop_ap,
16921 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16922 NL80211_FLAG_MLO_VALID_LINK_ID),
16923 },
16924 {
16925 .cmd = NL80211_CMD_GET_STATION,
16926 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16927 .doit = nl80211_get_station,
16928 .dumpit = nl80211_dump_station,
16929 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
16930 },
16931 {
16932 .cmd = NL80211_CMD_SET_STATION,
16933 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16934 .doit = nl80211_set_station,
16935 .flags = GENL_UNS_ADMIN_PERM,
16936 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16937 },
16938 {
16939 .cmd = NL80211_CMD_NEW_STATION,
16940 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16941 .doit = nl80211_new_station,
16942 .flags = GENL_UNS_ADMIN_PERM,
16943 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16944 },
16945 {
16946 .cmd = NL80211_CMD_DEL_STATION,
16947 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16948 .doit = nl80211_del_station,
16949 .flags = GENL_UNS_ADMIN_PERM,
16950 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
16951 * whether MAC address is passed or not. If MAC address is
16952 * passed, then even during MLO, link ID is not required.
16953 */
16954 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16955 },
16956 {
16957 .cmd = NL80211_CMD_GET_MPATH,
16958 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16959 .doit = nl80211_get_mpath,
16960 .dumpit = nl80211_dump_mpath,
16961 .flags = GENL_UNS_ADMIN_PERM,
16962 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16963 },
16964 {
16965 .cmd = NL80211_CMD_GET_MPP,
16966 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16967 .doit = nl80211_get_mpp,
16968 .dumpit = nl80211_dump_mpp,
16969 .flags = GENL_UNS_ADMIN_PERM,
16970 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16971 },
16972 {
16973 .cmd = NL80211_CMD_SET_MPATH,
16974 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16975 .doit = nl80211_set_mpath,
16976 .flags = GENL_UNS_ADMIN_PERM,
16977 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16978 },
16979 {
16980 .cmd = NL80211_CMD_NEW_MPATH,
16981 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16982 .doit = nl80211_new_mpath,
16983 .flags = GENL_UNS_ADMIN_PERM,
16984 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16985 },
16986 {
16987 .cmd = NL80211_CMD_DEL_MPATH,
16988 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16989 .doit = nl80211_del_mpath,
16990 .flags = GENL_UNS_ADMIN_PERM,
16991 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
16992 },
16993 {
16994 .cmd = NL80211_CMD_SET_BSS,
16995 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
16996 .doit = nl80211_set_bss,
16997 .flags = GENL_UNS_ADMIN_PERM,
16998 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
16999 NL80211_FLAG_MLO_VALID_LINK_ID),
17000 },
17001 {
17002 .cmd = NL80211_CMD_GET_REG,
17003 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17004 .doit = nl80211_get_reg_do,
17005 .dumpit = nl80211_get_reg_dump,
17006 /* can be retrieved by unprivileged users */
17007 },
17008 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
17009 {
17010 .cmd = NL80211_CMD_SET_REG,
17011 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17012 .doit = nl80211_set_reg,
17013 .flags = GENL_ADMIN_PERM,
17014 },
17015 #endif
17016 {
17017 .cmd = NL80211_CMD_REQ_SET_REG,
17018 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17019 .doit = nl80211_req_set_reg,
17020 .flags = GENL_ADMIN_PERM,
17021 },
17022 {
17023 .cmd = NL80211_CMD_RELOAD_REGDB,
17024 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17025 .doit = nl80211_reload_regdb,
17026 .flags = GENL_ADMIN_PERM,
17027 },
17028 {
17029 .cmd = NL80211_CMD_GET_MESH_CONFIG,
17030 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17031 .doit = nl80211_get_mesh_config,
17032 /* can be retrieved by unprivileged users */
17033 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17034 },
17035 {
17036 .cmd = NL80211_CMD_SET_MESH_CONFIG,
17037 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17038 .doit = nl80211_update_mesh_config,
17039 .flags = GENL_UNS_ADMIN_PERM,
17040 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17041 },
17042 {
17043 .cmd = NL80211_CMD_TRIGGER_SCAN,
17044 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17045 .doit = nl80211_trigger_scan,
17046 .flags = GENL_UNS_ADMIN_PERM,
17047 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17048 },
17049 {
17050 .cmd = NL80211_CMD_ABORT_SCAN,
17051 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17052 .doit = nl80211_abort_scan,
17053 .flags = GENL_UNS_ADMIN_PERM,
17054 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17055 },
17056 {
17057 .cmd = NL80211_CMD_GET_SCAN,
17058 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17059 .dumpit = nl80211_dump_scan,
17060 },
17061 {
17062 .cmd = NL80211_CMD_START_SCHED_SCAN,
17063 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17064 .doit = nl80211_start_sched_scan,
17065 .flags = GENL_UNS_ADMIN_PERM,
17066 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17067 },
17068 {
17069 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
17070 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17071 .doit = nl80211_stop_sched_scan,
17072 .flags = GENL_UNS_ADMIN_PERM,
17073 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17074 },
17075 {
17076 .cmd = NL80211_CMD_AUTHENTICATE,
17077 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17078 .doit = nl80211_authenticate,
17079 .flags = GENL_UNS_ADMIN_PERM,
17080 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17081 NL80211_FLAG_CLEAR_SKB),
17082 },
17083 {
17084 .cmd = NL80211_CMD_ASSOCIATE,
17085 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17086 .doit = nl80211_associate,
17087 .flags = GENL_UNS_ADMIN_PERM,
17088 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17089 NL80211_FLAG_CLEAR_SKB),
17090 },
17091 {
17092 .cmd = NL80211_CMD_DEAUTHENTICATE,
17093 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17094 .doit = nl80211_deauthenticate,
17095 .flags = GENL_UNS_ADMIN_PERM,
17096 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17097 },
17098 {
17099 .cmd = NL80211_CMD_DISASSOCIATE,
17100 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17101 .doit = nl80211_disassociate,
17102 .flags = GENL_UNS_ADMIN_PERM,
17103 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17104 },
17105 {
17106 .cmd = NL80211_CMD_JOIN_IBSS,
17107 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17108 .doit = nl80211_join_ibss,
17109 .flags = GENL_UNS_ADMIN_PERM,
17110 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17111 },
17112 {
17113 .cmd = NL80211_CMD_LEAVE_IBSS,
17114 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17115 .doit = nl80211_leave_ibss,
17116 .flags = GENL_UNS_ADMIN_PERM,
17117 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17118 },
17119 #ifdef CONFIG_NL80211_TESTMODE
17120 {
17121 .cmd = NL80211_CMD_TESTMODE,
17122 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17123 .doit = nl80211_testmode_do,
17124 .dumpit = nl80211_testmode_dump,
17125 .flags = GENL_UNS_ADMIN_PERM,
17126 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17127 },
17128 #endif
17129 {
17130 .cmd = NL80211_CMD_CONNECT,
17131 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17132 .doit = nl80211_connect,
17133 .flags = GENL_UNS_ADMIN_PERM,
17134 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17135 NL80211_FLAG_CLEAR_SKB),
17136 },
17137 {
17138 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
17139 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17140 .doit = nl80211_update_connect_params,
17141 .flags = GENL_ADMIN_PERM,
17142 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17143 NL80211_FLAG_CLEAR_SKB),
17144 },
17145 {
17146 .cmd = NL80211_CMD_DISCONNECT,
17147 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17148 .doit = nl80211_disconnect,
17149 .flags = GENL_UNS_ADMIN_PERM,
17150 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17151 },
17152 {
17153 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
17154 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17155 .doit = nl80211_wiphy_netns,
17156 .flags = GENL_UNS_ADMIN_PERM,
17157 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17158 NL80211_FLAG_NEED_RTNL |
17159 NL80211_FLAG_NO_WIPHY_MTX),
17160 },
17161 {
17162 .cmd = NL80211_CMD_GET_SURVEY,
17163 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17164 .dumpit = nl80211_dump_survey,
17165 },
17166 {
17167 .cmd = NL80211_CMD_SET_PMKSA,
17168 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17169 .doit = nl80211_set_pmksa,
17170 .flags = GENL_UNS_ADMIN_PERM,
17171 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17172 NL80211_FLAG_CLEAR_SKB),
17173 },
17174 {
17175 .cmd = NL80211_CMD_DEL_PMKSA,
17176 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17177 .doit = nl80211_del_pmksa,
17178 .flags = GENL_UNS_ADMIN_PERM,
17179 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17180 },
17181 {
17182 .cmd = NL80211_CMD_FLUSH_PMKSA,
17183 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17184 .doit = nl80211_flush_pmksa,
17185 .flags = GENL_UNS_ADMIN_PERM,
17186 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17187 },
17188 {
17189 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
17190 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17191 .doit = nl80211_remain_on_channel,
17192 .flags = GENL_UNS_ADMIN_PERM,
17193 /* FIXME: requiring a link ID here is probably not good */
17194 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17195 NL80211_FLAG_MLO_VALID_LINK_ID),
17196 },
17197 {
17198 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
17199 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17200 .doit = nl80211_cancel_remain_on_channel,
17201 .flags = GENL_UNS_ADMIN_PERM,
17202 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17203 },
17204 {
17205 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
17206 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17207 .doit = nl80211_set_tx_bitrate_mask,
17208 .flags = GENL_UNS_ADMIN_PERM,
17209 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17210 NL80211_FLAG_MLO_VALID_LINK_ID),
17211 },
17212 {
17213 .cmd = NL80211_CMD_REGISTER_FRAME,
17214 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17215 .doit = nl80211_register_mgmt,
17216 .flags = GENL_UNS_ADMIN_PERM,
17217 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
17218 },
17219 {
17220 .cmd = NL80211_CMD_FRAME,
17221 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17222 .doit = nl80211_tx_mgmt,
17223 .flags = GENL_UNS_ADMIN_PERM,
17224 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17225 },
17226 {
17227 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
17228 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17229 .doit = nl80211_tx_mgmt_cancel_wait,
17230 .flags = GENL_UNS_ADMIN_PERM,
17231 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17232 },
17233 {
17234 .cmd = NL80211_CMD_SET_POWER_SAVE,
17235 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17236 .doit = nl80211_set_power_save,
17237 .flags = GENL_UNS_ADMIN_PERM,
17238 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17239 },
17240 {
17241 .cmd = NL80211_CMD_GET_POWER_SAVE,
17242 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17243 .doit = nl80211_get_power_save,
17244 /* can be retrieved by unprivileged users */
17245 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17246 },
17247 {
17248 .cmd = NL80211_CMD_SET_CQM,
17249 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17250 .doit = nl80211_set_cqm,
17251 .flags = GENL_UNS_ADMIN_PERM,
17252 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17253 },
17254 {
17255 .cmd = NL80211_CMD_SET_CHANNEL,
17256 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17257 .doit = nl80211_set_channel,
17258 .flags = GENL_UNS_ADMIN_PERM,
17259 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17260 NL80211_FLAG_MLO_VALID_LINK_ID),
17261 },
17262 {
17263 .cmd = NL80211_CMD_JOIN_MESH,
17264 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17265 .doit = nl80211_join_mesh,
17266 .flags = GENL_UNS_ADMIN_PERM,
17267 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17268 },
17269 {
17270 .cmd = NL80211_CMD_LEAVE_MESH,
17271 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17272 .doit = nl80211_leave_mesh,
17273 .flags = GENL_UNS_ADMIN_PERM,
17274 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17275 },
17276 {
17277 .cmd = NL80211_CMD_JOIN_OCB,
17278 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17279 .doit = nl80211_join_ocb,
17280 .flags = GENL_UNS_ADMIN_PERM,
17281 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17282 },
17283 {
17284 .cmd = NL80211_CMD_LEAVE_OCB,
17285 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17286 .doit = nl80211_leave_ocb,
17287 .flags = GENL_UNS_ADMIN_PERM,
17288 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17289 },
17290 #ifdef CONFIG_PM
17291 {
17292 .cmd = NL80211_CMD_GET_WOWLAN,
17293 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17294 .doit = nl80211_get_wowlan,
17295 /* can be retrieved by unprivileged users */
17296 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17297 },
17298 {
17299 .cmd = NL80211_CMD_SET_WOWLAN,
17300 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17301 .doit = nl80211_set_wowlan,
17302 .flags = GENL_UNS_ADMIN_PERM,
17303 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17304 },
17305 #endif
17306 {
17307 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
17308 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17309 .doit = nl80211_set_rekey_data,
17310 .flags = GENL_UNS_ADMIN_PERM,
17311 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17312 NL80211_FLAG_CLEAR_SKB),
17313 },
17314 {
17315 .cmd = NL80211_CMD_TDLS_MGMT,
17316 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17317 .doit = nl80211_tdls_mgmt,
17318 .flags = GENL_UNS_ADMIN_PERM,
17319 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17320 NL80211_FLAG_MLO_VALID_LINK_ID),
17321 },
17322 {
17323 .cmd = NL80211_CMD_TDLS_OPER,
17324 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17325 .doit = nl80211_tdls_oper,
17326 .flags = GENL_UNS_ADMIN_PERM,
17327 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17328 },
17329 {
17330 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
17331 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17332 .doit = nl80211_register_unexpected_frame,
17333 .flags = GENL_UNS_ADMIN_PERM,
17334 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17335 },
17336 {
17337 .cmd = NL80211_CMD_PROBE_CLIENT,
17338 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17339 .doit = nl80211_probe_client,
