nl80211.c 324.4 KB
Newer Older
1 2 3
/*
 * This is the new netlink-based wireless configuration interface.
 *
4
 * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5
 * Copyright 2013-2014  Intel Mobile Communications GmbH
6 7 8 9 10
 */

#include <linux/if.h>
#include <linux/module.h>
#include <linux/err.h>
11
#include <linux/slab.h>
12 13 14 15 16 17
#include <linux/list.h>
#include <linux/if_ether.h>
#include <linux/ieee80211.h>
#include <linux/nl80211.h>
#include <linux/rtnetlink.h>
#include <linux/netlink.h>
18
#include <linux/etherdevice.h>
19
#include <net/net_namespace.h>
20 21
#include <net/genetlink.h>
#include <net/cfg80211.h>
22
#include <net/sock.h>
23
#include <net/inet_connection_sock.h>
24 25
#include "core.h"
#include "nl80211.h"
26
#include "reg.h"
27
#include "rdev-ops.h"
28

29 30 31 32 33
static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
				   struct genl_info *info,
				   struct cfg80211_crypto_settings *settings,
				   int cipher_limit);

J
Johannes Berg 已提交
34
static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
35
			    struct genl_info *info);
J
Johannes Berg 已提交
36
static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
37 38
			      struct genl_info *info);

39 40
/* the netlink family */
static struct genl_family nl80211_fam = {
41 42 43 44
	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
	.hdrsize = 0,			/* no private header */
	.version = 1,			/* no particular meaning now */
45
	.maxattr = NL80211_ATTR_MAX,
46
	.netnsok = true,
47 48
	.pre_doit = nl80211_pre_doit,
	.post_doit = nl80211_post_doit,
49 50
};

51 52 53 54 55 56
/* multicast groups */
enum nl80211_multicast_groups {
	NL80211_MCGRP_CONFIG,
	NL80211_MCGRP_SCAN,
	NL80211_MCGRP_REGULATORY,
	NL80211_MCGRP_MLME,
57
	NL80211_MCGRP_VENDOR,
58 59 60 61 62 63 64 65
	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
};

static const struct genl_multicast_group nl80211_mcgrps[] = {
	[NL80211_MCGRP_CONFIG] = { .name = "config", },
	[NL80211_MCGRP_SCAN] = { .name = "scan", },
	[NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
	[NL80211_MCGRP_MLME] = { .name = "mlme", },
66
	[NL80211_MCGRP_VENDOR] = { .name = "vendor", },
67 68 69 70 71
#ifdef CONFIG_NL80211_TESTMODE
	[NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
#endif
};

72 73 74
/* returns ERR_PTR values */
static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
75
{
76 77 78 79 80 81 82
	struct cfg80211_registered_device *rdev;
	struct wireless_dev *result = NULL;
	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
	u64 wdev_id;
	int wiphy_idx = -1;
	int ifidx = -1;
83

84
	ASSERT_RTNL();
85

86 87
	if (!have_ifidx && !have_wdev_id)
		return ERR_PTR(-EINVAL);
88

89 90 91 92 93
	if (have_ifidx)
		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
	if (have_wdev_id) {
		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
		wiphy_idx = wdev_id >> 32;
94 95
	}

96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
		struct wireless_dev *wdev;

		if (wiphy_net(&rdev->wiphy) != netns)
			continue;

		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
			continue;

		list_for_each_entry(wdev, &rdev->wdev_list, list) {
			if (have_ifidx && wdev->netdev &&
			    wdev->netdev->ifindex == ifidx) {
				result = wdev;
				break;
			}
			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
				result = wdev;
				break;
			}
		}

		if (result)
			break;
	}

	if (result)
		return result;
	return ERR_PTR(-ENODEV);
124 125
}

126
static struct cfg80211_registered_device *
127
__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
128
{
129 130
	struct cfg80211_registered_device *rdev = NULL, *tmp;
	struct net_device *netdev;
131

132
	ASSERT_RTNL();
133

134
	if (!attrs[NL80211_ATTR_WIPHY] &&
135 136
	    !attrs[NL80211_ATTR_IFINDEX] &&
	    !attrs[NL80211_ATTR_WDEV])
137 138
		return ERR_PTR(-EINVAL);

139
	if (attrs[NL80211_ATTR_WIPHY])
140
		rdev = cfg80211_rdev_by_wiphy_idx(
141
				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
142

143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166
	if (attrs[NL80211_ATTR_WDEV]) {
		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
		struct wireless_dev *wdev;
		bool found = false;

		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
		if (tmp) {
			/* make sure wdev exists */
			list_for_each_entry(wdev, &tmp->wdev_list, list) {
				if (wdev->identifier != (u32)wdev_id)
					continue;
				found = true;
				break;
			}

			if (!found)
				tmp = NULL;

			if (rdev && tmp != rdev)
				return ERR_PTR(-EINVAL);
			rdev = tmp;
		}
	}

167 168
	if (attrs[NL80211_ATTR_IFINDEX]) {
		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
169
		netdev = __dev_get_by_index(netns, ifindex);
170 171
		if (netdev) {
			if (netdev->ieee80211_ptr)
172 173
				tmp = wiphy_to_rdev(
					netdev->ieee80211_ptr->wiphy);
174 175 176 177 178 179 180 181 182 183 184 185
			else
				tmp = NULL;

			/* not wireless device -- return error */
			if (!tmp)
				return ERR_PTR(-EINVAL);

			/* mismatch -- return error */
			if (rdev && tmp != rdev)
				return ERR_PTR(-EINVAL);

			rdev = tmp;
186 187 188
		}
	}

J
Johannes Berg 已提交
189 190
	if (!rdev)
		return ERR_PTR(-ENODEV);
191

J
Johannes Berg 已提交
192 193 194 195
	if (netns != wiphy_net(&rdev->wiphy))
		return ERR_PTR(-ENODEV);

	return rdev;
196 197 198 199 200 201 202 203 204 205
}

/*
 * This function returns a pointer to the driver
 * that the genl_info item that is passed refers to.
 *
 * The result of this can be a PTR_ERR and hence must
 * be checked with IS_ERR() for errors.
 */
static struct cfg80211_registered_device *
J
Johannes Berg 已提交
206
cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
207
{
208
	return __cfg80211_rdev_from_attrs(netns, info->attrs);
209 210
}

211
/* policy for the attributes */
A
Alexey Dobriyan 已提交
212
static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
213 214
	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
215
				      .len = 20-1 },
216
	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
217

218
	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
S
Sujith 已提交
219
	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
220 221 222 223
	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },

224 225 226 227
	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
228
	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
229
	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
230 231 232 233

	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
234

E
Eliad Peller 已提交
235 236
	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
237

238
	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
239 240 241 242 243
	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
				    .len = WLAN_MAX_KEY_LEN },
	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
244
	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
245
	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
246 247 248 249 250 251 252

	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
				       .len = IEEE80211_MAX_DATA_LEN },
	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
				       .len = IEEE80211_MAX_DATA_LEN },
253 254 255 256 257
	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
					       .len = NL80211_MAX_SUPP_RATES },
258
	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
259
	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
J
Johannes Berg 已提交
260
	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
261
	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
262
				   .len = IEEE80211_MAX_MESH_ID_LEN },
263
	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
264

265 266 267
	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },

268 269 270
	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
271 272
	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
					   .len = NL80211_MAX_SUPP_RATES },
273
	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
274

275
	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
276
	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
277

278
	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
279 280 281 282

	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
			      .len = IEEE80211_MAX_DATA_LEN },
283 284
	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
285 286 287 288 289

	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
				.len = IEEE80211_MAX_SSID_LEN },
	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
J
Johannes Berg 已提交
290
	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
291
	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
292
	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
293 294 295
	[NL80211_ATTR_STA_FLAGS2] = {
		.len = sizeof(struct nl80211_sta_flag_update),
	},
296
	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
297 298
	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
S
Samuel Ortiz 已提交
299 300 301
	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
302
	[NL80211_ATTR_PID] = { .type = NLA_U32 },
303
	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
S
Samuel Ortiz 已提交
304 305
	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
				 .len = WLAN_PMKID_LEN },
306 307
	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
308
	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
309 310 311
	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
				 .len = IEEE80211_MAX_DATA_LEN },
	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
K
Kalle Valo 已提交
312
	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
313
	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
314
	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
315
	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
316 317
	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
318
	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
319 320
	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
321
	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
322
	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
323
	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
J
Johannes Berg 已提交
324
	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
325
	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
326
	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
327
	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
328
	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
329
	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
330 331 332 333
	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
					 .len = IEEE80211_MAX_DATA_LEN },
	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
					 .len = IEEE80211_MAX_DATA_LEN },
334
	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
335
	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
336
	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
337 338 339 340 341
	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
342
	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
343
	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
344 345
	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
				      .len = IEEE80211_MAX_DATA_LEN },
346
	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
347 348 349 350
	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
		.len = NL80211_HT_CAPABILITY_LEN
	},
351
	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
352
	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
353
	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
354
	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
355
	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
356
	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
M
Mahesh Palivela 已提交
357
	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
358
	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
359 360
	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
361 362
	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
363 364
	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
365
	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
366 367 368 369
	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
		.len = NL80211_VHT_CAPABILITY_LEN,
	},
370 371 372
	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
				  .len = IEEE80211_MAX_DATA_LEN },
373
	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
374 375 376
	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
377 378
	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
379 380
	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
381
	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
382
	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
J
Johannes Berg 已提交
383 384 385
	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
386 387
	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
				   .len = IEEE80211_QOS_MAP_LEN_MAX },
388 389
	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
390
	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
391
	[NL80211_ATTR_IFACE_SOCKET_OWNER] = { .type = NLA_FLAG },
392
	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
393
	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
394 395 396
	[NL80211_ATTR_TSID] = { .type = NLA_U8 },
	[NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
397
	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
398 399
};

400
/* policy for the key attributes */
A
Alexey Dobriyan 已提交
401
static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
J
Johannes Berg 已提交
402
	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
403 404
	[NL80211_KEY_IDX] = { .type = NLA_U8 },
	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
405
	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
406 407
	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
408
	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
409 410 411 412 413 414 415 416
	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
};

/* policy for the key default flags */
static const struct nla_policy
nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
417 418
};

J
Johannes Berg 已提交
419 420 421 422 423 424 425
/* policy for WoWLAN attributes */
static const struct nla_policy
nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
426 427 428 429
	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449
	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
};

static const struct nla_policy
nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
	},
	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
	},
	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
J
Johannes Berg 已提交
450 451
};

452 453 454 455 456 457 458 459
/* policy for coalesce rule attributes */
static const struct nla_policy
nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
};

460 461 462 463 464 465 466 467
/* policy for GTK rekey offload attributes */
static const struct nla_policy
nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
};

468 469
static const struct nla_policy
nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
470
	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
471
						 .len = IEEE80211_MAX_SSID_LEN },
472
	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
473 474
};

475 476 477 478
static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
				     struct netlink_callback *cb,
				     struct cfg80211_registered_device **rdev,
				     struct wireless_dev **wdev)
479
{
480
	int err;
481

482
	rtnl_lock();
483

484 485 486 487 488 489
	if (!cb->args[0]) {
		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
				  nl80211_policy);
		if (err)
			goto out_unlock;
490

491 492 493 494 495 496
		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
						   nl80211_fam.attrbuf);
		if (IS_ERR(*wdev)) {
			err = PTR_ERR(*wdev);
			goto out_unlock;
		}
497
		*rdev = wiphy_to_rdev((*wdev)->wiphy);
498 499
		/* 0 is the first index - add 1 to parse only once */
		cb->args[0] = (*rdev)->wiphy_idx + 1;
500 501
		cb->args[1] = (*wdev)->identifier;
	} else {
502 503
		/* subtract the 1 again here */
		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
504
		struct wireless_dev *tmp;
505

506 507 508 509
		if (!wiphy) {
			err = -ENODEV;
			goto out_unlock;
		}
510
		*rdev = wiphy_to_rdev(wiphy);
511
		*wdev = NULL;
512

513 514 515 516 517 518
		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
			if (tmp->identifier == cb->args[1]) {
				*wdev = tmp;
				break;
			}
		}
519

520 521 522 523
		if (!*wdev) {
			err = -ENODEV;
			goto out_unlock;
		}
524 525 526
	}

	return 0;
527
 out_unlock:
528 529 530 531
	rtnl_unlock();
	return err;
}

532
static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
533 534 535 536
{
	rtnl_unlock();
}

537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566
/* IE validation */
static bool is_valid_ie_attr(const struct nlattr *attr)
{
	const u8 *pos;
	int len;

	if (!attr)
		return true;

	pos = nla_data(attr);
	len = nla_len(attr);

	while (len) {
		u8 elemlen;

		if (len < 2)
			return false;
		len -= 2;

		elemlen = pos[1];
		if (elemlen > len)
			return false;

		len -= elemlen;
		pos += 2 + elemlen;
	}

	return true;
}

567
/* message building helper */
568
static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
569 570 571
				   int flags, u8 cmd)
{
	/* since there is no private header just add the generic one */
572
	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
573 574
}

575
static int nl80211_msg_put_channel(struct sk_buff *msg,
576 577
				   struct ieee80211_channel *chan,
				   bool large)
578
{
579 580 581 582 583 584 585
	/* Some channels must be completely excluded from the
	 * list to protect old user-space tools from breaking
	 */
	if (!large && chan->flags &
	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
		return 0;

586 587 588
	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
			chan->center_freq))
		goto nla_put_failure;
589

590 591 592
	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
		goto nla_put_failure;
593 594 595 596 597 598
	if (chan->flags & IEEE80211_CHAN_NO_IR) {
		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
			goto nla_put_failure;
		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
			goto nla_put_failure;
	}
599 600 601 602 603 604 605 606 607 608 609 610 611 612
	if (chan->flags & IEEE80211_CHAN_RADAR) {
		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
			goto nla_put_failure;
		if (large) {
			u32 time;

			time = elapsed_jiffies_msecs(chan->dfs_state_entered);

			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
					chan->dfs_state))
				goto nla_put_failure;
			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
					time))
				goto nla_put_failure;
613 614 615 616
			if (nla_put_u32(msg,
					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
					chan->dfs_cac_ms))
				goto nla_put_failure;
617 618
		}
	}
619

620 621 622 623 624 625 626 627 628 629 630 631 632
	if (large) {
		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
			goto nla_put_failure;
		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
			goto nla_put_failure;
		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
			goto nla_put_failure;
		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
			goto nla_put_failure;
633 634 635 636 637 638
		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
			goto nla_put_failure;
		if ((chan->flags & IEEE80211_CHAN_GO_CONCURRENT) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_GO_CONCURRENT))
			goto nla_put_failure;
639 640 641 642 643 644
		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
			goto nla_put_failure;
		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
			goto nla_put_failure;
645 646
	}

647 648 649
	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
			DBM_TO_MBM(chan->max_power)))
		goto nla_put_failure;
650 651 652 653 654 655 656

	return 0;

 nla_put_failure:
	return -ENOBUFS;
}

657 658
/* netlink command implementations */

659 660 661
struct key_parse {
	struct key_params p;
	int idx;
662
	int type;
663
	bool def, defmgmt;
664
	bool def_uni, def_multi;
665 666 667 668 669 670 671 672 673 674 675 676 677
};

static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
{
	struct nlattr *tb[NL80211_KEY_MAX + 1];
	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
				   nl80211_key_policy);
	if (err)
		return err;

	k->def = !!tb[NL80211_KEY_DEFAULT];
	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];

678 679 680 681 682 683 684
	if (k->def) {
		k->def_uni = true;
		k->def_multi = true;
	}
	if (k->defmgmt)
		k->def_multi = true;

685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700
	if (tb[NL80211_KEY_IDX])
		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);

	if (tb[NL80211_KEY_DATA]) {
		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
	}

	if (tb[NL80211_KEY_SEQ]) {
		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
	}

	if (tb[NL80211_KEY_CIPHER])
		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);

701 702 703 704 705 706
	if (tb[NL80211_KEY_TYPE]) {
		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
			return -EINVAL;
	}

707 708
	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
709 710 711
		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
				       tb[NL80211_KEY_DEFAULT_TYPES],
				       nl80211_key_default_policy);
712 713 714 715 716 717 718
		if (err)
			return err;

		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
	}

719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742
	return 0;
}

static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
{
	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
	}

	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
	}

	if (info->attrs[NL80211_ATTR_KEY_IDX])
		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);

	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);

	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];

743 744 745 746 747 748 749
	if (k->def) {
		k->def_uni = true;
		k->def_multi = true;
	}
	if (k->defmgmt)
		k->def_multi = true;

750 751 752 753 754 755
	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
			return -EINVAL;
	}

756 757 758 759 760 761 762 763 764 765 766 767 768
	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
		int err = nla_parse_nested(
				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
				nl80211_key_default_policy);
		if (err)
			return err;

		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
	}

769 770 771 772 773 774 775 776 777
	return 0;
}

static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
{
	int err;

	memset(k, 0, sizeof(*k));
	k->idx = -1;
778
	k->type = -1;
779 780 781 782 783 784 785 786 787 788 789 790

	if (info->attrs[NL80211_ATTR_KEY])
		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
	else
		err = nl80211_parse_key_old(info, k);

	if (err)
		return err;

	if (k->def && k->defmgmt)
		return -EINVAL;

791 792 793 794 795
	if (k->defmgmt) {
		if (k->def_uni || !k->def_multi)
			return -EINVAL;
	}

796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811
	if (k->idx != -1) {
		if (k->defmgmt) {
			if (k->idx < 4 || k->idx > 5)
				return -EINVAL;
		} else if (k->def) {
			if (k->idx < 0 || k->idx > 3)
				return -EINVAL;
		} else {
			if (k->idx < 0 || k->idx > 5)
				return -EINVAL;
		}
	}

	return 0;
}

J
Johannes Berg 已提交
812 813
static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
814
		       struct nlattr *keys, bool *no_ht)
J
Johannes Berg 已提交
815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844
{
	struct key_parse parse;
	struct nlattr *key;
	struct cfg80211_cached_keys *result;
	int rem, err, def = 0;

	result = kzalloc(sizeof(*result), GFP_KERNEL);
	if (!result)
		return ERR_PTR(-ENOMEM);

	result->def = -1;
	result->defmgmt = -1;

	nla_for_each_nested(key, keys, rem) {
		memset(&parse, 0, sizeof(parse));
		parse.idx = -1;

		err = nl80211_parse_key_new(key, &parse);
		if (err)
			goto error;
		err = -EINVAL;
		if (!parse.p.key)
			goto error;
		if (parse.idx < 0 || parse.idx > 4)
			goto error;
		if (parse.def) {
			if (def)
				goto error;
			def = 1;
			result->def = parse.idx;
845 846
			if (!parse.def_uni || !parse.def_multi)
				goto error;
J
Johannes Berg 已提交
847 848 849
		} else if (parse.defmgmt)
			goto error;
		err = cfg80211_validate_key_settings(rdev, &parse.p,
850
						     parse.idx, false, NULL);
J
Johannes Berg 已提交
851 852 853 854 855 856
		if (err)
			goto error;
		result->params[parse.idx].cipher = parse.p.cipher;
		result->params[parse.idx].key_len = parse.p.key_len;
		result->params[parse.idx].key = result->data[parse.idx];
		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
857 858 859 860 861 862

		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
			if (no_ht)
				*no_ht = true;
		}
J
Johannes Berg 已提交
863 864 865 866 867 868 869 870 871 872 873 874 875 876 877
	}

	return result;
 error:
	kfree(result);
	return ERR_PTR(err);
}

static int nl80211_key_allowed(struct wireless_dev *wdev)
{
	ASSERT_WDEV_LOCK(wdev);

	switch (wdev->iftype) {
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
878
	case NL80211_IFTYPE_P2P_GO:
879
	case NL80211_IFTYPE_MESH_POINT:
J
Johannes Berg 已提交
880 881 882
		break;
	case NL80211_IFTYPE_ADHOC:
	case NL80211_IFTYPE_STATION:
883
	case NL80211_IFTYPE_P2P_CLIENT:
884
		if (!wdev->current_bss)
J
Johannes Berg 已提交
885 886
			return -ENOLINK;
		break;
887
	case NL80211_IFTYPE_UNSPECIFIED:
888
	case NL80211_IFTYPE_OCB:
889 890 891 892
	case NL80211_IFTYPE_MONITOR:
	case NL80211_IFTYPE_P2P_DEVICE:
	case NL80211_IFTYPE_WDS:
	case NUM_NL80211_IFTYPES:
J
Johannes Berg 已提交
893 894 895 896 897 898
		return -EINVAL;
	}

	return 0;
}

899 900 901 902 903 904 905 906 907 908 909 910 911
static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
							struct nlattr *tb)
{
	struct ieee80211_channel *chan;

	if (tb == NULL)
		return NULL;
	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
		return NULL;
	return chan;
}

912 913 914 915 916 917 918 919 920 921
static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
{
	struct nlattr *nl_modes = nla_nest_start(msg, attr);
	int i;

	if (!nl_modes)
		goto nla_put_failure;

	i = 0;
	while (ifmodes) {
922 923
		if ((ifmodes & 1) && nla_put_flag(msg, i))
			goto nla_put_failure;
924 925 926 927 928 929 930 931 932 933 934 935
		ifmodes >>= 1;
		i++;
	}

	nla_nest_end(msg, nl_modes);
	return 0;

nla_put_failure:
	return -ENOBUFS;
}

static int nl80211_put_iface_combinations(struct wiphy *wiphy,
936 937
					  struct sk_buff *msg,
					  bool large)
938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966
{
	struct nlattr *nl_combis;
	int i, j;

	nl_combis = nla_nest_start(msg,
				NL80211_ATTR_INTERFACE_COMBINATIONS);
	if (!nl_combis)
		goto nla_put_failure;

	for (i = 0; i < wiphy->n_iface_combinations; i++) {
		const struct ieee80211_iface_combination *c;
		struct nlattr *nl_combi, *nl_limits;

		c = &wiphy->iface_combinations[i];

		nl_combi = nla_nest_start(msg, i + 1);
		if (!nl_combi)
			goto nla_put_failure;

		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
		if (!nl_limits)
			goto nla_put_failure;

		for (j = 0; j < c->n_limits; j++) {
			struct nlattr *nl_limit;

			nl_limit = nla_nest_start(msg, j + 1);
			if (!nl_limit)
				goto nla_put_failure;
967 968 969
			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
					c->limits[j].max))
				goto nla_put_failure;
970 971 972 973 974 975 976 977
			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
						c->limits[j].types))
				goto nla_put_failure;
			nla_nest_end(msg, nl_limit);
		}

		nla_nest_end(msg, nl_limits);

978 979 980 981 982 983 984 985
		if (c->beacon_int_infra_match &&
		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
			goto nla_put_failure;
		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
				c->num_different_channels) ||
		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
				c->max_interfaces))
			goto nla_put_failure;
986
		if (large &&
987 988 989 990
		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
				c->radar_detect_widths) ||
		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
				c->radar_detect_regions)))
991
			goto nla_put_failure;
992 993 994 995 996 997 998 999 1000 1001 1002

		nla_nest_end(msg, nl_combi);
	}

	nla_nest_end(msg, nl_combis);

	return 0;
nla_put_failure:
	return -ENOBUFS;
}

1003
#ifdef CONFIG_PM
1004 1005 1006
static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
					struct sk_buff *msg)
{
1007
	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043
	struct nlattr *nl_tcp;

	if (!tcp)
		return 0;

	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
	if (!nl_tcp)
		return -ENOBUFS;

	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
			tcp->data_payload_max))
		return -ENOBUFS;

	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
			tcp->data_payload_max))
		return -ENOBUFS;

	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
		return -ENOBUFS;

	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
				sizeof(*tcp->tok), tcp->tok))
		return -ENOBUFS;

	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
			tcp->data_interval_max))
		return -ENOBUFS;

	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
			tcp->wake_payload_max))
		return -ENOBUFS;

	nla_nest_end(msg, nl_tcp);
	return 0;
}

1044
static int nl80211_send_wowlan(struct sk_buff *msg,
1045
			       struct cfg80211_registered_device *rdev,
1046
			       bool large)
1047
{
1048
	struct nlattr *nl_wowlan;
1049

1050
	if (!rdev->wiphy.wowlan)
1051
		return 0;
1052

1053 1054 1055
	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
	if (!nl_wowlan)
		return -ENOBUFS;
1056

1057
	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1058
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1059
	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1060
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1061
	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1062
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1063
	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1064
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1065
	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1066
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1067
	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1068
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1069
	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1070
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1071
	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1072 1073
	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
		return -ENOBUFS;
1074

1075
	if (rdev->wiphy.wowlan->n_patterns) {
1076
		struct nl80211_pattern_support pat = {
1077 1078 1079 1080
			.max_patterns = rdev->wiphy.wowlan->n_patterns,
			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1081
		};
1082

1083 1084 1085 1086
		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
			    sizeof(pat), &pat))
			return -ENOBUFS;
	}
1087

1088
	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1089 1090
		return -ENOBUFS;

1091
	nla_nest_end(msg, nl_wowlan);
1092

1093 1094 1095
	return 0;
}
#endif
1096

1097
static int nl80211_send_coalesce(struct sk_buff *msg,
1098
				 struct cfg80211_registered_device *rdev)
1099 1100 1101
{
	struct nl80211_coalesce_rule_support rule;

1102
	if (!rdev->wiphy.coalesce)
1103 1104
		return 0;

1105 1106 1107 1108 1109 1110
	rule.max_rules = rdev->wiphy.coalesce->n_rules;
	rule.max_delay = rdev->wiphy.coalesce->max_delay;
	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1111 1112 1113 1114 1115 1116 1117

	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
		return -ENOBUFS;

	return 0;
}

1118 1119 1120 1121 1122 1123
static int nl80211_send_band_rateinfo(struct sk_buff *msg,
				      struct ieee80211_supported_band *sband)
{
	struct nlattr *nl_rates, *nl_rate;
	struct ieee80211_rate *rate;
	int i;
1124

1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136
	/* add HT info */
	if (sband->ht_cap.ht_supported &&
	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
		     sizeof(sband->ht_cap.mcs),
		     &sband->ht_cap.mcs) ||
	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
			 sband->ht_cap.cap) ||
	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
			sband->ht_cap.ampdu_factor) ||
	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
			sband->ht_cap.ampdu_density)))
		return -ENOBUFS;
1137

1138 1139 1140 1141 1142 1143 1144 1145
	/* add VHT info */
	if (sband->vht_cap.vht_supported &&
	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
		     sizeof(sband->vht_cap.vht_mcs),
		     &sband->vht_cap.vht_mcs) ||
	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
			 sband->vht_cap.cap)))
		return -ENOBUFS;
1146

1147 1148 1149 1150
	/* add bitrates */
	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
	if (!nl_rates)
		return -ENOBUFS;
1151

1152 1153 1154 1155
	for (i = 0; i < sband->n_bitrates; i++) {
		nl_rate = nla_nest_start(msg, i);
		if (!nl_rate)
			return -ENOBUFS;
1156

1157 1158 1159 1160 1161 1162 1163 1164
		rate = &sband->bitrates[i];
		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
				rate->bitrate))
			return -ENOBUFS;
		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
		    nla_put_flag(msg,
				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
			return -ENOBUFS;
1165

