1
2
3
4
5
6
7#include <linux/if.h>
8#include <linux/module.h>
9#include <linux/err.h>
10#include <linux/slab.h>
11#include <linux/list.h>
12#include <linux/if_ether.h>
13#include <linux/ieee80211.h>
14#include <linux/nl80211.h>
15#include <linux/rtnetlink.h>
16#include <linux/netlink.h>
17#include <linux/etherdevice.h>
18#include <net/net_namespace.h>
19#include <net/genetlink.h>
20#include <net/cfg80211.h>
21#include <net/sock.h>
22#include "core.h"
23#include "nl80211.h"
24#include "reg.h"
25
26static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
27static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
28 struct genl_info *info,
29 struct cfg80211_crypto_settings *settings,
30 int cipher_limit);
31
32static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
33 struct genl_info *info);
34static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
35 struct genl_info *info);
36
37
38static struct genl_family nl80211_fam = {
39 .id = GENL_ID_GENERATE,
40 .name = "nl80211",
41 .hdrsize = 0,
42 .version = 1,
43 .maxattr = NL80211_ATTR_MAX,
44 .netnsok = true,
45 .pre_doit = nl80211_pre_doit,
46 .post_doit = nl80211_post_doit,
47};
48
49
50static struct wireless_dev *
51__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
52{
53 struct cfg80211_registered_device *rdev;
54 struct wireless_dev *result = NULL;
55 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
56 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
57 u64 wdev_id;
58 int wiphy_idx = -1;
59 int ifidx = -1;
60
61 assert_cfg80211_lock();
62
63 if (!have_ifidx && !have_wdev_id)
64 return ERR_PTR(-EINVAL);
65
66 if (have_ifidx)
67 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
68 if (have_wdev_id) {
69 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
70 wiphy_idx = wdev_id >> 32;
71 }
72
73 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
74 struct wireless_dev *wdev;
75
76 if (wiphy_net(&rdev->wiphy) != netns)
77 continue;
78
79 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
80 continue;
81
82 mutex_lock(&rdev->devlist_mtx);
83 list_for_each_entry(wdev, &rdev->wdev_list, list) {
84 if (have_ifidx && wdev->netdev &&
85 wdev->netdev->ifindex == ifidx) {
86 result = wdev;
87 break;
88 }
89 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
90 result = wdev;
91 break;
92 }
93 }
94 mutex_unlock(&rdev->devlist_mtx);
95
96 if (result)
97 break;
98 }
99
100 if (result)
101 return result;
102 return ERR_PTR(-ENODEV);
103}
104
105static struct cfg80211_registered_device *
106__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
107{
108 struct cfg80211_registered_device *rdev = NULL, *tmp;
109 struct net_device *netdev;
110
111 assert_cfg80211_lock();
112
113 if (!attrs[NL80211_ATTR_WIPHY] &&
114 !attrs[NL80211_ATTR_IFINDEX] &&
115 !attrs[NL80211_ATTR_WDEV])
116 return ERR_PTR(-EINVAL);
117
118 if (attrs[NL80211_ATTR_WIPHY])
119 rdev = cfg80211_rdev_by_wiphy_idx(
120 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
121
122 if (attrs[NL80211_ATTR_WDEV]) {
123 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
124 struct wireless_dev *wdev;
125 bool found = false;
126
127 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
128 if (tmp) {
129
130 mutex_lock(&tmp->devlist_mtx);
131 list_for_each_entry(wdev, &tmp->wdev_list, list) {
132 if (wdev->identifier != (u32)wdev_id)
133 continue;
134 found = true;
135 break;
136 }
137 mutex_unlock(&tmp->devlist_mtx);
138
139 if (!found)
140 tmp = NULL;
141
142 if (rdev && tmp != rdev)
143 return ERR_PTR(-EINVAL);
144 rdev = tmp;
145 }
146 }
147
148 if (attrs[NL80211_ATTR_IFINDEX]) {
149 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
150 netdev = dev_get_by_index(netns, ifindex);
151 if (netdev) {
152 if (netdev->ieee80211_ptr)
153 tmp = wiphy_to_dev(
154 netdev->ieee80211_ptr->wiphy);
155 else
156 tmp = NULL;
157
158 dev_put(netdev);
159
160
161 if (!tmp)
162 return ERR_PTR(-EINVAL);
163
164
165 if (rdev && tmp != rdev)
166 return ERR_PTR(-EINVAL);
167
168 rdev = tmp;
169 }
170 }
171
172 if (!rdev)
173 return ERR_PTR(-ENODEV);
174
175 if (netns != wiphy_net(&rdev->wiphy))
176 return ERR_PTR(-ENODEV);
177
178 return rdev;
179}
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201static struct cfg80211_registered_device *
202cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
203{
204 struct cfg80211_registered_device *rdev;
205
206 mutex_lock(&cfg80211_mutex);
207 rdev = __cfg80211_rdev_from_attrs(netns, info->attrs);
208
209
210
211
212 if (!IS_ERR(rdev))
213 mutex_lock(&rdev->mtx);
214
215 mutex_unlock(&cfg80211_mutex);
216
217 return rdev;
218}
219
220
221static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
222 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
223 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
224 .len = 20-1 },
225 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
226 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
227 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
228 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
229 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
230 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
231 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
232 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
233
234 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
235 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
236 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
237
238 [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
239 [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
240
241 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
242 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
243 .len = WLAN_MAX_KEY_LEN },
244 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
245 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
246 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
247 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
248 [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
249
250 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
251 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
252 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
253 .len = IEEE80211_MAX_DATA_LEN },
254 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
255 .len = IEEE80211_MAX_DATA_LEN },
256 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
257 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
258 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
259 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
260 .len = NL80211_MAX_SUPP_RATES },
261 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
262 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
263 [NL80211_ATTR_MNTR_FLAGS] = { },
264 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
265 .len = IEEE80211_MAX_MESH_ID_LEN },
266 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
267
268 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
269 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
270
271 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
272 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
273 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
274 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
275 .len = NL80211_MAX_SUPP_RATES },
276 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
277
278 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
279 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
280
281 [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
282
283 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
284 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
285 .len = IEEE80211_MAX_DATA_LEN },
286 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
287 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
288
289 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
290 .len = IEEE80211_MAX_SSID_LEN },
291 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
292 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
293 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
294 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
295 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
296 [NL80211_ATTR_STA_FLAGS2] = {
297 .len = sizeof(struct nl80211_sta_flag_update),
298 },
299 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
300 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
301 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
302 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
303 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
304 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
305 [NL80211_ATTR_PID] = { .type = NLA_U32 },
306 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
307 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
308 .len = WLAN_PMKID_LEN },
309 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
310 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
311 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
312 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
313 .len = IEEE80211_MAX_DATA_LEN },
314 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
315 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
316 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
317 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
318 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
319 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
320 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
321 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
322 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
323 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
324 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
325 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
326 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
327 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
328 [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
329 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
330 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
331 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
332 [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
333 [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
334 .len = IEEE80211_MAX_DATA_LEN },
335 [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
336 .len = IEEE80211_MAX_DATA_LEN },
337 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
338 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
339 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
340 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
341 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
342 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
343 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
344 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
345 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
346 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
347 .len = IEEE80211_MAX_DATA_LEN },
348 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
349 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
350 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
351 .len = NL80211_HT_CAPABILITY_LEN
352 },
353 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
354 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
355 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
356 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
357 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
358};
359
360
361static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
362 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
363 [NL80211_KEY_IDX] = { .type = NLA_U8 },
364 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
365 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
366 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
367 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
368 [NL80211_KEY_TYPE] = { .type = NLA_U32 },
369 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
370};
371
372
373static const struct nla_policy
374nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
375 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
376 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
377};
378
379
380static const struct nla_policy
381nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
382 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
383 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
384 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
385 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
386 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
387 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
388 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
389 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
390};
391
392
393static const struct nla_policy
394nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
395 [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
396 [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
397 [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
398};
399
400static const struct nla_policy
401nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
402 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
403 .len = IEEE80211_MAX_SSID_LEN },
404 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
405};
406
407
408static int nl80211_get_ifidx(struct netlink_callback *cb)
409{
410 int res;
411
412 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
413 nl80211_fam.attrbuf, nl80211_fam.maxattr,
414 nl80211_policy);
415 if (res)
416 return res;
417
418 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
419 return -EINVAL;
420
421 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
422 if (!res)
423 return -EINVAL;
424 return res;
425}
426
427static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
428 struct netlink_callback *cb,
429 struct cfg80211_registered_device **rdev,
430 struct net_device **dev)
431{
432 int ifidx = cb->args[0];
433 int err;
434
435 if (!ifidx)
436 ifidx = nl80211_get_ifidx(cb);
437 if (ifidx < 0)
438 return ifidx;
439
440 cb->args[0] = ifidx;
441
442 rtnl_lock();
443
444 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
445 if (!*dev) {
446 err = -ENODEV;
447 goto out_rtnl;
448 }
449
450 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
451 if (IS_ERR(*rdev)) {
452 err = PTR_ERR(*rdev);
453 goto out_rtnl;
454 }
455
456 return 0;
457 out_rtnl:
458 rtnl_unlock();
459 return err;
460}
461
462static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
463{
464 cfg80211_unlock_rdev(rdev);
465 rtnl_unlock();
466}
467
468
469static bool is_valid_ie_attr(const struct nlattr *attr)
470{
471 const u8 *pos;
472 int len;
473
474 if (!attr)
475 return true;
476
477 pos = nla_data(attr);
478 len = nla_len(attr);
479
480 while (len) {
481 u8 elemlen;
482
483 if (len < 2)
484 return false;
485 len -= 2;
486
487 elemlen = pos[1];
488 if (elemlen > len)
489 return false;
490
491 len -= elemlen;
492 pos += 2 + elemlen;
493 }
494
495 return true;
496}
497
498
499static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
500 int flags, u8 cmd)
501{
502
503 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
504}
505
506static int nl80211_msg_put_channel(struct sk_buff *msg,
507 struct ieee80211_channel *chan)
508{
509 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
510 chan->center_freq))
511 goto nla_put_failure;
512
513 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
514 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
515 goto nla_put_failure;
516 if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
517 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
518 goto nla_put_failure;
519 if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
520 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
521 goto nla_put_failure;
522 if ((chan->flags & IEEE80211_CHAN_RADAR) &&
523 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
524 goto nla_put_failure;
525
526 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
527 DBM_TO_MBM(chan->max_power)))
528 goto nla_put_failure;
529
530 return 0;
531
532 nla_put_failure:
533 return -ENOBUFS;
534}
535
536
537
538struct key_parse {
539 struct key_params p;
540 int idx;
541 int type;
542 bool def, defmgmt;
543 bool def_uni, def_multi;
544};
545
546static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
547{
548 struct nlattr *tb[NL80211_KEY_MAX + 1];
549 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
550 nl80211_key_policy);
551 if (err)
552 return err;
553
554 k->def = !!tb[NL80211_KEY_DEFAULT];
555 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
556
557 if (k->def) {
558 k->def_uni = true;
559 k->def_multi = true;
560 }
561 if (k->defmgmt)
562 k->def_multi = true;
563
564 if (tb[NL80211_KEY_IDX])
565 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
566
567 if (tb[NL80211_KEY_DATA]) {
568 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
569 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
570 }
571
572 if (tb[NL80211_KEY_SEQ]) {
573 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
574 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
575 }
576
577 if (tb[NL80211_KEY_CIPHER])
578 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
579
580 if (tb[NL80211_KEY_TYPE]) {
581 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
582 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
583 return -EINVAL;
584 }
585
586 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
587 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
588 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
589 tb[NL80211_KEY_DEFAULT_TYPES],
590 nl80211_key_default_policy);
591 if (err)
592 return err;
593
594 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