17340 .flags = GENL_UNS_ADMIN_PERM,
17341 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17342 },
17343 {
17344 .cmd = NL80211_CMD_REGISTER_BEACONS,
17345 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17346 .doit = nl80211_register_beacons,
17347 .flags = GENL_UNS_ADMIN_PERM,
17348 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17349 },
17350 {
17351 .cmd = NL80211_CMD_SET_NOACK_MAP,
17352 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17353 .doit = nl80211_set_noack_map,
17354 .flags = GENL_UNS_ADMIN_PERM,
17355 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17356 },
17357 {
17358 .cmd = NL80211_CMD_START_P2P_DEVICE,
17359 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17360 .doit = nl80211_start_p2p_device,
17361 .flags = GENL_UNS_ADMIN_PERM,
17362 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17363 NL80211_FLAG_NEED_RTNL),
17364 },
17365 {
17366 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
17367 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17368 .doit = nl80211_stop_p2p_device,
17369 .flags = GENL_UNS_ADMIN_PERM,
17370 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17371 NL80211_FLAG_NEED_RTNL),
17372 },
17373 {
17374 .cmd = NL80211_CMD_START_NAN,
17375 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17376 .doit = nl80211_start_nan,
17377 .flags = GENL_ADMIN_PERM,
17378 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
17379 NL80211_FLAG_NEED_RTNL),
17380 },
17381 {
17382 .cmd = NL80211_CMD_STOP_NAN,
17383 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17384 .doit = nl80211_stop_nan,
17385 .flags = GENL_ADMIN_PERM,
17386 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
17387 NL80211_FLAG_NEED_RTNL),
17388 },
17389 {
17390 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
17391 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17392 .doit = nl80211_nan_add_func,
17393 .flags = GENL_ADMIN_PERM,
17394 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17395 },
17396 {
17397 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
17398 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17399 .doit = nl80211_nan_del_func,
17400 .flags = GENL_ADMIN_PERM,
17401 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17402 },
17403 {
17404 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
17405 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17406 .doit = nl80211_nan_change_config,
17407 .flags = GENL_ADMIN_PERM,
17408 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17409 },
17410 {
17411 .cmd = NL80211_CMD_SET_MCAST_RATE,
17412 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17413 .doit = nl80211_set_mcast_rate,
17414 .flags = GENL_UNS_ADMIN_PERM,
17415 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17416 },
17417 {
17418 .cmd = NL80211_CMD_SET_MAC_ACL,
17419 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17420 .doit = nl80211_set_mac_acl,
17421 .flags = GENL_UNS_ADMIN_PERM,
17422 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17423 NL80211_FLAG_MLO_UNSUPPORTED),
17424 },
17425 {
17426 .cmd = NL80211_CMD_RADAR_DETECT,
17427 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17428 .doit = nl80211_start_radar_detection,
17429 .flags = GENL_UNS_ADMIN_PERM,
17430 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17431 NL80211_FLAG_NO_WIPHY_MTX |
17432 NL80211_FLAG_MLO_VALID_LINK_ID),
17433 },
17434 {
17435 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
17436 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17437 .doit = nl80211_get_protocol_features,
17438 },
17439 {
17440 .cmd = NL80211_CMD_UPDATE_FT_IES,
17441 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17442 .doit = nl80211_update_ft_ies,
17443 .flags = GENL_UNS_ADMIN_PERM,
17444 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17445 },
17446 {
17447 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
17448 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17449 .doit = nl80211_crit_protocol_start,
17450 .flags = GENL_UNS_ADMIN_PERM,
17451 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17452 },
17453 {
17454 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
17455 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17456 .doit = nl80211_crit_protocol_stop,
17457 .flags = GENL_UNS_ADMIN_PERM,
17458 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17459 },
17460 {
17461 .cmd = NL80211_CMD_GET_COALESCE,
17462 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17463 .doit = nl80211_get_coalesce,
17464 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17465 },
17466 {
17467 .cmd = NL80211_CMD_SET_COALESCE,
17468 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17469 .doit = nl80211_set_coalesce,
17470 .flags = GENL_UNS_ADMIN_PERM,
17471 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
17472 },
17473 {
17474 .cmd = NL80211_CMD_CHANNEL_SWITCH,
17475 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17476 .doit = nl80211_channel_switch,
17477 .flags = GENL_UNS_ADMIN_PERM,
17478 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17479 NL80211_FLAG_MLO_VALID_LINK_ID),
17480 },
17481 {
17482 .cmd = NL80211_CMD_VENDOR,
17483 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17484 .doit = nl80211_vendor_cmd,
17485 .dumpit = nl80211_vendor_cmd_dump,
17486 .flags = GENL_UNS_ADMIN_PERM,
17487 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17488 NL80211_FLAG_CLEAR_SKB),
17489 },
17490 {
17491 .cmd = NL80211_CMD_SET_QOS_MAP,
17492 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17493 .doit = nl80211_set_qos_map,
17494 .flags = GENL_UNS_ADMIN_PERM,
17495 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17496 },
17497 {
17498 .cmd = NL80211_CMD_ADD_TX_TS,
17499 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17500 .doit = nl80211_add_tx_ts,
17501 .flags = GENL_UNS_ADMIN_PERM,
17502 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17503 NL80211_FLAG_MLO_UNSUPPORTED),
17504 },
17505 {
17506 .cmd = NL80211_CMD_DEL_TX_TS,
17507 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17508 .doit = nl80211_del_tx_ts,
17509 .flags = GENL_UNS_ADMIN_PERM,
17510 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17511 },
17512 {
17513 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
17514 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17515 .doit = nl80211_tdls_channel_switch,
17516 .flags = GENL_UNS_ADMIN_PERM,
17517 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17518 },
17519 {
17520 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
17521 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17522 .doit = nl80211_tdls_cancel_channel_switch,
17523 .flags = GENL_UNS_ADMIN_PERM,
17524 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17525 },
17526 {
17527 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
17528 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17529 .doit = nl80211_set_multicast_to_unicast,
17530 .flags = GENL_UNS_ADMIN_PERM,
17531 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
17532 },
17533 {
17534 .cmd = NL80211_CMD_SET_PMK,
17535 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17536 .doit = nl80211_set_pmk,
17537 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17538 NL80211_FLAG_CLEAR_SKB),
17539 },
17540 {
17541 .cmd = NL80211_CMD_DEL_PMK,
17542 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17543 .doit = nl80211_del_pmk,
17544 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17545 },
17546 {
17547 .cmd = NL80211_CMD_EXTERNAL_AUTH,
17548 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17549 .doit = nl80211_external_auth,
17550 .flags = GENL_ADMIN_PERM,
17551 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17552 },
17553 {
17554 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
17555 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17556 .doit = nl80211_tx_control_port,
17557 .flags = GENL_UNS_ADMIN_PERM,
17558 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17559 },
17560 {
17561 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
17562 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17563 .doit = nl80211_get_ftm_responder_stats,
17564 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17565 NL80211_FLAG_MLO_VALID_LINK_ID),
17566 },
17567 {
17568 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
17569 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17570 .doit = nl80211_pmsr_start,
17571 .flags = GENL_UNS_ADMIN_PERM,
17572 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
17573 },
17574 {
17575 .cmd = NL80211_CMD_NOTIFY_RADAR,
17576 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17577 .doit = nl80211_notify_radar_detection,
17578 .flags = GENL_UNS_ADMIN_PERM,
17579 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17580 },
17581 {
17582 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
17583 .doit = nl80211_update_owe_info,
17584 .flags = GENL_ADMIN_PERM,
17585 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17586 },
17587 {
17588 .cmd = NL80211_CMD_PROBE_MESH_LINK,
17589 .doit = nl80211_probe_mesh_link,
17590 .flags = GENL_UNS_ADMIN_PERM,
17591 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17592 },
17593 {
17594 .cmd = NL80211_CMD_SET_TID_CONFIG,
17595 .doit = nl80211_set_tid_config,
17596 .flags = GENL_UNS_ADMIN_PERM,
17597 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
17598 NL80211_FLAG_MLO_VALID_LINK_ID),
17599 },
17600 {
17601 .cmd = NL80211_CMD_SET_SAR_SPECS,
17602 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17603 .doit = nl80211_set_sar_specs,
17604 .flags = GENL_UNS_ADMIN_PERM,
17605 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
17606 NL80211_FLAG_NEED_RTNL),
17607 },
17608 {
17609 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
17610 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17611 .doit = nl80211_color_change,
17612 .flags = GENL_UNS_ADMIN_PERM,
17613 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17614 NL80211_FLAG_MLO_VALID_LINK_ID),
17615 },
17616 {
17617 .cmd = NL80211_CMD_SET_FILS_AAD,
17618 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
17619 .doit = nl80211_set_fils_aad,
17620 .flags = GENL_UNS_ADMIN_PERM,
17621 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17622 },
17623 {
17624 .cmd = NL80211_CMD_ADD_LINK,
17625 .doit = nl80211_add_link,
17626 .flags = GENL_UNS_ADMIN_PERM,
17627 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17628 },
17629 {
17630 .cmd = NL80211_CMD_REMOVE_LINK,
17631 .doit = nl80211_remove_link,
17632 .flags = GENL_UNS_ADMIN_PERM,
17633 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17634 NL80211_FLAG_MLO_VALID_LINK_ID),
17635 },
17636 {
17637 .cmd = NL80211_CMD_ADD_LINK_STA,
17638 .doit = nl80211_add_link_station,
17639 .flags = GENL_UNS_ADMIN_PERM,
17640 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17641 NL80211_FLAG_MLO_VALID_LINK_ID),
17642 },
17643 {
17644 .cmd = NL80211_CMD_MODIFY_LINK_STA,
17645 .doit = nl80211_modify_link_station,
17646 .flags = GENL_UNS_ADMIN_PERM,
17647 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17648 NL80211_FLAG_MLO_VALID_LINK_ID),
17649 },
17650 {
17651 .cmd = NL80211_CMD_REMOVE_LINK_STA,
17652 .doit = nl80211_remove_link_station,
17653 .flags = GENL_UNS_ADMIN_PERM,
17654 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
17655 NL80211_FLAG_MLO_VALID_LINK_ID),
17656 },
17657 {
17658 .cmd = NL80211_CMD_SET_HW_TIMESTAMP,
17659 .doit = nl80211_set_hw_timestamp,
17660 .flags = GENL_UNS_ADMIN_PERM,
17661 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17662 },
17663 {
17664 .cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
17665 .doit = nl80211_set_ttlm,
17666 .flags = GENL_UNS_ADMIN_PERM,
17667 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
17668 },
17669 };
17670
17671 static struct genl_family nl80211_fam __ro_after_init = {
17672 .name = NL80211_GENL_NAME, /* have users key off the name instead */
17673 .hdrsize = 0, /* no private header */
17674 .version = 1, /* no particular meaning now */
17675 .maxattr = NL80211_ATTR_MAX,
17676 .policy = nl80211_policy,
17677 .netnsok = true,
17678 .pre_doit = nl80211_pre_doit,
17679 .post_doit = nl80211_post_doit,
17680 .module = THIS_MODULE,
17681 .ops = nl80211_ops,
17682 .n_ops = ARRAY_SIZE(nl80211_ops),
17683 .small_ops = nl80211_small_ops,
17684 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
17685 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
17686 .mcgrps = nl80211_mcgrps,
17687 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
17688 .parallel_ops = true,
17689 };
17690
17691 /* notification functions */
17692
nl80211_notify_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd)17693 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
17694 enum nl80211_commands cmd)
17695 {
17696 struct sk_buff *msg;
17697 struct nl80211_dump_wiphy_state state = {};
17698
17699 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
17700 cmd != NL80211_CMD_DEL_WIPHY);
17701
17702 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17703 if (!msg)
17704 return;
17705
17706 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
17707 nlmsg_free(msg);
17708 return;
17709 }
17710
17711 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17712 NL80211_MCGRP_CONFIG, GFP_KERNEL);
17713 }
17714
nl80211_notify_iface(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)17715 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
17716 struct wireless_dev *wdev,
17717 enum nl80211_commands cmd)
17718 {
17719 struct sk_buff *msg;
17720
17721 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17722 if (!msg)
17723 return;
17724
17725 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
17726 nlmsg_free(msg);
17727 return;
17728 }
17729
17730 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17731 NL80211_MCGRP_CONFIG, GFP_KERNEL);
17732 }
17733
nl80211_add_scan_req(struct sk_buff * msg,struct cfg80211_registered_device * rdev)17734 static int nl80211_add_scan_req(struct sk_buff *msg,
17735 struct cfg80211_registered_device *rdev)
17736 {
17737 struct cfg80211_scan_request *req = rdev->scan_req;
17738 struct nlattr *nest;
17739 int i;
17740 struct cfg80211_scan_info *info;
17741
17742 if (WARN_ON(!req))
17743 return 0;
17744
17745 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
17746 if (!nest)
17747 goto nla_put_failure;
17748 for (i = 0; i < req->n_ssids; i++) {
17749 if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
17750 goto nla_put_failure;
17751 }
17752 nla_nest_end(msg, nest);
17753
17754 if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
17755 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
17756 if (!nest)
17757 goto nla_put_failure;
17758 for (i = 0; i < req->n_channels; i++) {
