linux/net/wireless/nl80211.c
<<
>>
Prefs
   1/*
   2 * This is the new netlink-based wireless configuration interface.
   3 *
   4 * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
   5 */
   6
   7#include <linux/if.h>
   8#include <linux/module.h>
   9#include <linux/err.h>
  10#include <linux/slab.h>
  11#include <linux/list.h>
  12#include <linux/if_ether.h>
  13#include <linux/ieee80211.h>
  14#include <linux/nl80211.h>
  15#include <linux/rtnetlink.h>
  16#include <linux/netlink.h>
  17#include <linux/etherdevice.h>
  18#include <net/net_namespace.h>
  19#include <net/genetlink.h>
  20#include <net/cfg80211.h>
  21#include <net/sock.h>
  22#include "core.h"
  23#include "nl80211.h"
  24#include "reg.h"
  25
  26static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
  27static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
  28                                   struct genl_info *info,
  29                                   struct cfg80211_crypto_settings *settings,
  30                                   int cipher_limit);
  31
  32static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
  33                            struct genl_info *info);
  34static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
  35                              struct genl_info *info);
  36
  37/* the netlink family */
  38static struct genl_family nl80211_fam = {
  39        .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
  40        .name = "nl80211",      /* have users key off the name instead */
  41        .hdrsize = 0,           /* no private header */
  42        .version = 1,           /* no particular meaning now */
  43        .maxattr = NL80211_ATTR_MAX,
  44        .netnsok = true,
  45        .pre_doit = nl80211_pre_doit,
  46        .post_doit = nl80211_post_doit,
  47};
  48
  49/* returns ERR_PTR values */
  50static struct wireless_dev *
  51__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
  52{
  53        struct cfg80211_registered_device *rdev;
  54        struct wireless_dev *result = NULL;
  55        bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
  56        bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
  57        u64 wdev_id;
  58        int wiphy_idx = -1;
  59        int ifidx = -1;
  60
  61        assert_cfg80211_lock();
  62
  63        if (!have_ifidx && !have_wdev_id)
  64                return ERR_PTR(-EINVAL);
  65
  66        if (have_ifidx)
  67                ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
  68        if (have_wdev_id) {
  69                wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
  70                wiphy_idx = wdev_id >> 32;
  71        }
  72
  73        list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
  74                struct wireless_dev *wdev;
  75
  76                if (wiphy_net(&rdev->wiphy) != netns)
  77                        continue;
  78
  79                if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
  80                        continue;
  81
  82                mutex_lock(&rdev->devlist_mtx);
  83                list_for_each_entry(wdev, &rdev->wdev_list, list) {
  84                        if (have_ifidx && wdev->netdev &&
  85                            wdev->netdev->ifindex == ifidx) {
  86                                result = wdev;
  87                                break;
  88                        }
  89                        if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
  90                                result = wdev;
  91                                break;
  92                        }
  93                }
  94                mutex_unlock(&rdev->devlist_mtx);
  95
  96                if (result)
  97                        break;
  98        }
  99
 100        if (result)
 101                return result;
 102        return ERR_PTR(-ENODEV);
 103}
 104
 105static struct cfg80211_registered_device *
 106__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
 107{
 108        struct cfg80211_registered_device *rdev = NULL, *tmp;
 109        struct net_device *netdev;
 110
 111        assert_cfg80211_lock();
 112
 113        if (!attrs[NL80211_ATTR_WIPHY] &&
 114            !attrs[NL80211_ATTR_IFINDEX] &&
 115            !attrs[NL80211_ATTR_WDEV])
 116                return ERR_PTR(-EINVAL);
 117
 118        if (attrs[NL80211_ATTR_WIPHY])
 119                rdev = cfg80211_rdev_by_wiphy_idx(
 120                                nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
 121
 122        if (attrs[NL80211_ATTR_WDEV]) {
 123                u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
 124                struct wireless_dev *wdev;
 125                bool found = false;
 126
 127                tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
 128                if (tmp) {
 129                        /* make sure wdev exists */
 130                        mutex_lock(&tmp->devlist_mtx);
 131                        list_for_each_entry(wdev, &tmp->wdev_list, list) {
 132                                if (wdev->identifier != (u32)wdev_id)
 133                                        continue;
 134                                found = true;
 135                                break;
 136                        }
 137                        mutex_unlock(&tmp->devlist_mtx);
 138
 139                        if (!found)
 140                                tmp = NULL;
 141
 142                        if (rdev && tmp != rdev)
 143                                return ERR_PTR(-EINVAL);
 144                        rdev = tmp;
 145                }
 146        }
 147
 148        if (attrs[NL80211_ATTR_IFINDEX]) {
 149                int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
 150                netdev = dev_get_by_index(netns, ifindex);
 151                if (netdev) {
 152                        if (netdev->ieee80211_ptr)
 153                                tmp = wiphy_to_dev(
 154                                                netdev->ieee80211_ptr->wiphy);
 155                        else
 156                                tmp = NULL;
 157
 158                        dev_put(netdev);
 159
 160                        /* not wireless device -- return error */
 161                        if (!tmp)
 162                                return ERR_PTR(-EINVAL);
 163
 164                        /* mismatch -- return error */
 165                        if (rdev && tmp != rdev)
 166                                return ERR_PTR(-EINVAL);
 167
 168                        rdev = tmp;
 169                }
 170        }
 171
 172        if (!rdev)
 173                return ERR_PTR(-ENODEV);
 174
 175        if (netns != wiphy_net(&rdev->wiphy))
 176                return ERR_PTR(-ENODEV);
 177
 178        return rdev;
 179}
 180
 181/*
 182 * This function returns a pointer to the driver
 183 * that the genl_info item that is passed refers to.
 184 * If successful, it returns non-NULL and also locks
 185 * the driver's mutex!
 186 *
 187 * This means that you need to call cfg80211_unlock_rdev()
 188 * before being allowed to acquire &cfg80211_mutex!
 189 *
 190 * This is necessary because we need to lock the global
 191 * mutex to get an item off the list safely, and then
 192 * we lock the rdev mutex so it doesn't go away under us.
 193 *
 194 * We don't want to keep cfg80211_mutex locked
 195 * for all the time in order to allow requests on
 196 * other interfaces to go through at the same time.
 197 *
 198 * The result of this can be a PTR_ERR and hence must
 199 * be checked with IS_ERR() for errors.
 200 */
 201static struct cfg80211_registered_device *
 202cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
 203{
 204        struct cfg80211_registered_device *rdev;
 205
 206        mutex_lock(&cfg80211_mutex);
 207        rdev = __cfg80211_rdev_from_attrs(netns, info->attrs);
 208
 209        /* if it is not an error we grab the lock on
 210         * it to assure it won't be going away while
 211         * we operate on it */
 212        if (!IS_ERR(rdev))
 213                mutex_lock(&rdev->mtx);
 214
 215        mutex_unlock(&cfg80211_mutex);
 216
 217        return rdev;
 218}
 219
 220/* policy for the attributes */
 221static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
 222        [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
 223        [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
 224                                      .len = 20-1 },
 225        [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
 226        [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
 227        [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
 228        [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
 229        [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
 230        [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
 231        [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
 232        [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
 233
 234        [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
 235        [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
 236        [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
 237
 238        [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
 239        [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
 240
 241        [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
 242        [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
 243                                    .len = WLAN_MAX_KEY_LEN },
 244        [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
 245        [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
 246        [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
 247        [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
 248        [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
 249
 250        [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
 251        [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
 252        [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
 253                                       .len = IEEE80211_MAX_DATA_LEN },
 254        [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
 255                                       .len = IEEE80211_MAX_DATA_LEN },
 256        [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
 257        [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
 258        [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
 259        [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
 260                                               .len = NL80211_MAX_SUPP_RATES },
 261        [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
 262        [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
 263        [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
 264        [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
 265                                   .len = IEEE80211_MAX_MESH_ID_LEN },
 266        [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
 267
 268        [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
 269        [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
 270
 271        [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
 272        [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
 273        [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
 274        [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
 275                                           .len = NL80211_MAX_SUPP_RATES },
 276        [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
 277
 278        [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
 279        [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
 280
 281        [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
 282
 283        [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
 284        [NL80211_ATTR_IE] = { .type = NLA_BINARY,
 285                              .len = IEEE80211_MAX_DATA_LEN },
 286        [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
 287        [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
 288
 289        [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
 290                                .len = IEEE80211_MAX_SSID_LEN },
 291        [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
 292        [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
 293        [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
 294        [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
 295        [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
 296        [NL80211_ATTR_STA_FLAGS2] = {
 297                .len = sizeof(struct nl80211_sta_flag_update),
 298        },
 299        [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
 300        [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
 301        [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
 302        [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
 303        [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
 304        [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
 305        [NL80211_ATTR_PID] = { .type = NLA_U32 },
 306        [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
 307        [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
 308                                 .len = WLAN_PMKID_LEN },
 309        [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
 310        [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
 311        [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
 312        [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
 313                                 .len = IEEE80211_MAX_DATA_LEN },
 314        [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
 315        [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
 316        [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
 317        [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
 318        [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
 319        [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
 320        [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
 321        [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
 322        [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
 323        [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
 324        [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
 325        [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
 326        [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
 327        [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
 328        [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
 329        [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
 330        [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
 331        [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
 332        [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
 333        [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
 334                                         .len = IEEE80211_MAX_DATA_LEN },
 335        [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
 336                                         .len = IEEE80211_MAX_DATA_LEN },
 337        [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
 338        [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
 339        [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
 340        [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
 341        [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
 342        [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
 343        [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
 344        [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
 345        [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
 346        [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
 347                                      .len = IEEE80211_MAX_DATA_LEN },
 348        [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
 349        [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
 350        [NL80211_ATTR_HT_CAPABILITY_MASK] = {
 351                .len = NL80211_HT_CAPABILITY_LEN
 352        },
 353        [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
 354        [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
 355        [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
 356        [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
 357        [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
 358};
 359
 360/* policy for the key attributes */
 361static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
 362        [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
 363        [NL80211_KEY_IDX] = { .type = NLA_U8 },
 364        [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
 365        [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
 366        [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
 367        [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
 368        [NL80211_KEY_TYPE] = { .type = NLA_U32 },
 369        [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
 370};
 371
 372/* policy for the key default flags */
 373static const struct nla_policy
 374nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
 375        [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
 376        [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
 377};
 378
 379/* policy for WoWLAN attributes */
 380static const struct nla_policy
 381nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
 382        [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
 383        [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
 384        [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
 385        [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
 386        [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
 387        [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
 388        [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
 389        [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
 390};
 391
 392/* policy for GTK rekey offload attributes */
 393static const struct nla_policy
 394nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
 395        [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
 396        [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
 397        [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
 398};
 399
 400static const struct nla_policy
 401nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
 402        [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
 403                                                 .len = IEEE80211_MAX_SSID_LEN },
 404        [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
 405};
 406
 407/* ifidx get helper */
 408static int nl80211_get_ifidx(struct netlink_callback *cb)
 409{
 410        int res;
 411
 412        res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
 413                          nl80211_fam.attrbuf, nl80211_fam.maxattr,
 414                          nl80211_policy);
 415        if (res)
 416                return res;
 417
 418        if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
 419                return -EINVAL;
 420
 421        res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
 422        if (!res)
 423                return -EINVAL;
 424        return res;
 425}
 426
 427static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
 428                                       struct netlink_callback *cb,
 429                                       struct cfg80211_registered_device **rdev,
 430                                       struct net_device **dev)
 431{
 432        int ifidx = cb->args[0];
 433        int err;
 434
 435        if (!ifidx)
 436                ifidx = nl80211_get_ifidx(cb);
 437        if (ifidx < 0)
 438                return ifidx;
 439
 440        cb->args[0] = ifidx;
 441
 442        rtnl_lock();
 443
 444        *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
 445        if (!*dev) {
 446                err = -ENODEV;
 447                goto out_rtnl;
 448        }
 449
 450        *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
 451        if (IS_ERR(*rdev)) {
 452                err = PTR_ERR(*rdev);
 453                goto out_rtnl;
 454        }
 455
 456        return 0;
 457 out_rtnl:
 458        rtnl_unlock();
 459        return err;
 460}
 461
 462static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
 463{
 464        cfg80211_unlock_rdev(rdev);
 465        rtnl_unlock();
 466}
 467
 468/* IE validation */
 469static bool is_valid_ie_attr(const struct nlattr *attr)
 470{
 471        const u8 *pos;
 472        int len;
 473
 474        if (!attr)
 475                return true;
 476
 477        pos = nla_data(attr);
 478        len = nla_len(attr);
 479
 480        while (len) {
 481                u8 elemlen;
 482
 483                if (len < 2)
 484                        return false;
 485                len -= 2;
 486
 487                elemlen = pos[1];
 488                if (elemlen > len)
 489                        return false;
 490
 491                len -= elemlen;
 492                pos += 2 + elemlen;
 493        }
 494
 495        return true;
 496}
 497
 498/* message building helper */
 499static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
 500                                   int flags, u8 cmd)
 501{
 502        /* since there is no private header just add the generic one */
 503        return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
 504}
 505
 506static int nl80211_msg_put_channel(struct sk_buff *msg,
 507                                   struct ieee80211_channel *chan)
 508{
 509        if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
 510                        chan->center_freq))
 511                goto nla_put_failure;
 512
 513        if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
 514            nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
 515                goto nla_put_failure;
 516        if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
 517            nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
 518                goto nla_put_failure;
 519        if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
 520            nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
 521                goto nla_put_failure;
 522        if ((chan->flags & IEEE80211_CHAN_RADAR) &&
 523            nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
 524                goto nla_put_failure;
 525
 526        if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
 527                        DBM_TO_MBM(chan->max_power)))
 528                goto nla_put_failure;
 529
 530        return 0;
 531
 532 nla_put_failure:
 533        return -ENOBUFS;
 534}
 535
 536/* netlink command implementations */
 537
 538struct key_parse {
 539        struct key_params p;
 540        int idx;
 541        int type;
 542        bool def, defmgmt;
 543        bool def_uni, def_multi;
 544};
 545
 546static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
 547{
 548        struct nlattr *tb[NL80211_KEY_MAX + 1];
 549        int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
 550                                   nl80211_key_policy);
 551        if (err)
 552                return err;
 553
 554        k->def = !!tb[NL80211_KEY_DEFAULT];
 555        k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
 556
 557        if (k->def) {
 558                k->def_uni = true;
 559                k->def_multi = true;
 560        }
 561        if (k->defmgmt)
 562                k->def_multi = true;
 563
 564        if (tb[NL80211_KEY_IDX])
 565                k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
 566
 567        if (tb[NL80211_KEY_DATA]) {
 568                k->p.key = nla_data(tb[NL80211_KEY_DATA]);
 569                k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
 570        }
 571
 572        if (tb[NL80211_KEY_SEQ]) {
 573                k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
 574                k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
 575        }
 576
 577        if (tb[NL80211_KEY_CIPHER])
 578                k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
 579
 580        if (tb[NL80211_KEY_TYPE]) {
 581                k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
 582                if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
 583                        return -EINVAL;
 584        }
 585
 586        if (tb[NL80211_KEY_DEFAULT_TYPES]) {
 587                struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
 588                err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
 589                                       tb[NL80211_KEY_DEFAULT_TYPES],
 590                                       nl80211_key_default_policy);
 591                if (err)
 592                        return err;
 593
 594                k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
 595                k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
 596        }
 597
 598        return 0;
 599}
 600
 601static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
 602{
 603        if (info->attrs[NL80211_ATTR_KEY_DATA]) {
 604                k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
 605                k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
 606        }
 607
 608        if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
 609                k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
 610                k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
 611        }
 612
 613        if (info->attrs[NL80211_ATTR_KEY_IDX])
 614                k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
 615
 616        if (info->attrs[NL80211_ATTR_KEY_CIPHER])
 617                k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
 618
 619        k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
 620        k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
 621
 622        if (k->def) {
 623                k->def_uni = true;
 624                k->def_multi = true;
 625        }
 626        if (k->defmgmt)
 627                k->def_multi = true;
 628
 629        if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
 630                k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
 631                if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
 632                        return -EINVAL;
 633        }
 634
 635        if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
 636                struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
 637                int err = nla_parse_nested(
 638                                kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
 639                                info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
 640                                nl80211_key_default_policy);
 641                if (err)
 642                        return err;
 643
 644                k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
 645                k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
 646        }
 647
 648        return 0;
 649}
 650
 651static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
 652{
 653        int err;
 654
 655        memset(k, 0, sizeof(*k));
 656        k->idx = -1;
 657        k->type = -1;
 658
 659        if (info->attrs[NL80211_ATTR_KEY])
 660                err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
 661        else
 662                err = nl80211_parse_key_old(info, k);
 663
 664        if (err)
 665                return err;
 666
 667        if (k->def && k->defmgmt)
 668                return -EINVAL;
 669
 670        if (k->defmgmt) {
 671                if (k->def_uni || !k->def_multi)
 672                        return -EINVAL;
 673        }
 674
 675        if (k->idx != -1) {
 676                if (k->defmgmt) {
 677                        if (k->idx < 4 || k->idx > 5)
 678                                return -EINVAL;
 679                } else if (k->def) {
 680                        if (k->idx < 0 || k->idx > 3)