1166 1167
		nla_nest_end(msg, nl_rate);
	}
J
Johannes Berg 已提交
1168

1169
	nla_nest_end(msg, nl_rates);
1170

1171 1172
	return 0;
}
1173

1174 1175 1176 1177 1178 1179 1180 1181
static int
nl80211_send_mgmt_stypes(struct sk_buff *msg,
			 const struct ieee80211_txrx_stypes *mgmt_stypes)
{
	u16 stypes;
	struct nlattr *nl_ftypes, *nl_ifs;
	enum nl80211_iftype ift;
	int i;
1182

1183 1184
	if (!mgmt_stypes)
		return 0;
1185

1186 1187 1188
	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
	if (!nl_ifs)
		return -ENOBUFS;
1189

1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202
	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
		nl_ftypes = nla_nest_start(msg, ift);
		if (!nl_ftypes)
			return -ENOBUFS;
		i = 0;
		stypes = mgmt_stypes[ift].tx;
		while (stypes) {
			if ((stypes & 1) &&
			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
					(i << 4) | IEEE80211_FTYPE_MGMT))
				return -ENOBUFS;
			stypes >>= 1;
			i++;
1203
		}
1204 1205
		nla_nest_end(msg, nl_ftypes);
	}
1206

1207
	nla_nest_end(msg, nl_ifs);
1208

1209 1210 1211
	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
	if (!nl_ifs)
		return -ENOBUFS;
1212

1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229
	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
		nl_ftypes = nla_nest_start(msg, ift);
		if (!nl_ftypes)
			return -ENOBUFS;
		i = 0;
		stypes = mgmt_stypes[ift].rx;
		while (stypes) {
			if ((stypes & 1) &&
			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
					(i << 4) | IEEE80211_FTYPE_MGMT))
				return -ENOBUFS;
			stypes >>= 1;
			i++;
		}
		nla_nest_end(msg, nl_ftypes);
	}
	nla_nest_end(msg, nl_ifs);
1230

1231 1232
	return 0;
}
1233

1234 1235 1236 1237 1238 1239 1240
struct nl80211_dump_wiphy_state {
	s64 filter_wiphy;
	long start;
	long split_start, band_start, chan_start;
	bool split;
};

1241
static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1242
			      enum nl80211_commands cmd,
1243
			      struct sk_buff *msg, u32 portid, u32 seq,
1244
			      int flags, struct nl80211_dump_wiphy_state *state)
1245 1246 1247 1248 1249 1250 1251 1252 1253
{
	void *hdr;
	struct nlattr *nl_bands, *nl_band;
	struct nlattr *nl_freqs, *nl_freq;
	struct nlattr *nl_cmds;
	enum ieee80211_band band;
	struct ieee80211_channel *chan;
	int i;
	const struct ieee80211_txrx_stypes *mgmt_stypes =
1254
				rdev->wiphy.mgmt_stypes;
1255
	u32 features;
1256

1257
	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1258 1259
	if (!hdr)
		return -ENOBUFS;
1260

1261 1262
	if (WARN_ON(!state))
		return -EINVAL;
1263

1264
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1265
	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1266
			   wiphy_name(&rdev->wiphy)) ||
1267 1268
	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
			cfg80211_rdev_list_generation))
1269 1270
		goto nla_put_failure;

1271 1272 1273
	if (cmd != NL80211_CMD_NEW_WIPHY)
		goto finish;

1274
	switch (state->split_start) {
1275 1276
	case 0:
		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1277
			       rdev->wiphy.retry_short) ||
1278
		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1279
			       rdev->wiphy.retry_long) ||
1280
		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1281
				rdev->wiphy.frag_threshold) ||
1282
		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1283
				rdev->wiphy.rts_threshold) ||
1284
		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1285
			       rdev->wiphy.coverage_class) ||
1286
		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1287
			       rdev->wiphy.max_scan_ssids) ||
1288
		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1289
			       rdev->wiphy.max_sched_scan_ssids) ||
1290
		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1291
				rdev->wiphy.max_scan_ie_len) ||
1292
		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1293
				rdev->wiphy.max_sched_scan_ie_len) ||
1294
		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1295
			       rdev->wiphy.max_match_sets))
1296
			goto nla_put_failure;
1297

1298
		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1299
		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1300
			goto nla_put_failure;
1301
		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1302 1303
		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
			goto nla_put_failure;
1304
		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1305 1306
		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
			goto nla_put_failure;
1307
		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1308 1309
		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
			goto nla_put_failure;
1310
		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1311 1312
		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
			goto nla_put_failure;
1313
		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1314
		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1315
			goto nla_put_failure;
1316 1317
		state->split_start++;
		if (state->split)
1318 1319 1320
			break;
	case 1:
		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1321 1322
			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
			    rdev->wiphy.cipher_suites))
1323
			goto nla_put_failure;
1324

1325
		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1326
			       rdev->wiphy.max_num_pmkids))
1327
			goto nla_put_failure;
S
Samuel Ortiz 已提交
1328

1329
		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1330
		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1331
			goto nla_put_failure;
S
Samuel Ortiz 已提交
1332

1333
		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1334
				rdev->wiphy.available_antennas_tx) ||
1335
		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1336
				rdev->wiphy.available_antennas_rx))
1337
			goto nla_put_failure;
S
Samuel Ortiz 已提交
1338

1339
		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1340
		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1341
				rdev->wiphy.probe_resp_offload))
1342
			goto nla_put_failure;
1343

1344 1345 1346
		if ((rdev->wiphy.available_antennas_tx ||
		     rdev->wiphy.available_antennas_rx) &&
		    rdev->ops->get_antenna) {
1347 1348
			u32 tx_ant = 0, rx_ant = 0;
			int res;
1349
			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1350 1351 1352 1353 1354 1355 1356 1357 1358 1359
			if (!res) {
				if (nla_put_u32(msg,
						NL80211_ATTR_WIPHY_ANTENNA_TX,
						tx_ant) ||
				    nla_put_u32(msg,
						NL80211_ATTR_WIPHY_ANTENNA_RX,
						rx_ant))
					goto nla_put_failure;
			}
		}
1360

1361 1362
		state->split_start++;
		if (state->split)
1363 1364 1365
			break;
	case 2:
		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1366
					rdev->wiphy.interface_modes))
1367
				goto nla_put_failure;
1368 1369
		state->split_start++;
		if (state->split)
1370 1371 1372 1373 1374
			break;
	case 3:
		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
		if (!nl_bands)
			goto nla_put_failure;
1375

1376 1377
		for (band = state->band_start;
		     band < IEEE80211_NUM_BANDS; band++) {
1378
			struct ieee80211_supported_band *sband;
1379

1380
			sband = rdev->wiphy.bands[band];
1381

1382 1383 1384 1385 1386
			if (!sband)
				continue;

			nl_band = nla_nest_start(msg, band);
			if (!nl_band)
1387
				goto nla_put_failure;
1388

1389
			switch (state->chan_start) {
1390 1391
			case 0:
				if (nl80211_send_band_rateinfo(msg, sband))
1392
					goto nla_put_failure;
1393 1394
				state->chan_start++;
				if (state->split)
1395 1396 1397 1398 1399 1400 1401 1402
					break;
			default:
				/* add frequencies */
				nl_freqs = nla_nest_start(
					msg, NL80211_BAND_ATTR_FREQS);
				if (!nl_freqs)
					goto nla_put_failure;

1403
				for (i = state->chan_start - 1;
1404 1405 1406 1407 1408 1409 1410 1411
				     i < sband->n_channels;
				     i++) {
					nl_freq = nla_nest_start(msg, i);
					if (!nl_freq)
						goto nla_put_failure;

					chan = &sband->channels[i];

1412 1413 1414
					if (nl80211_msg_put_channel(
							msg, chan,
							state->split))
1415 1416 1417
						goto nla_put_failure;

					nla_nest_end(msg, nl_freq);
1418
					if (state->split)
1419 1420 1421
						break;
				}
				if (i < sband->n_channels)
1422
					state->chan_start = i + 2;
1423
				else
1424
					state->chan_start = 0;
1425 1426 1427 1428 1429
				nla_nest_end(msg, nl_freqs);
			}

			nla_nest_end(msg, nl_band);

1430
			if (state->split) {
1431
				/* start again here */
1432
				if (state->chan_start)
1433 1434
					band--;
				break;
1435 1436
			}
		}
1437
		nla_nest_end(msg, nl_bands);
1438

1439
		if (band < IEEE80211_NUM_BANDS)
1440
			state->band_start = band + 1;
1441
		else
1442
			state->band_start = 0;
J
Johannes Berg 已提交
1443

1444
		/* if bands & channels are done, continue outside */
1445 1446 1447
		if (state->band_start == 0 && state->chan_start == 0)
			state->split_start++;
		if (state->split)
1448 1449 1450 1451
			break;
	case 4:
		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
		if (!nl_cmds)
1452 1453
			goto nla_put_failure;

1454 1455 1456
		i = 0;
#define CMD(op, n)							\
		 do {							\
1457
			if (rdev->ops->op) {				\
1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480
				i++;					\
				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
					goto nla_put_failure;		\
			}						\
		} while (0)

		CMD(add_virtual_intf, NEW_INTERFACE);
		CMD(change_virtual_intf, SET_INTERFACE);
		CMD(add_key, NEW_KEY);
		CMD(start_ap, START_AP);
		CMD(add_station, NEW_STATION);
		CMD(add_mpath, NEW_MPATH);
		CMD(update_mesh_config, SET_MESH_CONFIG);
		CMD(change_bss, SET_BSS);
		CMD(auth, AUTHENTICATE);
		CMD(assoc, ASSOCIATE);
		CMD(deauth, DEAUTHENTICATE);
		CMD(disassoc, DISASSOCIATE);
		CMD(join_ibss, JOIN_IBSS);
		CMD(join_mesh, JOIN_MESH);
		CMD(set_pmksa, SET_PMKSA);
		CMD(del_pmksa, DEL_PMKSA);
		CMD(flush_pmksa, FLUSH_PMKSA);
1481
		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1482 1483 1484 1485
			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
		CMD(mgmt_tx, FRAME);
		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1486
		if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1487 1488
			i++;
			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1489 1490
				goto nla_put_failure;
		}
1491 1492
		if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
		    rdev->ops->join_mesh) {
1493 1494 1495 1496 1497
			i++;
			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
				goto nla_put_failure;
		}
		CMD(set_wds_peer, SET_WDS_PEER);
1498
		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1499 1500 1501
			CMD(tdls_mgmt, TDLS_MGMT);
			CMD(tdls_oper, TDLS_OPER);
		}
1502
		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1503 1504 1505
			CMD(sched_scan_start, START_SCHED_SCAN);
		CMD(probe_client, PROBE_CLIENT);
		CMD(set_noack_map, SET_NOACK_MAP);
1506
		if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1507 1508 1509 1510 1511 1512
			i++;
			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
				goto nla_put_failure;
		}
		CMD(start_p2p_device, START_P2P_DEVICE);
		CMD(set_mcast_rate, SET_MCAST_RATE);
1513 1514 1515
#ifdef CONFIG_NL80211_TESTMODE
		CMD(testmode_cmd, TESTMODE);
#endif
1516
		if (state->split) {
1517 1518
			CMD(crit_proto_start, CRIT_PROTOCOL_START);
			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1519
			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1520
				CMD(channel_switch, CHANNEL_SWITCH);
1521
			CMD(set_qos_map, SET_QOS_MAP);
1522 1523
			if (rdev->wiphy.features &
					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1524
				CMD(add_tx_ts, ADD_TX_TS);
1525
		}
1526
		/* add into the if now */
1527
#undef CMD
J
Johannes Berg 已提交
1528

1529
		if (rdev->ops->connect || rdev->ops->auth) {
1530 1531
			i++;
			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1532
				goto nla_put_failure;
J
Johannes Berg 已提交
1533 1534
		}

1535
		if (rdev->ops->disconnect || rdev->ops->deauth) {
1536 1537 1538 1539 1540 1541
			i++;
			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
				goto nla_put_failure;
		}

		nla_nest_end(msg, nl_cmds);
1542 1543
		state->split_start++;
		if (state->split)
1544 1545
			break;
	case 5:
1546 1547
		if (rdev->ops->remain_on_channel &&
		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1548 1549
		    nla_put_u32(msg,
				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1550
				rdev->wiphy.max_remain_on_channel_duration))
1551 1552
			goto nla_put_failure;

1553
		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1554 1555 1556 1557 1558
		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
			goto nla_put_failure;

		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
			goto nla_put_failure;
1559 1560
		state->split_start++;
		if (state->split)
1561 1562 1563
			break;
	case 6:
#ifdef CONFIG_PM
1564
		if (nl80211_send_wowlan(msg, rdev, state->split))
1565
			goto nla_put_failure;
1566 1567
		state->split_start++;
		if (state->split)
1568 1569
			break;
#else
1570
		state->split_start++;
1571
#endif
1572 1573
	case 7:
		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1574
					rdev->wiphy.software_iftypes))
1575
			goto nla_put_failure;
J
Johannes Berg 已提交
1576

1577
		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1578
						   state->split))
1579
			goto nla_put_failure;
1580

1581 1582
		state->split_start++;
		if (state->split)
1583 1584
			break;
	case 8:
1585
		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1586
		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1587
				rdev->wiphy.ap_sme_capa))
1588
			goto nla_put_failure;
1589

1590
		features = rdev->wiphy.features;
1591 1592 1593 1594 1595
		/*
		 * We can only add the per-channel limit information if the
		 * dump is split, otherwise it makes it too big. Therefore
		 * only advertise it in that case.
		 */
1596
		if (state->split)
1597 1598
			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1599
			goto nla_put_failure;
J
Johannes Berg 已提交
1600

1601
		if (rdev->wiphy.ht_capa_mod_mask &&
1602
		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1603 1604
			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
			    rdev->wiphy.ht_capa_mod_mask))
1605
			goto nla_put_failure;
1606

1607 1608
		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
		    rdev->wiphy.max_acl_mac_addrs &&
1609
		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1610
				rdev->wiphy.max_acl_mac_addrs))
1611
			goto nla_put_failure;
1612

1613 1614 1615 1616 1617 1618 1619 1620 1621 1622
		/*
		 * Any information below this point is only available to
		 * applications that can deal with it being split. This
		 * helps ensure that newly added capabilities don't break
		 * older tools by overrunning their buffers.
		 *
		 * We still increment split_start so that in the split
		 * case we'll continue with more data in the next round,
		 * but break unconditionally so unsplit data stops here.
		 */
1623
		state->split_start++;
1624 1625
		break;
	case 9:
1626
		if (rdev->wiphy.extended_capabilities &&
1627
		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1628 1629
			     rdev->wiphy.extended_capabilities_len,
			     rdev->wiphy.extended_capabilities) ||
1630
		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1631 1632
			     rdev->wiphy.extended_capabilities_len,
			     rdev->wiphy.extended_capabilities_mask)))
1633
			goto nla_put_failure;
1634

1635
		if (rdev->wiphy.vht_capa_mod_mask &&
1636
		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1637 1638
			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
			    rdev->wiphy.vht_capa_mod_mask))
1639 1640
			goto nla_put_failure;

1641 1642 1643
		state->split_start++;
		break;
	case 10:
1644
		if (nl80211_send_coalesce(msg, rdev))
1645 1646
			goto nla_put_failure;

1647
		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1648 1649 1650
		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
			goto nla_put_failure;
1651

1652
		if (rdev->wiphy.max_ap_assoc_sta &&
1653
		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1654
				rdev->wiphy.max_ap_assoc_sta))
1655 1656
			goto nla_put_failure;

J
Johannes Berg 已提交
1657 1658 1659
		state->split_start++;
		break;
	case 11:
1660
		if (rdev->wiphy.n_vendor_commands) {
1661 1662 1663 1664 1665 1666 1667
			const struct nl80211_vendor_cmd_info *info;
			struct nlattr *nested;

			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
			if (!nested)
				goto nla_put_failure;

1668 1669
			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
				info = &rdev->wiphy.vendor_commands[i].info;
1670 1671 1672 1673 1674 1675
				if (nla_put(msg, i + 1, sizeof(*info), info))
					goto nla_put_failure;
			}
			nla_nest_end(msg, nested);
		}

1676
		if (rdev->wiphy.n_vendor_events) {
1677 1678
			const struct nl80211_vendor_cmd_info *info;
			struct nlattr *nested;
J
Johannes Berg 已提交
1679

1680 1681 1682
			nested = nla_nest_start(msg,
						NL80211_ATTR_VENDOR_EVENTS);
			if (!nested)
J
Johannes Berg 已提交
1683
				goto nla_put_failure;
1684

1685 1686
			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
				info = &rdev->wiphy.vendor_events[i];
1687 1688 1689 1690 1691
				if (nla_put(msg, i + 1, sizeof(*info), info))
					goto nla_put_failure;
			}
			nla_nest_end(msg, nested);
		}
1692 1693 1694 1695 1696 1697 1698
		state->split_start++;
		break;
	case 12:
		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
			       rdev->wiphy.max_num_csa_counters))
			goto nla_put_failure;
1699

1700
		/* done */
1701
		state->split_start = 0;
1702 1703
		break;
	}
1704
 finish:
1705 1706 1707
	return genlmsg_end(msg, hdr);

 nla_put_failure:
1708 1709
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
1710 1711
}

1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732
static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
				    struct netlink_callback *cb,
				    struct nl80211_dump_wiphy_state *state)
{
	struct nlattr **tb = nl80211_fam.attrbuf;
	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
			      tb, nl80211_fam.maxattr, nl80211_policy);
	/* ignore parse errors for backward compatibility */
	if (ret)
		return 0;

	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
	if (tb[NL80211_ATTR_WIPHY])
		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
	if (tb[NL80211_ATTR_WDEV])
		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
	if (tb[NL80211_ATTR_IFINDEX]) {
		struct net_device *netdev;
		struct cfg80211_registered_device *rdev;
		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);

1733
		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1734 1735 1736
		if (!netdev)
			return -ENODEV;
		if (netdev->ieee80211_ptr) {
1737
			rdev = wiphy_to_rdev(
1738 1739 1740 1741 1742 1743 1744 1745
				netdev->ieee80211_ptr->wiphy);
			state->filter_wiphy = rdev->wiphy_idx;
		}
	}

	return 0;
}

1746 1747
static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
{
1748
	int idx = 0, ret;
1749
	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1750
	struct cfg80211_registered_device *rdev;
1751

1752
	rtnl_lock();
1753 1754
	if (!state) {
		state = kzalloc(sizeof(*state), GFP_KERNEL);
J
John W. Linville 已提交
1755 1756
		if (!state) {
			rtnl_unlock();
1757
			return -ENOMEM;
1758
		}
1759 1760 1761 1762 1763 1764
		state->filter_wiphy = -1;
		ret = nl80211_dump_wiphy_parse(skb, cb, state);
		if (ret) {
			kfree(state);
			rtnl_unlock();
			return ret;
1765
		}
1766
		cb->args[0] = (long)state;
1767 1768
	}

1769 1770
	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1771
			continue;
1772
		if (++idx <= state->start)
1773
			continue;
1774
		if (state->filter_wiphy != -1 &&
1775
		    state->filter_wiphy != rdev->wiphy_idx)
1776 1777 1778
			continue;
		/* attempt to fit multiple wiphy data chunks into the skb */
		do {
1779 1780
			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
						 skb,
1781 1782
						 NETLINK_CB(cb->skb).portid,
						 cb->nlh->nlmsg_seq,
1783
						 NLM_F_MULTI, state);
1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798
			if (ret < 0) {
				/*
				 * If sending the wiphy data didn't fit (ENOBUFS
				 * or EMSGSIZE returned), this SKB is still
				 * empty (so it's not too big because another
				 * wiphy dataset is already in the skb) and
				 * we've not tried to adjust the dump allocation
				 * yet ... then adjust the alloc size to be
				 * bigger, and return 1 but with the empty skb.
				 * This results in an empty message being RX'ed
				 * in userspace, but that is ignored.
				 *
				 * We can then retry with the larger buffer.
				 */
				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1799
				    !skb->len && !state->split &&
1800 1801
				    cb->min_dump_alloc < 4096) {
					cb->min_dump_alloc = 4096;
1802
					state->split_start = 0;
1803
					rtnl_unlock();
1804 1805 1806 1807
					return 1;
				}
				idx--;
				break;
1808
			}
1809
		} while (state->split_start > 0);
1810
		break;
1811
	}
1812
	rtnl_unlock();
1813

1814
	state->start = idx;
1815 1816 1817 1818

	return skb->len;
}

1819 1820 1821 1822 1823 1824
static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
{
	kfree((void *)cb->args[0]);
	return 0;
}

1825 1826 1827
static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
{
	struct sk_buff *msg;
1828
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1829
	struct nl80211_dump_wiphy_state state = {};
1830

1831
	msg = nlmsg_new(4096, GFP_KERNEL);
1832
	if (!msg)
1833
		return -ENOMEM;
1834

1835 1836
	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
			       info->snd_portid, info->snd_seq, 0,
1837
			       &state) < 0) {
1838 1839 1840
		nlmsg_free(msg);
		return -ENOBUFS;
	}
1841

J
Johannes Berg 已提交
1842
	return genlmsg_reply(msg, info);
1843 1844
}

1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855
static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
};

static int parse_txq_params(struct nlattr *tb[],
			    struct ieee80211_txq_params *txq_params)
{
1856
	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1857 1858 1859 1860
	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
	    !tb[NL80211_TXQ_ATTR_AIFS])
		return -EINVAL;

1861
	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1862 1863 1864 1865 1866
	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);

1867 1868 1869
	if (txq_params->ac >= NL80211_NUM_ACS)
		return -EINVAL;

1870 1871 1872
	return 0;
}

1873 1874 1875
static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
{
	/*
1876 1877 1878 1879 1880 1881 1882 1883 1884
	 * You can only set the channel explicitly for WDS interfaces,
	 * all others have their channel managed via their respective
	 * "establish a connection" command (connect, join, ...)
	 *
	 * For AP/GO and mesh mode, the channel can be set with the
	 * channel userspace API, but is only stored and passed to the
	 * low-level driver when the AP starts or the mesh is joined.
	 * This is for backward compatibility, userspace can also give
	 * the channel in the start-ap or join-mesh commands instead.
1885 1886
	 *
	 * Monitors are special as they are normally slaved to
1887 1888
	 * whatever else is going on, so they have their own special
	 * operation to set the monitor channel if possible.
1889 1890 1891 1892
	 */
	return !wdev ||
		wdev->iftype == NL80211_IFTYPE_AP ||
		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1893 1894
		wdev->iftype == NL80211_IFTYPE_MONITOR ||
		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1895 1896
}

1897 1898 1899 1900
static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
				 struct genl_info *info,
				 struct cfg80211_chan_def *chandef)
{
1901
	u32 control_freq;
1902 1903 1904 1905 1906 1907 1908

	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
		return -EINVAL;

	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);

	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1909 1910 1911
	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
	chandef->center_freq1 = control_freq;
	chandef->center_freq2 = 0;
1912 1913 1914 1915 1916

	/* Primary channel not allowed */
	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
		return -EINVAL;

1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946
	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
		enum nl80211_channel_type chantype;

		chantype = nla_get_u32(
				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);

		switch (chantype) {
		case NL80211_CHAN_NO_HT:
		case NL80211_CHAN_HT20:
		case NL80211_CHAN_HT40PLUS:
		case NL80211_CHAN_HT40MINUS:
			cfg80211_chandef_create(chandef, chandef->chan,
						chantype);
			break;
		default:
			return -EINVAL;
		}
	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
		chandef->width =
			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
			chandef->center_freq1 =
				nla_get_u32(
					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
			chandef->center_freq2 =
				nla_get_u32(
					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
	}

1947
	if (!cfg80211_chandef_valid(chandef))
1948 1949
		return -EINVAL;

1950 1951
	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
				     IEEE80211_CHAN_DISABLED))
1952 1953
		return -EINVAL;

1954 1955 1956 1957 1958
	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
	     chandef->width == NL80211_CHAN_WIDTH_10) &&
	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
		return -EINVAL;

1959 1960 1961
	return 0;
}

1962
static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1963
				 struct net_device *dev,
1964 1965
				 struct genl_info *info)
{
1966
	struct cfg80211_chan_def chandef;
1967
	int result;
1968
	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1969
	struct wireless_dev *wdev = NULL;
1970

1971 1972
	if (dev)
		wdev = dev->ieee80211_ptr;
1973 1974
	if (!nl80211_can_set_dev_channel(wdev))
		return -EOPNOTSUPP;
1975 1976
	if (wdev)
		iftype = wdev->iftype;
1977

1978 1979 1980
	result = nl80211_parse_chandef(rdev, info, &chandef);
	if (result)
		return result;
1981

1982
	switch (iftype) {
1983 1984
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_P2P_GO:
1985
		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, iftype)) {
1986 1987 1988
			result = -EINVAL;
			break;
		}
1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005
		if (wdev->beacon_interval) {
			if (!dev || !rdev->ops->set_ap_chanwidth ||
			    !(rdev->wiphy.features &
			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
				result = -EBUSY;
				break;
			}

			/* Only allow dynamic channel width changes */
			if (chandef.chan != wdev->preset_chandef.chan) {
				result = -EBUSY;
				break;
			}
			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
			if (result)
				break;
		}
2006
		wdev->preset_chandef = chandef;
2007 2008
		result = 0;
		break;
2009
	case NL80211_IFTYPE_MESH_POINT:
2010
		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2011
		break;
2012
	case NL80211_IFTYPE_MONITOR:
2013
		result = cfg80211_set_monitor_channel(rdev, &chandef);
2014
		break;
2015
	default:
2016
		result = -EINVAL;
2017 2018 2019 2020 2021 2022 2023
	}

	return result;
}

static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
{
2024 2025
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *netdev = info->user_ptr[1];
2026

2027
	return __nl80211_set_channel(rdev, netdev, info);
2028 2029
}

2030 2031
static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
{
2032 2033 2034
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
J
Johannes Berg 已提交
2035
	const u8 *bssid;
2036 2037 2038 2039

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

2040 2041
	if (netif_running(dev))
		return -EBUSY;
2042

2043 2044
	if (!rdev->ops->set_wds_peer)
		return -EOPNOTSUPP;
2045

2046 2047
	if (wdev->iftype != NL80211_IFTYPE_WDS)
		return -EOPNOTSUPP;
2048 2049

	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2050
	return rdev_set_wds_peer(rdev, dev, bssid);
2051 2052 2053
}


2054 2055 2056
static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev;
2057 2058
	struct net_device *netdev = NULL;
	struct wireless_dev *wdev;
B
Bill Jordan 已提交
2059
	int result = 0, rem_txq_params = 0;
2060
	struct nlattr *nl_txq_params;
2061 2062 2063
	u32 changed;
	u8 retry_short = 0, retry_long = 0;
	u32 frag_threshold = 0, rts_threshold = 0;
2064
	u8 coverage_class = 0;
2065

2066 2067
	ASSERT_RTNL();

2068 2069 2070 2071 2072 2073 2074 2075 2076
	/*
	 * Try to find the wiphy and netdev. Normally this
	 * function shouldn't need the netdev, but this is
	 * done for backward compatibility -- previously
	 * setting the channel was done per wiphy, but now
	 * it is per netdev. Previous userland like hostapd
	 * also passed a netdev to set_wiphy, so that it is
	 * possible to let that go to the right netdev!
	 */
2077

2078 2079 2080
	if (info->attrs[NL80211_ATTR_IFINDEX]) {
		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);

2081
		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2082
		if (netdev && netdev->ieee80211_ptr)
2083
			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2084
		else
2085
			netdev = NULL;
2086 2087
	}