17759 if (nla_put_u32(msg, i,
17760 ieee80211_channel_to_khz(req->channels[i])))
17761 goto nla_put_failure;
17762 }
17763 nla_nest_end(msg, nest);
17764 } else {
17765 nest = nla_nest_start_noflag(msg,
17766 NL80211_ATTR_SCAN_FREQUENCIES);
17767 if (!nest)
17768 goto nla_put_failure;
17769 for (i = 0; i < req->n_channels; i++) {
17770 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
17771 goto nla_put_failure;
17772 }
17773 nla_nest_end(msg, nest);
17774 }
17775
17776 if (req->ie &&
17777 nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
17778 goto nla_put_failure;
17779
17780 if (req->flags &&
17781 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
17782 goto nla_put_failure;
17783
17784 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
17785 &rdev->scan_req->info;
17786 if (info->scan_start_tsf &&
17787 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
17788 info->scan_start_tsf, NL80211_BSS_PAD) ||
17789 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
17790 info->tsf_bssid)))
17791 goto nla_put_failure;
17792
17793 return 0;
17794 nla_put_failure:
17795 return -ENOBUFS;
17796 }
17797
nl80211_prep_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 portid,u32 seq,int flags,u32 cmd)17798 static int nl80211_prep_scan_msg(struct sk_buff *msg,
17799 struct cfg80211_registered_device *rdev,
17800 struct wireless_dev *wdev,
17801 u32 portid, u32 seq, int flags,
17802 u32 cmd)
17803 {
17804 void *hdr;
17805
17806 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
17807 if (!hdr)
17808 return -1;
17809
17810 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17811 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17812 wdev->netdev->ifindex)) ||
17813 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17814 NL80211_ATTR_PAD))
17815 goto nla_put_failure;
17816
17817 /* ignore errors and send incomplete event anyway */
17818 nl80211_add_scan_req(msg, rdev);
17819
17820 genlmsg_end(msg, hdr);
17821 return 0;
17822
17823 nla_put_failure:
17824 genlmsg_cancel(msg, hdr);
17825 return -EMSGSIZE;
17826 }
17827
17828 static int
nl80211_prep_sched_scan_msg(struct sk_buff * msg,struct cfg80211_sched_scan_request * req,u32 cmd)17829 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
17830 struct cfg80211_sched_scan_request *req, u32 cmd)
17831 {
17832 void *hdr;
17833
17834 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
17835 if (!hdr)
17836 return -1;
17837
17838 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
17839 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
17840 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
17841 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
17842 NL80211_ATTR_PAD))
17843 goto nla_put_failure;
17844
17845 genlmsg_end(msg, hdr);
17846 return 0;
17847
17848 nla_put_failure:
17849 genlmsg_cancel(msg, hdr);
17850 return -EMSGSIZE;
17851 }
17852
nl80211_send_scan_start(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)17853 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
17854 struct wireless_dev *wdev)
17855 {
17856 struct sk_buff *msg;
17857
17858 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17859 if (!msg)
17860 return;
17861
17862 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17863 NL80211_CMD_TRIGGER_SCAN) < 0) {
17864 nlmsg_free(msg);
17865 return;
17866 }
17867
17868 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17869 NL80211_MCGRP_SCAN, GFP_KERNEL);
17870 }
17871
nl80211_build_scan_msg(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,bool aborted)17872 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
17873 struct wireless_dev *wdev, bool aborted)
17874 {
17875 struct sk_buff *msg;
17876
17877 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17878 if (!msg)
17879 return NULL;
17880
17881 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
17882 aborted ? NL80211_CMD_SCAN_ABORTED :
17883 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
17884 nlmsg_free(msg);
17885 return NULL;
17886 }
17887
17888 return msg;
17889 }
17890
17891 /* send message created by nl80211_build_scan_msg() */
nl80211_send_scan_msg(struct cfg80211_registered_device * rdev,struct sk_buff * msg)17892 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
17893 struct sk_buff *msg)
17894 {
17895 if (!msg)
17896 return;
17897
17898 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17899 NL80211_MCGRP_SCAN, GFP_KERNEL);
17900 }
17901
nl80211_send_sched_scan(struct cfg80211_sched_scan_request * req,u32 cmd)17902 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
17903 {
17904 struct sk_buff *msg;
17905
17906 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17907 if (!msg)
17908 return;
17909
17910 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
17911 nlmsg_free(msg);
17912 return;
17913 }
17914
17915 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
17916 NL80211_MCGRP_SCAN, GFP_KERNEL);
17917 }
17918
nl80211_reg_change_event_fill(struct sk_buff * msg,struct regulatory_request * request)17919 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
17920 struct regulatory_request *request)
17921 {
17922 /* Userspace can always count this one always being set */
17923 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
17924 goto nla_put_failure;
17925
17926 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
17927 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17928 NL80211_REGDOM_TYPE_WORLD))
17929 goto nla_put_failure;
17930 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
17931 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17932 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
17933 goto nla_put_failure;
17934 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
17935 request->intersect) {
17936 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17937 NL80211_REGDOM_TYPE_INTERSECTION))
17938 goto nla_put_failure;
17939 } else {
17940 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
17941 NL80211_REGDOM_TYPE_COUNTRY) ||
17942 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
17943 request->alpha2))
17944 goto nla_put_failure;
17945 }
17946
17947 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
17948 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
17949
17950 if (wiphy &&
17951 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
17952 goto nla_put_failure;
17953
17954 if (wiphy &&
17955 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
17956 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
17957 goto nla_put_failure;
17958 }
17959
17960 return true;
17961
17962 nla_put_failure:
17963 return false;
17964 }
17965
17966 /*
17967 * This can happen on global regulatory changes or device specific settings
17968 * based on custom regulatory domains.
17969 */
nl80211_common_reg_change_event(enum nl80211_commands cmd_id,struct regulatory_request * request)17970 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
17971 struct regulatory_request *request)
17972 {
17973 struct sk_buff *msg;
17974 void *hdr;
17975
17976 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17977 if (!msg)
17978 return;
17979
17980 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
17981 if (!hdr)
17982 goto nla_put_failure;
17983
17984 if (!nl80211_reg_change_event_fill(msg, request))
17985 goto nla_put_failure;
17986
17987 genlmsg_end(msg, hdr);
17988
17989 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
17990 NL80211_MCGRP_REGULATORY);
17991
17992 return;
17993
17994 nla_put_failure:
17995 nlmsg_free(msg);
17996 }
17997
17998 struct nl80211_mlme_event {
17999 enum nl80211_commands cmd;
18000 const u8 *buf;
18001 size_t buf_len;
18002 int uapsd_queues;
18003 const u8 *req_ies;
18004 size_t req_ies_len;
18005 bool reconnect;
18006 };
18007
nl80211_send_mlme_event(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct nl80211_mlme_event * event,gfp_t gfp)18008 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
18009 struct net_device *netdev,
18010 const struct nl80211_mlme_event *event,
18011 gfp_t gfp)
18012 {
18013 struct sk_buff *msg;
18014 void *hdr;
18015
18016 msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
18017 if (!msg)
18018 return;
18019
18020 hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
18021 if (!hdr) {
18022 nlmsg_free(msg);
18023 return;
18024 }
18025
18026 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18027 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18028 nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
18029 (event->req_ies &&
18030 nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
18031 event->req_ies)))
18032 goto nla_put_failure;
18033
18034 if (event->reconnect &&
18035 nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
18036 goto nla_put_failure;
18037
18038 if (event->uapsd_queues >= 0) {
18039 struct nlattr *nla_wmm =
18040 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
18041 if (!nla_wmm)
18042 goto nla_put_failure;
18043
18044 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
18045 event->uapsd_queues))
18046 goto nla_put_failure;
18047
18048 nla_nest_end(msg, nla_wmm);
18049 }
18050
18051 genlmsg_end(msg, hdr);
18052
18053 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18054 NL80211_MCGRP_MLME, gfp);
18055 return;
18056
18057 nla_put_failure:
18058 nlmsg_free(msg);
18059 }
18060
nl80211_send_rx_auth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)18061 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
18062 struct net_device *netdev, const u8 *buf,
18063 size_t len, gfp_t gfp)
18064 {
18065 struct nl80211_mlme_event event = {
18066 .cmd = NL80211_CMD_AUTHENTICATE,
18067 .buf = buf,
18068 .buf_len = len,
18069 .uapsd_queues = -1,
18070 };
18071
18072 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18073 }
18074
nl80211_send_rx_assoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct cfg80211_rx_assoc_resp_data * data)18075 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
18076 struct net_device *netdev,
18077 const struct cfg80211_rx_assoc_resp_data *data)
18078 {
18079 struct nl80211_mlme_event event = {
18080 .cmd = NL80211_CMD_ASSOCIATE,
18081 .buf = data->buf,
18082 .buf_len = data->len,
18083 .uapsd_queues = data->uapsd_queues,
18084 .req_ies = data->req_ies,
18085 .req_ies_len = data->req_ies_len,
18086 };
18087
18088 nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
18089 }
18090
nl80211_send_deauth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)18091 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
18092 struct net_device *netdev, const u8 *buf,
18093 size_t len, bool reconnect, gfp_t gfp)
18094 {
18095 struct nl80211_mlme_event event = {
18096 .cmd = NL80211_CMD_DEAUTHENTICATE,
18097 .buf = buf,
18098 .buf_len = len,
18099 .reconnect = reconnect,
18100 .uapsd_queues = -1,
18101 };
18102
18103 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18104 }
18105
nl80211_send_disassoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)18106 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
18107 struct net_device *netdev, const u8 *buf,
18108 size_t len, bool reconnect, gfp_t gfp)
18109 {
18110 struct nl80211_mlme_event event = {
18111 .cmd = NL80211_CMD_DISASSOCIATE,
18112 .buf = buf,
18113 .buf_len = len,
18114 .reconnect = reconnect,
18115 .uapsd_queues = -1,
18116 };
18117
18118 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
18119 }
18120
cfg80211_rx_unprot_mlme_mgmt(struct net_device * dev,const u8 * buf,size_t len)18121 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
18122 size_t len)
18123 {
18124 struct wireless_dev *wdev = dev->ieee80211_ptr;
18125 struct wiphy *wiphy = wdev->wiphy;
18126 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18127 const struct ieee80211_mgmt *mgmt = (void *)buf;
18128 struct nl80211_mlme_event event = {
18129 .buf = buf,
18130 .buf_len = len,
18131 .uapsd_queues = -1,
18132 };
18133
18134 if (WARN_ON(len < 2))
18135 return;
18136
18137 if (ieee80211_is_deauth(mgmt->frame_control)) {
18138 event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
18139 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
18140 event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
18141 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
18142 if (wdev->unprot_beacon_reported &&
18143 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
18144 return;
18145 event.cmd = NL80211_CMD_UNPROT_BEACON;
18146 wdev->unprot_beacon_reported = jiffies;
18147 } else {
18148 return;
18149 }
18150
18151 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
18152 nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
18153 }
18154 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
18155
nl80211_send_mlme_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,int cmd,const u8 * addr,gfp_t gfp)18156 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
18157 struct net_device *netdev, int cmd,
18158 const u8 *addr, gfp_t gfp)
18159 {
18160 struct sk_buff *msg;
18161 void *hdr;
18162
18163 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18164 if (!msg)
18165 return;
18166
18167 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18168 if (!hdr) {
18169 nlmsg_free(msg);
18170 return;
18171 }
18172
18173 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18174 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18175 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18176 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18177 goto nla_put_failure;
18178
18179 genlmsg_end(msg, hdr);
18180
18181 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18182 NL80211_MCGRP_MLME, gfp);
18183 return;
18184
18185 nla_put_failure:
18186 nlmsg_free(msg);
18187 }
18188
nl80211_send_auth_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)18189 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
18190 struct net_device *netdev, const u8 *addr,
18191 gfp_t gfp)
18192 {
18193 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
18194 addr, gfp);
18195 }
18196
nl80211_send_assoc_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)18197 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
18198 struct net_device *netdev, const u8 *addr,
18199 gfp_t gfp)
18200 {
18201 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
18202 addr, gfp);
18203 }
18204
nl80211_send_connect_result(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_connect_resp_params * cr,gfp_t gfp)18205 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
18206 struct net_device *netdev,
18207 struct cfg80211_connect_resp_params *cr,
18208 gfp_t gfp)
18209 {
18210 struct sk_buff *msg;
18211 void *hdr;
18212 unsigned int link;
18213 size_t link_info_size = 0;
18214 const u8 *connected_addr = cr->valid_links ?