 681                                return -EINVAL;
 682                } else {
 683                        if (k->idx < 0 || k->idx > 5)
 684                                return -EINVAL;
 685                }
 686        }
 687
 688        return 0;
 689}
 690
 691static struct cfg80211_cached_keys *
 692nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
 693                       struct nlattr *keys)
 694{
 695        struct key_parse parse;
 696        struct nlattr *key;
 697        struct cfg80211_cached_keys *result;
 698        int rem, err, def = 0;
 699
 700        result = kzalloc(sizeof(*result), GFP_KERNEL);
 701        if (!result)
 702                return ERR_PTR(-ENOMEM);
 703
 704        result->def = -1;
 705        result->defmgmt = -1;
 706
 707        nla_for_each_nested(key, keys, rem) {
 708                memset(&parse, 0, sizeof(parse));
 709                parse.idx = -1;
 710
 711                err = nl80211_parse_key_new(key, &parse);
 712                if (err)
 713                        goto error;
 714                err = -EINVAL;
 715                if (!parse.p.key)
 716                        goto error;
 717                if (parse.idx < 0 || parse.idx > 4)
 718                        goto error;
 719                if (parse.def) {
 720                        if (def)
 721                                goto error;
 722                        def = 1;
 723                        result->def = parse.idx;
 724                        if (!parse.def_uni || !parse.def_multi)
 725                                goto error;
 726                } else if (parse.defmgmt)
 727                        goto error;
 728                err = cfg80211_validate_key_settings(rdev, &parse.p,
 729                                                     parse.idx, false, NULL);
 730                if (err)
 731                        goto error;
 732                result->params[parse.idx].cipher = parse.p.cipher;
 733                result->params[parse.idx].key_len = parse.p.key_len;
 734                result->params[parse.idx].key = result->data[parse.idx];
 735                memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
 736        }
 737
 738        return result;
 739 error:
 740        kfree(result);
 741        return ERR_PTR(err);
 742}
 743
 744static int nl80211_key_allowed(struct wireless_dev *wdev)
 745{
 746        ASSERT_WDEV_LOCK(wdev);
 747
 748        switch (wdev->iftype) {
 749        case NL80211_IFTYPE_AP:
 750        case NL80211_IFTYPE_AP_VLAN:
 751        case NL80211_IFTYPE_P2P_GO:
 752        case NL80211_IFTYPE_MESH_POINT:
 753                break;
 754        case NL80211_IFTYPE_ADHOC:
 755                if (!wdev->current_bss)
 756                        return -ENOLINK;
 757                break;
 758        case NL80211_IFTYPE_STATION:
 759        case NL80211_IFTYPE_P2P_CLIENT:
 760                if (wdev->sme_state != CFG80211_SME_CONNECTED)
 761                        return -ENOLINK;
 762                break;
 763        default:
 764                return -EINVAL;
 765        }
 766
 767        return 0;
 768}
 769
 770static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
 771{
 772        struct nlattr *nl_modes = nla_nest_start(msg, attr);
 773        int i;
 774
 775        if (!nl_modes)
 776                goto nla_put_failure;
 777
 778        i = 0;
 779        while (ifmodes) {
 780                if ((ifmodes & 1) && nla_put_flag(msg, i))
 781                        goto nla_put_failure;
 782                ifmodes >>= 1;
 783                i++;
 784        }
 785
 786        nla_nest_end(msg, nl_modes);
 787        return 0;
 788
 789nla_put_failure:
 790        return -ENOBUFS;
 791}
 792
 793static int nl80211_put_iface_combinations(struct wiphy *wiphy,
 794                                          struct sk_buff *msg)
 795{
 796        struct nlattr *nl_combis;
 797        int i, j;
 798
 799        nl_combis = nla_nest_start(msg,
 800                                NL80211_ATTR_INTERFACE_COMBINATIONS);
 801        if (!nl_combis)
 802                goto nla_put_failure;
 803
 804        for (i = 0; i < wiphy->n_iface_combinations; i++) {
 805                const struct ieee80211_iface_combination *c;
 806                struct nlattr *nl_combi, *nl_limits;
 807
 808                c = &wiphy->iface_combinations[i];
 809
 810                nl_combi = nla_nest_start(msg, i + 1);
 811                if (!nl_combi)
 812                        goto nla_put_failure;
 813
 814                nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
 815                if (!nl_limits)
 816                        goto nla_put_failure;
 817
 818                for (j = 0; j < c->n_limits; j++) {
 819                        struct nlattr *nl_limit;
 820
 821                        nl_limit = nla_nest_start(msg, j + 1);
 822                        if (!nl_limit)
 823                                goto nla_put_failure;
 824                        if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
 825                                        c->limits[j].max))
 826                                goto nla_put_failure;
 827                        if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
 828                                                c->limits[j].types))
 829                                goto nla_put_failure;
 830                        nla_nest_end(msg, nl_limit);
 831                }
 832
 833                nla_nest_end(msg, nl_limits);
 834
 835                if (c->beacon_int_infra_match &&
 836                    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
 837                        goto nla_put_failure;
 838                if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
 839                                c->num_different_channels) ||
 840                    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
 841                                c->max_interfaces))
 842                        goto nla_put_failure;
 843
 844                nla_nest_end(msg, nl_combi);
 845        }
 846
 847        nla_nest_end(msg, nl_combis);
 848
 849        return 0;
 850nla_put_failure:
 851        return -ENOBUFS;
 852}
 853
 854static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
 855                              struct cfg80211_registered_device *dev)
 856{
 857        void *hdr;
 858        struct nlattr *nl_bands, *nl_band;
 859        struct nlattr *nl_freqs, *nl_freq;
 860        struct nlattr *nl_rates, *nl_rate;
 861        struct nlattr *nl_cmds;
 862        enum ieee80211_band band;
 863        struct ieee80211_channel *chan;
 864        struct ieee80211_rate *rate;
 865        int i;
 866        const struct ieee80211_txrx_stypes *mgmt_stypes =
 867                                dev->wiphy.mgmt_stypes;
 868
 869        hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
 870        if (!hdr)
 871                return -1;
 872
 873        if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
 874            nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) ||
 875            nla_put_u32(msg, NL80211_ATTR_GENERATION,
 876                        cfg80211_rdev_list_generation) ||
 877            nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
 878                       dev->wiphy.retry_short) ||
 879            nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
 880                       dev->wiphy.retry_long) ||
 881            nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
 882                        dev->wiphy.frag_threshold) ||
 883            nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
 884                        dev->wiphy.rts_threshold) ||
 885            nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
 886                       dev->wiphy.coverage_class) ||
 887            nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
 888                       dev->wiphy.max_scan_ssids) ||
 889            nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
 890                       dev->wiphy.max_sched_scan_ssids) ||
 891            nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
 892                        dev->wiphy.max_scan_ie_len) ||
 893            nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
 894                        dev->wiphy.max_sched_scan_ie_len) ||
 895            nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
 896                       dev->wiphy.max_match_sets))
 897                goto nla_put_failure;
 898
 899        if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
 900            nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
 901                goto nla_put_failure;
 902        if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
 903            nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
 904                goto nla_put_failure;
 905        if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
 906            nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
 907                goto nla_put_failure;
 908        if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
 909            nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
 910                goto nla_put_failure;
 911        if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
 912            nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
 913                goto nla_put_failure;
 914        if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
 915            nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
 916                goto nla_put_failure;
 917
 918        if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
 919                    sizeof(u32) * dev->wiphy.n_cipher_suites,
 920                    dev->wiphy.cipher_suites))
 921                goto nla_put_failure;
 922
 923        if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
 924                       dev->wiphy.max_num_pmkids))
 925                goto nla_put_failure;
 926
 927        if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
 928            nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
 929                goto nla_put_failure;
 930
 931        if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
 932                        dev->wiphy.available_antennas_tx) ||
 933            nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
 934                        dev->wiphy.available_antennas_rx))
 935                goto nla_put_failure;
 936
 937        if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
 938            nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
 939                        dev->wiphy.probe_resp_offload))
 940                goto nla_put_failure;
 941
 942        if ((dev->wiphy.available_antennas_tx ||
 943             dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
 944                u32 tx_ant = 0, rx_ant = 0;
 945                int res;
 946                res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
 947                if (!res) {
 948                        if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX,
 949                                        tx_ant) ||
 950                            nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX,
 951                                        rx_ant))
 952                                goto nla_put_failure;
 953                }
 954        }
 955
 956        if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
 957                                dev->wiphy.interface_modes))
 958                goto nla_put_failure;
 959
 960        nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
 961        if (!nl_bands)
 962                goto nla_put_failure;
 963
 964        for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
 965                if (!dev->wiphy.bands[band])
 966                        continue;
 967
 968                nl_band = nla_nest_start(msg, band);
 969                if (!nl_band)
 970                        goto nla_put_failure;
 971
 972                /* add HT info */
 973                if (dev->wiphy.bands[band]->ht_cap.ht_supported &&
 974                    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
 975                             sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
 976                             &dev->wiphy.bands[band]->ht_cap.mcs) ||
 977                     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
 978                                 dev->wiphy.bands[band]->ht_cap.cap) ||
 979                     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
 980                                dev->wiphy.bands[band]->ht_cap.ampdu_factor) ||
 981                     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
 982                                dev->wiphy.bands[band]->ht_cap.ampdu_density)))
 983                        goto nla_put_failure;
 984
 985                /* add VHT info */
 986                if (dev->wiphy.bands[band]->vht_cap.vht_supported &&
 987                    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
 988                             sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs),
 989                             &dev->wiphy.bands[band]->vht_cap.vht_mcs) ||
 990                     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
 991                                 dev->wiphy.bands[band]->vht_cap.cap)))
 992                        goto nla_put_failure;
 993
 994                /* add frequencies */
 995                nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
 996                if (!nl_freqs)
 997                        goto nla_put_failure;
 998
 999                for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
1000                        nl_freq = nla_nest_start(msg, i);
1001                        if (!nl_freq)
1002                                goto nla_put_failure;
1003
1004                        chan = &dev->wiphy.bands[band]->channels[i];
1005
1006                        if (nl80211_msg_put_channel(msg, chan))
1007                                goto nla_put_failure;
1008
1009                        nla_nest_end(msg, nl_freq);
1010                }
1011
1012                nla_nest_end(msg, nl_freqs);
1013
1014                /* add bitrates */
1015                nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1016                if (!nl_rates)
1017                        goto nla_put_failure;
1018
1019                for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
1020                        nl_rate = nla_nest_start(msg, i);
1021                        if (!nl_rate)
1022                                goto nla_put_failure;
1023
1024                        rate = &dev->wiphy.bands[band]->bitrates[i];
1025                        if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1026                                        rate->bitrate))
1027                                goto nla_put_failure;
1028                        if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1029                            nla_put_flag(msg,
1030                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1031                                goto nla_put_failure;
1032
1033                        nla_nest_end(msg, nl_rate);
1034                }
1035
1036                nla_nest_end(msg, nl_rates);
1037
1038                nla_nest_end(msg, nl_band);
1039        }
1040        nla_nest_end(msg, nl_bands);
1041
1042        nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1043        if (!nl_cmds)
1044                goto nla_put_failure;
1045
1046        i = 0;
1047#define CMD(op, n)                                              \
1048         do {                                                   \
1049                if (dev->ops->op) {                             \
1050                        i++;                                    \
1051                        if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1052                                goto nla_put_failure;           \
1053                }                                               \
1054        } while (0)
1055
1056        CMD(add_virtual_intf, NEW_INTERFACE);
1057        CMD(change_virtual_intf, SET_INTERFACE);
1058        CMD(add_key, NEW_KEY);
1059        CMD(start_ap, START_AP);
1060        CMD(add_station, NEW_STATION);
1061        CMD(add_mpath, NEW_MPATH);
1062        CMD(update_mesh_config, SET_MESH_CONFIG);
1063        CMD(change_bss, SET_BSS);
1064        CMD(auth, AUTHENTICATE);
1065        CMD(assoc, ASSOCIATE);
1066        CMD(deauth, DEAUTHENTICATE);
1067        CMD(disassoc, DISASSOCIATE);
1068        CMD(join_ibss, JOIN_IBSS);
1069        CMD(join_mesh, JOIN_MESH);
1070        CMD(set_pmksa, SET_PMKSA);
1071        CMD(del_pmksa, DEL_PMKSA);
1072        CMD(flush_pmksa, FLUSH_PMKSA);
1073        if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1074                CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1075        CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1076        CMD(mgmt_tx, FRAME);
1077        CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1078        if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1079                i++;
1080                if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1081                        goto nla_put_failure;
1082        }
1083        if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1084            dev->ops->join_mesh) {
1085                i++;
1086                if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1087                        goto nla_put_failure;
1088        }
1089        CMD(set_wds_peer, SET_WDS_PEER);
1090        if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1091                CMD(tdls_mgmt, TDLS_MGMT);
1092                CMD(tdls_oper, TDLS_OPER);
1093        }
1094        if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1095                CMD(sched_scan_start, START_SCHED_SCAN);
1096        CMD(probe_client, PROBE_CLIENT);
1097        CMD(set_noack_map, SET_NOACK_MAP);
1098        if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1099                i++;
1100                if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1101                        goto nla_put_failure;
1102        }
1103
1104#ifdef CONFIG_NL80211_TESTMODE
1105        CMD(testmode_cmd, TESTMODE);
1106#endif
1107
1108#undef CMD
1109
1110        if (dev->ops->connect || dev->ops->auth) {
1111                i++;
1112                if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1113                        goto nla_put_failure;
1114        }
1115
1116        if (dev->ops->disconnect || dev->ops->deauth) {
1117                i++;
1118                if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1119                        goto nla_put_failure;
1120        }
1121
1122        nla_nest_end(msg, nl_cmds);
1123
1124        if (dev->ops->remain_on_channel &&
1125            (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1126            nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1127                        dev->wiphy.max_remain_on_channel_duration))
1128                goto nla_put_failure;
1129
1130        if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1131            nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1132                goto nla_put_failure;
1133
1134        if (mgmt_stypes) {
1135                u16 stypes;
1136                struct nlattr *nl_ftypes, *nl_ifs;
1137                enum nl80211_iftype ift;
1138
1139                nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1140                if (!nl_ifs)
1141                        goto nla_put_failure;
1142
1143                for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1144                        nl_ftypes = nla_nest_start(msg, ift);
1145                        if (!nl_ftypes)
1146                                goto nla_put_failure;
1147                        i = 0;
1148                        stypes = mgmt_stypes[ift].tx;
1149                        while (stypes) {
1150                                if ((stypes & 1) &&
1151                                    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1152                                                (i << 4) | IEEE80211_FTYPE_MGMT))
1153                                        goto nla_put_failure;
1154                                stypes >>= 1;
1155                                i++;
1156                        }
1157                        nla_nest_end(msg, nl_ftypes);
1158                }
1159
1160                nla_nest_end(msg, nl_ifs);
1161
1162                nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1163                if (!nl_ifs)
1164                        goto nla_put_failure;
1165
1166                for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1167                        nl_ftypes = nla_nest_start(msg, ift);
1168                        if (!nl_ftypes)
1169                                goto nla_put_failure;
1170                        i = 0;
1171                        stypes = mgmt_stypes[ift].rx;
1172                        while (stypes) {
1173                                if ((stypes & 1) &&
1174                                    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1175                                                (i << 4) | IEEE80211_FTYPE_MGMT))
1176                                        goto nla_put_failure;
1177                                stypes >>= 1;
1178                                i++;
1179                        }
1180                        nla_nest_end(msg, nl_ftypes);
1181                }
1182                nla_nest_end(msg, nl_ifs);
1183        }
1184
1185#ifdef CONFIG_PM
1186        if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
1187                struct nlattr *nl_wowlan;
1188
1189                nl_wowlan = nla_nest_start(msg,
1190                                NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1191                if (!nl_wowlan)
1192                        goto nla_put_failure;
1193
1194                if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
1195                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1196                    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
1197                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1198                    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1199                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1200                    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1201                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1202                    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1203                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1204                    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1205                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1206                    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1207                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1208                    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1209                     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1210                    goto nla_put_failure;
1211                if (dev->wiphy.wowlan.n_patterns) {
1212                        struct nl80211_wowlan_pattern_support pat = {
1213                                .max_patterns = dev->wiphy.wowlan.n_patterns,
1214                                .min_pattern_len =
1215                                        dev->wiphy.wowlan.pattern_min_len,
1216                                .max_pattern_len =
1217                                        dev->wiphy.wowlan.pattern_max_len,
1218                        };
1219                        if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1220                                    sizeof(pat), &pat))
1221                                goto nla_put_failure;
1222                }
1223
1224                nla_nest_end(msg, nl_wowlan);
1225        }
1226#endif
1227
1228        if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1229                                dev->wiphy.software_iftypes))
1230                goto nla_put_failure;
1231
1232        if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1233                goto nla_put_failure;
1234
1235        if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1236            nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1237                        dev->wiphy.ap_sme_capa))
1238                goto nla_put_failure;
1239
1240        if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS,
1241                        dev->wiphy.features))
1242                goto nla_put_failure;
1243
1244        if (dev->wiphy.ht_capa_mod_mask &&
1245            nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1246                    sizeof(*dev->wiphy.ht_capa_mod_mask),
1247                    dev->wiphy.ht_capa_mod_mask))
1248                goto nla_put_failure;
1249
1250        return genlmsg_end(msg, hdr);
1251
1252 nla_put_failure:
1253        genlmsg_cancel(msg, hdr);
1254        return -EMSGSIZE;
1255}
1256
1257static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1258{
1259        int idx = 0;
1260        int start = cb->args[0];
1261        struct cfg80211_registered_device *dev;
1262
1263        mutex_lock(&cfg80211_mutex);
1264        list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1265                if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1266                        continue;
1267                if (++idx <= start)
1268                        continue;
1269                if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
1270                                       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1271                                       dev) < 0) {
1272                        idx--;
1273                        break;
1274                }
1275        }
1276        mutex_unlock(&cfg80211_mutex);
1277
1278        cb->args[0] = idx;
1279
1280        return skb->len;
1281}
1282
1283static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1284{
1285        struct sk_buff *msg;
1286        struct cfg80211_registered_device *dev = info->user_ptr[0];
1287
1288        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1289        if (!msg)
1290                return -ENOMEM;
1291
1292        if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
1293                nlmsg_free(msg);
1294                return -ENOBUFS;
1295        }
1296
1297        return genlmsg_reply(msg, info);
1298}
1299
1300static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1301        [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
1302        [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
1303        [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
1304        [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
1305        [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
1306};
1307
1308static int parse_txq_params(struct nlattr *tb[],
1309                            struct ieee80211_txq_params *txq_params)
1310{
1311        if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1312            !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1313            !tb[NL80211_TXQ_ATTR_AIFS])
1314                return -EINVAL;
1315
1316        txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1317        txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1318        txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1319        txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1320        txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1321
1322        if (txq_params->ac >= NL80211_NUM_ACS)
1323                return -EINVAL;
1324
1325        return 0;
1326}
1327
1328static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1329{
1330        /*
1331         * You can only set the channel explicitly for WDS interfaces,
1332         * all others have their channel managed via their respective
1333         * "establish a connection" command (connect, join, ...)