595 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
596 }
597
598 return 0;
599}
600
601static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
602{
603 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
604 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
605 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
606 }
607
608 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
609 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
610 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
611 }
612
613 if (info->attrs[NL80211_ATTR_KEY_IDX])
614 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
615
616 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
617 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
618
619 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
620 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
621
622 if (k->def) {
623 k->def_uni = true;
624 k->def_multi = true;
625 }
626 if (k->defmgmt)
627 k->def_multi = true;
628
629 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
630 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
631 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
632 return -EINVAL;
633 }
634
635 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
636 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
637 int err = nla_parse_nested(
638 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
639 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
640 nl80211_key_default_policy);
641 if (err)
642 return err;
643
644 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
645 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
646 }
647
648 return 0;
649}
650
651static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
652{
653 int err;
654
655 memset(k, 0, sizeof(*k));
656 k->idx = -1;
657 k->type = -1;
658
659 if (info->attrs[NL80211_ATTR_KEY])
660 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
661 else
662 err = nl80211_parse_key_old(info, k);
663
664 if (err)
665 return err;
666
667 if (k->def && k->defmgmt)
668 return -EINVAL;
669
670 if (k->defmgmt) {
671 if (k->def_uni || !k->def_multi)
672 return -EINVAL;
673 }
674
675 if (k->idx != -1) {
676 if (k->defmgmt) {
677 if (k->idx < 4 || k->idx > 5)
678 return -EINVAL;
679 } else if (k->def) {
680 if (k->idx < 0 || k->idx > 3)
681 return -EINVAL;
682 } else {
683 if (k->idx < 0 || k->idx > 5)
684 return -EINVAL;
685 }
686 }
687
688 return 0;
689}
690
691static struct cfg80211_cached_keys *
692nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
693 struct nlattr *keys)
694{
695 struct key_parse parse;
696 struct nlattr *key;
697 struct cfg80211_cached_keys *result;
698 int rem, err, def = 0;
699
700 result = kzalloc(sizeof(*result), GFP_KERNEL);
701 if (!result)
702 return ERR_PTR(-ENOMEM);
703
704 result->def = -1;
705 result->defmgmt = -1;
706
707 nla_for_each_nested(key, keys, rem) {
708 memset(&parse, 0, sizeof(parse));
709 parse.idx = -1;
710
711 err = nl80211_parse_key_new(key, &parse);
712 if (err)
713 goto error;
714 err = -EINVAL;
715 if (!parse.p.key)
716 goto error;
717 if (parse.idx < 0 || parse.idx > 4)
718 goto error;
719 if (parse.def) {
720 if (def)
721 goto error;
722 def = 1;
723 result->def = parse.idx;
724 if (!parse.def_uni || !parse.def_multi)
725 goto error;
726 } else if (parse.defmgmt)
727 goto error;
728 err = cfg80211_validate_key_settings(rdev, &parse.p,
729 parse.idx, false, NULL);
730 if (err)
731 goto error;
732 result->params[parse.idx].cipher = parse.p.cipher;
733 result->params[parse.idx].key_len = parse.p.key_len;
734 result->params[parse.idx].key = result->data[parse.idx];
735 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
736 }
737
738 return result;
739 error:
740 kfree(result);
741 return ERR_PTR(err);
742}
743
744static int nl80211_key_allowed(struct wireless_dev *wdev)
745{
746 ASSERT_WDEV_LOCK(wdev);
747
748 switch (wdev->iftype) {
749 case NL80211_IFTYPE_AP:
750 case NL80211_IFTYPE_AP_VLAN:
751 case NL80211_IFTYPE_P2P_GO:
752 case NL80211_IFTYPE_MESH_POINT:
753 break;
754 case NL80211_IFTYPE_ADHOC:
755 if (!wdev->current_bss)
756 return -ENOLINK;
757 break;
758 case NL80211_IFTYPE_STATION:
759 case NL80211_IFTYPE_P2P_CLIENT:
760 if (wdev->sme_state != CFG80211_SME_CONNECTED)
761 return -ENOLINK;
762 break;
763 default:
764 return -EINVAL;
765 }
766
767 return 0;
768}
769
770static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
771{
772 struct nlattr *nl_modes = nla_nest_start(msg, attr);
773 int i;
774
775 if (!nl_modes)
776 goto nla_put_failure;
777
778 i = 0;
779 while (ifmodes) {
780 if ((ifmodes & 1) && nla_put_flag(msg, i))
781 goto nla_put_failure;
782 ifmodes >>= 1;
783 i++;
784 }
785
786 nla_nest_end(msg, nl_modes);
787 return 0;
788
789nla_put_failure:
790 return -ENOBUFS;
791}
792
793static int nl80211_put_iface_combinations(struct wiphy *wiphy,
794 struct sk_buff *msg)
795{
796 struct nlattr *nl_combis;
797 int i, j;
798
799 nl_combis = nla_nest_start(msg,
800 NL80211_ATTR_INTERFACE_COMBINATIONS);
801 if (!nl_combis)
802 goto nla_put_failure;
803
804 for (i = 0; i < wiphy->n_iface_combinations; i++) {
805 const struct ieee80211_iface_combination *c;
806 struct nlattr *nl_combi, *nl_limits;
807
808 c = &wiphy->iface_combinations[i];
809
810 nl_combi = nla_nest_start(msg, i + 1);
811 if (!nl_combi)
812 goto nla_put_failure;
813
814 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
815 if (!nl_limits)
816 goto nla_put_failure;
817
818 for (j = 0; j < c->n_limits; j++) {
819 struct nlattr *nl_limit;
820
821 nl_limit = nla_nest_start(msg, j + 1);
822 if (!nl_limit)
823 goto nla_put_failure;
824 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
825 c->limits[j].max))
826 goto nla_put_failure;
827 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
828 c->limits[j].types))
829 goto nla_put_failure;
830 nla_nest_end(msg, nl_limit);
831 }
832
833 nla_nest_end(msg, nl_limits);
834
835 if (c->beacon_int_infra_match &&
836 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
837 goto nla_put_failure;
838 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
839 c->num_different_channels) ||
840 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
841 c->max_interfaces))
842 goto nla_put_failure;
843
844 nla_nest_end(msg, nl_combi);
845 }
846
847 nla_nest_end(msg, nl_combis);
848
849 return 0;
850nla_put_failure:
851 return -ENOBUFS;
852}
853
854static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags,
855 struct cfg80211_registered_device *dev)
856{
857 void *hdr;
858 struct nlattr *nl_bands, *nl_band;
859 struct nlattr *nl_freqs, *nl_freq;
860 struct nlattr *nl_rates, *nl_rate;
861 struct nlattr *nl_cmds;
862 enum ieee80211_band band;
863 struct ieee80211_channel *chan;
864 struct ieee80211_rate *rate;
865 int i;
866 const struct ieee80211_txrx_stypes *mgmt_stypes =
867 dev->wiphy.mgmt_stypes;
868
869 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
870 if (!hdr)
871 return -1;
872
873 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
874 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) ||
875 nla_put_u32(msg, NL80211_ATTR_GENERATION,
876 cfg80211_rdev_list_generation) ||
877 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
878 dev->wiphy.retry_short) ||
879 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
880 dev->wiphy.retry_long) ||
881 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
882 dev->wiphy.frag_threshold) ||
883 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
884 dev->wiphy.rts_threshold) ||
885 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
886 dev->wiphy.coverage_class) ||
887 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
888 dev->wiphy.max_scan_ssids) ||
889 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
890 dev->wiphy.max_sched_scan_ssids) ||
891 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
892 dev->wiphy.max_scan_ie_len) ||
893 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
894 dev->wiphy.max_sched_scan_ie_len) ||
895 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
896 dev->wiphy.max_match_sets))
897 goto nla_put_failure;
898
899 if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
900 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
901 goto nla_put_failure;
902 if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
903 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
904 goto nla_put_failure;
905 if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
906 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
907 goto nla_put_failure;
908 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
909 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
910 goto nla_put_failure;
911 if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
912 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
913 goto nla_put_failure;
914 if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
915 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
916 goto nla_put_failure;
917
918 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
919 sizeof(u32) * dev->wiphy.n_cipher_suites,
920 dev->wiphy.cipher_suites))
921 goto nla_put_failure;
922
923 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
924 dev->wiphy.max_num_pmkids))
925 goto nla_put_failure;
926
927 if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
928 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
929 goto nla_put_failure;
930
931 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
932 dev->wiphy.available_antennas_tx) ||
933 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
934 dev->wiphy.available_antennas_rx))
935 goto nla_put_failure;
936
937 if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
938 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
939 dev->wiphy.probe_resp_offload))
940 goto nla_put_failure;
941
942 if ((dev->wiphy.available_antennas_tx ||
943 dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
944 u32 tx_ant = 0, rx_ant = 0;
945 int res;
946 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
947 if (!res) {
948 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX,
949 tx_ant) ||
950 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX,
951 rx_ant))
952 goto nla_put_failure;
953 }
954 }
955
956 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
957 dev->wiphy.interface_modes))
958 goto nla_put_failure;
959
960 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
961 if (!nl_bands)
962 goto nla_put_failure;
963
964 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
965 if (!dev->wiphy.bands[band])
966 continue;
967
968 nl_band = nla_nest_start(msg, band);
969 if (!nl_band)
970 goto nla_put_failure;
971
972
973 if (dev->wiphy.bands[band]->ht_cap.ht_supported &&
974 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
975 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
976 &dev->wiphy.bands[band]->ht_cap.mcs) ||
977 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
978 dev->wiphy.bands[band]->ht_cap.cap) ||
979 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
980 dev->wiphy.bands[band]->ht_cap.ampdu_factor) ||
981 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
982 dev->wiphy.bands[band]->ht_cap.ampdu_density)))
983 goto nla_put_failure;
984
985
986 if (dev->wiphy.bands[band]->vht_cap.vht_supported &&
987 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
988 sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs),
989 &dev->wiphy.bands[band]->vht_cap.vht_mcs) ||
990 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
991 dev->wiphy.bands[band]->vht_cap.cap)))
992 goto nla_put_failure;
993
994
995 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
996 if (!nl_freqs)
997 goto nla_put_failure;
998
999 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
1000 nl_freq = nla_nest_start(msg, i);
1001 if (!nl_freq)
1002 goto nla_put_failure;
1003
1004 chan = &dev->wiphy.bands[band]->channels[i];
1005
1006 if (nl80211_msg_put_channel(msg, chan))
1007 goto nla_put_failure;
1008
1009 nla_nest_end(msg, nl_freq);
1010 }
1011
1012 nla_nest_end(msg, nl_freqs);
1013
1014
1015 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1016 if (!nl_rates)
1017 goto nla_put_failure;
1018
1019 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
1020 nl_rate = nla_nest_start(msg, i);
1021 if (!nl_rate)
1022 goto nla_put_failure;
1023
1024 rate = &dev->wiphy.bands[band]->bitrates[i];
1025 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1026 rate->bitrate))
1027 goto nla_put_failure;
1028 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1029 nla_put_flag(msg,
1030 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1031 goto nla_put_failure;
1032
1033 nla_nest_end(msg, nl_rate);
1034 }
1035
1036 nla_nest_end(msg, nl_rates);
1037
1038 nla_nest_end(msg, nl_band);
1039 }
1040 nla_nest_end(msg, nl_bands);
1041
1042 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1043 if (!nl_cmds)
1044 goto nla_put_failure;
1045
1046 i = 0;
1047#define CMD(op, n) \
1048 do { \
1049 if (dev->ops->op) { \
1050 i++; \
1051 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1052 goto nla_put_failure; \
1053 } \
1054 } while (0)
1055
1056 CMD(add_virtual_intf, NEW_INTERFACE);
1057 CMD(change_virtual_intf, SET_INTERFACE);
1058 CMD(add_key, NEW_KEY);
1059 CMD(start_ap, START_AP);
1060 CMD(add_station, NEW_STATION);
1061 CMD(add_mpath, NEW_MPATH);
1062 CMD(update_mesh_config, SET_MESH_CONFIG);
1063 CMD(change_bss, SET_BSS);
1064 CMD(auth, AUTHENTICATE);
1065 CMD(assoc, ASSOCIATE);
1066 CMD(deauth, DEAUTHENTICATE);
1067 CMD(disassoc, DISASSOCIATE);
1068 CMD(join_ibss, JOIN_IBSS);
1069 CMD(join_mesh, JOIN_MESH);
1070 CMD(set_pmksa, SET_PMKSA);
1071 CMD(del_pmksa, DEL_PMKSA);
1072 CMD(flush_pmksa, FLUSH_PMKSA);
1073 if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1074 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1075 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1076 CMD(mgmt_tx, FRAME);
1077 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1078 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1079 i++;
1080 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1081 goto nla_put_failure;
1082 }
1083 if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1084 dev->ops->join_mesh) {
1085 i++;
1086 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1087 goto nla_put_failure;
1088 }
1089 CMD(set_wds_peer, SET_WDS_PEER);
1090 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1091 CMD(tdls_mgmt, TDLS_MGMT);
1092 CMD(tdls_oper, TDLS_OPER);
1093 }
1094 if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1095 CMD(sched_scan_start, START_SCHED_SCAN);
1096 CMD(probe_client, PROBE_CLIENT);
1097 CMD(set_noack_map, SET_NOACK_MAP);
1098 if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1099 i++;
1100 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1101 goto nla_put_failure;
1102 }
1103 CMD(start_p2p_device, START_P2P_DEVICE);
1104
1105#ifdef CONFIG_NL80211_TESTMODE
1106 CMD(testmode_cmd, TESTMODE);
1107#endif
1108
1109#undef CMD
1110
1111 if (dev->ops->connect || dev->ops->auth) {
1112 i++;
1113 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1114 goto nla_put_failure;
1115 }
1116
1117 if (dev->ops->disconnect || dev->ops->deauth) {
1118 i++;
1119 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1120 goto nla_put_failure;
1121 }
1122
1123 nla_nest_end(msg, nl_cmds);
1124
1125 if (dev->ops->remain_on_channel &&
1126 (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1127 nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1128 dev->wiphy.max_remain_on_channel_duration))
1129 goto nla_put_failure;
1130
1131 if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1132 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1133 goto nla_put_failure;
1134
1135 if (mgmt_stypes) {
1136 u16 stypes;
1137 struct nlattr *nl_ftypes, *nl_ifs;
1138 enum nl80211_iftype ift;
1139
1140 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1141 if (!nl_ifs)
1142 goto nla_put_failure;
1143
1144 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1145 nl_ftypes = nla_nest_start(msg, ift);
1146 if (!nl_ftypes)
1147 goto nla_put_failure;
1148 i = 0;
1149 stypes = mgmt_stypes[ift].tx;
1150 while (stypes) {
1151 if ((stypes & 1) &&
1152 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1153 (i << 4) | IEEE80211_FTYPE_MGMT))
1154 goto nla_put_failure;
1155 stypes >>= 1;
1156 i++;
1157 }
1158 nla_nest_end(msg, nl_ftypes);
1159 }
1160
1161 nla_nest_end(msg, nl_ifs);
1162
1163 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1164 if (!nl_ifs)
1165 goto nla_put_failure;
1166
1167 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1168 nl_ftypes = nla_nest_start(msg, ift);
1169 if (!nl_ftypes)
1170 goto nla_put_failure;
1171 i = 0;
1172 stypes = mgmt_stypes[ift].rx;
1173 while (stypes) {
1174 if ((stypes & 1) &&
1175 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1176 (i << 4) | IEEE80211_FTYPE_MGMT))
1177 goto nla_put_failure;
1178 stypes >>= 1;
1179 i++;
1180 }
1181 nla_nest_end(msg, nl_ftypes);
1182 }
1183 nla_nest_end(msg, nl_ifs);
1184 }
1185
1186#ifdef CONFIG_PM
1187 if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
1188 struct nlattr *nl_wowlan;
1189
1190 nl_wowlan = nla_nest_start(msg,
1191 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1192 if (!nl_wowlan)
1193 goto nla_put_failure;
1194
1195 if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
1196 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1197 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
