1 /*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 struct genl_info *info,
30 struct cfg80211_crypto_settings *settings,
31 int cipher_limit);
32
33 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
34 struct genl_info *info);
35 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
36 struct genl_info *info);
37
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
41 .name = NL80211_GENL_NAME, /* have users key off the name instead */
42 .hdrsize = 0, /* no private header */
43 .version = 1, /* no particular meaning now */
44 .maxattr = NL80211_ATTR_MAX,
45 .netnsok = true,
46 .pre_doit = nl80211_pre_doit,
47 .post_doit = nl80211_post_doit,
48 };
49
50 /* returns ERR_PTR values */
51 static struct wireless_dev *
52 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
53 {
54 struct cfg80211_registered_device *rdev;
55 struct wireless_dev *result = NULL;
56 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
57 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
58 u64 wdev_id;
59 int wiphy_idx = -1;
60 int ifidx = -1;
61
62 ASSERT_RTNL();
63
64 if (!have_ifidx && !have_wdev_id)
65 return ERR_PTR(-EINVAL);
66
67 if (have_ifidx)
68 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
69 if (have_wdev_id) {
70 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
71 wiphy_idx = wdev_id >> 32;
72 }
73
74 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
75 struct wireless_dev *wdev;
76
77 if (wiphy_net(&rdev->wiphy) != netns)
78 continue;
79
80 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
81 continue;
82
83 list_for_each_entry(wdev, &rdev->wdev_list, list) {
84 if (have_ifidx && wdev->netdev &&
85 wdev->netdev->ifindex == ifidx) {
86 result = wdev;
87 break;
88 }
89 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
90 result = wdev;
91 break;
92 }
93 }
94
95 if (result)
96 break;
97 }
98
99 if (result)
100 return result;
101 return ERR_PTR(-ENODEV);
102 }
103
104 static struct cfg80211_registered_device *
105 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
106 {
107 struct cfg80211_registered_device *rdev = NULL, *tmp;
108 struct net_device *netdev;
109
110 ASSERT_RTNL();
111
112 if (!attrs[NL80211_ATTR_WIPHY] &&
113 !attrs[NL80211_ATTR_IFINDEX] &&
114 !attrs[NL80211_ATTR_WDEV])
115 return ERR_PTR(-EINVAL);
116
117 if (attrs[NL80211_ATTR_WIPHY])
118 rdev = cfg80211_rdev_by_wiphy_idx(
119 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
120
121 if (attrs[NL80211_ATTR_WDEV]) {
122 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
123 struct wireless_dev *wdev;
124 bool found = false;
125
126 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
127 if (tmp) {
128 /* make sure wdev exists */
129 list_for_each_entry(wdev, &tmp->wdev_list, list) {
130 if (wdev->identifier != (u32)wdev_id)
131 continue;
132 found = true;
133 break;
134 }
135
136 if (!found)
137 tmp = NULL;
138
139 if (rdev && tmp != rdev)
140 return ERR_PTR(-EINVAL);
141 rdev = tmp;
142 }
143 }
144
145 if (attrs[NL80211_ATTR_IFINDEX]) {
146 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
147 netdev = dev_get_by_index(netns, ifindex);
148 if (netdev) {
149 if (netdev->ieee80211_ptr)
150 tmp = wiphy_to_dev(
151 netdev->ieee80211_ptr->wiphy);
152 else
153 tmp = NULL;
154
155 dev_put(netdev);
156
157 /* not wireless device -- return error */
158 if (!tmp)
159 return ERR_PTR(-EINVAL);
160
161 /* mismatch -- return error */
162 if (rdev && tmp != rdev)
163 return ERR_PTR(-EINVAL);
164
165 rdev = tmp;
166 }
167 }
168
169 if (!rdev)
170 return ERR_PTR(-ENODEV);
171
172 if (netns != wiphy_net(&rdev->wiphy))
173 return ERR_PTR(-ENODEV);
174
175 return rdev;
176 }
177
178 /*
179 * This function returns a pointer to the driver
180 * that the genl_info item that is passed refers to.
181 *
182 * The result of this can be a PTR_ERR and hence must
183 * be checked with IS_ERR() for errors.
184 */
185 static struct cfg80211_registered_device *
186 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
187 {
188 return __cfg80211_rdev_from_attrs(netns, info->attrs);
189 }
190
191 /* policy for the attributes */
192 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
193 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
194 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
195 .len = 20-1 },
196 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
197
198 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
199 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
200 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
201 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
202 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
203
204 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
205 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
206 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
207 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
208 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
209
210 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
211 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
212 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
213
214 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
215 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
216
217 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
218 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
219 .len = WLAN_MAX_KEY_LEN },
220 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
221 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
222 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
223 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
224 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
225
226 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
227 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
228 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
229 .len = IEEE80211_MAX_DATA_LEN },
230 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
231 .len = IEEE80211_MAX_DATA_LEN },
232 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
233 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
234 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
235 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
236 .len = NL80211_MAX_SUPP_RATES },
237 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
238 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
239 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
240 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
241 .len = IEEE80211_MAX_MESH_ID_LEN },
242 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
243
244 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
245 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
246
247 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
248 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
249 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
250 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
251 .len = NL80211_MAX_SUPP_RATES },
252 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
253
254 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
255 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
256
257 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
258
259 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
260 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
261 .len = IEEE80211_MAX_DATA_LEN },
262 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
263 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
264
265 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
266 .len = IEEE80211_MAX_SSID_LEN },
267 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
268 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
269 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
270 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
271 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
272 [NL80211_ATTR_STA_FLAGS2] = {
273 .len = sizeof(struct nl80211_sta_flag_update),
274 },
275 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
276 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
277 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
278 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
279 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
280 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
281 [NL80211_ATTR_PID] = { .type = NLA_U32 },
282 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
283 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
284 .len = WLAN_PMKID_LEN },
285 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
286 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
287 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
288 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
289 .len = IEEE80211_MAX_DATA_LEN },
290 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
291 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
292 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
293 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
294 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
295 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
296 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
297 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
298 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
299 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
300 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
301 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
302 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
303 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
304 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
305 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
306 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
307 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
308 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
309 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
310 .len = IEEE80211_MAX_DATA_LEN },
311 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
312 .len = IEEE80211_MAX_DATA_LEN },
313 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
314 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
315 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
316 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
317 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
318 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
319 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
320 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
321 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
322 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
323 .len = IEEE80211_MAX_DATA_LEN },
324 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
325 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
326 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
327 .len = NL80211_HT_CAPABILITY_LEN
328 },
329 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
330 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
331 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
332 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
333 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
334 [NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
335 [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
336 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
337 [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
338 [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
339 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
340 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
341 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
342 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
343 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
344 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
345 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
346 .len = NL80211_VHT_CAPABILITY_LEN,
347 },
348 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
349 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
350 .len = IEEE80211_MAX_DATA_LEN },
351 [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
352 };
353
354 /* policy for the key attributes */
355 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
356 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
357 [NL80211_KEY_IDX] = { .type = NLA_U8 },
358 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
359 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
360 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
361 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
362 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
363 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
364 };
365
366 /* policy for the key default flags */
367 static const struct nla_policy
368 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
369 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
370 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
371 };
372
373 /* policy for WoWLAN attributes */
374 static const struct nla_policy
375 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
376 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
377 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
378 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
379 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
380 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
381 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
382 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
383 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
384 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
385 };
386
387 static const struct nla_policy
388 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
389 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
390 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
391 [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
392 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
393 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
394 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
395 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
396 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
397 },
398 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
399 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
400 },
401 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
402 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
403 [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
404 };
405
406 /* policy for GTK rekey offload attributes */
407 static const struct nla_policy
408 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
409 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
410 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
411 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
412 };
413
414 static const struct nla_policy
415 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
416 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
417 .len = IEEE80211_MAX_SSID_LEN },
418 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
419 };
420
421 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
422 struct netlink_callback *cb,
423 struct cfg80211_registered_device **rdev,
424 struct wireless_dev **wdev)
425 {
426 int err;
427
428 rtnl_lock();
429
430 if (!cb->args[0]) {
431 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
432 nl80211_fam.attrbuf, nl80211_fam.maxattr,
433 nl80211_policy);
434 if (err)
435 goto out_unlock;
436
437 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
438 nl80211_fam.attrbuf);
439 if (IS_ERR(*wdev)) {
440 err = PTR_ERR(*wdev);
441 goto out_unlock;
442 }
443 *rdev = wiphy_to_dev((*wdev)->wiphy);
444 /* 0 is the first index - add 1 to parse only once */
445 cb->args[0] = (*rdev)->wiphy_idx + 1;
446 cb->args[1] = (*wdev)->identifier;
447 } else {
448 /* subtract the 1 again here */
449 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
450 struct wireless_dev *tmp;
451
452 if (!wiphy) {
453 err = -ENODEV;
454 goto out_unlock;
455 }
456 *rdev = wiphy_to_dev(wiphy);
457 *wdev = NULL;
458
459 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
460 if (tmp->identifier == cb->args[1]) {
461 *wdev = tmp;
462 break;
463 }
464 }
465
466 if (!*wdev) {
467 err = -ENODEV;
468 goto out_unlock;
469 }
470 }
471
472 return 0;
473 out_unlock:
474 rtnl_unlock();
475 return err;
476 }
477
478 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
479 {
480 rtnl_unlock();
481 }
482
483 /* IE validation */
484 static bool is_valid_ie_attr(const struct nlattr *attr)
485 {
486 const u8 *pos;
487 int len;
488
489 if (!attr)
490 return true;
491
492 pos = nla_data(attr);
493 len = nla_len(attr);
494
495 while (len) {
496 u8 elemlen;
497
498 if (len < 2)
499 return false;
500 len -= 2;
501
502 elemlen = pos[1];
503 if (elemlen > len)
504 return false;
505
506 len -= elemlen;
507 pos += 2 + elemlen;
508 }
509
510 return true;
511 }
512
513 /* message building helper */
514 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
515 int flags, u8 cmd)
516 {
517 /* since there is no private header just add the generic one */
518 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
519 }
520
521 static int nl80211_msg_put_channel(struct sk_buff *msg,
522 struct ieee80211_channel *chan,
523 bool large)
524 {
525 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
526 chan->center_freq))
527 goto nla_put_failure;
528
529 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
530 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
531 goto nla_put_failure;
532 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
533 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
534 goto nla_put_failure;
535 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
536 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
537 goto nla_put_failure;
538 if (chan->flags & IEEE80211_CHAN_RADAR) {
539 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
540 goto nla_put_failure;
541 if (large) {
542 u32 time;
543
544 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
545
546 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
547 chan->dfs_state))
548 goto nla_put_failure;
549 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
550 time))
551 goto nla_put_failure;
552 }
553 }
554
555 if (large) {
556 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
557 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
558 goto nla_put_failure;
559 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
560 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
561 goto nla_put_failure;
562 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
563 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
564 goto nla_put_failure;
565 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
566 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
567 goto nla_put_failure;
568 }
569
570 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
571 DBM_TO_MBM(chan->max_power)))
572 goto nla_put_failure;
573
574 return 0;
575
576 nla_put_failure:
577 return -ENOBUFS;
578 }
579
580 /* netlink command implementations */
581
582 struct key_parse {
583 struct key_params p;
584 int idx;
585 int type;
586 bool def, defmgmt;
587 bool def_uni, def_multi;
588 };
589
590 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
591 {
592 struct nlattr *tb[NL80211_KEY_MAX + 1];
593 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
594 nl80211_key_policy);
595 if (err)
596 return err;
597
598 k->def = !!tb[NL80211_KEY_DEFAULT];
599 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
600
601 if (k->def) {
602 k->def_uni = true;
603 k->def_multi = true;
604 }
605 if (k->defmgmt)
606 k->def_multi = true;
607
608 if (tb[NL80211_KEY_IDX])
609 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
610
611 if (tb[NL80211_KEY_DATA]) {
612 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
613 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
614 }
615
616 if (tb[NL80211_KEY_SEQ]) {
617 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
618 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
619 }
620
621 if (tb[NL80211_KEY_CIPHER])
622 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
623
624 if (tb[NL80211_KEY_TYPE]) {
625 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
626 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
627 return -EINVAL;
628 }
629
630 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
631 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
632 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
633 tb[NL80211_KEY_DEFAULT_TYPES],
634 nl80211_key_default_policy);
635 if (err)
636 return err;
637
638 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
639 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
640 }
641
642 return 0;
643 }
644
645 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
646 {
647 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
648 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
649 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
650 }
651
652 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
653 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
654 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
655 }
656
657 if (info->attrs[NL80211_ATTR_KEY_IDX])
658 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
659
660 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
661 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
662
663 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
664 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
665
666 if (k->def) {
667 k->def_uni = true;
668 k->def_multi = true;
669 }
670 if (k->defmgmt)
671 k->def_multi = true;
672
673 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
674 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
675 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
676 return -EINVAL;
677 }
678
679 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
680 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
681 int err = nla_parse_nested(
682 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
683 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
684 nl80211_key_default_policy);
685 if (err)
686 return err;
687
688 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
689 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
690 }
691
692 return 0;
693 }
694
695 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
696 {
697 int err;
698
699 memset(k, 0, sizeof(*k));
700 k->idx = -1;
701 k->type = -1;
702
703 if (info->attrs[NL80211_ATTR_KEY])