1334         *
1335         * For AP/GO and mesh mode, the channel can be set with the
1336         * channel userspace API, but is only stored and passed to the
1337         * low-level driver when the AP starts or the mesh is joined.
1338         * This is for backward compatibility, userspace can also give
1339         * the channel in the start-ap or join-mesh commands instead.
1340         *
1341         * Monitors are special as they are normally slaved to
1342         * whatever else is going on, so they have their own special
1343         * operation to set the monitor channel if possible.
1344         */
1345        return !wdev ||
1346                wdev->iftype == NL80211_IFTYPE_AP ||
1347                wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1348                wdev->iftype == NL80211_IFTYPE_MONITOR ||
1349                wdev->iftype == NL80211_IFTYPE_P2P_GO;
1350}
1351
1352static bool nl80211_valid_channel_type(struct genl_info *info,
1353                                       enum nl80211_channel_type *channel_type)
1354{
1355        enum nl80211_channel_type tmp;
1356
1357        if (!info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1358                return false;
1359
1360        tmp = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1361        if (tmp != NL80211_CHAN_NO_HT &&
1362            tmp != NL80211_CHAN_HT20 &&
1363            tmp != NL80211_CHAN_HT40PLUS &&
1364            tmp != NL80211_CHAN_HT40MINUS)
1365                return false;
1366
1367        if (channel_type)
1368                *channel_type = tmp;
1369
1370        return true;
1371}
1372
1373static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1374                                 struct wireless_dev *wdev,
1375                                 struct genl_info *info)
1376{
1377        struct ieee80211_channel *channel;
1378        enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1379        u32 freq;
1380        int result;
1381        enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1382
1383        if (wdev)
1384                iftype = wdev->iftype;
1385
1386        if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1387                return -EINVAL;
1388
1389        if (!nl80211_can_set_dev_channel(wdev))
1390                return -EOPNOTSUPP;
1391
1392        if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
1393            !nl80211_valid_channel_type(info, &channel_type))
1394                return -EINVAL;
1395
1396        freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1397
1398        mutex_lock(&rdev->devlist_mtx);
1399        switch (iftype) {
1400        case NL80211_IFTYPE_AP:
1401        case NL80211_IFTYPE_P2P_GO:
1402                if (wdev->beacon_interval) {
1403                        result = -EBUSY;
1404                        break;
1405                }
1406                channel = rdev_freq_to_chan(rdev, freq, channel_type);
1407                if (!channel || !cfg80211_can_beacon_sec_chan(&rdev->wiphy,
1408                                                              channel,
1409                                                              channel_type)) {
1410                        result = -EINVAL;
1411                        break;
1412                }
1413                wdev->preset_chan = channel;
1414                wdev->preset_chantype = channel_type;
1415                result = 0;
1416                break;
1417        case NL80211_IFTYPE_MESH_POINT:
1418                result = cfg80211_set_mesh_freq(rdev, wdev, freq, channel_type);
1419                break;
1420        case NL80211_IFTYPE_MONITOR:
1421                result = cfg80211_set_monitor_channel(rdev, freq, channel_type);
1422                break;
1423        default:
1424                result = -EINVAL;
1425        }
1426        mutex_unlock(&rdev->devlist_mtx);
1427
1428        return result;
1429}
1430
1431static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1432{
1433        struct cfg80211_registered_device *rdev = info->user_ptr[0];
1434        struct net_device *netdev = info->user_ptr[1];
1435
1436        return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1437}
1438
1439static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1440{
1441        struct cfg80211_registered_device *rdev = info->user_ptr[0];
1442        struct net_device *dev = info->user_ptr[1];
1443        struct wireless_dev *wdev = dev->ieee80211_ptr;
1444        const u8 *bssid;
1445
1446        if (!info->attrs[NL80211_ATTR_MAC])
1447                return -EINVAL;
1448
1449        if (netif_running(dev))
1450                return -EBUSY;
1451
1452        if (!rdev->ops->set_wds_peer)
1453                return -EOPNOTSUPP;
1454
1455        if (wdev->iftype != NL80211_IFTYPE_WDS)
1456                return -EOPNOTSUPP;
1457
1458        bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1459        return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1460}
1461
1462
1463static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1464{
1465        struct cfg80211_registered_device *rdev;
1466        struct net_device *netdev = NULL;
1467        struct wireless_dev *wdev;
1468        int result = 0, rem_txq_params = 0;
1469        struct nlattr *nl_txq_params;
1470        u32 changed;
1471        u8 retry_short = 0, retry_long = 0;
1472        u32 frag_threshold = 0, rts_threshold = 0;
1473        u8 coverage_class = 0;
1474
1475        /*
1476         * Try to find the wiphy and netdev. Normally this
1477         * function shouldn't need the netdev, but this is
1478         * done for backward compatibility -- previously
1479         * setting the channel was done per wiphy, but now
1480         * it is per netdev. Previous userland like hostapd
1481         * also passed a netdev to set_wiphy, so that it is
1482         * possible to let that go to the right netdev!
1483         */
1484        mutex_lock(&cfg80211_mutex);
1485
1486        if (info->attrs[NL80211_ATTR_IFINDEX]) {
1487                int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1488
1489                netdev = dev_get_by_index(genl_info_net(info), ifindex);
1490                if (netdev && netdev->ieee80211_ptr) {
1491                        rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1492                        mutex_lock(&rdev->mtx);
1493                } else
1494                        netdev = NULL;
1495        }
1496
1497        if (!netdev) {
1498                rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1499                                                  info->attrs);
1500                if (IS_ERR(rdev)) {
1501                        mutex_unlock(&cfg80211_mutex);
1502                        return PTR_ERR(rdev);
1503                }
1504                wdev = NULL;
1505                netdev = NULL;
1506                result = 0;
1507
1508                mutex_lock(&rdev->mtx);
1509        } else if (nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1510                wdev = netdev->ieee80211_ptr;
1511        else
1512                wdev = NULL;
1513
1514        /*
1515         * end workaround code, by now the rdev is available
1516         * and locked, and wdev may or may not be NULL.
1517         */
1518
1519        if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1520                result = cfg80211_dev_rename(
1521                        rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1522
1523        mutex_unlock(&cfg80211_mutex);
1524
1525        if (result)
1526                goto bad_res;
1527
1528        if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1529                struct ieee80211_txq_params txq_params;
1530                struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1531
1532                if (!rdev->ops->set_txq_params) {
1533                        result = -EOPNOTSUPP;
1534                        goto bad_res;
1535                }
1536
1537                if (!netdev) {
1538                        result = -EINVAL;
1539                        goto bad_res;
1540                }
1541
1542                if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1543                    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1544                        result = -EINVAL;
1545                        goto bad_res;
1546                }
1547
1548                if (!netif_running(netdev)) {
1549                        result = -ENETDOWN;
1550                        goto bad_res;
1551                }
1552
1553                nla_for_each_nested(nl_txq_params,
1554                                    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1555                                    rem_txq_params) {
1556                        nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1557                                  nla_data(nl_txq_params),
1558                                  nla_len(nl_txq_params),
1559                                  txq_params_policy);
1560                        result = parse_txq_params(tb, &txq_params);
1561                        if (result)
1562                                goto bad_res;
1563
1564                        result = rdev->ops->set_txq_params(&rdev->wiphy,
1565                                                           netdev,
1566                                                           &txq_params);
1567                        if (result)
1568                                goto bad_res;
1569                }
1570        }
1571
1572        if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1573                result = __nl80211_set_channel(rdev, wdev, info);
1574                if (result)
1575                        goto bad_res;
1576        }
1577
1578        if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1579                enum nl80211_tx_power_setting type;
1580                int idx, mbm = 0;
1581
1582                if (!rdev->ops->set_tx_power) {
1583                        result = -EOPNOTSUPP;
1584                        goto bad_res;
1585                }
1586
1587                idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1588                type = nla_get_u32(info->attrs[idx]);
1589
1590                if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1591                    (type != NL80211_TX_POWER_AUTOMATIC)) {
1592                        result = -EINVAL;
1593                        goto bad_res;
1594                }
1595
1596                if (type != NL80211_TX_POWER_AUTOMATIC) {
1597                        idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1598                        mbm = nla_get_u32(info->attrs[idx]);
1599                }
1600
1601                result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1602                if (result)
1603                        goto bad_res;
1604        }
1605
1606        if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1607            info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1608                u32 tx_ant, rx_ant;
1609                if ((!rdev->wiphy.available_antennas_tx &&
1610                     !rdev->wiphy.available_antennas_rx) ||
1611                    !rdev->ops->set_antenna) {
1612                        result = -EOPNOTSUPP;
1613                        goto bad_res;
1614                }
1615
1616                tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1617                rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1618
1619                /* reject antenna configurations which don't match the
1620                 * available antenna masks, except for the "all" mask */
1621                if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1622                    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1623                        result = -EINVAL;
1624                        goto bad_res;
1625                }
1626
1627                tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1628                rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1629
1630                result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1631                if (result)
1632                        goto bad_res;
1633        }
1634
1635        changed = 0;
1636
1637        if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1638                retry_short = nla_get_u8(
1639                        info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1640                if (retry_short == 0) {
1641                        result = -EINVAL;
1642                        goto bad_res;
1643                }
1644                changed |= WIPHY_PARAM_RETRY_SHORT;
1645        }
1646
1647        if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1648                retry_long = nla_get_u8(
1649                        info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1650                if (retry_long == 0) {
1651                        result = -EINVAL;
1652                        goto bad_res;
1653                }
1654                changed |= WIPHY_PARAM_RETRY_LONG;
1655        }
1656
1657        if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1658                frag_threshold = nla_get_u32(
1659                        info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1660                if (frag_threshold < 256) {
1661                        result = -EINVAL;
1662                        goto bad_res;
1663                }
1664                if (frag_threshold != (u32) -1) {
1665                        /*
1666                         * Fragments (apart from the last one) are required to
1667                         * have even length. Make the fragmentation code
1668                         * simpler by stripping LSB should someone try to use
1669                         * odd threshold value.