2088
	if (!netdev) {
2089 2090
		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
						  info->attrs);
2091
		if (IS_ERR(rdev))
2092
			return PTR_ERR(rdev);
2093 2094 2095
		wdev = NULL;
		netdev = NULL;
		result = 0;
2096
	} else
2097 2098 2099 2100 2101 2102
		wdev = netdev->ieee80211_ptr;

	/*
	 * end workaround code, by now the rdev is available
	 * and locked, and wdev may or may not be NULL.
	 */
2103 2104

	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2105 2106
		result = cfg80211_dev_rename(
			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2107 2108

	if (result)
2109
		return result;
2110 2111 2112 2113 2114

	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
		struct ieee80211_txq_params txq_params;
		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];

2115 2116
		if (!rdev->ops->set_txq_params)
			return -EOPNOTSUPP;
2117

2118 2119
		if (!netdev)
			return -EINVAL;
2120

2121
		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2122 2123
		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
			return -EINVAL;
2124

2125 2126
		if (!netif_running(netdev))
			return -ENETDOWN;
2127

2128 2129 2130
		nla_for_each_nested(nl_txq_params,
				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
				    rem_txq_params) {
2131 2132 2133 2134 2135 2136
			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
					   nla_data(nl_txq_params),
					   nla_len(nl_txq_params),
					   txq_params_policy);
			if (result)
				return result;
2137 2138
			result = parse_txq_params(tb, &txq_params);
			if (result)
2139
				return result;
2140

2141 2142
			result = rdev_set_txq_params(rdev, netdev,
						     &txq_params);
2143
			if (result)
2144
				return result;
2145 2146
		}
	}
2147

2148
	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2149 2150 2151 2152
		result = __nl80211_set_channel(
			rdev,
			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
			info);
2153
		if (result)
2154
			return result;
2155 2156
	}

2157
	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2158
		struct wireless_dev *txp_wdev = wdev;
2159 2160 2161
		enum nl80211_tx_power_setting type;
		int idx, mbm = 0;

2162 2163 2164
		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
			txp_wdev = NULL;

2165 2166
		if (!rdev->ops->set_tx_power)
			return -EOPNOTSUPP;
2167 2168 2169 2170 2171

		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
		type = nla_get_u32(info->attrs[idx]);

		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2172 2173
		    (type != NL80211_TX_POWER_AUTOMATIC))
			return -EINVAL;
2174 2175 2176 2177 2178 2179

		if (type != NL80211_TX_POWER_AUTOMATIC) {
			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
			mbm = nla_get_u32(info->attrs[idx]);
		}

2180
		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2181
		if (result)
2182
			return result;
2183 2184
	}

2185 2186 2187
	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
		u32 tx_ant, rx_ant;
2188 2189
		if ((!rdev->wiphy.available_antennas_tx &&
		     !rdev->wiphy.available_antennas_rx) ||
2190 2191
		    !rdev->ops->set_antenna)
			return -EOPNOTSUPP;
2192 2193 2194 2195

		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);

2196
		/* reject antenna configurations which don't match the
2197 2198
		 * available antenna masks, except for the "all" mask */
		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2199 2200
		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
			return -EINVAL;
2201

2202 2203
		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2204

2205
		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2206
		if (result)
2207
			return result;
2208 2209
	}

2210 2211 2212 2213 2214
	changed = 0;

	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
		retry_short = nla_get_u8(
			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2215 2216 2217
		if (retry_short == 0)
			return -EINVAL;

2218 2219 2220 2221 2222 2223
		changed |= WIPHY_PARAM_RETRY_SHORT;
	}

	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
		retry_long = nla_get_u8(
			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2224 2225 2226
		if (retry_long == 0)
			return -EINVAL;

2227 2228 2229 2230 2231 2232
		changed |= WIPHY_PARAM_RETRY_LONG;
	}

	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
		frag_threshold = nla_get_u32(
			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2233 2234 2235
		if (frag_threshold < 256)
			return -EINVAL;

2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253
		if (frag_threshold != (u32) -1) {
			/*
			 * Fragments (apart from the last one) are required to
			 * have even length. Make the fragmentation code
			 * simpler by stripping LSB should someone try to use
			 * odd threshold value.
			 */
			frag_threshold &= ~0x1;
		}
		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
	}

	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
		rts_threshold = nla_get_u32(
			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
		changed |= WIPHY_PARAM_RTS_THRESHOLD;
	}

2254
	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2255 2256 2257
		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
			return -EINVAL;

2258 2259 2260 2261 2262
		coverage_class = nla_get_u8(
			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
		changed |= WIPHY_PARAM_COVERAGE_CLASS;
	}

2263 2264 2265 2266 2267
	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
			return -EOPNOTSUPP;

		changed |= WIPHY_PARAM_DYN_ACK;
2268 2269
	}

2270 2271 2272
	if (changed) {
		u8 old_retry_short, old_retry_long;
		u32 old_frag_threshold, old_rts_threshold;
2273
		u8 old_coverage_class;
2274

2275 2276
		if (!rdev->ops->set_wiphy_params)
			return -EOPNOTSUPP;
2277 2278 2279 2280 2281

		old_retry_short = rdev->wiphy.retry_short;
		old_retry_long = rdev->wiphy.retry_long;
		old_frag_threshold = rdev->wiphy.frag_threshold;
		old_rts_threshold = rdev->wiphy.rts_threshold;
2282
		old_coverage_class = rdev->wiphy.coverage_class;
2283 2284 2285 2286 2287 2288 2289 2290 2291

		if (changed & WIPHY_PARAM_RETRY_SHORT)
			rdev->wiphy.retry_short = retry_short;
		if (changed & WIPHY_PARAM_RETRY_LONG)
			rdev->wiphy.retry_long = retry_long;
		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
			rdev->wiphy.frag_threshold = frag_threshold;
		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
			rdev->wiphy.rts_threshold = rts_threshold;
2292 2293
		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
			rdev->wiphy.coverage_class = coverage_class;
2294

2295
		result = rdev_set_wiphy_params(rdev, changed);
2296 2297 2298 2299 2300
		if (result) {
			rdev->wiphy.retry_short = old_retry_short;
			rdev->wiphy.retry_long = old_retry_long;
			rdev->wiphy.frag_threshold = old_frag_threshold;
			rdev->wiphy.rts_threshold = old_rts_threshold;
2301
			rdev->wiphy.coverage_class = old_coverage_class;
2302 2303
		}
	}
2304
	return 0;
2305 2306
}

2307 2308 2309
static inline u64 wdev_id(struct wireless_dev *wdev)
{
	return (u64)wdev->identifier |
2310
	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2311
}
2312

2313
static int nl80211_send_chandef(struct sk_buff *msg,
2314
				const struct cfg80211_chan_def *chandef)
2315
{
2316
	WARN_ON(!cfg80211_chandef_valid(chandef));
2317

2318 2319 2320
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
			chandef->chan->center_freq))
		return -ENOBUFS;
2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337
	switch (chandef->width) {
	case NL80211_CHAN_WIDTH_20_NOHT:
	case NL80211_CHAN_WIDTH_20:
	case NL80211_CHAN_WIDTH_40:
		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
				cfg80211_get_chandef_type(chandef)))
			return -ENOBUFS;
		break;
	default:
		break;
	}
	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
		return -ENOBUFS;
	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
		return -ENOBUFS;
	if (chandef->center_freq2 &&
	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2338 2339 2340 2341
		return -ENOBUFS;
	return 0;
}

2342
static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2343
			      struct cfg80211_registered_device *rdev,
2344
			      struct wireless_dev *wdev)
2345
{
2346
	struct net_device *dev = wdev->netdev;
2347 2348
	void *hdr;

2349
	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2350 2351 2352
	if (!hdr)
		return -1;

2353 2354
	if (dev &&
	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2355
	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2356 2357 2358 2359
		goto nla_put_failure;

	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2360
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2361
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2362 2363 2364 2365
	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
			rdev->devlist_generation ^
			(cfg80211_rdev_list_generation << 2)))
		goto nla_put_failure;
2366

2367
	if (rdev->ops->get_channel) {
2368 2369 2370 2371 2372 2373 2374 2375
		int ret;
		struct cfg80211_chan_def chandef;

		ret = rdev_get_channel(rdev, wdev, &chandef);
		if (ret == 0) {
			if (nl80211_send_chandef(msg, &chandef))
				goto nla_put_failure;
		}
2376 2377
	}

2378 2379 2380 2381 2382
	if (wdev->ssid_len) {
		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
			goto nla_put_failure;
	}

2383 2384 2385
	return genlmsg_end(msg, hdr);

 nla_put_failure:
2386 2387
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
2388 2389 2390 2391 2392 2393 2394 2395
}

static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
{
	int wp_idx = 0;
	int if_idx = 0;
	int wp_start = cb->args[0];
	int if_start = cb->args[1];
2396
	struct cfg80211_registered_device *rdev;
2397 2398
	struct wireless_dev *wdev;

2399
	rtnl_lock();
2400 2401
	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2402
			continue;
J
Johannes Berg 已提交
2403 2404
		if (wp_idx < wp_start) {
			wp_idx++;
2405
			continue;
J
Johannes Berg 已提交
2406
		}
2407 2408
		if_idx = 0;

2409
		list_for_each_entry(wdev, &rdev->wdev_list, list) {
J
Johannes Berg 已提交
2410 2411
			if (if_idx < if_start) {
				if_idx++;
2412
				continue;
J
Johannes Berg 已提交
2413
			}
2414
			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2415
					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2416
					       rdev, wdev) < 0) {
J
Johannes Berg 已提交
2417 2418 2419
				goto out;
			}
			if_idx++;
2420
		}
J
Johannes Berg 已提交
2421 2422

		wp_idx++;
2423
	}
J
Johannes Berg 已提交
2424
 out:
2425
	rtnl_unlock();
2426 2427 2428 2429 2430 2431 2432 2433 2434 2435

	cb->args[0] = wp_idx;
	cb->args[1] = if_idx;

	return skb->len;
}

static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
{
	struct sk_buff *msg;
2436
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2437
	struct wireless_dev *wdev = info->user_ptr[1];
2438

2439
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2440
	if (!msg)
2441
		return -ENOMEM;
2442

2443
	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2444
			       rdev, wdev) < 0) {
2445 2446 2447
		nlmsg_free(msg);
		return -ENOBUFS;
	}
2448

J
Johannes Berg 已提交
2449
	return genlmsg_reply(msg, info);
2450 2451
}

2452 2453 2454 2455 2456 2457
static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2458
	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481
};

static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
{
	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
	int flag;

	*mntrflags = 0;

	if (!nla)
		return -EINVAL;

	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
			     nla, mntr_flags_policy))
		return -EINVAL;

	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
		if (flags[flag])
			*mntrflags |= (1<<flag);

	return 0;
}

2482
static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2483 2484
			       struct net_device *netdev, u8 use_4addr,
			       enum nl80211_iftype iftype)
2485
{
2486
	if (!use_4addr) {
2487
		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2488
			return -EBUSY;
2489
		return 0;
2490
	}
2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507

	switch (iftype) {
	case NL80211_IFTYPE_AP_VLAN:
		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
			return 0;
		break;
	case NL80211_IFTYPE_STATION:
		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
			return 0;
		break;
	default:
		break;
	}

	return -EOPNOTSUPP;
}

2508 2509
static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
{
2510
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2511
	struct vif_params params;
2512
	int err;
J
Johannes Berg 已提交
2513
	enum nl80211_iftype otype, ntype;
2514
	struct net_device *dev = info->user_ptr[1];
2515
	u32 _flags, *flags = NULL;
2516
	bool change = false;
2517

2518 2519
	memset(&params, 0, sizeof(params));

J
Johannes Berg 已提交
2520
	otype = ntype = dev->ieee80211_ptr->iftype;
2521

2522
	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2523
		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
J
Johannes Berg 已提交
2524
		if (otype != ntype)
2525
			change = true;
2526 2527
		if (ntype > NL80211_IFTYPE_MAX)
			return -EINVAL;
2528 2529
	}

2530
	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2531 2532
		struct wireless_dev *wdev = dev->ieee80211_ptr;

2533 2534
		if (ntype != NL80211_IFTYPE_MESH_POINT)
			return -EINVAL;
2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545
		if (netif_running(dev))
			return -EBUSY;

		wdev_lock(wdev);
		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
			     IEEE80211_MAX_MESH_ID_LEN);
		wdev->mesh_id_up_len =
			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
		       wdev->mesh_id_up_len);
		wdev_unlock(wdev);
2546 2547
	}

2548 2549 2550
	if (info->attrs[NL80211_ATTR_4ADDR]) {
		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
		change = true;
2551
		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2552
		if (err)
2553
			return err;
2554 2555 2556 2557
	} else {
		params.use_4addr = -1;
	}

2558
	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2559 2560
		if (ntype != NL80211_IFTYPE_MONITOR)
			return -EINVAL;
2561 2562
		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
					  &_flags);
2563
		if (err)
2564
			return err;
2565 2566 2567

		flags = &_flags;
		change = true;
2568
	}
J
Johannes Berg 已提交
2569

2570
	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2571 2572 2573
	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
		return -EOPNOTSUPP;

2574
	if (change)
2575
		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2576 2577
	else
		err = 0;
J
Johannes Berg 已提交
2578

2579 2580 2581
	if (!err && params.use_4addr != -1)
		dev->ieee80211_ptr->use_4addr = params.use_4addr;

2582 2583 2584 2585 2586
	return err;
}

static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
{
2587
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2588
	struct vif_params params;
2589
	struct wireless_dev *wdev;
2590
	struct sk_buff *msg;
2591 2592
	int err;
	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2593
	u32 flags;
2594

2595 2596 2597
	/* to avoid failing a new interface creation due to pending removal */
	cfg80211_destroy_ifaces(rdev);

2598 2599
	memset(&params, 0, sizeof(params));

2600 2601 2602 2603 2604 2605 2606 2607 2608
	if (!info->attrs[NL80211_ATTR_IFNAME])
		return -EINVAL;

	if (info->attrs[NL80211_ATTR_IFTYPE]) {
		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
		if (type > NL80211_IFTYPE_MAX)
			return -EINVAL;
	}

2609
	if (!rdev->ops->add_virtual_intf ||
2610 2611
	    !(rdev->wiphy.interface_modes & (1 << type)))
		return -EOPNOTSUPP;
2612

2613 2614 2615
	if ((type == NL80211_IFTYPE_P2P_DEVICE ||
	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
	    info->attrs[NL80211_ATTR_MAC]) {
2616 2617 2618 2619 2620 2621
		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
			   ETH_ALEN);
		if (!is_valid_ether_addr(params.macaddr))
			return -EADDRNOTAVAIL;
	}

2622
	if (info->attrs[NL80211_ATTR_4ADDR]) {
2623
		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2624
		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2625
		if (err)
2626
			return err;
2627
	}
2628

2629 2630 2631 2632
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return -ENOMEM;

2633 2634 2635
	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
				  &flags);
2636

2637
	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2638 2639 2640
	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
		return -EOPNOTSUPP;

2641 2642 2643
	wdev = rdev_add_virtual_intf(rdev,
				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
				type, err ? NULL : &flags, &params);
2644 2645
	if (IS_ERR(wdev)) {
		nlmsg_free(msg);
2646
		return PTR_ERR(wdev);
2647
	}
2648

2649 2650 2651
	if (info->attrs[NL80211_ATTR_IFACE_SOCKET_OWNER])
		wdev->owner_nlportid = info->snd_portid;

2652 2653 2654 2655
	switch (type) {
	case NL80211_IFTYPE_MESH_POINT:
		if (!info->attrs[NL80211_ATTR_MESH_ID])
			break;
2656 2657 2658 2659 2660 2661 2662 2663
		wdev_lock(wdev);
		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
			     IEEE80211_MAX_MESH_ID_LEN);
		wdev->mesh_id_up_len =
			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
		       wdev->mesh_id_up_len);
		wdev_unlock(wdev);
2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678 2679 2680 2681
		break;
	case NL80211_IFTYPE_P2P_DEVICE:
		/*
		 * P2P Device doesn't have a netdev, so doesn't go
		 * through the netdev notifier and must be added here
		 */
		mutex_init(&wdev->mtx);
		INIT_LIST_HEAD(&wdev->event_list);
		spin_lock_init(&wdev->event_lock);
		INIT_LIST_HEAD(&wdev->mgmt_registrations);
		spin_lock_init(&wdev->mgmt_registrations_lock);

		wdev->identifier = ++rdev->wdev_id;
		list_add_rcu(&wdev->list, &rdev->wdev_list);
		rdev->devlist_generation++;
		break;
	default:
		break;
2682 2683
	}

2684
	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2685 2686 2687 2688 2689 2690
			       rdev, wdev) < 0) {
		nlmsg_free(msg);
		return -ENOBUFS;
	}

	return genlmsg_reply(msg, info);
2691 2692 2693 2694
}

static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
{
2695
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2696
	struct wireless_dev *wdev = info->user_ptr[1];
2697

2698 2699
	if (!rdev->ops->del_virtual_intf)
		return -EOPNOTSUPP;
2700

2701 2702 2703 2704 2705 2706 2707 2708 2709 2710
	/*
	 * If we remove a wireless device without a netdev then clear
	 * user_ptr[1] so that nl80211_post_doit won't dereference it
	 * to check if it needs to do dev_put(). Otherwise it crashes
	 * since the wdev has been freed, unlike with a netdev where
	 * we need the dev_put() for the netdev to really be freed.
	 */
	if (!wdev->netdev)
		info->user_ptr[1] = NULL;

2711
	return rdev_del_virtual_intf(rdev, wdev);
2712 2713
}

2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727
static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	u16 noack_map;

	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
		return -EINVAL;

	if (!rdev->ops->set_noack_map)
		return -EOPNOTSUPP;

	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);

2728
	return rdev_set_noack_map(rdev, dev, noack_map);
2729 2730
}

2731 2732 2733
struct get_key_cookie {
	struct sk_buff *msg;
	int error;
2734
	int idx;
2735 2736 2737 2738
};

static void get_key_callback(void *c, struct key_params *params)
{
2739
	struct nlattr *key;
2740 2741
	struct get_key_cookie *cookie = c;

2742 2743 2744 2745 2746 2747 2748 2749 2750 2751
	if ((params->key &&
	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
		     params->key_len, params->key)) ||
	    (params->seq &&
	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
		     params->seq_len, params->seq)) ||
	    (params->cipher &&
	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
			 params->cipher)))
		goto nla_put_failure;
2752

2753 2754 2755 2756
	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
	if (!key)
		goto nla_put_failure;

2757 2758 2759 2760 2761 2762 2763 2764 2765 2766
	if ((params->key &&
	     nla_put(cookie->msg, NL80211_KEY_DATA,
		     params->key_len, params->key)) ||
	    (params->seq &&
	     nla_put(cookie->msg, NL80211_KEY_SEQ,
		     params->seq_len, params->seq)) ||
	    (params->cipher &&
	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
			 params->cipher)))
		goto nla_put_failure;
2767

2768 2769
	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
		goto nla_put_failure;
2770 2771 2772

	nla_nest_end(cookie->msg, key);

2773 2774 2775 2776 2777 2778 2779
	return;
 nla_put_failure:
	cookie->error = 1;
}

static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
{
2780
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2781
	int err;
2782
	struct net_device *dev = info->user_ptr[1];
2783
	u8 key_idx = 0;
2784 2785
	const u8 *mac_addr = NULL;
	bool pairwise;
2786 2787 2788 2789 2790 2791 2792 2793 2794
	struct get_key_cookie cookie = {
		.error = 0,
	};
	void *hdr;
	struct sk_buff *msg;

	if (info->attrs[NL80211_ATTR_KEY_IDX])
		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);

2795
	if (key_idx > 5)
2796 2797 2798 2799 2800
		return -EINVAL;

	if (info->attrs[NL80211_ATTR_MAC])
		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

2801 2802 2803 2804 2805 2806 2807 2808 2809 2810 2811
	pairwise = !!mac_addr;
	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
		if (kt >= NUM_NL80211_KEYTYPES)
			return -EINVAL;
		if (kt != NL80211_KEYTYPE_GROUP &&
		    kt != NL80211_KEYTYPE_PAIRWISE)
			return -EINVAL;
		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
	}

2812 2813
	if (!rdev->ops->get_key)
		return -EOPNOTSUPP;
2814

2815
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2816 2817
	if (!msg)
		return -ENOMEM;
2818

2819
	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2820
			     NL80211_CMD_NEW_KEY);
2821
	if (!hdr)
2822
		goto nla_put_failure;
2823 2824

	cookie.msg = msg;
2825
	cookie.idx = key_idx;
2826

2827 2828 2829 2830 2831 2832
	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
		goto nla_put_failure;
	if (mac_addr &&
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
		goto nla_put_failure;
2833

2834 2835 2836 2837
	if (pairwise && mac_addr &&
	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
		return -ENOENT;

2838 2839
	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
			   get_key_callback);
2840 2841

	if (err)
N
Niko Jokinen 已提交
2842
		goto free_msg;
2843 2844 2845 2846 2847

	if (cookie.error)
		goto nla_put_failure;

	genlmsg_end(msg, hdr);
2848
	return genlmsg_reply(msg, info);
2849 2850 2851

 nla_put_failure:
	err = -ENOBUFS;
N
Niko Jokinen 已提交
2852
 free_msg:
2853 2854 2855 2856 2857 2858
	nlmsg_free(msg);
	return err;
}

static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
{
2859
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2860
	struct key_parse key;
2861
	int err;
2862
	struct net_device *dev = info->user_ptr[1];
2863

2864 2865 2866
	err = nl80211_parse_key(info, &key);
	if (err)
		return err;
2867

2868
	if (key.idx < 0)
2869 2870
		return -EINVAL;

2871 2872
	/* only support setting default key */
	if (!key.def && !key.defmgmt)
2873 2874
		return -EINVAL;

2875
	wdev_lock(dev->ieee80211_ptr);
2876

2877 2878 2879 2880 2881
	if (key.def) {
		if (!rdev->ops->set_default_key) {
			err = -EOPNOTSUPP;
			goto out;
		}
2882

2883 2884 2885 2886
		err = nl80211_key_allowed(dev->ieee80211_ptr);
		if (err)
			goto out;

2887
		err = rdev_set_default_key(rdev, dev, key.idx,
2888 2889 2890 2891
						 key.def_uni, key.def_multi);

		if (err)
			goto out;
J
Johannes Berg 已提交
2892

J
Johannes Berg 已提交
2893
#ifdef CONFIG_CFG80211_WEXT
2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910
		dev->ieee80211_ptr->wext.default_key = key.idx;
#endif
	} else {
		if (key.def_uni || !key.def_multi) {
			err = -EINVAL;
			goto out;
		}

		if (!rdev->ops->set_default_mgmt_key) {
			err = -EOPNOTSUPP;
			goto out;
		}

		err = nl80211_key_allowed(dev->ieee80211_ptr);
		if (err)
			goto out;

2911
		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2912 2913 2914 2915 2916
		if (err)
			goto out;

#ifdef CONFIG_CFG80211_WEXT
		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2917
#endif
2918 2919 2920
	}

 out:
J
Johannes Berg 已提交
2921
	wdev_unlock(dev->ieee80211_ptr);
2922 2923 2924 2925 2926 2927

	return err;
}

static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
{
2928
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
J
Johannes Berg 已提交
2929
	int err;
2930
	struct net_device *dev = info->user_ptr[1];
2931
	struct key_parse key;
2932
	const u8 *mac_addr = NULL;
2933

2934 2935 2936
	err = nl80211_parse_key(info, &key);
	if (err)
		return err;
2937

2938
	if (!key.p.key)
2939 2940 2941 2942 2943
		return -EINVAL;

	if (info->attrs[NL80211_ATTR_MAC])
		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955
	if (key.type == -1) {
		if (mac_addr)
			key.type = NL80211_KEYTYPE_PAIRWISE;
		else
			key.type = NL80211_KEYTYPE_GROUP;
	}

	/* for now */
	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
	    key.type != NL80211_KEYTYPE_GROUP)
		return -EINVAL;

2956 2957
	if (!rdev->ops->add_key)
		return -EOPNOTSUPP;
2958

2959 2960 2961
	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
					   key.type == NL80211_KEYTYPE_PAIRWISE,
					   mac_addr))
2962
		return -EINVAL;
2963

J
Johannes Berg 已提交
2964 2965 2966
	wdev_lock(dev->ieee80211_ptr);
	err = nl80211_key_allowed(dev->ieee80211_ptr);
	if (!err)
2967 2968 2969
		err = rdev_add_key(rdev, dev, key.idx,
				   key.type == NL80211_KEYTYPE_PAIRWISE,
				    mac_addr, &key.p);
J
Johannes Berg 已提交
2970
	wdev_unlock(dev->ieee80211_ptr);
2971 2972 2973 2974 2975 2976

	return err;
}

static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
{
2977
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2978
	int err;
2979
	struct net_device *dev = info->user_ptr[1];
2980
	u8 *mac_addr = NULL;
2981
	struct key_parse key;
2982

2983 2984 2985
	err = nl80211_parse_key(info, &key);
	if (err)
		return err;
2986 2987 2988 2989

	if (info->attrs[NL80211_ATTR_MAC])
		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001
	if (key.type == -1) {
		if (mac_addr)
			key.type = NL80211_KEYTYPE_PAIRWISE;
		else
			key.type = NL80211_KEYTYPE_GROUP;
	}

	/* for now */
	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
	    key.type != NL80211_KEYTYPE_GROUP)
		return -EINVAL;

3002 3003
	if (!rdev->ops->del_key)
		return -EOPNOTSUPP;
3004

J
Johannes Berg 已提交
3005 3006
	wdev_lock(dev->ieee80211_ptr);
	err = nl80211_key_allowed(dev->ieee80211_ptr);
3007 3008 3009 3010 3011

	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
		err = -ENOENT;

J
Johannes Berg 已提交
3012
	if (!err)
3013 3014 3015
		err = rdev_del_key(rdev, dev, key.idx,
				   key.type == NL80211_KEYTYPE_PAIRWISE,
				   mac_addr);
3016

J
Johannes Berg 已提交
3017
#ifdef CONFIG_CFG80211_WEXT
3018
	if (!err) {
3019
		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3020
			dev->ieee80211_ptr->wext.default_key = -1;
3021
		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3022 3023 3024
			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
	}
#endif
J
Johannes Berg 已提交
3025
	wdev_unlock(dev->ieee80211_ptr);
3026

3027 3028 3029
	return err;
}

3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062 3063 3064 3065 3066 3067 3068 3069 3070 3071 3072 3073 3074 3075 3076 3077 3078 3079 3080 3081 3082 3083 3084 3085 3086 3087 3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120
/* This function returns an error or the number of nested attributes */
static int validate_acl_mac_addrs(struct nlattr *nl_attr)
{
	struct nlattr *attr;
	int n_entries = 0, tmp;

	nla_for_each_nested(attr, nl_attr, tmp) {
		if (nla_len(attr) != ETH_ALEN)
			return -EINVAL;

		n_entries++;
	}

	return n_entries;
}

/*
 * This function parses ACL information and allocates memory for ACL data.
 * On successful return, the calling function is responsible to free the
 * ACL buffer returned by this function.
 */
static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
						struct genl_info *info)
{
	enum nl80211_acl_policy acl_policy;
	struct nlattr *attr;
	struct cfg80211_acl_data *acl;
	int i = 0, n_entries, tmp;

	if (!wiphy->max_acl_mac_addrs)
		return ERR_PTR(-EOPNOTSUPP);