1198 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1199 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1200 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1201 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1202 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1203 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1204 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1205 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1206 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1207 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1208 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1209 ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1210 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1211 goto nla_put_failure;
1212 if (dev->wiphy.wowlan.n_patterns) {
1213 struct nl80211_wowlan_pattern_support pat = {
1214 .max_patterns = dev->wiphy.wowlan.n_patterns,
1215 .min_pattern_len =
1216 dev->wiphy.wowlan.pattern_min_len,
1217 .max_pattern_len =
1218 dev->wiphy.wowlan.pattern_max_len,
1219 };
1220 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1221 sizeof(pat), &pat))
1222 goto nla_put_failure;
1223 }
1224
1225 nla_nest_end(msg, nl_wowlan);
1226 }
1227#endif
1228
1229 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1230 dev->wiphy.software_iftypes))
1231 goto nla_put_failure;
1232
1233 if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1234 goto nla_put_failure;
1235
1236 if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1237 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1238 dev->wiphy.ap_sme_capa))
1239 goto nla_put_failure;
1240
1241 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS,
1242 dev->wiphy.features))
1243 goto nla_put_failure;
1244
1245 if (dev->wiphy.ht_capa_mod_mask &&
1246 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1247 sizeof(*dev->wiphy.ht_capa_mod_mask),
1248 dev->wiphy.ht_capa_mod_mask))
1249 goto nla_put_failure;
1250
1251 return genlmsg_end(msg, hdr);
1252
1253 nla_put_failure:
1254 genlmsg_cancel(msg, hdr);
1255 return -EMSGSIZE;
1256}
1257
1258static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1259{
1260 int idx = 0;
1261 int start = cb->args[0];
1262 struct cfg80211_registered_device *dev;
1263
1264 mutex_lock(&cfg80211_mutex);
1265 list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1266 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1267 continue;
1268 if (++idx <= start)
1269 continue;
1270 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid,
1271 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1272 dev) < 0) {
1273 idx--;
1274 break;
1275 }
1276 }
1277 mutex_unlock(&cfg80211_mutex);
1278
1279 cb->args[0] = idx;
1280
1281 return skb->len;
1282}
1283
1284static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1285{
1286 struct sk_buff *msg;
1287 struct cfg80211_registered_device *dev = info->user_ptr[0];
1288
1289 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1290 if (!msg)
1291 return -ENOMEM;
1292
1293 if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) {
1294 nlmsg_free(msg);
1295 return -ENOBUFS;
1296 }
1297
1298 return genlmsg_reply(msg, info);
1299}
1300
1301static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1302 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
1303 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
1304 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
1305 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
1306 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
1307};
1308
1309static int parse_txq_params(struct nlattr *tb[],
1310 struct ieee80211_txq_params *txq_params)
1311{
1312 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1313 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1314 !tb[NL80211_TXQ_ATTR_AIFS])
1315 return -EINVAL;
1316
1317 txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1318 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1319 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1320 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1321 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1322
1323 if (txq_params->ac >= NL80211_NUM_ACS)
1324 return -EINVAL;
1325
1326 return 0;
1327}
1328
1329static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1330{
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346 return !wdev ||
1347 wdev->iftype == NL80211_IFTYPE_AP ||
1348 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1349 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1350 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1351}
1352
1353static bool nl80211_valid_channel_type(struct genl_info *info,
1354 enum nl80211_channel_type *channel_type)
1355{
1356 enum nl80211_channel_type tmp;
1357
1358 if (!info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1359 return false;
1360
1361 tmp = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1362 if (tmp != NL80211_CHAN_NO_HT &&
1363 tmp != NL80211_CHAN_HT20 &&
1364 tmp != NL80211_CHAN_HT40PLUS &&
1365 tmp != NL80211_CHAN_HT40MINUS)
1366 return false;
1367
1368 if (channel_type)
1369 *channel_type = tmp;
1370
1371 return true;
1372}
1373
1374static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1375 struct wireless_dev *wdev,
1376 struct genl_info *info)
1377{
1378 struct ieee80211_channel *channel;
1379 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1380 u32 freq;
1381 int result;
1382 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1383
1384 if (wdev)
1385 iftype = wdev->iftype;
1386
1387 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1388 return -EINVAL;
1389
1390 if (!nl80211_can_set_dev_channel(wdev))
1391 return -EOPNOTSUPP;
1392
1393 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
1394 !nl80211_valid_channel_type(info, &channel_type))
1395 return -EINVAL;
1396
1397 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1398
1399 mutex_lock(&rdev->devlist_mtx);
1400 switch (iftype) {
1401 case NL80211_IFTYPE_AP:
1402 case NL80211_IFTYPE_P2P_GO:
1403 if (wdev->beacon_interval) {
1404 result = -EBUSY;
1405 break;
1406 }
1407 channel = rdev_freq_to_chan(rdev, freq, channel_type);
1408 if (!channel || !cfg80211_can_beacon_sec_chan(&rdev->wiphy,
1409 channel,
1410 channel_type)) {
1411 result = -EINVAL;
1412 break;
1413 }
1414 wdev->preset_chan = channel;
1415 wdev->preset_chantype = channel_type;
1416 result = 0;
1417 break;
1418 case NL80211_IFTYPE_MESH_POINT:
1419 result = cfg80211_set_mesh_freq(rdev, wdev, freq, channel_type);
1420 break;
1421 case NL80211_IFTYPE_MONITOR:
1422 result = cfg80211_set_monitor_channel(rdev, freq, channel_type);
1423 break;
1424 default:
1425 result = -EINVAL;
1426 }
1427 mutex_unlock(&rdev->devlist_mtx);
1428
1429 return result;
1430}
1431
1432static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1433{
1434 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1435 struct net_device *netdev = info->user_ptr[1];
1436
1437 return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1438}
1439
1440static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1441{
1442 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1443 struct net_device *dev = info->user_ptr[1];
1444 struct wireless_dev *wdev = dev->ieee80211_ptr;
1445 const u8 *bssid;
1446
1447 if (!info->attrs[NL80211_ATTR_MAC])
1448 return -EINVAL;
1449
1450 if (netif_running(dev))
1451 return -EBUSY;
1452
1453 if (!rdev->ops->set_wds_peer)
1454 return -EOPNOTSUPP;
1455
1456 if (wdev->iftype != NL80211_IFTYPE_WDS)
1457 return -EOPNOTSUPP;
1458
1459 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1460 return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1461}
1462
1463
1464static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1465{
1466 struct cfg80211_registered_device *rdev;
1467 struct net_device *netdev = NULL;
1468 struct wireless_dev *wdev;
1469 int result = 0, rem_txq_params = 0;
1470 struct nlattr *nl_txq_params;
1471 u32 changed;
1472 u8 retry_short = 0, retry_long = 0;
1473 u32 frag_threshold = 0, rts_threshold = 0;
1474 u8 coverage_class = 0;
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485 mutex_lock(&cfg80211_mutex);
1486
1487 if (info->attrs[NL80211_ATTR_IFINDEX]) {
1488 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1489
1490 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1491 if (netdev && netdev->ieee80211_ptr) {
1492 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1493 mutex_lock(&rdev->mtx);
1494 } else
1495 netdev = NULL;
1496 }
1497
1498 if (!netdev) {
1499 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1500 info->attrs);
1501 if (IS_ERR(rdev)) {
1502 mutex_unlock(&cfg80211_mutex);
1503 return PTR_ERR(rdev);
1504 }
1505 wdev = NULL;
1506 netdev = NULL;
1507 result = 0;
1508
1509 mutex_lock(&rdev->mtx);
1510 } else if (nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1511 wdev = netdev->ieee80211_ptr;
1512 else
1513 wdev = NULL;
1514
1515
1516
1517
1518
1519
1520 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1521 result = cfg80211_dev_rename(
1522 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1523
1524 mutex_unlock(&cfg80211_mutex);
1525
1526 if (result)
1527 goto bad_res;
1528
1529 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1530 struct ieee80211_txq_params txq_params;
1531 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1532
1533 if (!rdev->ops->set_txq_params) {
1534 result = -EOPNOTSUPP;
1535 goto bad_res;
1536 }
1537
1538 if (!netdev) {
1539 result = -EINVAL;
1540 goto bad_res;
1541 }
1542
1543 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1544 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1545 result = -EINVAL;
1546 goto bad_res;
1547 }
1548
1549 if (!netif_running(netdev)) {
1550 result = -ENETDOWN;
1551 goto bad_res;
1552 }
1553
1554 nla_for_each_nested(nl_txq_params,
1555 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1556 rem_txq_params) {
1557 nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1558 nla_data(nl_txq_params),
1559 nla_len(nl_txq_params),
1560 txq_params_policy);
1561 result = parse_txq_params(tb, &txq_params);
1562 if (result)
1563 goto bad_res;
1564
1565 result = rdev->ops->set_txq_params(&rdev->wiphy,
1566 netdev,
1567 &txq_params);
1568 if (result)
1569 goto bad_res;
1570 }
1571 }
1572
1573 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1574 result = __nl80211_set_channel(rdev, wdev, info);
1575 if (result)
1576 goto bad_res;
1577 }
1578
1579 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1580 enum nl80211_tx_power_setting type;
1581 int idx, mbm = 0;
1582
1583 if (!rdev->ops->set_tx_power) {
1584 result = -EOPNOTSUPP;
1585 goto bad_res;
1586 }
1587
1588 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1589 type = nla_get_u32(info->attrs[idx]);
1590
1591 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1592 (type != NL80211_TX_POWER_AUTOMATIC)) {
1593 result = -EINVAL;
1594 goto bad_res;
1595 }
1596
1597 if (type != NL80211_TX_POWER_AUTOMATIC) {
1598 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1599 mbm = nla_get_u32(info->attrs[idx]);
1600 }
1601
1602 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1603 if (result)
1604 goto bad_res;
1605 }
1606
1607 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1608 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1609 u32 tx_ant, rx_ant;
1610 if ((!rdev->wiphy.available_antennas_tx &&
1611 !rdev->wiphy.available_antennas_rx) ||
1612 !rdev->ops->set_antenna) {
1613 result = -EOPNOTSUPP;
1614 goto bad_res;
1615 }
1616
1617 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1618 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1619
1620
1621
1622 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1623 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1624 result = -EINVAL;
1625 goto bad_res;
1626 }
1627
1628 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1629 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1630
1631 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1632 if (result)
1633 goto bad_res;
1634 }
1635
1636 changed = 0;
1637
1638 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1639 retry_short = nla_get_u8(
1640 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1641 if (retry_short == 0) {
1642 result = -EINVAL;
1643 goto bad_res;
1644 }
1645 changed |= WIPHY_PARAM_RETRY_SHORT;
1646 }
1647
1648 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1649 retry_long = nla_get_u8(
1650 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1651 if (retry_long == 0) {
1652 result = -EINVAL;
1653 goto bad_res;
1654 }
1655 changed |= WIPHY_PARAM_RETRY_LONG;
1656 }
1657
1658 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1659 frag_threshold = nla_get_u32(
1660 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1661 if (frag_threshold < 256) {
1662 result = -EINVAL;
1663 goto bad_res;
1664 }
1665 if (frag_threshold != (u32) -1) {
1666
1667
1668
1669
1670
1671
1672 frag_threshold &= ~0x1;
1673 }
1674 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1675 }
1676
1677 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1678 rts_threshold = nla_get_u32(
1679 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1680 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1681 }
1682
1683 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1684 coverage_class = nla_get_u8(
1685 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1686 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1687 }
1688
1689 if (changed) {
1690 u8 old_retry_short, old_retry_long;
1691 u32 old_frag_threshold, old_rts_threshold;
1692 u8 old_coverage_class;
1693
1694 if (!rdev->ops->set_wiphy_params) {
1695 result = -EOPNOTSUPP;
1696 goto bad_res;
1697 }
1698
1699 old_retry_short = rdev->wiphy.retry_short;
1700 old_retry_long = rdev->wiphy.retry_long;
1701 old_frag_threshold = rdev->wiphy.frag_threshold;
1702 old_rts_threshold = rdev->wiphy.rts_threshold;
1703 old_coverage_class = rdev->wiphy.coverage_class;
1704
1705 if (changed & WIPHY_PARAM_RETRY_SHORT)
1706 rdev->wiphy.retry_short = retry_short;
1707 if (changed & WIPHY_PARAM_RETRY_LONG)
1708 rdev->wiphy.retry_long = retry_long;
1709 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1710 rdev->wiphy.frag_threshold = frag_threshold;
1711 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1712 rdev->wiphy.rts_threshold = rts_threshold;
1713 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1714 rdev->wiphy.coverage_class = coverage_class;
1715
1716 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1717 if (result) {
1718 rdev->wiphy.retry_short = old_retry_short;
1719 rdev->wiphy.retry_long = old_retry_long;
1720 rdev->wiphy.frag_threshold = old_frag_threshold;
1721 rdev->wiphy.rts_threshold = old_rts_threshold;
1722 rdev->wiphy.coverage_class = old_coverage_class;
1723 }
1724 }
1725
1726 bad_res:
1727 mutex_unlock(&rdev->mtx);
1728 if (netdev)
1729 dev_put(netdev);
1730 return result;
1731}
1732
1733static inline u64 wdev_id(struct wireless_dev *wdev)
1734{
1735 return (u64)wdev->identifier |
1736 ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
1737}
1738
1739static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
1740 struct cfg80211_registered_device *rdev,
1741 struct wireless_dev *wdev)
1742{
1743 struct net_device *dev = wdev->netdev;
1744 void *hdr;
1745
1746 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1747 if (!hdr)
1748 return -1;
1749
1750 if (dev &&
1751 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1752 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
1753 goto nla_put_failure;
1754
1755 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1756 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
1757 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
1758 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
1759 nla_put_u32(msg, NL80211_ATTR_GENERATION,
1760 rdev->devlist_generation ^
1761 (cfg80211_rdev_list_generation << 2)))
1762 goto nla_put_failure;
1763
1764 if (rdev->ops->get_channel) {
1765 struct ieee80211_channel *chan;
1766 enum nl80211_channel_type channel_type;
1767
1768 chan = rdev->ops->get_channel(&rdev->wiphy, wdev,
1769 &channel_type);
1770 if (chan &&
1771 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
1772 chan->center_freq) ||
1773 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
1774 channel_type)))
1775 goto nla_put_failure;
1776 }
1777
1778 return genlmsg_end(msg, hdr);
1779
1780 nla_put_failure:
1781 genlmsg_cancel(msg, hdr);
1782 return -EMSGSIZE;
1783}
1784
1785static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1786{
1787 int wp_idx = 0;
1788 int if_idx = 0;
1789 int wp_start = cb->args[0];
1790 int if_start = cb->args[1];
1791 struct cfg80211_registered_device *rdev;
1792 struct wireless_dev *wdev;
1793
1794 mutex_lock(&cfg80211_mutex);
1795 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1796 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1797 continue;
1798 if (wp_idx < wp_start) {
1799 wp_idx++;
1800 continue;
1801 }
1802 if_idx = 0;
1803
1804 mutex_lock(&rdev->devlist_mtx);
1805 list_for_each_entry(wdev, &rdev->wdev_list, list) {
1806 if (if_idx < if_start) {
1807 if_idx++;
1808 continue;
1809 }
1810 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
1811 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1812 rdev, wdev) < 0) {
1813 mutex_unlock(&rdev->devlist_mtx);
1814 goto out;
1815 }
1816 if_idx++;
1817 }
1818 mutex_unlock(&rdev->devlist_mtx);
1819
1820 wp_idx++;
1821 }
1822 out:
1823 mutex_unlock(&cfg80211_mutex);
1824
1825 cb->args[0] = wp_idx;
1826 cb->args[1] = if_idx;
1827
1828 return skb->len;
1829}
1830
1831static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1832{
1833 struct sk_buff *msg;
1834 struct cfg80211_registered_device *dev = info->user_ptr[0];
1835 struct wireless_dev *wdev = info->user_ptr[1];
1836
1837 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1838 if (!msg)
1839 return -ENOMEM;
1840
1841 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
1842 dev, wdev) < 0) {
1843 nlmsg_free(msg);
1844 return -ENOBUFS;
1845 }