1670                         */
1671                        frag_threshold &= ~0x1;
1672                }
1673                changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1674        }
1675
1676        if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1677                rts_threshold = nla_get_u32(
1678                        info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1679                changed |= WIPHY_PARAM_RTS_THRESHOLD;
1680        }
1681
1682        if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1683                coverage_class = nla_get_u8(
1684                        info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1685                changed |= WIPHY_PARAM_COVERAGE_CLASS;
1686        }
1687
1688        if (changed) {
1689                u8 old_retry_short, old_retry_long;
1690                u32 old_frag_threshold, old_rts_threshold;
1691                u8 old_coverage_class;
1692
1693                if (!rdev->ops->set_wiphy_params) {
1694                        result = -EOPNOTSUPP;
1695                        goto bad_res;
1696                }
1697
1698                old_retry_short = rdev->wiphy.retry_short;
1699                old_retry_long = rdev->wiphy.retry_long;
1700                old_frag_threshold = rdev->wiphy.frag_threshold;
1701                old_rts_threshold = rdev->wiphy.rts_threshold;
1702                old_coverage_class = rdev->wiphy.coverage_class;
1703
1704                if (changed & WIPHY_PARAM_RETRY_SHORT)
1705                        rdev->wiphy.retry_short = retry_short;
1706                if (changed & WIPHY_PARAM_RETRY_LONG)
1707                        rdev->wiphy.retry_long = retry_long;
1708                if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1709                        rdev->wiphy.frag_threshold = frag_threshold;
1710                if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1711                        rdev->wiphy.rts_threshold = rts_threshold;
1712                if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1713                        rdev->wiphy.coverage_class = coverage_class;
1714
1715                result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1716                if (result) {
1717                        rdev->wiphy.retry_short = old_retry_short;
1718                        rdev->wiphy.retry_long = old_retry_long;
1719                        rdev->wiphy.frag_threshold = old_frag_threshold;
1720                        rdev->wiphy.rts_threshold = old_rts_threshold;
1721                        rdev->wiphy.coverage_class = old_coverage_class;
1722                }
1723        }
1724
1725 bad_res:
1726        mutex_unlock(&rdev->mtx);
1727        if (netdev)
1728                dev_put(netdev);
1729        return result;
1730}
1731
1732static inline u64 wdev_id(struct wireless_dev *wdev)
1733{
1734        return (u64)wdev->identifier |
1735               ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
1736}
1737
1738static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1739                              struct cfg80211_registered_device *rdev,
1740                              struct wireless_dev *wdev)
1741{
1742        struct net_device *dev = wdev->netdev;
1743        void *hdr;
1744
1745        hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1746        if (!hdr)
1747                return -1;
1748
1749        if (dev &&
1750            (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1751             nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name) ||
1752             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dev->dev_addr)))
1753                goto nla_put_failure;
1754
1755        if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1756            nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
1757            nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
1758            nla_put_u32(msg, NL80211_ATTR_GENERATION,
1759                        rdev->devlist_generation ^
1760                        (cfg80211_rdev_list_generation << 2)))
1761                goto nla_put_failure;
1762
1763        if (rdev->ops->get_channel) {
1764                struct ieee80211_channel *chan;
1765                enum nl80211_channel_type channel_type;
1766
1767                chan = rdev->ops->get_channel(&rdev->wiphy, wdev,
1768                                              &channel_type);
1769                if (chan &&
1770                    (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
1771                                 chan->center_freq) ||
1772                     nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
1773                                 channel_type)))
1774                        goto nla_put_failure;
1775        }
1776
1777        return genlmsg_end(msg, hdr);
1778
1779 nla_put_failure:
1780        genlmsg_cancel(msg, hdr);
1781        return -EMSGSIZE;
1782}
1783
1784static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1785{
1786        int wp_idx = 0;
1787        int if_idx = 0;
1788        int wp_start = cb->args[0];
1789        int if_start = cb->args[1];
1790        struct cfg80211_registered_device *rdev;
1791        struct wireless_dev *wdev;
1792
1793        mutex_lock(&cfg80211_mutex);
1794        list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1795                if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1796                        continue;
1797                if (wp_idx < wp_start) {
1798                        wp_idx++;
1799                        continue;
1800                }
1801                if_idx = 0;
1802
1803                mutex_lock(&rdev->devlist_mtx);
1804                list_for_each_entry(wdev, &rdev->wdev_list, list) {
1805                        if (if_idx < if_start) {
1806                                if_idx++;
1807                                continue;
1808                        }
1809                        if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1810                                               cb->nlh->nlmsg_seq, NLM_F_MULTI,
1811                                               rdev, wdev) < 0) {
1812                                mutex_unlock(&rdev->devlist_mtx);
1813                                goto out;
1814                        }
1815                        if_idx++;
1816                }
1817                mutex_unlock(&rdev->devlist_mtx);
1818
1819                wp_idx++;
1820        }
1821 out:
1822        mutex_unlock(&cfg80211_mutex);
1823
1824        cb->args[0] = wp_idx;
1825        cb->args[1] = if_idx;
1826
1827        return skb->len;
1828}
1829
1830static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1831{
1832        struct sk_buff *msg;
1833        struct cfg80211_registered_device *dev = info->user_ptr[0];
1834        struct wireless_dev *wdev = info->user_ptr[1];
1835
1836        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1837        if (!msg)
1838                return -ENOMEM;
1839
1840        if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1841                               dev, wdev) < 0) {
1842                nlmsg_free(msg);
1843                return -ENOBUFS;
1844        }
1845
1846        return genlmsg_reply(msg, info);
1847}
1848
1849static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1850        [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1851        [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1852        [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1853        [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1854        [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1855};
1856
1857static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1858{
1859        struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1860        int flag;
1861
1862        *mntrflags = 0;
1863
1864        if (!nla)
1865                return -EINVAL;
1866
1867        if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1868                             nla, mntr_flags_policy))
1869                return -EINVAL;
1870
1871        for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1872                if (flags[flag])
1873                        *mntrflags |= (1<<flag);
1874
1875        return 0;
1876}
1877
1878static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1879                               struct net_device *netdev, u8 use_4addr,
1880                               enum nl80211_iftype iftype)
1881{
1882        if (!use_4addr) {
1883                if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1884                        return -EBUSY;
1885                return 0;
1886        }
1887
1888        switch (iftype) {
1889        case NL80211_IFTYPE_AP_VLAN:
1890                if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1891                        return 0;
1892                break;
1893        case NL80211_IFTYPE_STATION:
1894                if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1895                        return 0;
1896                break;
1897        default:
1898                break;
1899        }
1900
1901        return -EOPNOTSUPP;
1902}
1903
1904static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1905{
1906        struct cfg80211_registered_device *rdev = info->user_ptr[0];
1907        struct vif_params params;
1908        int err;
1909        enum nl80211_iftype otype, ntype;
1910        struct net_device *dev = info->user_ptr[1];
1911        u32 _flags, *flags = NULL;
1912        bool change = false;
1913
1914        memset(&params, 0, sizeof(params));
1915
1916        otype = ntype = dev->ieee80211_ptr->iftype;
1917
1918        if (info->attrs[NL80211_ATTR_IFTYPE]) {
1919                ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1920                if (otype != ntype)
1921                        change = true;
1922                if (ntype > NL80211_IFTYPE_MAX)
1923                        return -EINVAL;
1924        }
1925
1926        if (info->attrs[NL80211_ATTR_MESH_ID]) {
1927                struct wireless_dev *wdev = dev->ieee80211_ptr;
1928
1929                if (ntype != NL80211_IFTYPE_MESH_POINT)
1930                        return -EINVAL;
1931                if (netif_running(dev))
1932                        return -EBUSY;
1933
1934                wdev_lock(wdev);
1935                BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1936                             IEEE80211_MAX_MESH_ID_LEN);
1937                wdev->mesh_id_up_len =
1938                        nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1939                memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1940                       wdev->mesh_id_up_len);
1941                wdev_unlock(wdev);
1942        }
1943
1944        if (info->attrs[NL80211_ATTR_4ADDR]) {
1945                params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1946                change = true;
1947                err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1948                if (err)
1949                        return err;
1950        } else {
1951                params.use_4addr = -1;
1952        }
1953
1954        if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1955                if (ntype != NL80211_IFTYPE_MONITOR)
1956                        return -EINVAL;
1957                err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1958                                          &_flags);
1959                if (err)
1960                        return err;
1961
1962                flags = &_flags;
1963                change = true;
1964        }
1965
1966        if (change)
1967                err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1968        else
1969                err = 0;
1970
1971        if (!err && params.use_4addr != -1)
1972                dev->ieee80211_ptr->use_4addr = params.use_4addr;
1973
1974        return err;
1975}
1976
1977static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1978{
1979        struct cfg80211_registered_device *rdev = info->user_ptr[0];
1980        struct vif_params params;
1981        struct wireless_dev *wdev;
1982        struct sk_buff *msg;
1983        int err;
1984        enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1985        u32 flags;
1986
1987        memset(&params, 0, sizeof(params));
1988
1989        if (!info->attrs[NL80211_ATTR_IFNAME])
1990                return -EINVAL;
1991
1992        if (info->attrs[NL80211_ATTR_IFTYPE]) {
1993                type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1994                if (type > NL80211_IFTYPE_MAX)
1995                        return -EINVAL;
1996        }
1997
1998        if (!rdev->ops->add_virtual_intf ||
1999            !(rdev->wiphy.interface_modes & (1 << type)))
2000                return -EOPNOTSUPP;
2001
2002        if (info->attrs[NL80211_ATTR_4ADDR]) {
2003                params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2004                err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2005                if (err)
2006                        return err;
2007        }
2008
2009        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2010        if (!msg)
2011                return -ENOMEM;
2012
2013        err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2014                                  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2015                                  &flags);
2016        wdev = rdev->ops->add_virtual_intf(&rdev->wiphy,
2017                nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2018                type, err ? NULL : &flags, &params);
2019        if (IS_ERR(wdev)) {
2020                nlmsg_free(msg);
2021                return PTR_ERR(wdev);
2022        }
2023
2024        if (type == NL80211_IFTYPE_MESH_POINT &&
2025            info->attrs[NL80211_ATTR_MESH_ID]) {
2026                wdev_lock(wdev);
2027                BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2028                             IEEE80211_MAX_MESH_ID_LEN);
2029                wdev->mesh_id_up_len =
2030                        nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2031                memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2032                       wdev->mesh_id_up_len);
2033                wdev_unlock(wdev);
2034        }
2035
2036        if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
2037                               rdev, wdev) < 0) {
2038                nlmsg_free(msg);
2039                return -ENOBUFS;
2040        }
2041
2042        return genlmsg_reply(msg, info);
2043}
2044
2045static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2046{
2047        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2048        struct wireless_dev *wdev = info->user_ptr[1];
2049
2050        if (!rdev->ops->del_virtual_intf)
2051                return -EOPNOTSUPP;
2052
2053        /*
2054         * If we remove a wireless device without a netdev then clear
2055         * user_ptr[1] so that nl80211_post_doit won't dereference it
2056         * to check if it needs to do dev_put(). Otherwise it crashes
2057         * since the wdev has been freed, unlike with a netdev where
2058         * we need the dev_put() for the netdev to really be freed.
2059         */
2060        if (!wdev->netdev)
2061                info->user_ptr[1] = NULL;
2062
2063        return rdev->ops->del_virtual_intf(&rdev->wiphy, wdev);
2064}
2065
2066static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2067{
2068        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2069        struct net_device *dev = info->user_ptr[1];
2070        u16 noack_map;
2071
2072        if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2073                return -EINVAL;
2074
2075        if (!rdev->ops->set_noack_map)
2076                return -EOPNOTSUPP;
2077
2078        noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2079
2080        return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
2081}
2082
2083struct get_key_cookie {
2084        struct sk_buff *msg;
2085        int error;
2086        int idx;
2087};
2088
2089static void get_key_callback(void *c, struct key_params *params)
2090{
2091        struct nlattr *key;
2092        struct get_key_cookie *cookie = c;
2093
2094        if ((params->key &&
2095             nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2096                     params->key_len, params->key)) ||
2097            (params->seq &&
2098             nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2099                     params->seq_len, params->seq)) ||
2100            (params->cipher &&
2101             nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2102                         params->cipher)))
2103                goto nla_put_failure;
2104
2105        key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2106        if (!key)
2107                goto nla_put_failure;
2108
2109        if ((params->key &&
2110             nla_put(cookie->msg, NL80211_KEY_DATA,
2111                     params->key_len, params->key)) ||
2112            (params->seq &&
2113             nla_put(cookie->msg, NL80211_KEY_SEQ,
2114                     params->seq_len, params->seq)) ||
2115            (params->cipher &&
2116             nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2117                         params->cipher)))
2118                goto nla_put_failure;
2119
2120        if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2121                goto nla_put_failure;
2122
2123        nla_nest_end(cookie->msg, key);
2124
2125        return;
2126 nla_put_failure:
2127        cookie->error = 1;
2128}
2129
2130static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2131{
2132        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2133        int err;
2134        struct net_device *dev = info->user_ptr[1];
2135        u8 key_idx = 0;
2136        const u8 *mac_addr = NULL;
2137        bool pairwise;
2138        struct get_key_cookie cookie = {
2139                .error = 0,
2140        };
2141        void *hdr;
2142        struct sk_buff *msg;
2143
2144        if (info->attrs[NL80211_ATTR_KEY_IDX])
2145                key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2146
2147        if (key_idx > 5)
2148                return -EINVAL;
2149
2150        if (info->attrs[NL80211_ATTR_MAC])
2151                mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2152
2153        pairwise = !!mac_addr;
2154        if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2155                u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2156                if (kt >= NUM_NL80211_KEYTYPES)
2157                        return -EINVAL;
2158                if (kt != NL80211_KEYTYPE_GROUP &&
2159                    kt != NL80211_KEYTYPE_PAIRWISE)
2160                        return -EINVAL;
2161                pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2162        }
2163
2164        if (!rdev->ops->get_key)
2165                return -EOPNOTSUPP;
2166
2167        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2168        if (!msg)
2169                return -ENOMEM;
2170
2171        hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2172                             NL80211_CMD_NEW_KEY);
2173        if (IS_ERR(hdr))
2174                return PTR_ERR(hdr);
2175
2176        cookie.msg = msg;
2177        cookie.idx = key_idx;
2178
2179        if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2180            nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2181                goto nla_put_failure;
2182        if (mac_addr &&
2183            nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2184                goto nla_put_failure;
2185
2186        if (pairwise && mac_addr &&
2187            !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2188                return -ENOENT;
2189
2190        err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
2191                                 mac_addr, &cookie, get_key_callback);
2192
2193        if (err)
2194                goto free_msg;
2195
2196        if (cookie.error)
2197                goto nla_put_failure;
2198
2199        genlmsg_end(msg, hdr);
2200        return genlmsg_reply(msg, info);
2201
2202 nla_put_failure:
2203        err = -ENOBUFS;
2204 free_msg:
2205        nlmsg_free(msg);
2206        return err;
2207}
2208
2209static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2210{
2211        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2212        struct key_parse key;
2213        int err;
2214        struct net_device *dev = info->user_ptr[1];
2215
2216        err = nl80211_parse_key(info, &key);
2217        if (err)
2218                return err;
2219
2220        if (key.idx < 0)
2221                return -EINVAL;
2222
2223        /* only support setting default key */
2224        if (!key.def && !key.defmgmt)
2225                return -EINVAL;
2226
2227        wdev_lock(dev->ieee80211_ptr);
2228
2229        if (key.def) {
2230                if (!rdev->ops->set_default_key) {
2231                        err = -EOPNOTSUPP;
2232                        goto out;
2233                }
2234
2235                err = nl80211_key_allowed(dev->ieee80211_ptr);
2236                if (err)
2237                        goto out;
2238
2239                err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
2240                                                 key.def_uni, key.def_multi);
2241
2242                if (err)
2243                        goto out;
2244
2245#ifdef CONFIG_CFG80211_WEXT
2246                dev->ieee80211_ptr->wext.default_key = key.idx;
2247#endif
2248        } else {
2249                if (key.def_uni || !key.def_multi) {
2250                        err = -EINVAL;
2251                        goto out;
2252                }
2253
2254                if (!rdev->ops->set_default_mgmt_key) {
2255                        err = -EOPNOTSUPP;
2256                        goto out;
2257                }
2258
2259                err = nl80211_key_allowed(dev->ieee80211_ptr);
2260                if (err)
2261                        goto out;
2262
2263                err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
2264                                                      dev, key.idx);
2265                if (err)
2266                        goto out;
2267
2268#ifdef CONFIG_CFG80211_WEXT
2269                dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2270#endif
2271        }
2272
2273 out:
2274        wdev_unlock(dev->ieee80211_ptr);
2275
2276        return err;
2277}
2278
2279static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2280{
2281        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2282        int err;
2283        struct net_device *dev = info->user_ptr[1];
2284        struct key_parse key;
2285        const u8 *mac_addr = NULL;
2286
2287        err = nl80211_parse_key(info, &key);
2288        if (err)
2289                return err;
2290
2291        if (!key.p.key)
2292                return -EINVAL;
2293
2294        if (info->attrs[NL80211_ATTR_MAC])
2295                mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2296
2297        if (key.type == -1) {
2298                if (mac_addr)
2299                        key.type = NL80211_KEYTYPE_PAIRWISE;
2300                else
2301                        key.type = NL80211_KEYTYPE_GROUP;
2302        }
2303
2304        /* for now */
2305        if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2306            key.type != NL80211_KEYTYPE_GROUP)
2307                return -EINVAL;
2308
2309        if (!rdev->ops->add_key)
2310                return -EOPNOTSUPP;
2311
2312        if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2313                                           key.type == NL80211_KEYTYPE_PAIRWISE,
2314                                           mac_addr))
2315                return -EINVAL;
2316
2317        wdev_lock(dev->ieee80211_ptr);
2318        err = nl80211_key_allowed(dev->ieee80211_ptr);
2319        if (!err)
2320                err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
2321                                         key.type == NL80211_KEYTYPE_PAIRWISE,
2322                                         mac_addr, &key.p);
2323        wdev_unlock(dev->ieee80211_ptr);
2324
2325        return err;
2326}
2327
2328static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2329{
2330        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2331        int err;
2332        struct net_device *dev = info->user_ptr[1];
2333        u8 *mac_addr = NULL;
2334        struct key_parse key;
2335
2336        err = nl80211_parse_key(info, &key);
2337        if (err)
2338                return err;
2339
2340        if (info->attrs[NL80211_ATTR_MAC])
2341                mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2342
2343        if (key.type == -1) {
2344                if (mac_addr)
2345                        key.type = NL80211_KEYTYPE_PAIRWISE;
2346                else
2347                        key.type = NL80211_KEYTYPE_GROUP;
2348        }
2349
2350        /* for now */
2351        if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2352            key.type != NL80211_KEYTYPE_GROUP)
2353                return -EINVAL;
2354
2355        if (!rdev->ops->del_key)
2356                return -EOPNOTSUPP;
2357
2358        wdev_lock(dev->ieee80211_ptr);
2359        err = nl80211_key_allowed(dev->ieee80211_ptr);
2360
2361        if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2362            !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2363                err = -ENOENT;
2364
2365        if (!err)
2366                err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
2367                                         key.type == NL80211_KEYTYPE_PAIRWISE,
2368                                         mac_addr);
2369
2370#ifdef CONFIG_CFG80211_WEXT
2371        if (!err) {
2372                if (key.idx == dev->ieee80211_ptr->wext.default_key)
2373                        dev->ieee80211_ptr->wext.default_key = -1;
2374                else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2375                        dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2376        }
2377#endif
2378        wdev_unlock(dev->ieee80211_ptr);
2379
2380        return err;
2381}
2382
2383static int nl80211_parse_beacon(struct genl_info *info,
2384                                struct cfg80211_beacon_data *bcn)
2385{
2386        bool haveinfo = false;
2387
2388        if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2389            !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2390            !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2391            !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2392                return -EINVAL;
2393
2394        memset(bcn, 0, sizeof(*bcn));
2395
2396        if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2397                bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2398                bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2399                if (!bcn->head_len)
2400                        return -EINVAL;
2401                haveinfo = true;
2402        }
2403
2404        if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2405                bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2406                bcn->tail_len =
2407                    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2408                haveinfo = true;
2409        }
2410
2411        if (!haveinfo)
2412                return -EINVAL;
2413
2414        if (info->attrs[NL80211_ATTR_IE]) {
2415                bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2416                bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2417        }
2418
2419        if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2420                bcn->proberesp_ies =
2421                        nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2422                bcn->proberesp_ies_len =
2423                        nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2424        }
2425
2426        if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2427                bcn->assocresp_ies =
2428                        nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2429                bcn->assocresp_ies_len =
2430                        nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2431        }
2432
2433        if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2434                bcn->probe_resp =
2435                        nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2436                bcn->probe_resp_len =
2437                        nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2438        }
2439
2440        return 0;
2441}
2442
2443static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
2444                                   struct cfg80211_ap_settings *params)
2445{
2446        struct wireless_dev *wdev;
2447        bool ret = false;
2448
2449        mutex_lock(&rdev->devlist_mtx);
2450
2451        list_for_each_entry(wdev, &rdev->wdev_list, list) {
2452                if (wdev->iftype != NL80211_IFTYPE_AP &&
2453                    wdev->iftype != NL80211_IFTYPE_P2P_GO)
2454                        continue;
2455
2456                if (!wdev->preset_chan)
2457                        continue;
2458
2459                params->channel = wdev->preset_chan;
2460                params->channel_type = wdev->preset_chantype;
2461                ret = true;
2462                break;
2463        }
2464
2465        mutex_unlock(&rdev->devlist_mtx);
2466
2467        return ret;
2468}
2469
2470static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2471{
2472        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2473        struct net_device *dev = info->user_ptr[1];
2474        struct wireless_dev *wdev = dev->ieee80211_ptr;
2475        struct cfg80211_ap_settings params;
2476        int err;
2477
2478        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2479            dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2480                return -EOPNOTSUPP;
2481
2482        if (!rdev->ops->start_ap)
2483                return -EOPNOTSUPP;
2484
2485        if (wdev->beacon_interval)
2486                return -EALREADY;
2487
2488        memset(&params, 0, sizeof(params));
2489
2490        /* these are required for START_AP */
2491        if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2492            !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2493            !info->attrs[NL80211_ATTR_BEACON_HEAD])
2494                return -EINVAL;
2495
2496        err = nl80211_parse_beacon(info, &params.beacon);
2497        if (err)
2498                return err;
2499
2500        params.beacon_interval =
2501                nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2502        params.dtim_period =
2503                nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2504
2505        err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2506        if (err)
2507                return err;
2508
2509        /*
2510         * In theory, some of these attributes should be required here
2511         * but since they were not used when the command was originally
2512         * added, keep them optional for old user space programs to let
2513         * them continue to work with drivers that do not need the
2514         * additional information -- drivers must check!