	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
		return ERR_PTR(-EINVAL);

	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
		return ERR_PTR(-EINVAL);

	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
		return ERR_PTR(-EINVAL);

	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
	if (n_entries < 0)
		return ERR_PTR(n_entries);

	if (n_entries > wiphy->max_acl_mac_addrs)
		return ERR_PTR(-ENOTSUPP);

	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
		      GFP_KERNEL);
	if (!acl)
		return ERR_PTR(-ENOMEM);

	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
		i++;
	}

	acl->n_acl_entries = n_entries;
	acl->acl_policy = acl_policy;

	return acl;
}

static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct cfg80211_acl_data *acl;
	int err;

	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
		return -EOPNOTSUPP;

	if (!dev->ieee80211_ptr->beacon_interval)
		return -EINVAL;

	acl = parse_acl_data(&rdev->wiphy, info);
	if (IS_ERR(acl))
		return PTR_ERR(acl);

	err = rdev_set_mac_acl(rdev, dev, acl);

	kfree(acl);

	return err;
}

3121
static int nl80211_parse_beacon(struct nlattr *attrs[],
3122
				struct cfg80211_beacon_data *bcn)
3123
{
3124
	bool haveinfo = false;
3125

3126 3127 3128 3129
	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3130 3131
		return -EINVAL;

3132
	memset(bcn, 0, sizeof(*bcn));
3133

3134 3135 3136
	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3137 3138 3139
		if (!bcn->head_len)
			return -EINVAL;
		haveinfo = true;
3140 3141
	}

3142 3143 3144
	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3145
		haveinfo = true;
3146 3147
	}

3148 3149
	if (!haveinfo)
		return -EINVAL;
J
Johannes Berg 已提交
3150

3151 3152 3153
	if (attrs[NL80211_ATTR_IE]) {
		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3154 3155
	}

3156
	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3157
		bcn->proberesp_ies =
3158
			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3159
		bcn->proberesp_ies_len =
3160
			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3161 3162
	}

3163
	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3164
		bcn->assocresp_ies =
3165
			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3166
		bcn->assocresp_ies_len =
3167
			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3168 3169
	}

3170 3171 3172
	if (attrs[NL80211_ATTR_PROBE_RESP]) {
		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3173 3174
	}

3175 3176 3177
	return 0;
}

3178 3179 3180 3181 3182 3183
static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
				   struct cfg80211_ap_settings *params)
{
	struct wireless_dev *wdev;
	bool ret = false;

3184
	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3185 3186 3187 3188
		if (wdev->iftype != NL80211_IFTYPE_AP &&
		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
			continue;

3189
		if (!wdev->preset_chandef.chan)
3190 3191
			continue;

3192
		params->chandef = wdev->preset_chandef;
3193 3194 3195 3196 3197 3198 3199
		ret = true;
		break;
	}

	return ret;
}

3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223
static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
				    enum nl80211_auth_type auth_type,
				    enum nl80211_commands cmd)
{
	if (auth_type > NL80211_AUTHTYPE_MAX)
		return false;

	switch (cmd) {
	case NL80211_CMD_AUTHENTICATE:
		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
		    auth_type == NL80211_AUTHTYPE_SAE)
			return false;
		return true;
	case NL80211_CMD_CONNECT:
	case NL80211_CMD_START_AP:
		/* SAE not supported yet */
		if (auth_type == NL80211_AUTHTYPE_SAE)
			return false;
		return true;
	default:
		return false;
	}
}

3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249
static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct cfg80211_ap_settings params;
	int err;

	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
		return -EOPNOTSUPP;

	if (!rdev->ops->start_ap)
		return -EOPNOTSUPP;

	if (wdev->beacon_interval)
		return -EALREADY;

	memset(&params, 0, sizeof(params));

	/* these are required for START_AP */
	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
		return -EINVAL;

3250
	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292
	if (err)
		return err;

	params.beacon_interval =
		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
	params.dtim_period =
		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);

	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
	if (err)
		return err;

	/*
	 * In theory, some of these attributes should be required here
	 * but since they were not used when the command was originally
	 * added, keep them optional for old user space programs to let
	 * them continue to work with drivers that do not need the
	 * additional information -- drivers must check!
	 */
	if (info->attrs[NL80211_ATTR_SSID]) {
		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
		params.ssid_len =
			nla_len(info->attrs[NL80211_ATTR_SSID]);
		if (params.ssid_len == 0 ||
		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
			return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
		params.hidden_ssid = nla_get_u32(
			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
			return -EINVAL;
	}

	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];

	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
		params.auth_type = nla_get_u32(
			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3293 3294
		if (!nl80211_valid_auth_type(rdev, params.auth_type,
					     NL80211_CMD_START_AP))
3295 3296 3297 3298 3299 3300 3301 3302 3303
			return -EINVAL;
	} else
		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;

	err = nl80211_crypto_settings(rdev, info, &params.crypto,
				      NL80211_MAX_NR_CIPHER_SUITES);
	if (err)
		return err;

3304 3305 3306 3307 3308 3309 3310
	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
			return -EOPNOTSUPP;
		params.inactivity_timeout = nla_get_u16(
			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
	}

3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336
	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
			return -EINVAL;
		params.p2p_ctwindow =
			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
		if (params.p2p_ctwindow > 127)
			return -EINVAL;
		if (params.p2p_ctwindow != 0 &&
		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
			return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
		u8 tmp;

		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
			return -EINVAL;
		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
		if (tmp > 1)
			return -EINVAL;
		params.p2p_opp_ps = tmp;
		if (params.p2p_opp_ps != 0 &&
		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
			return -EINVAL;
	}

3337
	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3338 3339 3340 3341 3342
		err = nl80211_parse_chandef(rdev, info, &params.chandef);
		if (err)
			return err;
	} else if (wdev->preset_chandef.chan) {
		params.chandef = wdev->preset_chandef;
3343
	} else if (!nl80211_get_ap_channel(rdev, &params))
3344 3345
		return -EINVAL;

3346 3347
	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
				     wdev->iftype))
3348 3349
		return -EINVAL;

3350 3351 3352 3353 3354 3355
	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
		params.acl = parse_acl_data(&rdev->wiphy, info);
		if (IS_ERR(params.acl))
			return PTR_ERR(params.acl);
	}

3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378
	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
		params.smps_mode =
			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
		switch (params.smps_mode) {
		case NL80211_SMPS_OFF:
			break;
		case NL80211_SMPS_STATIC:
			if (!(rdev->wiphy.features &
			      NL80211_FEATURE_STATIC_SMPS))
				return -EINVAL;
			break;
		case NL80211_SMPS_DYNAMIC:
			if (!(rdev->wiphy.features &
			      NL80211_FEATURE_DYNAMIC_SMPS))
				return -EINVAL;
			break;
		default:
			return -EINVAL;
		}
	} else {
		params.smps_mode = NL80211_SMPS_OFF;
	}

3379
	wdev_lock(wdev);
3380
	err = rdev_start_ap(rdev, dev, &params);
3381
	if (!err) {
3382
		wdev->preset_chandef = params.chandef;
3383
		wdev->beacon_interval = params.beacon_interval;
3384
		wdev->chandef = params.chandef;
3385 3386
		wdev->ssid_len = params.ssid_len;
		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3387
	}
3388
	wdev_unlock(wdev);
3389 3390 3391

	kfree(params.acl);

3392
	return err;
3393 3394
}

3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412
static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct cfg80211_beacon_data params;
	int err;

	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
		return -EOPNOTSUPP;

	if (!rdev->ops->change_beacon)
		return -EOPNOTSUPP;

	if (!wdev->beacon_interval)
		return -EINVAL;

3413
	err = nl80211_parse_beacon(info->attrs, &params);
3414 3415 3416
	if (err)
		return err;

3417 3418 3419 3420 3421
	wdev_lock(wdev);
	err = rdev_change_beacon(rdev, dev, &params);
	wdev_unlock(wdev);

	return err;
3422 3423 3424
}

static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3425
{
3426 3427
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
3428

3429
	return cfg80211_stop_ap(rdev, dev, false);
3430 3431
}

3432 3433 3434 3435
static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3436
	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3437
	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3438
	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3439 3440
};

3441
static int parse_station_flags(struct genl_info *info,
3442
			       enum nl80211_iftype iftype,
3443
			       struct station_parameters *params)
3444 3445
{
	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3446
	struct nlattr *nla;
3447 3448
	int flag;

3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459
	/*
	 * Try parsing the new attribute first so userspace
	 * can specify both for older kernels.
	 */
	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
	if (nla) {
		struct nl80211_sta_flag_update *sta_flags;

		sta_flags = nla_data(nla);
		params->sta_flags_mask = sta_flags->mask;
		params->sta_flags_set = sta_flags->set;
3460
		params->sta_flags_set &= params->sta_flags_mask;
3461 3462 3463 3464 3465 3466 3467
		if ((params->sta_flags_mask |
		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
			return -EINVAL;
		return 0;
	}

	/* if present, parse the old attribute */
3468

3469
	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3470 3471 3472 3473 3474 3475 3476
	if (!nla)
		return 0;

	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
			     nla, sta_flags_policy))
		return -EINVAL;

3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502 3503
	/*
	 * Only allow certain flags for interface types so that
	 * other attributes are silently ignored. Remember that
	 * this is backward compatibility code with old userspace
	 * and shouldn't be hit in other cases anyway.
	 */
	switch (iftype) {
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
	case NL80211_IFTYPE_P2P_GO:
		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
					 BIT(NL80211_STA_FLAG_WME) |
					 BIT(NL80211_STA_FLAG_MFP);
		break;
	case NL80211_IFTYPE_P2P_CLIENT:
	case NL80211_IFTYPE_STATION:
		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
					 BIT(NL80211_STA_FLAG_TDLS_PEER);
		break;
	case NL80211_IFTYPE_MESH_POINT:
		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
					 BIT(NL80211_STA_FLAG_MFP) |
					 BIT(NL80211_STA_FLAG_AUTHORIZED);
	default:
		return -EINVAL;
	}
3504

3505 3506
	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
		if (flags[flag]) {
3507
			params->sta_flags_set |= (1<<flag);
3508

3509 3510 3511 3512 3513 3514
			/* no longer support new API additions in old API */
			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
				return -EINVAL;
		}
	}

3515 3516 3517
	return 0;
}

3518 3519 3520 3521
static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
				 int attr)
{
	struct nlattr *rate;
3522 3523
	u32 bitrate;
	u16 bitrate_compat;
3524 3525 3526

	rate = nla_nest_start(msg, attr);
	if (!rate)
3527
		return false;
3528 3529 3530

	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
	bitrate = cfg80211_calculate_bitrate(info);
3531 3532
	/* report 16-bit bitrate only if we can */
	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3533 3534 3535 3536 3537 3538 3539 3540 3541 3542 3543 3544 3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569
	if (bitrate > 0 &&
	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
		return false;
	if (bitrate_compat > 0 &&
	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
		return false;

	if (info->flags & RATE_INFO_FLAGS_MCS) {
		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
			return false;
		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
			return false;
		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
			return false;
	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
			return false;
		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
			return false;
		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
			return false;
		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
			return false;
		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
			return false;
		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
			return false;
		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
			return false;
	}
3570 3571 3572 3573 3574

	nla_nest_end(msg, rate);
	return true;
}

3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600
static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
			       int id)
{
	void *attr;
	int i = 0;

	if (!mask)
		return true;

	attr = nla_nest_start(msg, id);
	if (!attr)
		return false;

	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
		if (!(mask & BIT(i)))
			continue;

		if (nla_put_u8(msg, i, signal[i]))
			return false;
	}

	nla_nest_end(msg, attr);

	return true;
}

3601
static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3602 3603 3604
				int flags,
				struct cfg80211_registered_device *rdev,
				struct net_device *dev,
3605
				const u8 *mac_addr, struct station_info *sinfo)
3606 3607
{
	void *hdr;
3608
	struct nlattr *sinfoattr, *bss_param;
3609

3610
	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3611 3612 3613
	if (!hdr)
		return -1;

3614 3615 3616 3617
	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
		goto nla_put_failure;
3618

3619 3620
	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
	if (!sinfoattr)
3621
		goto nla_put_failure;
3622 3623 3624 3625 3626 3627 3628 3629
	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
			sinfo->connected_time))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
			sinfo->inactive_time))
		goto nla_put_failure;
3630 3631
	if ((sinfo->filled & (STATION_INFO_RX_BYTES |
			      STATION_INFO_RX_BYTES64)) &&
3632
	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3633
			(u32)sinfo->rx_bytes))
3634
		goto nla_put_failure;
3635
	if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3636
			      STATION_INFO_TX_BYTES64)) &&
3637
	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3638 3639 3640 3641 3642 3643 3644 3645
			(u32)sinfo->tx_bytes))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
	    nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
			sinfo->rx_bytes))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
	    nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3646 3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657
			sinfo->tx_bytes))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_LLID) &&
	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_PLID) &&
	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
		       sinfo->plink_state))
		goto nla_put_failure;
3658 3659
	switch (rdev->wiphy.signal_type) {
	case CFG80211_SIGNAL_TYPE_MBM:
3660 3661 3662 3663 3664 3665 3666 3667
		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
			       sinfo->signal))
			goto nla_put_failure;
		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
			       sinfo->signal_avg))
			goto nla_put_failure;
3668 3669 3670 3671
		break;
	default:
		break;
	}
3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683
	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
		if (!nl80211_put_signal(msg, sinfo->chains,
					sinfo->chain_signal,
					NL80211_STA_INFO_CHAIN_SIGNAL))
			goto nla_put_failure;
	}
	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
		if (!nl80211_put_signal(msg, sinfo->chains,
					sinfo->chain_signal_avg,
					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
			goto nla_put_failure;
	}
3684
	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3685 3686 3687 3688 3689 3690 3691
		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
					  NL80211_STA_INFO_TX_BITRATE))
			goto nla_put_failure;
	}
	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
					  NL80211_STA_INFO_RX_BITRATE))
3692 3693
			goto nla_put_failure;
	}
3694 3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709
	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
			sinfo->rx_packets))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
			sinfo->tx_packets))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
			sinfo->tx_retries))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
			sinfo->tx_failed))
		goto nla_put_failure;
3710 3711 3712 3713
	if ((sinfo->filled & STATION_INFO_EXPECTED_THROUGHPUT) &&
	    nla_put_u32(msg, NL80211_STA_INFO_EXPECTED_THROUGHPUT,
			sinfo->expected_throughput))
		goto nla_put_failure;
3714 3715 3716 3717
	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
			sinfo->beacon_loss_count))
		goto nla_put_failure;
3718 3719 3720 3721 3722 3723 3724 3725 3726 3727 3728 3729
	if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
	    nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
			sinfo->local_pm))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_PEER_PM) &&
	    nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
			sinfo->peer_pm))
		goto nla_put_failure;
	if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
	    nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
			sinfo->nonpeer_pm))
		goto nla_put_failure;
3730 3731 3732 3733 3734
	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
		if (!bss_param)
			goto nla_put_failure;

3735 3736 3737 3738 3739 3740 3741 3742 3743 3744 3745
		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
			       sinfo->bss_param.dtim_period) ||
		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
				sinfo->bss_param.beacon_interval))
			goto nla_put_failure;
3746 3747 3748

		nla_nest_end(msg, bss_param);
	}
3749 3750 3751 3752 3753
	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
		    sizeof(struct nl80211_sta_flag_update),
		    &sinfo->sta_flags))
		goto nla_put_failure;
3754 3755 3756 3757
	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
			    sinfo->t_offset))
		goto nla_put_failure;
3758
	nla_nest_end(msg, sinfoattr);
3759

3760 3761 3762 3763
	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
		    sinfo->assoc_req_ies))
		goto nla_put_failure;
3764

3765 3766 3767
	return genlmsg_end(msg, hdr);

 nla_put_failure:
3768 3769
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
3770 3771
}

3772
static int nl80211_dump_station(struct sk_buff *skb,
J
Johannes Berg 已提交
3773
				struct netlink_callback *cb)
3774 3775
{
	struct station_info sinfo;
3776
	struct cfg80211_registered_device *rdev;
3777
	struct wireless_dev *wdev;
3778
	u8 mac_addr[ETH_ALEN];
3779
	int sta_idx = cb->args[2];
3780 3781
	int err;

3782
	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3783 3784
	if (err)
		return err;
J
Johannes Berg 已提交
3785

3786 3787 3788 3789 3790
	if (!wdev->netdev) {
		err = -EINVAL;
		goto out_err;
	}

3791
	if (!rdev->ops->dump_station) {
3792
		err = -EOPNOTSUPP;
J
Johannes Berg 已提交
3793 3794 3795 3796
		goto out_err;
	}

	while (1) {
3797
		memset(&sinfo, 0, sizeof(sinfo));
3798
		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3799
					mac_addr, &sinfo);
J
Johannes Berg 已提交
3800 3801 3802
		if (err == -ENOENT)
			break;
		if (err)
J
Johannes Berg 已提交
3803
			goto out_err;
J
Johannes Berg 已提交
3804 3805

		if (nl80211_send_station(skb,
3806
				NETLINK_CB(cb->skb).portid,
J
Johannes Berg 已提交
3807
				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3808
				rdev, wdev->netdev, mac_addr,
J
Johannes Berg 已提交
3809 3810 3811 3812 3813 3814 3815 3816
				&sinfo) < 0)
			goto out;

		sta_idx++;
	}


 out:
3817
	cb->args[2] = sta_idx;
J
Johannes Berg 已提交
3818 3819
	err = skb->len;
 out_err:
3820
	nl80211_finish_wdev_dump(rdev);
J
Johannes Berg 已提交
3821 3822

	return err;
3823
}
3824

3825 3826
static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
{
3827 3828
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
3829
	struct station_info sinfo;
3830 3831
	struct sk_buff *msg;
	u8 *mac_addr = NULL;
3832
	int err;
3833

3834
	memset(&sinfo, 0, sizeof(sinfo));
3835 3836 3837 3838 3839 3840

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

3841 3842
	if (!rdev->ops->get_station)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
3843

3844
	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3845
	if (err)
3846
		return err;
3847

3848
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3849
	if (!msg)
3850
		return -ENOMEM;
3851

3852
	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3853
				 rdev, dev, mac_addr, &sinfo) < 0) {
3854 3855 3856
		nlmsg_free(msg);
		return -ENOBUFS;
	}
J
Johannes Berg 已提交
3857

3858
	return genlmsg_reply(msg, info);
3859 3860
}

3861 3862 3863 3864 3865 3866
int cfg80211_check_station_change(struct wiphy *wiphy,
				  struct station_parameters *params,
				  enum cfg80211_station_type statype)
{
	if (params->listen_interval != -1)
		return -EINVAL;
3867 3868
	if (params->aid &&
	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3869 3870 3871 3872 3873 3874
		return -EINVAL;

	/* When you run into this, adjust the code below for the new flag */
	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);

	switch (statype) {
3875 3876
	case CFG80211_STA_MESH_PEER_KERNEL:
	case CFG80211_STA_MESH_PEER_USER:
3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 3901 3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 3919 3920 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936 3937 3938 3939 3940 3941 3942 3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977
		/*
		 * No ignoring the TDLS flag here -- the userspace mesh
		 * code doesn't have the bug of including TDLS in the
		 * mask everywhere.
		 */
		if (params->sta_flags_mask &
				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
				  BIT(NL80211_STA_FLAG_MFP) |
				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
			return -EINVAL;
		break;
	case CFG80211_STA_TDLS_PEER_SETUP:
	case CFG80211_STA_TDLS_PEER_ACTIVE:
		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
			return -EINVAL;
		/* ignore since it can't change */
		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
		break;
	default:
		/* disallow mesh-specific things */
		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
			return -EINVAL;
		if (params->local_pm)
			return -EINVAL;
		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
			return -EINVAL;
	}

	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
		/* TDLS can't be set, ... */
		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
			return -EINVAL;
		/*
		 * ... but don't bother the driver with it. This works around
		 * a hostapd/wpa_supplicant issue -- it always includes the
		 * TLDS_PEER flag in the mask even for AP mode.
		 */
		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
	}

	if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
		/* reject other things that can't change */
		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
			return -EINVAL;
		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
			return -EINVAL;
		if (params->supported_rates)
			return -EINVAL;
		if (params->ext_capab || params->ht_capa || params->vht_capa)
			return -EINVAL;
	}

	if (statype != CFG80211_STA_AP_CLIENT) {
		if (params->vlan)
			return -EINVAL;
	}

	switch (statype) {
	case CFG80211_STA_AP_MLME_CLIENT:
		/* Use this only for authorizing/unauthorizing a station */
		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
			return -EOPNOTSUPP;
		break;
	case CFG80211_STA_AP_CLIENT:
		/* accept only the listed bits */
		if (params->sta_flags_mask &
				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
				  BIT(NL80211_STA_FLAG_WME) |
				  BIT(NL80211_STA_FLAG_MFP)))
			return -EINVAL;

		/* but authenticated/associated only if driver handles it */
		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
		    params->sta_flags_mask &
				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
			return -EINVAL;
		break;
	case CFG80211_STA_IBSS:
	case CFG80211_STA_AP_STA:
		/* reject any changes other than AUTHORIZED */
		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
			return -EINVAL;
		break;
	case CFG80211_STA_TDLS_PEER_SETUP:
		/* reject any changes other than AUTHORIZED or WME */
		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
					       BIT(NL80211_STA_FLAG_WME)))
			return -EINVAL;
		/* force (at least) rates when authorizing */
		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
		    !params->supported_rates)
			return -EINVAL;
		break;
	case CFG80211_STA_TDLS_PEER_ACTIVE:
		/* reject any changes */
		return -EINVAL;
3978
	case CFG80211_STA_MESH_PEER_KERNEL:
3979 3980 3981
		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
			return -EINVAL;
		break;
3982
	case CFG80211_STA_MESH_PEER_USER:
3983 3984 3985 3986 3987 3988 3989 3990 3991
		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
			return -EINVAL;
		break;
	}

	return 0;
}
EXPORT_SYMBOL(cfg80211_check_station_change);

3992
/*
3993
 * Get vlan interface making sure it is running and on the right wiphy.
3994
 */
3995 3996
static struct net_device *get_vlan(struct genl_info *info,
				   struct cfg80211_registered_device *rdev)
3997
{
3998
	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3999 4000 4001 4002 4003 4004 4005 4006 4007 4008 4009 4010 4011
	struct net_device *v;
	int ret;

	if (!vlanattr)
		return NULL;

	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
	if (!v)
		return ERR_PTR(-ENODEV);

	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
		ret = -EINVAL;
		goto error;
4012
	}
4013

4014 4015 4016 4017 4018 4019 4020
	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
		ret = -EINVAL;
		goto error;
	}

4021 4022 4023 4024 4025 4026 4027 4028 4029
	if (!netif_running(v)) {
		ret = -ENETDOWN;
		goto error;
	}

	return v;
 error:
	dev_put(v);
	return ERR_PTR(ret);
4030 4031
}

4032 4033
static const struct nla_policy
nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4034 4035 4036 4037
	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
};

4038 4039
static int nl80211_parse_sta_wme(struct genl_info *info,
				 struct station_parameters *params)
4040 4041 4042 4043 4044 4045 4046 4047 4048 4049 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 4066 4067 4068 4069 4070 4071
{
	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
	struct nlattr *nla;
	int err;

	/* parse WME attributes if present */
	if (!info->attrs[NL80211_ATTR_STA_WME])
		return 0;

	nla = info->attrs[NL80211_ATTR_STA_WME];
	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
			       nl80211_sta_wme_policy);
	if (err)
		return err;

	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
		params->uapsd_queues = nla_get_u8(
			tb[NL80211_STA_WME_UAPSD_QUEUES]);
	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
		return -EINVAL;

	if (tb[NL80211_STA_WME_MAX_SP])
		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);

	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
		return -EINVAL;

	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;

	return 0;
}

4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 4106
static int nl80211_parse_sta_channel_info(struct genl_info *info,
				      struct station_parameters *params)
{
	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
		params->supported_channels =
		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
		params->supported_channels_len =
		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
		/*
		 * Need to include at least one (first channel, number of
		 * channels) tuple for each subband, and must have proper
		 * tuples for the rest of the data as well.
		 */
		if (params->supported_channels_len < 2)
			return -EINVAL;
		if (params->supported_channels_len % 2)
			return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
		params->supported_oper_classes =
		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
		params->supported_oper_classes_len =
		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
		/*
		 * The value of the Length field of the Supported Operating
		 * Classes element is between 2 and 253.
		 */
		if (params->supported_oper_classes_len < 2 ||
		    params->supported_oper_classes_len > 253)
			return -EINVAL;
	}
	return 0;
}

4107 4108 4109
static int nl80211_set_station_tdls(struct genl_info *info,
				    struct station_parameters *params)
{
4110
	int err;
4111
	/* Dummy STA entry gets updated once the peer capabilities are known */
4112 4113
	if (info->attrs[NL80211_ATTR_PEER_AID])
		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4114 4115 4116 4117 4118 4119 4120
	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
		params->ht_capa =
			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
		params->vht_capa =
			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);

4121 4122 4123 4124
	err = nl80211_parse_sta_channel_info(info, params);
	if (err)
		return err;

4125 4126 4127
	return nl80211_parse_sta_wme(info, params);
}

4128 4129
static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
{
4130 4131
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
4132
	struct station_parameters params;
4133 4134
	u8 *mac_addr;
	int err;
4135 4136 4137 4138 4139

	memset(&params, 0, sizeof(params));

	params.listen_interval = -1;

4140 4141 4142
	if (!rdev->ops->change_station)
		return -EOPNOTSUPP;

4143 4144 4145 4146 4147 4148 4149 4150 4151 4152 4153 4154 4155 4156 4157
	if (info->attrs[NL80211_ATTR_STA_AID])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
		params.supported_rates =
			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
		params.supported_rates_len =
			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
	}

4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168 4169 4170
	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
		params.capability =
			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
	}

	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
		params.ext_capab =
			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
		params.ext_capab_len =
			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
	}

4171
	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4172
		return -EINVAL;
4173

4174
	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4175 4176
		return -EINVAL;

4177
	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4178
		params.plink_action =
4179 4180 4181 4182
			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
			return -EINVAL;
	}
4183

4184
	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4185
		params.plink_state =
4186 4187 4188 4189 4190
			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
			return -EINVAL;
		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
	}
4191

4192 4193 4194 4195 4196 4197 4198 4199 4200 4201 4202
	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
		enum nl80211_mesh_power_mode pm = nla_get_u32(
			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);

		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
		    pm > NL80211_MESH_POWER_MAX)
			return -EINVAL;

		params.local_pm = pm;
	}

4203 4204 4205 4206 4207 4208 4209 4210 4211
	/* Include parameters for TDLS peer (will check later) */
	err = nl80211_set_station_tdls(info, &params);
	if (err)
		return err;

	params.vlan = get_vlan(info, rdev);
	if (IS_ERR(params.vlan))
		return PTR_ERR(params.vlan);

4212 4213 4214
	switch (dev->ieee80211_ptr->iftype) {
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
4215 4216
	case NL80211_IFTYPE_P2P_GO:
	case NL80211_IFTYPE_P2P_CLIENT:
4217
	case NL80211_IFTYPE_STATION:
4218
	case NL80211_IFTYPE_ADHOC:
4219 4220 4221
	case NL80211_IFTYPE_MESH_POINT:
		break;
	default:
4222 4223
		err = -EOPNOTSUPP;
		goto out_put_vlan;
4224 4225
	}