1846
1847 return genlmsg_reply(msg, info);
1848}
1849
1850static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1851 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1852 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1853 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1854 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1855 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1856};
1857
1858static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1859{
1860 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1861 int flag;
1862
1863 *mntrflags = 0;
1864
1865 if (!nla)
1866 return -EINVAL;
1867
1868 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1869 nla, mntr_flags_policy))
1870 return -EINVAL;
1871
1872 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1873 if (flags[flag])
1874 *mntrflags |= (1<<flag);
1875
1876 return 0;
1877}
1878
1879static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1880 struct net_device *netdev, u8 use_4addr,
1881 enum nl80211_iftype iftype)
1882{
1883 if (!use_4addr) {
1884 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1885 return -EBUSY;
1886 return 0;
1887 }
1888
1889 switch (iftype) {
1890 case NL80211_IFTYPE_AP_VLAN:
1891 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1892 return 0;
1893 break;
1894 case NL80211_IFTYPE_STATION:
1895 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1896 return 0;
1897 break;
1898 default:
1899 break;
1900 }
1901
1902 return -EOPNOTSUPP;
1903}
1904
1905static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1906{
1907 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1908 struct vif_params params;
1909 int err;
1910 enum nl80211_iftype otype, ntype;
1911 struct net_device *dev = info->user_ptr[1];
1912 u32 _flags, *flags = NULL;
1913 bool change = false;
1914
1915 memset(¶ms, 0, sizeof(params));
1916
1917 otype = ntype = dev->ieee80211_ptr->iftype;
1918
1919 if (info->attrs[NL80211_ATTR_IFTYPE]) {
1920 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1921 if (otype != ntype)
1922 change = true;
1923 if (ntype > NL80211_IFTYPE_MAX)
1924 return -EINVAL;
1925 }
1926
1927 if (info->attrs[NL80211_ATTR_MESH_ID]) {
1928 struct wireless_dev *wdev = dev->ieee80211_ptr;
1929
1930 if (ntype != NL80211_IFTYPE_MESH_POINT)
1931 return -EINVAL;
1932 if (netif_running(dev))
1933 return -EBUSY;
1934
1935 wdev_lock(wdev);
1936 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1937 IEEE80211_MAX_MESH_ID_LEN);
1938 wdev->mesh_id_up_len =
1939 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1940 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1941 wdev->mesh_id_up_len);
1942 wdev_unlock(wdev);
1943 }
1944
1945 if (info->attrs[NL80211_ATTR_4ADDR]) {
1946 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1947 change = true;
1948 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1949 if (err)
1950 return err;
1951 } else {
1952 params.use_4addr = -1;
1953 }
1954
1955 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1956 if (ntype != NL80211_IFTYPE_MONITOR)
1957 return -EINVAL;
1958 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1959 &_flags);
1960 if (err)
1961 return err;
1962
1963 flags = &_flags;
1964 change = true;
1965 }
1966
1967 if (change)
1968 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
1969 else
1970 err = 0;
1971
1972 if (!err && params.use_4addr != -1)
1973 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1974
1975 return err;
1976}
1977
1978static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1979{
1980 struct cfg80211_registered_device *rdev = info->user_ptr[0];
1981 struct vif_params params;
1982 struct wireless_dev *wdev;
1983 struct sk_buff *msg;
1984 int err;
1985 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1986 u32 flags;
1987
1988 memset(¶ms, 0, sizeof(params));
1989
1990 if (!info->attrs[NL80211_ATTR_IFNAME])
1991 return -EINVAL;
1992
1993 if (info->attrs[NL80211_ATTR_IFTYPE]) {
1994 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1995 if (type > NL80211_IFTYPE_MAX)
1996 return -EINVAL;
1997 }
1998
1999 if (!rdev->ops->add_virtual_intf ||
2000 !(rdev->wiphy.interface_modes & (1 << type)))
2001 return -EOPNOTSUPP;
2002
2003 if (info->attrs[NL80211_ATTR_4ADDR]) {
2004 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2005 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2006 if (err)
2007 return err;
2008 }
2009
2010 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2011 if (!msg)
2012 return -ENOMEM;
2013
2014 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2015 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2016 &flags);
2017 wdev = rdev->ops->add_virtual_intf(&rdev->wiphy,
2018 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2019 type, err ? NULL : &flags, ¶ms);
2020 if (IS_ERR(wdev)) {
2021 nlmsg_free(msg);
2022 return PTR_ERR(wdev);
2023 }
2024
2025 switch (type) {
2026 case NL80211_IFTYPE_MESH_POINT:
2027 if (!info->attrs[NL80211_ATTR_MESH_ID])
2028 break;
2029 wdev_lock(wdev);
2030 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2031 IEEE80211_MAX_MESH_ID_LEN);
2032 wdev->mesh_id_up_len =
2033 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2034 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2035 wdev->mesh_id_up_len);
2036 wdev_unlock(wdev);
2037 break;
2038 case NL80211_IFTYPE_P2P_DEVICE:
2039
2040
2041
2042
2043 mutex_init(&wdev->mtx);
2044 INIT_LIST_HEAD(&wdev->event_list);
2045 spin_lock_init(&wdev->event_lock);
2046 INIT_LIST_HEAD(&wdev->mgmt_registrations);
2047 spin_lock_init(&wdev->mgmt_registrations_lock);
2048
2049 mutex_lock(&rdev->devlist_mtx);
2050 wdev->identifier = ++rdev->wdev_id;
2051 list_add_rcu(&wdev->list, &rdev->wdev_list);
2052 rdev->devlist_generation++;
2053 mutex_unlock(&rdev->devlist_mtx);
2054 break;
2055 default:
2056 break;
2057 }
2058
2059 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2060 rdev, wdev) < 0) {
2061 nlmsg_free(msg);
2062 return -ENOBUFS;
2063 }
2064
2065 return genlmsg_reply(msg, info);
2066}
2067
2068static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2069{
2070 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2071 struct wireless_dev *wdev = info->user_ptr[1];
2072
2073 if (!rdev->ops->del_virtual_intf)
2074 return -EOPNOTSUPP;
2075
2076
2077
2078
2079
2080
2081
2082
2083 if (!wdev->netdev)
2084 info->user_ptr[1] = NULL;
2085
2086 return rdev->ops->del_virtual_intf(&rdev->wiphy, wdev);
2087}
2088
2089static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2090{
2091 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2092 struct net_device *dev = info->user_ptr[1];
2093 u16 noack_map;
2094
2095 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2096 return -EINVAL;
2097
2098 if (!rdev->ops->set_noack_map)
2099 return -EOPNOTSUPP;
2100
2101 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2102
2103 return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
2104}
2105
2106struct get_key_cookie {
2107 struct sk_buff *msg;
2108 int error;
2109 int idx;
2110};
2111
2112static void get_key_callback(void *c, struct key_params *params)
2113{
2114 struct nlattr *key;
2115 struct get_key_cookie *cookie = c;
2116
2117 if ((params->key &&
2118 nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2119 params->key_len, params->key)) ||
2120 (params->seq &&
2121 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2122 params->seq_len, params->seq)) ||
2123 (params->cipher &&
2124 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2125 params->cipher)))
2126 goto nla_put_failure;
2127
2128 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2129 if (!key)
2130 goto nla_put_failure;
2131
2132 if ((params->key &&
2133 nla_put(cookie->msg, NL80211_KEY_DATA,
2134 params->key_len, params->key)) ||
2135 (params->seq &&
2136 nla_put(cookie->msg, NL80211_KEY_SEQ,
2137 params->seq_len, params->seq)) ||
2138 (params->cipher &&
2139 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2140 params->cipher)))
2141 goto nla_put_failure;
2142
2143 if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2144 goto nla_put_failure;
2145
2146 nla_nest_end(cookie->msg, key);
2147
2148 return;
2149 nla_put_failure:
2150 cookie->error = 1;
2151}
2152
2153static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2154{
2155 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2156 int err;
2157 struct net_device *dev = info->user_ptr[1];
2158 u8 key_idx = 0;
2159 const u8 *mac_addr = NULL;
2160 bool pairwise;
2161 struct get_key_cookie cookie = {
2162 .error = 0,
2163 };
2164 void *hdr;
2165 struct sk_buff *msg;
2166
2167 if (info->attrs[NL80211_ATTR_KEY_IDX])
2168 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2169
2170 if (key_idx > 5)
2171 return -EINVAL;
2172
2173 if (info->attrs[NL80211_ATTR_MAC])
2174 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2175
2176 pairwise = !!mac_addr;
2177 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2178 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2179 if (kt >= NUM_NL80211_KEYTYPES)
2180 return -EINVAL;
2181 if (kt != NL80211_KEYTYPE_GROUP &&
2182 kt != NL80211_KEYTYPE_PAIRWISE)
2183 return -EINVAL;
2184 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2185 }
2186
2187 if (!rdev->ops->get_key)
2188 return -EOPNOTSUPP;
2189
2190 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2191 if (!msg)
2192 return -ENOMEM;
2193
2194 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2195 NL80211_CMD_NEW_KEY);
2196 if (IS_ERR(hdr))
2197 return PTR_ERR(hdr);
2198
2199 cookie.msg = msg;
2200 cookie.idx = key_idx;
2201
2202 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2203 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2204 goto nla_put_failure;
2205 if (mac_addr &&
2206 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2207 goto nla_put_failure;
2208
2209 if (pairwise && mac_addr &&
2210 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2211 return -ENOENT;
2212
2213 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
2214 mac_addr, &cookie, get_key_callback);
2215
2216 if (err)
2217 goto free_msg;
2218
2219 if (cookie.error)
2220 goto nla_put_failure;
2221
2222 genlmsg_end(msg, hdr);
2223 return genlmsg_reply(msg, info);
2224
2225 nla_put_failure:
2226 err = -ENOBUFS;
2227 free_msg:
2228 nlmsg_free(msg);
2229 return err;
2230}
2231
2232static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2233{
2234 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2235 struct key_parse key;
2236 int err;
2237 struct net_device *dev = info->user_ptr[1];
2238
2239 err = nl80211_parse_key(info, &key);
2240 if (err)
2241 return err;
2242
2243 if (key.idx < 0)
2244 return -EINVAL;
2245
2246
2247 if (!key.def && !key.defmgmt)
2248 return -EINVAL;
2249
2250 wdev_lock(dev->ieee80211_ptr);
2251
2252 if (key.def) {
2253 if (!rdev->ops->set_default_key) {
2254 err = -EOPNOTSUPP;
2255 goto out;
2256 }
2257
2258 err = nl80211_key_allowed(dev->ieee80211_ptr);
2259 if (err)
2260 goto out;
2261
2262 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
2263 key.def_uni, key.def_multi);
2264
2265 if (err)
2266 goto out;
2267
2268#ifdef CONFIG_CFG80211_WEXT
2269 dev->ieee80211_ptr->wext.default_key = key.idx;
2270#endif
2271 } else {
2272 if (key.def_uni || !key.def_multi) {
2273 err = -EINVAL;
2274 goto out;
2275 }
2276
2277 if (!rdev->ops->set_default_mgmt_key) {
2278 err = -EOPNOTSUPP;
2279 goto out;
2280 }
2281
2282 err = nl80211_key_allowed(dev->ieee80211_ptr);
2283 if (err)
2284 goto out;
2285
2286 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
2287 dev, key.idx);
2288 if (err)
2289 goto out;
2290
2291#ifdef CONFIG_CFG80211_WEXT
2292 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2293#endif
2294 }
2295
2296 out:
2297 wdev_unlock(dev->ieee80211_ptr);
2298
2299 return err;
2300}
2301
2302static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2303{
2304 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2305 int err;
2306 struct net_device *dev = info->user_ptr[1];
2307 struct key_parse key;
2308 const u8 *mac_addr = NULL;
2309
2310 err = nl80211_parse_key(info, &key);
2311 if (err)
2312 return err;
2313
2314 if (!key.p.key)
2315 return -EINVAL;
2316
2317 if (info->attrs[NL80211_ATTR_MAC])
2318 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2319
2320 if (key.type == -1) {
2321 if (mac_addr)
2322 key.type = NL80211_KEYTYPE_PAIRWISE;
2323 else
2324 key.type = NL80211_KEYTYPE_GROUP;
2325 }
2326
2327
2328 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2329 key.type != NL80211_KEYTYPE_GROUP)
2330 return -EINVAL;
2331
2332 if (!rdev->ops->add_key)
2333 return -EOPNOTSUPP;
2334
2335 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2336 key.type == NL80211_KEYTYPE_PAIRWISE,
2337 mac_addr))
2338 return -EINVAL;
2339
2340 wdev_lock(dev->ieee80211_ptr);
2341 err = nl80211_key_allowed(dev->ieee80211_ptr);
2342 if (!err)
2343 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
2344 key.type == NL80211_KEYTYPE_PAIRWISE,
2345 mac_addr, &key.p);
2346 wdev_unlock(dev->ieee80211_ptr);
2347
2348 return err;
2349}
2350
2351static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2352{
2353 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2354 int err;
2355 struct net_device *dev = info->user_ptr[1];
2356 u8 *mac_addr = NULL;
2357 struct key_parse key;
2358
2359 err = nl80211_parse_key(info, &key);
2360 if (err)
2361 return err;
2362
2363 if (info->attrs[NL80211_ATTR_MAC])
2364 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2365
2366 if (key.type == -1) {
2367 if (mac_addr)
2368 key.type = NL80211_KEYTYPE_PAIRWISE;
2369 else
2370 key.type = NL80211_KEYTYPE_GROUP;
2371 }
2372
2373
2374 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2375 key.type != NL80211_KEYTYPE_GROUP)
2376 return -EINVAL;
2377
2378 if (!rdev->ops->del_key)
2379 return -EOPNOTSUPP;
2380
2381 wdev_lock(dev->ieee80211_ptr);
2382 err = nl80211_key_allowed(dev->ieee80211_ptr);
2383
2384 if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2385 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2386 err = -ENOENT;
2387
2388 if (!err)
2389 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
2390 key.type == NL80211_KEYTYPE_PAIRWISE,
2391 mac_addr);
2392
2393#ifdef CONFIG_CFG80211_WEXT
2394 if (!err) {
2395 if (key.idx == dev->ieee80211_ptr->wext.default_key)
2396 dev->ieee80211_ptr->wext.default_key = -1;
2397 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2398 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2399 }
2400#endif
2401 wdev_unlock(dev->ieee80211_ptr);
2402
2403 return err;
2404}
2405
2406static int nl80211_parse_beacon(struct genl_info *info,
2407 struct cfg80211_beacon_data *bcn)
2408{
2409 bool haveinfo = false;
2410
2411 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2412 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2413 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2414 !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2415 return -EINVAL;
2416
2417 memset(bcn, 0, sizeof(*bcn));
2418
2419 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2420 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2421 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2422 if (!bcn->head_len)
2423 return -EINVAL;
2424 haveinfo = true;
2425 }
2426
2427 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2428 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2429 bcn->tail_len =
2430 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2431 haveinfo = true;
2432 }
2433
2434 if (!haveinfo)
2435 return -EINVAL;
2436
2437 if (info->attrs[NL80211_ATTR_IE]) {
2438 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2439 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2440 }
2441
2442 if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2443 bcn->proberesp_ies =
2444 nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2445 bcn->proberesp_ies_len =
2446 nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2447 }
2448
2449 if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2450 bcn->assocresp_ies =
2451 nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2452 bcn->assocresp_ies_len =
2453 nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2454 }
2455
2456 if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2457 bcn->probe_resp =
2458 nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2459 bcn->probe_resp_len =
2460 nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2461 }
2462
2463 return 0;
2464}
2465
2466static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
2467 struct cfg80211_ap_settings *params)
2468{
2469 struct wireless_dev *wdev;
2470 bool ret = false;
2471
2472 mutex_lock(&rdev->devlist_mtx);
2473
2474 list_for_each_entry(wdev, &rdev->wdev_list, list) {
2475 if (wdev->iftype != NL80211_IFTYPE_AP &&
2476 wdev->iftype != NL80211_IFTYPE_P2P_GO)
2477 continue;
2478
2479 if (!wdev->preset_chan)
2480 continue;
2481
2482 params->channel = wdev->preset_chan;
2483 params->channel_type = wdev->preset_chantype;
2484 ret = true;
2485 break;
2486 }
2487
2488 mutex_unlock(&rdev->devlist_mtx);
2489
2490 return ret;
2491}
2492
2493static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2494{
2495 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2496 struct net_device *dev = info->user_ptr[1];
2497 struct wireless_dev *wdev = dev->ieee80211_ptr;
2498 struct cfg80211_ap_settings params;
2499 int err;
2500
2501 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2502 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2503 return -EOPNOTSUPP;
2504
2505 if (!rdev->ops->start_ap)
2506 return -EOPNOTSUPP;
2507
2508 if (wdev->beacon_interval)
2509 return -EALREADY;
2510
2511 memset(¶ms, 0, sizeof(params));
2512
2513
2514 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2515 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2516 !info->attrs[NL80211_ATTR_BEACON_HEAD])