2515         */
2516        if (info->attrs[NL80211_ATTR_SSID]) {
2517                params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2518                params.ssid_len =
2519                        nla_len(info->attrs[NL80211_ATTR_SSID]);
2520                if (params.ssid_len == 0 ||
2521                    params.ssid_len > IEEE80211_MAX_SSID_LEN)
2522                        return -EINVAL;
2523        }
2524
2525        if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2526                params.hidden_ssid = nla_get_u32(
2527                        info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2528                if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2529                    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2530                    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2531                        return -EINVAL;
2532        }
2533
2534        params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2535
2536        if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2537                params.auth_type = nla_get_u32(
2538                        info->attrs[NL80211_ATTR_AUTH_TYPE]);
2539                if (!nl80211_valid_auth_type(params.auth_type))
2540                        return -EINVAL;
2541        } else
2542                params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2543
2544        err = nl80211_crypto_settings(rdev, info, &params.crypto,
2545                                      NL80211_MAX_NR_CIPHER_SUITES);
2546        if (err)
2547                return err;
2548
2549        if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
2550                if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
2551                        return -EOPNOTSUPP;
2552                params.inactivity_timeout = nla_get_u16(
2553                        info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
2554        }
2555
2556        if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2557                enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
2558
2559                if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
2560                    !nl80211_valid_channel_type(info, &channel_type))
2561                        return -EINVAL;
2562
2563                params.channel = rdev_freq_to_chan(rdev,
2564                        nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
2565                        channel_type);
2566                if (!params.channel)
2567                        return -EINVAL;
2568                params.channel_type = channel_type;
2569        } else if (wdev->preset_chan) {
2570                params.channel = wdev->preset_chan;
2571                params.channel_type = wdev->preset_chantype;
2572        } else if (!nl80211_get_ap_channel(rdev, &params))
2573                return -EINVAL;
2574
2575        if (!cfg80211_can_beacon_sec_chan(&rdev->wiphy, params.channel,
2576                                          params.channel_type))
2577                return -EINVAL;
2578
2579        mutex_lock(&rdev->devlist_mtx);
2580        err = cfg80211_can_use_chan(rdev, wdev, params.channel,
2581                                    CHAN_MODE_SHARED);
2582        mutex_unlock(&rdev->devlist_mtx);
2583
2584        if (err)
2585                return err;
2586
2587        err = rdev->ops->start_ap(&rdev->wiphy, dev, &params);
2588        if (!err) {
2589                wdev->preset_chan = params.channel;
2590                wdev->preset_chantype = params.channel_type;
2591                wdev->beacon_interval = params.beacon_interval;
2592                wdev->channel = params.channel;
2593        }
2594        return err;
2595}
2596
2597static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2598{
2599        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2600        struct net_device *dev = info->user_ptr[1];
2601        struct wireless_dev *wdev = dev->ieee80211_ptr;
2602        struct cfg80211_beacon_data params;
2603        int err;
2604
2605        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2606            dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2607                return -EOPNOTSUPP;
2608
2609        if (!rdev->ops->change_beacon)
2610                return -EOPNOTSUPP;
2611
2612        if (!wdev->beacon_interval)
2613                return -EINVAL;
2614
2615        err = nl80211_parse_beacon(info, &params);
2616        if (err)
2617                return err;
2618
2619        return rdev->ops->change_beacon(&rdev->wiphy, dev, &params);
2620}
2621
2622static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2623{
2624        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2625        struct net_device *dev = info->user_ptr[1];
2626
2627        return cfg80211_stop_ap(rdev, dev);
2628}
2629
2630static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2631        [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2632        [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2633        [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2634        [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2635        [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2636        [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2637};
2638
2639static int parse_station_flags(struct genl_info *info,
2640                               enum nl80211_iftype iftype,
2641                               struct station_parameters *params)
2642{
2643        struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2644        struct nlattr *nla;
2645        int flag;
2646
2647        /*
2648         * Try parsing the new attribute first so userspace
2649         * can specify both for older kernels.
2650         */
2651        nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2652        if (nla) {
2653                struct nl80211_sta_flag_update *sta_flags;
2654
2655                sta_flags = nla_data(nla);
2656                params->sta_flags_mask = sta_flags->mask;
2657                params->sta_flags_set = sta_flags->set;
2658                if ((params->sta_flags_mask |
2659                     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2660                        return -EINVAL;
2661                return 0;
2662        }
2663
2664        /* if present, parse the old attribute */
2665
2666        nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2667        if (!nla)
2668                return 0;
2669
2670        if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2671                             nla, sta_flags_policy))
2672                return -EINVAL;
2673
2674        /*
2675         * Only allow certain flags for interface types so that
2676         * other attributes are silently ignored. Remember that
2677         * this is backward compatibility code with old userspace
2678         * and shouldn't be hit in other cases anyway.
2679         */
2680        switch (iftype) {
2681        case NL80211_IFTYPE_AP:
2682        case NL80211_IFTYPE_AP_VLAN:
2683        case NL80211_IFTYPE_P2P_GO:
2684                params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2685                                         BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2686                                         BIT(NL80211_STA_FLAG_WME) |
2687                                         BIT(NL80211_STA_FLAG_MFP);
2688                break;
2689        case NL80211_IFTYPE_P2P_CLIENT:
2690        case NL80211_IFTYPE_STATION:
2691                params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2692                                         BIT(NL80211_STA_FLAG_TDLS_PEER);
2693                break;
2694        case NL80211_IFTYPE_MESH_POINT:
2695                params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2696                                         BIT(NL80211_STA_FLAG_MFP) |
2697                                         BIT(NL80211_STA_FLAG_AUTHORIZED);
2698        default:
2699                return -EINVAL;
2700        }
2701
2702        for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
2703                if (flags[flag]) {
2704                        params->sta_flags_set |= (1<<flag);
2705
2706                        /* no longer support new API additions in old API */
2707                        if (flag > NL80211_STA_FLAG_MAX_OLD_API)
2708                                return -EINVAL;
2709                }
2710        }
2711
2712        return 0;
2713}
2714
2715static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2716                                 int attr)
2717{
2718        struct nlattr *rate;
2719        u32 bitrate;
2720        u16 bitrate_compat;
2721
2722        rate = nla_nest_start(msg, attr);
2723        if (!rate)
2724                goto nla_put_failure;
2725
2726        /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2727        bitrate = cfg80211_calculate_bitrate(info);
2728        /* report 16-bit bitrate only if we can */
2729        bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
2730        if ((bitrate > 0 &&
2731             nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) ||
2732            (bitrate_compat > 0 &&
2733             nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) ||
2734            ((info->flags & RATE_INFO_FLAGS_MCS) &&
2735             nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) ||
2736            ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) &&
2737             nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) ||
2738            ((info->flags & RATE_INFO_FLAGS_SHORT_GI) &&
2739             nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)))
2740                goto nla_put_failure;
2741
2742        nla_nest_end(msg, rate);
2743        return true;
2744
2745nla_put_failure:
2746        return false;
2747}
2748
2749static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2750                                int flags,
2751                                struct cfg80211_registered_device *rdev,
2752                                struct net_device *dev,
2753                                const u8 *mac_addr, struct station_info *sinfo)
2754{
2755        void *hdr;
2756        struct nlattr *sinfoattr, *bss_param;
2757
2758        hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2759        if (!hdr)
2760                return -1;
2761
2762        if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2763            nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
2764            nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
2765                goto nla_put_failure;
2766
2767        sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2768        if (!sinfoattr)
2769                goto nla_put_failure;
2770        if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
2771            nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2772                        sinfo->connected_time))
2773                goto nla_put_failure;
2774        if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
2775            nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2776                        sinfo->inactive_time))
2777                goto nla_put_failure;
2778        if ((sinfo->filled & STATION_INFO_RX_BYTES) &&
2779            nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
2780                        sinfo->rx_bytes))
2781                goto nla_put_failure;
2782        if ((sinfo->filled & STATION_INFO_TX_BYTES) &&
2783            nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
2784                        sinfo->tx_bytes))
2785                goto nla_put_failure;
2786        if ((sinfo->filled & STATION_INFO_LLID) &&
2787            nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
2788                goto nla_put_failure;
2789        if ((sinfo->filled & STATION_INFO_PLID) &&
2790            nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
2791                goto nla_put_failure;
2792        if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
2793            nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
2794                       sinfo->plink_state))
2795                goto nla_put_failure;
2796        switch (rdev->wiphy.signal_type) {
2797        case CFG80211_SIGNAL_TYPE_MBM:
2798                if ((sinfo->filled & STATION_INFO_SIGNAL) &&
2799                    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
2800                               sinfo->signal))
2801                        goto nla_put_failure;
2802                if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
2803                    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2804                               sinfo->signal_avg))
2805                        goto nla_put_failure;
2806                break;
2807        default:
2808                break;
2809        }
2810        if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2811                if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2812                                          NL80211_STA_INFO_TX_BITRATE))
2813                        goto nla_put_failure;
2814        }
2815        if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2816                if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2817                                          NL80211_STA_INFO_RX_BITRATE))
2818                        goto nla_put_failure;
2819        }
2820        if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
2821            nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
2822                        sinfo->rx_packets))
2823                goto nla_put_failure;
2824        if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
2825            nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
2826                        sinfo->tx_packets))
2827                goto nla_put_failure;
2828        if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
2829            nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
2830                        sinfo->tx_retries))
2831                goto nla_put_failure;
2832        if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
2833            nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
2834                        sinfo->tx_failed))
2835                goto nla_put_failure;
2836        if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
2837            nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
2838                        sinfo->beacon_loss_count))
2839                goto nla_put_failure;
2840        if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2841                bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2842                if (!bss_param)
2843                        goto nla_put_failure;
2844
2845                if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
2846                     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
2847                    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
2848                     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
2849                    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
2850                     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
2851                    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2852                               sinfo->bss_param.dtim_period) ||
2853                    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2854                                sinfo->bss_param.beacon_interval))
2855                        goto nla_put_failure;
2856
2857                nla_nest_end(msg, bss_param);
2858        }
2859        if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
2860            nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
2861                    sizeof(struct nl80211_sta_flag_update),
2862                    &sinfo->sta_flags))
2863                goto nla_put_failure;
2864        if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
2865                nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
2866                            sinfo->t_offset))
2867                goto nla_put_failure;
2868        nla_nest_end(msg, sinfoattr);
2869
2870        if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
2871            nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2872                    sinfo->assoc_req_ies))
2873                goto nla_put_failure;
2874
2875        return genlmsg_end(msg, hdr);
2876
2877 nla_put_failure:
2878        genlmsg_cancel(msg, hdr);
2879        return -EMSGSIZE;
2880}
2881
2882static int nl80211_dump_station(struct sk_buff *skb,
2883                                struct netlink_callback *cb)
2884{
2885        struct station_info sinfo;
2886        struct cfg80211_registered_device *dev;
2887        struct net_device *netdev;
2888        u8 mac_addr[ETH_ALEN];
2889        int sta_idx = cb->args[1];
2890        int err;
2891
2892        err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2893        if (err)
2894                return err;
2895
2896        if (!dev->ops->dump_station) {
2897                err = -EOPNOTSUPP;
2898                goto out_err;
2899        }
2900
2901        while (1) {
2902                memset(&sinfo, 0, sizeof(sinfo));
2903                err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2904                                             mac_addr, &sinfo);
2905                if (err == -ENOENT)
2906                        break;
2907                if (err)
2908                        goto out_err;
2909
2910                if (nl80211_send_station(skb,
2911                                NETLINK_CB(cb->skb).pid,
2912                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
2913                                dev, netdev, mac_addr,
2914                                &sinfo) < 0)
2915                        goto out;
2916
2917                sta_idx++;
2918        }
2919
2920
2921 out:
2922        cb->args[1] = sta_idx;
2923        err = skb->len;
2924 out_err:
2925        nl80211_finish_netdev_dump(dev);
2926
2927        return err;
2928}
2929
2930static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2931{
2932        struct cfg80211_registered_device *rdev = info->user_ptr[0];
2933        struct net_device *dev = info->user_ptr[1];
2934        struct station_info sinfo;
2935        struct sk_buff *msg;
2936        u8 *mac_addr = NULL;
2937        int err;
2938
2939        memset(&sinfo, 0, sizeof(sinfo));
2940
2941        if (!info->attrs[NL80211_ATTR_MAC])
2942                return -EINVAL;
2943
2944        mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2945
2946        if (!rdev->ops->get_station)
2947                return -EOPNOTSUPP;
2948
2949        err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2950        if (err)
2951                return err;
2952
2953        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2954        if (!msg)
2955                return -ENOMEM;
2956
2957        if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2958                                 rdev, dev, mac_addr, &sinfo) < 0) {
2959                nlmsg_free(msg);
2960                return -ENOBUFS;
2961        }
2962
2963        return genlmsg_reply(msg, info);
2964}
2965
2966/*
2967 * Get vlan interface making sure it is running and on the right wiphy.
2968 */
2969static struct net_device *get_vlan(struct genl_info *info,
2970                                   struct cfg80211_registered_device *rdev)
2971{
2972        struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2973        struct net_device *v;
2974        int ret;
2975
2976        if (!vlanattr)
2977                return NULL;
2978
2979        v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
2980        if (!v)
2981                return ERR_PTR(-ENODEV);
2982
2983        if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
2984                ret = -EINVAL;
2985                goto error;
2986        }
2987
2988        if (!netif_running(v)) {
2989                ret = -ENETDOWN;
2990                goto error;
2991        }
2992
2993        return v;
2994 error:
2995        dev_put(v);
2996        return ERR_PTR(ret);
2997}
2998
2999static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3000{
3001        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3002        int err;
3003        struct net_device *dev = info->user_ptr[1];
3004        struct station_parameters params;
3005        u8 *mac_addr = NULL;
3006
3007        memset(&params, 0, sizeof(params));
3008
3009        params.listen_interval = -1;
3010        params.plink_state = -1;
3011
3012        if (info->attrs[NL80211_ATTR_STA_AID])
3013                return -EINVAL;
3014
3015        if (!info->attrs[NL80211_ATTR_MAC])
3016                return -EINVAL;
3017
3018        mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3019
3020        if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
3021                params.supported_rates =
3022                        nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3023                params.supported_rates_len =
3024                        nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3025        }
3026
3027        if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3028                params.listen_interval =
3029                    nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
3030
3031        if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3032                params.ht_capa =
3033                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3034
3035        if (!rdev->ops->change_station)
3036                return -EOPNOTSUPP;
3037
3038        if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
3039                return -EINVAL;
3040
3041        if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3042                params.plink_action =
3043                    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3044
3045        if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
3046                params.plink_state =
3047                    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
3048
3049        switch (dev->ieee80211_ptr->iftype) {
3050        case NL80211_IFTYPE_AP:
3051        case NL80211_IFTYPE_AP_VLAN:
3052        case NL80211_IFTYPE_P2P_GO:
3053                /* disallow mesh-specific things */
3054                if (params.plink_action)
3055                        return -EINVAL;
3056
3057                /* TDLS can't be set, ... */
3058                if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3059                        return -EINVAL;
3060                /*
3061                 * ... but don't bother the driver with it. This works around
3062                 * a hostapd/wpa_supplicant issue -- it always includes the
3063                 * TLDS_PEER flag in the mask even for AP mode.