4226
	/* driver will call cfg80211_check_station_change() */
4227
	err = rdev_change_station(rdev, dev, mac_addr, &params);
4228

4229
 out_put_vlan:
4230 4231
	if (params.vlan)
		dev_put(params.vlan);
J
Johannes Berg 已提交
4232

4233 4234 4235 4236 4237
	return err;
}

static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
{
4238
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4239
	int err;
4240
	struct net_device *dev = info->user_ptr[1];
4241 4242 4243 4244 4245
	struct station_parameters params;
	u8 *mac_addr = NULL;

	memset(&params, 0, sizeof(params));

4246 4247 4248
	if (!rdev->ops->add_station)
		return -EOPNOTSUPP;

4249 4250 4251 4252 4253 4254 4255 4256 4257
	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
		return -EINVAL;

4258 4259
	if (!info->attrs[NL80211_ATTR_STA_AID] &&
	    !info->attrs[NL80211_ATTR_PEER_AID])
4260 4261
		return -EINVAL;

4262 4263 4264 4265 4266 4267 4268
	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
	params.supported_rates =
		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
	params.supported_rates_len =
		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
	params.listen_interval =
		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4269

4270
	if (info->attrs[NL80211_ATTR_PEER_AID])
4271
		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4272 4273
	else
		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4274 4275
	if (!params.aid || params.aid > IEEE80211_MAX_AID)
		return -EINVAL;
4276

4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289
	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
		params.capability =
			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
	}

	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
		params.ext_capab =
			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
		params.ext_capab_len =
			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
	}

4290 4291 4292
	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
		params.ht_capa =
			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4293

M
Mahesh Palivela 已提交
4294 4295 4296 4297
	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
		params.vht_capa =
			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);

4298 4299 4300 4301 4302 4303
	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
		params.opmode_notif_used = true;
		params.opmode_notif =
			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
	}

4304
	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4305
		params.plink_action =
4306 4307 4308 4309
			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
			return -EINVAL;
	}
4310

4311 4312 4313 4314
	err = nl80211_parse_sta_channel_info(info, &params);
	if (err)
		return err;

4315 4316 4317
	err = nl80211_parse_sta_wme(info, &params);
	if (err)
		return err;
4318

4319
	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4320 4321
		return -EINVAL;

4322 4323 4324
	/* When you run into this, adjust the code below for the new flag */
	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);

4325 4326 4327 4328
	switch (dev->ieee80211_ptr->iftype) {
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
	case NL80211_IFTYPE_P2P_GO:
4329 4330 4331 4332
		/* ignore WME attributes if iface/sta is not capable */
		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4333

4334
		/* TDLS peers cannot be added */
4335 4336
		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
		    info->attrs[NL80211_ATTR_PEER_AID])
4337
			return -EINVAL;
4338 4339
		/* but don't bother the driver with it */
		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4340

4341 4342 4343 4344 4345 4346 4347 4348
		/* allow authenticated/associated only if driver handles it */
		if (!(rdev->wiphy.features &
				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
		    params.sta_flags_mask &
				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
			return -EINVAL;

4349 4350 4351 4352 4353 4354
		/* must be last in here for error handling */
		params.vlan = get_vlan(info, rdev);
		if (IS_ERR(params.vlan))
			return PTR_ERR(params.vlan);
		break;
	case NL80211_IFTYPE_MESH_POINT:
4355 4356 4357
		/* ignore uAPSD data */
		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;

4358 4359 4360
		/* associated is disallowed */
		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
			return -EINVAL;
4361
		/* TDLS peers cannot be added */
4362 4363
		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
		    info->attrs[NL80211_ATTR_PEER_AID])
4364 4365 4366
			return -EINVAL;
		break;
	case NL80211_IFTYPE_STATION:
4367
	case NL80211_IFTYPE_P2P_CLIENT:
4368 4369 4370
		/* ignore uAPSD data */
		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;

4371 4372 4373 4374
		/* these are disallowed */
		if (params.sta_flags_mask &
				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4375
			return -EINVAL;
4376 4377 4378 4379 4380 4381 4382 4383 4384
		/* Only TDLS peers can be added */
		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
			return -EINVAL;
		/* Can only add if TDLS ... */
		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
			return -EOPNOTSUPP;
		/* ... with external setup is supported */
		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
			return -EOPNOTSUPP;
4385 4386 4387 4388 4389
		/*
		 * Older wpa_supplicant versions always mark the TDLS peer
		 * as authorized, but it shouldn't yet be.
		 */
		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4390 4391 4392
		break;
	default:
		return -EOPNOTSUPP;
4393 4394
	}

4395
	/* be aware of params.vlan when changing code here */
4396

4397
	err = rdev_add_station(rdev, dev, mac_addr, &params);
4398 4399 4400 4401 4402 4403 4404 4405

	if (params.vlan)
		dev_put(params.vlan);
	return err;
}

static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
{
4406 4407
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
4408 4409 4410
	struct station_del_parameters params;

	memset(&params, 0, sizeof(params));
4411 4412

	if (info->attrs[NL80211_ATTR_MAC])
4413
		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
4414

4415
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4416
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4417
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4418 4419
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
		return -EINVAL;
4420

4421 4422
	if (!rdev->ops->del_station)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
4423

4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444
	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
		params.subtype =
			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
			return -EINVAL;
	} else {
		/* Default to Deauthentication frame */
		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
	}

	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
		params.reason_code =
			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
		if (params.reason_code == 0)
			return -EINVAL; /* 0 is reserved */
	} else {
		/* Default to reason code 2 */
		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
	}

4445
	return rdev_del_station(rdev, dev, &params);
4446 4447
}

4448
static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4449 4450 4451 4452 4453 4454 4455
				int flags, struct net_device *dev,
				u8 *dst, u8 *next_hop,
				struct mpath_info *pinfo)
{
	void *hdr;
	struct nlattr *pinfoattr;

4456
	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4457 4458 4459
	if (!hdr)
		return -1;

4460 4461 4462 4463 4464
	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
		goto nla_put_failure;
4465

4466 4467 4468
	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
	if (!pinfoattr)
		goto nla_put_failure;
4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490
	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
			pinfo->frame_qlen))
		goto nla_put_failure;
	if (((pinfo->filled & MPATH_INFO_SN) &&
	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
	    ((pinfo->filled & MPATH_INFO_METRIC) &&
	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
			 pinfo->metric)) ||
	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
			 pinfo->exptime)) ||
	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
			pinfo->flags)) ||
	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
			 pinfo->discovery_timeout)) ||
	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
			pinfo->discovery_retries)))
		goto nla_put_failure;
4491 4492 4493 4494 4495 4496

	nla_nest_end(msg, pinfoattr);

	return genlmsg_end(msg, hdr);

 nla_put_failure:
4497 4498
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
4499 4500 4501
}

static int nl80211_dump_mpath(struct sk_buff *skb,
J
Johannes Berg 已提交
4502
			      struct netlink_callback *cb)
4503 4504
{
	struct mpath_info pinfo;
4505
	struct cfg80211_registered_device *rdev;
4506
	struct wireless_dev *wdev;
4507 4508
	u8 dst[ETH_ALEN];
	u8 next_hop[ETH_ALEN];
4509
	int path_idx = cb->args[2];
4510 4511
	int err;

4512
	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4513 4514
	if (err)
		return err;
J
Johannes Berg 已提交
4515

4516
	if (!rdev->ops->dump_mpath) {
4517
		err = -EOPNOTSUPP;
J
Johannes Berg 已提交
4518 4519 4520
		goto out_err;
	}

4521
	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4522
		err = -EOPNOTSUPP;
4523
		goto out_err;
4524 4525
	}

J
Johannes Berg 已提交
4526
	while (1) {
4527
		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4528
				      next_hop, &pinfo);
J
Johannes Berg 已提交
4529
		if (err == -ENOENT)
4530
			break;
J
Johannes Berg 已提交
4531
		if (err)
J
Johannes Berg 已提交
4532
			goto out_err;
4533

4534
		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
J
Johannes Berg 已提交
4535
				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4536
				       wdev->netdev, dst, next_hop,
J
Johannes Berg 已提交
4537 4538
				       &pinfo) < 0)
			goto out;
4539

J
Johannes Berg 已提交
4540
		path_idx++;
4541 4542 4543
	}


J
Johannes Berg 已提交
4544
 out:
4545
	cb->args[2] = path_idx;
J
Johannes Berg 已提交
4546 4547
	err = skb->len;
 out_err:
4548
	nl80211_finish_wdev_dump(rdev);
J
Johannes Berg 已提交
4549
	return err;
4550 4551 4552 4553
}

static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
{
4554
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4555
	int err;
4556
	struct net_device *dev = info->user_ptr[1];
4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568
	struct mpath_info pinfo;
	struct sk_buff *msg;
	u8 *dst = NULL;
	u8 next_hop[ETH_ALEN];

	memset(&pinfo, 0, sizeof(pinfo));

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);

4569 4570
	if (!rdev->ops->get_mpath)
		return -EOPNOTSUPP;
4571

4572 4573
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
		return -EOPNOTSUPP;
4574

4575
	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4576
	if (err)
4577
		return err;
4578

4579
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4580
	if (!msg)
4581
		return -ENOMEM;
4582

4583
	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4584 4585 4586 4587
				 dev, dst, next_hop, &pinfo) < 0) {
		nlmsg_free(msg);
		return -ENOBUFS;
	}
J
Johannes Berg 已提交
4588

4589
	return genlmsg_reply(msg, info);
4590 4591 4592 4593
}

static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
{
4594 4595
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607
	u8 *dst = NULL;
	u8 *next_hop = NULL;

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
		return -EINVAL;

	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);

4608 4609
	if (!rdev->ops->change_mpath)
		return -EOPNOTSUPP;
4610

4611 4612
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
		return -EOPNOTSUPP;
4613

4614
	return rdev_change_mpath(rdev, dev, dst, next_hop);
4615
}
4616

4617 4618
static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
{
4619 4620
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632
	u8 *dst = NULL;
	u8 *next_hop = NULL;

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
		return -EINVAL;

	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);

4633 4634
	if (!rdev->ops->add_mpath)
		return -EOPNOTSUPP;
4635

4636 4637
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
		return -EOPNOTSUPP;
4638

4639
	return rdev_add_mpath(rdev, dev, dst, next_hop);
4640 4641 4642 4643
}

static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
{
4644 4645
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
4646 4647 4648 4649 4650
	u8 *dst = NULL;

	if (info->attrs[NL80211_ATTR_MAC])
		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);

4651 4652
	if (!rdev->ops->del_mpath)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
4653

4654
	return rdev_del_mpath(rdev, dev, dst);
4655 4656
}

4657 4658 4659 4660 4661 4662 4663 4664 4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746
static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	int err;
	struct net_device *dev = info->user_ptr[1];
	struct mpath_info pinfo;
	struct sk_buff *msg;
	u8 *dst = NULL;
	u8 mpp[ETH_ALEN];

	memset(&pinfo, 0, sizeof(pinfo));

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);

	if (!rdev->ops->get_mpp)
		return -EOPNOTSUPP;

	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
		return -EOPNOTSUPP;

	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
	if (err)
		return err;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return -ENOMEM;

	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
			       dev, dst, mpp, &pinfo) < 0) {
		nlmsg_free(msg);
		return -ENOBUFS;
	}

	return genlmsg_reply(msg, info);
}

static int nl80211_dump_mpp(struct sk_buff *skb,
			    struct netlink_callback *cb)
{
	struct mpath_info pinfo;
	struct cfg80211_registered_device *rdev;
	struct wireless_dev *wdev;
	u8 dst[ETH_ALEN];
	u8 mpp[ETH_ALEN];
	int path_idx = cb->args[2];
	int err;

	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
	if (err)
		return err;

	if (!rdev->ops->dump_mpp) {
		err = -EOPNOTSUPP;
		goto out_err;
	}

	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
		err = -EOPNOTSUPP;
		goto out_err;
	}

	while (1) {
		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
				    mpp, &pinfo);
		if (err == -ENOENT)
			break;
		if (err)
			goto out_err;

		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
				       wdev->netdev, dst, mpp,
				       &pinfo) < 0)
			goto out;

		path_idx++;
	}

 out:
	cb->args[2] = path_idx;
	err = skb->len;
 out_err:
	nl80211_finish_wdev_dump(rdev);
	return err;
}

4747 4748
static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
{
4749 4750
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
4751
	struct wireless_dev *wdev = dev->ieee80211_ptr;
4752
	struct bss_parameters params;
4753
	int err;
4754 4755 4756 4757 4758 4759

	memset(&params, 0, sizeof(params));
	/* default to not changing parameters */
	params.use_cts_prot = -1;
	params.use_short_preamble = -1;
	params.use_short_slot_time = -1;
4760
	params.ap_isolate = -1;
4761
	params.ht_opmode = -1;
4762 4763
	params.p2p_ctwindow = -1;
	params.p2p_opp_ps = -1;
4764 4765 4766 4767 4768 4769 4770 4771 4772 4773

	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
		params.use_cts_prot =
		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
		params.use_short_preamble =
		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
		params.use_short_slot_time =
		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4774 4775 4776 4777 4778 4779
	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
		params.basic_rates =
			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
		params.basic_rates_len =
			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
	}
4780 4781
	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4782 4783 4784
	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
		params.ht_opmode =
			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4785

4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803 4804 4805 4806 4807 4808 4809 4810 4811
	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
			return -EINVAL;
		params.p2p_ctwindow =
			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
		if (params.p2p_ctwindow < 0)
			return -EINVAL;
		if (params.p2p_ctwindow != 0 &&
		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
			return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
		u8 tmp;

		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
			return -EINVAL;
		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
		if (tmp > 1)
			return -EINVAL;
		params.p2p_opp_ps = tmp;
		if (params.p2p_opp_ps &&
		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
			return -EINVAL;
	}

4812 4813
	if (!rdev->ops->change_bss)
		return -EOPNOTSUPP;
4814

4815
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4816 4817
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
4818

4819 4820 4821 4822 4823
	wdev_lock(wdev);
	err = rdev_change_bss(rdev, dev, &params);
	wdev_unlock(wdev);

	return err;
4824 4825
}

A
Alexey Dobriyan 已提交
4826
static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4827 4828 4829 4830 4831 4832
	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4833
	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
4834 4835 4836 4837 4838 4839 4840 4841 4842 4843 4844 4845 4846 4847
};

static int parse_reg_rule(struct nlattr *tb[],
	struct ieee80211_reg_rule *reg_rule)
{
	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;

	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
		return -EINVAL;
	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
		return -EINVAL;
	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
		return -EINVAL;
4848 4849
	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
		return -EINVAL;
4850 4851 4852 4853 4854 4855 4856 4857 4858
	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
		return -EINVAL;

	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);

	freq_range->start_freq_khz =
		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
	freq_range->end_freq_khz =
		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4859 4860
	freq_range->max_bandwidth_khz =
		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4861 4862 4863 4864 4865 4866 4867 4868

	power_rule->max_eirp =
		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);

	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
		power_rule->max_antenna_gain =
			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);

4869 4870 4871 4872
	if (tb[NL80211_ATTR_DFS_CAC_TIME])
		reg_rule->dfs_cac_ms =
			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);

4873 4874 4875 4876 4877 4878
	return 0;
}

static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
{
	char *data = NULL;
4879
	enum nl80211_user_reg_hint_type user_reg_hint_type;
4880

4881 4882 4883 4884 4885 4886
	/*
	 * You should only get this when cfg80211 hasn't yet initialized
	 * completely when built-in to the kernel right between the time
	 * window between nl80211_init() and regulatory_init(), if that is
	 * even possible.
	 */
4887
	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4888
		return -EINPROGRESS;
4889

4890 4891 4892 4893 4894 4895 4896 4897 4898
	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
		user_reg_hint_type =
		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
	else
		user_reg_hint_type = NL80211_USER_REG_HINT_USER;

	switch (user_reg_hint_type) {
	case NL80211_USER_REG_HINT_USER:
	case NL80211_USER_REG_HINT_CELL_BASE:
4899 4900 4901 4902 4903 4904 4905
		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
			return -EINVAL;

		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
		return regulatory_hint_user(data, user_reg_hint_type);
	case NL80211_USER_REG_HINT_INDOOR:
		return regulatory_hint_indoor_user();
4906 4907 4908
	default:
		return -EINVAL;
	}
4909 4910
}

4911
static int nl80211_get_mesh_config(struct sk_buff *skb,
4912
				   struct genl_info *info)
4913
{
4914 4915
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
4916 4917 4918
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct mesh_config cur_params;
	int err = 0;
4919 4920 4921 4922
	void *hdr;
	struct nlattr *pinfoattr;
	struct sk_buff *msg;

4923 4924 4925
	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
		return -EOPNOTSUPP;

4926
	if (!rdev->ops->get_mesh_config)
4927
		return -EOPNOTSUPP;
4928

4929 4930 4931 4932 4933
	wdev_lock(wdev);
	/* If not connected, get default parameters */
	if (!wdev->mesh_id_len)
		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
	else
4934
		err = rdev_get_mesh_config(rdev, dev, &cur_params);
4935 4936
	wdev_unlock(wdev);

4937
	if (err)
4938
		return err;
4939 4940

	/* Draw up a netlink message to send back */
4941
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4942 4943
	if (!msg)
		return -ENOMEM;
4944
	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4945
			     NL80211_CMD_GET_MESH_CONFIG);
4946
	if (!hdr)
4947
		goto out;
4948
	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4949 4950
	if (!pinfoattr)
		goto nla_put_failure;
4951 4952 4953 4954 4955 4956 4957 4958 4959 4960 4961 4962 4963 4964 4965 4966 4967
	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
			cur_params.dot11MeshRetryTimeout) ||
	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
			cur_params.dot11MeshConfirmTimeout) ||
	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
			cur_params.dot11MeshHoldingTimeout) ||
	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
			cur_params.dot11MeshMaxPeerLinks) ||
	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
		       cur_params.dot11MeshMaxRetries) ||
	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
		       cur_params.dot11MeshTTL) ||
	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
		       cur_params.element_ttl) ||
	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
		       cur_params.auto_open_plinks) ||
4968 4969
	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4970 4971 4972 4973 4974 4975 4976 4977 4978 4979 4980 4981 4982 4983 4984 4985 4986 4987 4988 4989 4990 4991 4992
	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
		       cur_params.dot11MeshHWMPmaxPREQretries) ||
	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
			cur_params.path_refresh_time) ||
	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
			cur_params.min_discovery_timeout) ||
	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
			cur_params.dot11MeshHWMPactivePathTimeout) ||
	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
			cur_params.dot11MeshHWMPpreqMinInterval) ||
	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
			cur_params.dot11MeshHWMPperrMinInterval) ||
	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
		       cur_params.dot11MeshHWMPRootMode) ||
	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
			cur_params.dot11MeshHWMPRannInterval) ||
	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
		       cur_params.dot11MeshGateAnnouncementProtocol) ||
	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
		       cur_params.dot11MeshForwarding) ||
	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4993 4994
			cur_params.rssi_threshold) ||
	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4995 4996 4997 4998
			cur_params.ht_opmode) ||
	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4999 5000
			cur_params.dot11MeshHWMProotInterval) ||
	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5001 5002 5003 5004
			cur_params.dot11MeshHWMPconfirmationInterval) ||
	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
			cur_params.power_mode) ||
	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5005 5006 5007
			cur_params.dot11MeshAwakeWindowDuration) ||
	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
			cur_params.plink_timeout))
5008
		goto nla_put_failure;
5009 5010
	nla_nest_end(msg, pinfoattr);
	genlmsg_end(msg, hdr);
5011
	return genlmsg_reply(msg, info);
5012

J
Johannes Berg 已提交
5013
 nla_put_failure:
5014
	genlmsg_cancel(msg, hdr);
5015
 out:
Y
Yuri Ershov 已提交
5016
	nlmsg_free(msg);
5017
	return -ENOBUFS;
5018 5019
}

A
Alexey Dobriyan 已提交
5020
static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5021 5022 5023 5024 5025 5026
	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5027
	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5028
	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5029
	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5030 5031 5032 5033 5034
	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5035
	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5036
	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5037
	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5038
	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5039
	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5040
	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5041 5042
	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5043 5044
	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5045
	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5046 5047
	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5048
	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5049 5050
};

5051 5052
static const struct nla_policy
	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5053
	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5054 5055
	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5056
	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5057
	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5058
	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5059
	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5060
				    .len = IEEE80211_MAX_DATA_LEN },
5061
	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5062 5063
};

5064
static int nl80211_parse_mesh_config(struct genl_info *info,
5065 5066
				     struct mesh_config *cfg,
				     u32 *mask_out)
5067 5068
{
	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5069
	u32 mask = 0;
5070

5071 5072 5073 5074 5075 5076 5077 5078 5079
#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
do {									    \
	if (tb[attr]) {							    \
		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
			return -EINVAL;					    \
		cfg->param = fn(tb[attr]);				    \
		mask |= (1 << (attr - 1));				    \
	}								    \
} while (0)
5080 5081


5082
	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5083 5084
		return -EINVAL;
	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5085
			     info->attrs[NL80211_ATTR_MESH_CONFIG],
5086
			     nl80211_meshconf_params_policy))
5087 5088 5089 5090 5091 5092 5093
		return -EINVAL;

	/* This makes sure that there aren't more than 32 mesh config
	 * parameters (otherwise our bitfield scheme would not work.) */
	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);

	/* Fill in the params struct */
5094
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5095 5096
				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
				  nla_get_u16);
5097
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5098 5099
				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
				  nla_get_u16);
5100
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5101 5102
				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
				  nla_get_u16);
5103
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5104 5105
				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
				  nla_get_u16);
5106
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5107 5108
				  mask, NL80211_MESHCONF_MAX_RETRIES,
				  nla_get_u8);
5109
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5110
				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
5111
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5112 5113
				  mask, NL80211_MESHCONF_ELEMENT_TTL,
				  nla_get_u8);
5114
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5115 5116
				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
				  nla_get_u8);
5117 5118
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
				  1, 255, mask,
5119 5120
				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
				  nla_get_u32);
5121
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5122 5123
				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
				  nla_get_u8);
5124
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5125 5126
				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
				  nla_get_u32);
5127
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5128 5129
				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
				  nla_get_u16);
5130 5131
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
				  1, 65535, mask,
5132 5133
				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
				  nla_get_u32);
5134
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5135 5136
				  1, 65535, mask,
				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5137
				  nla_get_u16);
5138
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5139 5140
				  1, 65535, mask,
				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5141
				  nla_get_u16);
5142
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5143 5144
				  dot11MeshHWMPnetDiameterTraversalTime,
				  1, 65535, mask,
5145 5146
				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
				  nla_get_u16);
5147 5148 5149 5150 5151
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
				  nla_get_u8);
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5152
				  nla_get_u16);
5153
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5154 5155
				  dot11MeshGateAnnouncementProtocol, 0, 1,
				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5156
				  nla_get_u8);
5157
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5158 5159
				  mask, NL80211_MESHCONF_FORWARDING,
				  nla_get_u8);
5160
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5161
				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5162
				  nla_get_s32);
5163
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5164
				  mask, NL80211_MESHCONF_HT_OPMODE,
5165 5166
				  nla_get_u16);
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5167
				  1, 65535, mask,
5168 5169
				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
				  nla_get_u32);
5170
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5171
				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5172 5173
				  nla_get_u16);
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5174 5175
				  dot11MeshHWMPconfirmationInterval,
				  1, 65535, mask,
5176
				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5177
				  nla_get_u16);
5178 5179 5180 5181 5182 5183 5184 5185
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
				  NL80211_MESH_POWER_ACTIVE,
				  NL80211_MESH_POWER_MAX,
				  mask, NL80211_MESHCONF_POWER_MODE,
				  nla_get_u32);
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
				  0, 65535, mask,
				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5186 5187 5188
	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
				  nla_get_u32);
5189 5190
	if (mask_out)
		*mask_out = mask;
5191

5192 5193 5194 5195 5196
	return 0;

#undef FILL_IN_MESH_PARAM_IF_SET
}

5197 5198 5199
static int nl80211_parse_mesh_setup(struct genl_info *info,
				     struct mesh_setup *setup)
{
5200
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5201 5202 5203 5204 5205 5206 5207 5208 5209
	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];

	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
		return -EINVAL;
	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
			     info->attrs[NL80211_ATTR_MESH_SETUP],
			     nl80211_mesh_setup_params_policy))
		return -EINVAL;

5210 5211 5212 5213 5214 5215
	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
		setup->sync_method =
		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
		 IEEE80211_SYNC_METHOD_VENDOR :
		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;

5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227
	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
		setup->path_sel_proto =
		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
		 IEEE80211_PATH_PROTOCOL_VENDOR :
		 IEEE80211_PATH_PROTOCOL_HWMP;

	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
		setup->path_metric =
		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
		 IEEE80211_PATH_METRIC_VENDOR :
		 IEEE80211_PATH_METRIC_AIRTIME;

5228 5229

	if (tb[NL80211_MESH_SETUP_IE]) {
5230
		struct nlattr *ieattr =
5231
			tb[NL80211_MESH_SETUP_IE];
5232 5233
		if (!is_valid_ie_attr(ieattr))
			return -EINVAL;
5234 5235
		setup->ie = nla_data(ieattr);
		setup->ie_len = nla_len(ieattr);
5236
	}
5237 5238 5239 5240
	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
		return -EINVAL;
	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5241 5242
	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5243 5244
	if (setup->is_secure)
		setup->user_mpm = true;
5245

5246 5247 5248 5249 5250 5251 5252
	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
		if (!setup->user_mpm)
			return -EINVAL;
		setup->auth_id =
			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
	}

5253 5254 5255
	return 0;
}

5256
static int nl80211_update_mesh_config(struct sk_buff *skb,
5257
				      struct genl_info *info)
5258 5259 5260
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
5261
	struct wireless_dev *wdev = dev->ieee80211_ptr;
5262 5263 5264 5265
	struct mesh_config cfg;
	u32 mask;
	int err;

5266 5267 5268
	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
		return -EOPNOTSUPP;

5269
	if (!rdev->ops->update_mesh_config)
5270 5271
		return -EOPNOTSUPP;

5272
	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5273 5274 5275
	if (err)
		return err;

5276 5277 5278 5279 5280
	wdev_lock(wdev);
	if (!wdev->mesh_id_len)
		err = -ENOLINK;

	if (!err)
5281
		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5282 5283 5284 5285

	wdev_unlock(wdev);

	return err;
5286 5287
}

5288 5289
static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
{
5290
	const struct ieee80211_regdomain *regdom;
5291 5292 5293 5294 5295 5296
	struct sk_buff *msg;
	void *hdr = NULL;
	struct nlattr *nl_reg_rules;
	unsigned int i;

	if (!cfg80211_regdomain)
5297
		return -EINVAL;
5298

5299
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5300 5301
	if (!msg)
		return -ENOBUFS;
5302

5303
	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5304 5305
			     NL80211_CMD_GET_REG);
	if (!hdr)
5306
		goto put_failure;
5307

5308 5309 5310 5311 5312
	if (reg_last_request_cell_base() &&
	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
			NL80211_USER_REG_HINT_CELL_BASE))
		goto nla_put_failure;

5313 5314 5315 5316 5317 5318 5319 5320
	rcu_read_lock();
	regdom = rcu_dereference(cfg80211_regdomain);

	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
	    (regdom->dfs_region &&
	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
		goto nla_put_failure_rcu;