18215 cr->ap_mld_addr : cr->links[0].bssid;
18216
18217 if (cr->valid_links) {
18218 for_each_valid_link(cr, link) {
18219 /* Nested attribute header */
18220 link_info_size += NLA_HDRLEN;
18221 /* Link ID */
18222 link_info_size += nla_total_size(sizeof(u8));
18223 link_info_size += cr->links[link].addr ?
18224 nla_total_size(ETH_ALEN) : 0;
18225 link_info_size += (cr->links[link].bssid ||
18226 cr->links[link].bss) ?
18227 nla_total_size(ETH_ALEN) : 0;
18228 link_info_size += nla_total_size(sizeof(u16));
18229 }
18230 }
18231
18232 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
18233 cr->fils.kek_len + cr->fils.pmk_len +
18234 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
18235 gfp);
18236 if (!msg)
18237 return;
18238
18239 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
18240 if (!hdr) {
18241 nlmsg_free(msg);
18242 return;
18243 }
18244
18245 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18246 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18247 (connected_addr &&
18248 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
18249 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18250 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
18251 cr->status) ||
18252 (cr->status < 0 &&
18253 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
18254 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
18255 cr->timeout_reason))) ||
18256 (cr->req_ie &&
18257 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
18258 (cr->resp_ie &&
18259 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
18260 cr->resp_ie)) ||
18261 (cr->fils.update_erp_next_seq_num &&
18262 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18263 cr->fils.erp_next_seq_num)) ||
18264 (cr->status == WLAN_STATUS_SUCCESS &&
18265 ((cr->fils.kek &&
18266 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
18267 cr->fils.kek)) ||
18268 (cr->fils.pmk &&
18269 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
18270 (cr->fils.pmkid &&
18271 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
18272 goto nla_put_failure;
18273
18274 if (cr->valid_links) {
18275 int i = 1;
18276 struct nlattr *nested;
18277
18278 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18279 if (!nested)
18280 goto nla_put_failure;
18281
18282 for_each_valid_link(cr, link) {
18283 struct nlattr *nested_mlo_links;
18284 const u8 *bssid = cr->links[link].bss ?
18285 cr->links[link].bss->bssid :
18286 cr->links[link].bssid;
18287
18288 nested_mlo_links = nla_nest_start(msg, i);
18289 if (!nested_mlo_links)
18290 goto nla_put_failure;
18291
18292 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18293 (bssid &&
18294 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18295 (cr->links[link].addr &&
18296 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18297 cr->links[link].addr)) ||
18298 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
18299 cr->links[link].status))
18300 goto nla_put_failure;
18301
18302 nla_nest_end(msg, nested_mlo_links);
18303 i++;
18304 }
18305 nla_nest_end(msg, nested);
18306 }
18307
18308 genlmsg_end(msg, hdr);
18309
18310 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18311 NL80211_MCGRP_MLME, gfp);
18312 return;
18313
18314 nla_put_failure:
18315 nlmsg_free(msg);
18316 }
18317
nl80211_send_roamed(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_roam_info * info,gfp_t gfp)18318 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
18319 struct net_device *netdev,
18320 struct cfg80211_roam_info *info, gfp_t gfp)
18321 {
18322 struct sk_buff *msg;
18323 void *hdr;
18324 size_t link_info_size = 0;
18325 unsigned int link;
18326 const u8 *connected_addr = info->ap_mld_addr ?
18327 info->ap_mld_addr :
18328 (info->links[0].bss ?
18329 info->links[0].bss->bssid :
18330 info->links[0].bssid);
18331
18332 if (info->valid_links) {
18333 for_each_valid_link(info, link) {
18334 /* Nested attribute header */
18335 link_info_size += NLA_HDRLEN;
18336 /* Link ID */
18337 link_info_size += nla_total_size(sizeof(u8));
18338 link_info_size += info->links[link].addr ?
18339 nla_total_size(ETH_ALEN) : 0;
18340 link_info_size += (info->links[link].bssid ||
18341 info->links[link].bss) ?
18342 nla_total_size(ETH_ALEN) : 0;
18343 }
18344 }
18345
18346 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
18347 info->fils.kek_len + info->fils.pmk_len +
18348 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
18349 link_info_size, gfp);
18350 if (!msg)
18351 return;
18352
18353 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
18354 if (!hdr) {
18355 nlmsg_free(msg);
18356 return;
18357 }
18358
18359 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18360 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18361 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
18362 (info->req_ie &&
18363 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
18364 info->req_ie)) ||
18365 (info->resp_ie &&
18366 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
18367 info->resp_ie)) ||
18368 (info->fils.update_erp_next_seq_num &&
18369 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
18370 info->fils.erp_next_seq_num)) ||
18371 (info->fils.kek &&
18372 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
18373 info->fils.kek)) ||
18374 (info->fils.pmk &&
18375 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
18376 (info->fils.pmkid &&
18377 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
18378 goto nla_put_failure;
18379
18380 if (info->valid_links) {
18381 int i = 1;
18382 struct nlattr *nested;
18383
18384 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18385 if (!nested)
18386 goto nla_put_failure;
18387
18388 for_each_valid_link(info, link) {
18389 struct nlattr *nested_mlo_links;
18390 const u8 *bssid = info->links[link].bss ?
18391 info->links[link].bss->bssid :
18392 info->links[link].bssid;
18393
18394 nested_mlo_links = nla_nest_start(msg, i);
18395 if (!nested_mlo_links)
18396 goto nla_put_failure;
18397
18398 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
18399 (bssid &&
18400 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
18401 (info->links[link].addr &&
18402 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
18403 info->links[link].addr)))
18404 goto nla_put_failure;
18405
18406 nla_nest_end(msg, nested_mlo_links);
18407 i++;
18408 }
18409 nla_nest_end(msg, nested);
18410 }
18411
18412 genlmsg_end(msg, hdr);
18413
18414 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18415 NL80211_MCGRP_MLME, gfp);
18416 return;
18417
18418 nla_put_failure:
18419 nlmsg_free(msg);
18420 }
18421
nl80211_send_port_authorized(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * peer_addr,const u8 * td_bitmap,u8 td_bitmap_len)18422 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
18423 struct net_device *netdev, const u8 *peer_addr,
18424 const u8 *td_bitmap, u8 td_bitmap_len)
18425 {
18426 struct sk_buff *msg;
18427 void *hdr;
18428
18429 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18430 if (!msg)
18431 return;
18432
18433 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
18434 if (!hdr) {
18435 nlmsg_free(msg);
18436 return;
18437 }
18438
18439 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18440 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18441 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
18442 goto nla_put_failure;
18443
18444 if ((td_bitmap_len > 0) && td_bitmap)
18445 if (nla_put(msg, NL80211_ATTR_TD_BITMAP,
18446 td_bitmap_len, td_bitmap))
18447 goto nla_put_failure;
18448
18449 genlmsg_end(msg, hdr);
18450
18451 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18452 NL80211_MCGRP_MLME, GFP_KERNEL);
18453 return;
18454
18455 nla_put_failure:
18456 nlmsg_free(msg);
18457 }
18458
nl80211_send_disconnected(struct cfg80211_registered_device * rdev,struct net_device * netdev,u16 reason,const u8 * ie,size_t ie_len,bool from_ap)18459 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
18460 struct net_device *netdev, u16 reason,
18461 const u8 *ie, size_t ie_len, bool from_ap)
18462 {
18463 struct sk_buff *msg;
18464 void *hdr;
18465
18466 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
18467 if (!msg)
18468 return;
18469
18470 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
18471 if (!hdr) {
18472 nlmsg_free(msg);
18473 return;
18474 }
18475
18476 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18477 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18478 (reason &&
18479 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
18480 (from_ap &&
18481 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
18482 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
18483 goto nla_put_failure;
18484
18485 genlmsg_end(msg, hdr);
18486
18487 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18488 NL80211_MCGRP_MLME, GFP_KERNEL);
18489 return;
18490
18491 nla_put_failure:
18492 nlmsg_free(msg);
18493 }
18494
cfg80211_links_removed(struct net_device * dev,u16 link_mask)18495 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
18496 {
18497 struct wireless_dev *wdev = dev->ieee80211_ptr;
18498 struct wiphy *wiphy = wdev->wiphy;
18499 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18500 struct sk_buff *msg;
18501 struct nlattr *links;
18502 void *hdr;
18503
18504 lockdep_assert_wiphy(wdev->wiphy);
18505 trace_cfg80211_links_removed(dev, link_mask);
18506
18507 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
18508 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
18509 return;
18510
18511 if (WARN_ON(!wdev->valid_links || !link_mask ||
18512 (wdev->valid_links & link_mask) != link_mask ||
18513 wdev->valid_links == link_mask))
18514 return;
18515
18516 cfg80211_wdev_release_link_bsses(wdev, link_mask);
18517 wdev->valid_links &= ~link_mask;
18518
18519 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18520 if (!msg)
18521 return;
18522
18523 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
18524 if (!hdr) {
18525 nlmsg_free(msg);
18526 return;
18527 }
18528
18529 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18530 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
18531 goto nla_put_failure;
18532
18533 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
18534 if (!links)
18535 goto nla_put_failure;
18536
18537 while (link_mask) {
18538 struct nlattr *link;
18539 int link_id = __ffs(link_mask);
18540
18541 link = nla_nest_start(msg, link_id + 1);
18542 if (!link)
18543 goto nla_put_failure;
18544
18545 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
18546 goto nla_put_failure;
18547
18548 nla_nest_end(msg, link);
18549 link_mask &= ~(1 << link_id);
18550 }
18551
18552 nla_nest_end(msg, links);
18553
18554 genlmsg_end(msg, hdr);
18555
18556 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18557 NL80211_MCGRP_MLME, GFP_KERNEL);
18558 return;
18559
18560 nla_put_failure:
18561 nlmsg_free(msg);
18562 }
18563 EXPORT_SYMBOL(cfg80211_links_removed);
18564
nl80211_send_ibss_bssid(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,gfp_t gfp)18565 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
18566 struct net_device *netdev, const u8 *bssid,
18567 gfp_t gfp)
18568 {
18569 struct sk_buff *msg;
18570 void *hdr;
18571
18572 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18573 if (!msg)
18574 return;
18575
18576 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
18577 if (!hdr) {
18578 nlmsg_free(msg);
18579 return;
18580 }
18581
18582 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18583 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18584 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
18585 goto nla_put_failure;
18586
18587 genlmsg_end(msg, hdr);
18588
18589 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18590 NL80211_MCGRP_MLME, gfp);
18591 return;
18592
18593 nla_put_failure:
18594 nlmsg_free(msg);
18595 }
18596
cfg80211_notify_new_peer_candidate(struct net_device * dev,const u8 * addr,const u8 * ie,u8 ie_len,int sig_dbm,gfp_t gfp)18597 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
18598 const u8 *ie, u8 ie_len,
18599 int sig_dbm, gfp_t gfp)
18600 {
18601 struct wireless_dev *wdev = dev->ieee80211_ptr;
18602 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18603 struct sk_buff *msg;
18604 void *hdr;
18605
18606 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
18607 return;
18608
18609 trace_cfg80211_notify_new_peer_candidate(dev, addr);
18610
18611 msg = nlmsg_new(100 + ie_len, gfp);
18612 if (!msg)
18613 return;
18614
18615 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
18616 if (!hdr) {
18617 nlmsg_free(msg);
18618 return;
18619 }
18620
18621 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18622 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18623 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
18624 (ie_len && ie &&
18625 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
18626 (sig_dbm &&
18627 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
18628 goto nla_put_failure;
18629
18630 genlmsg_end(msg, hdr);
18631
18632 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18633 NL80211_MCGRP_MLME, gfp);
18634 return;
18635
18636 nla_put_failure:
18637 nlmsg_free(msg);
18638 }
18639 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
18640
nl80211_michael_mic_failure(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,enum nl80211_key_type key_type,int key_id,const u8 * tsc,gfp_t gfp)18641 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
18642 struct net_device *netdev, const u8 *addr,
18643 enum nl80211_key_type key_type, int key_id,
18644 const u8 *tsc, gfp_t gfp)
18645 {
18646 struct sk_buff *msg;
18647 void *hdr;
18648
18649 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18650 if (!msg)