3064                 */
3065                params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3066
3067                /* accept only the listed bits */
3068                if (params.sta_flags_mask &
3069                                ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3070                                  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3071                                  BIT(NL80211_STA_FLAG_WME) |
3072                                  BIT(NL80211_STA_FLAG_MFP)))
3073                        return -EINVAL;
3074
3075                /* must be last in here for error handling */
3076                params.vlan = get_vlan(info, rdev);
3077                if (IS_ERR(params.vlan))
3078                        return PTR_ERR(params.vlan);
3079                break;
3080        case NL80211_IFTYPE_P2P_CLIENT:
3081        case NL80211_IFTYPE_STATION:
3082                /*
3083                 * Don't allow userspace to change the TDLS_PEER flag,
3084                 * but silently ignore attempts to change it since we
3085                 * don't have state here to verify that it doesn't try
3086                 * to change the flag.
3087                 */
3088                params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3089                /* fall through */
3090        case NL80211_IFTYPE_ADHOC:
3091                /* disallow things sta doesn't support */
3092                if (params.plink_action)
3093                        return -EINVAL;
3094                if (params.ht_capa)
3095                        return -EINVAL;
3096                if (params.listen_interval >= 0)
3097                        return -EINVAL;
3098                /* reject any changes other than AUTHORIZED */
3099                if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3100                        return -EINVAL;
3101                break;
3102        case NL80211_IFTYPE_MESH_POINT:
3103                /* disallow things mesh doesn't support */
3104                if (params.vlan)
3105                        return -EINVAL;
3106                if (params.ht_capa)
3107                        return -EINVAL;
3108                if (params.listen_interval >= 0)
3109                        return -EINVAL;
3110                /*
3111                 * No special handling for TDLS here -- the userspace
3112                 * mesh code doesn't have this bug.
3113                 */
3114                if (params.sta_flags_mask &
3115                                ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3116                                  BIT(NL80211_STA_FLAG_MFP) |
3117                                  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3118                        return -EINVAL;
3119                break;
3120        default:
3121                return -EOPNOTSUPP;
3122        }
3123
3124        /* be aware of params.vlan when changing code here */
3125
3126        err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
3127
3128        if (params.vlan)
3129                dev_put(params.vlan);
3130
3131        return err;
3132}
3133
3134static struct nla_policy
3135nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3136        [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3137        [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3138};
3139
3140static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
3141{
3142        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3143        int err;
3144        struct net_device *dev = info->user_ptr[1];
3145        struct station_parameters params;
3146        u8 *mac_addr = NULL;
3147
3148        memset(&params, 0, sizeof(params));
3149
3150        if (!info->attrs[NL80211_ATTR_MAC])
3151                return -EINVAL;
3152
3153        if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3154                return -EINVAL;
3155
3156        if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
3157                return -EINVAL;
3158
3159        if (!info->attrs[NL80211_ATTR_STA_AID])
3160                return -EINVAL;
3161
3162        mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3163        params.supported_rates =
3164                nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3165        params.supported_rates_len =
3166                nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3167        params.listen_interval =
3168                nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
3169
3170        params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
3171        if (!params.aid || params.aid > IEEE80211_MAX_AID)
3172                return -EINVAL;
3173
3174        if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3175                params.ht_capa =
3176                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3177
3178        if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3179                params.plink_action =
3180                    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3181
3182        if (!rdev->ops->add_station)
3183                return -EOPNOTSUPP;
3184
3185        if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
3186                return -EINVAL;
3187
3188        switch (dev->ieee80211_ptr->iftype) {
3189        case NL80211_IFTYPE_AP:
3190        case NL80211_IFTYPE_AP_VLAN:
3191        case NL80211_IFTYPE_P2P_GO:
3192                /* parse WME attributes if sta is WME capable */
3193                if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
3194                    (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
3195                    info->attrs[NL80211_ATTR_STA_WME]) {
3196                        struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3197                        struct nlattr *nla;
3198
3199                        nla = info->attrs[NL80211_ATTR_STA_WME];
3200                        err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3201                                               nl80211_sta_wme_policy);
3202                        if (err)
3203                                return err;
3204
3205                        if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3206                                params.uapsd_queues =
3207                                     nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
3208                        if (params.uapsd_queues &
3209                                        ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3210                                return -EINVAL;
3211
3212                        if (tb[NL80211_STA_WME_MAX_SP])
3213                                params.max_sp =
3214                                     nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3215
3216                        if (params.max_sp &
3217                                        ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3218                                return -EINVAL;
3219
3220                        params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3221                }
3222                /* TDLS peers cannot be added */
3223                if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3224                        return -EINVAL;
3225                /* but don't bother the driver with it */
3226                params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3227
3228                /* must be last in here for error handling */
3229                params.vlan = get_vlan(info, rdev);
3230                if (IS_ERR(params.vlan))
3231                        return PTR_ERR(params.vlan);
3232                break;
3233        case NL80211_IFTYPE_MESH_POINT:
3234                /* TDLS peers cannot be added */
3235                if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3236                        return -EINVAL;
3237                break;
3238        case NL80211_IFTYPE_STATION:
3239                /* Only TDLS peers can be added */
3240                if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3241                        return -EINVAL;
3242                /* Can only add if TDLS ... */
3243                if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
3244                        return -EOPNOTSUPP;
3245                /* ... with external setup is supported */
3246                if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
3247                        return -EOPNOTSUPP;
3248                break;
3249        default:
3250                return -EOPNOTSUPP;
3251        }
3252
3253        /* be aware of params.vlan when changing code here */
3254
3255        err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
3256
3257        if (params.vlan)
3258                dev_put(params.vlan);
3259        return err;
3260}
3261
3262static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
3263{
3264        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3265        struct net_device *dev = info->user_ptr[1];
3266        u8 *mac_addr = NULL;
3267
3268        if (info->attrs[NL80211_ATTR_MAC])
3269                mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3270
3271        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3272            dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3273            dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
3274            dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3275                return -EINVAL;
3276
3277        if (!rdev->ops->del_station)
3278                return -EOPNOTSUPP;
3279
3280        return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
3281}
3282
3283static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
3284                                int flags, struct net_device *dev,
3285                                u8 *dst, u8 *next_hop,
3286                                struct mpath_info *pinfo)
3287{
3288        void *hdr;
3289        struct nlattr *pinfoattr;
3290
3291        hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
3292        if (!hdr)
3293                return -1;
3294
3295        if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3296            nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
3297            nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
3298            nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
3299                goto nla_put_failure;
3300
3301        pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
3302        if (!pinfoattr)
3303                goto nla_put_failure;
3304        if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
3305            nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
3306                        pinfo->frame_qlen))
3307                goto nla_put_failure;
3308        if (((pinfo->filled & MPATH_INFO_SN) &&
3309             nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
3310            ((pinfo->filled & MPATH_INFO_METRIC) &&
3311             nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
3312                         pinfo->metric)) ||
3313            ((pinfo->filled & MPATH_INFO_EXPTIME) &&
3314             nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
3315                         pinfo->exptime)) ||
3316            ((pinfo->filled & MPATH_INFO_FLAGS) &&
3317             nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
3318                        pinfo->flags)) ||
3319            ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
3320             nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
3321                         pinfo->discovery_timeout)) ||
3322            ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
3323             nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
3324                        pinfo->discovery_retries)))
3325                goto nla_put_failure;
3326
3327        nla_nest_end(msg, pinfoattr);
3328
3329        return genlmsg_end(msg, hdr);
3330
3331 nla_put_failure:
3332        genlmsg_cancel(msg, hdr);
3333        return -EMSGSIZE;
3334}
3335
3336static int nl80211_dump_mpath(struct sk_buff *skb,
3337                              struct netlink_callback *cb)
3338{
3339        struct mpath_info pinfo;
3340        struct cfg80211_registered_device *dev;
3341        struct net_device *netdev;
3342        u8 dst[ETH_ALEN];
3343        u8 next_hop[ETH_ALEN];
3344        int path_idx = cb->args[1];
3345        int err;
3346
3347        err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3348        if (err)
3349                return err;
3350
3351        if (!dev->ops->dump_mpath) {
3352                err = -EOPNOTSUPP;
3353                goto out_err;
3354        }
3355
3356        if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
3357                err = -EOPNOTSUPP;
3358                goto out_err;
3359        }
3360
3361        while (1) {
3362                err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
3363                                           dst, next_hop, &pinfo);
3364                if (err == -ENOENT)
3365                        break;
3366                if (err)
3367                        goto out_err;
3368
3369                if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
3370                                       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3371                                       netdev, dst, next_hop,
3372                                       &pinfo) < 0)
3373                        goto out;
3374
3375                path_idx++;
3376        }
3377
3378
3379 out:
3380        cb->args[1] = path_idx;
3381        err = skb->len;
3382 out_err:
3383        nl80211_finish_netdev_dump(dev);
3384        return err;
3385}
3386
3387static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
3388{
3389        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3390        int err;
3391        struct net_device *dev = info->user_ptr[1];
3392        struct mpath_info pinfo;
3393        struct sk_buff *msg;
3394        u8 *dst = NULL;
3395        u8 next_hop[ETH_ALEN];
3396
3397        memset(&pinfo, 0, sizeof(pinfo));
3398
3399        if (!info->attrs[NL80211_ATTR_MAC])
3400                return -EINVAL;
3401
3402        dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3403
3404        if (!rdev->ops->get_mpath)
3405                return -EOPNOTSUPP;
3406
3407        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3408                return -EOPNOTSUPP;
3409
3410        err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
3411        if (err)
3412                return err;
3413
3414        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3415        if (!msg)
3416                return -ENOMEM;
3417
3418        if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
3419                                 dev, dst, next_hop, &pinfo) < 0) {
3420                nlmsg_free(msg);
3421                return -ENOBUFS;
3422        }
3423
3424        return genlmsg_reply(msg, info);
3425}
3426
3427static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3428{
3429        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3430        struct net_device *dev = info->user_ptr[1];
3431        u8 *dst = NULL;
3432        u8 *next_hop = NULL;
3433
3434        if (!info->attrs[NL80211_ATTR_MAC])
3435                return -EINVAL;
3436
3437        if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3438                return -EINVAL;
3439
3440        dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3441        next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3442
3443        if (!rdev->ops->change_mpath)
3444                return -EOPNOTSUPP;
3445
3446        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3447                return -EOPNOTSUPP;
3448
3449        return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
3450}
3451
3452static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3453{
3454        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3455        struct net_device *dev = info->user_ptr[1];
3456        u8 *dst = NULL;
3457        u8 *next_hop = NULL;
3458
3459        if (!info->attrs[NL80211_ATTR_MAC])
3460                return -EINVAL;
3461
3462        if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3463                return -EINVAL;
3464
3465        dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3466        next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3467
3468        if (!rdev->ops->add_mpath)
3469                return -EOPNOTSUPP;
3470
3471        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3472                return -EOPNOTSUPP;
3473
3474        return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
3475}
3476
3477static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3478{
3479        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3480        struct net_device *dev = info->user_ptr[1];
3481        u8 *dst = NULL;
3482
3483        if (info->attrs[NL80211_ATTR_MAC])
3484                dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3485
3486        if (!rdev->ops->del_mpath)
3487                return -EOPNOTSUPP;
3488
3489        return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
3490}
3491
3492static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3493{
3494        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3495        struct net_device *dev = info->user_ptr[1];
3496        struct bss_parameters params;
3497
3498        memset(&params, 0, sizeof(params));
3499        /* default to not changing parameters */
3500        params.use_cts_prot = -1;
3501        params.use_short_preamble = -1;
3502        params.use_short_slot_time = -1;
3503        params.ap_isolate = -1;
3504        params.ht_opmode = -1;
3505
3506        if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3507                params.use_cts_prot =
3508                    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3509        if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3510                params.use_short_preamble =
3511                    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3512        if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3513                params.use_short_slot_time =
3514                    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3515        if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3516                params.basic_rates =
3517                        nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3518                params.basic_rates_len =
3519                        nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3520        }
3521        if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3522                params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3523        if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3524                params.ht_opmode =
3525                        nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3526
3527        if (!rdev->ops->change_bss)
3528                return -EOPNOTSUPP;
3529
3530        if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3531            dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3532                return -EOPNOTSUPP;
3533
3534        return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
3535}
3536
3537static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3538        [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
3539        [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
3540        [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
3541        [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
3542        [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
3543        [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
3544};
3545
3546static int parse_reg_rule(struct nlattr *tb[],
3547        struct ieee80211_reg_rule *reg_rule)
3548{
3549        struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
3550        struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
3551
3552        if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3553                return -EINVAL;
3554        if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3555                return -EINVAL;
3556        if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3557                return -EINVAL;
3558        if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3559                return -EINVAL;
3560        if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3561                return -EINVAL;
3562
3563        reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3564
3565        freq_range->start_freq_khz =
3566                nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3567        freq_range->end_freq_khz =
3568                nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3569        freq_range->max_bandwidth_khz =
3570                nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3571
3572        power_rule->max_eirp =
3573                nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3574
3575        if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3576                power_rule->max_antenna_gain =
3577                        nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3578
3579        return 0;
3580}
3581
3582static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3583{
3584        int r;
3585        char *data = NULL;
3586        enum nl80211_user_reg_hint_type user_reg_hint_type;
3587
3588        /*
3589         * You should only get this when cfg80211 hasn't yet initialized
3590         * completely when built-in to the kernel right between the time
3591         * window between nl80211_init() and regulatory_init(), if that is
3592         * even possible.