5321 5322
	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
	if (!nl_reg_rules)
5323
		goto nla_put_failure_rcu;
5324

5325
	for (i = 0; i < regdom->n_reg_rules; i++) {
5326 5327 5328 5329
		struct nlattr *nl_reg_rule;
		const struct ieee80211_reg_rule *reg_rule;
		const struct ieee80211_freq_range *freq_range;
		const struct ieee80211_power_rule *power_rule;
5330
		unsigned int max_bandwidth_khz;
5331

5332
		reg_rule = &regdom->reg_rules[i];
5333 5334 5335 5336 5337
		freq_range = &reg_rule->freq_range;
		power_rule = &reg_rule->power_rule;

		nl_reg_rule = nla_nest_start(msg, i);
		if (!nl_reg_rule)
5338
			goto nla_put_failure_rcu;
5339

5340 5341 5342 5343 5344
		max_bandwidth_khz = freq_range->max_bandwidth_khz;
		if (!max_bandwidth_khz)
			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
								  reg_rule);

5345 5346 5347 5348 5349 5350 5351
		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
				reg_rule->flags) ||
		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
				freq_range->start_freq_khz) ||
		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
				freq_range->end_freq_khz) ||
		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5352
				max_bandwidth_khz) ||
5353 5354 5355
		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
				power_rule->max_antenna_gain) ||
		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5356 5357 5358
				power_rule->max_eirp) ||
		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
				reg_rule->dfs_cac_ms))
5359
			goto nla_put_failure_rcu;
5360 5361 5362

		nla_nest_end(msg, nl_reg_rule);
	}
5363
	rcu_read_unlock();
5364 5365 5366 5367

	nla_nest_end(msg, nl_reg_rules);

	genlmsg_end(msg, hdr);
5368
	return genlmsg_reply(msg, info);
5369

5370 5371
nla_put_failure_rcu:
	rcu_read_unlock();
5372 5373
nla_put_failure:
	genlmsg_cancel(msg, hdr);
5374
put_failure:
Y
Yuri Ershov 已提交
5375
	nlmsg_free(msg);
5376
	return -EMSGSIZE;
5377 5378
}

5379 5380 5381 5382 5383 5384 5385
static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
{
	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
	struct nlattr *nl_reg_rule;
	char *alpha2 = NULL;
	int rem_reg_rules = 0, r = 0;
	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5386
	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5387 5388 5389 5390 5391 5392 5393 5394 5395 5396
	struct ieee80211_regdomain *rd = NULL;

	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_REG_RULES])
		return -EINVAL;

	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);

5397 5398 5399
	if (info->attrs[NL80211_ATTR_DFS_REGION])
		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);

5400
	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
J
Johannes Berg 已提交
5401
			    rem_reg_rules) {
5402 5403
		num_rules++;
		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5404
			return -EINVAL;
5405 5406
	}

5407 5408 5409
	if (!reg_is_valid_request(alpha2))
		return -EINVAL;

5410
	size_of_regd = sizeof(struct ieee80211_regdomain) +
J
Johannes Berg 已提交
5411
		       num_rules * sizeof(struct ieee80211_reg_rule);
5412 5413

	rd = kzalloc(size_of_regd, GFP_KERNEL);
5414 5415
	if (!rd)
		return -ENOMEM;
5416 5417 5418 5419 5420

	rd->n_reg_rules = num_rules;
	rd->alpha2[0] = alpha2[0];
	rd->alpha2[1] = alpha2[1];

5421 5422 5423 5424 5425 5426 5427
	/*
	 * Disable DFS master mode if the DFS region was
	 * not supported or known on this kernel.
	 */
	if (reg_supported_dfs_region(dfs_region))
		rd->dfs_region = dfs_region;

5428
	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
J
Johannes Berg 已提交
5429
			    rem_reg_rules) {
5430 5431 5432 5433 5434
		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
			      reg_rule_policy);
		if (r)
			goto bad_reg;
5435 5436 5437 5438 5439 5440
		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
		if (r)
			goto bad_reg;

		rule_idx++;

5441 5442
		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
			r = -EINVAL;
5443
			goto bad_reg;
5444
		}
5445 5446 5447
	}

	r = set_regdom(rd);
5448
	/* set_regdom took ownership */
J
Johannes Berg 已提交
5449
	rd = NULL;
5450

5451
 bad_reg:
5452
	kfree(rd);
5453
	return r;
5454 5455
}

5456 5457 5458 5459 5460 5461 5462 5463 5464 5465 5466 5467 5468 5469 5470 5471 5472 5473 5474 5475 5476 5477 5478 5479 5480
static int validate_scan_freqs(struct nlattr *freqs)
{
	struct nlattr *attr1, *attr2;
	int n_channels = 0, tmp1, tmp2;

	nla_for_each_nested(attr1, freqs, tmp1) {
		n_channels++;
		/*
		 * Some hardware has a limited channel list for
		 * scanning, and it is pretty much nonsensical
		 * to scan for a channel twice, so disallow that
		 * and don't require drivers to check that the
		 * channel list they get isn't longer than what
		 * they can scan, as long as they can scan all
		 * the channels they registered at once.
		 */
		nla_for_each_nested(attr2, freqs, tmp2)
			if (attr1 != attr2 &&
			    nla_get_u32(attr1) == nla_get_u32(attr2))
				return 0;
	}

	return n_channels;
}

5481 5482
static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
{
5483
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
J
Johannes Berg 已提交
5484
	struct wireless_dev *wdev = info->user_ptr[1];
5485 5486 5487
	struct cfg80211_scan_request *request;
	struct nlattr *attr;
	struct wiphy *wiphy;
5488
	int err, tmp, n_ssids = 0, n_channels, i;
5489
	size_t ie_len;
5490

5491 5492 5493
	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

5494
	wiphy = &rdev->wiphy;
5495

5496 5497
	if (!rdev->ops->scan)
		return -EOPNOTSUPP;
5498

5499
	if (rdev->scan_req || rdev->scan_msg) {
5500 5501 5502
		err = -EBUSY;
		goto unlock;
	}
5503 5504

	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5505 5506
		n_channels = validate_scan_freqs(
				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5507 5508 5509 5510
		if (!n_channels) {
			err = -EINVAL;
			goto unlock;
		}
5511
	} else {
5512
		n_channels = ieee80211_get_num_supported_channels(wiphy);
5513 5514 5515 5516 5517 5518
	}

	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
			n_ssids++;

5519 5520 5521 5522
	if (n_ssids > wiphy->max_scan_ssids) {
		err = -EINVAL;
		goto unlock;
	}
5523

5524 5525 5526 5527 5528
	if (info->attrs[NL80211_ATTR_IE])
		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
	else
		ie_len = 0;

5529 5530 5531 5532
	if (ie_len > wiphy->max_scan_ie_len) {
		err = -EINVAL;
		goto unlock;
	}
5533

5534
	request = kzalloc(sizeof(*request)
5535 5536
			+ sizeof(*request->ssids) * n_ssids
			+ sizeof(*request->channels) * n_channels
5537
			+ ie_len, GFP_KERNEL);
5538 5539 5540 5541
	if (!request) {
		err = -ENOMEM;
		goto unlock;
	}
5542 5543

	if (n_ssids)
5544
		request->ssids = (void *)&request->channels[n_channels];
5545
	request->n_ssids = n_ssids;
5546 5547 5548 5549 5550 5551
	if (ie_len) {
		if (request->ssids)
			request->ie = (void *)(request->ssids + n_ssids);
		else
			request->ie = (void *)(request->channels + n_channels);
	}
5552

J
Johannes Berg 已提交
5553
	i = 0;
5554 5555 5556
	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
		/* user specified, bail out if channel not found */
		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
J
Johannes Berg 已提交
5557 5558 5559 5560 5561
			struct ieee80211_channel *chan;

			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));

			if (!chan) {
5562 5563 5564
				err = -EINVAL;
				goto out_free;
			}
J
Johannes Berg 已提交
5565 5566 5567 5568 5569 5570

			/* ignore disabled channels */
			if (chan->flags & IEEE80211_CHAN_DISABLED)
				continue;

			request->channels[i] = chan;
5571 5572 5573
			i++;
		}
	} else {
5574 5575
		enum ieee80211_band band;

5576 5577 5578 5579 5580 5581
		/* all channels */
		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
			int j;
			if (!wiphy->bands[band])
				continue;
			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
J
Johannes Berg 已提交
5582 5583 5584 5585 5586 5587 5588 5589
				struct ieee80211_channel *chan;

				chan = &wiphy->bands[band]->channels[j];

				if (chan->flags & IEEE80211_CHAN_DISABLED)
					continue;

				request->channels[i] = chan;
5590 5591 5592 5593 5594
				i++;
			}
		}
	}

J
Johannes Berg 已提交
5595 5596 5597 5598 5599 5600 5601
	if (!i) {
		err = -EINVAL;
		goto out_free;
	}

	request->n_channels = i;

5602 5603 5604
	i = 0;
	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5605
			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5606 5607 5608
				err = -EINVAL;
				goto out_free;
			}
5609
			request->ssids[i].ssid_len = nla_len(attr);
5610 5611 5612 5613 5614
			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
			i++;
		}
	}

5615 5616
	if (info->attrs[NL80211_ATTR_IE]) {
		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5617 5618
		memcpy((void *)request->ie,
		       nla_data(info->attrs[NL80211_ATTR_IE]),
5619 5620 5621
		       request->ie_len);
	}

5622
	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5623 5624 5625
		if (wiphy->bands[i])
			request->rates[i] =
				(1 << wiphy->bands[i]->n_bitrates) - 1;
5626 5627 5628 5629 5630 5631 5632

	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
		nla_for_each_nested(attr,
				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
				    tmp) {
			enum ieee80211_band band = nla_type(attr);

5633
			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5634 5635 5636
				err = -EINVAL;
				goto out_free;
			}
5637 5638 5639 5640

			if (!wiphy->bands[band])
				continue;

5641 5642 5643 5644 5645 5646 5647 5648 5649
			err = ieee80211_get_ratemask(wiphy->bands[band],
						     nla_data(attr),
						     nla_len(attr),
						     &request->rates[band]);
			if (err)
				goto out_free;
		}
	}

5650
	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5651 5652
		request->flags = nla_get_u32(
			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5653 5654
		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5655 5656 5657 5658
			err = -EOPNOTSUPP;
			goto out_free;
		}
	}
5659

5660 5661 5662
	request->no_cck =
		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);

J
Johannes Berg 已提交
5663
	request->wdev = wdev;
5664
	request->wiphy = &rdev->wiphy;
5665
	request->scan_start = jiffies;
5666

5667
	rdev->scan_req = request;
5668
	err = rdev_scan(rdev, request);
5669

5670
	if (!err) {
J
Johannes Berg 已提交
5671 5672 5673
		nl80211_send_scan_start(rdev, wdev);
		if (wdev->netdev)
			dev_hold(wdev->netdev);
5674
	} else {
5675
 out_free:
5676
		rdev->scan_req = NULL;
5677 5678
		kfree(request);
	}
J
Johannes Berg 已提交
5679

5680
 unlock:
5681 5682 5683
	return err;
}

5684 5685 5686 5687 5688 5689 5690 5691
static int nl80211_start_sched_scan(struct sk_buff *skb,
				    struct genl_info *info)
{
	struct cfg80211_sched_scan_request *request;
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct nlattr *attr;
	struct wiphy *wiphy;
5692
	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5693
	u32 interval;
5694 5695
	enum ieee80211_band band;
	size_t ie_len;
5696
	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5697
	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5698 5699 5700 5701 5702 5703 5704 5705

	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
	    !rdev->ops->sched_scan_start)
		return -EOPNOTSUPP;

	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

5706 5707 5708 5709 5710 5711 5712
	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
		return -EINVAL;

	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
	if (interval == 0)
		return -EINVAL;

5713 5714 5715 5716 5717 5718 5719 5720
	wiphy = &rdev->wiphy;

	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
		n_channels = validate_scan_freqs(
				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
		if (!n_channels)
			return -EINVAL;
	} else {
5721
		n_channels = ieee80211_get_num_supported_channels(wiphy);
5722 5723 5724 5725 5726 5727 5728
	}

	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
				    tmp)
			n_ssids++;

5729
	if (n_ssids > wiphy->max_sched_scan_ssids)
5730 5731
		return -EINVAL;

5732 5733 5734 5735 5736 5737 5738 5739 5740 5741
	/*
	 * First, count the number of 'real' matchsets. Due to an issue with
	 * the old implementation, matchsets containing only the RSSI attribute
	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
	 * RSSI for all matchsets, rather than their own matchset for reporting
	 * all APs with a strong RSSI. This is needed to be compatible with
	 * older userspace that treated a matchset with only the RSSI as the
	 * global RSSI for all other matchsets - if there are other matchsets.
	 */
	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5742 5743
		nla_for_each_nested(attr,
				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5744 5745 5746 5747 5748 5749 5750 5751 5752 5753 5754 5755 5756 5757 5758 5759 5760 5761 5762 5763 5764 5765
				    tmp) {
			struct nlattr *rssi;

			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
					nla_data(attr), nla_len(attr),
					nl80211_match_policy);
			if (err)
				return err;
			/* add other standalone attributes here */
			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
				n_match_sets++;
				continue;
			}
			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
			if (rssi)
				default_match_rssi = nla_get_s32(rssi);
		}
	}

	/* However, if there's no other matchset, add the RSSI one */
	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
		n_match_sets = 1;
5766 5767 5768 5769

	if (n_match_sets > wiphy->max_match_sets)
		return -EINVAL;

5770 5771 5772 5773 5774
	if (info->attrs[NL80211_ATTR_IE])
		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
	else
		ie_len = 0;

5775
	if (ie_len > wiphy->max_sched_scan_ie_len)
5776 5777
		return -EINVAL;

5778 5779 5780 5781 5782
	if (rdev->sched_scan_req) {
		err = -EINPROGRESS;
		goto out;
	}

5783
	request = kzalloc(sizeof(*request)
5784
			+ sizeof(*request->ssids) * n_ssids
5785
			+ sizeof(*request->match_sets) * n_match_sets
5786
			+ sizeof(*request->channels) * n_channels
5787
			+ ie_len, GFP_KERNEL);
5788 5789 5790 5791
	if (!request) {
		err = -ENOMEM;
		goto out;
	}
5792 5793 5794 5795 5796 5797 5798 5799 5800 5801 5802

	if (n_ssids)
		request->ssids = (void *)&request->channels[n_channels];
	request->n_ssids = n_ssids;
	if (ie_len) {
		if (request->ssids)
			request->ie = (void *)(request->ssids + n_ssids);
		else
			request->ie = (void *)(request->channels + n_channels);
	}

5803 5804 5805 5806 5807 5808 5809 5810 5811 5812 5813 5814
	if (n_match_sets) {
		if (request->ie)
			request->match_sets = (void *)(request->ie + ie_len);
		else if (request->ssids)
			request->match_sets =
				(void *)(request->ssids + n_ssids);
		else
			request->match_sets =
				(void *)(request->channels + n_channels);
	}
	request->n_match_sets = n_match_sets;

5815 5816 5817 5818 5819 5820 5821 5822 5823 5824 5825 5826 5827 5828 5829 5830 5831 5832 5833 5834 5835 5836 5837 5838 5839 5840 5841 5842 5843 5844 5845 5846 5847 5848 5849 5850 5851 5852 5853 5854 5855 5856 5857 5858 5859 5860 5861 5862 5863 5864 5865 5866 5867
	i = 0;
	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
		/* user specified, bail out if channel not found */
		nla_for_each_nested(attr,
				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
				    tmp) {
			struct ieee80211_channel *chan;

			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));

			if (!chan) {
				err = -EINVAL;
				goto out_free;
			}

			/* ignore disabled channels */
			if (chan->flags & IEEE80211_CHAN_DISABLED)
				continue;

			request->channels[i] = chan;
			i++;
		}
	} else {
		/* all channels */
		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
			int j;
			if (!wiphy->bands[band])
				continue;
			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
				struct ieee80211_channel *chan;

				chan = &wiphy->bands[band]->channels[j];

				if (chan->flags & IEEE80211_CHAN_DISABLED)
					continue;

				request->channels[i] = chan;
				i++;
			}
		}
	}

	if (!i) {
		err = -EINVAL;
		goto out_free;
	}

	request->n_channels = i;

	i = 0;
	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
				    tmp) {
5868
			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5869 5870 5871
				err = -EINVAL;
				goto out_free;
			}
5872
			request->ssids[i].ssid_len = nla_len(attr);
5873 5874 5875 5876 5877 5878
			memcpy(request->ssids[i].ssid, nla_data(attr),
			       nla_len(attr));
			i++;
		}
	}

5879 5880 5881 5882 5883
	i = 0;
	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
		nla_for_each_nested(attr,
				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
				    tmp) {
5884
			struct nlattr *ssid, *rssi;
5885

5886 5887 5888 5889 5890
			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
					nla_data(attr), nla_len(attr),
					nl80211_match_policy);
			if (err)
				goto out_free;
5891
			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5892
			if (ssid) {
5893 5894 5895 5896 5897 5898 5899 5900 5901
				if (WARN_ON(i >= n_match_sets)) {
					/* this indicates a programming error,
					 * the loop above should have verified
					 * things properly
					 */
					err = -EINVAL;
					goto out_free;
				}

5902 5903 5904 5905 5906 5907 5908 5909
				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
					err = -EINVAL;
					goto out_free;
				}
				memcpy(request->match_sets[i].ssid.ssid,
				       nla_data(ssid), nla_len(ssid));
				request->match_sets[i].ssid.ssid_len =
					nla_len(ssid);
5910 5911 5912 5913 5914 5915 5916
				/* special attribute - old implemenation w/a */
				request->match_sets[i].rssi_thold =
					default_match_rssi;
				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
				if (rssi)
					request->match_sets[i].rssi_thold =
						nla_get_s32(rssi);
5917 5918 5919
			}
			i++;
		}
5920 5921 5922 5923 5924 5925 5926 5927 5928 5929 5930 5931

		/* there was no other matchset, so the RSSI one is alone */
		if (i == 0)
			request->match_sets[0].rssi_thold = default_match_rssi;

		request->min_rssi_thold = INT_MAX;
		for (i = 0; i < n_match_sets; i++)
			request->min_rssi_thold =
				min(request->match_sets[i].rssi_thold,
				    request->min_rssi_thold);
	} else {
		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
5932 5933
	}

5934 5935
	if (ie_len) {
		request->ie_len = ie_len;
5936 5937 5938 5939 5940
		memcpy((void *)request->ie,
		       nla_data(info->attrs[NL80211_ATTR_IE]),
		       request->ie_len);
	}

5941
	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5942 5943
		request->flags = nla_get_u32(
			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5944 5945
		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5946 5947 5948 5949
			err = -EOPNOTSUPP;
			goto out_free;
		}
	}
5950

5951 5952
	request->dev = dev;
	request->wiphy = &rdev->wiphy;
5953
	request->interval = interval;
5954
	request->scan_start = jiffies;
5955

5956
	err = rdev_sched_scan_start(rdev, dev, request);
5957 5958 5959 5960 5961 5962 5963 5964 5965 5966 5967 5968 5969 5970 5971 5972 5973 5974 5975 5976 5977 5978
	if (!err) {
		rdev->sched_scan_req = request;
		nl80211_send_sched_scan(rdev, dev,
					NL80211_CMD_START_SCHED_SCAN);
		goto out;
	}

out_free:
	kfree(request);
out:
	return err;
}

static int nl80211_stop_sched_scan(struct sk_buff *skb,
				   struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];

	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
	    !rdev->ops->sched_scan_stop)
		return -EOPNOTSUPP;

5979
	return __cfg80211_stop_sched_scan(rdev, false);
5980 5981
}

5982 5983 5984 5985 5986 5987 5988
static int nl80211_start_radar_detection(struct sk_buff *skb,
					 struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct cfg80211_chan_def chandef;
5989
	enum nl80211_dfs_regions dfs_region;
5990
	unsigned int cac_time_ms;
5991 5992
	int err;

5993 5994 5995 5996
	dfs_region = reg_get_dfs_region(wdev->wiphy);
	if (dfs_region == NL80211_DFS_UNSET)
		return -EINVAL;

5997 5998 5999 6000
	err = nl80211_parse_chandef(rdev, info, &chandef);
	if (err)
		return err;

6001 6002 6003
	if (netif_carrier_ok(dev))
		return -EBUSY;

6004 6005 6006
	if (wdev->cac_started)
		return -EBUSY;

6007
	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
6008
					    wdev->iftype);
6009 6010 6011 6012 6013 6014
	if (err < 0)
		return err;

	if (err == 0)
		return -EINVAL;

6015
	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
6016 6017 6018 6019 6020
		return -EINVAL;

	if (!rdev->ops->start_radar_detection)
		return -EOPNOTSUPP;

6021 6022 6023 6024 6025 6026
	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
	if (WARN_ON(!cac_time_ms))
		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;

	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
					       cac_time_ms);
6027
	if (!err) {
6028
		wdev->chandef = chandef;
6029 6030
		wdev->cac_started = true;
		wdev->cac_start_time = jiffies;
6031
		wdev->cac_time_ms = cac_time_ms;
6032 6033 6034 6035
	}
	return err;
}

6036 6037 6038 6039 6040 6041 6042 6043 6044 6045 6046
static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct cfg80211_csa_settings params;
	/* csa_attrs is defined static to avoid waste of stack size - this
	 * function is called under RTNL lock, so this should not be a problem.
	 */
	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
	int err;
6047
	bool need_new_beacon = false;
6048
	int len, i;
6049
	u32 cs_count;
6050 6051 6052 6053 6054

	if (!rdev->ops->channel_switch ||
	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
		return -EOPNOTSUPP;

6055 6056 6057 6058 6059 6060 6061
	switch (dev->ieee80211_ptr->iftype) {
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_P2P_GO:
		need_new_beacon = true;

		/* useless if AP is not running */
		if (!wdev->beacon_interval)
6062
			return -ENOTCONN;
6063 6064
		break;
	case NL80211_IFTYPE_ADHOC:
6065 6066 6067
		if (!wdev->ssid_len)
			return -ENOTCONN;
		break;
6068
	case NL80211_IFTYPE_MESH_POINT:
6069 6070
		if (!wdev->mesh_id_len)
			return -ENOTCONN;
6071 6072
		break;
	default:
6073
		return -EOPNOTSUPP;
6074
	}
6075 6076 6077 6078 6079 6080 6081 6082

	memset(&params, 0, sizeof(params));

	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
		return -EINVAL;

	/* only important for AP, IBSS and mesh create IEs internally */
6083
	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
6084 6085
		return -EINVAL;

6086 6087 6088 6089 6090 6091 6092 6093
	/* Even though the attribute is u32, the specification says
	 * u8, so let's make sure we don't overflow.
	 */
	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
	if (cs_count > 255)
		return -EINVAL;

	params.count = cs_count;
6094

6095 6096 6097
	if (!need_new_beacon)
		goto skip_beacons;

6098 6099 6100 6101 6102 6103 6104 6105 6106 6107 6108 6109 6110 6111 6112 6113 6114
	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
	if (err)
		return err;

	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
			       info->attrs[NL80211_ATTR_CSA_IES],
			       nl80211_policy);
	if (err)
		return err;

	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
	if (err)
		return err;

	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
		return -EINVAL;

6115 6116
	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
	if (!len || (len % sizeof(u16)))
6117 6118
		return -EINVAL;

6119 6120 6121 6122
	params.n_counter_offsets_beacon = len / sizeof(u16);
	if (rdev->wiphy.max_num_csa_counters &&
	    (params.n_counter_offsets_beacon >
	     rdev->wiphy.max_num_csa_counters))
6123 6124
		return -EINVAL;

6125 6126 6127 6128 6129 6130 6131 6132 6133 6134 6135 6136 6137 6138
	params.counter_offsets_beacon =
		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);

	/* sanity checks - counters should fit and be the same */
	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
		u16 offset = params.counter_offsets_beacon[i];

		if (offset >= params.beacon_csa.tail_len)
			return -EINVAL;

		if (params.beacon_csa.tail[offset] != params.count)
			return -EINVAL;
	}

6139
	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
6140 6141
		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
		if (!len || (len % sizeof(u16)))
6142 6143
			return -EINVAL;

6144 6145 6146 6147
		params.n_counter_offsets_presp = len / sizeof(u16);
		if (rdev->wiphy.max_num_csa_counters &&
		    (params.n_counter_offsets_beacon >
		     rdev->wiphy.max_num_csa_counters))
6148
			return -EINVAL;
6149 6150 6151 6152 6153 6154 6155 6156 6157 6158 6159 6160 6161 6162 6163

		params.counter_offsets_presp =
			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);

		/* sanity checks - counters should fit and be the same */
		for (i = 0; i < params.n_counter_offsets_presp; i++) {
			u16 offset = params.counter_offsets_presp[i];

			if (offset >= params.beacon_csa.probe_resp_len)
				return -EINVAL;

			if (params.beacon_csa.probe_resp[offset] !=
			    params.count)
				return -EINVAL;
		}
6164 6165
	}

6166
skip_beacons:
6167 6168 6169 6170
	err = nl80211_parse_chandef(rdev, info, &params.chandef);
	if (err)
		return err;

6171 6172
	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
				     wdev->iftype))
6173 6174
		return -EINVAL;

6175 6176 6177 6178 6179 6180
	err = cfg80211_chandef_dfs_required(wdev->wiphy,
					    &params.chandef,
					    wdev->iftype);
	if (err < 0)
		return err;

6181
	if (err > 0)
6182
		params.radar_required = true;
6183 6184 6185 6186

	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
		params.block_tx = true;

6187 6188 6189 6190 6191
	wdev_lock(wdev);
	err = rdev_channel_switch(rdev, dev, &params);
	wdev_unlock(wdev);

	return err;
6192 6193
}

6194 6195
static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
			    u32 seq, int flags,
6196
			    struct cfg80211_registered_device *rdev,
J
Johannes Berg 已提交
6197 6198
			    struct wireless_dev *wdev,
			    struct cfg80211_internal_bss *intbss)
6199
{
J
Johannes Berg 已提交
6200
	struct cfg80211_bss *res = &intbss->pub;
6201
	const struct cfg80211_bss_ies *ies;
6202 6203
	void *hdr;
	struct nlattr *bss;
J
Johannes Berg 已提交
6204 6205

	ASSERT_WDEV_LOCK(wdev);
6206

6207
	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6208 6209 6210 6211
			     NL80211_CMD_NEW_SCAN_RESULTS);
	if (!hdr)
		return -1;

6212 6213
	genl_dump_check_consistent(cb, hdr, &nl80211_fam);

6214 6215 6216
	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
		goto nla_put_failure;
	if (wdev->netdev &&
6217 6218
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
		goto nla_put_failure;
6219 6220
	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
		goto nla_put_failure;
6221 6222 6223 6224

	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
	if (!bss)
		goto nla_put_failure;
6225
	if ((!is_zero_ether_addr(res->bssid) &&
6226
	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6227
		goto nla_put_failure;
6228 6229

	rcu_read_lock();
6230 6231 6232 6233 6234 6235 6236 6237
	/* indicate whether we have probe response data or not */
	if (rcu_access_pointer(res->proberesp_ies) &&
	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
		goto fail_unlock_rcu;