18651 return;
18652
18653 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
18654 if (!hdr) {
18655 nlmsg_free(msg);
18656 return;
18657 }
18658
18659 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18660 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18661 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
18662 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
18663 (key_id != -1 &&
18664 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
18665 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
18666 goto nla_put_failure;
18667
18668 genlmsg_end(msg, hdr);
18669
18670 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18671 NL80211_MCGRP_MLME, gfp);
18672 return;
18673
18674 nla_put_failure:
18675 nlmsg_free(msg);
18676 }
18677
nl80211_send_beacon_hint_event(struct wiphy * wiphy,struct ieee80211_channel * channel_before,struct ieee80211_channel * channel_after)18678 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
18679 struct ieee80211_channel *channel_before,
18680 struct ieee80211_channel *channel_after)
18681 {
18682 struct sk_buff *msg;
18683 void *hdr;
18684 struct nlattr *nl_freq;
18685
18686 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
18687 if (!msg)
18688 return;
18689
18690 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
18691 if (!hdr) {
18692 nlmsg_free(msg);
18693 return;
18694 }
18695
18696 /*
18697 * Since we are applying the beacon hint to a wiphy we know its
18698 * wiphy_idx is valid
18699 */
18700 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
18701 goto nla_put_failure;
18702
18703 /* Before */
18704 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
18705 if (!nl_freq)
18706 goto nla_put_failure;
18707
18708 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
18709 goto nla_put_failure;
18710 nla_nest_end(msg, nl_freq);
18711
18712 /* After */
18713 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
18714 if (!nl_freq)
18715 goto nla_put_failure;
18716
18717 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
18718 goto nla_put_failure;
18719 nla_nest_end(msg, nl_freq);
18720
18721 genlmsg_end(msg, hdr);
18722
18723 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
18724 NL80211_MCGRP_REGULATORY);
18725
18726 return;
18727
18728 nla_put_failure:
18729 nlmsg_free(msg);
18730 }
18731
nl80211_send_remain_on_chan_event(int cmd,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)18732 static void nl80211_send_remain_on_chan_event(
18733 int cmd, struct cfg80211_registered_device *rdev,
18734 struct wireless_dev *wdev, u64 cookie,
18735 struct ieee80211_channel *chan,
18736 unsigned int duration, gfp_t gfp)
18737 {
18738 struct sk_buff *msg;
18739 void *hdr;
18740
18741 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18742 if (!msg)
18743 return;
18744
18745 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18746 if (!hdr) {
18747 nlmsg_free(msg);
18748 return;
18749 }
18750
18751 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18752 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
18753 wdev->netdev->ifindex)) ||
18754 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
18755 NL80211_ATTR_PAD) ||
18756 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
18757 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
18758 NL80211_CHAN_NO_HT) ||
18759 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
18760 NL80211_ATTR_PAD))
18761 goto nla_put_failure;
18762
18763 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
18764 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
18765 goto nla_put_failure;
18766
18767 genlmsg_end(msg, hdr);
18768
18769 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18770 NL80211_MCGRP_MLME, gfp);
18771 return;
18772
18773 nla_put_failure:
18774 nlmsg_free(msg);
18775 }
18776
cfg80211_assoc_comeback(struct net_device * netdev,const u8 * ap_addr,u32 timeout)18777 void cfg80211_assoc_comeback(struct net_device *netdev,
18778 const u8 *ap_addr, u32 timeout)
18779 {
18780 struct wireless_dev *wdev = netdev->ieee80211_ptr;
18781 struct wiphy *wiphy = wdev->wiphy;
18782 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18783 struct sk_buff *msg;
18784 void *hdr;
18785
18786 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
18787
18788 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18789 if (!msg)
18790 return;
18791
18792 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
18793 if (!hdr) {
18794 nlmsg_free(msg);
18795 return;
18796 }
18797
18798 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18799 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18800 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
18801 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
18802 goto nla_put_failure;
18803
18804 genlmsg_end(msg, hdr);
18805
18806 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18807 NL80211_MCGRP_MLME, GFP_KERNEL);
18808 return;
18809
18810 nla_put_failure:
18811 nlmsg_free(msg);
18812 }
18813 EXPORT_SYMBOL(cfg80211_assoc_comeback);
18814
cfg80211_ready_on_channel(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)18815 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
18816 struct ieee80211_channel *chan,
18817 unsigned int duration, gfp_t gfp)
18818 {
18819 struct wiphy *wiphy = wdev->wiphy;
18820 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18821
18822 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
18823 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
18824 rdev, wdev, cookie, chan,
18825 duration, gfp);
18826 }
18827 EXPORT_SYMBOL(cfg80211_ready_on_channel);
18828
cfg80211_remain_on_channel_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)18829 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
18830 struct ieee80211_channel *chan,
18831 gfp_t gfp)
18832 {
18833 struct wiphy *wiphy = wdev->wiphy;
18834 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18835
18836 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
18837 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
18838 rdev, wdev, cookie, chan, 0, gfp);
18839 }
18840 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
18841
cfg80211_tx_mgmt_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)18842 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
18843 struct ieee80211_channel *chan,
18844 gfp_t gfp)
18845 {
18846 struct wiphy *wiphy = wdev->wiphy;
18847 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18848
18849 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
18850 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
18851 rdev, wdev, cookie, chan, 0, gfp);
18852 }
18853 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
18854
cfg80211_new_sta(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)18855 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
18856 struct station_info *sinfo, gfp_t gfp)
18857 {
18858 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18859 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18860 struct sk_buff *msg;
18861
18862 trace_cfg80211_new_sta(dev, mac_addr, sinfo);
18863
18864 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18865 if (!msg)
18866 return;
18867
18868 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
18869 rdev, dev, mac_addr, sinfo) < 0) {
18870 nlmsg_free(msg);
18871 return;
18872 }
18873
18874 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18875 NL80211_MCGRP_MLME, gfp);
18876 }
18877 EXPORT_SYMBOL(cfg80211_new_sta);
18878
cfg80211_del_sta_sinfo(struct net_device * dev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)18879 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
18880 struct station_info *sinfo, gfp_t gfp)
18881 {
18882 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18883 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18884 struct sk_buff *msg;
18885 struct station_info empty_sinfo = {};
18886
18887 if (!sinfo)
18888 sinfo = &empty_sinfo;
18889
18890 trace_cfg80211_del_sta(dev, mac_addr);
18891
18892 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18893 if (!msg) {
18894 cfg80211_sinfo_release_content(sinfo);
18895 return;
18896 }
18897
18898 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
18899 rdev, dev, mac_addr, sinfo) < 0) {
18900 nlmsg_free(msg);
18901 return;
18902 }
18903
18904 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18905 NL80211_MCGRP_MLME, gfp);
18906 }
18907 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
18908
cfg80211_conn_failed(struct net_device * dev,const u8 * mac_addr,enum nl80211_connect_failed_reason reason,gfp_t gfp)18909 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
18910 enum nl80211_connect_failed_reason reason,
18911 gfp_t gfp)
18912 {
18913 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
18914 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18915 struct sk_buff *msg;
18916 void *hdr;
18917
18918 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
18919 if (!msg)
18920 return;
18921
18922 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
18923 if (!hdr) {
18924 nlmsg_free(msg);
18925 return;
18926 }
18927
18928 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18929 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
18930 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
18931 goto nla_put_failure;
18932
18933 genlmsg_end(msg, hdr);
18934
18935 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18936 NL80211_MCGRP_MLME, gfp);
18937 return;
18938
18939 nla_put_failure:
18940 nlmsg_free(msg);
18941 }
18942 EXPORT_SYMBOL(cfg80211_conn_failed);
18943
__nl80211_unexpected_frame(struct net_device * dev,u8 cmd,const u8 * addr,gfp_t gfp)18944 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
18945 const u8 *addr, gfp_t gfp)
18946 {
18947 struct wireless_dev *wdev = dev->ieee80211_ptr;
18948 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
18949 struct sk_buff *msg;
18950 void *hdr;
18951 u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
18952
18953 if (!nlportid)
18954 return false;
18955
18956 msg = nlmsg_new(100, gfp);
18957 if (!msg)
18958 return true;
18959
18960 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
18961 if (!hdr) {
18962 nlmsg_free(msg);
18963 return true;
18964 }
18965
18966 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18967 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18968 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
18969 goto nla_put_failure;
18970
18971 genlmsg_end(msg, hdr);
18972 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
18973 return true;
18974
18975 nla_put_failure:
18976 nlmsg_free(msg);
18977 return true;
18978 }
18979
cfg80211_rx_spurious_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)18980 bool cfg80211_rx_spurious_frame(struct net_device *dev,
18981 const u8 *addr, gfp_t gfp)
18982 {
18983 struct wireless_dev *wdev = dev->ieee80211_ptr;
18984 bool ret;
18985
18986 trace_cfg80211_rx_spurious_frame(dev, addr);
18987
18988 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
18989 wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
18990 trace_cfg80211_return_bool(false);
18991 return false;
18992 }
18993 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
18994 addr, gfp);
18995 trace_cfg80211_return_bool(ret);
18996 return ret;
18997 }
18998 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
18999
cfg80211_rx_unexpected_4addr_frame(struct net_device * dev,const u8 * addr,gfp_t gfp)19000 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
19001 const u8 *addr, gfp_t gfp)
19002 {
19003 struct wireless_dev *wdev = dev->ieee80211_ptr;
19004 bool ret;
19005
19006 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
19007
19008 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
19009 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
19010 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
19011 trace_cfg80211_return_bool(false);
19012 return false;
19013 }
19014 ret = __nl80211_unexpected_frame(dev,
19015 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
19016 addr, gfp);
19017 trace_cfg80211_return_bool(ret);
19018 return ret;
19019 }
19020 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
19021
nl80211_send_mgmt(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 nlportid,struct cfg80211_rx_info * info,gfp_t gfp)19022 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
19023 struct wireless_dev *wdev, u32 nlportid,
19024 struct cfg80211_rx_info *info, gfp_t gfp)
19025 {
19026 struct net_device *netdev = wdev->netdev;
19027 struct sk_buff *msg;
19028 void *hdr;
19029
19030 msg = nlmsg_new(100 + info->len, gfp);
19031 if (!msg)
19032 return -ENOMEM;
19033
19034 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19035 if (!hdr) {
19036 nlmsg_free(msg);
19037 return -ENOMEM;
19038 }
19039
19040 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19041 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19042 netdev->ifindex)) ||
19043 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19044 NL80211_ATTR_PAD) ||
19045 (info->have_link_id &&
19046 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
19047 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
19048 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
19049 (info->sig_dbm &&
19050 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
19051 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
19052 (info->flags &&
19053 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
19054 (info->rx_tstamp && nla_put_u64_64bit(msg,
19055 NL80211_ATTR_RX_HW_TIMESTAMP,
19056 info->rx_tstamp,
19057 NL80211_ATTR_PAD)) ||
19058 (info->ack_tstamp && nla_put_u64_64bit(msg,
19059 NL80211_ATTR_TX_HW_TIMESTAMP,