3593         */
3594        mutex_lock(&cfg80211_mutex);
3595        if (unlikely(!cfg80211_regdomain)) {
3596                mutex_unlock(&cfg80211_mutex);
3597                return -EINPROGRESS;
3598        }
3599        mutex_unlock(&cfg80211_mutex);
3600
3601        if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3602                return -EINVAL;
3603
3604        data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3605
3606        if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
3607                user_reg_hint_type =
3608                  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
3609        else
3610                user_reg_hint_type = NL80211_USER_REG_HINT_USER;
3611
3612        switch (user_reg_hint_type) {
3613        case NL80211_USER_REG_HINT_USER:
3614        case NL80211_USER_REG_HINT_CELL_BASE:
3615                break;
3616        default:
3617                return -EINVAL;
3618        }
3619
3620        r = regulatory_hint_user(data, user_reg_hint_type);
3621
3622        return r;
3623}
3624
3625static int nl80211_get_mesh_config(struct sk_buff *skb,
3626                                   struct genl_info *info)
3627{
3628        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3629        struct net_device *dev = info->user_ptr[1];
3630        struct wireless_dev *wdev = dev->ieee80211_ptr;
3631        struct mesh_config cur_params;
3632        int err = 0;
3633        void *hdr;
3634        struct nlattr *pinfoattr;
3635        struct sk_buff *msg;
3636
3637        if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3638                return -EOPNOTSUPP;
3639
3640        if (!rdev->ops->get_mesh_config)
3641                return -EOPNOTSUPP;
3642
3643        wdev_lock(wdev);
3644        /* If not connected, get default parameters */
3645        if (!wdev->mesh_id_len)
3646                memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3647        else
3648                err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
3649                                                 &cur_params);
3650        wdev_unlock(wdev);
3651
3652        if (err)
3653                return err;
3654
3655        /* Draw up a netlink message to send back */
3656        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3657        if (!msg)
3658                return -ENOMEM;
3659        hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3660                             NL80211_CMD_GET_MESH_CONFIG);
3661        if (!hdr)
3662                goto out;
3663        pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3664        if (!pinfoattr)
3665                goto nla_put_failure;
3666        if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3667            nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3668                        cur_params.dot11MeshRetryTimeout) ||
3669            nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3670                        cur_params.dot11MeshConfirmTimeout) ||
3671            nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3672                        cur_params.dot11MeshHoldingTimeout) ||
3673            nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3674                        cur_params.dot11MeshMaxPeerLinks) ||
3675            nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
3676                       cur_params.dot11MeshMaxRetries) ||
3677            nla_put_u8(msg, NL80211_MESHCONF_TTL,
3678                       cur_params.dot11MeshTTL) ||
3679            nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3680                       cur_params.element_ttl) ||
3681            nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3682                       cur_params.auto_open_plinks) ||
3683            nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3684                        cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
3685            nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3686                       cur_params.dot11MeshHWMPmaxPREQretries) ||
3687            nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3688                        cur_params.path_refresh_time) ||
3689            nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3690                        cur_params.min_discovery_timeout) ||
3691            nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3692                        cur_params.dot11MeshHWMPactivePathTimeout) ||
3693            nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3694                        cur_params.dot11MeshHWMPpreqMinInterval) ||
3695            nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3696                        cur_params.dot11MeshHWMPperrMinInterval) ||
3697            nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3698                        cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
3699            nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3700                       cur_params.dot11MeshHWMPRootMode) ||
3701            nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3702                        cur_params.dot11MeshHWMPRannInterval) ||
3703            nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3704                       cur_params.dot11MeshGateAnnouncementProtocol) ||
3705            nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
3706                       cur_params.dot11MeshForwarding) ||
3707            nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
3708                        cur_params.rssi_threshold) ||
3709            nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
3710                        cur_params.ht_opmode) ||
3711            nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
3712                        cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
3713            nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
3714                        cur_params.dot11MeshHWMProotInterval) ||
3715            nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
3716                        cur_params.dot11MeshHWMPconfirmationInterval))
3717                goto nla_put_failure;
3718        nla_nest_end(msg, pinfoattr);
3719        genlmsg_end(msg, hdr);
3720        return genlmsg_reply(msg, info);
3721
3722 nla_put_failure:
3723        genlmsg_cancel(msg, hdr);
3724 out:
3725        nlmsg_free(msg);
3726        return -ENOBUFS;
3727}
3728
3729static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3730        [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3731        [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3732        [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3733        [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3734        [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3735        [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3736        [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3737        [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3738        [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
3739        [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3740        [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3741        [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3742        [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3743        [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3744        [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3745        [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3746        [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3747        [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3748        [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3749        [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
3750        [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
3751        [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
3752        [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
3753        [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
3754        [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
3755};
3756
3757static const struct nla_policy
3758        nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3759        [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
3760        [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3761        [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3762        [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3763        [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3764                                    .len = IEEE80211_MAX_DATA_LEN },
3765        [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3766};
3767
3768static int nl80211_parse_mesh_config(struct genl_info *info,
3769                                     struct mesh_config *cfg,
3770                                     u32 *mask_out)
3771{
3772        struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3773        u32 mask = 0;
3774
3775#define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3776do {\
3777        if (table[attr_num]) {\
3778                cfg->param = nla_fn(table[attr_num]); \
3779                mask |= (1 << (attr_num - 1)); \
3780        } \
3781} while (0);\
3782
3783
3784        if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3785                return -EINVAL;
3786        if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3787                             info->attrs[NL80211_ATTR_MESH_CONFIG],
3788                             nl80211_meshconf_params_policy))
3789                return -EINVAL;
3790
3791        /* This makes sure that there aren't more than 32 mesh config
3792         * parameters (otherwise our bitfield scheme would not work.) */
3793        BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3794
3795        /* Fill in the params struct */
3796        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3797                                  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
3798                                  nla_get_u16);
3799        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3800                                  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3801                                  nla_get_u16);
3802        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3803                                  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
3804                                  nla_get_u16);
3805        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3806                                  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
3807                                  nla_get_u16);
3808        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3809                                  mask, NL80211_MESHCONF_MAX_RETRIES,
3810                                  nla_get_u8);
3811        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3812                                  mask, NL80211_MESHCONF_TTL, nla_get_u8);
3813        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3814                                  mask, NL80211_MESHCONF_ELEMENT_TTL,
3815                                  nla_get_u8);
3816        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3817                                  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3818                                  nla_get_u8);
3819        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, mask,
3820                                  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3821                                  nla_get_u32);
3822        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3823                                  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3824                                  nla_get_u8);
3825        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3826                                  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
3827                                  nla_get_u32);
3828        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3829                                  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3830                                  nla_get_u16);
3831        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, mask,
3832                                  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3833                                  nla_get_u32);
3834        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3835                                  mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3836                                  nla_get_u16);
3837        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
3838                                  mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3839                                  nla_get_u16);
3840        FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3841                                  dot11MeshHWMPnetDiameterTraversalTime, mask,
3842                                  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3843                                  nla_get_u16);
3844        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
3845                                  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
3846        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
3847                                  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3848                                  nla_get_u16);
3849        FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3850                                  dot11MeshGateAnnouncementProtocol, mask,
3851                                  NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3852                                  nla_get_u8);
3853        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
3854                                  mask, NL80211_MESHCONF_FORWARDING,
3855                                  nla_get_u8);
3856        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold,
3857                                  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
3858                                  nla_get_u32);
3859        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode,
3860                                  mask, NL80211_MESHCONF_HT_OPMODE,
3861                                  nla_get_u16);
3862        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
3863                                  mask,
3864                                  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
3865                                  nla_get_u32);
3866        FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval,
3867                                  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
3868                                  nla_get_u16);
3869        FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3870                                  dot11MeshHWMPconfirmationInterval, mask,
3871                                  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
3872                                  nla_get_u16);
3873        if (mask_out)
3874                *mask_out = mask;
3875
3876        return 0;
3877
3878#undef FILL_IN_MESH_PARAM_IF_SET
3879}
3880
3881static int nl80211_parse_mesh_setup(struct genl_info *info,
3882                                     struct mesh_setup *setup)
3883{
3884        struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3885
3886        if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3887                return -EINVAL;
3888        if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3889                             info->attrs[NL80211_ATTR_MESH_SETUP],
3890                             nl80211_mesh_setup_params_policy))
3891                return -EINVAL;
3892
3893        if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
3894                setup->sync_method =
3895                (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
3896                 IEEE80211_SYNC_METHOD_VENDOR :
3897                 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
3898
3899        if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3900                setup->path_sel_proto =
3901                (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3902                 IEEE80211_PATH_PROTOCOL_VENDOR :
3903                 IEEE80211_PATH_PROTOCOL_HWMP;
3904
3905        if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3906                setup->path_metric =
3907                (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3908                 IEEE80211_PATH_METRIC_VENDOR :
3909                 IEEE80211_PATH_METRIC_AIRTIME;
3910
3911
3912        if (tb[NL80211_MESH_SETUP_IE]) {
3913                struct nlattr *ieattr =
3914                        tb[NL80211_MESH_SETUP_IE];
3915                if (!is_valid_ie_attr(ieattr))
3916                        return -EINVAL;
3917                setup->ie = nla_data(ieattr);
3918                setup->ie_len = nla_len(ieattr);
3919        }
3920        setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3921        setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3922
3923        return 0;
3924}
3925
3926static int nl80211_update_mesh_config(struct sk_buff *skb,
3927                                      struct genl_info *info)
3928{
3929        struct cfg80211_registered_device *rdev = info->user_ptr[0];
3930        struct net_device *dev = info->user_ptr[1];
3931        struct wireless_dev *wdev = dev->ieee80211_ptr;
3932        struct mesh_config cfg;
3933        u32 mask;
3934        int err;
3935
3936        if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3937                return -EOPNOTSUPP;
3938
3939        if (!rdev->ops->update_mesh_config)
3940                return -EOPNOTSUPP;
3941
3942        err = nl80211_parse_mesh_config(info, &cfg, &mask);
3943        if (err)
3944                return err;
3945
3946        wdev_lock(wdev);
3947        if (!wdev->mesh_id_len)
3948                err = -ENOLINK;
3949
3950        if (!err)
3951                err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3952                                                    mask, &cfg);
3953
3954        wdev_unlock(wdev);
3955
3956        return err;
3957}
3958
3959static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3960{
3961        struct sk_buff *msg;
3962        void *hdr = NULL;
3963        struct nlattr *nl_reg_rules;
3964        unsigned int i;
3965        int err = -EINVAL;
3966
3967        mutex_lock(&cfg80211_mutex);
3968
3969        if (!cfg80211_regdomain)
3970                goto out;
3971
3972        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3973        if (!msg) {
3974                err = -ENOBUFS;
3975                goto out;
3976        }
3977
3978        hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3979                             NL80211_CMD_GET_REG);
3980        if (!hdr)
3981                goto put_failure;
3982
3983        if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
3984                           cfg80211_regdomain->alpha2) ||
3985            (cfg80211_regdomain->dfs_region &&
3986             nla_put_u8(msg, NL80211_ATTR_DFS_REGION,
3987                        cfg80211_regdomain->dfs_region)))
3988                goto nla_put_failure;
3989
3990        if (reg_last_request_cell_base() &&
3991            nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
3992                        NL80211_USER_REG_HINT_CELL_BASE))
3993                goto nla_put_failure;
3994
3995        nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3996        if (!nl_reg_rules)
3997                goto nla_put_failure;
3998
3999        for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
4000                struct nlattr *nl_reg_rule;
4001                const struct ieee80211_reg_rule *reg_rule;
4002                const struct ieee80211_freq_range *freq_range;
4003                const struct ieee80211_power_rule *power_rule;
4004
4005                reg_rule = &cfg80211_regdomain->reg_rules[i];
4006                freq_range = &reg_rule->freq_range;
4007                power_rule = &reg_rule->power_rule;
4008
4009                nl_reg_rule = nla_nest_start(msg, i);
4010                if (!nl_reg_rule)
4011                        goto nla_put_failure;
4012
4013                if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
4014                                reg_rule->flags) ||
4015                    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
4016                                freq_range->start_freq_khz) ||
4017                    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
4018                                freq_range->end_freq_khz) ||
4019                    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
4020                                freq_range->max_bandwidth_khz) ||
4021                    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
4022                                power_rule->max_antenna_gain) ||
4023                    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
4024                                power_rule->max_eirp))
4025                        goto nla_put_failure;
4026
4027                nla_nest_end(msg, nl_reg_rule);
4028        }
4029
4030        nla_nest_end(msg, nl_reg_rules);
4031
4032        genlmsg_end(msg, hdr);
4033        err = genlmsg_reply(msg, info);
4034        goto out;
4035
4036nla_put_failure:
4037        genlmsg_cancel(msg, hdr);
4038put_failure:
4039        nlmsg_free(msg);
4040        err = -EMSGSIZE;
4041out:
4042        mutex_unlock(&cfg80211_mutex);
4043        return err;
4044}
4045
4046static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
4047{
4048        struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
4049        struct nlattr *nl_reg_rule;
4050        char *alpha2 = NULL;
4051        int rem_reg_rules = 0, r = 0;
4052        u32 num_rules = 0, rule_idx = 0, size_of_regd;
4053        u8 dfs_region = 0;
4054        struct ieee80211_regdomain *rd = NULL;
4055
4056        if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4057                return -EINVAL;
4058
4059        if (!info->attrs[NL80211_ATTR_REG_RULES])
4060                return -EINVAL;
4061
4062        alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4063
4064        if (info->attrs[NL80211_ATTR_DFS_REGION])
4065                dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
4066
4067        nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4068                        rem_reg_rules) {
4069                num_rules++;
4070                if (num_rules > NL80211_MAX_SUPP_REG_RULES)
4071                        return -EINVAL;
4072        }
4073
4074        mutex_lock(&cfg80211_mutex);
4075
4076        if (!reg_is_valid_request(alpha2)) {
4077                r = -EINVAL;
4078                goto bad_reg;
4079        }
4080
4081        size_of_regd = sizeof(struct ieee80211_regdomain) +
4082                (num_rules * sizeof(struct ieee80211_reg_rule));
4083
4084        rd = kzalloc(size_of_regd, GFP_KERNEL);
4085        if (!rd) {
4086                r = -ENOMEM;
4087                goto bad_reg;
4088        }
4089
4090        rd->n_reg_rules = num_rules;
4091        rd->alpha2[0] = alpha2[0];
4092        rd->alpha2[1] = alpha2[1];
4093
4094        /*
4095         * Disable DFS master mode if the DFS region was
4096         * not supported or known on this kernel.
4097         */
4098        if (reg_supported_dfs_region(dfs_region))
4099                rd->dfs_region = dfs_region;
4100
4101        nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4102                        rem_reg_rules) {
4103                nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
4104                        nla_data(nl_reg_rule), nla_len(nl_reg_rule),
4105                        reg_rule_policy);
4106                r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
4107                if (r)
4108                        goto bad_reg;
4109
4110                rule_idx++;
4111
4112                if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
4113                        r = -EINVAL;
4114                        goto bad_reg;
4115                }
4116        }
4117
4118        BUG_ON(rule_idx != num_rules);
4119
4120        r = set_regdom(rd);
4121
4122        mutex_unlock(&cfg80211_mutex);
4123
4124        return r;
4125
4126 bad_reg:
4127        mutex_unlock(&cfg80211_mutex);
4128        kfree(rd);
4129        return r;
4130}
4131
4132static int validate_scan_freqs(struct nlattr *freqs)
4133{
4134        struct nlattr *attr1, *attr2;
4135        int n_channels = 0, tmp1, tmp2;
4136
4137        nla_for_each_nested(attr1, freqs, tmp1) {
4138                n_channels++;
4139                /*
4140                 * Some hardware has a limited channel list for
4141                 * scanning, and it is pretty much nonsensical
4142                 * to scan for a channel twice, so disallow that
4143                 * and don't require drivers to check that the
4144                 * channel list they get isn't longer than what
4145                 * they can scan, as long as they can scan all
4146                 * the channels they registered at once.