704 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
705 else
706 err = nl80211_parse_key_old(info, k);
707
708 if (err)
709 return err;
710
711 if (k->def && k->defmgmt)
712 return -EINVAL;
713
714 if (k->defmgmt) {
715 if (k->def_uni || !k->def_multi)
716 return -EINVAL;
717 }
718
719 if (k->idx != -1) {
720 if (k->defmgmt) {
721 if (k->idx < 4 || k->idx > 5)
722 return -EINVAL;
723 } else if (k->def) {
724 if (k->idx < 0 || k->idx > 3)
725 return -EINVAL;
726 } else {
727 if (k->idx < 0 || k->idx > 5)
728 return -EINVAL;
729 }
730 }
731
732 return 0;
733 }
734
735 static struct cfg80211_cached_keys *
736 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
737 struct nlattr *keys, bool *no_ht)
738 {
739 struct key_parse parse;
740 struct nlattr *key;
741 struct cfg80211_cached_keys *result;
742 int rem, err, def = 0;
743
744 result = kzalloc(sizeof(*result), GFP_KERNEL);
745 if (!result)
746 return ERR_PTR(-ENOMEM);
747
748 result->def = -1;
749 result->defmgmt = -1;
750
751 nla_for_each_nested(key, keys, rem) {
752 memset(&parse, 0, sizeof(parse));
753 parse.idx = -1;
754
755 err = nl80211_parse_key_new(key, &parse);
756 if (err)
757 goto error;
758 err = -EINVAL;
759 if (!parse.p.key)
760 goto error;
761 if (parse.idx < 0 || parse.idx > 4)
762 goto error;
763 if (parse.def) {
764 if (def)
765 goto error;
766 def = 1;
767 result->def = parse.idx;
768 if (!parse.def_uni || !parse.def_multi)
769 goto error;
770 } else if (parse.defmgmt)
771 goto error;
772 err = cfg80211_validate_key_settings(rdev, &parse.p,
773 parse.idx, false, NULL);
774 if (err)
775 goto error;
776 result->params[parse.idx].cipher = parse.p.cipher;
777 result->params[parse.idx].key_len = parse.p.key_len;
778 result->params[parse.idx].key = result->data[parse.idx];
779 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
780
781 if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
782 parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
783 if (no_ht)
784 *no_ht = true;
785 }
786 }
787
788 return result;
789 error:
790 kfree(result);
791 return ERR_PTR(err);
792 }
793
794 static int nl80211_key_allowed(struct wireless_dev *wdev)
795 {
796 ASSERT_WDEV_LOCK(wdev);
797
798 switch (wdev->iftype) {
799 case NL80211_IFTYPE_AP:
800 case NL80211_IFTYPE_AP_VLAN:
801 case NL80211_IFTYPE_P2P_GO:
802 case NL80211_IFTYPE_MESH_POINT:
803 break;
804 case NL80211_IFTYPE_ADHOC:
805 case NL80211_IFTYPE_STATION:
806 case NL80211_IFTYPE_P2P_CLIENT:
807 if (!wdev->current_bss)
808 return -ENOLINK;
809 break;
810 default:
811 return -EINVAL;
812 }
813
814 return 0;
815 }
816
817 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
818 {
819 struct nlattr *nl_modes = nla_nest_start(msg, attr);
820 int i;
821
822 if (!nl_modes)
823 goto nla_put_failure;
824
825 i = 0;
826 while (ifmodes) {
827 if ((ifmodes & 1) && nla_put_flag(msg, i))
828 goto nla_put_failure;
829 ifmodes >>= 1;
830 i++;
831 }
832
833 nla_nest_end(msg, nl_modes);
834 return 0;
835
836 nla_put_failure:
837 return -ENOBUFS;
838 }
839
840 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
841 struct sk_buff *msg,
842 bool large)
843 {
844 struct nlattr *nl_combis;
845 int i, j;
846
847 nl_combis = nla_nest_start(msg,
848 NL80211_ATTR_INTERFACE_COMBINATIONS);
849 if (!nl_combis)
850 goto nla_put_failure;
851
852 for (i = 0; i < wiphy->n_iface_combinations; i++) {
853 const struct ieee80211_iface_combination *c;
854 struct nlattr *nl_combi, *nl_limits;
855
856 c = &wiphy->iface_combinations[i];
857
858 nl_combi = nla_nest_start(msg, i + 1);
859 if (!nl_combi)
860 goto nla_put_failure;
861
862 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
863 if (!nl_limits)
864 goto nla_put_failure;
865
866 for (j = 0; j < c->n_limits; j++) {
867 struct nlattr *nl_limit;
868
869 nl_limit = nla_nest_start(msg, j + 1);
870 if (!nl_limit)
871 goto nla_put_failure;
872 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
873 c->limits[j].max))
874 goto nla_put_failure;
875 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
876 c->limits[j].types))
877 goto nla_put_failure;
878 nla_nest_end(msg, nl_limit);
879 }
880
881 nla_nest_end(msg, nl_limits);
882
883 if (c->beacon_int_infra_match &&
884 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
885 goto nla_put_failure;
886 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
887 c->num_different_channels) ||
888 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
889 c->max_interfaces))
890 goto nla_put_failure;
891 if (large &&
892 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
893 c->radar_detect_widths))
894 goto nla_put_failure;
895
896 nla_nest_end(msg, nl_combi);
897 }
898
899 nla_nest_end(msg, nl_combis);
900
901 return 0;
902 nla_put_failure:
903 return -ENOBUFS;
904 }
905
906 #ifdef CONFIG_PM
907 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
908 struct sk_buff *msg)
909 {
910 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
911 struct nlattr *nl_tcp;
912
913 if (!tcp)
914 return 0;
915
916 nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
917 if (!nl_tcp)
918 return -ENOBUFS;
919
920 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
921 tcp->data_payload_max))
922 return -ENOBUFS;
923
924 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
925 tcp->data_payload_max))
926 return -ENOBUFS;
927
928 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
929 return -ENOBUFS;
930
931 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
932 sizeof(*tcp->tok), tcp->tok))
933 return -ENOBUFS;
934
935 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
936 tcp->data_interval_max))
937 return -ENOBUFS;
938
939 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
940 tcp->wake_payload_max))
941 return -ENOBUFS;
942
943 nla_nest_end(msg, nl_tcp);
944 return 0;
945 }
946
947 static int nl80211_send_wowlan(struct sk_buff *msg,
948 struct cfg80211_registered_device *dev,
949 bool large)
950 {
951 struct nlattr *nl_wowlan;
952
953 if (!dev->wiphy.wowlan)
954 return 0;
955
956 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
957 if (!nl_wowlan)
958 return -ENOBUFS;
959
960 if (((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
961 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
962 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
963 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
964 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
965 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
966 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
967 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
968 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
969 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
970 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
971 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
972 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
973 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
974 ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
975 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
976 return -ENOBUFS;
977
978 if (dev->wiphy.wowlan->n_patterns) {
979 struct nl80211_wowlan_pattern_support pat = {
980 .max_patterns = dev->wiphy.wowlan->n_patterns,
981 .min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
982 .max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
983 .max_pkt_offset = dev->wiphy.wowlan->max_pkt_offset,
984 };
985
986 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
987 sizeof(pat), &pat))
988 return -ENOBUFS;
989 }
990
991 if (large && nl80211_send_wowlan_tcp_caps(dev, msg))
992 return -ENOBUFS;
993
994 nla_nest_end(msg, nl_wowlan);
995
996 return 0;
997 }
998 #endif
999
1000 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1001 struct ieee80211_supported_band *sband)
1002 {
1003 struct nlattr *nl_rates, *nl_rate;
1004 struct ieee80211_rate *rate;
1005 int i;
1006
1007 /* add HT info */
1008 if (sband->ht_cap.ht_supported &&
1009 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1010 sizeof(sband->ht_cap.mcs),
1011 &sband->ht_cap.mcs) ||
1012 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1013 sband->ht_cap.cap) ||
1014 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1015 sband->ht_cap.ampdu_factor) ||
1016 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1017 sband->ht_cap.ampdu_density)))
1018 return -ENOBUFS;
1019
1020 /* add VHT info */
1021 if (sband->vht_cap.vht_supported &&
1022 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1023 sizeof(sband->vht_cap.vht_mcs),
1024 &sband->vht_cap.vht_mcs) ||
1025 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1026 sband->vht_cap.cap)))
1027 return -ENOBUFS;
1028
1029 /* add bitrates */
1030 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1031 if (!nl_rates)
1032 return -ENOBUFS;
1033
1034 for (i = 0; i < sband->n_bitrates; i++) {
1035 nl_rate = nla_nest_start(msg, i);
1036 if (!nl_rate)
1037 return -ENOBUFS;
1038
1039 rate = &sband->bitrates[i];
1040 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1041 rate->bitrate))
1042 return -ENOBUFS;
1043 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1044 nla_put_flag(msg,
1045 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1046 return -ENOBUFS;
1047
1048 nla_nest_end(msg, nl_rate);
1049 }
1050
1051 nla_nest_end(msg, nl_rates);
1052
1053 return 0;
1054 }
1055
1056 static int
1057 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1058 const struct ieee80211_txrx_stypes *mgmt_stypes)
1059 {
1060 u16 stypes;
1061 struct nlattr *nl_ftypes, *nl_ifs;
1062 enum nl80211_iftype ift;
1063 int i;
1064
1065 if (!mgmt_stypes)
1066 return 0;
1067
1068 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1069 if (!nl_ifs)
1070 return -ENOBUFS;
1071
1072 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1073 nl_ftypes = nla_nest_start(msg, ift);
1074 if (!nl_ftypes)
1075 return -ENOBUFS;
1076 i = 0;
1077 stypes = mgmt_stypes[ift].tx;
1078 while (stypes) {
1079 if ((stypes & 1) &&
1080 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1081 (i << 4) | IEEE80211_FTYPE_MGMT))
1082 return -ENOBUFS;
1083 stypes >>= 1;
1084 i++;
1085 }
1086 nla_nest_end(msg, nl_ftypes);
1087 }
1088
1089 nla_nest_end(msg, nl_ifs);
1090
1091 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1092 if (!nl_ifs)
1093 return -ENOBUFS;
1094
1095 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1096 nl_ftypes = nla_nest_start(msg, ift);
1097 if (!nl_ftypes)
1098 return -ENOBUFS;
1099 i = 0;
1100 stypes = mgmt_stypes[ift].rx;
1101 while (stypes) {
1102 if ((stypes & 1) &&
1103 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1104 (i << 4) | IEEE80211_FTYPE_MGMT))
1105 return -ENOBUFS;
1106 stypes >>= 1;
1107 i++;
1108 }
1109 nla_nest_end(msg, nl_ftypes);
1110 }
1111 nla_nest_end(msg, nl_ifs);
1112
1113 return 0;
1114 }
1115
1116 struct nl80211_dump_wiphy_state {
1117 s64 filter_wiphy;
1118 long start;
1119 long split_start, band_start, chan_start;
1120 bool split;
1121 };
1122
1123 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1124 struct sk_buff *msg, u32 portid, u32 seq,
1125 int flags, struct nl80211_dump_wiphy_state *state)
1126 {
1127 void *hdr;
1128 struct nlattr *nl_bands, *nl_band;
1129 struct nlattr *nl_freqs, *nl_freq;
1130 struct nlattr *nl_cmds;
1131 enum ieee80211_band band;
1132 struct ieee80211_channel *chan;
1133 int i;
1134 const struct ieee80211_txrx_stypes *mgmt_stypes =
1135 dev->wiphy.mgmt_stypes;
1136 u32 features;
1137
1138 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
1139 if (!hdr)
1140 return -ENOBUFS;
1141
1142 if (WARN_ON(!state))
1143 return -EINVAL;
1144
1145 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
1146 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1147 wiphy_name(&dev->wiphy)) ||
1148 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1149 cfg80211_rdev_list_generation))
1150 goto nla_put_failure;
1151
1152 switch (state->split_start) {
1153 case 0:
1154 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1155 dev->wiphy.retry_short) ||
1156 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1157 dev->wiphy.retry_long) ||
1158 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1159 dev->wiphy.frag_threshold) ||
1160 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1161 dev->wiphy.rts_threshold) ||
1162 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1163 dev->wiphy.coverage_class) ||
1164 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1165 dev->wiphy.max_scan_ssids) ||
1166 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1167 dev->wiphy.max_sched_scan_ssids) ||
1168 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1169 dev->wiphy.max_scan_ie_len) ||
1170 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1171 dev->wiphy.max_sched_scan_ie_len) ||
1172 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1173 dev->wiphy.max_match_sets))
1174 goto nla_put_failure;
1175
1176 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1177 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1178 goto nla_put_failure;
1179 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1180 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1181 goto nla_put_failure;
1182 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1183 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1184 goto nla_put_failure;
1185 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1186 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1187 goto nla_put_failure;
1188 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1189 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1190 goto nla_put_failure;
1191 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1192 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1193 goto nla_put_failure;
1194 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1195 nla_put_flag(msg, WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1196 goto nla_put_failure;
1197
1198 state->split_start++;
1199 if (state->split)
1200 break;
1201 case 1:
1202 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1203 sizeof(u32) * dev->wiphy.n_cipher_suites,
1204 dev->wiphy.cipher_suites))
1205 goto nla_put_failure;
1206
1207 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1208 dev->wiphy.max_num_pmkids))
1209 goto nla_put_failure;
1210
1211 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1212 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1213 goto nla_put_failure;
1214
1215 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1216 dev->wiphy.available_antennas_tx) ||
1217 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1218 dev->wiphy.available_antennas_rx))
1219 goto nla_put_failure;
1220
1221 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1222 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1223 dev->wiphy.probe_resp_offload))
1224 goto nla_put_failure;
1225
1226 if ((dev->wiphy.available_antennas_tx ||
1227 dev->wiphy.available_antennas_rx) &&
1228 dev->ops->get_antenna) {
1229 u32 tx_ant = 0, rx_ant = 0;
1230 int res;
1231 res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
1232 if (!res) {
1233 if (nla_put_u32(msg,
1234 NL80211_ATTR_WIPHY_ANTENNA_TX,
1235 tx_ant) ||
1236 nla_put_u32(msg,
1237 NL80211_ATTR_WIPHY_ANTENNA_RX,
1238 rx_ant))
1239 goto nla_put_failure;
1240 }
1241 }
1242
1243 state->split_start++;
1244 if (state->split)
1245 break;
1246 case 2:
1247 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1248 dev->wiphy.interface_modes))
1249 goto nla_put_failure;
1250 state->split_start++;
1251 if (state->split)
1252 break;
1253 case 3:
1254 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1255 if (!nl_bands)
1256 goto nla_put_failure;
1257
1258 for (band = state->band_start;
1259 band < IEEE80211_NUM_BANDS; band++) {
1260 struct ieee80211_supported_band *sband;
1261
1262 sband = dev->wiphy.bands[band];
1263
1264 if (!sband)
1265 continue;
1266
1267 nl_band = nla_nest_start(msg, band);
1268 if (!nl_band)
1269 goto nla_put_failure;
1270
1271 switch (state->chan_start) {
1272 case 0:
1273 if (nl80211_send_band_rateinfo(msg, sband))
1274 goto nla_put_failure;
1275 state->chan_start++;
1276 if (state->split)
1277 break;
1278 default:
1279 /* add frequencies */
1280 nl_freqs = nla_nest_start(
1281 msg, NL80211_BAND_ATTR_FREQS);
1282 if (!nl_freqs)
1283 goto nla_put_failure;
1284
1285 for (i = state->chan_start - 1;
1286 i < sband->n_channels;
1287 i++) {
1288 nl_freq = nla_nest_start(msg, i);
1289 if (!nl_freq)
1290 goto nla_put_failure;
1291
1292 chan = &sband->channels[i];
1293
1294 if (nl80211_msg_put_channel(
1295 msg, chan,
1296 state->split))
1297 goto nla_put_failure;
1298
1299 nla_nest_end(msg, nl_freq);
1300 if (state->split)
1301 break;
1302 }
1303 if (i < sband->n_channels)
1304 state->chan_start = i + 2;
1305 else
1306 state->chan_start = 0;
1307 nla_nest_end(msg, nl_freqs);
1308 }
1309
1310 nla_nest_end(msg, nl_band);
1311
1312 if (state->split) {
1313 /* start again here */
1314 if (state->chan_start)
1315 band--;
1316 break;
1317 }
1318 }
1319 nla_nest_end(msg, nl_bands);
1320
1321 if (band < IEEE80211_NUM_BANDS)
1322 state->band_start = band + 1;
1323 else
1324 state->band_start = 0;
1325
1326 /* if bands & channels are done, continue outside */
1327 if (state->band_start == 0 && state->chan_start == 0)
1328 state->split_start++;
1329 if (state->split)
1330 break;
1331 case 4:
1332 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1333 if (!nl_cmds)
1334 goto nla_put_failure;
1335
1336 i = 0;
1337 #define CMD(op, n) \
1338 do { \
1339 if (dev->ops->op) { \
1340 i++; \
1341 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1342 goto nla_put_failure; \
1343 } \
1344 } while (0)
1345
1346 CMD(add_virtual_intf, NEW_INTERFACE);
1347 CMD(change_virtual_intf, SET_INTERFACE);
1348 CMD(add_key, NEW_KEY);
1349 CMD(start_ap, START_AP);
1350 CMD(add_station, NEW_STATION);
1351 CMD(add_mpath, NEW_MPATH);
1352 CMD(update_mesh_config, SET_MESH_CONFIG);
1353 CMD(change_bss, SET_BSS);
1354 CMD(auth, AUTHENTICATE);
1355 CMD(assoc, ASSOCIATE);
1356 CMD(deauth, DEAUTHENTICATE);
1357 CMD(disassoc, DISASSOCIATE);
1358 CMD(join_ibss, JOIN_IBSS);
1359 CMD(join_mesh, JOIN_MESH);
1360 CMD(set_pmksa, SET_PMKSA);
1361 CMD(del_pmksa, DEL_PMKSA);
1362 CMD(flush_pmksa, FLUSH_PMKSA);
1363 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1364 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1365 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1366 CMD(mgmt_tx, FRAME);
1367 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1368 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1369 i++;
1370 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1371 goto nla_put_failure;
1372 }
1373 if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1374 dev->ops->join_mesh) {
1375 i++;
1376 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1377 goto nla_put_failure;
1378 }
1379 CMD(set_wds_peer, SET_WDS_PEER);
1380 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1381 CMD(tdls_mgmt, TDLS_MGMT);
1382 CMD(tdls_oper, TDLS_OPER);
1383 }
1384 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1385 CMD(sched_scan_start, START_SCHED_SCAN);
1386 CMD(probe_client, PROBE_CLIENT);
1387 CMD(set_noack_map, SET_NOACK_MAP);
1388 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1389 i++;
1390 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1391 goto nla_put_failure;
1392 }
1393 CMD(start_p2p_device, START_P2P_DEVICE);
1394 CMD(set_mcast_rate, SET_MCAST_RATE);
1395 if (state->split) {
1396 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1397 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1398 }
1399
1400 #ifdef CONFIG_NL80211_TESTMODE
1401 CMD(testmode_cmd, TESTMODE);
1402 #endif
1403
1404 #undef CMD
1405
1406 if (dev->ops->connect || dev->ops->auth) {
1407 i++;
1408 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1409 goto nla_put_failure;
1410 }
1411
1412 if (dev->ops->disconnect || dev->ops->deauth) {
1413 i++;
1414 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1415 goto nla_put_failure;
1416 }
1417
1418 nla_nest_end(msg, nl_cmds);
1419 state->split_start++;
1420 if (state->split)
1421 break;
1422 case 5:
1423 if (dev->ops->remain_on_channel &&
1424 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1425 nla_put_u32(msg,
1426 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1427 dev->wiphy.max_remain_on_channel_duration))
1428 goto nla_put_failure;
1429
1430 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1431 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1432 goto nla_put_failure;
1433
1434 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1435 goto nla_put_failure;
1436 state->split_start++;
1437 if (state->split)
1438 break;
1439 case 6:
1440 #ifdef CONFIG_PM
1441 if (nl80211_send_wowlan(msg, dev, state->split))
1442 goto nla_put_failure;
1443 state->split_start++;
1444 if (state->split)
1445 break;
1446 #else
1447 state->split_start++;
1448 #endif
1449 case 7:
1450 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1451 dev->wiphy.software_iftypes))
1452 goto nla_put_failure;
1453
1454 if (nl80211_put_iface_combinations(&dev->wiphy, msg,
1455 state->split))
1456 goto nla_put_failure;
1457
1458 state->split_start++;
1459 if (state->split)
1460 break;
1461 case 8:
1462 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1463 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1464 dev->wiphy.ap_sme_capa))
1465 goto nla_put_failure;
1466
1467 features = dev->wiphy.features;
1468 /*
1469 * We can only add the per-channel limit information if the
1470 * dump is split, otherwise it makes it too big. Therefore
1471 * only advertise it in that case.
1472 */
1473 if (state->split)
1474 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1475 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1476 goto nla_put_failure;
1477
1478 if (dev->wiphy.ht_capa_mod_mask &&
1479 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1480 sizeof(*dev->wiphy.ht_capa_mod_mask),
1481 dev->wiphy.ht_capa_mod_mask))
1482 goto nla_put_failure;
1483
1484 if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1485 dev->wiphy.max_acl_mac_addrs &&
1486 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1487 dev->wiphy.max_acl_mac_addrs))
1488 goto nla_put_failure;
1489
1490 /*
1491 * Any information below this point is only available to
1492 * applications that can deal with it being split. This
1493 * helps ensure that newly added capabilities don't break
1494 * older tools by overrunning their buffers.
1495 *
1496 * We still increment split_start so that in the split
1497 * case we'll continue with more data in the next round,
1498 * but break unconditionally so unsplit data stops here.