19060 info->ack_tstamp,
19061 NL80211_ATTR_PAD)))
19062 goto nla_put_failure;
19063
19064 genlmsg_end(msg, hdr);
19065
19066 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19067
19068 nla_put_failure:
19069 nlmsg_free(msg);
19070 return -ENOBUFS;
19071 }
19072
nl80211_frame_tx_status(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp,enum nl80211_commands command)19073 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
19074 struct cfg80211_tx_status *status,
19075 gfp_t gfp, enum nl80211_commands command)
19076 {
19077 struct wiphy *wiphy = wdev->wiphy;
19078 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19079 struct net_device *netdev = wdev->netdev;
19080 struct sk_buff *msg;
19081 void *hdr;
19082
19083 if (command == NL80211_CMD_FRAME_TX_STATUS)
19084 trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
19085 status->ack);
19086 else
19087 trace_cfg80211_control_port_tx_status(wdev, status->cookie,
19088 status->ack);
19089
19090 msg = nlmsg_new(100 + status->len, gfp);
19091 if (!msg)
19092 return;
19093
19094 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
19095 if (!hdr) {
19096 nlmsg_free(msg);
19097 return;
19098 }
19099
19100 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19101 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19102 netdev->ifindex)) ||
19103 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19104 NL80211_ATTR_PAD) ||
19105 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
19106 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
19107 NL80211_ATTR_PAD) ||
19108 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19109 (status->tx_tstamp &&
19110 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
19111 status->tx_tstamp, NL80211_ATTR_PAD)) ||
19112 (status->ack_tstamp &&
19113 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
19114 status->ack_tstamp, NL80211_ATTR_PAD)))
19115 goto nla_put_failure;
19116
19117 genlmsg_end(msg, hdr);
19118
19119 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19120 NL80211_MCGRP_MLME, gfp);
19121 return;
19122
19123 nla_put_failure:
19124 nlmsg_free(msg);
19125 }
19126
cfg80211_control_port_tx_status(struct wireless_dev * wdev,u64 cookie,const u8 * buf,size_t len,bool ack,gfp_t gfp)19127 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
19128 const u8 *buf, size_t len, bool ack,
19129 gfp_t gfp)
19130 {
19131 struct cfg80211_tx_status status = {
19132 .cookie = cookie,
19133 .buf = buf,
19134 .len = len,
19135 .ack = ack
19136 };
19137
19138 nl80211_frame_tx_status(wdev, &status, gfp,
19139 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
19140 }
19141 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
19142
cfg80211_mgmt_tx_status_ext(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp)19143 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
19144 struct cfg80211_tx_status *status, gfp_t gfp)
19145 {
19146 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
19147 }
19148 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
19149
__nl80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id,gfp_t gfp)19150 static int __nl80211_rx_control_port(struct net_device *dev,
19151 struct sk_buff *skb,
19152 bool unencrypted,
19153 int link_id,
19154 gfp_t gfp)
19155 {
19156 struct wireless_dev *wdev = dev->ieee80211_ptr;
19157 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19158 struct ethhdr *ehdr = eth_hdr(skb);
19159 const u8 *addr = ehdr->h_source;
19160 u16 proto = be16_to_cpu(skb->protocol);
19161 struct sk_buff *msg;
19162 void *hdr;
19163 struct nlattr *frame;
19164
19165 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
19166
19167 if (!nlportid)
19168 return -ENOENT;
19169
19170 msg = nlmsg_new(100 + skb->len, gfp);
19171 if (!msg)
19172 return -ENOMEM;
19173
19174 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
19175 if (!hdr) {
19176 nlmsg_free(msg);
19177 return -ENOBUFS;
19178 }
19179
19180 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19181 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19182 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19183 NL80211_ATTR_PAD) ||
19184 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19185 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
19186 (link_id >= 0 &&
19187 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
19188 (unencrypted && nla_put_flag(msg,
19189 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
19190 goto nla_put_failure;
19191
19192 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
19193 if (!frame)
19194 goto nla_put_failure;
19195
19196 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
19197 genlmsg_end(msg, hdr);
19198
19199 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
19200
19201 nla_put_failure:
19202 nlmsg_free(msg);
19203 return -ENOBUFS;
19204 }
19205
cfg80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id)19206 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
19207 bool unencrypted, int link_id)
19208 {
19209 int ret;
19210
19211 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
19212 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
19213 GFP_ATOMIC);
19214 trace_cfg80211_return_bool(ret == 0);
19215 return ret == 0;
19216 }
19217 EXPORT_SYMBOL(cfg80211_rx_control_port);
19218
cfg80211_prepare_cqm(struct net_device * dev,const char * mac,gfp_t gfp)19219 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
19220 const char *mac, gfp_t gfp)
19221 {
19222 struct wireless_dev *wdev = dev->ieee80211_ptr;
19223 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19224 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19225 void **cb;
19226
19227 if (!msg)
19228 return NULL;
19229
19230 cb = (void **)msg->cb;
19231
19232 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
19233 if (!cb[0]) {
19234 nlmsg_free(msg);
19235 return NULL;
19236 }
19237
19238 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19239 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19240 goto nla_put_failure;
19241
19242 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19243 goto nla_put_failure;
19244
19245 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
19246 if (!cb[1])
19247 goto nla_put_failure;
19248
19249 cb[2] = rdev;
19250
19251 return msg;
19252 nla_put_failure:
19253 nlmsg_free(msg);
19254 return NULL;
19255 }
19256
cfg80211_send_cqm(struct sk_buff * msg,gfp_t gfp)19257 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
19258 {
19259 void **cb = (void **)msg->cb;
19260 struct cfg80211_registered_device *rdev = cb[2];
19261
19262 nla_nest_end(msg, cb[1]);
19263 genlmsg_end(msg, cb[0]);
19264
19265 memset(msg->cb, 0, sizeof(msg->cb));
19266
19267 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19268 NL80211_MCGRP_MLME, gfp);
19269 }
19270
cfg80211_cqm_rssi_notify(struct net_device * dev,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)19271 void cfg80211_cqm_rssi_notify(struct net_device *dev,
19272 enum nl80211_cqm_rssi_threshold_event rssi_event,
19273 s32 rssi_level, gfp_t gfp)
19274 {
19275 struct wireless_dev *wdev = dev->ieee80211_ptr;
19276 struct cfg80211_cqm_config *cqm_config;
19277
19278 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
19279
19280 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
19281 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
19282 return;
19283
19284 rcu_read_lock();
19285 cqm_config = rcu_dereference(wdev->cqm_config);
19286 if (cqm_config) {
19287 cqm_config->last_rssi_event_value = rssi_level;
19288 cqm_config->last_rssi_event_type = rssi_event;
19289 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
19290 }
19291 rcu_read_unlock();
19292 }
19293 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
19294
cfg80211_cqm_rssi_notify_work(struct wiphy * wiphy,struct wiphy_work * work)19295 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
19296 {
19297 struct wireless_dev *wdev = container_of(work, struct wireless_dev,
19298 cqm_rssi_work);
19299 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19300 enum nl80211_cqm_rssi_threshold_event rssi_event;
19301 struct cfg80211_cqm_config *cqm_config;
19302 struct sk_buff *msg;
19303 s32 rssi_level;
19304
19305 cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
19306 if (!cqm_config)
19307 return;
19308
19309 if (cqm_config->use_range_api)
19310 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
19311
19312 rssi_level = cqm_config->last_rssi_event_value;
19313 rssi_event = cqm_config->last_rssi_event_type;
19314
19315 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
19316 if (!msg)
19317 return;
19318
19319 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
19320 rssi_event))
19321 goto nla_put_failure;
19322
19323 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
19324 rssi_level))
19325 goto nla_put_failure;
19326
19327 cfg80211_send_cqm(msg, GFP_KERNEL);
19328
19329 return;
19330
19331 nla_put_failure:
19332 nlmsg_free(msg);
19333 }
19334
cfg80211_cqm_txe_notify(struct net_device * dev,const u8 * peer,u32 num_packets,u32 rate,u32 intvl,gfp_t gfp)19335 void cfg80211_cqm_txe_notify(struct net_device *dev,
19336 const u8 *peer, u32 num_packets,
19337 u32 rate, u32 intvl, gfp_t gfp)
19338 {
19339 struct sk_buff *msg;
19340
19341 msg = cfg80211_prepare_cqm(dev, peer, gfp);
19342 if (!msg)
19343 return;
19344
19345 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
19346 goto nla_put_failure;
19347
19348 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
19349 goto nla_put_failure;
19350
19351 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
19352 goto nla_put_failure;
19353
19354 cfg80211_send_cqm(msg, gfp);
19355 return;
19356
19357 nla_put_failure:
19358 nlmsg_free(msg);
19359 }
19360 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
19361
cfg80211_cqm_pktloss_notify(struct net_device * dev,const u8 * peer,u32 num_packets,gfp_t gfp)19362 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
19363 const u8 *peer, u32 num_packets, gfp_t gfp)
19364 {
19365 struct sk_buff *msg;
19366
19367 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
19368
19369 msg = cfg80211_prepare_cqm(dev, peer, gfp);
19370 if (!msg)
19371 return;
19372
19373 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
19374 goto nla_put_failure;
19375
19376 cfg80211_send_cqm(msg, gfp);
19377 return;
19378
19379 nla_put_failure:
19380 nlmsg_free(msg);
19381 }
19382 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
19383
cfg80211_cqm_beacon_loss_notify(struct net_device * dev,gfp_t gfp)19384 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
19385 {
19386 struct sk_buff *msg;
19387
19388 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
19389 if (!msg)
19390 return;
19391
19392 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
19393 goto nla_put_failure;
19394
19395 cfg80211_send_cqm(msg, gfp);
19396 return;
19397
19398 nla_put_failure:
19399 nlmsg_free(msg);
19400 }
19401 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
19402
nl80211_gtk_rekey_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)19403 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
19404 struct net_device *netdev, const u8 *bssid,
19405 const u8 *replay_ctr, gfp_t gfp)
19406 {
19407 struct sk_buff *msg;
19408 struct nlattr *rekey_attr;
19409 void *hdr;
19410
19411 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19412 if (!msg)
19413 return;
19414
19415 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
19416 if (!hdr) {
19417 nlmsg_free(msg);
19418 return;
19419 }
19420
19421 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19422 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19423 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
19424 goto nla_put_failure;
19425
19426 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
19427 if (!rekey_attr)
19428 goto nla_put_failure;
19429
19430 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
19431 NL80211_REPLAY_CTR_LEN, replay_ctr))
19432 goto nla_put_failure;
19433
19434 nla_nest_end(msg, rekey_attr);
19435
19436 genlmsg_end(msg, hdr);
19437
19438 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19439 NL80211_MCGRP_MLME, gfp);
19440 return;
19441
19442 nla_put_failure:
19443 nlmsg_free(msg);
19444 }
19445
cfg80211_gtk_rekey_notify(struct net_device * dev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)19446 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
19447 const u8 *replay_ctr, gfp_t gfp)
19448 {
19449 struct wireless_dev *wdev = dev->ieee80211_ptr;
19450 struct wiphy *wiphy = wdev->wiphy;
19451 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19452
19453 trace_cfg80211_gtk_rekey_notify(dev, bssid);
19454 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
19455 }
19456 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
19457
19458 static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,int index,const u8 * bssid,bool preauth,gfp_t gfp)19459 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
19460 struct net_device *netdev, int index,
19461 const u8 *bssid, bool preauth, gfp_t gfp)
19462 {
19463 struct sk_buff *msg;
19464 struct nlattr *attr;
19465 void *hdr;
19466
19467 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19468 if (!msg)
19469 return;
19470
19471 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
19472 if (!hdr) {
19473 nlmsg_free(msg);
19474 return;
19475 }
19476
19477 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19478 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19479 goto nla_put_failure;
19480
19481 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
19482 if (!attr)
19483 goto nla_put_failure;
19484
19485 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