4147                 */
4148                nla_for_each_nested(attr2, freqs, tmp2)
4149                        if (attr1 != attr2 &&
4150                            nla_get_u32(attr1) == nla_get_u32(attr2))
4151                                return 0;
4152        }
4153
4154        return n_channels;
4155}
4156
4157static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4158{
4159        struct cfg80211_registered_device *rdev = info->user_ptr[0];
4160        struct wireless_dev *wdev = info->user_ptr[1];
4161        struct cfg80211_scan_request *request;
4162        struct nlattr *attr;
4163        struct wiphy *wiphy;
4164        int err, tmp, n_ssids = 0, n_channels, i;
4165        size_t ie_len;
4166
4167        if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4168                return -EINVAL;
4169
4170        wiphy = &rdev->wiphy;
4171
4172        if (!rdev->ops->scan)
4173                return -EOPNOTSUPP;
4174
4175        if (rdev->scan_req)
4176                return -EBUSY;
4177
4178        if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4179                n_channels = validate_scan_freqs(
4180                                info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4181                if (!n_channels)
4182                        return -EINVAL;
4183        } else {
4184                enum ieee80211_band band;
4185                n_channels = 0;
4186
4187                for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4188                        if (wiphy->bands[band])
4189                                n_channels += wiphy->bands[band]->n_channels;
4190        }
4191
4192        if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4193                nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
4194                        n_ssids++;
4195
4196        if (n_ssids > wiphy->max_scan_ssids)
4197                return -EINVAL;
4198
4199        if (info->attrs[NL80211_ATTR_IE])
4200                ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4201        else
4202                ie_len = 0;
4203
4204        if (ie_len > wiphy->max_scan_ie_len)
4205                return -EINVAL;
4206
4207        request = kzalloc(sizeof(*request)
4208                        + sizeof(*request->ssids) * n_ssids
4209                        + sizeof(*request->channels) * n_channels
4210                        + ie_len, GFP_KERNEL);
4211        if (!request)
4212                return -ENOMEM;
4213
4214        if (n_ssids)
4215                request->ssids = (void *)&request->channels[n_channels];
4216        request->n_ssids = n_ssids;
4217        if (ie_len) {
4218                if (request->ssids)
4219                        request->ie = (void *)(request->ssids + n_ssids);
4220                else
4221                        request->ie = (void *)(request->channels + n_channels);
4222        }
4223
4224        i = 0;
4225        if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4226                /* user specified, bail out if channel not found */
4227                nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
4228                        struct ieee80211_channel *chan;
4229
4230                        chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4231
4232                        if (!chan) {
4233                                err = -EINVAL;
4234                                goto out_free;
4235                        }
4236
4237                        /* ignore disabled channels */
4238                        if (chan->flags & IEEE80211_CHAN_DISABLED)
4239                                continue;
4240
4241                        request->channels[i] = chan;
4242                        i++;
4243                }
4244        } else {
4245                enum ieee80211_band band;
4246
4247                /* all channels */
4248                for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4249                        int j;
4250                        if (!wiphy->bands[band])
4251                                continue;
4252                        for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4253                                struct ieee80211_channel *chan;
4254
4255                                chan = &wiphy->bands[band]->channels[j];
4256
4257                                if (chan->flags & IEEE80211_CHAN_DISABLED)
4258                                        continue;
4259
4260                                request->channels[i] = chan;
4261                                i++;
4262                        }
4263                }
4264        }
4265
4266        if (!i) {
4267                err = -EINVAL;
4268                goto out_free;
4269        }
4270
4271        request->n_channels = i;
4272
4273        i = 0;
4274        if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4275                nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
4276                        if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4277                                err = -EINVAL;
4278                                goto out_free;
4279                        }
4280                        request->ssids[i].ssid_len = nla_len(attr);
4281                        memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
4282                        i++;
4283                }
4284        }
4285
4286        if (info->attrs[NL80211_ATTR_IE]) {
4287                request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4288                memcpy((void *)request->ie,
4289                       nla_data(info->attrs[NL80211_ATTR_IE]),
4290                       request->ie_len);
4291        }
4292
4293        for (i = 0; i < IEEE80211_NUM_BANDS; i++)
4294                if (wiphy->bands[i])
4295                        request->rates[i] =
4296                                (1 << wiphy->bands[i]->n_bitrates) - 1;
4297
4298        if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
4299                nla_for_each_nested(attr,
4300                                    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
4301                                    tmp) {
4302                        enum ieee80211_band band = nla_type(attr);
4303
4304                        if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4305                                err = -EINVAL;
4306                                goto out_free;
4307                        }
4308                        err = ieee80211_get_ratemask(wiphy->bands[band],
4309                                                     nla_data(attr),
4310                                                     nla_len(attr),
4311                                                     &request->rates[band]);
4312                        if (err)
4313                                goto out_free;
4314                }
4315        }
4316
4317        request->no_cck =
4318                nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
4319
4320        request->wdev = wdev;
4321        request->wiphy = &rdev->wiphy;
4322
4323        rdev->scan_req = request;
4324        err = rdev->ops->scan(&rdev->wiphy, request);
4325
4326        if (!err) {
4327                nl80211_send_scan_start(rdev, wdev);
4328                if (wdev->netdev)
4329                        dev_hold(wdev->netdev);
4330        } else {
4331 out_free:
4332                rdev->scan_req = NULL;
4333                kfree(request);
4334        }
4335
4336        return err;
4337}
4338
4339static int nl80211_start_sched_scan(struct sk_buff *skb,
4340                                    struct genl_info *info)
4341{
4342        struct cfg80211_sched_scan_request *request;
4343        struct cfg80211_registered_device *rdev = info->user_ptr[0];
4344        struct net_device *dev = info->user_ptr[1];
4345        struct nlattr *attr;
4346        struct wiphy *wiphy;
4347        int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
4348        u32 interval;
4349        enum ieee80211_band band;
4350        size_t ie_len;
4351        struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
4352
4353        if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4354            !rdev->ops->sched_scan_start)
4355                return -EOPNOTSUPP;
4356
4357        if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4358                return -EINVAL;
4359
4360        if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
4361                return -EINVAL;
4362
4363        interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
4364        if (interval == 0)
4365                return -EINVAL;
4366
4367        wiphy = &rdev->wiphy;
4368
4369        if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4370                n_channels = validate_scan_freqs(
4371                                info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4372                if (!n_channels)
4373                        return -EINVAL;
4374        } else {
4375                n_channels = 0;
4376
4377                for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4378                        if (wiphy->bands[band])
4379                                n_channels += wiphy->bands[band]->n_channels;
4380        }
4381
4382        if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4383                nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4384                                    tmp)
4385                        n_ssids++;
4386
4387        if (n_ssids > wiphy->max_sched_scan_ssids)
4388                return -EINVAL;
4389
4390        if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
4391                nla_for_each_nested(attr,
4392                                    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4393                                    tmp)
4394                        n_match_sets++;
4395
4396        if (n_match_sets > wiphy->max_match_sets)
4397                return -EINVAL;
4398
4399        if (info->attrs[NL80211_ATTR_IE])
4400                ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4401        else
4402                ie_len = 0;
4403
4404        if (ie_len > wiphy->max_sched_scan_ie_len)
4405                return -EINVAL;
4406
4407        mutex_lock(&rdev->sched_scan_mtx);
4408
4409        if (rdev->sched_scan_req) {
4410                err = -EINPROGRESS;
4411                goto out;
4412        }
4413
4414        request = kzalloc(sizeof(*request)
4415                        + sizeof(*request->ssids) * n_ssids
4416                        + sizeof(*request->match_sets) * n_match_sets
4417                        + sizeof(*request->channels) * n_channels
4418                        + ie_len, GFP_KERNEL);
4419        if (!request) {
4420                err = -ENOMEM;
4421                goto out;
4422        }
4423
4424        if (n_ssids)
4425                request->ssids = (void *)&request->channels[n_channels];
4426        request->n_ssids = n_ssids;
4427        if (ie_len) {
4428                if (request->ssids)
4429                        request->ie = (void *)(request->ssids + n_ssids);
4430                else
4431                        request->ie = (void *)(request->channels + n_channels);
4432        }
4433
4434        if (n_match_sets) {
4435                if (request->ie)
4436                        request->match_sets = (void *)(request->ie + ie_len);
4437                else if (request->ssids)
4438                        request->match_sets =
4439                                (void *)(request->ssids + n_ssids);
4440                else
4441                        request->match_sets =
4442                                (void *)(request->channels + n_channels);
4443        }
4444        request->n_match_sets = n_match_sets;
4445
4446        i = 0;
4447        if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4448                /* user specified, bail out if channel not found */
4449                nla_for_each_nested(attr,
4450                                    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
4451                                    tmp) {
4452                        struct ieee80211_channel *chan;
4453
4454                        chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4455
4456                        if (!chan) {
4457                                err = -EINVAL;
4458                                goto out_free;
4459                        }
4460
4461                        /* ignore disabled channels */
4462                        if (chan->flags & IEEE80211_CHAN_DISABLED)
4463                                continue;
4464
4465                        request->channels[i] = chan;
4466                        i++;
4467                }
4468        } else {
4469                /* all channels */
4470                for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4471                        int j;
4472                        if (!wiphy->bands[band])
4473                                continue;
4474                        for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4475                                struct ieee80211_channel *chan;
4476
4477                                chan = &wiphy->bands[band]->channels[j];
4478
4479                                if (chan->flags & IEEE80211_CHAN_DISABLED)
4480                                        continue;
4481
4482                                request->channels[i] = chan;
4483                                i++;
4484                        }
4485                }
4486        }
4487
4488        if (!i) {
4489                err = -EINVAL;
4490                goto out_free;
4491        }
4492
4493        request->n_channels = i;
4494
4495        i = 0;
4496        if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4497                nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4498                                    tmp) {
4499                        if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4500                                err = -EINVAL;
4501                                goto out_free;
4502                        }
4503                        request->ssids[i].ssid_len = nla_len(attr);
4504                        memcpy(request->ssids[i].ssid, nla_data(attr),
4505                               nla_len(attr));
4506                        i++;
4507                }
4508        }
4509
4510        i = 0;
4511        if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4512                nla_for_each_nested(attr,
4513                                    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4514                                    tmp) {
4515                        struct nlattr *ssid, *rssi;
4516
4517                        nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4518                                  nla_data(attr), nla_len(attr),
4519                                  nl80211_match_policy);
4520                        ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
4521                        if (ssid) {
4522                                if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4523                                        err = -EINVAL;
4524                                        goto out_free;
4525                                }
4526                                memcpy(request->match_sets[i].ssid.ssid,
4527                                       nla_data(ssid), nla_len(ssid));
4528                                request->match_sets[i].ssid.ssid_len =
4529                                        nla_len(ssid);
4530                        }
4531                        rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
4532                        if (rssi)
4533                                request->rssi_thold = nla_get_u32(rssi);
4534                        else
4535                                request->rssi_thold =
4536                                                   NL80211_SCAN_RSSI_THOLD_OFF;
4537                        i++;
4538                }
4539        }
4540
4541        if (info->attrs[NL80211_ATTR_IE]) {
4542                request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4543                memcpy((void *)request->ie,
4544                       nla_data(info->attrs[NL80211_ATTR_IE]),
4545                       request->ie_len);
4546        }
4547
4548        request->dev = dev;
4549        request->wiphy = &rdev->wiphy;
4550        request->interval = interval;
4551
4552        err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
4553        if (!err) {
4554                rdev->sched_scan_req = request;
4555                nl80211_send_sched_scan(rdev, dev,
4556                                        NL80211_CMD_START_SCHED_SCAN);
4557                goto out;
4558        }
4559
4560out_free:
4561        kfree(request);
4562out:
4563        mutex_unlock(&rdev->sched_scan_mtx);
4564        return err;
4565}
4566
4567static int nl80211_stop_sched_scan(struct sk_buff *skb,
4568                                   struct genl_info *info)
4569{
4570        struct cfg80211_registered_device *rdev = info->user_ptr[0];
4571        int err;
4572
4573        if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4574            !rdev->ops->sched_scan_stop)
4575                return -EOPNOTSUPP;
4576
4577        mutex_lock(&rdev->sched_scan_mtx);
4578        err = __cfg80211_stop_sched_scan(rdev, false);
4579        mutex_unlock(&rdev->sched_scan_mtx);
4580
4581        return err;
4582}
4583
4584static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4585                            u32 seq, int flags,
4586                            struct cfg80211_registered_device *rdev,
4587                            struct wireless_dev *wdev,
4588                            struct cfg80211_internal_bss *intbss)
4589{
4590        struct cfg80211_bss *res = &intbss->pub;
4591        void *hdr;
4592        struct nlattr *bss;
4593
4594        ASSERT_WDEV_LOCK(wdev);
4595
4596        hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
4597                             NL80211_CMD_NEW_SCAN_RESULTS);
4598        if (!hdr)
4599                return -1;
4600
4601        genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4602
4603        if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) ||
4604            nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
4605                goto nla_put_failure;
4606
4607        bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4608        if (!bss)
4609                goto nla_put_failure;
4610        if ((!is_zero_ether_addr(res->bssid) &&
4611             nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) ||
4612            (res->information_elements && res->len_information_elements &&
4613             nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4614                     res->len_information_elements,
4615                     res->information_elements)) ||
4616            (res->beacon_ies && res->len_beacon_ies &&
4617             res->beacon_ies != res->information_elements &&
4618             nla_put(msg, NL80211_BSS_BEACON_IES,
4619                     res->len_beacon_ies, res->beacon_ies)))
4620                goto nla_put_failure;
4621        if (res->tsf &&
4622            nla_put_u64(msg, NL80211_BSS_TSF, res->tsf))
4623                goto nla_put_failure;
4624        if (res->beacon_interval &&
4625            nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
4626                goto nla_put_failure;
4627        if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
4628            nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
4629            nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
4630                        jiffies_to_msecs(jiffies - intbss->ts)))
4631                goto nla_put_failure;
4632
4633        switch (rdev->wiphy.signal_type) {
4634        case CFG80211_SIGNAL_TYPE_MBM:
4635                if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
4636                        goto nla_put_failure;
4637                break;
4638        case CFG80211_SIGNAL_TYPE_UNSPEC:
4639                if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
4640                        goto nla_put_failure;
4641                break;
4642        default:
4643                break;
4644        }
4645
4646        switch (wdev->iftype) {
4647        case NL80211_IFTYPE_P2P_CLIENT:
4648        case NL80211_IFTYPE_STATION:
4649                if (intbss == wdev->current_bss &&
4650                    nla_put_u32(msg, NL80211_BSS_STATUS,
4651                                NL80211_BSS_STATUS_ASSOCIATED))
4652                        goto nla_put_failure;
4653                break;
4654        case NL80211_IFTYPE_ADHOC:
4655                if (intbss == wdev->current_bss &&
4656                    nla_put_u32(msg, NL80211_BSS_STATUS,
4657                                NL80211_BSS_STATUS_IBSS_JOINED))
4658                        goto nla_put_failure;
4659                break;
4660        default:
4661                break;
4662        }
4663
4664        nla_nest_end(msg, bss);
4665
4666        return genlmsg_end(msg, hdr);
4667
4668 nla_put_failure:
4669        genlmsg_cancel(msg, hdr);
4670        return -EMSGSIZE;
4671}
4672
4673static int nl80211_dump_scan(struct sk_buff *skb,
4674                             struct netlink_callback *cb)
4675{
4676        struct cfg80211_registered_device *rdev;
4677        struct net_device *dev;
4678        struct cfg80211_internal_bss *scan;
4679        struct wireless_dev *wdev;
4680        int start = cb->args[1], idx = 0;
4681        int err;
4682
4683        err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4684        if (err)
4685                return err;
4686
4687        wdev = dev->ieee80211_ptr;
4688
4689        wdev_lock(wdev);
4690        spin_lock_bh(&rdev->bss_lock);
4691        cfg80211_bss_expire(rdev);
4692
4693        cb->seq = rdev->bss_generation;
4694
4695        list_for_each_entry(scan, &rdev->bss_list, list) {
4696                if (++idx <= start)
4697                        continue;
4698                if (nl80211_send_bss(skb, cb,
4699                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
4700                                rdev, wdev, scan) < 0) {
4701                        idx--;
4702                        break;
4703                }
4704        }
4705
4706        spin_unlock_bh(&rdev->bss_lock);
4707        wdev_unlock(wdev);
4708
4709        cb->args[1] = idx;
4710        nl80211_finish_netdev_dump(rdev);
4711
4712        return skb->len;
4713}
4714
4715static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
4716                                int flags, struct net_device *dev,
4717                                struct survey_info *survey)
4718{
4719        void *hdr;
4720        struct nlattr *infoattr;
4721
4722        hdr = nl80211hdr_put(msg, pid, seq, flags,
4723                             NL80211_CMD_NEW_SURVEY_RESULTS);
4724        if (!hdr)
4725                return -ENOMEM;
4726
4727        if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
4728                goto nla_put_failure;
4729
4730        infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4731        if (!infoattr)
4732                goto nla_put_failure;
4733
4734        if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4735                        survey->channel->center_freq))
4736                goto nla_put_failure;
4737
4738        if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
4739            nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
4740                goto nla_put_failure;
4741        if ((survey->filled & SURVEY_INFO_IN_USE) &&
4742            nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
4743                goto nla_put_failure;
4744        if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
4745            nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4746                        survey->channel_time))
4747                goto nla_put_failure;
4748        if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
4749            nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4750                        survey->channel_time_busy))
4751                goto nla_put_failure;
4752        if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
4753            nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4754                        survey->channel_time_ext_busy))
4755                goto nla_put_failure;
4756        if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
4757            nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4758                        survey->channel_time_rx))
4759                goto nla_put_failure;
4760        if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
4761            nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4762                        survey->channel_time_tx))
4763                goto nla_put_failure;
4764
4765        nla_nest_end(msg, infoattr);
4766
4767        return genlmsg_end(msg, hdr);
4768
4769 nla_put_failure:
4770        genlmsg_cancel(msg, hdr);
4771        return -EMSGSIZE;
4772}
4773
4774static int nl80211_dump_survey(struct sk_buff *skb,
4775                        struct netlink_callback *cb)
4776{
4777        struct survey_info survey;
4778        struct cfg80211_registered_device *dev;
4779        struct net_device *netdev;
4780        int survey_idx = cb->args[1];
4781        int res;
4782
4783        res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
4784        if (res)
4785                return res;
4786
4787        if (!dev->ops->dump_survey) {
4788                res = -EOPNOTSUPP;
4789                goto out_err;
4790        }
4791
4792        while (1) {
4793                struct ieee80211_channel *chan;
4794
4795                res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
4796                                            &survey);
4797                if (res == -ENOENT)
4798                        break;
4799                if (res)
4800                        goto out_err;
4801
4802                /* Survey without a channel doesn't make sense */
4803                if (!survey.channel) {
4804                        res = -EINVAL;
4805                        goto out;
4806                }
4807
4808                chan = ieee80211_get_channel(&dev->wiphy,
4809                                             survey.channel->center_freq);
4810                if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
4811                        survey_idx++;
4812                        continue;
4813                }
4814
4815                if (nl80211_send_survey(skb,
4816                                NETLINK_CB(cb->skb).pid,
4817                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
4818                                netdev,
4819                                &survey) < 0)
4820                        goto out;
4821                survey_idx++;
4822        }
4823
4824 out:
4825        cb->args[1] = survey_idx;
4826        res = skb->len;
4827 out_err:
4828        nl80211_finish_netdev_dump(dev);
4829        return res;
4830}
4831
4832static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
4833{
4834        return auth_type <= NL80211_AUTHTYPE_MAX;
4835}
4836
4837static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4838{
4839        return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
4840                                  NL80211_WPA_VERSION_2));
4841}
4842
4843static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4844{
4845        struct cfg80211_registered_device *rdev = info->user_ptr[0];
4846        struct net_device *dev = info->user_ptr[1];
4847        struct ieee80211_channel *chan;
4848        const u8 *bssid, *ssid, *ie = NULL;
4849        int err, ssid_len, ie_len = 0;
4850        enum nl80211_auth_type auth_type;
4851        struct key_parse key;
4852        bool local_state_change;
4853
4854        if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4855                return -EINVAL;
4856
4857        if (!info->attrs[NL80211_ATTR_MAC])
4858                return -EINVAL;
4859
4860        if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
4861                return -EINVAL;
4862
4863        if (!info->attrs[NL80211_ATTR_SSID])
4864                return -EINVAL;
4865
4866        if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
4867                return -EINVAL;
4868
4869        err = nl80211_parse_key(info, &key);
4870        if (err)
4871                return err;
4872
4873        if (key.idx >= 0) {
4874                if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
4875                        return -EINVAL;
4876                if (!key.p.key || !key.p.key_len)
4877                        return -EINVAL;
4878                if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
4879                     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
4880                    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
4881                     key.p.key_len != WLAN_KEY_LEN_WEP104))
4882                        return -EINVAL;
4883                if (key.idx > 4)
4884                        return -EINVAL;
4885        } else {
4886                key.p.key_len = 0;
4887                key.p.key = NULL;
4888        }