1499 */
1500 state->split_start++;
1501 break;
1502 case 9:
1503 if (dev->wiphy.extended_capabilities &&
1504 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1505 dev->wiphy.extended_capabilities_len,
1506 dev->wiphy.extended_capabilities) ||
1507 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1508 dev->wiphy.extended_capabilities_len,
1509 dev->wiphy.extended_capabilities_mask)))
1510 goto nla_put_failure;
1511
1512 if (dev->wiphy.vht_capa_mod_mask &&
1513 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1514 sizeof(*dev->wiphy.vht_capa_mod_mask),
1515 dev->wiphy.vht_capa_mod_mask))
1516 goto nla_put_failure;
1517
1518 /* done */
1519 state->split_start = 0;
1520 break;
1521 }
1522 return genlmsg_end(msg, hdr);
1523
1524 nla_put_failure:
1525 genlmsg_cancel(msg, hdr);
1526 return -EMSGSIZE;
1527 }
1528
1529 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1530 struct netlink_callback *cb,
1531 struct nl80211_dump_wiphy_state *state)
1532 {
1533 struct nlattr **tb = nl80211_fam.attrbuf;
1534 int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1535 tb, nl80211_fam.maxattr, nl80211_policy);
1536 /* ignore parse errors for backward compatibility */
1537 if (ret)
1538 return 0;
1539
1540 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1541 if (tb[NL80211_ATTR_WIPHY])
1542 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1543 if (tb[NL80211_ATTR_WDEV])
1544 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1545 if (tb[NL80211_ATTR_IFINDEX]) {
1546 struct net_device *netdev;
1547 struct cfg80211_registered_device *rdev;
1548 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1549
1550 netdev = dev_get_by_index(sock_net(skb->sk), ifidx);
1551 if (!netdev)
1552 return -ENODEV;
1553 if (netdev->ieee80211_ptr) {
1554 rdev = wiphy_to_dev(
1555 netdev->ieee80211_ptr->wiphy);
1556 state->filter_wiphy = rdev->wiphy_idx;
1557 }
1558 dev_put(netdev);
1559 }
1560
1561 return 0;
1562 }
1563
1564 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1565 {
1566 int idx = 0, ret;
1567 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1568 struct cfg80211_registered_device *dev;
1569
1570 rtnl_lock();
1571 if (!state) {
1572 state = kzalloc(sizeof(*state), GFP_KERNEL);
1573 if (!state) {
1574 rtnl_unlock();
1575 return -ENOMEM;
1576 }
1577 state->filter_wiphy = -1;
1578 ret = nl80211_dump_wiphy_parse(skb, cb, state);
1579 if (ret) {
1580 kfree(state);
1581 rtnl_unlock();
1582 return ret;
1583 }
1584 cb->args[0] = (long)state;
1585 }
1586
1587 list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1588 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1589 continue;
1590 if (++idx <= state->start)
1591 continue;
1592 if (state->filter_wiphy != -1 &&
1593 state->filter_wiphy != dev->wiphy_idx)
1594 continue;
1595 /* attempt to fit multiple wiphy data chunks into the skb */
1596 do {
1597 ret = nl80211_send_wiphy(dev, skb,
1598 NETLINK_CB(cb->skb).portid,
1599 cb->nlh->nlmsg_seq,
1600 NLM_F_MULTI, state);
1601 if (ret < 0) {
1602 /*
1603 * If sending the wiphy data didn't fit (ENOBUFS
1604 * or EMSGSIZE returned), this SKB is still
1605 * empty (so it's not too big because another
1606 * wiphy dataset is already in the skb) and
1607 * we've not tried to adjust the dump allocation
1608 * yet ... then adjust the alloc size to be
1609 * bigger, and return 1 but with the empty skb.
1610 * This results in an empty message being RX'ed
1611 * in userspace, but that is ignored.
1612 *
1613 * We can then retry with the larger buffer.
1614 */
1615 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1616 !skb->len &&
1617 cb->min_dump_alloc < 4096) {
1618 cb->min_dump_alloc = 4096;
1619 rtnl_unlock();
1620 return 1;
1621 }
1622 idx--;
1623 break;
1624 }
1625 } while (state->split_start > 0);
1626 break;
1627 }
1628 rtnl_unlock();
1629
1630 state->start = idx;
1631
1632 return skb->len;
1633 }
1634
1635 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1636 {
1637 kfree((void *)cb->args[0]);
1638 return 0;
1639 }
1640
1641 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1642 {
1643 struct sk_buff *msg;
1644 struct cfg80211_registered_device *dev = info->user_ptr[0];
1645 struct nl80211_dump_wiphy_state state = {};
1646
1647 msg = nlmsg_new(4096, GFP_KERNEL);
1648 if (!msg)
1649 return -ENOMEM;
1650
1651 if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0,
1652 &state) < 0) {
1653 nlmsg_free(msg);
1654 return -ENOBUFS;
1655 }
1656
1657 return genlmsg_reply(msg, info);
1658 }
1659
1660 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1661 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1662 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1663 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1664 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1665 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1666 };
1667
1668 static int parse_txq_params(struct nlattr *tb[],
1669 struct ieee80211_txq_params *txq_params)
1670 {
1671 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1672 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1673 !tb[NL80211_TXQ_ATTR_AIFS])
1674 return -EINVAL;
1675
1676 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1677 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1678 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1679 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1680 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1681
1682 if (txq_params->ac >= NL80211_NUM_ACS)
1683 return -EINVAL;
1684
1685 return 0;
1686 }
1687
1688 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1689 {
1690 /*
1691 * You can only set the channel explicitly for WDS interfaces,
1692 * all others have their channel managed via their respective
1693 * "establish a connection" command (connect, join, ...)
1694 *
1695 * For AP/GO and mesh mode, the channel can be set with the
1696 * channel userspace API, but is only stored and passed to the
1697 * low-level driver when the AP starts or the mesh is joined.
1698 * This is for backward compatibility, userspace can also give
1699 * the channel in the start-ap or join-mesh commands instead.
1700 *
1701 * Monitors are special as they are normally slaved to
1702 * whatever else is going on, so they have their own special
1703 * operation to set the monitor channel if possible.
1704 */
1705 return !wdev ||
1706 wdev->iftype == NL80211_IFTYPE_AP ||
1707 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1708 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1709 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1710 }
1711
1712 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1713 struct genl_info *info,
1714 struct cfg80211_chan_def *chandef)
1715 {
1716 u32 control_freq;
1717
1718 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1719 return -EINVAL;
1720
1721 control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1722
1723 chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1724 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1725 chandef->center_freq1 = control_freq;
1726 chandef->center_freq2 = 0;
1727
1728 /* Primary channel not allowed */
1729 if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1730 return -EINVAL;
1731
1732 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1733 enum nl80211_channel_type chantype;
1734
1735 chantype = nla_get_u32(
1736 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1737
1738 switch (chantype) {
1739 case NL80211_CHAN_NO_HT:
1740 case NL80211_CHAN_HT20:
1741 case NL80211_CHAN_HT40PLUS:
1742 case NL80211_CHAN_HT40MINUS:
1743 cfg80211_chandef_create(chandef, chandef->chan,
1744 chantype);
1745 break;
1746 default:
1747 return -EINVAL;
1748 }
1749 } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1750 chandef->width =
1751 nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1752 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1753 chandef->center_freq1 =
1754 nla_get_u32(
1755 info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1756 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1757 chandef->center_freq2 =
1758 nla_get_u32(
1759 info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1760 }
1761
1762 if (!cfg80211_chandef_valid(chandef))
1763 return -EINVAL;
1764
1765 if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1766 IEEE80211_CHAN_DISABLED))
1767 return -EINVAL;
1768
1769 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1770 chandef->width == NL80211_CHAN_WIDTH_10) &&
1771 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1772 return -EINVAL;
1773
1774 return 0;
1775 }
1776
1777 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1778 struct wireless_dev *wdev,
1779 struct genl_info *info)
1780 {
1781 struct cfg80211_chan_def chandef;
1782 int result;
1783 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1784
1785 if (wdev)
1786 iftype = wdev->iftype;
1787
1788 if (!nl80211_can_set_dev_channel(wdev))
1789 return -EOPNOTSUPP;
1790
1791 result = nl80211_parse_chandef(rdev, info, &chandef);
1792 if (result)
1793 return result;
1794
1795 switch (iftype) {
1796 case NL80211_IFTYPE_AP:
1797 case NL80211_IFTYPE_P2P_GO:
1798 if (wdev->beacon_interval) {
1799 result = -EBUSY;
1800 break;
1801 }
1802 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1803 result = -EINVAL;
1804 break;
1805 }
1806 wdev->preset_chandef = chandef;
1807 result = 0;
1808 break;
1809 case NL80211_IFTYPE_MESH_POINT:
1810 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1811 break;
1812 case NL80211_IFTYPE_MONITOR:
1813 result = cfg80211_set_monitor_channel(rdev, &chandef);
1814 break;
1815 default:
1816 result = -EINVAL;
1817 }
1818
1819 return result;
1820 }
1821
1822 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1823 {
1824 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1825 struct net_device *netdev = info->user_ptr[1];
1826
1827 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1828 }
1829
1830 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1831 {
1832 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1833 struct net_device *dev = info->user_ptr[1];
1834 struct wireless_dev *wdev = dev->ieee80211_ptr;
1835 const u8 *bssid;
1836
1837 if (!info->attrs[NL80211_ATTR_MAC])
1838 return -EINVAL;
1839
1840 if (netif_running(dev))
1841 return -EBUSY;
1842
1843 if (!rdev->ops->set_wds_peer)
1844 return -EOPNOTSUPP;
1845
1846 if (wdev->iftype != NL80211_IFTYPE_WDS)
1847 return -EOPNOTSUPP;
1848
1849 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1850 return rdev_set_wds_peer(rdev, dev, bssid);
1851 }
1852
1853
1854 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1855 {
1856 struct cfg80211_registered_device *rdev;
1857 struct net_device *netdev = NULL;
1858 struct wireless_dev *wdev;
1859 int result = 0, rem_txq_params = 0;
1860 struct nlattr *nl_txq_params;
1861 u32 changed;
1862 u8 retry_short = 0, retry_long = 0;
1863 u32 frag_threshold = 0, rts_threshold = 0;
1864 u8 coverage_class = 0;
1865
1866 ASSERT_RTNL();
1867
1868 /*
1869 * Try to find the wiphy and netdev. Normally this
1870 * function shouldn't need the netdev, but this is
1871 * done for backward compatibility -- previously
1872 * setting the channel was done per wiphy, but now
1873 * it is per netdev. Previous userland like hostapd
1874 * also passed a netdev to set_wiphy, so that it is
1875 * possible to let that go to the right netdev!
1876 */
1877
1878 if (info->attrs[NL80211_ATTR_IFINDEX]) {
1879 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1880
1881 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1882 if (netdev && netdev->ieee80211_ptr)
1883 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1884 else
1885 netdev = NULL;
1886 }
1887
1888 if (!netdev) {
1889 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1890 info->attrs);
1891 if (IS_ERR(rdev))
1892 return PTR_ERR(rdev);
1893 wdev = NULL;
1894 netdev = NULL;
1895 result = 0;
1896 } else
1897 wdev = netdev->ieee80211_ptr;
1898
1899 /*
1900 * end workaround code, by now the rdev is available
1901 * and locked, and wdev may or may not be NULL.
1902 */
1903
1904 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1905 result = cfg80211_dev_rename(
1906 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1907
1908 if (result)
1909 goto bad_res;
1910
1911 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1912 struct ieee80211_txq_params txq_params;
1913 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1914
1915 if (!rdev->ops->set_txq_params) {
1916 result = -EOPNOTSUPP;
1917 goto bad_res;
1918 }
1919
1920 if (!netdev) {
1921 result = -EINVAL;
1922 goto bad_res;
1923 }
1924
1925 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1926 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1927 result = -EINVAL;
1928 goto bad_res;
1929 }
1930
1931 if (!netif_running(netdev)) {
1932 result = -ENETDOWN;
1933 goto bad_res;
1934 }
1935
1936 nla_for_each_nested(nl_txq_params,
1937 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1938 rem_txq_params) {
1939 nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1940 nla_data(nl_txq_params),
1941 nla_len(nl_txq_params),
1942 txq_params_policy);
1943 result = parse_txq_params(tb, &txq_params);
1944 if (result)
1945 goto bad_res;
1946
1947 result = rdev_set_txq_params(rdev, netdev,
1948 &txq_params);
1949 if (result)
1950 goto bad_res;
1951 }
1952 }
1953
1954 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1955 result = __nl80211_set_channel(rdev,
1956 nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
1957 info);
1958 if (result)
1959 goto bad_res;
1960 }
1961
1962 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1963 struct wireless_dev *txp_wdev = wdev;
1964 enum nl80211_tx_power_setting type;
1965 int idx, mbm = 0;
1966
1967 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
1968 txp_wdev = NULL;
1969
1970 if (!rdev->ops->set_tx_power) {
1971 result = -EOPNOTSUPP;
1972 goto bad_res;
1973 }
1974
1975 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1976 type = nla_get_u32(info->attrs[idx]);
1977
1978 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1979 (type != NL80211_TX_POWER_AUTOMATIC)) {
1980 result = -EINVAL;
1981 goto bad_res;
1982 }
1983
1984 if (type != NL80211_TX_POWER_AUTOMATIC) {
1985 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1986 mbm = nla_get_u32(info->attrs[idx]);
1987 }
1988
1989 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
1990 if (result)
1991 goto bad_res;
1992 }
1993
1994 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1995 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1996 u32 tx_ant, rx_ant;
1997 if ((!rdev->wiphy.available_antennas_tx &&
1998 !rdev->wiphy.available_antennas_rx) ||
1999 !rdev->ops->set_antenna) {
2000 result = -EOPNOTSUPP;
2001 goto bad_res;
2002 }
2003
2004 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2005 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2006
2007 /* reject antenna configurations which don't match the
2008 * available antenna masks, except for the "all" mask */
2009 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2010 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
2011 result = -EINVAL;
2012 goto bad_res;
2013 }
2014
2015 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2016 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2017
2018 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2019 if (result)
2020 goto bad_res;
2021 }
2022
2023 changed = 0;
2024
2025 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2026 retry_short = nla_get_u8(
2027 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2028 if (retry_short == 0) {
2029 result = -EINVAL;
2030 goto bad_res;
2031 }
2032 changed |= WIPHY_PARAM_RETRY_SHORT;
2033 }
2034
2035 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2036 retry_long = nla_get_u8(
2037 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2038 if (retry_long == 0) {
2039 result = -EINVAL;
2040 goto bad_res;
2041 }
2042 changed |= WIPHY_PARAM_RETRY_LONG;
2043 }
2044
2045 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2046 frag_threshold = nla_get_u32(
2047 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2048 if (frag_threshold < 256) {
2049 result = -EINVAL;
2050 goto bad_res;
2051 }
2052 if (frag_threshold != (u32) -1) {
2053 /*
2054 * Fragments (apart from the last one) are required to
2055 * have even length. Make the fragmentation code
2056 * simpler by stripping LSB should someone try to use
2057 * odd threshold value.