19486 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
19487 (preauth &&
19488 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
19489 goto nla_put_failure;
19490
19491 nla_nest_end(msg, attr);
19492
19493 genlmsg_end(msg, hdr);
19494
19495 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19496 NL80211_MCGRP_MLME, gfp);
19497 return;
19498
19499 nla_put_failure:
19500 nlmsg_free(msg);
19501 }
19502
cfg80211_pmksa_candidate_notify(struct net_device * dev,int index,const u8 * bssid,bool preauth,gfp_t gfp)19503 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
19504 const u8 *bssid, bool preauth, gfp_t gfp)
19505 {
19506 struct wireless_dev *wdev = dev->ieee80211_ptr;
19507 struct wiphy *wiphy = wdev->wiphy;
19508 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19509
19510 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
19511 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
19512 }
19513 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
19514
nl80211_ch_switch_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,unsigned int link_id,struct cfg80211_chan_def * chandef,gfp_t gfp,enum nl80211_commands notif,u8 count,bool quiet)19515 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
19516 struct net_device *netdev,
19517 unsigned int link_id,
19518 struct cfg80211_chan_def *chandef,
19519 gfp_t gfp,
19520 enum nl80211_commands notif,
19521 u8 count, bool quiet)
19522 {
19523 struct wireless_dev *wdev = netdev->ieee80211_ptr;
19524 struct sk_buff *msg;
19525 void *hdr;
19526
19527 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19528 if (!msg)
19529 return;
19530
19531 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
19532 if (!hdr) {
19533 nlmsg_free(msg);
19534 return;
19535 }
19536
19537 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
19538 goto nla_put_failure;
19539
19540 if (wdev->valid_links &&
19541 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19542 goto nla_put_failure;
19543
19544 if (nl80211_send_chandef(msg, chandef))
19545 goto nla_put_failure;
19546
19547 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
19548 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
19549 goto nla_put_failure;
19550 if (quiet &&
19551 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
19552 goto nla_put_failure;
19553 }
19554
19555 genlmsg_end(msg, hdr);
19556
19557 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19558 NL80211_MCGRP_MLME, gfp);
19559 return;
19560
19561 nla_put_failure:
19562 nlmsg_free(msg);
19563 }
19564
cfg80211_ch_switch_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id)19565 void cfg80211_ch_switch_notify(struct net_device *dev,
19566 struct cfg80211_chan_def *chandef,
19567 unsigned int link_id)
19568 {
19569 struct wireless_dev *wdev = dev->ieee80211_ptr;
19570 struct wiphy *wiphy = wdev->wiphy;
19571 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19572
19573 lockdep_assert_wiphy(wdev->wiphy);
19574 WARN_INVALID_LINK_ID(wdev, link_id);
19575
19576 trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
19577
19578 switch (wdev->iftype) {
19579 case NL80211_IFTYPE_STATION:
19580 case NL80211_IFTYPE_P2P_CLIENT:
19581 if (!WARN_ON(!wdev->links[link_id].client.current_bss))
19582 cfg80211_update_assoc_bss_entry(wdev, link_id,
19583 chandef->chan);
19584 break;
19585 case NL80211_IFTYPE_MESH_POINT:
19586 wdev->u.mesh.chandef = *chandef;
19587 wdev->u.mesh.preset_chandef = *chandef;
19588 break;
19589 case NL80211_IFTYPE_AP:
19590 case NL80211_IFTYPE_P2P_GO:
19591 wdev->links[link_id].ap.chandef = *chandef;
19592 break;
19593 case NL80211_IFTYPE_ADHOC:
19594 wdev->u.ibss.chandef = *chandef;
19595 break;
19596 default:
19597 WARN_ON(1);
19598 break;
19599 }
19600
19601 cfg80211_schedule_channels_check(wdev);
19602 cfg80211_sched_dfs_chan_update(rdev);
19603
19604 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19605 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
19606 }
19607 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
19608
cfg80211_ch_switch_started_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id,u8 count,bool quiet)19609 void cfg80211_ch_switch_started_notify(struct net_device *dev,
19610 struct cfg80211_chan_def *chandef,
19611 unsigned int link_id, u8 count,
19612 bool quiet)
19613 {
19614 struct wireless_dev *wdev = dev->ieee80211_ptr;
19615 struct wiphy *wiphy = wdev->wiphy;
19616 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19617
19618 lockdep_assert_wiphy(wdev->wiphy);
19619 WARN_INVALID_LINK_ID(wdev, link_id);
19620
19621 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
19622
19623
19624 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
19625 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
19626 count, quiet);
19627 }
19628 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
19629
cfg80211_bss_color_notify(struct net_device * dev,enum nl80211_commands cmd,u8 count,u64 color_bitmap,u8 link_id)19630 int cfg80211_bss_color_notify(struct net_device *dev,
19631 enum nl80211_commands cmd, u8 count,
19632 u64 color_bitmap, u8 link_id)
19633 {
19634 struct wireless_dev *wdev = dev->ieee80211_ptr;
19635 struct wiphy *wiphy = wdev->wiphy;
19636 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19637 struct sk_buff *msg;
19638 void *hdr;
19639
19640 lockdep_assert_wiphy(wdev->wiphy);
19641
19642 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
19643
19644 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
19645 if (!msg)
19646 return -ENOMEM;
19647
19648 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
19649 if (!hdr)
19650 goto nla_put_failure;
19651
19652 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19653 goto nla_put_failure;
19654
19655 if (wdev->valid_links &&
19656 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
19657 goto nla_put_failure;
19658
19659 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
19660 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
19661 goto nla_put_failure;
19662
19663 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
19664 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
19665 color_bitmap, NL80211_ATTR_PAD))
19666 goto nla_put_failure;
19667
19668 genlmsg_end(msg, hdr);
19669
19670 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
19671 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
19672
19673 nla_put_failure:
19674 nlmsg_free(msg);
19675 return -EINVAL;
19676 }
19677 EXPORT_SYMBOL(cfg80211_bss_color_notify);
19678
19679 void
nl80211_radar_notify(struct cfg80211_registered_device * rdev,const struct cfg80211_chan_def * chandef,enum nl80211_radar_event event,struct net_device * netdev,gfp_t gfp)19680 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
19681 const struct cfg80211_chan_def *chandef,
19682 enum nl80211_radar_event event,
19683 struct net_device *netdev, gfp_t gfp)
19684 {
19685 struct sk_buff *msg;
19686 void *hdr;
19687
19688 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19689 if (!msg)
19690 return;
19691
19692 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
19693 if (!hdr) {
19694 nlmsg_free(msg);
19695 return;
19696 }
19697
19698 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19699 goto nla_put_failure;
19700
19701 /* NOP and radar events don't need a netdev parameter */
19702 if (netdev) {
19703 struct wireless_dev *wdev = netdev->ieee80211_ptr;
19704
19705 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
19706 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19707 NL80211_ATTR_PAD))
19708 goto nla_put_failure;
19709 }
19710
19711 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
19712 goto nla_put_failure;
19713
19714 if (nl80211_send_chandef(msg, chandef))
19715 goto nla_put_failure;
19716
19717 genlmsg_end(msg, hdr);
19718
19719 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19720 NL80211_MCGRP_MLME, gfp);
19721 return;
19722
19723 nla_put_failure:
19724 nlmsg_free(msg);
19725 }
19726
cfg80211_sta_opmode_change_notify(struct net_device * dev,const u8 * mac,struct sta_opmode_info * sta_opmode,gfp_t gfp)19727 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
19728 struct sta_opmode_info *sta_opmode,
19729 gfp_t gfp)
19730 {
19731 struct sk_buff *msg;
19732 struct wireless_dev *wdev = dev->ieee80211_ptr;
19733 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19734 void *hdr;
19735
19736 if (WARN_ON(!mac))
19737 return;
19738
19739 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19740 if (!msg)
19741 return;
19742
19743 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
19744 if (!hdr) {
19745 nlmsg_free(msg);
19746 return;
19747 }
19748
19749 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
19750 goto nla_put_failure;
19751
19752 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
19753 goto nla_put_failure;
19754
19755 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
19756 goto nla_put_failure;
19757
19758 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
19759 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
19760 goto nla_put_failure;
19761
19762 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
19763 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
19764 goto nla_put_failure;
19765
19766 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
19767 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
19768 goto nla_put_failure;
19769
19770 genlmsg_end(msg, hdr);
19771
19772 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19773 NL80211_MCGRP_MLME, gfp);
19774
19775 return;
19776
19777 nla_put_failure:
19778 nlmsg_free(msg);
19779 }
19780 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
19781
cfg80211_probe_status(struct net_device * dev,const u8 * addr,u64 cookie,bool acked,s32 ack_signal,bool is_valid_ack_signal,gfp_t gfp)19782 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
19783 u64 cookie, bool acked, s32 ack_signal,
19784 bool is_valid_ack_signal, gfp_t gfp)
19785 {
19786 struct wireless_dev *wdev = dev->ieee80211_ptr;
19787 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19788 struct sk_buff *msg;
19789 void *hdr;
19790
19791 trace_cfg80211_probe_status(dev, addr, cookie, acked);
19792
19793 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
19794
19795 if (!msg)
19796 return;
19797
19798 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
19799 if (!hdr) {
19800 nlmsg_free(msg);
19801 return;
19802 }
19803
19804 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19805 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
19806 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
19807 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
19808 NL80211_ATTR_PAD) ||
19809 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
19810 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
19811 ack_signal)))
19812 goto nla_put_failure;
19813
19814 genlmsg_end(msg, hdr);
19815
19816 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
19817 NL80211_MCGRP_MLME, gfp);
19818 return;
19819
19820 nla_put_failure:
19821 nlmsg_free(msg);
19822 }
19823 EXPORT_SYMBOL(cfg80211_probe_status);
19824
cfg80211_report_obss_beacon_khz(struct wiphy * wiphy,const u8 * frame,size_t len,int freq,int sig_dbm)19825 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
19826 size_t len, int freq, int sig_dbm)
19827 {
19828 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
19829 struct sk_buff *msg;
19830 void *hdr;
19831 struct cfg80211_beacon_registration *reg;
19832
19833 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
19834
19835 spin_lock_bh(&rdev->beacon_registrations_lock);
19836 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
19837 msg = nlmsg_new(len + 100, GFP_ATOMIC);
19838 if (!msg) {
19839 spin_unlock_bh(&rdev->beacon_registrations_lock);
19840 return;
19841 }
19842
19843 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
19844 if (!hdr)
19845 goto nla_put_failure;
19846
19847 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19848 (freq &&
19849 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
19850 KHZ_TO_MHZ(freq)) ||
19851 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
19852 freq % 1000))) ||
19853 (sig_dbm &&
19854 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
19855 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
19856 goto nla_put_failure;
19857
19858 genlmsg_end(msg, hdr);
19859
19860 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
19861 }
19862 spin_unlock_bh(&rdev->beacon_registrations_lock);
19863 return;
19864
19865 nla_put_failure:
19866 spin_unlock_bh(&rdev->beacon_registrations_lock);
19867 nlmsg_free(msg);
19868 }
19869 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
19870
19871 #ifdef CONFIG_PM
cfg80211_net_detect_results(struct sk_buff * msg,struct cfg80211_wowlan_wakeup * wakeup)19872 static int cfg80211_net_detect_results(struct sk_buff *msg,
19873 struct cfg80211_wowlan_wakeup *wakeup)
19874 {
19875 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
19876 struct nlattr *nl_results, *nl_match, *nl_freqs;
19877 int i, j;
19878
19879 nl_results = nla_nest_start_noflag(msg,
19880 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
19881 if (!nl_results)
19882 return -EMSGSIZE;
19883
19884 for (i = 0; i < nd->n_matches; i++) {
19885 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
19886
19887 nl_match = nla_nest_start_noflag(msg, i);
19888 if (!nl_match)
19889 break;
19890
19891 /* The SSID attribute is optional in nl80211, but for
19892 * simplicity reasons it's always present in the
19893 * cfg80211 structure. If a driver can't pass the
19894 * SSID, that needs to be changed. A zero length SSID
19895 * is still a valid SSID (wildcard), so it cannot be
19896 * used for this purpose.