2517 return -EINVAL;
2518
2519 err = nl80211_parse_beacon(info, ¶ms.beacon);
2520 if (err)
2521 return err;
2522
2523 params.beacon_interval =
2524 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2525 params.dtim_period =
2526 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2527
2528 err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2529 if (err)
2530 return err;
2531
2532
2533
2534
2535
2536
2537
2538
2539 if (info->attrs[NL80211_ATTR_SSID]) {
2540 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2541 params.ssid_len =
2542 nla_len(info->attrs[NL80211_ATTR_SSID]);
2543 if (params.ssid_len == 0 ||
2544 params.ssid_len > IEEE80211_MAX_SSID_LEN)
2545 return -EINVAL;
2546 }
2547
2548 if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2549 params.hidden_ssid = nla_get_u32(
2550 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2551 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2552 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2553 params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2554 return -EINVAL;
2555 }
2556
2557 params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2558
2559 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2560 params.auth_type = nla_get_u32(
2561 info->attrs[NL80211_ATTR_AUTH_TYPE]);
2562 if (!nl80211_valid_auth_type(params.auth_type))
2563 return -EINVAL;
2564 } else
2565 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2566
2567 err = nl80211_crypto_settings(rdev, info, ¶ms.crypto,
2568 NL80211_MAX_NR_CIPHER_SUITES);
2569 if (err)
2570 return err;
2571
2572 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
2573 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
2574 return -EOPNOTSUPP;
2575 params.inactivity_timeout = nla_get_u16(
2576 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
2577 }
2578
2579 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2580 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
2581
2582 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
2583 !nl80211_valid_channel_type(info, &channel_type))
2584 return -EINVAL;
2585
2586 params.channel = rdev_freq_to_chan(rdev,
2587 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
2588 channel_type);
2589 if (!params.channel)
2590 return -EINVAL;
2591 params.channel_type = channel_type;
2592 } else if (wdev->preset_chan) {
2593 params.channel = wdev->preset_chan;
2594 params.channel_type = wdev->preset_chantype;
2595 } else if (!nl80211_get_ap_channel(rdev, ¶ms))
2596 return -EINVAL;
2597
2598 if (!cfg80211_can_beacon_sec_chan(&rdev->wiphy, params.channel,
2599 params.channel_type))
2600 return -EINVAL;
2601
2602 mutex_lock(&rdev->devlist_mtx);
2603 err = cfg80211_can_use_chan(rdev, wdev, params.channel,
2604 CHAN_MODE_SHARED);
2605 mutex_unlock(&rdev->devlist_mtx);
2606
2607 if (err)
2608 return err;
2609
2610 err = rdev->ops->start_ap(&rdev->wiphy, dev, ¶ms);
2611 if (!err) {
2612 wdev->preset_chan = params.channel;
2613 wdev->preset_chantype = params.channel_type;
2614 wdev->beacon_interval = params.beacon_interval;
2615 wdev->channel = params.channel;
2616 }
2617 return err;
2618}
2619
2620static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2621{
2622 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2623 struct net_device *dev = info->user_ptr[1];
2624 struct wireless_dev *wdev = dev->ieee80211_ptr;
2625 struct cfg80211_beacon_data params;
2626 int err;
2627
2628 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2629 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2630 return -EOPNOTSUPP;
2631
2632 if (!rdev->ops->change_beacon)
2633 return -EOPNOTSUPP;
2634
2635 if (!wdev->beacon_interval)
2636 return -EINVAL;
2637
2638 err = nl80211_parse_beacon(info, ¶ms);
2639 if (err)
2640 return err;
2641
2642 return rdev->ops->change_beacon(&rdev->wiphy, dev, ¶ms);
2643}
2644
2645static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2646{
2647 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2648 struct net_device *dev = info->user_ptr[1];
2649
2650 return cfg80211_stop_ap(rdev, dev);
2651}
2652
2653static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2654 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2655 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2656 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2657 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2658 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2659 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2660};
2661
2662static int parse_station_flags(struct genl_info *info,
2663 enum nl80211_iftype iftype,
2664 struct station_parameters *params)
2665{
2666 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2667 struct nlattr *nla;
2668 int flag;
2669
2670
2671
2672
2673
2674 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2675 if (nla) {
2676 struct nl80211_sta_flag_update *sta_flags;
2677
2678 sta_flags = nla_data(nla);
2679 params->sta_flags_mask = sta_flags->mask;
2680 params->sta_flags_set = sta_flags->set;
2681 if ((params->sta_flags_mask |
2682 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2683 return -EINVAL;
2684 return 0;
2685 }
2686
2687
2688
2689 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2690 if (!nla)
2691 return 0;
2692
2693 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2694 nla, sta_flags_policy))
2695 return -EINVAL;
2696
2697
2698
2699
2700
2701
2702
2703 switch (iftype) {
2704 case NL80211_IFTYPE_AP:
2705 case NL80211_IFTYPE_AP_VLAN:
2706 case NL80211_IFTYPE_P2P_GO:
2707 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2708 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2709 BIT(NL80211_STA_FLAG_WME) |
2710 BIT(NL80211_STA_FLAG_MFP);
2711 break;
2712 case NL80211_IFTYPE_P2P_CLIENT:
2713 case NL80211_IFTYPE_STATION:
2714 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2715 BIT(NL80211_STA_FLAG_TDLS_PEER);
2716 break;
2717 case NL80211_IFTYPE_MESH_POINT:
2718 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2719 BIT(NL80211_STA_FLAG_MFP) |
2720 BIT(NL80211_STA_FLAG_AUTHORIZED);
2721 default:
2722 return -EINVAL;
2723 }
2724
2725 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
2726 if (flags[flag]) {
2727 params->sta_flags_set |= (1<<flag);
2728
2729
2730 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
2731 return -EINVAL;
2732 }
2733 }
2734
2735 return 0;
2736}
2737
2738static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2739 int attr)
2740{
2741 struct nlattr *rate;
2742 u32 bitrate;
2743 u16 bitrate_compat;
2744
2745 rate = nla_nest_start(msg, attr);
2746 if (!rate)
2747 goto nla_put_failure;
2748
2749
2750 bitrate = cfg80211_calculate_bitrate(info);
2751
2752 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
2753 if ((bitrate > 0 &&
2754 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) ||
2755 (bitrate_compat > 0 &&
2756 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) ||
2757 ((info->flags & RATE_INFO_FLAGS_MCS) &&
2758 nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) ||
2759 ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) &&
2760 nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) ||
2761 ((info->flags & RATE_INFO_FLAGS_SHORT_GI) &&
2762 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)))
2763 goto nla_put_failure;
2764
2765 nla_nest_end(msg, rate);
2766 return true;
2767
2768nla_put_failure:
2769 return false;
2770}
2771
2772static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
2773 int flags,
2774 struct cfg80211_registered_device *rdev,
2775 struct net_device *dev,
2776 const u8 *mac_addr, struct station_info *sinfo)
2777{
2778 void *hdr;
2779 struct nlattr *sinfoattr, *bss_param;
2780
2781 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
2782 if (!hdr)
2783 return -1;
2784
2785 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2786 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
2787 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
2788 goto nla_put_failure;
2789
2790 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2791 if (!sinfoattr)
2792 goto nla_put_failure;
2793 if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
2794 nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2795 sinfo->connected_time))
2796 goto nla_put_failure;
2797 if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
2798 nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2799 sinfo->inactive_time))
2800 goto nla_put_failure;
2801 if ((sinfo->filled & STATION_INFO_RX_BYTES) &&
2802 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
2803 sinfo->rx_bytes))
2804 goto nla_put_failure;
2805 if ((sinfo->filled & STATION_INFO_TX_BYTES) &&
2806 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
2807 sinfo->tx_bytes))
2808 goto nla_put_failure;
2809 if ((sinfo->filled & STATION_INFO_LLID) &&
2810 nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
2811 goto nla_put_failure;
2812 if ((sinfo->filled & STATION_INFO_PLID) &&
2813 nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
2814 goto nla_put_failure;
2815 if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
2816 nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
2817 sinfo->plink_state))
2818 goto nla_put_failure;
2819 switch (rdev->wiphy.signal_type) {
2820 case CFG80211_SIGNAL_TYPE_MBM:
2821 if ((sinfo->filled & STATION_INFO_SIGNAL) &&
2822 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
2823 sinfo->signal))
2824 goto nla_put_failure;
2825 if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
2826 nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2827 sinfo->signal_avg))
2828 goto nla_put_failure;
2829 break;
2830 default:
2831 break;
2832 }
2833 if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2834 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2835 NL80211_STA_INFO_TX_BITRATE))
2836 goto nla_put_failure;
2837 }
2838 if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2839 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2840 NL80211_STA_INFO_RX_BITRATE))
2841 goto nla_put_failure;
2842 }
2843 if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
2844 nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
2845 sinfo->rx_packets))
2846 goto nla_put_failure;
2847 if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
2848 nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
2849 sinfo->tx_packets))
2850 goto nla_put_failure;
2851 if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
2852 nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
2853 sinfo->tx_retries))
2854 goto nla_put_failure;
2855 if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
2856 nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
2857 sinfo->tx_failed))
2858 goto nla_put_failure;
2859 if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
2860 nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
2861 sinfo->beacon_loss_count))
2862 goto nla_put_failure;
2863 if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2864 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2865 if (!bss_param)
2866 goto nla_put_failure;
2867
2868 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
2869 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
2870 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
2871 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
2872 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
2873 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
2874 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2875 sinfo->bss_param.dtim_period) ||
2876 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2877 sinfo->bss_param.beacon_interval))
2878 goto nla_put_failure;
2879
2880 nla_nest_end(msg, bss_param);
2881 }
2882 if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
2883 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
2884 sizeof(struct nl80211_sta_flag_update),
2885 &sinfo->sta_flags))
2886 goto nla_put_failure;
2887 if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
2888 nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
2889 sinfo->t_offset))
2890 goto nla_put_failure;
2891 nla_nest_end(msg, sinfoattr);
2892
2893 if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
2894 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2895 sinfo->assoc_req_ies))
2896 goto nla_put_failure;
2897
2898 return genlmsg_end(msg, hdr);
2899
2900 nla_put_failure:
2901 genlmsg_cancel(msg, hdr);
2902 return -EMSGSIZE;
2903}
2904
2905static int nl80211_dump_station(struct sk_buff *skb,
2906 struct netlink_callback *cb)
2907{
2908 struct station_info sinfo;
2909 struct cfg80211_registered_device *dev;
2910 struct net_device *netdev;
2911 u8 mac_addr[ETH_ALEN];
2912 int sta_idx = cb->args[1];
2913 int err;
2914
2915 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2916 if (err)
2917 return err;
2918
2919 if (!dev->ops->dump_station) {
2920 err = -EOPNOTSUPP;
2921 goto out_err;
2922 }
2923
2924 while (1) {
2925 memset(&sinfo, 0, sizeof(sinfo));
2926 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2927 mac_addr, &sinfo);
2928 if (err == -ENOENT)
2929 break;
2930 if (err)
2931 goto out_err;
2932
2933 if (nl80211_send_station(skb,
2934 NETLINK_CB(cb->skb).portid,
2935 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2936 dev, netdev, mac_addr,
2937 &sinfo) < 0)
2938 goto out;
2939
2940 sta_idx++;
2941 }
2942
2943
2944 out:
2945 cb->args[1] = sta_idx;
2946 err = skb->len;
2947 out_err:
2948 nl80211_finish_netdev_dump(dev);
2949
2950 return err;
2951}
2952
2953static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2954{
2955 struct cfg80211_registered_device *rdev = info->user_ptr[0];
2956 struct net_device *dev = info->user_ptr[1];
2957 struct station_info sinfo;
2958 struct sk_buff *msg;
2959 u8 *mac_addr = NULL;
2960 int err;
2961
2962 memset(&sinfo, 0, sizeof(sinfo));
2963
2964 if (!info->attrs[NL80211_ATTR_MAC])
2965 return -EINVAL;
2966
2967 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2968
2969 if (!rdev->ops->get_station)
2970 return -EOPNOTSUPP;
2971
2972 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2973 if (err)
2974 return err;
2975
2976 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2977 if (!msg)
2978 return -ENOMEM;
2979
2980 if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
2981 rdev, dev, mac_addr, &sinfo) < 0) {
2982 nlmsg_free(msg);
2983 return -ENOBUFS;
2984 }
2985
2986 return genlmsg_reply(msg, info);
2987}
2988
2989
2990
2991
2992static struct net_device *get_vlan(struct genl_info *info,
2993 struct cfg80211_registered_device *rdev)
2994{
2995 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2996 struct net_device *v;
2997 int ret;
2998
2999 if (!vlanattr)
3000 return NULL;
3001
3002 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3003 if (!v)
3004 return ERR_PTR(-ENODEV);
3005
3006 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3007 ret = -EINVAL;
3008 goto error;
3009 }
3010
3011 if (!netif_running(v)) {
3012 ret = -ENETDOWN;
3013 goto error;
3014 }
3015
3016 return v;
3017 error:
3018 dev_put(v);
3019 return ERR_PTR(ret);
3020}
3021
3022static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3023{
3024 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3025 int err;
3026 struct net_device *dev = info->user_ptr[1];
3027 struct station_parameters params;
3028 u8 *mac_addr = NULL;
3029
3030 memset(¶ms, 0, sizeof(params));
3031
3032 params.listen_interval = -1;
3033 params.plink_state = -1;
3034
3035 if (info->attrs[NL80211_ATTR_STA_AID])
3036 return -EINVAL;
3037
3038 if (!info->attrs[NL80211_ATTR_MAC])
3039 return -EINVAL;
3040
3041 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3042
3043 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
3044 params.supported_rates =
3045 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3046 params.supported_rates_len =
3047 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3048 }
3049
3050 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3051 params.listen_interval =
3052 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
3053
3054 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3055 params.ht_capa =
3056 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3057
3058 if (!rdev->ops->change_station)
3059 return -EOPNOTSUPP;
3060
3061 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
3062 return -EINVAL;
3063
3064 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3065 params.plink_action =
3066 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3067
3068 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
3069 params.plink_state =
3070 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
3071
3072 switch (dev->ieee80211_ptr->iftype) {
3073 case NL80211_IFTYPE_AP:
3074 case NL80211_IFTYPE_AP_VLAN:
3075 case NL80211_IFTYPE_P2P_GO:
3076
3077 if (params.plink_action)
3078 return -EINVAL;
3079
3080
3081 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3082 return -EINVAL;
3083
3084
3085
3086
3087
3088 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3089
3090
3091 if (params.sta_flags_mask &
3092 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3093 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3094 BIT(NL80211_STA_FLAG_WME) |
3095 BIT(NL80211_STA_FLAG_MFP)))
3096 return -EINVAL;
3097
3098
3099 params.vlan = get_vlan(info, rdev);
3100 if (IS_ERR(params.vlan))
3101 return PTR_ERR(params.vlan);
3102 break;
3103 case NL80211_IFTYPE_P2P_CLIENT:
3104 case NL80211_IFTYPE_STATION:
3105
3106
3107
3108
3109
3110
3111 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3112
3113 case NL80211_IFTYPE_ADHOC:
3114
3115 if (params.plink_action)
3116 return -EINVAL;
3117 if (params.ht_capa)
3118 return -EINVAL;
3119 if (params.listen_interval >= 0)
3120 return -EINVAL;
3121