2058 */
2059 frag_threshold &= ~0x1;
2060 }
2061 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2062 }
2063
2064 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2065 rts_threshold = nla_get_u32(
2066 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2067 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2068 }
2069
2070 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2071 coverage_class = nla_get_u8(
2072 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2073 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2074 }
2075
2076 if (changed) {
2077 u8 old_retry_short, old_retry_long;
2078 u32 old_frag_threshold, old_rts_threshold;
2079 u8 old_coverage_class;
2080
2081 if (!rdev->ops->set_wiphy_params) {
2082 result = -EOPNOTSUPP;
2083 goto bad_res;
2084 }
2085
2086 old_retry_short = rdev->wiphy.retry_short;
2087 old_retry_long = rdev->wiphy.retry_long;
2088 old_frag_threshold = rdev->wiphy.frag_threshold;
2089 old_rts_threshold = rdev->wiphy.rts_threshold;
2090 old_coverage_class = rdev->wiphy.coverage_class;
2091
2092 if (changed & WIPHY_PARAM_RETRY_SHORT)
2093 rdev->wiphy.retry_short = retry_short;
2094 if (changed & WIPHY_PARAM_RETRY_LONG)
2095 rdev->wiphy.retry_long = retry_long;
2096 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2097 rdev->wiphy.frag_threshold = frag_threshold;
2098 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2099 rdev->wiphy.rts_threshold = rts_threshold;
2100 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2101 rdev->wiphy.coverage_class = coverage_class;
2102
2103 result = rdev_set_wiphy_params(rdev, changed);
2104 if (result) {
2105 rdev->wiphy.retry_short = old_retry_short;
2106 rdev->wiphy.retry_long = old_retry_long;
2107 rdev->wiphy.frag_threshold = old_frag_threshold;
2108 rdev->wiphy.rts_threshold = old_rts_threshold;
2109 rdev->wiphy.coverage_class = old_coverage_class;
2110 }
2111 }
2112
2113 bad_res:
2114 if (netdev)
2115 dev_put(netdev);
2116 return result;
2117 }
2118
2119 static inline u64 wdev_id(struct wireless_dev *wdev)
2120 {
2121 return (u64)wdev->identifier |
2122 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
2123 }
2124
2125 static int nl80211_send_chandef(struct sk_buff *msg,
2126 struct cfg80211_chan_def *chandef)
2127 {
2128 WARN_ON(!cfg80211_chandef_valid(chandef));
2129
2130 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2131 chandef->chan->center_freq))
2132 return -ENOBUFS;
2133 switch (chandef->width) {
2134 case NL80211_CHAN_WIDTH_20_NOHT:
2135 case NL80211_CHAN_WIDTH_20:
2136 case NL80211_CHAN_WIDTH_40:
2137 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2138 cfg80211_get_chandef_type(chandef)))
2139 return -ENOBUFS;
2140 break;
2141 default:
2142 break;
2143 }
2144 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2145 return -ENOBUFS;
2146 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2147 return -ENOBUFS;
2148 if (chandef->center_freq2 &&
2149 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2150 return -ENOBUFS;
2151 return 0;
2152 }
2153
2154 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2155 struct cfg80211_registered_device *rdev,
2156 struct wireless_dev *wdev)
2157 {
2158 struct net_device *dev = wdev->netdev;
2159 void *hdr;
2160
2161 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2162 if (!hdr)
2163 return -1;
2164
2165 if (dev &&
2166 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2167 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2168 goto nla_put_failure;
2169
2170 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2171 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2172 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2173 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2174 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2175 rdev->devlist_generation ^
2176 (cfg80211_rdev_list_generation << 2)))
2177 goto nla_put_failure;
2178
2179 if (rdev->ops->get_channel) {
2180 int ret;
2181 struct cfg80211_chan_def chandef;
2182
2183 ret = rdev_get_channel(rdev, wdev, &chandef);
2184 if (ret == 0) {
2185 if (nl80211_send_chandef(msg, &chandef))
2186 goto nla_put_failure;
2187 }
2188 }
2189
2190 if (wdev->ssid_len) {
2191 if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2192 goto nla_put_failure;
2193 }
2194
2195 return genlmsg_end(msg, hdr);
2196
2197 nla_put_failure:
2198 genlmsg_cancel(msg, hdr);
2199 return -EMSGSIZE;
2200 }
2201
2202 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2203 {
2204 int wp_idx = 0;
2205 int if_idx = 0;
2206 int wp_start = cb->args[0];
2207 int if_start = cb->args[1];
2208 struct cfg80211_registered_device *rdev;
2209 struct wireless_dev *wdev;
2210
2211 rtnl_lock();
2212 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2213 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2214 continue;
2215 if (wp_idx < wp_start) {
2216 wp_idx++;
2217 continue;
2218 }
2219 if_idx = 0;
2220
2221 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2222 if (if_idx < if_start) {
2223 if_idx++;
2224 continue;
2225 }
2226 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2227 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2228 rdev, wdev) < 0) {
2229 goto out;
2230 }
2231 if_idx++;
2232 }
2233
2234 wp_idx++;
2235 }
2236 out:
2237 rtnl_unlock();
2238
2239 cb->args[0] = wp_idx;
2240 cb->args[1] = if_idx;
2241
2242 return skb->len;
2243 }
2244
2245 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2246 {
2247 struct sk_buff *msg;
2248 struct cfg80211_registered_device *dev = info->user_ptr[0];
2249 struct wireless_dev *wdev = info->user_ptr[1];
2250
2251 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2252 if (!msg)
2253 return -ENOMEM;
2254
2255 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2256 dev, wdev) < 0) {
2257 nlmsg_free(msg);
2258 return -ENOBUFS;
2259 }
2260
2261 return genlmsg_reply(msg, info);
2262 }
2263
2264 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2265 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2266 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2267 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2268 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2269 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2270 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2271 };
2272
2273 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2274 {
2275 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2276 int flag;
2277
2278 *mntrflags = 0;
2279
2280 if (!nla)
2281 return -EINVAL;
2282
2283 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2284 nla, mntr_flags_policy))
2285 return -EINVAL;
2286
2287 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2288 if (flags[flag])
2289 *mntrflags |= (1<<flag);
2290
2291 return 0;
2292 }
2293
2294 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2295 struct net_device *netdev, u8 use_4addr,
2296 enum nl80211_iftype iftype)
2297 {
2298 if (!use_4addr) {
2299 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2300 return -EBUSY;
2301 return 0;
2302 }
2303
2304 switch (iftype) {
2305 case NL80211_IFTYPE_AP_VLAN:
2306 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2307 return 0;
2308 break;
2309 case NL80211_IFTYPE_STATION:
2310 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2311 return 0;
2312 break;
2313 default:
2314 break;
2315 }
2316
2317 return -EOPNOTSUPP;
2318 }
2319
2320 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2321 {
2322 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2323 struct vif_params params;
2324 int err;
2325 enum nl80211_iftype otype, ntype;
2326 struct net_device *dev = info->user_ptr[1];
2327 u32 _flags, *flags = NULL;
2328 bool change = false;
2329
2330 memset(¶ms, 0, sizeof(params));
2331
2332 otype = ntype = dev->ieee80211_ptr->iftype;
2333
2334 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2335 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2336 if (otype != ntype)
2337 change = true;
2338 if (ntype > NL80211_IFTYPE_MAX)
2339 return -EINVAL;
2340 }
2341
2342 if (info->attrs[NL80211_ATTR_MESH_ID]) {
2343 struct wireless_dev *wdev = dev->ieee80211_ptr;
2344
2345 if (ntype != NL80211_IFTYPE_MESH_POINT)
2346 return -EINVAL;
2347 if (netif_running(dev))
2348 return -EBUSY;
2349
2350 wdev_lock(wdev);
2351 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2352 IEEE80211_MAX_MESH_ID_LEN);
2353 wdev->mesh_id_up_len =
2354 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2355 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2356 wdev->mesh_id_up_len);
2357 wdev_unlock(wdev);
2358 }
2359
2360 if (info->attrs[NL80211_ATTR_4ADDR]) {
2361 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2362 change = true;
2363 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2364 if (err)
2365 return err;
2366 } else {
2367 params.use_4addr = -1;
2368 }
2369
2370 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2371 if (ntype != NL80211_IFTYPE_MONITOR)
2372 return -EINVAL;
2373 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2374 &_flags);
2375 if (err)
2376 return err;
2377
2378 flags = &_flags;
2379 change = true;
2380 }
2381
2382 if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2383 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2384 return -EOPNOTSUPP;
2385
2386 if (change)
2387 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
2388 else
2389 err = 0;
2390
2391 if (!err && params.use_4addr != -1)
2392 dev->ieee80211_ptr->use_4addr = params.use_4addr;
2393
2394 return err;
2395 }
2396
2397 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2398 {
2399 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2400 struct vif_params params;
2401 struct wireless_dev *wdev;
2402 struct sk_buff *msg;
2403 int err;
2404 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2405 u32 flags;
2406
2407 memset(¶ms, 0, sizeof(params));
2408
2409 if (!info->attrs[NL80211_ATTR_IFNAME])
2410 return -EINVAL;
2411
2412 if (info->attrs[NL80211_ATTR_IFTYPE]) {
2413 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2414 if (type > NL80211_IFTYPE_MAX)
2415 return -EINVAL;
2416 }
2417
2418 if (!rdev->ops->add_virtual_intf ||
2419 !(rdev->wiphy.interface_modes & (1 << type)))
2420 return -EOPNOTSUPP;
2421
2422 if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2423 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2424 ETH_ALEN);
2425 if (!is_valid_ether_addr(params.macaddr))
2426 return -EADDRNOTAVAIL;
2427 }
2428
2429 if (info->attrs[NL80211_ATTR_4ADDR]) {
2430 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2431 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2432 if (err)
2433 return err;
2434 }
2435
2436 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2437 if (!msg)
2438 return -ENOMEM;
2439
2440 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2441 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2442 &flags);
2443
2444 if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2445 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2446 return -EOPNOTSUPP;
2447
2448 wdev = rdev_add_virtual_intf(rdev,
2449 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2450 type, err ? NULL : &flags, ¶ms);
2451 if (IS_ERR(wdev)) {
2452 nlmsg_free(msg);
2453 return PTR_ERR(wdev);
2454 }
2455
2456 switch (type) {
2457 case NL80211_IFTYPE_MESH_POINT:
2458 if (!info->attrs[NL80211_ATTR_MESH_ID])
2459 break;
2460 wdev_lock(wdev);
2461 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2462 IEEE80211_MAX_MESH_ID_LEN);
2463 wdev->mesh_id_up_len =
2464 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2465 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2466 wdev->mesh_id_up_len);
2467 wdev_unlock(wdev);
2468 break;
2469 case NL80211_IFTYPE_P2P_DEVICE:
2470 /*
2471 * P2P Device doesn't have a netdev, so doesn't go
2472 * through the netdev notifier and must be added here
2473 */
2474 mutex_init(&wdev->mtx);
2475 INIT_LIST_HEAD(&wdev->event_list);
2476 spin_lock_init(&wdev->event_lock);
2477 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2478 spin_lock_init(&wdev->mgmt_registrations_lock);
2479
2480 wdev->identifier = ++rdev->wdev_id;
2481 list_add_rcu(&wdev->list, &rdev->wdev_list);
2482 rdev->devlist_generation++;
2483 break;
2484 default:
2485 break;
2486 }
2487
2488 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2489 rdev, wdev) < 0) {
2490 nlmsg_free(msg);
2491 return -ENOBUFS;
2492 }
2493
2494 return genlmsg_reply(msg, info);
2495 }
2496
2497 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2498 {
2499 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2500 struct wireless_dev *wdev = info->user_ptr[1];
2501
2502 if (!rdev->ops->del_virtual_intf)
2503 return -EOPNOTSUPP;
2504
2505 /*
2506 * If we remove a wireless device without a netdev then clear
2507 * user_ptr[1] so that nl80211_post_doit won't dereference it
2508 * to check if it needs to do dev_put(). Otherwise it crashes
2509 * since the wdev has been freed, unlike with a netdev where
2510 * we need the dev_put() for the netdev to really be freed.
2511 */
2512 if (!wdev->netdev)
2513 info->user_ptr[1] = NULL;
2514
2515 return rdev_del_virtual_intf(rdev, wdev);
2516 }
2517
2518 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2519 {
2520 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2521 struct net_device *dev = info->user_ptr[1];
2522 u16 noack_map;
2523
2524 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2525 return -EINVAL;
2526
2527 if (!rdev->ops->set_noack_map)
2528 return -EOPNOTSUPP;
2529
2530 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2531
2532 return rdev_set_noack_map(rdev, dev, noack_map);
2533 }
2534
2535 struct get_key_cookie {
2536 struct sk_buff *msg;
2537 int error;
2538 int idx;
2539 };
2540
2541 static void get_key_callback(void *c, struct key_params *params)
2542 {
2543 struct nlattr *key;
2544 struct get_key_cookie *cookie = c;
2545
2546 if ((params->key &&
2547 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2548 params->key_len, params->key)) ||
2549 (params->seq &&
2550 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2551 params->seq_len, params->seq)) ||
2552 (params->cipher &&
2553 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2554 params->cipher)))
2555 goto nla_put_failure;
2556
2557 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2558 if (!key)
2559 goto nla_put_failure;
2560
2561 if ((params->key &&
2562 nla_put(cookie->msg, NL80211_KEY_DATA,
2563 params->key_len, params->key)) ||
2564 (params->seq &&
2565 nla_put(cookie->msg, NL80211_KEY_SEQ,
2566 params->seq_len, params->seq)) ||
2567 (params->cipher &&
2568 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2569 params->cipher)))
2570 goto nla_put_failure;
2571
2572 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2573 goto nla_put_failure;
2574
2575 nla_nest_end(cookie->msg, key);
2576
2577 return;
2578 nla_put_failure:
2579 cookie->error = 1;
2580 }
2581
2582 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2583 {
2584 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2585 int err;
2586 struct net_device *dev = info->user_ptr[1];
2587 u8 key_idx = 0;
2588 const u8 *mac_addr = NULL;
2589 bool pairwise;
2590 struct get_key_cookie cookie = {
2591 .error = 0,
2592 };
2593 void *hdr;
2594 struct sk_buff *msg;
2595
2596 if (info->attrs[NL80211_ATTR_KEY_IDX])
2597 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2598
2599 if (key_idx > 5)
2600 return -EINVAL;
2601
2602 if (info->attrs[NL80211_ATTR_MAC])
2603 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2604
2605 pairwise = !!mac_addr;
2606 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2607 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2608 if (kt >= NUM_NL80211_KEYTYPES)
2609 return -EINVAL;
2610 if (kt != NL80211_KEYTYPE_GROUP &&
2611 kt != NL80211_KEYTYPE_PAIRWISE)
2612 return -EINVAL;
2613 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2614 }
2615
2616 if (!rdev->ops->get_key)
2617 return -EOPNOTSUPP;
2618
2619 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2620 if (!msg)
2621 return -ENOMEM;
2622
2623 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2624 NL80211_CMD_NEW_KEY);
2625 if (!hdr)
2626 return -ENOBUFS;
2627
2628 cookie.msg = msg;
2629 cookie.idx = key_idx;
2630
2631 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2632 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2633 goto nla_put_failure;
2634 if (mac_addr &&
2635 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2636 goto nla_put_failure;
2637
2638 if (pairwise && mac_addr &&
2639 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2640 return -ENOENT;
2641
2642 err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2643 get_key_callback);
2644
2645 if (err)
2646 goto free_msg;
2647
2648 if (cookie.error)
2649 goto nla_put_failure;
2650
2651 genlmsg_end(msg, hdr);
2652 return genlmsg_reply(msg, info);
2653
2654 nla_put_failure:
2655 err = -ENOBUFS;
2656 free_msg:
2657 nlmsg_free(msg);
2658 return err;
2659 }
2660
2661 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2662 {
2663 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2664 struct key_parse key;
2665 int err;
2666 struct net_device *dev = info->user_ptr[1];
2667
2668 err = nl80211_parse_key(info, &key);
2669 if (err)
2670 return err;
2671
2672 if (key.idx < 0)
2673 return -EINVAL;
2674
2675 /* only support setting default key */
2676 if (!key.def && !key.defmgmt)
2677 return -EINVAL;
2678
2679 wdev_lock(dev->ieee80211_ptr);
2680
2681 if (key.def) {
2682 if (!rdev->ops->set_default_key) {
2683 err = -EOPNOTSUPP;
2684 goto out;
2685 }
2686
2687 err = nl80211_key_allowed(dev->ieee80211_ptr);
2688 if (err)
2689 goto out;
2690
2691 err = rdev_set_default_key(rdev, dev, key.idx,
2692 key.def_uni, key.def_multi);
2693
2694 if (err)
2695 goto out;
2696
2697 #ifdef CONFIG_CFG80211_WEXT
2698 dev->ieee80211_ptr->wext.default_key = key.idx;
2699 #endif
2700 } else {
2701 if (key.def_uni || !key.def_multi) {
2702 err = -EINVAL;
2703 goto out;
2704 }
2705
2706 if (!rdev->ops->set_default_mgmt_key) {
2707 err = -EOPNOTSUPP;
2708 goto out;
2709 }
2710
2711 err = nl80211_key_allowed(dev->ieee80211_ptr);
2712 if (err)
2713 goto out;
2714
2715 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2716 if (err)
2717 goto out;
2718
2719 #ifdef CONFIG_CFG80211_WEXT
2720 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2721 #endif
2722 }
2723
2724 out:
2725 wdev_unlock(dev->ieee80211_ptr);
2726
2727 return err;
2728 }
2729
2730 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2731 {
2732 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2733 int err;
2734 struct net_device *dev = info->user_ptr[1];
2735 struct key_parse key;
2736 const u8 *mac_addr = NULL;
2737
2738 err = nl80211_parse_key(info, &key);
2739 if (err)
2740 return err;
2741
2742 if (!key.p.key)
2743 return -EINVAL;
2744
2745 if (info->attrs[NL80211_ATTR_MAC])
2746 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2747
2748 if (key.type == -1) {
2749 if (mac_addr)
2750 key.type = NL80211_KEYTYPE_PAIRWISE;
2751 else
2752 key.type = NL80211_KEYTYPE_GROUP;
2753 }
2754
2755 /* for now */
2756 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2757 key.type != NL80211_KEYTYPE_GROUP)
2758 return -EINVAL;
2759
2760 if (!rdev->ops->add_key)
2761 return -EOPNOTSUPP;
2762
2763 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2764 key.type == NL80211_KEYTYPE_PAIRWISE,
2765 mac_addr))
2766 return -EINVAL;
2767
2768 wdev_lock(dev->ieee80211_ptr);
2769 err = nl80211_key_allowed(dev->ieee80211_ptr);
2770 if (!err)
2771 err = rdev_add_key(rdev, dev, key.idx,
2772 key.type == NL80211_KEYTYPE_PAIRWISE,
2773 mac_addr, &key.p);
2774 wdev_unlock(dev->ieee80211_ptr);
2775
2776 return err;
2777 }
2778
2779 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2780 {
2781 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2782 int err;
2783 struct net_device *dev = info->user_ptr[1];
2784 u8 *mac_addr = NULL;
2785 struct key_parse key;
2786
2787 err = nl80211_parse_key(info, &key);
2788 if (err)
2789 return err;
2790
2791 if (info->attrs[NL80211_ATTR_MAC])
2792 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2793
2794 if (key.type == -1) {
2795 if (mac_addr)
2796 key.type = NL80211_KEYTYPE_PAIRWISE;
2797 else
2798 key.type = NL80211_KEYTYPE_GROUP;
2799 }
2800
2801 /* for now */
2802 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2803 key.type != NL80211_KEYTYPE_GROUP)
2804 return -EINVAL;
2805
2806 if (!rdev->ops->del_key)
2807 return -EOPNOTSUPP;
2808
2809 wdev_lock(dev->ieee80211_ptr);
2810 err = nl80211_key_allowed(dev->ieee80211_ptr);
2811
2812 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2813 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2814 err = -ENOENT;
2815
2816 if (!err)
2817 err = rdev_del_key(rdev, dev, key.idx,
2818 key.type == NL80211_KEYTYPE_PAIRWISE,
2819 mac_addr);
2820
2821 #ifdef CONFIG_CFG80211_WEXT
2822 if (!err) {
2823 if (key.idx == dev->ieee80211_ptr->wext.default_key)
2824 dev->ieee80211_ptr->wext.default_key = -1;
2825 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2826 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2827 }
2828 #endif
2829 wdev_unlock(dev->ieee80211_ptr);
2830
2831 return err;
2832 }
2833
2834 /* This function returns an error or the number of nested attributes */
2835 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2836 {
2837 struct nlattr *attr;
2838 int n_entries = 0, tmp;
2839
2840 nla_for_each_nested(attr, nl_attr, tmp) {
2841 if (nla_len(attr) != ETH_ALEN)
2842 return -EINVAL;
2843
2844 n_entries++;
2845 }
2846
2847 return n_entries;
2848 }
2849
2850 /*
2851 * This function parses ACL information and allocates memory for ACL data.
2852 * On successful return, the calling function is responsible to free the
2853 * ACL buffer returned by this function.