19897 */
19898 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
19899 match->ssid.ssid)) {
19900 nla_nest_cancel(msg, nl_match);
19901 goto out;
19902 }
19903
19904 if (match->n_channels) {
19905 nl_freqs = nla_nest_start_noflag(msg,
19906 NL80211_ATTR_SCAN_FREQUENCIES);
19907 if (!nl_freqs) {
19908 nla_nest_cancel(msg, nl_match);
19909 goto out;
19910 }
19911
19912 for (j = 0; j < match->n_channels; j++) {
19913 if (nla_put_u32(msg, j, match->channels[j])) {
19914 nla_nest_cancel(msg, nl_freqs);
19915 nla_nest_cancel(msg, nl_match);
19916 goto out;
19917 }
19918 }
19919
19920 nla_nest_end(msg, nl_freqs);
19921 }
19922
19923 nla_nest_end(msg, nl_match);
19924 }
19925
19926 out:
19927 nla_nest_end(msg, nl_results);
19928 return 0;
19929 }
19930
cfg80211_report_wowlan_wakeup(struct wireless_dev * wdev,struct cfg80211_wowlan_wakeup * wakeup,gfp_t gfp)19931 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
19932 struct cfg80211_wowlan_wakeup *wakeup,
19933 gfp_t gfp)
19934 {
19935 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
19936 struct sk_buff *msg;
19937 void *hdr;
19938 int size = 200;
19939
19940 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
19941
19942 if (wakeup)
19943 size += wakeup->packet_present_len;
19944
19945 msg = nlmsg_new(size, gfp);
19946 if (!msg)
19947 return;
19948
19949 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
19950 if (!hdr)
19951 goto free_msg;
19952
19953 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
19954 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
19955 NL80211_ATTR_PAD))
19956 goto free_msg;
19957
19958 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
19959 wdev->netdev->ifindex))
19960 goto free_msg;
19961
19962 if (wakeup) {
19963 struct nlattr *reasons;
19964
19965 reasons = nla_nest_start_noflag(msg,
19966 NL80211_ATTR_WOWLAN_TRIGGERS);
19967 if (!reasons)
19968 goto free_msg;
19969
19970 if (wakeup->disconnect &&
19971 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
19972 goto free_msg;
19973 if (wakeup->magic_pkt &&
19974 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
19975 goto free_msg;
19976 if (wakeup->gtk_rekey_failure &&
19977 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
19978 goto free_msg;
19979 if (wakeup->eap_identity_req &&
19980 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
19981 goto free_msg;
19982 if (wakeup->four_way_handshake &&
19983 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
19984 goto free_msg;
19985 if (wakeup->rfkill_release &&
19986 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
19987 goto free_msg;
19988
19989 if (wakeup->pattern_idx >= 0 &&
19990 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
19991 wakeup->pattern_idx))
19992 goto free_msg;
19993
19994 if (wakeup->tcp_match &&
19995 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
19996 goto free_msg;
19997
19998 if (wakeup->tcp_connlost &&
19999 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
20000 goto free_msg;
20001
20002 if (wakeup->tcp_nomoretokens &&
20003 nla_put_flag(msg,
20004 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
20005 goto free_msg;
20006
20007 if (wakeup->unprot_deauth_disassoc &&
20008 nla_put_flag(msg,
20009 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
20010 goto free_msg;
20011
20012 if (wakeup->packet) {
20013 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
20014 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
20015
20016 if (!wakeup->packet_80211) {
20017 pkt_attr =
20018 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
20019 len_attr =
20020 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
20021 }
20022
20023 if (wakeup->packet_len &&
20024 nla_put_u32(msg, len_attr, wakeup->packet_len))
20025 goto free_msg;
20026
20027 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
20028 wakeup->packet))
20029 goto free_msg;
20030 }
20031
20032 if (wakeup->net_detect &&
20033 cfg80211_net_detect_results(msg, wakeup))
20034 goto free_msg;
20035
20036 nla_nest_end(msg, reasons);
20037 }
20038
20039 genlmsg_end(msg, hdr);
20040
20041 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20042 NL80211_MCGRP_MLME, gfp);
20043 return;
20044
20045 free_msg:
20046 nlmsg_free(msg);
20047 }
20048 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
20049 #endif
20050
cfg80211_tdls_oper_request(struct net_device * dev,const u8 * peer,enum nl80211_tdls_operation oper,u16 reason_code,gfp_t gfp)20051 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
20052 enum nl80211_tdls_operation oper,
20053 u16 reason_code, gfp_t gfp)
20054 {
20055 struct wireless_dev *wdev = dev->ieee80211_ptr;
20056 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20057 struct sk_buff *msg;
20058 void *hdr;
20059
20060 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
20061 reason_code);
20062
20063 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20064 if (!msg)
20065 return;
20066
20067 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
20068 if (!hdr) {
20069 nlmsg_free(msg);
20070 return;
20071 }
20072
20073 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20074 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20075 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
20076 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
20077 (reason_code > 0 &&
20078 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
20079 goto nla_put_failure;
20080
20081 genlmsg_end(msg, hdr);
20082
20083 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20084 NL80211_MCGRP_MLME, gfp);
20085 return;
20086
20087 nla_put_failure:
20088 nlmsg_free(msg);
20089 }
20090 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
20091
nl80211_netlink_notify(struct notifier_block * nb,unsigned long state,void * _notify)20092 static int nl80211_netlink_notify(struct notifier_block * nb,
20093 unsigned long state,
20094 void *_notify)
20095 {
20096 struct netlink_notify *notify = _notify;
20097 struct cfg80211_registered_device *rdev;
20098 struct wireless_dev *wdev;
20099 struct cfg80211_beacon_registration *reg, *tmp;
20100
20101 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
20102 return NOTIFY_DONE;
20103
20104 rcu_read_lock();
20105
20106 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
20107 struct cfg80211_sched_scan_request *sched_scan_req;
20108
20109 list_for_each_entry_rcu(sched_scan_req,
20110 &rdev->sched_scan_req_list,
20111 list) {
20112 if (sched_scan_req->owner_nlportid == notify->portid) {
20113 sched_scan_req->nl_owner_dead = true;
20114 wiphy_work_queue(&rdev->wiphy,
20115 &rdev->sched_scan_stop_wk);
20116 }
20117 }
20118
20119 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
20120 cfg80211_mlme_unregister_socket(wdev, notify->portid);
20121
20122 if (wdev->owner_nlportid == notify->portid) {
20123 wdev->nl_owner_dead = true;
20124 schedule_work(&rdev->destroy_work);
20125 } else if (wdev->conn_owner_nlportid == notify->portid) {
20126 schedule_work(&wdev->disconnect_wk);
20127 }
20128
20129 cfg80211_release_pmsr(wdev, notify->portid);
20130 }
20131
20132 spin_lock_bh(&rdev->beacon_registrations_lock);
20133 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
20134 list) {
20135 if (reg->nlportid == notify->portid) {
20136 list_del(®->list);
20137 kfree(reg);
20138 break;
20139 }
20140 }
20141 spin_unlock_bh(&rdev->beacon_registrations_lock);
20142 }
20143
20144 rcu_read_unlock();
20145
20146 /*
20147 * It is possible that the user space process that is controlling the
20148 * indoor setting disappeared, so notify the regulatory core.
20149 */
20150 regulatory_netlink_notify(notify->portid);
20151 return NOTIFY_OK;
20152 }
20153
20154 static struct notifier_block nl80211_netlink_notifier = {
20155 .notifier_call = nl80211_netlink_notify,
20156 };
20157
cfg80211_ft_event(struct net_device * netdev,struct cfg80211_ft_event_params * ft_event)20158 void cfg80211_ft_event(struct net_device *netdev,
20159 struct cfg80211_ft_event_params *ft_event)
20160 {
20161 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20162 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20163 struct sk_buff *msg;
20164 void *hdr;
20165
20166 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
20167
20168 if (!ft_event->target_ap)
20169 return;
20170
20171 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
20172 GFP_KERNEL);
20173 if (!msg)
20174 return;
20175
20176 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
20177 if (!hdr)
20178 goto out;
20179
20180 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20181 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20182 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
20183 goto out;
20184
20185 if (ft_event->ies &&
20186 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
20187 goto out;
20188 if (ft_event->ric_ies &&
20189 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
20190 ft_event->ric_ies))
20191 goto out;
20192
20193 genlmsg_end(msg, hdr);
20194
20195 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20196 NL80211_MCGRP_MLME, GFP_KERNEL);
20197 return;
20198 out:
20199 nlmsg_free(msg);
20200 }
20201 EXPORT_SYMBOL(cfg80211_ft_event);
20202
cfg80211_crit_proto_stopped(struct wireless_dev * wdev,gfp_t gfp)20203 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
20204 {
20205 struct cfg80211_registered_device *rdev;
20206 struct sk_buff *msg;
20207 void *hdr;
20208 u32 nlportid;
20209
20210 rdev = wiphy_to_rdev(wdev->wiphy);
20211 if (!rdev->crit_proto_nlportid)
20212 return;
20213
20214 nlportid = rdev->crit_proto_nlportid;
20215 rdev->crit_proto_nlportid = 0;
20216
20217 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20218 if (!msg)
20219 return;
20220
20221 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
20222 if (!hdr)
20223 goto nla_put_failure;
20224
20225 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20226 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20227 NL80211_ATTR_PAD))
20228 goto nla_put_failure;
20229
20230 genlmsg_end(msg, hdr);
20231
20232 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
20233 return;
20234
20235 nla_put_failure:
20236 nlmsg_free(msg);
20237 }
20238 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
20239
nl80211_send_ap_stopped(struct wireless_dev * wdev,unsigned int link_id)20240 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
20241 {
20242 struct wiphy *wiphy = wdev->wiphy;
20243 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20244 struct sk_buff *msg;
20245 void *hdr;
20246
20247 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20248 if (!msg)
20249 return;
20250
20251 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
20252 if (!hdr)
20253 goto out;
20254
20255 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20256 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
20257 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20258 NL80211_ATTR_PAD) ||
20259 (wdev->valid_links &&
20260 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
20261 goto out;
20262
20263 genlmsg_end(msg, hdr);
20264
20265 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
20266 NL80211_MCGRP_MLME, GFP_KERNEL);
20267 return;
20268 out:
20269 nlmsg_free(msg);
20270 }
20271
cfg80211_external_auth_request(struct net_device * dev,struct cfg80211_external_auth_params * params,gfp_t gfp)20272 int cfg80211_external_auth_request(struct net_device *dev,
20273 struct cfg80211_external_auth_params *params,
20274 gfp_t gfp)
20275 {
20276 struct wireless_dev *wdev = dev->ieee80211_ptr;
20277 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20278 struct sk_buff *msg;
20279 void *hdr;
20280
20281 if (!wdev->conn_owner_nlportid)
20282 return -EINVAL;
20283
20284 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20285 if (!msg)
20286 return -ENOMEM;
20287
20288 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
20289 if (!hdr)
20290 goto nla_put_failure;
20291
20292 /* Some historical mistakes in drivers <-> userspace interface (notably
20293 * between drivers and wpa_supplicant) led to a big-endian conversion
20294 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
20295 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
20296 * benefit of older wpa_supplicant versions, send this particular value
20297 * in big-endian. Note that newer wpa_supplicant will also detect this
20298 * particular value in big endian still, so it all continues to work.
20299 */
20300 if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
20301 if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
20302 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
20303 goto nla_put_failure;
20304 } else {
20305 if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
20306 params->key_mgmt_suite))
20307 goto nla_put_failure;
20308 }
20309
20310 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20311 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20312 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
20313 params->action) ||
20314 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
20315 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
20316 params->ssid.ssid) ||
20317 (!is_zero_ether_addr(params->mld_addr) &&
20318 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
20319 goto nla_put_failure;
20320
20321 genlmsg_end(msg, hdr);
20322 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
20323 wdev->conn_owner_nlportid);
20324 return 0;
20325
20326 nla_put_failure:
20327 nlmsg_free(msg);
20328 return -ENOBUFS;
20329 }
20330 EXPORT_SYMBOL(cfg80211_external_auth_request);
20331
cfg80211_update_owe_info_event(struct net_device * netdev,struct cfg80211_update_owe_info * owe_info,gfp_t gfp)20332 void cfg80211_update_owe_info_event(struct net_device *netdev,
20333 struct cfg80211_update_owe_info *owe_info,
20334 gfp_t gfp)
20335 {
20336 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
20337 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20338 struct sk_buff *msg;
20339 void *hdr;
20340
20341 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
20342
20343 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20344 if (!msg)
20345 return;
20346
20347 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
20348 if (!hdr)
20349 goto nla_put_failure;
20350
20351 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20352 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20353 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
20354 goto nla_put_failure;
20355
20356 if (!owe_info->ie_len ||
20357 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
20358 goto nla_put_failure;
20359
20360 if (owe_info->assoc_link_id != -1) {
20361 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
20362 owe_info->assoc_link_id))
20363 goto nla_put_failure;
20364
20365 if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
20366 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
20367 owe_info->peer_mld_addr))
20368 goto nla_put_failure;
20369 }
20370
20371 genlmsg_end(msg, hdr);
20372
20373 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20374 NL80211_MCGRP_MLME, gfp);
20375 return;
20376
20377 nla_put_failure:
20378 genlmsg_cancel(msg, hdr);
20379 nlmsg_free(msg);
20380 }
20381 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
20382
cfg80211_schedule_channels_check(struct wireless_dev * wdev)20383 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
20384 {
20385 struct wiphy *wiphy = wdev->wiphy;
20386
20387 /* Schedule channels check if NO_IR or DFS relaxations are supported */
20388 if (wdev->iftype == NL80211_IFTYPE_STATION &&
20389 (wiphy_ext_feature_isset(wiphy,
20390 NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
20391 (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
20392 wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
20393 reg_check_channels();
20394 }
20395 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
20396
20397 /* initialisation/exit functions */
20398
nl80211_init(void)20399 int __init nl80211_init(void)
20400 {
20401 int err;
20402
20403 err = genl_register_family(&nl80211_fam);
20404 if (err)
20405 return err;
20406
20407 err = netlink_register_notifier(&nl80211_netlink_notifier);
20408 if (err)
20409 goto err_out;
20410
20411 return 0;
20412 err_out:
20413 genl_unregister_family(&nl80211_fam);
20414 return err;
20415 }
20416
nl80211_exit(void)20417 void nl80211_exit(void)
20418 {
20419 netlink_unregister_notifier(&nl80211_netlink_notifier);
20420 genl_unregister_family(&nl80211_fam);
20421 }
20422