3122 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3123 return -EINVAL;
3124 break;
3125 case NL80211_IFTYPE_MESH_POINT:
3126
3127 if (params.vlan)
3128 return -EINVAL;
3129 if (params.ht_capa)
3130 return -EINVAL;
3131 if (params.listen_interval >= 0)
3132 return -EINVAL;
3133
3134
3135
3136
3137 if (params.sta_flags_mask &
3138 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3139 BIT(NL80211_STA_FLAG_MFP) |
3140 BIT(NL80211_STA_FLAG_AUTHORIZED)))
3141 return -EINVAL;
3142 break;
3143 default:
3144 return -EOPNOTSUPP;
3145 }
3146
3147
3148
3149 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms);
3150
3151 if (params.vlan)
3152 dev_put(params.vlan);
3153
3154 return err;
3155}
3156
3157static struct nla_policy
3158nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3159 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3160 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3161};
3162
3163static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
3164{
3165 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3166 int err;
3167 struct net_device *dev = info->user_ptr[1];
3168 struct station_parameters params;
3169 u8 *mac_addr = NULL;
3170
3171 memset(¶ms, 0, sizeof(params));
3172
3173 if (!info->attrs[NL80211_ATTR_MAC])
3174 return -EINVAL;
3175
3176 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3177 return -EINVAL;
3178
3179 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
3180 return -EINVAL;
3181
3182 if (!info->attrs[NL80211_ATTR_STA_AID])
3183 return -EINVAL;
3184
3185 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3186 params.supported_rates =
3187 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3188 params.supported_rates_len =
3189 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3190 params.listen_interval =
3191 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
3192
3193 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
3194 if (!params.aid || params.aid > IEEE80211_MAX_AID)
3195 return -EINVAL;
3196
3197 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3198 params.ht_capa =
3199 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3200
3201 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3202 params.plink_action =
3203 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3204
3205 if (!rdev->ops->add_station)
3206 return -EOPNOTSUPP;
3207
3208 if (parse_station_flags(info, dev->ieee80211_ptr->iftype, ¶ms))
3209 return -EINVAL;
3210
3211 switch (dev->ieee80211_ptr->iftype) {
3212 case NL80211_IFTYPE_AP:
3213 case NL80211_IFTYPE_AP_VLAN:
3214 case NL80211_IFTYPE_P2P_GO:
3215
3216 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
3217 (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
3218 info->attrs[NL80211_ATTR_STA_WME]) {
3219 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3220 struct nlattr *nla;
3221
3222 nla = info->attrs[NL80211_ATTR_STA_WME];
3223 err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3224 nl80211_sta_wme_policy);
3225 if (err)
3226 return err;
3227
3228 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3229 params.uapsd_queues =
3230 nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
3231 if (params.uapsd_queues &
3232 ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3233 return -EINVAL;
3234
3235 if (tb[NL80211_STA_WME_MAX_SP])
3236 params.max_sp =
3237 nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3238
3239 if (params.max_sp &
3240 ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3241 return -EINVAL;
3242
3243 params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3244 }
3245
3246 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3247 return -EINVAL;
3248
3249 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3250
3251
3252 params.vlan = get_vlan(info, rdev);
3253 if (IS_ERR(params.vlan))
3254 return PTR_ERR(params.vlan);
3255 break;
3256 case NL80211_IFTYPE_MESH_POINT:
3257
3258 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3259 return -EINVAL;
3260 break;
3261 case NL80211_IFTYPE_STATION:
3262
3263 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3264 return -EINVAL;
3265
3266 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
3267 return -EOPNOTSUPP;
3268
3269 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
3270 return -EOPNOTSUPP;
3271 break;
3272 default:
3273 return -EOPNOTSUPP;
3274 }
3275
3276
3277
3278 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms);
3279
3280 if (params.vlan)
3281 dev_put(params.vlan);
3282 return err;
3283}
3284
3285static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
3286{
3287 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3288 struct net_device *dev = info->user_ptr[1];
3289 u8 *mac_addr = NULL;
3290
3291 if (info->attrs[NL80211_ATTR_MAC])
3292 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3293
3294 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3295 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3296 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
3297 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3298 return -EINVAL;
3299
3300 if (!rdev->ops->del_station)
3301 return -EOPNOTSUPP;
3302
3303 return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
3304}
3305
3306static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
3307 int flags, struct net_device *dev,
3308 u8 *dst, u8 *next_hop,
3309 struct mpath_info *pinfo)
3310{
3311 void *hdr;
3312 struct nlattr *pinfoattr;
3313
3314 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3315 if (!hdr)
3316 return -1;
3317
3318 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3319 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
3320 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
3321 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
3322 goto nla_put_failure;
3323
3324 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
3325 if (!pinfoattr)
3326 goto nla_put_failure;
3327 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
3328 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
3329 pinfo->frame_qlen))
3330 goto nla_put_failure;
3331 if (((pinfo->filled & MPATH_INFO_SN) &&
3332 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
3333 ((pinfo->filled & MPATH_INFO_METRIC) &&
3334 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
3335 pinfo->metric)) ||
3336 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
3337 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
3338 pinfo->exptime)) ||
3339 ((pinfo->filled & MPATH_INFO_FLAGS) &&
3340 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
3341 pinfo->flags)) ||
3342 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
3343 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
3344 pinfo->discovery_timeout)) ||
3345 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
3346 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
3347 pinfo->discovery_retries)))
3348 goto nla_put_failure;
3349
3350 nla_nest_end(msg, pinfoattr);
3351
3352 return genlmsg_end(msg, hdr);
3353
3354 nla_put_failure:
3355 genlmsg_cancel(msg, hdr);
3356 return -EMSGSIZE;
3357}
3358
3359static int nl80211_dump_mpath(struct sk_buff *skb,
3360 struct netlink_callback *cb)
3361{
3362 struct mpath_info pinfo;
3363 struct cfg80211_registered_device *dev;
3364 struct net_device *netdev;
3365 u8 dst[ETH_ALEN];
3366 u8 next_hop[ETH_ALEN];
3367 int path_idx = cb->args[1];
3368 int err;
3369
3370 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3371 if (err)
3372 return err;
3373
3374 if (!dev->ops->dump_mpath) {
3375 err = -EOPNOTSUPP;
3376 goto out_err;
3377 }
3378
3379 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
3380 err = -EOPNOTSUPP;
3381 goto out_err;
3382 }
3383
3384 while (1) {
3385 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
3386 dst, next_hop, &pinfo);
3387 if (err == -ENOENT)
3388 break;
3389 if (err)
3390 goto out_err;
3391
3392 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
3393 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3394 netdev, dst, next_hop,
3395 &pinfo) < 0)
3396 goto out;
3397
3398 path_idx++;
3399 }
3400
3401
3402 out:
3403 cb->args[1] = path_idx;
3404 err = skb->len;
3405 out_err:
3406 nl80211_finish_netdev_dump(dev);
3407 return err;
3408}
3409
3410static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
3411{
3412 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3413 int err;
3414 struct net_device *dev = info->user_ptr[1];
3415 struct mpath_info pinfo;
3416 struct sk_buff *msg;
3417 u8 *dst = NULL;
3418 u8 next_hop[ETH_ALEN];
3419
3420 memset(&pinfo, 0, sizeof(pinfo));
3421
3422 if (!info->attrs[NL80211_ATTR_MAC])
3423 return -EINVAL;
3424
3425 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3426
3427 if (!rdev->ops->get_mpath)
3428 return -EOPNOTSUPP;
3429
3430 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3431 return -EOPNOTSUPP;
3432
3433 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
3434 if (err)
3435 return err;
3436
3437 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3438 if (!msg)
3439 return -ENOMEM;
3440
3441 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
3442 dev, dst, next_hop, &pinfo) < 0) {
3443 nlmsg_free(msg);
3444 return -ENOBUFS;
3445 }
3446
3447 return genlmsg_reply(msg, info);
3448}
3449
3450static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3451{
3452 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3453 struct net_device *dev = info->user_ptr[1];
3454 u8 *dst = NULL;
3455 u8 *next_hop = NULL;
3456
3457 if (!info->attrs[NL80211_ATTR_MAC])
3458 return -EINVAL;
3459
3460 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3461 return -EINVAL;
3462
3463 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3464 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3465
3466 if (!rdev->ops->change_mpath)
3467 return -EOPNOTSUPP;
3468
3469 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3470 return -EOPNOTSUPP;
3471
3472 return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
3473}
3474
3475static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3476{
3477 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3478 struct net_device *dev = info->user_ptr[1];
3479 u8 *dst = NULL;
3480 u8 *next_hop = NULL;
3481
3482 if (!info->attrs[NL80211_ATTR_MAC])
3483 return -EINVAL;
3484
3485 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3486 return -EINVAL;
3487
3488 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3489 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3490
3491 if (!rdev->ops->add_mpath)
3492 return -EOPNOTSUPP;
3493
3494 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3495 return -EOPNOTSUPP;
3496
3497 return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
3498}
3499
3500static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3501{
3502 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3503 struct net_device *dev = info->user_ptr[1];
3504 u8 *dst = NULL;
3505
3506 if (info->attrs[NL80211_ATTR_MAC])
3507 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3508
3509 if (!rdev->ops->del_mpath)
3510 return -EOPNOTSUPP;
3511
3512 return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
3513}
3514
3515static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3516{
3517 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3518 struct net_device *dev = info->user_ptr[1];
3519 struct bss_parameters params;
3520
3521 memset(¶ms, 0, sizeof(params));
3522
3523 params.use_cts_prot = -1;
3524 params.use_short_preamble = -1;
3525 params.use_short_slot_time = -1;
3526 params.ap_isolate = -1;
3527 params.ht_opmode = -1;
3528
3529 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3530 params.use_cts_prot =
3531 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3532 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3533 params.use_short_preamble =
3534 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3535 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3536 params.use_short_slot_time =
3537 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3538 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3539 params.basic_rates =
3540 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3541 params.basic_rates_len =
3542 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3543 }
3544 if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3545 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3546 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3547 params.ht_opmode =
3548 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3549
3550 if (!rdev->ops->change_bss)
3551 return -EOPNOTSUPP;
3552
3553 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3554 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3555 return -EOPNOTSUPP;
3556
3557 return rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms);
3558}
3559
3560static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3561 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
3562 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
3563 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
3564 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
3565 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
3566 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
3567};
3568
3569static int parse_reg_rule(struct nlattr *tb[],
3570 struct ieee80211_reg_rule *reg_rule)
3571{
3572 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
3573 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
3574
3575 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3576 return -EINVAL;
3577 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3578 return -EINVAL;
3579 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3580 return -EINVAL;
3581 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3582 return -EINVAL;
3583 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3584 return -EINVAL;
3585
3586 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3587
3588 freq_range->start_freq_khz =
3589 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3590 freq_range->end_freq_khz =
3591 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3592 freq_range->max_bandwidth_khz =
3593 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3594
3595 power_rule->max_eirp =
3596 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3597
3598 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3599 power_rule->max_antenna_gain =
3600 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3601
3602 return 0;
3603}
3604
3605static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3606{
3607 int r;
3608 char *data = NULL;
3609 enum nl80211_user_reg_hint_type user_reg_hint_type;
3610
3611
3612
3613
3614
3615
3616
3617 mutex_lock(&cfg80211_mutex);
3618 if (unlikely(!cfg80211_regdomain)) {
3619 mutex_unlock(&cfg80211_mutex);
3620 return -EINPROGRESS;
3621 }
3622 mutex_unlock(&cfg80211_mutex);
3623
3624 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3625 return -EINVAL;
3626
3627 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3628
3629 if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
3630 user_reg_hint_type =
3631 nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
3632 else
3633 user_reg_hint_type = NL80211_USER_REG_HINT_USER;
3634
3635 switch (user_reg_hint_type) {
3636 case NL80211_USER_REG_HINT_USER:
3637 case NL80211_USER_REG_HINT_CELL_BASE:
3638 break;
3639 default:
3640 return -EINVAL;
3641 }
3642
3643 r = regulatory_hint_user(data, user_reg_hint_type);
3644
3645 return r;
3646}
3647
3648static int nl80211_get_mesh_config(struct sk_buff *skb,
3649 struct genl_info *info)
3650{
3651 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3652 struct net_device *dev = info->user_ptr[1];
3653 struct wireless_dev *wdev = dev->ieee80211_ptr;
3654 struct mesh_config cur_params;
3655 int err = 0;
3656 void *hdr;
3657 struct nlattr *pinfoattr;
3658 struct sk_buff *msg;
3659
3660 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3661 return -EOPNOTSUPP;
3662
3663 if (!rdev->ops->get_mesh_config)
3664 return -EOPNOTSUPP;
3665
3666 wdev_lock(wdev);
3667
3668 if (!wdev->mesh_id_len)
3669 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3670 else
3671 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
3672 &cur_params);
3673 wdev_unlock(wdev);
3674
3675 if (err)
3676 return err;
3677
3678
3679 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3680 if (!msg)
3681 return -ENOMEM;
3682 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3683 NL80211_CMD_GET_MESH_CONFIG);
3684 if (!hdr)
3685 goto out;
3686 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3687 if (!pinfoattr)
3688 goto nla_put_failure;
3689 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3690 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3691 cur_params.dot11MeshRetryTimeout) ||
3692 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3693 cur_params.dot11MeshConfirmTimeout) ||
3694 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3695 cur_params.dot11MeshHoldingTimeout) ||
3696 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3697 cur_params.dot11MeshMaxPeerLinks) ||
3698 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
3699 cur_params.dot11MeshMaxRetries) ||
3700 nla_put_u8(msg, NL80211_MESHCONF_TTL,
3701 cur_params.dot11MeshTTL) ||
3702 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3703 cur_params.element_ttl) ||
3704 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3705 cur_params.auto_open_plinks) ||
3706 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3707 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
3708 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3709 cur_params.dot11MeshHWMPmaxPREQretries) ||
3710 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3711 cur_params.path_refresh_time) ||
3712 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3713 cur_params.min_discovery_timeout) ||