2854 */
2855 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2856 struct genl_info *info)
2857 {
2858 enum nl80211_acl_policy acl_policy;
2859 struct nlattr *attr;
2860 struct cfg80211_acl_data *acl;
2861 int i = 0, n_entries, tmp;
2862
2863 if (!wiphy->max_acl_mac_addrs)
2864 return ERR_PTR(-EOPNOTSUPP);
2865
2866 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2867 return ERR_PTR(-EINVAL);
2868
2869 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2870 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2871 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2872 return ERR_PTR(-EINVAL);
2873
2874 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2875 return ERR_PTR(-EINVAL);
2876
2877 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2878 if (n_entries < 0)
2879 return ERR_PTR(n_entries);
2880
2881 if (n_entries > wiphy->max_acl_mac_addrs)
2882 return ERR_PTR(-ENOTSUPP);
2883
2884 acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2885 GFP_KERNEL);
2886 if (!acl)
2887 return ERR_PTR(-ENOMEM);
2888
2889 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
2890 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
2891 i++;
2892 }
2893
2894 acl->n_acl_entries = n_entries;
2895 acl->acl_policy = acl_policy;
2896
2897 return acl;
2898 }
2899
2900 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
2901 {
2902 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2903 struct net_device *dev = info->user_ptr[1];
2904 struct cfg80211_acl_data *acl;
2905 int err;
2906
2907 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2908 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2909 return -EOPNOTSUPP;
2910
2911 if (!dev->ieee80211_ptr->beacon_interval)
2912 return -EINVAL;
2913
2914 acl = parse_acl_data(&rdev->wiphy, info);
2915 if (IS_ERR(acl))
2916 return PTR_ERR(acl);
2917
2918 err = rdev_set_mac_acl(rdev, dev, acl);
2919
2920 kfree(acl);
2921
2922 return err;
2923 }
2924
2925 static int nl80211_parse_beacon(struct nlattr *attrs[],
2926 struct cfg80211_beacon_data *bcn)
2927 {
2928 bool haveinfo = false;
2929
2930 if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
2931 !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
2932 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2933 !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2934 return -EINVAL;
2935
2936 memset(bcn, 0, sizeof(*bcn));
2937
2938 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
2939 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
2940 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
2941 if (!bcn->head_len)
2942 return -EINVAL;
2943 haveinfo = true;
2944 }
2945
2946 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
2947 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
2948 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
2949 haveinfo = true;
2950 }
2951
2952 if (!haveinfo)
2953 return -EINVAL;
2954
2955 if (attrs[NL80211_ATTR_IE]) {
2956 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
2957 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
2958 }
2959
2960 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2961 bcn->proberesp_ies =
2962 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
2963 bcn->proberesp_ies_len =
2964 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
2965 }
2966
2967 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2968 bcn->assocresp_ies =
2969 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2970 bcn->assocresp_ies_len =
2971 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2972 }
2973
2974 if (attrs[NL80211_ATTR_PROBE_RESP]) {
2975 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
2976 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
2977 }
2978
2979 return 0;
2980 }
2981
2982 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
2983 struct cfg80211_ap_settings *params)
2984 {
2985 struct wireless_dev *wdev;
2986 bool ret = false;
2987
2988 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2989 if (wdev->iftype != NL80211_IFTYPE_AP &&
2990 wdev->iftype != NL80211_IFTYPE_P2P_GO)
2991 continue;
2992
2993 if (!wdev->preset_chandef.chan)
2994 continue;
2995
2996 params->chandef = wdev->preset_chandef;
2997 ret = true;
2998 break;
2999 }
3000
3001 return ret;
3002 }
3003
3004 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3005 enum nl80211_auth_type auth_type,
3006 enum nl80211_commands cmd)
3007 {
3008 if (auth_type > NL80211_AUTHTYPE_MAX)
3009 return false;
3010
3011 switch (cmd) {
3012 case NL80211_CMD_AUTHENTICATE:
3013 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3014 auth_type == NL80211_AUTHTYPE_SAE)
3015 return false;
3016 return true;
3017 case NL80211_CMD_CONNECT:
3018 case NL80211_CMD_START_AP:
3019 /* SAE not supported yet */
3020 if (auth_type == NL80211_AUTHTYPE_SAE)
3021 return false;
3022 return true;
3023 default:
3024 return false;
3025 }
3026 }
3027
3028 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3029 {
3030 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3031 struct net_device *dev = info->user_ptr[1];
3032 struct wireless_dev *wdev = dev->ieee80211_ptr;
3033 struct cfg80211_ap_settings params;
3034 int err;
3035 u8 radar_detect_width = 0;
3036
3037 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3038 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3039 return -EOPNOTSUPP;
3040
3041 if (!rdev->ops->start_ap)
3042 return -EOPNOTSUPP;
3043
3044 if (wdev->beacon_interval)
3045 return -EALREADY;
3046
3047 memset(¶ms, 0, sizeof(params));
3048
3049 /* these are required for START_AP */
3050 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3051 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3052 !info->attrs[NL80211_ATTR_BEACON_HEAD])
3053 return -EINVAL;
3054
3055 err = nl80211_parse_beacon(info->attrs, ¶ms.beacon);
3056 if (err)
3057 return err;
3058
3059 params.beacon_interval =
3060 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3061 params.dtim_period =
3062 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3063
3064 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3065 if (err)
3066 return err;
3067
3068 /*
3069 * In theory, some of these attributes should be required here
3070 * but since they were not used when the command was originally
3071 * added, keep them optional for old user space programs to let
3072 * them continue to work with drivers that do not need the
3073 * additional information -- drivers must check!
3074 */
3075 if (info->attrs[NL80211_ATTR_SSID]) {
3076 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3077 params.ssid_len =
3078 nla_len(info->attrs[NL80211_ATTR_SSID]);
3079 if (params.ssid_len == 0 ||
3080 params.ssid_len > IEEE80211_MAX_SSID_LEN)
3081 return -EINVAL;
3082 }
3083
3084 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3085 params.hidden_ssid = nla_get_u32(
3086 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3087 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3088 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3089 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3090 return -EINVAL;
3091 }
3092
3093 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3094
3095 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3096 params.auth_type = nla_get_u32(
3097 info->attrs[NL80211_ATTR_AUTH_TYPE]);
3098 if (!nl80211_valid_auth_type(rdev, params.auth_type,
3099 NL80211_CMD_START_AP))
3100 return -EINVAL;
3101 } else
3102 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3103
3104 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
3105 NL80211_MAX_NR_CIPHER_SUITES);
3106 if (err)
3107 return err;
3108
3109 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3110 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3111 return -EOPNOTSUPP;
3112 params.inactivity_timeout = nla_get_u16(
3113 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3114 }
3115
3116 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3117 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3118 return -EINVAL;
3119 params.p2p_ctwindow =
3120 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3121 if (params.p2p_ctwindow > 127)
3122 return -EINVAL;
3123 if (params.p2p_ctwindow != 0 &&
3124 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3125 return -EINVAL;
3126 }
3127
3128 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3129 u8 tmp;
3130
3131 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3132 return -EINVAL;
3133 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3134 if (tmp > 1)
3135 return -EINVAL;
3136 params.p2p_opp_ps = tmp;
3137 if (params.p2p_opp_ps != 0 &&
3138 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3139 return -EINVAL;
3140 }
3141
3142 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3143 err = nl80211_parse_chandef(rdev, info, ¶ms.chandef);
3144 if (err)
3145 return err;
3146 } else if (wdev->preset_chandef.chan) {
3147 params.chandef = wdev->preset_chandef;
3148 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
3149 return -EINVAL;
3150
3151 if (!cfg80211_reg_can_beacon(&rdev->wiphy, ¶ms.chandef))
3152 return -EINVAL;
3153
3154 err = cfg80211_chandef_dfs_required(wdev->wiphy, ¶ms.chandef);
3155 if (err < 0)
3156 return err;
3157 if (err) {
3158 radar_detect_width = BIT(params.chandef.width);
3159 params.radar_required = true;
3160 }
3161
3162 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
3163 params.chandef.chan,
3164 CHAN_MODE_SHARED,
3165 radar_detect_width);
3166 if (err)
3167 return err;
3168
3169 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3170 params.acl = parse_acl_data(&rdev->wiphy, info);
3171 if (IS_ERR(params.acl))
3172 return PTR_ERR(params.acl);
3173 }
3174
3175 err = rdev_start_ap(rdev, dev, ¶ms);
3176 if (!err) {
3177 wdev->preset_chandef = params.chandef;
3178 wdev->beacon_interval = params.beacon_interval;
3179 wdev->channel = params.chandef.chan;
3180 wdev->ssid_len = params.ssid_len;
3181 memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3182 }
3183
3184 kfree(params.acl);
3185
3186 return err;
3187 }
3188
3189 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3190 {
3191 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3192 struct net_device *dev = info->user_ptr[1];
3193 struct wireless_dev *wdev = dev->ieee80211_ptr;
3194 struct cfg80211_beacon_data params;
3195 int err;
3196
3197 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3198 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3199 return -EOPNOTSUPP;
3200
3201 if (!rdev->ops->change_beacon)
3202 return -EOPNOTSUPP;
3203
3204 if (!wdev->beacon_interval)
3205 return -EINVAL;
3206
3207 err = nl80211_parse_beacon(info->attrs, ¶ms);
3208 if (err)
3209 return err;
3210
3211 return rdev_change_beacon(rdev, dev, ¶ms);
3212 }
3213
3214 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3215 {
3216 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3217 struct net_device *dev = info->user_ptr[1];
3218
3219 return cfg80211_stop_ap(rdev, dev);
3220 }
3221
3222 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3223 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3224 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3225 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3226 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3227 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3228 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3229 };
3230
3231 static int parse_station_flags(struct genl_info *info,
3232 enum nl80211_iftype iftype,
3233 struct station_parameters *params)
3234 {
3235 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3236 struct nlattr *nla;
3237 int flag;
3238
3239 /*
3240 * Try parsing the new attribute first so userspace
3241 * can specify both for older kernels.
3242 */
3243 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3244 if (nla) {
3245 struct nl80211_sta_flag_update *sta_flags;
3246
3247 sta_flags = nla_data(nla);
3248 params->sta_flags_mask = sta_flags->mask;
3249 params->sta_flags_set = sta_flags->set;
3250 params->sta_flags_set &= params->sta_flags_mask;
3251 if ((params->sta_flags_mask |
3252 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3253 return -EINVAL;
3254 return 0;
3255 }
3256
3257 /* if present, parse the old attribute */
3258
3259 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3260 if (!nla)
3261 return 0;
3262
3263 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3264 nla, sta_flags_policy))
3265 return -EINVAL;
3266
3267 /*
3268 * Only allow certain flags for interface types so that
3269 * other attributes are silently ignored. Remember that
3270 * this is backward compatibility code with old userspace
3271 * and shouldn't be hit in other cases anyway.
3272 */
3273 switch (iftype) {
3274 case NL80211_IFTYPE_AP:
3275 case NL80211_IFTYPE_AP_VLAN:
3276 case NL80211_IFTYPE_P2P_GO:
3277 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3278 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3279 BIT(NL80211_STA_FLAG_WME) |
3280 BIT(NL80211_STA_FLAG_MFP);
3281 break;
3282 case NL80211_IFTYPE_P2P_CLIENT:
3283 case NL80211_IFTYPE_STATION:
3284 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3285 BIT(NL80211_STA_FLAG_TDLS_PEER);
3286 break;
3287 case NL80211_IFTYPE_MESH_POINT:
3288 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3289 BIT(NL80211_STA_FLAG_MFP) |
3290 BIT(NL80211_STA_FLAG_AUTHORIZED);
3291 default:
3292 return -EINVAL;
3293 }
3294
3295 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3296 if (flags[flag]) {
3297 params->sta_flags_set |= (1<<flag);
3298
3299 /* no longer support new API additions in old API */
3300 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3301 return -EINVAL;
3302 }
3303 }
3304
3305 return 0;
3306 }
3307
3308 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3309 int attr)
3310 {
3311 struct nlattr *rate;
3312 u32 bitrate;
3313 u16 bitrate_compat;
3314
3315 rate = nla_nest_start(msg, attr);
3316 if (!rate)
3317 return false;
3318
3319 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3320 bitrate = cfg80211_calculate_bitrate(info);
3321 /* report 16-bit bitrate only if we can */
3322 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3323 if (bitrate > 0 &&
3324 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3325 return false;
3326 if (bitrate_compat > 0 &&
3327 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3328 return false;
3329
3330 if (info->flags & RATE_INFO_FLAGS_MCS) {
3331 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3332 return false;
3333 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3334 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3335 return false;
3336 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3337 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3338 return false;
3339 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3340 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3341 return false;
3342 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3343 return false;
3344 if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3345 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3346 return false;
3347 if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3348 nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3349 return false;
3350 if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3351 nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3352 return false;
3353 if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3354 nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3355 return false;
3356 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3357 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3358 return false;
3359 }
3360
3361 nla_nest_end(msg, rate);
3362 return true;
3363 }
3364
3365 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3366 int id)
3367 {
3368 void *attr;
3369 int i = 0;
3370
3371 if (!mask)
3372 return true;
3373
3374 attr = nla_nest_start(msg, id);
3375 if (!attr)
3376 return false;
3377
3378 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3379 if (!(mask & BIT(i)))
3380 continue;
3381
3382 if (nla_put_u8(msg, i, signal[i]))
3383 return false;
3384 }
3385
3386 nla_nest_end(msg, attr);
3387
3388 return true;
3389 }
3390
3391 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3392 int flags,
3393 struct cfg80211_registered_device *rdev,
3394 struct net_device *dev,
3395 const u8 *mac_addr, struct station_info *sinfo)
3396 {
3397 void *hdr;
3398 struct nlattr *sinfoattr, *bss_param;
3399
3400 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3401 if (!hdr)
3402 return -1;
3403
3404 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3405 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3406 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3407 goto nla_put_failure;
3408
3409 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3410 if (!sinfoattr)
3411 goto nla_put_failure;
3412 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3413 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3414 sinfo->connected_time))
3415 goto nla_put_failure;
3416 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3417 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3418 sinfo->inactive_time))
3419 goto nla_put_failure;
3420 if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3421 STATION_INFO_RX_BYTES64)) &&
3422 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3423 (u32)sinfo->rx_bytes))
3424 goto nla_put_failure;
3425 if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3426 STATION_INFO_TX_BYTES64)) &&
3427 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3428 (u32)sinfo->tx_bytes))
3429 goto nla_put_failure;
3430 if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3431 nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3432 sinfo->rx_bytes))
3433 goto nla_put_failure;
3434 if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3435 nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3436 sinfo->tx_bytes))
3437 goto nla_put_failure;
3438 if ((sinfo->filled & STATION_INFO_LLID) &&
3439 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3440 goto nla_put_failure;
3441 if ((sinfo->filled & STATION_INFO_PLID) &&
3442 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3443 goto nla_put_failure;
3444 if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3445 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3446 sinfo->plink_state))
3447 goto nla_put_failure;
3448 switch (rdev->wiphy.signal_type) {
3449 case CFG80211_SIGNAL_TYPE_MBM:
3450 if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3451 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3452 sinfo->signal))
3453 goto nla_put_failure;
3454 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3455 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3456 sinfo->signal_avg))
3457 goto nla_put_failure;
3458 break;
3459 default:
3460 break;
3461 }
3462 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3463 if (!nl80211_put_signal(msg, sinfo->chains,
3464 sinfo->chain_signal,
3465 NL80211_STA_INFO_CHAIN_SIGNAL))
3466 goto nla_put_failure;
3467 }
3468 if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3469 if (!nl80211_put_signal(msg, sinfo->chains,
3470 sinfo->chain_signal_avg,
3471 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3472 goto nla_put_failure;
3473 }
3474 if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3475 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3476 NL80211_STA_INFO_TX_BITRATE))
3477 goto nla_put_failure;
3478 }
3479 if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3480 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3481 NL80211_STA_INFO_RX_BITRATE))
3482 goto nla_put_failure;
3483 }
3484 if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3485 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3486 sinfo->rx_packets))
3487 goto nla_put_failure;
3488 if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3489 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3490 sinfo->tx_packets))
3491 goto nla_put_failure;
3492 if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3493 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3494 sinfo->tx_retries))
3495 goto nla_put_failure;
3496 if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3497 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3498 sinfo->tx_failed))
3499 goto nla_put_failure;
3500 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3501 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3502 sinfo->beacon_loss_count))
3503 goto nla_put_failure;
3504 if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3505 nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3506 sinfo->local_pm))
3507 goto nla_put_failure;
3508 if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3509 nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3510 sinfo->peer_pm))
3511 goto nla_put_failure;
3512 if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3513 nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3514 sinfo->nonpeer_pm))
3515 goto nla_put_failure;
3516 if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3517 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3518 if (!bss_param)
3519 goto nla_put_failure;
3520
3521 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3522 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3523 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3524 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3525 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3526 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3527 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3528 sinfo->bss_param.dtim_period) ||
3529 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3530 sinfo->bss_param.beacon_interval))
3531 goto nla_put_failure;
3532
3533 nla_nest_end(msg, bss_param);
3534 }
3535 if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3536 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3537 sizeof(struct nl80211_sta_flag_update),
3538 &sinfo->sta_flags))
3539 goto nla_put_failure;
3540 if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3541 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3542 sinfo->t_offset))
3543 goto nla_put_failure;
3544 nla_nest_end(msg, sinfoattr);
3545
3546 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3547 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3548 sinfo->assoc_req_ies))
3549 goto nla_put_failure;
3550
3551 return genlmsg_end(msg, hdr);
3552
3553 nla_put_failure:
3554 genlmsg_cancel(msg, hdr);
3555 return -EMSGSIZE;
3556 }
3557
3558 static int nl80211_dump_station(struct sk_buff *skb,
3559 struct netlink_callback *cb)
3560 {
3561 struct station_info sinfo;
3562 struct cfg80211_registered_device *dev;
3563 struct wireless_dev *wdev;
3564 u8 mac_addr[ETH_ALEN];
3565 int sta_idx = cb->args[2];
3566 int err;
3567
3568 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3569 if (err)
3570 return err;
3571
3572 if (!wdev->netdev) {
3573 err = -EINVAL;
3574 goto out_err;
3575 }
3576
3577 if (!dev->ops->dump_station) {
3578 err = -EOPNOTSUPP;
3579 goto out_err;
3580 }
3581
3582 while (1) {
3583 memset(&sinfo, 0, sizeof(sinfo));
3584 err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3585 mac_addr, &sinfo);
3586 if (err == -ENOENT)
3587 break;
3588 if (err)
3589 goto out_err;
3590
3591 if (nl80211_send_station(skb,
3592 NETLINK_CB(cb->skb).portid,
3593 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3594 dev, wdev->netdev, mac_addr,
3595 &sinfo) < 0)
3596 goto out;
3597
3598 sta_idx++;
3599 }
3600
3601
3602 out:
3603 cb->args[2] = sta_idx;
3604 err = skb->len;
3605 out_err:
3606 nl80211_finish_wdev_dump(dev);
3607
3608 return err;
3609 }
3610
3611 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3612 {
3613 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3614 struct net_device *dev = info->user_ptr[1];
3615 struct station_info sinfo;
3616 struct sk_buff *msg;
3617 u8 *mac_addr = NULL;
3618 int err;
3619
3620 memset(&sinfo, 0, sizeof(sinfo));
3621
3622 if (!info->attrs[NL80211_ATTR_MAC])
3623 return -EINVAL;
3624
3625 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3626
3627 if (!rdev->ops->get_station)
3628 return -EOPNOTSUPP;
3629
3630 err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3631 if (err)
3632 return err;
3633
3634 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3635 if (!msg)
3636 return -ENOMEM;
3637
3638 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3639 rdev, dev, mac_addr, &sinfo) < 0) {
3640 nlmsg_free(msg);
3641 return -ENOBUFS;
3642 }
3643
3644 return genlmsg_reply(msg, info);
3645 }
3646
3647 int cfg80211_check_station_change(struct wiphy *wiphy,
3648 struct station_parameters *params,
3649 enum cfg80211_station_type statype)
3650 {
3651 if (params->listen_interval != -1)
3652 return -EINVAL;
3653 if (params->aid)
3654 return -EINVAL;
3655
3656 /* When you run into this, adjust the code below for the new flag */
3657 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3658
3659 switch (statype) {
3660 case CFG80211_STA_MESH_PEER_KERNEL:
3661 case CFG80211_STA_MESH_PEER_USER:
3662 /*
3663 * No ignoring the TDLS flag here -- the userspace mesh
3664 * code doesn't have the bug of including TDLS in the
3665 * mask everywhere.