	/* this pointer prefers to be pointed to probe response data
	 * but is always valid
	 */
6238
	ies = rcu_dereference(res->ies);
J
Johannes Berg 已提交
6239 6240 6241 6242 6243 6244
	if (ies) {
		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
			goto fail_unlock_rcu;
		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
					ies->len, ies->data))
			goto fail_unlock_rcu;
6245
	}
6246 6247

	/* and this pointer is always (unless driver didn't know) beacon data */
6248
	ies = rcu_dereference(res->beacon_ies);
6249 6250
	if (ies && ies->from_beacon) {
		if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
J
Johannes Berg 已提交
6251 6252 6253 6254
			goto fail_unlock_rcu;
		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
					ies->len, ies->data))
			goto fail_unlock_rcu;
6255 6256 6257
	}
	rcu_read_unlock();

6258 6259 6260 6261 6262
	if (res->beacon_interval &&
	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
		goto nla_put_failure;
	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6263
	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6264 6265 6266
	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
			jiffies_to_msecs(jiffies - intbss->ts)))
		goto nla_put_failure;
6267

J
Johannes Berg 已提交
6268
	switch (rdev->wiphy.signal_type) {
6269
	case CFG80211_SIGNAL_TYPE_MBM:
6270 6271
		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
			goto nla_put_failure;
6272 6273
		break;
	case CFG80211_SIGNAL_TYPE_UNSPEC:
6274 6275
		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
			goto nla_put_failure;
6276 6277 6278 6279 6280
		break;
	default:
		break;
	}

J
Johannes Berg 已提交
6281
	switch (wdev->iftype) {
6282
	case NL80211_IFTYPE_P2P_CLIENT:
J
Johannes Berg 已提交
6283
	case NL80211_IFTYPE_STATION:
6284 6285 6286 6287
		if (intbss == wdev->current_bss &&
		    nla_put_u32(msg, NL80211_BSS_STATUS,
				NL80211_BSS_STATUS_ASSOCIATED))
			goto nla_put_failure;
J
Johannes Berg 已提交
6288 6289
		break;
	case NL80211_IFTYPE_ADHOC:
6290 6291 6292 6293
		if (intbss == wdev->current_bss &&
		    nla_put_u32(msg, NL80211_BSS_STATUS,
				NL80211_BSS_STATUS_IBSS_JOINED))
			goto nla_put_failure;
J
Johannes Berg 已提交
6294 6295 6296 6297 6298
		break;
	default:
		break;
	}

6299 6300 6301 6302
	nla_nest_end(msg, bss);

	return genlmsg_end(msg, hdr);

J
Johannes Berg 已提交
6303 6304
 fail_unlock_rcu:
	rcu_read_unlock();
6305 6306 6307 6308 6309
 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
}

6310
static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6311
{
J
Johannes Berg 已提交
6312
	struct cfg80211_registered_device *rdev;
6313
	struct cfg80211_internal_bss *scan;
J
Johannes Berg 已提交
6314
	struct wireless_dev *wdev;
6315
	int start = cb->args[2], idx = 0;
6316 6317
	int err;

6318
	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6319 6320
	if (err)
		return err;
6321

J
Johannes Berg 已提交
6322 6323 6324 6325
	wdev_lock(wdev);
	spin_lock_bh(&rdev->bss_lock);
	cfg80211_bss_expire(rdev);

6326 6327
	cb->seq = rdev->bss_generation;

J
Johannes Berg 已提交
6328
	list_for_each_entry(scan, &rdev->bss_list, list) {
6329 6330
		if (++idx <= start)
			continue;
6331
		if (nl80211_send_bss(skb, cb,
6332
				cb->nlh->nlmsg_seq, NLM_F_MULTI,
J
Johannes Berg 已提交
6333
				rdev, wdev, scan) < 0) {
6334
			idx--;
6335
			break;
6336 6337 6338
		}
	}

J
Johannes Berg 已提交
6339 6340
	spin_unlock_bh(&rdev->bss_lock);
	wdev_unlock(wdev);
6341

6342 6343
	cb->args[2] = idx;
	nl80211_finish_wdev_dump(rdev);
6344

6345
	return skb->len;
6346 6347
}

6348
static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6349 6350 6351 6352 6353 6354
				int flags, struct net_device *dev,
				struct survey_info *survey)
{
	void *hdr;
	struct nlattr *infoattr;

6355
	hdr = nl80211hdr_put(msg, portid, seq, flags,
6356 6357 6358 6359
			     NL80211_CMD_NEW_SURVEY_RESULTS);
	if (!hdr)
		return -ENOMEM;

6360 6361
	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
		goto nla_put_failure;
6362 6363 6364 6365 6366

	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
	if (!infoattr)
		goto nla_put_failure;

6367 6368 6369 6370 6371 6372 6373 6374 6375 6376 6377 6378 6379 6380 6381 6382 6383 6384 6385 6386 6387 6388 6389 6390 6391 6392 6393 6394 6395 6396
	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
			survey->channel->center_freq))
		goto nla_put_failure;

	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
		goto nla_put_failure;
	if ((survey->filled & SURVEY_INFO_IN_USE) &&
	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
		goto nla_put_failure;
	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
			survey->channel_time))
		goto nla_put_failure;
	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
			survey->channel_time_busy))
		goto nla_put_failure;
	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
			survey->channel_time_ext_busy))
		goto nla_put_failure;
	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
			survey->channel_time_rx))
		goto nla_put_failure;
	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
			survey->channel_time_tx))
		goto nla_put_failure;
6397 6398 6399 6400 6401 6402 6403 6404 6405 6406 6407 6408 6409 6410

	nla_nest_end(msg, infoattr);

	return genlmsg_end(msg, hdr);

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
}

static int nl80211_dump_survey(struct sk_buff *skb,
			struct netlink_callback *cb)
{
	struct survey_info survey;
6411
	struct cfg80211_registered_device *rdev;
6412 6413
	struct wireless_dev *wdev;
	int survey_idx = cb->args[2];
6414 6415
	int res;

6416
	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6417 6418
	if (res)
		return res;
6419

6420 6421 6422 6423 6424
	if (!wdev->netdev) {
		res = -EINVAL;
		goto out_err;
	}

6425
	if (!rdev->ops->dump_survey) {
6426 6427 6428 6429 6430
		res = -EOPNOTSUPP;
		goto out_err;
	}

	while (1) {
6431 6432
		struct ieee80211_channel *chan;

6433
		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6434 6435 6436 6437 6438
		if (res == -ENOENT)
			break;
		if (res)
			goto out_err;

6439 6440 6441 6442 6443 6444
		/* Survey without a channel doesn't make sense */
		if (!survey.channel) {
			res = -EINVAL;
			goto out;
		}

6445
		chan = ieee80211_get_channel(&rdev->wiphy,
6446 6447 6448 6449 6450 6451
					     survey.channel->center_freq);
		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
			survey_idx++;
			continue;
		}

6452
		if (nl80211_send_survey(skb,
6453
				NETLINK_CB(cb->skb).portid,
6454
				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6455
				wdev->netdev, &survey) < 0)
6456 6457 6458 6459 6460
			goto out;
		survey_idx++;
	}

 out:
6461
	cb->args[2] = survey_idx;
6462 6463
	res = skb->len;
 out_err:
6464
	nl80211_finish_wdev_dump(rdev);
6465 6466 6467
	return res;
}

S
Samuel Ortiz 已提交
6468 6469 6470 6471 6472 6473
static bool nl80211_valid_wpa_versions(u32 wpa_versions)
{
	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
				  NL80211_WPA_VERSION_2));
}

6474 6475
static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
{
6476 6477
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
J
Johannes Berg 已提交
6478
	struct ieee80211_channel *chan;
6479 6480
	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
	int err, ssid_len, ie_len = 0, sae_data_len = 0;
J
Johannes Berg 已提交
6481
	enum nl80211_auth_type auth_type;
J
Johannes Berg 已提交
6482
	struct key_parse key;
6483
	bool local_state_change;
6484

6485 6486 6487 6488 6489 6490
	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

6491 6492 6493
	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
		return -EINVAL;

J
Johannes Berg 已提交
6494 6495 6496 6497 6498 6499
	if (!info->attrs[NL80211_ATTR_SSID])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
		return -EINVAL;

J
Johannes Berg 已提交
6500 6501 6502 6503 6504
	err = nl80211_parse_key(info, &key);
	if (err)
		return err;

	if (key.idx >= 0) {
6505 6506
		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
			return -EINVAL;
J
Johannes Berg 已提交
6507 6508 6509 6510 6511 6512 6513 6514 6515 6516 6517 6518 6519 6520
		if (!key.p.key || !key.p.key_len)
			return -EINVAL;
		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
		     key.p.key_len != WLAN_KEY_LEN_WEP104))
			return -EINVAL;
		if (key.idx > 4)
			return -EINVAL;
	} else {
		key.p.key_len = 0;
		key.p.key = NULL;
	}

6521 6522 6523 6524 6525 6526 6527 6528 6529
	if (key.idx >= 0) {
		int i;
		bool ok = false;
		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
				ok = true;
				break;
			}
		}
6530 6531
		if (!ok)
			return -EINVAL;
6532 6533
	}

6534 6535
	if (!rdev->ops->auth)
		return -EOPNOTSUPP;
6536

6537
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6538 6539
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
6540

J
Johannes Berg 已提交
6541
	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6542 6543 6544
	chan = nl80211_get_valid_chan(&rdev->wiphy,
				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
	if (!chan)
6545
		return -EINVAL;
6546

J
Johannes Berg 已提交
6547 6548
	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6549 6550

	if (info->attrs[NL80211_ATTR_IE]) {
J
Johannes Berg 已提交
6551 6552
		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6553 6554
	}

J
Johannes Berg 已提交
6555
	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6556
	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6557
		return -EINVAL;
6558

6559 6560 6561 6562 6563 6564 6565 6566 6567 6568 6569 6570 6571 6572
	if (auth_type == NL80211_AUTHTYPE_SAE &&
	    !info->attrs[NL80211_ATTR_SAE_DATA])
		return -EINVAL;

	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
		if (auth_type != NL80211_AUTHTYPE_SAE)
			return -EINVAL;
		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
		/* need to include at least Auth Transaction and Status Code */
		if (sae_data_len < 4)
			return -EINVAL;
	}

6573 6574
	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];

6575 6576 6577 6578 6579 6580 6581
	/*
	 * Since we no longer track auth state, ignore
	 * requests to only change local state.
	 */
	if (local_state_change)
		return 0;

6582 6583 6584 6585 6586 6587 6588
	wdev_lock(dev->ieee80211_ptr);
	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
				 ssid, ssid_len, ie, ie_len,
				 key.p.key, key.p.key_len, key.idx,
				 sae_data, sae_data_len);
	wdev_unlock(dev->ieee80211_ptr);
	return err;
6589 6590
}

6591 6592
static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
				   struct genl_info *info,
6593 6594
				   struct cfg80211_crypto_settings *settings,
				   int cipher_limit)
S
Samuel Ortiz 已提交
6595
{
6596 6597
	memset(settings, 0, sizeof(*settings));

S
Samuel Ortiz 已提交
6598 6599
	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];

6600 6601 6602 6603 6604 6605 6606 6607 6608 6609 6610 6611 6612
	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
		u16 proto;
		proto = nla_get_u16(
			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
		settings->control_port_ethertype = cpu_to_be16(proto);
		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
		    proto != ETH_P_PAE)
			return -EINVAL;
		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
			settings->control_port_no_encrypt = true;
	} else
		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);

S
Samuel Ortiz 已提交
6613 6614 6615 6616 6617 6618 6619 6620 6621 6622 6623
	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
		void *data;
		int len, i;

		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
		settings->n_ciphers_pairwise = len / sizeof(u32);

		if (len % sizeof(u32))
			return -EINVAL;

6624
		if (settings->n_ciphers_pairwise > cipher_limit)
S
Samuel Ortiz 已提交
6625 6626 6627 6628 6629
			return -EINVAL;

		memcpy(settings->ciphers_pairwise, data, len);

		for (i = 0; i < settings->n_ciphers_pairwise; i++)
6630 6631
			if (!cfg80211_supported_cipher_suite(
					&rdev->wiphy,
S
Samuel Ortiz 已提交
6632 6633 6634 6635 6636 6637 6638
					settings->ciphers_pairwise[i]))
				return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
		settings->cipher_group =
			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6639 6640
		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
						     settings->cipher_group))
S
Samuel Ortiz 已提交
6641 6642 6643 6644 6645 6646 6647 6648 6649 6650 6651 6652
			return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
		settings->wpa_versions =
			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
			return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
		void *data;
6653
		int len;
S
Samuel Ortiz 已提交
6654 6655 6656 6657 6658 6659 6660 6661

		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
		settings->n_akm_suites = len / sizeof(u32);

		if (len % sizeof(u32))
			return -EINVAL;

6662 6663 6664
		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
			return -EINVAL;

S
Samuel Ortiz 已提交
6665 6666 6667 6668 6669 6670
		memcpy(settings->akm_suites, data, len);
	}

	return 0;
}

6671 6672
static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
{
6673 6674
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
6675
	struct ieee80211_channel *chan;
6676 6677 6678
	struct cfg80211_assoc_request req = {};
	const u8 *bssid, *ssid;
	int err, ssid_len = 0;
6679

6680 6681 6682 6683
	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_MAC] ||
J
Johannes Berg 已提交
6684 6685
	    !info->attrs[NL80211_ATTR_SSID] ||
	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6686 6687
		return -EINVAL;

6688 6689
	if (!rdev->ops->assoc)
		return -EOPNOTSUPP;
6690

6691
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6692 6693
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
6694

J
Johannes Berg 已提交
6695
	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6696

6697 6698 6699
	chan = nl80211_get_valid_chan(&rdev->wiphy,
				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
	if (!chan)
6700
		return -EINVAL;
6701

J
Johannes Berg 已提交
6702 6703
	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6704 6705

	if (info->attrs[NL80211_ATTR_IE]) {
6706 6707
		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6708 6709
	}

6710
	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6711
		enum nl80211_mfp mfp =
6712
			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6713
		if (mfp == NL80211_MFP_REQUIRED)
6714
			req.use_mfp = true;
6715 6716
		else if (mfp != NL80211_MFP_NO)
			return -EINVAL;
6717 6718
	}

6719
	if (info->attrs[NL80211_ATTR_PREV_BSSID])
6720
		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6721

6722
	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6723
		req.flags |= ASSOC_REQ_DISABLE_HT;
6724 6725

	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6726 6727 6728
		memcpy(&req.ht_capa_mask,
		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
		       sizeof(req.ht_capa_mask));
6729 6730

	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6731
		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6732
			return -EINVAL;
6733 6734 6735
		memcpy(&req.ht_capa,
		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
		       sizeof(req.ht_capa));
6736 6737
	}

6738
	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6739
		req.flags |= ASSOC_REQ_DISABLE_VHT;
6740 6741

	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6742 6743 6744
		memcpy(&req.vht_capa_mask,
		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
		       sizeof(req.vht_capa_mask));
6745 6746

	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6747
		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6748
			return -EINVAL;
6749 6750 6751
		memcpy(&req.vht_capa,
		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
		       sizeof(req.vht_capa));
6752 6753
	}

6754 6755 6756 6757 6758 6759 6760 6761
	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
		if (!(rdev->wiphy.features &
		      NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
		    !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
			return -EINVAL;
		req.flags |= ASSOC_REQ_USE_RRM;
	}

6762
	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6763 6764
	if (!err) {
		wdev_lock(dev->ieee80211_ptr);
6765 6766
		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
					  ssid, ssid_len, &req);
6767 6768
		wdev_unlock(dev->ieee80211_ptr);
	}
6769 6770 6771 6772 6773 6774

	return err;
}

static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
{
6775 6776
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
J
Johannes Berg 已提交
6777
	const u8 *ie = NULL, *bssid;
6778
	int ie_len = 0, err;
J
Johannes Berg 已提交
6779
	u16 reason_code;
6780
	bool local_state_change;
6781

6782 6783 6784 6785 6786 6787 6788 6789 6790
	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_REASON_CODE])
		return -EINVAL;

6791 6792
	if (!rdev->ops->deauth)
		return -EOPNOTSUPP;
6793

6794
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6795 6796
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
6797

J
Johannes Berg 已提交
6798
	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6799

J
Johannes Berg 已提交
6800 6801
	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
	if (reason_code == 0) {
6802
		/* Reason Code 0 is reserved */
6803
		return -EINVAL;
6804
	}
6805 6806

	if (info->attrs[NL80211_ATTR_IE]) {
J
Johannes Berg 已提交
6807 6808
		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6809 6810
	}

6811 6812
	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];

6813 6814 6815 6816 6817
	wdev_lock(dev->ieee80211_ptr);
	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
				   local_state_change);
	wdev_unlock(dev->ieee80211_ptr);
	return err;
6818 6819 6820 6821
}

static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
{
6822 6823
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
J
Johannes Berg 已提交
6824
	const u8 *ie = NULL, *bssid;
6825
	int ie_len = 0, err;
J
Johannes Berg 已提交
6826
	u16 reason_code;
6827
	bool local_state_change;
6828

6829 6830 6831 6832 6833 6834 6835 6836 6837
	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_REASON_CODE])
		return -EINVAL;

6838 6839
	if (!rdev->ops->disassoc)
		return -EOPNOTSUPP;
6840

6841
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6842 6843
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
6844

J
Johannes Berg 已提交
6845
	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6846

J
Johannes Berg 已提交
6847 6848
	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
	if (reason_code == 0) {
6849
		/* Reason Code 0 is reserved */
6850
		return -EINVAL;
6851
	}
6852 6853

	if (info->attrs[NL80211_ATTR_IE]) {
J
Johannes Berg 已提交
6854 6855
		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6856 6857
	}

6858 6859
	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];

6860 6861 6862 6863 6864
	wdev_lock(dev->ieee80211_ptr);
	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
				     local_state_change);
	wdev_unlock(dev->ieee80211_ptr);
	return err;
6865 6866
}

6867 6868 6869 6870 6871 6872 6873 6874 6875 6876 6877 6878 6879 6880 6881 6882 6883 6884 6885 6886 6887 6888 6889 6890 6891 6892 6893 6894
static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
			 int mcast_rate[IEEE80211_NUM_BANDS],
			 int rateval)
{
	struct wiphy *wiphy = &rdev->wiphy;
	bool found = false;
	int band, i;

	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
		struct ieee80211_supported_band *sband;

		sband = wiphy->bands[band];
		if (!sband)
			continue;

		for (i = 0; i < sband->n_bitrates; i++) {
			if (sband->bitrates[i].bitrate == rateval) {
				mcast_rate[band] = i + 1;
				found = true;
				break;
			}
		}
	}

	return found;
}

J
Johannes Berg 已提交
6895 6896
static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
{
6897 6898
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
J
Johannes Berg 已提交
6899 6900
	struct cfg80211_ibss_params ibss;
	struct wiphy *wiphy;
J
Johannes Berg 已提交
6901
	struct cfg80211_cached_keys *connkeys = NULL;
J
Johannes Berg 已提交
6902 6903
	int err;

6904 6905
	memset(&ibss, 0, sizeof(ibss));

J
Johannes Berg 已提交
6906 6907 6908
	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

6909
	if (!info->attrs[NL80211_ATTR_SSID] ||
J
Johannes Berg 已提交
6910 6911 6912
	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
		return -EINVAL;

6913 6914 6915 6916 6917 6918 6919 6920 6921
	ibss.beacon_interval = 100;

	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
		ibss.beacon_interval =
			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
			return -EINVAL;
	}

6922 6923
	if (!rdev->ops->join_ibss)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
6924

6925 6926
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
6927

6928
	wiphy = &rdev->wiphy;
J
Johannes Berg 已提交
6929

J
Johannes Berg 已提交
6930
	if (info->attrs[NL80211_ATTR_MAC]) {
J
Johannes Berg 已提交
6931
		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
J
Johannes Berg 已提交
6932 6933 6934 6935

		if (!is_valid_ether_addr(ibss.bssid))
			return -EINVAL;
	}
J
Johannes Berg 已提交
6936 6937 6938 6939 6940 6941 6942 6943
	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);

	if (info->attrs[NL80211_ATTR_IE]) {
		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
	}

6944 6945 6946
	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
	if (err)
		return err;
J
Johannes Berg 已提交
6947

6948 6949
	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
				     NL80211_IFTYPE_ADHOC))
6950 6951
		return -EINVAL;

6952
	switch (ibss.chandef.width) {
6953 6954
	case NL80211_CHAN_WIDTH_5:
	case NL80211_CHAN_WIDTH_10:
6955 6956 6957 6958 6959 6960 6961
	case NL80211_CHAN_WIDTH_20_NOHT:
		break;
	case NL80211_CHAN_WIDTH_20:
	case NL80211_CHAN_WIDTH_40:
		if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
			break;
	default:
6962
		return -EINVAL;
6963
	}
6964

J
Johannes Berg 已提交
6965
	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
J
Johannes Berg 已提交
6966 6967
	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];

6968 6969 6970 6971 6972 6973
	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
		u8 *rates =
			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
		int n_rates =
			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
		struct ieee80211_supported_band *sband =
6974
			wiphy->bands[ibss.chandef.chan->band];
6975

6976 6977 6978 6979
		err = ieee80211_get_ratemask(sband, rates, n_rates,
					     &ibss.basic_rates);
		if (err)
			return err;
6980
	}
6981

6982 6983 6984 6985 6986 6987 6988 6989 6990 6991 6992 6993 6994
	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
		memcpy(&ibss.ht_capa_mask,
		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
		       sizeof(ibss.ht_capa_mask));

	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
			return -EINVAL;
		memcpy(&ibss.ht_capa,
		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
		       sizeof(ibss.ht_capa));
	}

6995 6996 6997 6998
	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
		return -EINVAL;
6999

7000
	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7001 7002
		bool no_ht = false;

7003
		connkeys = nl80211_parse_connkeys(rdev,
7004 7005
					  info->attrs[NL80211_ATTR_KEYS],
					  &no_ht);
7006 7007
		if (IS_ERR(connkeys))
			return PTR_ERR(connkeys);
7008

7009 7010
		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
		    no_ht) {
7011 7012 7013
			kfree(connkeys);
			return -EINVAL;
		}
7014
	}
J
Johannes Berg 已提交
7015

7016 7017 7018
	ibss.control_port =
		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);

7019 7020 7021
	ibss.userspace_handles_dfs =
		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);

7022
	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
J
Johannes Berg 已提交
7023
	if (err)
7024
		kzfree(connkeys);
J
Johannes Berg 已提交
7025 7026 7027 7028 7029
	return err;
}

static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
{
7030 7031
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
J
Johannes Berg 已提交
7032

7033 7034
	if (!rdev->ops->leave_ibss)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
7035

7036 7037
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
		return -EOPNOTSUPP;
J
Johannes Berg 已提交
7038

7039
	return cfg80211_leave_ibss(rdev, dev, false);
J
Johannes Berg 已提交
7040 7041
}

7042 7043 7044 7045 7046 7047 7048 7049 7050 7051 7052 7053 7054 7055 7056 7057 7058 7059 7060 7061 7062 7063 7064 7065 7066 7067 7068 7069 7070
static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	int mcast_rate[IEEE80211_NUM_BANDS];
	u32 nla_rate;
	int err;

	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
		return -EOPNOTSUPP;

	if (!rdev->ops->set_mcast_rate)
		return -EOPNOTSUPP;

	memset(mcast_rate, 0, sizeof(mcast_rate));

	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
		return -EINVAL;

	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
		return -EINVAL;

	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);

	return err;
}

J
Johannes Berg 已提交
7071 7072 7073 7074
static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
			    int approxlen, u32 portid, u32 seq,
			    enum nl80211_commands cmd,
7075 7076 7077
			    enum nl80211_attrs attr,
			    const struct nl80211_vendor_cmd_info *info,
			    gfp_t gfp)
J
Johannes Berg 已提交
7078 7079 7080 7081 7082 7083 7084 7085 7086 7087 7088 7089 7090 7091 7092 7093 7094
{
	struct sk_buff *skb;
	void *hdr;
	struct nlattr *data;

	skb = nlmsg_new(approxlen + 100, gfp);
	if (!skb)
		return NULL;

	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
	if (!hdr) {
		kfree_skb(skb);
		return NULL;
	}

	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
		goto nla_put_failure;
7095 7096 7097 7098 7099 7100 7101 7102 7103 7104

	if (info) {
		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
				info->vendor_id))
			goto nla_put_failure;
		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
				info->subcmd))
			goto nla_put_failure;
	}

J
Johannes Berg 已提交
7105 7106 7107 7108 7109 7110 7111 7112 7113 7114 7115 7116
	data = nla_nest_start(skb, attr);

	((void **)skb->cb)[0] = rdev;
	((void **)skb->cb)[1] = hdr;
	((void **)skb->cb)[2] = data;

	return skb;

 nla_put_failure:
	kfree_skb(skb);
	return NULL;
}
7117

7118 7119 7120 7121 7122 7123
struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
					   enum nl80211_commands cmd,
					   enum nl80211_attrs attr,
					   int vendor_event_idx,
					   int approxlen, gfp_t gfp)
{
7124
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
7125 7126 7127 7128 7129 7130 7131 7132 7133 7134 7135 7136 7137 7138 7139 7140 7141 7142 7143 7144 7145 7146 7147 7148 7149 7150 7151 7152 7153 7154 7155
	const struct nl80211_vendor_cmd_info *info;

	switch (cmd) {
	case NL80211_CMD_TESTMODE:
		if (WARN_ON(vendor_event_idx != -1))
			return NULL;
		info = NULL;
		break;
	case NL80211_CMD_VENDOR:
		if (WARN_ON(vendor_event_idx < 0 ||
			    vendor_event_idx >= wiphy->n_vendor_events))
			return NULL;
		info = &wiphy->vendor_events[vendor_event_idx];
		break;
	default:
		WARN_ON(1);
		return NULL;
	}

	return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
					   cmd, attr, info, gfp);
}
EXPORT_SYMBOL(__cfg80211_alloc_event_skb);

void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
{
	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
	void *hdr = ((void **)skb->cb)[1];
	struct nlattr *data = ((void **)skb->cb)[2];
	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;

7156 7157 7158
	/* clear CB data for netlink core to own from now on */
	memset(skb->cb, 0, sizeof(skb->cb));

7159 7160 7161 7162 7163 7164 7165 7166 7167 7168 7169
	nla_nest_end(skb, data);
	genlmsg_end(skb, hdr);

	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
		mcgrp = NL80211_MCGRP_VENDOR;

	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
				mcgrp, gfp);
}
EXPORT_SYMBOL(__cfg80211_send_event_skb);

7170 7171 7172
#ifdef CONFIG_NL80211_TESTMODE
static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
{
7173
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7174 7175
	struct wireless_dev *wdev =
		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
7176 7177
	int err;

7178 7179 7180 7181 7182 7183 7184 7185 7186 7187 7188 7189
	if (!rdev->ops->testmode_cmd)
		return -EOPNOTSUPP;

	if (IS_ERR(wdev)) {
		err = PTR_ERR(wdev);
		if (err != -EINVAL)
			return err;
		wdev = NULL;
	} else if (wdev->wiphy != &rdev->wiphy) {
		return -EINVAL;
	}

7190 7191 7192
	if (!info->attrs[NL80211_ATTR_TESTDATA])
		return -EINVAL;