3714 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3715 cur_params.dot11MeshHWMPactivePathTimeout) ||
3716 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3717 cur_params.dot11MeshHWMPpreqMinInterval) ||
3718 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3719 cur_params.dot11MeshHWMPperrMinInterval) ||
3720 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3721 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
3722 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3723 cur_params.dot11MeshHWMPRootMode) ||
3724 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3725 cur_params.dot11MeshHWMPRannInterval) ||
3726 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3727 cur_params.dot11MeshGateAnnouncementProtocol) ||
3728 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
3729 cur_params.dot11MeshForwarding) ||
3730 nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
3731 cur_params.rssi_threshold) ||
3732 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
3733 cur_params.ht_opmode) ||
3734 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
3735 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
3736 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
3737 cur_params.dot11MeshHWMProotInterval) ||
3738 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
3739 cur_params.dot11MeshHWMPconfirmationInterval))
3740 goto nla_put_failure;
3741 nla_nest_end(msg, pinfoattr);
3742 genlmsg_end(msg, hdr);
3743 return genlmsg_reply(msg, info);
3744
3745 nla_put_failure:
3746 genlmsg_cancel(msg, hdr);
3747 out:
3748 nlmsg_free(msg);
3749 return -ENOBUFS;
3750}
3751
3752static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3753 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3754 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3755 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3756 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3757 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3758 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3759 [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3760 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3761 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
3762 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3763 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3764 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3765 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3766 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3767 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3768 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3769 [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3770 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3771 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3772 [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
3773 [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
3774 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
3775 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
3776 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
3777 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
3778};
3779
3780static const struct nla_policy
3781 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3782 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
3783 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3784 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3785 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3786 [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3787 .len = IEEE80211_MAX_DATA_LEN },
3788 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3789};
3790
3791static int nl80211_parse_mesh_config(struct genl_info *info,
3792 struct mesh_config *cfg,
3793 u32 *mask_out)
3794{
3795 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3796 u32 mask = 0;
3797
3798#define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3799do {\
3800 if (table[attr_num]) {\
3801 cfg->param = nla_fn(table[attr_num]); \
3802 mask |= (1 << (attr_num - 1)); \
3803 } \
3804} while (0);\
3805
3806
3807 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3808 return -EINVAL;
3809 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3810 info->attrs[NL80211_ATTR_MESH_CONFIG],
3811 nl80211_meshconf_params_policy))
3812 return -EINVAL;
3813
3814
3815
3816 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3817
3818
3819 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3820 mask, NL80211_MESHCONF_RETRY_TIMEOUT,
3821 nla_get_u16);
3822 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3823 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3824 nla_get_u16);
3825 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3826 mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
3827 nla_get_u16);
3828 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3829 mask, NL80211_MESHCONF_MAX_PEER_LINKS,
3830 nla_get_u16);
3831 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3832 mask, NL80211_MESHCONF_MAX_RETRIES,
3833 nla_get_u8);
3834 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3835 mask, NL80211_MESHCONF_TTL, nla_get_u8);
3836 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3837 mask, NL80211_MESHCONF_ELEMENT_TTL,
3838 nla_get_u8);
3839 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3840 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3841 nla_get_u8);
3842 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, mask,
3843 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3844 nla_get_u32);
3845 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3846 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3847 nla_get_u8);
3848 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3849 mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
3850 nla_get_u32);
3851 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3852 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3853 nla_get_u16);
3854 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, mask,
3855 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3856 nla_get_u32);
3857 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3858 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3859 nla_get_u16);
3860 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
3861 mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3862 nla_get_u16);
3863 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3864 dot11MeshHWMPnetDiameterTraversalTime, mask,
3865 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3866 nla_get_u16);
3867 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
3868 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
3869 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
3870 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3871 nla_get_u16);
3872 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3873 dot11MeshGateAnnouncementProtocol, mask,
3874 NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3875 nla_get_u8);
3876 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
3877 mask, NL80211_MESHCONF_FORWARDING,
3878 nla_get_u8);
3879 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold,
3880 mask, NL80211_MESHCONF_RSSI_THRESHOLD,
3881 nla_get_u32);
3882 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode,
3883 mask, NL80211_MESHCONF_HT_OPMODE,
3884 nla_get_u16);
3885 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
3886 mask,
3887 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
3888 nla_get_u32);
3889 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval,
3890 mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
3891 nla_get_u16);
3892 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3893 dot11MeshHWMPconfirmationInterval, mask,
3894 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
3895 nla_get_u16);
3896 if (mask_out)
3897 *mask_out = mask;
3898
3899 return 0;
3900
3901#undef FILL_IN_MESH_PARAM_IF_SET
3902}
3903
3904static int nl80211_parse_mesh_setup(struct genl_info *info,
3905 struct mesh_setup *setup)
3906{
3907 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3908
3909 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3910 return -EINVAL;
3911 if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3912 info->attrs[NL80211_ATTR_MESH_SETUP],
3913 nl80211_mesh_setup_params_policy))
3914 return -EINVAL;
3915
3916 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
3917 setup->sync_method =
3918 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
3919 IEEE80211_SYNC_METHOD_VENDOR :
3920 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
3921
3922 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3923 setup->path_sel_proto =
3924 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3925 IEEE80211_PATH_PROTOCOL_VENDOR :
3926 IEEE80211_PATH_PROTOCOL_HWMP;
3927
3928 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3929 setup->path_metric =
3930 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3931 IEEE80211_PATH_METRIC_VENDOR :
3932 IEEE80211_PATH_METRIC_AIRTIME;
3933
3934
3935 if (tb[NL80211_MESH_SETUP_IE]) {
3936 struct nlattr *ieattr =
3937 tb[NL80211_MESH_SETUP_IE];
3938 if (!is_valid_ie_attr(ieattr))
3939 return -EINVAL;
3940 setup->ie = nla_data(ieattr);
3941 setup->ie_len = nla_len(ieattr);
3942 }
3943 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3944 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3945
3946 return 0;
3947}
3948
3949static int nl80211_update_mesh_config(struct sk_buff *skb,
3950 struct genl_info *info)
3951{
3952 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3953 struct net_device *dev = info->user_ptr[1];
3954 struct wireless_dev *wdev = dev->ieee80211_ptr;
3955 struct mesh_config cfg;
3956 u32 mask;
3957 int err;
3958
3959 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3960 return -EOPNOTSUPP;
3961
3962 if (!rdev->ops->update_mesh_config)
3963 return -EOPNOTSUPP;
3964
3965 err = nl80211_parse_mesh_config(info, &cfg, &mask);
3966 if (err)
3967 return err;
3968
3969 wdev_lock(wdev);
3970 if (!wdev->mesh_id_len)
3971 err = -ENOLINK;
3972
3973 if (!err)
3974 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3975 mask, &cfg);
3976
3977 wdev_unlock(wdev);
3978
3979 return err;
3980}
3981
3982static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3983{
3984 struct sk_buff *msg;
3985 void *hdr = NULL;
3986 struct nlattr *nl_reg_rules;
3987 unsigned int i;
3988 int err = -EINVAL;
3989
3990 mutex_lock(&cfg80211_mutex);
3991
3992 if (!cfg80211_regdomain)
3993 goto out;
3994
3995 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3996 if (!msg) {
3997 err = -ENOBUFS;
3998 goto out;
3999 }
4000
4001 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4002 NL80211_CMD_GET_REG);
4003 if (!hdr)
4004 goto put_failure;
4005
4006 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
4007 cfg80211_regdomain->alpha2) ||
4008 (cfg80211_regdomain->dfs_region &&
4009 nla_put_u8(msg, NL80211_ATTR_DFS_REGION,
4010 cfg80211_regdomain->dfs_region)))
4011 goto nla_put_failure;
4012
4013 if (reg_last_request_cell_base() &&
4014 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
4015 NL80211_USER_REG_HINT_CELL_BASE))
4016 goto nla_put_failure;
4017
4018 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
4019 if (!nl_reg_rules)
4020 goto nla_put_failure;
4021
4022 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
4023 struct nlattr *nl_reg_rule;
4024 const struct ieee80211_reg_rule *reg_rule;
4025 const struct ieee80211_freq_range *freq_range;
4026 const struct ieee80211_power_rule *power_rule;
4027
4028 reg_rule = &cfg80211_regdomain->reg_rules[i];
4029 freq_range = ®_rule->freq_range;
4030 power_rule = ®_rule->power_rule;
4031
4032 nl_reg_rule = nla_nest_start(msg, i);
4033 if (!nl_reg_rule)
4034 goto nla_put_failure;
4035
4036 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
4037 reg_rule->flags) ||
4038 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
4039 freq_range->start_freq_khz) ||
4040 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
4041 freq_range->end_freq_khz) ||
4042 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
4043 freq_range->max_bandwidth_khz) ||
4044 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
4045 power_rule->max_antenna_gain) ||
4046 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
4047 power_rule->max_eirp))
4048 goto nla_put_failure;
4049
4050 nla_nest_end(msg, nl_reg_rule);
4051 }
4052
4053 nla_nest_end(msg, nl_reg_rules);
4054
4055 genlmsg_end(msg, hdr);
4056 err = genlmsg_reply(msg, info);
4057 goto out;
4058
4059nla_put_failure:
4060 genlmsg_cancel(msg, hdr);
4061put_failure:
4062 nlmsg_free(msg);
4063 err = -EMSGSIZE;
4064out:
4065 mutex_unlock(&cfg80211_mutex);
4066 return err;
4067}
4068
4069static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
4070{
4071 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
4072 struct nlattr *nl_reg_rule;
4073 char *alpha2 = NULL;
4074 int rem_reg_rules = 0, r = 0;
4075 u32 num_rules = 0, rule_idx = 0, size_of_regd;
4076 u8 dfs_region = 0;
4077 struct ieee80211_regdomain *rd = NULL;
4078
4079 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4080 return -EINVAL;
4081
4082 if (!info->attrs[NL80211_ATTR_REG_RULES])
4083 return -EINVAL;
4084
4085 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4086
4087 if (info->attrs[NL80211_ATTR_DFS_REGION])
4088 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
4089
4090 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4091 rem_reg_rules) {
4092 num_rules++;
4093 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
4094 return -EINVAL;
4095 }
4096
4097 mutex_lock(&cfg80211_mutex);
4098
4099 if (!reg_is_valid_request(alpha2)) {
4100 r = -EINVAL;
4101 goto bad_reg;
4102 }
4103
4104 size_of_regd = sizeof(struct ieee80211_regdomain) +
4105 (num_rules * sizeof(struct ieee80211_reg_rule));
4106
4107 rd = kzalloc(size_of_regd, GFP_KERNEL);
4108 if (!rd) {
4109 r = -ENOMEM;
4110 goto bad_reg;
4111 }
4112
4113 rd->n_reg_rules = num_rules;
4114 rd->alpha2[0] = alpha2[0];
4115 rd->alpha2[1] = alpha2[1];
4116
4117
4118
4119
4120
4121 if (reg_supported_dfs_region(dfs_region))
4122 rd->dfs_region = dfs_region;
4123
4124 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4125 rem_reg_rules) {
4126 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
4127 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
4128 reg_rule_policy);
4129 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
4130 if (r)
4131 goto bad_reg;
4132
4133 rule_idx++;
4134
4135 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
4136 r = -EINVAL;
4137 goto bad_reg;
4138 }
4139 }
4140
4141 BUG_ON(rule_idx != num_rules);
4142
4143 r = set_regdom(rd);
4144
4145 mutex_unlock(&cfg80211_mutex);
4146
4147 return r;
4148
4149 bad_reg:
4150 mutex_unlock(&cfg80211_mutex);
4151 kfree(rd);
4152 return r;
4153}
4154
4155static int validate_scan_freqs(struct nlattr *freqs)
4156{
4157 struct nlattr *attr1, *attr2;
4158 int n_channels = 0, tmp1, tmp2;
4159
4160 nla_for_each_nested(attr1, freqs, tmp1) {
4161 n_channels++;
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171 nla_for_each_nested(attr2, freqs, tmp2)
4172 if (attr1 != attr2 &&
4173 nla_get_u32(attr1) == nla_get_u32(attr2))
4174 return 0;
4175 }
4176
4177 return n_channels;
4178}
4179
4180static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4181{
4182 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4183 struct wireless_dev *wdev = info->user_ptr[1];
4184 struct cfg80211_scan_request *request;
4185 struct nlattr *attr;
4186 struct wiphy *wiphy;
4187 int err, tmp, n_ssids = 0, n_channels, i;
4188 size_t ie_len;
4189
4190 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4191 return -EINVAL;
4192
4193 wiphy = &rdev->wiphy;
4194
4195 if (!rdev->ops->scan)
4196 return -EOPNOTSUPP;
4197
4198 if (rdev->scan_req)
4199 return -EBUSY;
4200
4201 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4202 n_channels = validate_scan_freqs(
4203 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4204 if (!n_channels)
4205 return -EINVAL;
4206 } else {
4207 enum ieee80211_band band;
4208 n_channels = 0;
4209
4210 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4211 if (wiphy->bands[band])
4212 n_channels += wiphy->bands[band]->n_channels;
4213 }
4214
4215 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4216 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
4217 n_ssids++;
4218
4219 if (n_ssids > wiphy->max_scan_ssids)
4220 return -EINVAL;
4221
4222 if (info->attrs[NL80211_ATTR_IE])
4223 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4224 else
4225 ie_len = 0;
4226
4227 if (ie_len > wiphy->max_scan_ie_len)
4228 return -EINVAL;
4229
4230 request = kzalloc(sizeof(*request)
4231 + sizeof(*request->ssids) * n_ssids
4232 + sizeof(*request->channels) * n_channels
4233 + ie_len, GFP_KERNEL);
4234 if (!request)
4235 return -ENOMEM;
4236
4237 if (n_ssids)
4238 request->ssids = (void *)&request->channels[n_channels];
4239 request->n_ssids = n_ssids;
4240 if (ie_len) {
4241 if (request->ssids)
4242 request->ie = (void *)(request->ssids + n_ssids);
4243 else
4244 request->ie = (void *)(request->channels + n_channels);
4245 }
4246
4247 i = 0;
4248 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4249
4250 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
4251 struct ieee80211_channel *chan;
4252
4253 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4254
4255 if (!chan) {
4256 err = -EINVAL;
4257 goto out_free;
4258 }
4259
4260
4261 if (chan->flags & IEEE80211_CHAN_DISABLED)
4262 continue;
4263
4264 request->channels[i] = chan;
4265 i++;
4266 }
4267 } else {
4268 enum ieee80211_band band;
4269
4270
4271 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4272 int j;
4273 if (!wiphy->bands[band])