3666 */
3667 if (params->sta_flags_mask &
3668 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3669 BIT(NL80211_STA_FLAG_MFP) |
3670 BIT(NL80211_STA_FLAG_AUTHORIZED)))
3671 return -EINVAL;
3672 break;
3673 case CFG80211_STA_TDLS_PEER_SETUP:
3674 case CFG80211_STA_TDLS_PEER_ACTIVE:
3675 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3676 return -EINVAL;
3677 /* ignore since it can't change */
3678 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3679 break;
3680 default:
3681 /* disallow mesh-specific things */
3682 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3683 return -EINVAL;
3684 if (params->local_pm)
3685 return -EINVAL;
3686 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3687 return -EINVAL;
3688 }
3689
3690 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3691 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3692 /* TDLS can't be set, ... */
3693 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3694 return -EINVAL;
3695 /*
3696 * ... but don't bother the driver with it. This works around
3697 * a hostapd/wpa_supplicant issue -- it always includes the
3698 * TLDS_PEER flag in the mask even for AP mode.
3699 */
3700 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3701 }
3702
3703 if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3704 /* reject other things that can't change */
3705 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3706 return -EINVAL;
3707 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3708 return -EINVAL;
3709 if (params->supported_rates)
3710 return -EINVAL;
3711 if (params->ext_capab || params->ht_capa || params->vht_capa)
3712 return -EINVAL;
3713 }
3714
3715 if (statype != CFG80211_STA_AP_CLIENT) {
3716 if (params->vlan)
3717 return -EINVAL;
3718 }
3719
3720 switch (statype) {
3721 case CFG80211_STA_AP_MLME_CLIENT:
3722 /* Use this only for authorizing/unauthorizing a station */
3723 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3724 return -EOPNOTSUPP;
3725 break;
3726 case CFG80211_STA_AP_CLIENT:
3727 /* accept only the listed bits */
3728 if (params->sta_flags_mask &
3729 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3730 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3731 BIT(NL80211_STA_FLAG_ASSOCIATED) |
3732 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3733 BIT(NL80211_STA_FLAG_WME) |
3734 BIT(NL80211_STA_FLAG_MFP)))
3735 return -EINVAL;
3736
3737 /* but authenticated/associated only if driver handles it */
3738 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3739 params->sta_flags_mask &
3740 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3741 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3742 return -EINVAL;
3743 break;
3744 case CFG80211_STA_IBSS:
3745 case CFG80211_STA_AP_STA:
3746 /* reject any changes other than AUTHORIZED */
3747 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3748 return -EINVAL;
3749 break;
3750 case CFG80211_STA_TDLS_PEER_SETUP:
3751 /* reject any changes other than AUTHORIZED or WME */
3752 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3753 BIT(NL80211_STA_FLAG_WME)))
3754 return -EINVAL;
3755 /* force (at least) rates when authorizing */
3756 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3757 !params->supported_rates)
3758 return -EINVAL;
3759 break;
3760 case CFG80211_STA_TDLS_PEER_ACTIVE:
3761 /* reject any changes */
3762 return -EINVAL;
3763 case CFG80211_STA_MESH_PEER_KERNEL:
3764 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3765 return -EINVAL;
3766 break;
3767 case CFG80211_STA_MESH_PEER_USER:
3768 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3769 return -EINVAL;
3770 break;
3771 }
3772
3773 return 0;
3774 }
3775 EXPORT_SYMBOL(cfg80211_check_station_change);
3776
3777 /*
3778 * Get vlan interface making sure it is running and on the right wiphy.
3779 */
3780 static struct net_device *get_vlan(struct genl_info *info,
3781 struct cfg80211_registered_device *rdev)
3782 {
3783 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3784 struct net_device *v;
3785 int ret;
3786
3787 if (!vlanattr)
3788 return NULL;
3789
3790 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3791 if (!v)
3792 return ERR_PTR(-ENODEV);
3793
3794 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3795 ret = -EINVAL;
3796 goto error;
3797 }
3798
3799 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3800 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3801 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3802 ret = -EINVAL;
3803 goto error;
3804 }
3805
3806 if (!netif_running(v)) {
3807 ret = -ENETDOWN;
3808 goto error;
3809 }
3810
3811 return v;
3812 error:
3813 dev_put(v);
3814 return ERR_PTR(ret);
3815 }
3816
3817 static struct nla_policy
3818 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3819 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3820 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3821 };
3822
3823 static int nl80211_parse_sta_wme(struct genl_info *info,
3824 struct station_parameters *params)
3825 {
3826 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3827 struct nlattr *nla;
3828 int err;
3829
3830 /* parse WME attributes if present */
3831 if (!info->attrs[NL80211_ATTR_STA_WME])
3832 return 0;
3833
3834 nla = info->attrs[NL80211_ATTR_STA_WME];
3835 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3836 nl80211_sta_wme_policy);
3837 if (err)
3838 return err;
3839
3840 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3841 params->uapsd_queues = nla_get_u8(
3842 tb[NL80211_STA_WME_UAPSD_QUEUES]);
3843 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3844 return -EINVAL;
3845
3846 if (tb[NL80211_STA_WME_MAX_SP])
3847 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3848
3849 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3850 return -EINVAL;
3851
3852 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3853
3854 return 0;
3855 }
3856
3857 static int nl80211_set_station_tdls(struct genl_info *info,
3858 struct station_parameters *params)
3859 {
3860 /* Dummy STA entry gets updated once the peer capabilities are known */
3861 if (info->attrs[NL80211_ATTR_PEER_AID])
3862 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
3863 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3864 params->ht_capa =
3865 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3866 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3867 params->vht_capa =
3868 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
3869
3870 return nl80211_parse_sta_wme(info, params);
3871 }
3872
3873 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3874 {
3875 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3876 struct net_device *dev = info->user_ptr[1];
3877 struct station_parameters params;
3878 u8 *mac_addr;
3879 int err;
3880
3881 memset(¶ms, 0, sizeof(params));
3882
3883 params.listen_interval = -1;
3884
3885 if (!rdev->ops->change_station)
3886 return -EOPNOTSUPP;
3887
3888 if (info->attrs[NL80211_ATTR_STA_AID])
3889 return -EINVAL;
3890
3891 if (!info->attrs[NL80211_ATTR_MAC])
3892 return -EINVAL;
3893
3894 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3895
3896 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
3897 params.supported_rates =
3898 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3899 params.supported_rates_len =
3900 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3901 }
3902
3903 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
3904 params.capability =
3905 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
3906 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
3907 }
3908
3909 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
3910 params.ext_capab =
3911 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3912 params.ext_capab_len =
3913 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
3914 }
3915
3916 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3917 return -EINVAL;
3918
3919 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
3920 return -EINVAL;
3921
3922 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
3923 params.plink_action =
3924 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3925 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
3926 return -EINVAL;
3927 }
3928
3929 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
3930 params.plink_state =
3931 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
3932 if (params.plink_state >= NUM_NL80211_PLINK_STATES)
3933 return -EINVAL;
3934 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
3935 }
3936
3937 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
3938 enum nl80211_mesh_power_mode pm = nla_get_u32(
3939 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
3940
3941 if (pm <= NL80211_MESH_POWER_UNKNOWN ||
3942 pm > NL80211_MESH_POWER_MAX)
3943 return -EINVAL;
3944
3945 params.local_pm = pm;
3946 }
3947
3948 /* Include parameters for TDLS peer (will check later) */
3949 err = nl80211_set_station_tdls(info, ¶ms);
3950 if (err)
3951 return err;
3952
3953 params.vlan = get_vlan(info, rdev);
3954 if (IS_ERR(params.vlan))
3955 return PTR_ERR(params.vlan);
3956
3957 switch (dev->ieee80211_ptr->iftype) {
3958 case NL80211_IFTYPE_AP:
3959 case NL80211_IFTYPE_AP_VLAN:
3960 case NL80211_IFTYPE_P2P_GO:
3961 case NL80211_IFTYPE_P2P_CLIENT:
3962 case NL80211_IFTYPE_STATION:
3963 case NL80211_IFTYPE_ADHOC:
3964 case NL80211_IFTYPE_MESH_POINT:
3965 break;
3966 default:
3967 err = -EOPNOTSUPP;
3968 goto out_put_vlan;
3969 }
3970
3971 /* driver will call cfg80211_check_station_change() */
3972 err = rdev_change_station(rdev, dev, mac_addr, ¶ms);
3973
3974 out_put_vlan:
3975 if (params.vlan)
3976 dev_put(params.vlan);
3977
3978 return err;
3979 }
3980
3981 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
3982 {
3983 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3984 int err;
3985 struct net_device *dev = info->user_ptr[1];
3986 struct station_parameters params;
3987 u8 *mac_addr = NULL;
3988
3989 memset(¶ms, 0, sizeof(params));
3990
3991 if (!rdev->ops->add_station)
3992 return -EOPNOTSUPP;
3993
3994 if (!info->attrs[NL80211_ATTR_MAC])
3995 return -EINVAL;
3996
3997 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3998 return -EINVAL;
3999
4000 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4001 return -EINVAL;
4002
4003 if (!info->attrs[NL80211_ATTR_STA_AID] &&
4004 !info->attrs[NL80211_ATTR_PEER_AID])
4005 return -EINVAL;
4006
4007 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4008 params.supported_rates =
4009 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4010 params.supported_rates_len =
4011 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4012 params.listen_interval =
4013 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4014
4015 if (info->attrs[NL80211_ATTR_PEER_AID])
4016 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4017 else
4018 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4019 if (!params.aid || params.aid > IEEE80211_MAX_AID)
4020 return -EINVAL;
4021
4022 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4023 params.capability =
4024 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4025 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4026 }
4027
4028 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4029 params.ext_capab =
4030 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4031 params.ext_capab_len =
4032 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4033 }
4034
4035 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4036 params.ht_capa =
4037 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4038
4039 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4040 params.vht_capa =
4041 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4042
4043 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4044 params.plink_action =
4045 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4046 if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4047 return -EINVAL;
4048 }
4049
4050 err = nl80211_parse_sta_wme(info, ¶ms);
4051 if (err)
4052 return err;
4053
4054 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
4055 return -EINVAL;
4056
4057 /* When you run into this, adjust the code below for the new flag */
4058 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4059
4060 switch (dev->ieee80211_ptr->iftype) {
4061 case NL80211_IFTYPE_AP:
4062 case NL80211_IFTYPE_AP_VLAN:
4063 case NL80211_IFTYPE_P2P_GO:
4064 /* ignore WME attributes if iface/sta is not capable */
4065 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4066 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4067 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4068
4069 /* TDLS peers cannot be added */
4070 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4071 info->attrs[NL80211_ATTR_PEER_AID])
4072 return -EINVAL;
4073 /* but don't bother the driver with it */
4074 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4075
4076 /* allow authenticated/associated only if driver handles it */
4077 if (!(rdev->wiphy.features &
4078 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4079 params.sta_flags_mask &
4080 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4081 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4082 return -EINVAL;
4083
4084 /* must be last in here for error handling */
4085 params.vlan = get_vlan(info, rdev);
4086 if (IS_ERR(params.vlan))
4087 return PTR_ERR(params.vlan);
4088 break;
4089 case NL80211_IFTYPE_MESH_POINT:
4090 /* ignore uAPSD data */
4091 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4092
4093 /* associated is disallowed */
4094 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4095 return -EINVAL;
4096 /* TDLS peers cannot be added */
4097 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4098 info->attrs[NL80211_ATTR_PEER_AID])
4099 return -EINVAL;
4100 break;
4101 case NL80211_IFTYPE_STATION:
4102 case NL80211_IFTYPE_P2P_CLIENT:
4103 /* ignore uAPSD data */
4104 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4105
4106 /* these are disallowed */
4107 if (params.sta_flags_mask &
4108 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
4109 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4110 return -EINVAL;
4111 /* Only TDLS peers can be added */
4112 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4113 return -EINVAL;
4114 /* Can only add if TDLS ... */
4115 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4116 return -EOPNOTSUPP;
4117 /* ... with external setup is supported */
4118 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4119 return -EOPNOTSUPP;
4120 /*
4121 * Older wpa_supplicant versions always mark the TDLS peer
4122 * as authorized, but it shouldn't yet be.
4123 */
4124 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4125 break;
4126 default:
4127 return -EOPNOTSUPP;
4128 }
4129
4130 /* be aware of params.vlan when changing code here */
4131
4132 err = rdev_add_station(rdev, dev, mac_addr, ¶ms);
4133
4134 if (params.vlan)
4135 dev_put(params.vlan);
4136 return err;
4137 }
4138
4139 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4140 {
4141 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4142 struct net_device *dev = info->user_ptr[1];
4143 u8 *mac_addr = NULL;
4144
4145 if (info->attrs[NL80211_ATTR_MAC])
4146 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4147
4148 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4149 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4150 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4151 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4152 return -EINVAL;
4153
4154 if (!rdev->ops->del_station)
4155 return -EOPNOTSUPP;
4156
4157 return rdev_del_station(rdev, dev, mac_addr);
4158 }
4159
4160 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4161 int flags, struct net_device *dev,
4162 u8 *dst, u8 *next_hop,
4163 struct mpath_info *pinfo)
4164 {
4165 void *hdr;
4166 struct nlattr *pinfoattr;
4167
4168 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4169 if (!hdr)
4170 return -1;
4171
4172 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4173 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4174 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4175 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4176 goto nla_put_failure;
4177
4178 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4179 if (!pinfoattr)
4180 goto nla_put_failure;
4181 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4182 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4183 pinfo->frame_qlen))
4184 goto nla_put_failure;
4185 if (((pinfo->filled & MPATH_INFO_SN) &&
4186 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4187 ((pinfo->filled & MPATH_INFO_METRIC) &&
4188 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4189 pinfo->metric)) ||
4190 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4191 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4192 pinfo->exptime)) ||
4193 ((pinfo->filled & MPATH_INFO_FLAGS) &&
4194 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4195 pinfo->flags)) ||
4196 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4197 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4198 pinfo->discovery_timeout)) ||
4199 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4200 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4201 pinfo->discovery_retries)))
4202 goto nla_put_failure;
4203
4204 nla_nest_end(msg, pinfoattr);
4205
4206 return genlmsg_end(msg, hdr);
4207
4208 nla_put_failure:
4209 genlmsg_cancel(msg, hdr);
4210 return -EMSGSIZE;
4211 }
4212
4213 static int nl80211_dump_mpath(struct sk_buff *skb,
4214 struct netlink_callback *cb)
4215 {
4216 struct mpath_info pinfo;
4217 struct cfg80211_registered_device *dev;
4218 struct wireless_dev *wdev;
4219 u8 dst[ETH_ALEN];
4220 u8 next_hop[ETH_ALEN];
4221 int path_idx = cb->args[2];
4222 int err;
4223
4224 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4225 if (err)
4226 return err;
4227
4228 if (!dev->ops->dump_mpath) {
4229 err = -EOPNOTSUPP;
4230 goto out_err;
4231 }
4232
4233 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4234 err = -EOPNOTSUPP;
4235 goto out_err;
4236 }
4237
4238 while (1) {
4239 err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4240 next_hop, &pinfo);
4241 if (err == -ENOENT)
4242 break;
4243 if (err)
4244 goto out_err;
4245
4246 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4247 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4248 wdev->netdev, dst, next_hop,
4249 &pinfo) < 0)
4250 goto out;
4251
4252 path_idx++;
4253 }
4254
4255
4256 out:
4257 cb->args[2] = path_idx;
4258 err = skb->len;
4259 out_err:
4260 nl80211_finish_wdev_dump(dev);
4261 return err;
4262 }
4263
4264 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4265 {
4266 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4267 int err;
4268 struct net_device *dev = info->user_ptr[1];
4269 struct mpath_info pinfo;
4270 struct sk_buff *msg;
4271 u8 *dst = NULL;
4272 u8 next_hop[ETH_ALEN];
4273
4274 memset(&pinfo, 0, sizeof(pinfo));
4275
4276 if (!info->attrs[NL80211_ATTR_MAC])
4277 return -EINVAL;
4278
4279 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4280
4281 if (!rdev->ops->get_mpath)
4282 return -EOPNOTSUPP;
4283
4284 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4285 return -EOPNOTSUPP;
4286
4287 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4288 if (err)
4289 return err;
4290
4291 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4292 if (!msg)
4293 return -ENOMEM;
4294
4295 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4296 dev, dst, next_hop, &pinfo) < 0) {
4297 nlmsg_free(msg);
4298 return -ENOBUFS;
4299 }
4300
4301 return genlmsg_reply(msg, info);
4302 }
4303
4304 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4305 {
4306 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4307 struct net_device *dev = info->user_ptr[1];
4308 u8 *dst = NULL;
4309 u8 *next_hop = NULL;
4310
4311 if (!info->attrs[NL80211_ATTR_MAC])
4312 return -EINVAL;
4313
4314 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4315 return -EINVAL;
4316
4317 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4318 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4319
4320 if (!rdev->ops->change_mpath)
4321 return -EOPNOTSUPP;
4322
4323 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4324 return -EOPNOTSUPP;
4325
4326 return rdev_change_mpath(rdev, dev, dst, next_hop);
4327 }
4328
4329 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4330 {
4331 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4332 struct net_device *dev = info->user_ptr[1];
4333 u8 *dst = NULL;
4334 u8 *next_hop = NULL;
4335
4336 if (!info->attrs[NL80211_ATTR_MAC])
4337 return -EINVAL;
4338
4339 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4340 return -EINVAL;
4341
4342 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4343 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4344
4345 if (!rdev->ops->add_mpath)
4346 return -EOPNOTSUPP;
4347
4348 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4349 return -EOPNOTSUPP;
4350
4351 return rdev_add_mpath(rdev, dev, dst, next_hop);
4352 }
4353
4354 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4355 {
4356 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4357 struct net_device *dev = info->user_ptr[1];
4358 u8 *dst = NULL;
4359
4360 if (info->attrs[NL80211_ATTR_MAC])
4361 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4362
4363 if (!rdev->ops->del_mpath)
4364 return -EOPNOTSUPP;
4365
4366 return rdev_del_mpath(rdev, dev, dst);
4367 }
4368
4369 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4370 {
4371 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4372 struct net_device *dev = info->user_ptr[1];
4373 struct bss_parameters params;
4374
4375 memset(¶ms, 0, sizeof(params));
4376 /* default to not changing parameters */
4377 params.use_cts_prot = -1;
4378 params.use_short_preamble = -1;
4379 params.use_short_slot_time = -1;
4380 params.ap_isolate = -1;
4381 params.ht_opmode = -1;
4382 params.p2p_ctwindow = -1;
4383 params.p2p_opp_ps = -1;
4384
4385 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4386 params.use_cts_prot =
4387 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4388 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4389 params.use_short_preamble =
4390 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4391 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4392 params.use_short_slot_time =
4393 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4394 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4395 params.basic_rates =
4396 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4397 params.basic_rates_len =
4398 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4399 }
4400 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4401 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4402 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4403 params.ht_opmode =
4404 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4405
4406 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4407 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4408 return -EINVAL;
4409 params.p2p_ctwindow =
4410 nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4411 if (params.p2p_ctwindow < 0)
4412 return -EINVAL;
4413 if (params.p2p_ctwindow != 0 &&
4414 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4415 return -EINVAL;
4416 }
4417
4418 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4419 u8 tmp;
4420
4421 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4422 return -EINVAL;
4423 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4424 if (tmp > 1)
4425 return -EINVAL;
4426 params.p2p_opp_ps = tmp;
4427 if (params.p2p_opp_ps &&
4428 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4429 return -EINVAL;
4430 }
4431
4432 if (!rdev->ops->change_bss)
4433 return -EOPNOTSUPP;
4434
4435 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4436 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4437 return -EOPNOTSUPP;
4438
4439 return rdev_change_bss(rdev, dev, ¶ms);
4440 }
4441
4442 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4443 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4444 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4445 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4446 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4447 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4448 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4449 };
4450
4451 static int parse_reg_rule(struct nlattr *tb[],
4452 struct ieee80211_reg_rule *reg_rule)
4453 {
4454 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
4455 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
4456
4457 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4458 return -EINVAL;
4459 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4460 return -EINVAL;
4461 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4462 return -EINVAL;
4463 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4464 return -EINVAL;
4465 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4466 return -EINVAL;
4467
4468 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4469
4470 freq_range->start_freq_khz =
4471 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4472 freq_range->end_freq_khz =
4473 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4474 freq_range->max_bandwidth_khz =
4475 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4476
4477 power_rule->max_eirp =
4478 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4479
4480 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4481 power_rule->max_antenna_gain =
4482 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4483
4484 return 0;
4485 }
4486
4487 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4488 {
4489 int r;
4490 char *data = NULL;
4491 enum nl80211_user_reg_hint_type user_reg_hint_type;
4492
4493 /*
4494 * You should only get this when cfg80211 hasn't yet initialized
4495 * completely when built-in to the kernel right between the time
4496 * window between nl80211_init() and regulatory_init(), if that is
4497 * even possible.
4498 */
4499 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4500 return -EINPROGRESS;
4501
4502 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4503 return -EINVAL;
4504
4505 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4506
4507 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4508 user_reg_hint_type =
4509 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4510 else
4511 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4512
4513 switch (user_reg_hint_type) {
4514 case NL80211_USER_REG_HINT_USER:
4515 case NL80211_USER_REG_HINT_CELL_BASE:
4516 break;
4517 default:
4518 return -EINVAL;
4519 }
4520
4521 r = regulatory_hint_user(data, user_reg_hint_type);
4522
4523 return r;
4524 }
4525
4526 static int nl80211_get_mesh_config(struct sk_buff *skb,
4527 struct genl_info *info)
4528 {
4529 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4530 struct net_device *dev = info->user_ptr[1];
4531 struct wireless_dev *wdev = dev->ieee80211_ptr;
4532 struct mesh_config cur_params;
4533 int err = 0;
4534 void *hdr;
4535 struct nlattr *pinfoattr;
4536 struct sk_buff *msg;
4537
4538 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4539 return -EOPNOTSUPP;
4540
4541 if (!rdev->ops->get_mesh_config)
4542 return -EOPNOTSUPP;
4543
4544 wdev_lock(wdev);
4545 /* If not connected, get default parameters */
4546 if (!wdev->mesh_id_len)
4547 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4548 else
4549 err = rdev_get_mesh_config(rdev, dev, &cur_params);
4550 wdev_unlock(wdev);
4551
4552 if (err)
4553 return err;
4554
4555 /* Draw up a netlink message to send back */
4556 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4557 if (!msg)
4558 return -ENOMEM;
4559 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4560 NL80211_CMD_GET_MESH_CONFIG);
4561 if (!hdr)
4562 goto out;
4563 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4564 if (!pinfoattr)
4565 goto nla_put_failure;
4566 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4567 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4568 cur_params.dot11MeshRetryTimeout) ||
4569 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4570 cur_params.dot11MeshConfirmTimeout) ||
4571 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4572 cur_params.dot11MeshHoldingTimeout) ||
4573 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4574 cur_params.dot11MeshMaxPeerLinks) ||
4575 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4576 cur_params.dot11MeshMaxRetries) ||
4577 nla_put_u8(msg, NL80211_MESHCONF_TTL,
4578 cur_params.dot11MeshTTL) ||
4579 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4580 cur_params.element_ttl) ||
4581 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4582 cur_params.auto_open_plinks) ||
4583 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4584 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4585 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4586 cur_params.dot11MeshHWMPmaxPREQretries) ||
4587 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4588 cur_params.path_refresh_time) ||
4589 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4590 cur_params.min_discovery_timeout) ||
4591 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4592 cur_params.dot11MeshHWMPactivePathTimeout) ||
4593 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4594 cur_params.dot11MeshHWMPpreqMinInterval) ||
4595 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4596 cur_params.dot11MeshHWMPperrMinInterval) ||
4597 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4598 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4599 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4600 cur_params.dot11MeshHWMPRootMode) ||
4601 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4602 cur_params.dot11MeshHWMPRannInterval) ||
4603 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4604 cur_params.dot11MeshGateAnnouncementProtocol) ||
4605 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4606 cur_params.dot11MeshForwarding) ||
4607 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4608 cur_params.rssi_threshold) ||
4609 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4610 cur_params.ht_opmode) ||
4611 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4612 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4613 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4614 cur_params.dot11MeshHWMProotInterval) ||
4615 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4616 cur_params.dot11MeshHWMPconfirmationInterval) ||
4617 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4618 cur_params.power_mode) ||
4619 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4620 cur_params.dot11MeshAwakeWindowDuration) ||
4621 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4622 cur_params.plink_timeout))
4623 goto nla_put_failure;
4624 nla_nest_end(msg, pinfoattr);
4625 genlmsg_end(msg, hdr);
4626 return genlmsg_reply(msg, info);
4627
4628 nla_put_failure:
4629 genlmsg_cancel(msg, hdr);
4630 out:
4631 nlmsg_free(msg);
4632 return -ENOBUFS;
4633 }
4634
4635 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4636 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4637 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4638 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4639 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4640 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4641 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4642 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4643 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4644 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4645 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4646 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4647 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4648 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4649 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4650 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4651 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4652 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4653 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4654 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4655 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4656 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4657 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4658 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4659 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4660 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4661 [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4662 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4663 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4664 };
4665
4666 static const struct nla_policy
4667 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4668 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4669 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4670 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4671 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4672 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4673 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4674 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4675 .len = IEEE80211_MAX_DATA_LEN },
4676 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4677 };
4678
4679 static int nl80211_parse_mesh_config(struct genl_info *info,
4680 struct mesh_config *cfg,
4681 u32 *mask_out)
4682 {
4683 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4684 u32 mask = 0;
4685
4686 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4687 do { \
4688 if (tb[attr]) { \
4689 if (fn(tb[attr]) < min || fn(tb[attr]) > max) \
4690 return -EINVAL; \
4691 cfg->param = fn(tb[attr]); \
4692 mask |= (1 << (attr - 1)); \
4693 } \
4694 } while (0)
4695
4696
4697 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4698 return -EINVAL;
4699 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4700 info->attrs[NL80211_ATTR_MESH_CONFIG],
4701 nl80211_meshconf_params_policy))
4702 return -EINVAL;
4703
4704 /* This makes sure that there aren't more than 32 mesh config
4705 * parameters (otherwise our bitfield scheme would not work.) */
4706 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4707
4708 /* Fill in the params struct */
4709 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4710 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4711 nla_get_u16);
4712 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4713 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4714 nla_get_u16);
4715 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4716 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4717 nla_get_u16);
4718 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4719 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4720 nla_get_u16);
4721 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4722 mask, NL80211_MESHCONF_MAX_RETRIES,
4723 nla_get_u8);
4724 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4725 mask, NL80211_MESHCONF_TTL, nla_get_u8);
4726 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4727 mask, NL80211_MESHCONF_ELEMENT_TTL,
4728 nla_get_u8);
4729 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4730 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4731 nla_get_u8);
4732 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4733 1, 255, mask,
4734 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4735 nla_get_u32);
4736 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4737 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4738 nla_get_u8);
4739 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4740 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4741 nla_get_u32);
4742 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4743 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4744 nla_get_u16);
4745 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4746 1, 65535, mask,
4747 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4748 nla_get_u32);
4749 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4750 1, 65535, mask,
4751 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4752 nla_get_u16);
4753 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4754 1, 65535, mask,
4755 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4756 nla_get_u16);
4757 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4758 dot11MeshHWMPnetDiameterTraversalTime,
4759 1, 65535, mask,
4760 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4761 nla_get_u16);
4762 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4763 mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4764 nla_get_u8);
4765 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4766 mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4767 nla_get_u16);
4768 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4769 dot11MeshGateAnnouncementProtocol, 0, 1,
4770 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4771 nla_get_u8);
4772 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4773 mask, NL80211_MESHCONF_FORWARDING,
4774 nla_get_u8);
4775 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4776 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4777 nla_get_s32);
4778 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4779 mask, NL80211_MESHCONF_HT_OPMODE,
4780 nla_get_u16);
4781 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4782 1, 65535, mask,
4783 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4784 nla_get_u32);
4785 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4786 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4787 nla_get_u16);
4788 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4789 dot11MeshHWMPconfirmationInterval,
4790 1, 65535, mask,
4791 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4792 nla_get_u16);
4793 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4794 NL80211_MESH_POWER_ACTIVE,
4795 NL80211_MESH_POWER_MAX,
4796 mask, NL80211_MESHCONF_POWER_MODE,
4797 nla_get_u32);
4798 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4799 0, 65535, mask,
4800 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4801 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
4802 mask, NL80211_MESHCONF_PLINK_TIMEOUT,
4803 nla_get_u32);
4804 if (mask_out)
4805 *mask_out = mask;
4806
4807 return 0;
4808
4809 #undef FILL_IN_MESH_PARAM_IF_SET
4810 }
4811
4812 static int nl80211_parse_mesh_setup(struct genl_info *info,
4813 struct mesh_setup *setup)
4814 {
4815 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4816 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4817
4818 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4819 return -EINVAL;
4820 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4821 info->attrs[NL80211_ATTR_MESH_SETUP],
4822 nl80211_mesh_setup_params_policy))
4823 return -EINVAL;
4824
4825 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4826 setup->sync_method =
4827 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4828 IEEE80211_SYNC_METHOD_VENDOR :
4829 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4830
4831 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4832 setup->path_sel_proto =
4833 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
4834 IEEE80211_PATH_PROTOCOL_VENDOR :
4835 IEEE80211_PATH_PROTOCOL_HWMP;
4836
4837 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
4838 setup->path_metric =
4839 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
4840 IEEE80211_PATH_METRIC_VENDOR :
4841 IEEE80211_PATH_METRIC_AIRTIME;
4842
4843
4844 if (tb[NL80211_MESH_SETUP_IE]) {
4845 struct nlattr *ieattr =
4846 tb[NL80211_MESH_SETUP_IE];
4847 if (!is_valid_ie_attr(ieattr))
4848 return -EINVAL;
4849 setup->ie = nla_data(ieattr);
4850 setup->ie_len = nla_len(ieattr);
4851 }
4852 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
4853 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
4854 return -EINVAL;
4855 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
4856 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
4857 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
4858 if (setup->is_secure)
4859 setup->user_mpm = true;
4860
4861 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
4862 if (!setup->user_mpm)
4863 return -EINVAL;
4864 setup->auth_id =
4865 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
4866 }
4867
4868 return 0;
4869 }
4870
4871 static int nl80211_update_mesh_config(struct sk_buff *skb,
4872 struct genl_info *info)
4873 {
4874 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4875 struct net_device *dev = info->user_ptr[1];
4876 struct wireless_dev *wdev = dev->ieee80211_ptr;
4877 struct mesh_config cfg;
4878 u32 mask;
4879 int err;
4880
4881 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4882 return -EOPNOTSUPP;
4883
4884 if (!rdev->ops->update_mesh_config)
4885 return -EOPNOTSUPP;
4886
4887 err = nl80211_parse_mesh_config(info, &cfg, &mask);
4888 if (err)
4889 return err;
4890
4891 wdev_lock(wdev);
4892 if (!wdev->mesh_id_len)
4893 err = -ENOLINK;
4894
4895 if (!err)
4896 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
4897
4898 wdev_unlock(wdev);
4899
4900 return err;
4901 }
4902
4903 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
4904 {
4905 const struct ieee80211_regdomain *regdom;
4906 struct sk_buff *msg;
4907 void *hdr = NULL;
4908 struct nlattr *nl_reg_rules;
4909 unsigned int i;
4910
4911 if (!cfg80211_regdomain)
4912 return -EINVAL;
4913
4914 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4915 if (!msg)
4916 return -ENOBUFS;
4917
4918 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4919 NL80211_CMD_GET_REG);
4920 if (!hdr)
4921 goto put_failure;
4922
4923 if (reg_last_request_cell_base() &&
4924 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
4925 NL80211_USER_REG_HINT_CELL_BASE))
4926 goto nla_put_failure;
4927
4928 rcu_read_lock();
4929 regdom = rcu_dereference(cfg80211_regdomain);
4930
4931 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
4932 (regdom->dfs_region &&
4933 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
4934 goto nla_put_failure_rcu;
4935
4936 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
4937 if (!nl_reg_rules)
4938 goto nla_put_failure_rcu;
4939
4940 for (i = 0; i < regdom->n_reg_rules; i++) {
4941 struct nlattr *nl_reg_rule;
4942 const struct ieee80211_reg_rule *reg_rule;
4943 const struct ieee80211_freq_range *freq_range;
4944 const struct ieee80211_power_rule *power_rule;
4945
4946 reg_rule = ®dom->reg_rules[i];
4947 freq_range = ®_rule->freq_range;
4948 power_rule = ®_rule->power_rule;
4949
4950 nl_reg_rule = nla_nest_start(msg, i);
4951 if (!nl_reg_rule)
4952 goto nla_put_failure_rcu;
4953
4954 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
4955 reg_rule->flags) ||
4956 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
4957 freq_range->start_freq_khz) ||
4958 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
4959 freq_range->end_freq_khz) ||
4960 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
4961 freq_range->max_bandwidth_khz) ||
4962 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
4963 power_rule->max_antenna_gain) ||
4964 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
4965 power_rule->max_eirp))
4966 goto nla_put_failure_rcu;
4967
4968 nla_nest_end(msg, nl_reg_rule);
4969 }
4970 rcu_read_unlock();
4971
4972 nla_nest_end(msg, nl_reg_rules);
4973
4974 genlmsg_end(msg, hdr);
4975 return genlmsg_reply(msg, info);
4976
4977 nla_put_failure_rcu:
4978 rcu_read_unlock();
4979 nla_put_failure:
4980 genlmsg_cancel(msg, hdr);
4981 put_failure:
4982 nlmsg_free(msg);
4983 return -EMSGSIZE;
4984 }
4985
4986 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
4987 {
4988 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
4989 struct nlattr *nl_reg_rule;
4990 char *alpha2 = NULL;
4991 int rem_reg_rules = 0, r = 0;
4992 u32 num_rules = 0, rule_idx = 0, size_of_regd;
4993 u8 dfs_region = 0;
4994 struct ieee80211_regdomain *rd = NULL;
4995
4996 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4997 return -EINVAL;
4998
4999 if (!info->attrs[NL80211_ATTR_REG_RULES])
5000 return -EINVAL;
5001
5002 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5003
5004 if (info->attrs[NL80211_ATTR_DFS_REGION])
5005 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5006
5007 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5008 rem_reg_rules) {
5009 num_rules++;
5010 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5011 return -EINVAL;
5012 }
5013
5014 size_of_regd = sizeof(struct ieee80211_regdomain) +
5015 num_rules * sizeof(struct ieee80211_reg_rule);
5016
5017 rd = kzalloc(size_of_regd, GFP_KERNEL);
5018 if (!rd)
5019 return -ENOMEM;
5020
5021 rd->n_reg_rules = num_rules;
5022 rd->alpha2[0] = alpha2[0];
5023 rd->alpha2[1] = alpha2[1];
5024
5025 /*
5026 * Disable DFS master mode if the DFS region was
5027 * not supported or known on this kernel.
5028 */
5029 if (reg_supported_dfs_region(dfs_region))
5030 rd->dfs_region = dfs_region;
5031
5032 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5033 rem_reg_rules) {
5034 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5035 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5036 reg_rule_policy);
5037 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5038 if (r)
5039 goto bad_reg;
5040
5041 rule_idx++;
5042
5043 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5044 r = -EINVAL;
5045 goto bad_reg;
5046 }
5047 }
5048
5049 r = set_regdom(rd);
5050 /* set_regdom took ownership */
5051 rd = NULL;
5052
5053 bad_reg:
5054 kfree(rd);
5055 return r;
5056 }
5057
5058 static int validate_scan_freqs(struct nlattr *freqs)
5059 {
5060 struct nlattr *attr1, *attr2;
5061 int n_channels = 0, tmp1, tmp2;
5062
5063 nla_for_each_nested(attr1, freqs, tmp1) {
5064 n_channels++;
5065 /*
5066 * Some hardware has a limited channel list for
5067 * scanning, and it is pretty much nonsensical
5068 * to scan for a channel twice, so disallow that
5069 * and don't require drivers to check that the
5070 * channel list they get isn't longer than what
5071 * they can scan, as long as they can scan all
5072 * the channels they registered at once.