4274 continue;
4275 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4276 struct ieee80211_channel *chan;
4277
4278 chan = &wiphy->bands[band]->channels[j];
4279
4280 if (chan->flags & IEEE80211_CHAN_DISABLED)
4281 continue;
4282
4283 request->channels[i] = chan;
4284 i++;
4285 }
4286 }
4287 }
4288
4289 if (!i) {
4290 err = -EINVAL;
4291 goto out_free;
4292 }
4293
4294 request->n_channels = i;
4295
4296 i = 0;
4297 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4298 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
4299 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4300 err = -EINVAL;
4301 goto out_free;
4302 }
4303 request->ssids[i].ssid_len = nla_len(attr);
4304 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
4305 i++;
4306 }
4307 }
4308
4309 if (info->attrs[NL80211_ATTR_IE]) {
4310 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4311 memcpy((void *)request->ie,
4312 nla_data(info->attrs[NL80211_ATTR_IE]),
4313 request->ie_len);
4314 }
4315
4316 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
4317 if (wiphy->bands[i])
4318 request->rates[i] =
4319 (1 << wiphy->bands[i]->n_bitrates) - 1;
4320
4321 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
4322 nla_for_each_nested(attr,
4323 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
4324 tmp) {
4325 enum ieee80211_band band = nla_type(attr);
4326
4327 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4328 err = -EINVAL;
4329 goto out_free;
4330 }
4331 err = ieee80211_get_ratemask(wiphy->bands[band],
4332 nla_data(attr),
4333 nla_len(attr),
4334 &request->rates[band]);
4335 if (err)
4336 goto out_free;
4337 }
4338 }
4339
4340 request->no_cck =
4341 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
4342
4343 request->wdev = wdev;
4344 request->wiphy = &rdev->wiphy;
4345
4346 rdev->scan_req = request;
4347 err = rdev->ops->scan(&rdev->wiphy, request);
4348
4349 if (!err) {
4350 nl80211_send_scan_start(rdev, wdev);
4351 if (wdev->netdev)
4352 dev_hold(wdev->netdev);
4353 } else {
4354 out_free:
4355 rdev->scan_req = NULL;
4356 kfree(request);
4357 }
4358
4359 return err;
4360}
4361
4362static int nl80211_start_sched_scan(struct sk_buff *skb,
4363 struct genl_info *info)
4364{
4365 struct cfg80211_sched_scan_request *request;
4366 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4367 struct net_device *dev = info->user_ptr[1];
4368 struct nlattr *attr;
4369 struct wiphy *wiphy;
4370 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
4371 u32 interval;
4372 enum ieee80211_band band;
4373 size_t ie_len;
4374 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
4375
4376 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4377 !rdev->ops->sched_scan_start)
4378 return -EOPNOTSUPP;
4379
4380 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4381 return -EINVAL;
4382
4383 if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
4384 return -EINVAL;
4385
4386 interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
4387 if (interval == 0)
4388 return -EINVAL;
4389
4390 wiphy = &rdev->wiphy;
4391
4392 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4393 n_channels = validate_scan_freqs(
4394 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4395 if (!n_channels)
4396 return -EINVAL;
4397 } else {
4398 n_channels = 0;
4399
4400 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4401 if (wiphy->bands[band])
4402 n_channels += wiphy->bands[band]->n_channels;
4403 }
4404
4405 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4406 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4407 tmp)
4408 n_ssids++;
4409
4410 if (n_ssids > wiphy->max_sched_scan_ssids)
4411 return -EINVAL;
4412
4413 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
4414 nla_for_each_nested(attr,
4415 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4416 tmp)
4417 n_match_sets++;
4418
4419 if (n_match_sets > wiphy->max_match_sets)
4420 return -EINVAL;
4421
4422 if (info->attrs[NL80211_ATTR_IE])
4423 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4424 else
4425 ie_len = 0;
4426
4427 if (ie_len > wiphy->max_sched_scan_ie_len)
4428 return -EINVAL;
4429
4430 mutex_lock(&rdev->sched_scan_mtx);
4431
4432 if (rdev->sched_scan_req) {
4433 err = -EINPROGRESS;
4434 goto out;
4435 }
4436
4437 request = kzalloc(sizeof(*request)
4438 + sizeof(*request->ssids) * n_ssids
4439 + sizeof(*request->match_sets) * n_match_sets
4440 + sizeof(*request->channels) * n_channels
4441 + ie_len, GFP_KERNEL);
4442 if (!request) {
4443 err = -ENOMEM;
4444 goto out;
4445 }
4446
4447 if (n_ssids)
4448 request->ssids = (void *)&request->channels[n_channels];
4449 request->n_ssids = n_ssids;
4450 if (ie_len) {
4451 if (request->ssids)
4452 request->ie = (void *)(request->ssids + n_ssids);
4453 else
4454 request->ie = (void *)(request->channels + n_channels);
4455 }
4456
4457 if (n_match_sets) {
4458 if (request->ie)
4459 request->match_sets = (void *)(request->ie + ie_len);
4460 else if (request->ssids)
4461 request->match_sets =
4462 (void *)(request->ssids + n_ssids);
4463 else
4464 request->match_sets =
4465 (void *)(request->channels + n_channels);
4466 }
4467 request->n_match_sets = n_match_sets;
4468
4469 i = 0;
4470 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4471
4472 nla_for_each_nested(attr,
4473 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
4474 tmp) {
4475 struct ieee80211_channel *chan;
4476
4477 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4478
4479 if (!chan) {
4480 err = -EINVAL;
4481 goto out_free;
4482 }
4483
4484
4485 if (chan->flags & IEEE80211_CHAN_DISABLED)
4486 continue;
4487
4488 request->channels[i] = chan;
4489 i++;
4490 }
4491 } else {
4492
4493 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4494 int j;
4495 if (!wiphy->bands[band])
4496 continue;
4497 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4498 struct ieee80211_channel *chan;
4499
4500 chan = &wiphy->bands[band]->channels[j];
4501
4502 if (chan->flags & IEEE80211_CHAN_DISABLED)
4503 continue;
4504
4505 request->channels[i] = chan;
4506 i++;
4507 }
4508 }
4509 }
4510
4511 if (!i) {
4512 err = -EINVAL;
4513 goto out_free;
4514 }
4515
4516 request->n_channels = i;
4517
4518 i = 0;
4519 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4520 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4521 tmp) {
4522 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4523 err = -EINVAL;
4524 goto out_free;
4525 }
4526 request->ssids[i].ssid_len = nla_len(attr);
4527 memcpy(request->ssids[i].ssid, nla_data(attr),
4528 nla_len(attr));
4529 i++;
4530 }
4531 }
4532
4533 i = 0;
4534 if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4535 nla_for_each_nested(attr,
4536 info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4537 tmp) {
4538 struct nlattr *ssid, *rssi;
4539
4540 nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4541 nla_data(attr), nla_len(attr),
4542 nl80211_match_policy);
4543 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
4544 if (ssid) {
4545 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4546 err = -EINVAL;
4547 goto out_free;
4548 }
4549 memcpy(request->match_sets[i].ssid.ssid,
4550 nla_data(ssid), nla_len(ssid));
4551 request->match_sets[i].ssid.ssid_len =
4552 nla_len(ssid);
4553 }
4554 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
4555 if (rssi)
4556 request->rssi_thold = nla_get_u32(rssi);
4557 else
4558 request->rssi_thold =
4559 NL80211_SCAN_RSSI_THOLD_OFF;
4560 i++;
4561 }
4562 }
4563
4564 if (info->attrs[NL80211_ATTR_IE]) {
4565 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4566 memcpy((void *)request->ie,
4567 nla_data(info->attrs[NL80211_ATTR_IE]),
4568 request->ie_len);
4569 }
4570
4571 request->dev = dev;
4572 request->wiphy = &rdev->wiphy;
4573 request->interval = interval;
4574
4575 err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
4576 if (!err) {
4577 rdev->sched_scan_req = request;
4578 nl80211_send_sched_scan(rdev, dev,
4579 NL80211_CMD_START_SCHED_SCAN);
4580 goto out;
4581 }
4582
4583out_free:
4584 kfree(request);
4585out:
4586 mutex_unlock(&rdev->sched_scan_mtx);
4587 return err;
4588}
4589
4590static int nl80211_stop_sched_scan(struct sk_buff *skb,
4591 struct genl_info *info)
4592{
4593 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4594 int err;
4595
4596 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4597 !rdev->ops->sched_scan_stop)
4598 return -EOPNOTSUPP;
4599
4600 mutex_lock(&rdev->sched_scan_mtx);
4601 err = __cfg80211_stop_sched_scan(rdev, false);
4602 mutex_unlock(&rdev->sched_scan_mtx);
4603
4604 return err;
4605}
4606
4607static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4608 u32 seq, int flags,
4609 struct cfg80211_registered_device *rdev,
4610 struct wireless_dev *wdev,
4611 struct cfg80211_internal_bss *intbss)
4612{
4613 struct cfg80211_bss *res = &intbss->pub;
4614 void *hdr;
4615 struct nlattr *bss;
4616
4617 ASSERT_WDEV_LOCK(wdev);
4618
4619 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
4620 NL80211_CMD_NEW_SCAN_RESULTS);
4621 if (!hdr)
4622 return -1;
4623
4624 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4625
4626 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) ||
4627 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
4628 goto nla_put_failure;
4629
4630 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4631 if (!bss)
4632 goto nla_put_failure;
4633 if ((!is_zero_ether_addr(res->bssid) &&
4634 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) ||
4635 (res->information_elements && res->len_information_elements &&
4636 nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4637 res->len_information_elements,
4638 res->information_elements)) ||
4639 (res->beacon_ies && res->len_beacon_ies &&
4640 res->beacon_ies != res->information_elements &&
4641 nla_put(msg, NL80211_BSS_BEACON_IES,
4642 res->len_beacon_ies, res->beacon_ies)))
4643 goto nla_put_failure;
4644 if (res->tsf &&
4645 nla_put_u64(msg, NL80211_BSS_TSF, res->tsf))
4646 goto nla_put_failure;
4647 if (res->beacon_interval &&
4648 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
4649 goto nla_put_failure;
4650 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
4651 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
4652 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
4653 jiffies_to_msecs(jiffies - intbss->ts)))
4654 goto nla_put_failure;
4655
4656 switch (rdev->wiphy.signal_type) {
4657 case CFG80211_SIGNAL_TYPE_MBM:
4658 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
4659 goto nla_put_failure;
4660 break;
4661 case CFG80211_SIGNAL_TYPE_UNSPEC:
4662 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
4663 goto nla_put_failure;
4664 break;
4665 default:
4666 break;
4667 }
4668
4669 switch (wdev->iftype) {
4670 case NL80211_IFTYPE_P2P_CLIENT:
4671 case NL80211_IFTYPE_STATION:
4672 if (intbss == wdev->current_bss &&
4673 nla_put_u32(msg, NL80211_BSS_STATUS,
4674 NL80211_BSS_STATUS_ASSOCIATED))
4675 goto nla_put_failure;
4676 break;
4677 case NL80211_IFTYPE_ADHOC:
4678 if (intbss == wdev->current_bss &&
4679 nla_put_u32(msg, NL80211_BSS_STATUS,
4680 NL80211_BSS_STATUS_IBSS_JOINED))
4681 goto nla_put_failure;
4682 break;
4683 default:
4684 break;
4685 }
4686
4687 nla_nest_end(msg, bss);
4688
4689 return genlmsg_end(msg, hdr);
4690
4691 nla_put_failure:
4692 genlmsg_cancel(msg, hdr);
4693 return -EMSGSIZE;
4694}
4695
4696static int nl80211_dump_scan(struct sk_buff *skb,
4697 struct netlink_callback *cb)
4698{
4699 struct cfg80211_registered_device *rdev;
4700 struct net_device *dev;
4701 struct cfg80211_internal_bss *scan;
4702 struct wireless_dev *wdev;
4703 int start = cb->args[1], idx = 0;
4704 int err;
4705
4706 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4707 if (err)
4708 return err;
4709
4710 wdev = dev->ieee80211_ptr;
4711
4712 wdev_lock(wdev);
4713 spin_lock_bh(&rdev->bss_lock);
4714 cfg80211_bss_expire(rdev);
4715
4716 cb->seq = rdev->bss_generation;
4717
4718 list_for_each_entry(scan, &rdev->bss_list, list) {
4719 if (++idx <= start)
4720 continue;
4721 if (nl80211_send_bss(skb, cb,
4722 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4723 rdev, wdev, scan) < 0) {
4724 idx--;
4725 break;
4726 }
4727 }
4728
4729 spin_unlock_bh(&rdev->bss_lock);
4730 wdev_unlock(wdev);
4731
4732 cb->args[1] = idx;
4733 nl80211_finish_netdev_dump(rdev);
4734
4735 return skb->len;
4736}
4737
4738static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
4739 int flags, struct net_device *dev,
4740 struct survey_info *survey)
4741{
4742 void *hdr;
4743 struct nlattr *infoattr;
4744
4745 hdr = nl80211hdr_put(msg, portid, seq, flags,
4746 NL80211_CMD_NEW_SURVEY_RESULTS);
4747 if (!hdr)
4748 return -ENOMEM;
4749
4750 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
4751 goto nla_put_failure;
4752
4753 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4754 if (!infoattr)
4755 goto nla_put_failure;
4756
4757 if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4758 survey->channel->center_freq))
4759 goto nla_put_failure;
4760
4761 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
4762 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
4763 goto nla_put_failure;
4764 if ((survey->filled & SURVEY_INFO_IN_USE) &&
4765 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
4766 goto nla_put_failure;
4767 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
4768 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4769 survey->channel_time))
4770 goto nla_put_failure;
4771 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
4772 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4773 survey->channel_time_busy))
4774 goto nla_put_failure;
4775 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
4776 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4777 survey->channel_time_ext_busy))
4778 goto nla_put_failure;
4779 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
4780 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4781 survey->channel_time_rx))
4782 goto nla_put_failure;
4783 if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
4784 nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4785 survey->channel_time_tx))
4786 goto nla_put_failure;
4787
4788 nla_nest_end(msg, infoattr);
4789
4790 return genlmsg_end(msg, hdr);
4791
4792 nla_put_failure:
4793 genlmsg_cancel(msg, hdr);
4794 return -EMSGSIZE;
4795}
4796
4797static int nl80211_dump_survey(struct sk_buff *skb,
4798 struct netlink_callback *cb)
4799{
4800 struct survey_info survey;
4801 struct cfg80211_registered_device *dev;
4802 struct net_device *netdev;
4803 int survey_idx = cb->args[1];
4804 int res;
4805
4806 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
4807 if (res)
4808 return res;
4809
4810 if (!dev->ops->dump_survey) {
4811 res = -EOPNOTSUPP;
4812 goto out_err;
4813 }
4814
4815 while (1) {
4816 struct ieee80211_channel *chan;
4817
4818 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
4819 &survey);
4820 if (res == -ENOENT)
4821 break;
4822 if (res)
4823 goto out_err;
4824
4825
4826 if (!survey.channel) {
4827 res = -EINVAL;
4828 goto out;
4829 }
4830
4831 chan = ieee80211_get_channel(&dev->wiphy,
4832 survey.channel->center_freq);
4833 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
4834 survey_idx++;
4835 continue;
4836 }
4837
4838 if (nl80211_send_survey(skb,
4839 NETLINK_CB(cb->skb).portid,
4840 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4841 netdev,
4842 &survey) < 0)
4843 goto out;
4844 survey_idx++;
4845 }
4846
4847 out:
4848 cb->args[1] = survey_idx;
4849 res = skb->len;
4850 out_err:
4851 nl80211_finish_netdev_dump(dev);
4852 return res;
4853}
4854
4855static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
4856{
4857 return auth_type <= NL80211_AUTHTYPE_MAX;
4858}
4859
4860static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4861{
4862 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
4863 NL80211_WPA_VERSION_2));
4864}
4865
4866static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4867{
4868 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4869 struct net_device *dev = info->user_ptr[1];
4870 struct ieee80211_channel *chan;
4871 const u8 *bssid, *ssid, *ie = NULL;
4872 int err, ssid_len, ie_len = 0;
4873 enum nl80211_auth_type auth_type;
4874 struct key_parse key;
4875 bool local_state_change;
4876
4877 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4878 return -EINVAL;
4879
4880 if (!info->attrs[NL80211_ATTR_MAC])
4881 return -EINVAL;
4882
4883 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
4884 return -EINVAL;
4885
4886 if (!info->attrs[NL80211_ATTR_SSID])
4887 return -EINVAL;
4888
4889 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
4890 return -EINVAL;
4891
4892 err = nl80211_parse_key(info, &key);
4893 if (err)
4894 return err;
4895
4896 if (key.idx >= 0) {
4897 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
4898 return -EINVAL;
4899 if (!key.p.key || !key.p.key_len)
4900 return -EINVAL;
4901 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
4902 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
4903 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
4904 key.p.key_len != WLAN_KEY_LEN_WEP104))
4905 return -EINVAL;
4906 if (key.idx > 4)
4907 return -EINVAL;
4908 } else {
4909 key.p.key_len = 0;
4910 key.p.key = NULL;
4911 }
4912
4913 if (key.idx >= 0) {
4914 int i;
4915 bool ok = false;
4916 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
4917 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
4918 ok = true;
4919 break;
4920 }
4921 }
4922 if (!ok)
4923 return -EINVAL;
4924 }
4925
4926 if (!rdev->ops->auth)
4927 return -EOPNOTSUPP;
4928
4929 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4930 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4931 return -EOPNOTSUPP;
4932
4933 bssid = nla_data(info->