5073 */
5074 nla_for_each_nested(attr2, freqs, tmp2)
5075 if (attr1 != attr2 &&
5076 nla_get_u32(attr1) == nla_get_u32(attr2))
5077 return 0;
5078 }
5079
5080 return n_channels;
5081 }
5082
5083 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5084 {
5085 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5086 struct wireless_dev *wdev = info->user_ptr[1];
5087 struct cfg80211_scan_request *request;
5088 struct nlattr *attr;
5089 struct wiphy *wiphy;
5090 int err, tmp, n_ssids = 0, n_channels, i;
5091 size_t ie_len;
5092
5093 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5094 return -EINVAL;
5095
5096 wiphy = &rdev->wiphy;
5097
5098 if (!rdev->ops->scan)
5099 return -EOPNOTSUPP;
5100
5101 if (rdev->scan_req) {
5102 err = -EBUSY;
5103 goto unlock;
5104 }
5105
5106 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5107 n_channels = validate_scan_freqs(
5108 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5109 if (!n_channels) {
5110 err = -EINVAL;
5111 goto unlock;
5112 }
5113 } else {
5114 enum ieee80211_band band;
5115 n_channels = 0;
5116
5117 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5118 if (wiphy->bands[band])
5119 n_channels += wiphy->bands[band]->n_channels;
5120 }
5121
5122 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5123 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5124 n_ssids++;
5125
5126 if (n_ssids > wiphy->max_scan_ssids) {
5127 err = -EINVAL;
5128 goto unlock;
5129 }
5130
5131 if (info->attrs[NL80211_ATTR_IE])
5132 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5133 else
5134 ie_len = 0;
5135
5136 if (ie_len > wiphy->max_scan_ie_len) {
5137 err = -EINVAL;
5138 goto unlock;
5139 }
5140
5141 request = kzalloc(sizeof(*request)
5142 + sizeof(*request->ssids) * n_ssids
5143 + sizeof(*request->channels) * n_channels
5144 + ie_len, GFP_KERNEL);
5145 if (!request) {
5146 err = -ENOMEM;
5147 goto unlock;
5148 }
5149
5150 if (n_ssids)
5151 request->ssids = (void *)&request->channels[n_channels];
5152 request->n_ssids = n_ssids;
5153 if (ie_len) {
5154 if (request->ssids)
5155 request->ie = (void *)(request->ssids + n_ssids);
5156 else
5157 request->ie = (void *)(request->channels + n_channels);
5158 }
5159
5160 i = 0;
5161 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5162 /* user specified, bail out if channel not found */
5163 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5164 struct ieee80211_channel *chan;
5165
5166 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5167
5168 if (!chan) {
5169 err = -EINVAL;
5170 goto out_free;
5171 }
5172
5173 /* ignore disabled channels */
5174 if (chan->flags & IEEE80211_CHAN_DISABLED)
5175 continue;
5176
5177 request->channels[i] = chan;
5178 i++;
5179 }
5180 } else {
5181 enum ieee80211_band band;
5182
5183 /* all channels */
5184 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5185 int j;
5186 if (!wiphy->bands[band])
5187 continue;
5188 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5189 struct ieee80211_channel *chan;
5190
5191 chan = &wiphy->bands[band]->channels[j];
5192
5193 if (chan->flags & IEEE80211_CHAN_DISABLED)
5194 continue;
5195
5196 request->channels[i] = chan;
5197 i++;
5198 }
5199 }
5200 }
5201
5202 if (!i) {
5203 err = -EINVAL;
5204 goto out_free;
5205 }
5206
5207 request->n_channels = i;
5208
5209 i = 0;
5210 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5211 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5212 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5213 err = -EINVAL;
5214 goto out_free;
5215 }
5216 request->ssids[i].ssid_len = nla_len(attr);
5217 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5218 i++;
5219 }
5220 }
5221
5222 if (info->attrs[NL80211_ATTR_IE]) {
5223 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5224 memcpy((void *)request->ie,
5225 nla_data(info->attrs[NL80211_ATTR_IE]),
5226 request->ie_len);
5227 }
5228
5229 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5230 if (wiphy->bands[i])
5231 request->rates[i] =
5232 (1 << wiphy->bands[i]->n_bitrates) - 1;
5233
5234 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5235 nla_for_each_nested(attr,
5236 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5237 tmp) {
5238 enum ieee80211_band band = nla_type(attr);
5239
5240 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5241 err = -EINVAL;
5242 goto out_free;
5243 }
5244 err = ieee80211_get_ratemask(wiphy->bands[band],
5245 nla_data(attr),
5246 nla_len(attr),
5247 &request->rates[band]);
5248 if (err)
5249 goto out_free;
5250 }
5251 }
5252
5253 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5254 request->flags = nla_get_u32(
5255 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5256 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5257 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
5258 ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
5259 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
5260 err = -EOPNOTSUPP;
5261 goto out_free;
5262 }
5263 }
5264
5265 request->no_cck =
5266 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5267
5268 request->wdev = wdev;
5269 request->wiphy = &rdev->wiphy;
5270 request->scan_start = jiffies;
5271
5272 rdev->scan_req = request;
5273 err = rdev_scan(rdev, request);
5274
5275 if (!err) {
5276 nl80211_send_scan_start(rdev, wdev);
5277 if (wdev->netdev)
5278 dev_hold(wdev->netdev);
5279 } else {
5280 out_free:
5281 rdev->scan_req = NULL;
5282 kfree(request);
5283 }
5284
5285 unlock:
5286 return err;
5287 }
5288
5289 static int nl80211_start_sched_scan(struct sk_buff *skb,
5290 struct genl_info *info)
5291 {
5292 struct cfg80211_sched_scan_request *request;
5293 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5294 struct net_device *dev = info->user_ptr[1];
5295 struct nlattr *attr;
5296 struct wiphy *wiphy;
5297 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5298 u32 interval;
5299 enum ieee80211_band band;
5300 size_t ie_len;
5301 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5302
5303 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5304 !rdev->ops->sched_scan_start)
5305 return -EOPNOTSUPP;
5306
5307 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5308 return -EINVAL;
5309
5310 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5311 return -EINVAL;
5312
5313 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5314 if (interval == 0)
5315 return -EINVAL;
5316
5317 wiphy = &rdev->wiphy;
5318
5319 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5320 n_channels = validate_scan_freqs(
5321 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5322 if (!n_channels)
5323 return -EINVAL;
5324 } else {
5325 n_channels = 0;
5326
5327 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
5328 if (wiphy->bands[band])
5329 n_channels += wiphy->bands[band]->n_channels;
5330 }
5331
5332 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5333 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5334 tmp)
5335 n_ssids++;
5336
5337 if (n_ssids > wiphy->max_sched_scan_ssids)
5338 return -EINVAL;
5339
5340 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
5341 nla_for_each_nested(attr,
5342 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5343 tmp)
5344 n_match_sets++;
5345
5346 if (n_match_sets > wiphy->max_match_sets)
5347 return -EINVAL;
5348
5349 if (info->attrs[NL80211_ATTR_IE])
5350 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5351 else
5352 ie_len = 0;
5353
5354 if (ie_len > wiphy->max_sched_scan_ie_len)
5355 return -EINVAL;
5356
5357 if (rdev->sched_scan_req) {
5358 err = -EINPROGRESS;
5359 goto out;
5360 }
5361
5362 request = kzalloc(sizeof(*request)
5363 + sizeof(*request->ssids) * n_ssids
5364 + sizeof(*request->match_sets) * n_match_sets
5365 + sizeof(*request->channels) * n_channels
5366 + ie_len, GFP_KERNEL);
5367 if (!request) {
5368 err = -ENOMEM;
5369 goto out;
5370 }
5371
5372 if (n_ssids)
5373 request->ssids = (void *)&request->channels[n_channels];
5374 request->n_ssids = n_ssids;
5375 if (ie_len) {
5376 if (request->ssids)
5377 request->ie = (void *)(request->ssids + n_ssids);
5378 else
5379 request->ie = (void *)(request->channels + n_channels);
5380 }
5381
5382 if (n_match_sets) {
5383 if (request->ie)
5384 request->match_sets = (void *)(request->ie + ie_len);
5385 else if (request->ssids)
5386 request->match_sets =
5387 (void *)(request->ssids + n_ssids);
5388 else
5389 request->match_sets =
5390 (void *)(request->channels + n_channels);
5391 }
5392 request->n_match_sets = n_match_sets;
5393
5394 i = 0;
5395 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5396 /* user specified, bail out if channel not found */
5397 nla_for_each_nested(attr,
5398 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5399 tmp) {
5400 struct ieee80211_channel *chan;
5401
5402 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5403
5404 if (!chan) {
5405 err = -EINVAL;
5406 goto out_free;
5407 }
5408
5409 /* ignore disabled channels */
5410 if (chan->flags & IEEE80211_CHAN_DISABLED)
5411 continue;
5412
5413 request->channels[i] = chan;
5414 i++;
5415 }
5416 } else {
5417 /* all channels */
5418 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5419 int j;
5420 if (!wiphy->bands[band])
5421 continue;
5422 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5423 struct ieee80211_channel *chan;
5424
5425 chan = &wiphy->bands[band]->channels[j];
5426
5427 if (chan->flags & IEEE80211_CHAN_DISABLED)
5428 continue;
5429
5430 request->channels[i] = chan;
5431 i++;
5432 }
5433 }
5434 }
5435
5436 if (!i) {
5437 err = -EINVAL;
5438 goto out_free;
5439 }
5440
5441 request->n_channels = i;
5442
5443 i = 0;
5444 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5445 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5446 tmp) {
5447 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5448 err = -EINVAL;
5449 goto out_free;
5450 }
5451 request->ssids[i].ssid_len = nla_len(attr);
5452 memcpy(request->ssids[i].ssid, nla_data(attr),
5453 nla_len(attr));
5454 i++;
5455 }
5456 }
5457
5458 i = 0;
5459 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5460 nla_for_each_nested(attr,
5461 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5462 tmp) {
5463 struct nlattr *ssid, *rssi;
5464
5465 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5466 nla_data(attr), nla_len(attr),
5467 nl80211_match_policy);
5468 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5469 if (ssid) {
5470 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5471 err = -EINVAL;
5472 goto out_free;
5473 }
5474 memcpy(request->match_sets[i].ssid.ssid,
5475 nla_data(ssid), nla_len(ssid));
5476 request->match_sets[i].ssid.ssid_len =
5477 nla_len(ssid);
5478 }
5479 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5480 if (rssi)
5481 request->rssi_thold = nla_get_u32(rssi);
5482 else
5483 request->rssi_thold =
5484 NL80211_SCAN_RSSI_THOLD_OFF;
5485 i++;
5486 }
5487 }
5488
5489 if (info->attrs[NL80211_ATTR_IE]) {
5490 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5491 memcpy((void *)request->ie,
5492 nla_data(info->attrs[NL80211_ATTR_IE]),
5493 request->ie_len);
5494 }
5495
5496 if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5497 request->flags = nla_get_u32(
5498 info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5499 if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5500 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
5501 ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
5502 !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
5503 err = -EOPNOTSUPP;
5504 goto out_free;
5505 }
5506 }
5507
5508 request->dev = dev;
5509 request->wiphy = &rdev->wiphy;
5510 request->interval = interval;
5511 request->scan_start = jiffies;
5512
5513 err = rdev_sched_scan_start(rdev, dev, request);
5514 if (!err) {
5515 rdev->sched_scan_req = request;
5516 nl80211_send_sched_scan(rdev, dev,
5517 NL80211_CMD_START_SCHED_SCAN);
5518 goto out;
5519 }
5520
5521 out_free:
5522 kfree(request);
5523 out:
5524 return err;
5525 }
5526
5527 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5528 struct genl_info *info)
5529 {
5530 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5531
5532 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5533 !rdev->ops->sched_scan_stop)
5534 return -EOPNOTSUPP;
5535
5536 return __cfg80211_stop_sched_scan(rdev, false);
5537 }
5538
5539 static int nl80211_start_radar_detection(struct sk_buff *skb,
5540 struct genl_info *info)
5541 {
5542 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5543 struct net_device *dev = info->user_ptr[1];
5544 struct wireless_dev *wdev = dev->ieee80211_ptr;
5545 struct cfg80211_chan_def chandef;
5546 int err;
5547
5548 err = nl80211_parse_chandef(rdev, info, &chandef);
5549 if (err)
5550 return err;
5551
5552 if (wdev->cac_started)
5553 return -EBUSY;
5554
5555 err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5556 if (err < 0)
5557 return err;
5558
5559 if (err == 0)
5560 return -EINVAL;
5561
5562 if (chandef.chan->dfs_state != NL80211_DFS_USABLE)
5563 return -EINVAL;
5564
5565 if (!rdev->ops->start_radar_detection)
5566 return -EOPNOTSUPP;
5567
5568 err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5569 chandef.chan, CHAN_MODE_SHARED,
5570 BIT(chandef.width));
5571 if (err)
5572 return err;
5573
5574 err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef);
5575 if (!err) {
5576 wdev->channel = chandef.chan;
5577 wdev->cac_started = true;
5578 wdev->cac_start_time = jiffies;
5579 }
5580 return err;
5581 }
5582
5583 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5584 u32 seq, int flags,
5585 struct cfg80211_registered_device *rdev,
5586 struct wireless_dev *wdev,
5587 struct cfg80211_internal_bss *intbss)
5588 {
5589 struct cfg80211_bss *res = &intbss->pub;
5590 const struct cfg80211_bss_ies *ies;
5591 void *hdr;
5592 struct nlattr *bss;
5593 bool tsf = false;
5594
5595 ASSERT_WDEV_LOCK(wdev);
5596
5597 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5598 NL80211_CMD_NEW_SCAN_RESULTS);
5599 if (!hdr)
5600 return -1;
5601
5602 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5603
5604 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5605 goto nla_put_failure;
5606 if (wdev->netdev &&
5607 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5608 goto nla_put_failure;
5609 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5610 goto nla_put_failure;
5611
5612 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5613 if (!bss)
5614 goto nla_put_failure;
5615 if ((!is_zero_ether_addr(res->bssid) &&
5616 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
5617 goto nla_put_failure;
5618
5619 rcu_read_lock();
5620 ies = rcu_dereference(res->ies);
5621 if (ies) {
5622 if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5623 goto fail_unlock_rcu;
5624 tsf = true;
5625 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
5626 ies->len, ies->data))
5627 goto fail_unlock_rcu;
5628 }
5629 ies = rcu_dereference(res->beacon_ies);
5630 if (ies) {
5631 if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
5632 goto fail_unlock_rcu;
5633 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
5634 ies->len, ies->data))
5635 goto fail_unlock_rcu;
5636 }
5637 rcu_read_unlock();
5638
5639 if (res->beacon_interval &&
5640 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
5641 goto nla_put_failure;
5642 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
5643 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
5644 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
5645 jiffies_to_msecs(jiffies - intbss->ts)))
5646 goto nla_put_failure;
5647
5648 switch (rdev->wiphy.signal_type) {
5649 case CFG80211_SIGNAL_TYPE_MBM:
5650 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
5651 goto nla_put_failure;
5652 break;
5653 case CFG80211_SIGNAL_TYPE_UNSPEC:
5654 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
5655 goto nla_put_failure;
5656 break;
5657 default:
5658 break;
5659 }
5660
5661 switch (wdev->iftype) {
5662 case NL80211_IFTYPE_P2P_CLIENT:
5663 case NL80211_IFTYPE_STATION:
5664 if (intbss == wdev->current_bss &&
5665 nla_put_u32(msg, NL80211_BSS_STATUS,
5666 NL80211_BSS_STATUS_ASSOCIATED))
5667 goto nla_put_failure;
5668 break;
5669 case NL80211_IFTYPE_ADHOC:
5670 if (intbss == wdev->current_bss &&
5671 nla_put_u32(msg, NL80211_BSS_STATUS,
5672 NL80211_BSS_STATUS_IBSS_JOINED))
5673 goto nla_put_failure;
5674 break;
5675 default:
5676 break;
5677 }
5678
5679 nla_nest_end(msg, bss);
5680
5681 return genlmsg_end(msg, hdr);
5682
5683 fail_unlock_rcu:
5684 rcu_read_unlock();
5685 nla_put_failure:
5686 genlmsg_cancel(msg, hdr);
5687 return -EMSGSIZE;
5688 }
5689
5690 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
5691 {
5692 struct cfg80211_registered_device *rdev;
5693 struct cfg80211_internal_bss *scan;
5694 struct wireless_dev *wdev;
5695 int start = cb->args[2], idx = 0;
5696 int err;
5697
5698 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5699 if (err)
5700 return err;
5701
5702 wdev_lock(wdev);
5703 spin_lock_bh(&rdev->bss_lock);
5704 cfg80211_bss_expire(rdev);
5705
5706 cb->seq = rdev->bss_generation;
5707
5708 list_for_each_entry(scan, &rdev->bss_list, list) {
5709 if (++idx <= start)
5710 continue;
5711 if (nl80211_send_bss(skb, cb,
5712 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5713 rdev, wdev, scan) < 0) {
5714 idx--;
5715 break;
5716 }
5717 }
5718
5719 spin_unlock_bh(&rdev->bss_lock);
5720 wdev_unlock(wdev);
5721
5722 cb->args[2] = idx;
5723 nl80211_finish_wdev_dump(rdev);
5724
5725 return skb->len;
5726 }
5727
5728 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
5729 int flags, struct net_device *dev,
5730 struct survey_info *survey)
5731 {
5732 void *hdr;
5733 struct nlattr *infoattr;
5734
5735 hdr = nl80211hdr_put(msg, portid, seq, flags,
5736 NL80211_CMD_NEW_SURVEY_RESULTS);
5737 if (!hdr)
5738 return -ENOMEM;
5739
5740 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
5741 goto nla_put_failure;
5742
5743 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
5744 if (!infoattr)
5745 goto nla_put_failure;
5746
5747 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
5748 survey->channel->center_freq))
5749 goto nla_put_failure;
5750
5751 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
5752 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
5753 goto nla_put_failure;
5754 if ((survey->filled & SURVEY_INFO_IN_USE) &&
5755 nla_put_flag(msg, NL80211_SU