J
Johannes Berg 已提交
7193
	rdev->cur_cmd_info = info;
7194
	err = rdev_testmode_cmd(rdev, wdev,
7195 7196
				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
J
Johannes Berg 已提交
7197
	rdev->cur_cmd_info = NULL;
7198 7199 7200 7201

	return err;
}

W
Wey-Yi Guy 已提交
7202 7203 7204
static int nl80211_testmode_dump(struct sk_buff *skb,
				 struct netlink_callback *cb)
{
7205
	struct cfg80211_registered_device *rdev;
W
Wey-Yi Guy 已提交
7206 7207 7208 7209 7210
	int err;
	long phy_idx;
	void *data = NULL;
	int data_len = 0;

7211 7212
	rtnl_lock();

W
Wey-Yi Guy 已提交
7213 7214 7215 7216 7217 7218 7219 7220 7221 7222 7223
	if (cb->args[0]) {
		/*
		 * 0 is a valid index, but not valid for args[0],
		 * so we need to offset by 1.
		 */
		phy_idx = cb->args[0] - 1;
	} else {
		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
				  nl80211_policy);
		if (err)
7224
			goto out_err;
7225

7226 7227 7228
		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
						  nl80211_fam.attrbuf);
		if (IS_ERR(rdev)) {
7229 7230
			err = PTR_ERR(rdev);
			goto out_err;
7231
		}
7232 7233 7234
		phy_idx = rdev->wiphy_idx;
		rdev = NULL;

W
Wey-Yi Guy 已提交
7235 7236 7237 7238 7239 7240 7241 7242 7243 7244
		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
			cb->args[1] =
				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
	}

	if (cb->args[1]) {
		data = nla_data((void *)cb->args[1]);
		data_len = nla_len((void *)cb->args[1]);
	}

7245 7246
	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
	if (!rdev) {
7247 7248
		err = -ENOENT;
		goto out_err;
W
Wey-Yi Guy 已提交
7249 7250
	}

7251
	if (!rdev->ops->testmode_dump) {
W
Wey-Yi Guy 已提交
7252 7253 7254 7255 7256
		err = -EOPNOTSUPP;
		goto out_err;
	}

	while (1) {
7257
		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
W
Wey-Yi Guy 已提交
7258 7259 7260 7261
					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
					   NL80211_CMD_TESTMODE);
		struct nlattr *tmdata;

7262 7263 7264
		if (!hdr)
			break;

7265
		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
W
Wey-Yi Guy 已提交
7266 7267 7268 7269 7270 7271 7272 7273 7274
			genlmsg_cancel(skb, hdr);
			break;
		}

		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
		if (!tmdata) {
			genlmsg_cancel(skb, hdr);
			break;
		}
7275
		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
W
Wey-Yi Guy 已提交
7276 7277 7278 7279 7280 7281 7282 7283 7284 7285 7286 7287 7288 7289 7290 7291 7292
		nla_nest_end(skb, tmdata);

		if (err == -ENOBUFS || err == -ENOENT) {
			genlmsg_cancel(skb, hdr);
			break;
		} else if (err) {
			genlmsg_cancel(skb, hdr);
			goto out_err;
		}

		genlmsg_end(skb, hdr);
	}

	err = skb->len;
	/* see above */
	cb->args[0] = phy_idx + 1;
 out_err:
7293
	rtnl_unlock();
W
Wey-Yi Guy 已提交
7294 7295
	return err;
}
7296 7297
#endif

S
Samuel Ortiz 已提交
7298 7299
static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
{
7300 7301
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
S
Samuel Ortiz 已提交
7302 7303
	struct cfg80211_connect_params connect;
	struct wiphy *wiphy;
J
Johannes Berg 已提交
7304
	struct cfg80211_cached_keys *connkeys = NULL;
S
Samuel Ortiz 已提交
7305 7306 7307 7308 7309 7310 7311 7312 7313 7314 7315 7316 7317 7318
	int err;

	memset(&connect, 0, sizeof(connect));

	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_SSID] ||
	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
		return -EINVAL;

	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
		connect.auth_type =
			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7319 7320
		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
					     NL80211_CMD_CONNECT))
S
Samuel Ortiz 已提交
7321 7322 7323 7324 7325 7326
			return -EINVAL;
	} else
		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;

	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];

7327
	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7328
				      NL80211_MAX_NR_CIPHER_SUITES);
S
Samuel Ortiz 已提交
7329 7330 7331
	if (err)
		return err;

7332
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7333 7334
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
S
Samuel Ortiz 已提交
7335

7336
	wiphy = &rdev->wiphy;
S
Samuel Ortiz 已提交
7337

7338 7339 7340 7341 7342 7343 7344
	connect.bg_scan_period = -1;
	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
		connect.bg_scan_period =
			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
	}

S
Samuel Ortiz 已提交
7345 7346
	if (info->attrs[NL80211_ATTR_MAC])
		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7347 7348 7349
	else if (info->attrs[NL80211_ATTR_MAC_HINT])
		connect.bssid_hint =
			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
S
Samuel Ortiz 已提交
7350 7351 7352 7353 7354 7355 7356 7357
	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);

	if (info->attrs[NL80211_ATTR_IE]) {
		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
	}

7358 7359 7360 7361 7362 7363 7364 7365 7366
	if (info->attrs[NL80211_ATTR_USE_MFP]) {
		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
		if (connect.mfp != NL80211_MFP_REQUIRED &&
		    connect.mfp != NL80211_MFP_NO)
			return -EINVAL;
	} else {
		connect.mfp = NL80211_MFP_NO;
	}

S
Samuel Ortiz 已提交
7367
	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7368 7369 7370
		connect.channel = nl80211_get_valid_chan(
			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
		if (!connect.channel)
7371 7372
			return -EINVAL;
	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7373 7374 7375
		connect.channel_hint = nl80211_get_valid_chan(
			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
		if (!connect.channel_hint)
7376
			return -EINVAL;
S
Samuel Ortiz 已提交
7377 7378
	}

J
Johannes Berg 已提交
7379 7380
	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
		connkeys = nl80211_parse_connkeys(rdev,
7381
					  info->attrs[NL80211_ATTR_KEYS], NULL);
7382 7383
		if (IS_ERR(connkeys))
			return PTR_ERR(connkeys);
J
Johannes Berg 已提交
7384 7385
	}

7386 7387 7388 7389 7390 7391 7392 7393 7394
	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
		connect.flags |= ASSOC_REQ_DISABLE_HT;

	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
		memcpy(&connect.ht_capa_mask,
		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
		       sizeof(connect.ht_capa_mask));

	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7395
		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7396
			kzfree(connkeys);
7397
			return -EINVAL;
7398
		}
7399 7400 7401 7402 7403
		memcpy(&connect.ht_capa,
		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
		       sizeof(connect.ht_capa));
	}

7404 7405 7406 7407 7408 7409 7410 7411 7412 7413
	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
		connect.flags |= ASSOC_REQ_DISABLE_VHT;

	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
		memcpy(&connect.vht_capa_mask,
		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
		       sizeof(connect.vht_capa_mask));

	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7414
			kzfree(connkeys);
7415 7416 7417 7418 7419 7420 7421
			return -EINVAL;
		}
		memcpy(&connect.vht_capa,
		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
		       sizeof(connect.vht_capa));
	}

7422 7423 7424 7425 7426 7427 7428 7429
	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
		if (!(rdev->wiphy.features &
		      NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
		    !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
			return -EINVAL;
		connect.flags |= ASSOC_REQ_USE_RRM;
	}

7430 7431 7432
	wdev_lock(dev->ieee80211_ptr);
	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
	wdev_unlock(dev->ieee80211_ptr);
J
Johannes Berg 已提交
7433
	if (err)
7434
		kzfree(connkeys);
S
Samuel Ortiz 已提交
7435 7436 7437 7438 7439
	return err;
}

static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
{
7440 7441
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
S
Samuel Ortiz 已提交
7442
	u16 reason;
7443
	int ret;
S
Samuel Ortiz 已提交
7444 7445 7446 7447 7448 7449 7450 7451 7452

	if (!info->attrs[NL80211_ATTR_REASON_CODE])
		reason = WLAN_REASON_DEAUTH_LEAVING;
	else
		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);

	if (reason == 0)
		return -EINVAL;

7453
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7454 7455
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
S
Samuel Ortiz 已提交
7456

7457 7458 7459 7460
	wdev_lock(dev->ieee80211_ptr);
	ret = cfg80211_disconnect(rdev, dev, reason, true);
	wdev_unlock(dev->ieee80211_ptr);
	return ret;
S
Samuel Ortiz 已提交
7461 7462
}

7463 7464
static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
{
7465
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7466 7467 7468 7469 7470 7471 7472 7473 7474 7475
	struct net *net;
	int err;
	u32 pid;

	if (!info->attrs[NL80211_ATTR_PID])
		return -EINVAL;

	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);

	net = get_net_ns_by_pid(pid);
7476 7477
	if (IS_ERR(net))
		return PTR_ERR(net);
7478 7479 7480 7481

	err = 0;

	/* check if anything to do */
7482 7483
	if (!net_eq(wiphy_net(&rdev->wiphy), net))
		err = cfg80211_switch_netns(rdev, net);
7484 7485 7486 7487 7488

	put_net(net);
	return err;
}

S
Samuel Ortiz 已提交
7489 7490
static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
{
7491
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
S
Samuel Ortiz 已提交
7492 7493
	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
			struct cfg80211_pmksa *pmksa) = NULL;
7494
	struct net_device *dev = info->user_ptr[1];
S
Samuel Ortiz 已提交
7495 7496 7497 7498 7499 7500 7501 7502 7503 7504 7505 7506 7507
	struct cfg80211_pmksa pmksa;

	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	if (!info->attrs[NL80211_ATTR_PMKID])
		return -EINVAL;

	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);

7508
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7509 7510
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
S
Samuel Ortiz 已提交
7511 7512 7513 7514 7515 7516 7517 7518 7519 7520 7521 7522 7523

	switch (info->genlhdr->cmd) {
	case NL80211_CMD_SET_PMKSA:
		rdev_ops = rdev->ops->set_pmksa;
		break;
	case NL80211_CMD_DEL_PMKSA:
		rdev_ops = rdev->ops->del_pmksa;
		break;
	default:
		WARN_ON(1);
		break;
	}

7524 7525
	if (!rdev_ops)
		return -EOPNOTSUPP;
S
Samuel Ortiz 已提交
7526

7527
	return rdev_ops(&rdev->wiphy, dev, &pmksa);
S
Samuel Ortiz 已提交
7528 7529 7530 7531
}

static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
{
7532 7533
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
S
Samuel Ortiz 已提交
7534

7535
	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7536 7537
	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
S
Samuel Ortiz 已提交
7538

7539 7540
	if (!rdev->ops->flush_pmksa)
		return -EOPNOTSUPP;
S
Samuel Ortiz 已提交
7541

7542
	return rdev_flush_pmksa(rdev, dev);
S
Samuel Ortiz 已提交
7543 7544
}

7545 7546 7547 7548 7549
static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	u8 action_code, dialog_token;
7550
	u32 peer_capability = 0;
7551 7552
	u16 status_code;
	u8 *peer;
7553
	bool initiator;
7554 7555 7556 7557 7558 7559 7560 7561 7562 7563 7564 7565 7566 7567 7568 7569

	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
	    !rdev->ops->tdls_mgmt)
		return -EOPNOTSUPP;

	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
	    !info->attrs[NL80211_ATTR_IE] ||
	    !info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7570
	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
7571 7572 7573
	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
		peer_capability =
			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
7574

7575
	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7576
			      dialog_token, status_code, peer_capability,
7577
			      initiator,
7578 7579
			      nla_data(info->attrs[NL80211_ATTR_IE]),
			      nla_len(info->attrs[NL80211_ATTR_IE]));
7580 7581 7582 7583 7584 7585 7586 7587 7588 7589 7590 7591 7592 7593 7594 7595 7596 7597 7598 7599
}

static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	enum nl80211_tdls_operation operation;
	u8 *peer;

	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
	    !rdev->ops->tdls_oper)
		return -EOPNOTSUPP;

	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
	    !info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);

7600
	return rdev_tdls_oper(rdev, dev, peer, operation);
7601 7602
}

7603 7604 7605
static int nl80211_remain_on_channel(struct sk_buff *skb,
				     struct genl_info *info)
{
7606
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7607
	struct wireless_dev *wdev = info->user_ptr[1];
7608
	struct cfg80211_chan_def chandef;
7609 7610 7611
	struct sk_buff *msg;
	void *hdr;
	u64 cookie;
7612
	u32 duration;
7613 7614 7615 7616 7617 7618 7619 7620
	int err;

	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
	    !info->attrs[NL80211_ATTR_DURATION])
		return -EINVAL;

	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);

7621 7622 7623 7624
	if (!rdev->ops->remain_on_channel ||
	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
		return -EOPNOTSUPP;

7625
	/*
7626 7627
	 * We should be on that channel for at least a minimum amount of
	 * time (10ms) but no longer than the driver supports.
7628
	 */
7629
	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7630
	    duration > rdev->wiphy.max_remain_on_channel_duration)
7631 7632
		return -EINVAL;

7633 7634 7635
	err = nl80211_parse_chandef(rdev, info, &chandef);
	if (err)
		return err;
7636 7637

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7638 7639
	if (!msg)
		return -ENOMEM;
7640

7641
	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7642
			     NL80211_CMD_REMAIN_ON_CHANNEL);
7643 7644
	if (!hdr) {
		err = -ENOBUFS;
7645 7646 7647
		goto free_msg;
	}

7648 7649
	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
				     duration, &cookie);
7650 7651 7652 7653

	if (err)
		goto free_msg;

7654 7655
	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
		goto nla_put_failure;
7656 7657

	genlmsg_end(msg, hdr);
7658 7659

	return genlmsg_reply(msg, info);
7660 7661 7662 7663 7664 7665 7666 7667 7668 7669 7670

 nla_put_failure:
	err = -ENOBUFS;
 free_msg:
	nlmsg_free(msg);
	return err;
}

static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
					    struct genl_info *info)
{
7671
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7672
	struct wireless_dev *wdev = info->user_ptr[1];
7673 7674 7675 7676 7677
	u64 cookie;

	if (!info->attrs[NL80211_ATTR_COOKIE])
		return -EINVAL;

7678 7679
	if (!rdev->ops->cancel_remain_on_channel)
		return -EOPNOTSUPP;
7680 7681 7682

	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);

7683
	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7684 7685
}

7686 7687 7688 7689 7690 7691 7692 7693 7694 7695 7696 7697 7698 7699 7700 7701 7702 7703 7704 7705 7706 7707 7708 7709
static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
			   u8 *rates, u8 rates_len)
{
	u8 i;
	u32 mask = 0;

	for (i = 0; i < rates_len; i++) {
		int rate = (rates[i] & 0x7f) * 5;
		int ridx;
		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
			struct ieee80211_rate *srate =
				&sband->bitrates[ridx];
			if (rate == srate->bitrate) {
				mask |= 1 << ridx;
				break;
			}
		}
		if (ridx == sband->n_bitrates)
			return 0; /* rate not found */
	}

	return mask;
}

7710 7711 7712 7713 7714 7715 7716 7717 7718 7719 7720 7721 7722 7723 7724
static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
			       u8 *rates, u8 rates_len,
			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
{
	u8 i;

	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);

	for (i = 0; i < rates_len; i++) {
		int ridx, rbit;

		ridx = rates[i] / 8;
		rbit = BIT(rates[i] % 8);

		/* check validity */
7725
		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7726 7727 7728 7729 7730 7731 7732 7733 7734 7735 7736 7737
			return false;

		/* check availability */
		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
			mcs[ridx] |= rbit;
		else
			return false;
	}

	return true;
}

7738 7739 7740 7741 7742 7743 7744 7745 7746 7747 7748 7749 7750 7751 7752 7753 7754 7755 7756 7757 7758 7759 7760 7761 7762 7763 7764 7765 7766 7767 7768 7769 7770 7771 7772 7773 7774 7775 7776 7777 7778 7779 7780 7781 7782 7783 7784 7785 7786 7787 7788 7789 7790 7791 7792 7793 7794 7795 7796 7797
static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
{
	u16 mcs_mask = 0;

	switch (vht_mcs_map) {
	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
		break;
	case IEEE80211_VHT_MCS_SUPPORT_0_7:
		mcs_mask = 0x00FF;
		break;
	case IEEE80211_VHT_MCS_SUPPORT_0_8:
		mcs_mask = 0x01FF;
		break;
	case IEEE80211_VHT_MCS_SUPPORT_0_9:
		mcs_mask = 0x03FF;
		break;
	default:
		break;
	}

	return mcs_mask;
}

static void vht_build_mcs_mask(u16 vht_mcs_map,
			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
{
	u8 nss;

	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
		vht_mcs_map >>= 2;
	}
}

static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
			     struct nl80211_txrate_vht *txrate,
			     u16 mcs[NL80211_VHT_NSS_MAX])
{
	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
	u8 i;

	if (!sband->vht_cap.vht_supported)
		return false;

	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);

	/* Build vht_mcs_mask from VHT capabilities */
	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);

	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
			mcs[i] = txrate->mcs[i];
		else
			return false;
	}

	return true;
}

A
Alexey Dobriyan 已提交
7798
static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7799 7800
	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
				    .len = NL80211_MAX_SUPP_RATES },
7801 7802
	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
				.len = NL80211_MAX_SUPP_HT_RATES },
7803
	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
7804
	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
7805 7806 7807 7808 7809 7810
};

static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
				       struct genl_info *info)
{
	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7811
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7812
	struct cfg80211_bitrate_mask mask;
7813 7814
	int rem, i;
	struct net_device *dev = info->user_ptr[1];
7815 7816
	struct nlattr *tx_rates;
	struct ieee80211_supported_band *sband;
7817
	u16 vht_tx_mcs_map;
7818

7819 7820
	if (!rdev->ops->set_bitrate_mask)
		return -EOPNOTSUPP;
7821 7822 7823 7824 7825

	memset(&mask, 0, sizeof(mask));
	/* Default to all rates enabled */
	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
		sband = rdev->wiphy.bands[i];
7826 7827 7828 7829 7830

		if (!sband)
			continue;

		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
7831
		memcpy(mask.control[i].ht_mcs,
7832
		       sband->ht_cap.mcs.rx_mask,
7833
		       sizeof(mask.control[i].ht_mcs));
7834 7835 7836 7837 7838 7839

		if (!sband->vht_cap.vht_supported)
			continue;

		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
7840 7841
	}

7842 7843 7844 7845
	/* if no rates are given set it back to the defaults */
	if (!info->attrs[NL80211_ATTR_TX_RATES])
		goto out;

7846 7847 7848 7849
	/*
	 * The nested attribute uses enum nl80211_band as the index. This maps
	 * directly to the enum ieee80211_band values used in cfg80211.
	 */
7850
	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7851
	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
7852
		enum ieee80211_band band = nla_type(tx_rates);
7853 7854
		int err;

7855 7856
		if (band < 0 || band >= IEEE80211_NUM_BANDS)
			return -EINVAL;
7857
		sband = rdev->wiphy.bands[band];
7858 7859
		if (sband == NULL)
			return -EINVAL;
7860 7861 7862 7863
		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
				nla_len(tx_rates), nl80211_txattr_policy);
		if (err)
			return err;
7864 7865 7866 7867 7868
		if (tb[NL80211_TXRATE_LEGACY]) {
			mask.control[band].legacy = rateset_to_mask(
				sband,
				nla_data(tb[NL80211_TXRATE_LEGACY]),
				nla_len(tb[NL80211_TXRATE_LEGACY]));
7869 7870 7871
			if ((mask.control[band].legacy == 0) &&
			    nla_len(tb[NL80211_TXRATE_LEGACY]))
				return -EINVAL;
7872
		}
7873
		if (tb[NL80211_TXRATE_HT]) {
7874 7875
			if (!ht_rateset_to_mask(
					sband,
7876 7877 7878
					nla_data(tb[NL80211_TXRATE_HT]),
					nla_len(tb[NL80211_TXRATE_HT]),
					mask.control[band].ht_mcs))
7879 7880
				return -EINVAL;
		}
7881 7882 7883 7884 7885 7886 7887
		if (tb[NL80211_TXRATE_VHT]) {
			if (!vht_set_mcs_mask(
					sband,
					nla_data(tb[NL80211_TXRATE_VHT]),
					mask.control[band].vht_mcs))
				return -EINVAL;
		}
7888 7889 7890 7891 7892 7893
		if (tb[NL80211_TXRATE_GI]) {
			mask.control[band].gi =
				nla_get_u8(tb[NL80211_TXRATE_GI]);
			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
				return -EINVAL;
		}
7894 7895

		if (mask.control[band].legacy == 0) {
7896 7897 7898 7899 7900
			/* don't allow empty legacy rates if HT or VHT
			 * are not even supported.
			 */
			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
7901 7902 7903
				return -EINVAL;

			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7904
				if (mask.control[band].ht_mcs[i])
7905 7906 7907 7908 7909
					goto out;

			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
				if (mask.control[band].vht_mcs[i])
					goto out;
7910 7911

			/* legacy and mcs rates may not be both empty */
7912
			return -EINVAL;
7913 7914 7915
		}
	}

7916
out:
7917
	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7918 7919
}

7920
static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7921
{
7922
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7923
	struct wireless_dev *wdev = info->user_ptr[1];
7924
	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7925 7926 7927 7928

	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
		return -EINVAL;

7929 7930
	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7931

7932 7933 7934 7935 7936 7937 7938 7939
	switch (wdev->iftype) {
	case NL80211_IFTYPE_STATION:
	case NL80211_IFTYPE_ADHOC:
	case NL80211_IFTYPE_P2P_CLIENT:
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
	case NL80211_IFTYPE_MESH_POINT:
	case NL80211_IFTYPE_P2P_GO:
7940
	case NL80211_IFTYPE_P2P_DEVICE:
7941 7942
		break;
	default:
7943
		return -EOPNOTSUPP;
7944
	}
7945 7946

	/* not much point in registering if we can't reply */
7947 7948
	if (!rdev->ops->mgmt_tx)
		return -EOPNOTSUPP;
7949

7950
	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7951 7952 7953 7954
			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
}

7955
static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7956
{
7957
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7958
	struct wireless_dev *wdev = info->user_ptr[1];
7959
	struct cfg80211_chan_def chandef;
7960
	int err;
J
Johannes Berg 已提交
7961
	void *hdr = NULL;
7962
	u64 cookie;
7963
	struct sk_buff *msg = NULL;
7964 7965 7966 7967
	struct cfg80211_mgmt_tx_params params = {
		.dont_wait_for_ack =
			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
	};
7968

7969
	if (!info->attrs[NL80211_ATTR_FRAME])
7970 7971
		return -EINVAL;

7972 7973
	if (!rdev->ops->mgmt_tx)
		return -EOPNOTSUPP;
7974

7975
	switch (wdev->iftype) {
7976 7977 7978
	case NL80211_IFTYPE_P2P_DEVICE:
		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
			return -EINVAL;
7979 7980 7981 7982 7983 7984 7985 7986 7987
	case NL80211_IFTYPE_STATION:
	case NL80211_IFTYPE_ADHOC:
	case NL80211_IFTYPE_P2P_CLIENT:
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
	case NL80211_IFTYPE_MESH_POINT:
	case NL80211_IFTYPE_P2P_GO:
		break;
	default:
7988
		return -EOPNOTSUPP;
7989
	}
7990

7991
	if (info->attrs[NL80211_ATTR_DURATION]) {
7992
		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7993
			return -EINVAL;
7994
		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7995 7996 7997 7998 7999

		/*
		 * We should wait on the channel for at least a minimum amount
		 * of time (10ms) but no longer than the driver supports.
		 */
8000 8001
		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
8002 8003
			return -EINVAL;

8004 8005
	}

8006
	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
8007

8008
	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8009 8010
		return -EINVAL;

8011
	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8012

8013 8014 8015 8016 8017 8018 8019 8020 8021 8022
	/* get the channel if any has been specified, otherwise pass NULL to
	 * the driver. The latter will use the current one
	 */
	chandef.chan = NULL;
	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
		err = nl80211_parse_chandef(rdev, info, &chandef);
		if (err)
			return err;
	}

8023
	if (!chandef.chan && params.offchan)
8024
		return -EINVAL;
8025

8026 8027 8028 8029 8030 8031 8032 8033 8034 8035 8036 8037 8038 8039 8040 8041 8042 8043 8044 8045 8046
	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);

	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
		int i;

		if (len % sizeof(u16))
			return -EINVAL;

		params.n_csa_offsets = len / sizeof(u16);
		params.csa_offsets =
			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);

		/* check that all the offsets fit the frame */
		for (i = 0; i < params.n_csa_offsets; i++) {
			if (params.csa_offsets[i] >= params.len)
				return -EINVAL;
		}
	}

8047
	if (!params.dont_wait_for_ack) {
8048 8049 8050
		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
		if (!msg)
			return -ENOMEM;
8051

8052
		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8053
				     NL80211_CMD_FRAME);
8054 8055
		if (!hdr) {
			err = -ENOBUFS;
8056 8057
			goto free_msg;
		}
8058
	}
8059

8060 8061
	params.chan = chandef.chan;
	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
8062 8063 8064
	if (err)
		goto free_msg;

8065
	if (msg) {
8066 8067
		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
			goto nla_put_failure;
8068

8069 8070 8071 8072 8073
		genlmsg_end(msg, hdr);
		return genlmsg_reply(msg, info);
	}

	return 0;
8074 8075 8076 8077 8078 8079 8080 8081

 nla_put_failure:
	err = -ENOBUFS;
 free_msg:
	nlmsg_free(msg);
	return err;
}

8082 8083 8084
static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8085
	struct wireless_dev *wdev = info->user_ptr[1];
8086 8087 8088 8089 8090 8091 8092 8093
	u64 cookie;

	if (!info->attrs[NL80211_ATTR_COOKIE])
		return -EINVAL;

	if (!rdev->ops->mgmt_tx_cancel_wait)
		return -EOPNOTSUPP;

8094 8095 8096 8097 8098 8099 8100
	switch (wdev->iftype) {
	case NL80211_IFTYPE_STATION:
	case NL80211_IFTYPE_ADHOC:
	case NL80211_IFTYPE_P2P_CLIENT:
	case NL80211_IFTYPE_AP:
	case NL80211_IFTYPE_AP_VLAN:
	case NL80211_IFTYPE_P2P_GO:
8101
	case NL80211_IFTYPE_P2P_DEVICE:
8102 8103
		break;
	default:
8104
		return -EOPNOTSUPP;
8105
	}
8106 8107 8108

	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);

8109
	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
8110 8111
}

K
Kalle Valo 已提交
8112 8113
static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
{
8114
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
K
Kalle Valo 已提交
8115
	struct wireless_dev *wdev;
8116
	struct net_device *dev = info->user_ptr[1];
K
Kalle Valo 已提交
8117 8118 8119 8120
	u8 ps_state;
	bool state;
	int err;

8121 8122
	if (!info->attrs[NL80211_ATTR_PS_STATE])
		return -EINVAL;
K
Kalle Valo 已提交
8123 8124 8125

	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);

8126 8127
	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
		return -EINVAL;
K
Kalle Valo 已提交
8128 8129 8130

	wdev = dev->ieee80211_ptr;

8131 8132
	if (!rdev->ops->set_power_mgmt)
		return -EOPNOTSUPP;
K
Kalle Valo 已提交
8133 8134 8135 8136

	state = (ps_state == NL80211_PS_ENABLED) ? true : false;

	if (state == wdev->ps)
8137
		return 0;
K
Kalle Valo 已提交
8138

8139
	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
8140 8141
	if (!err)
		wdev->ps = state;
K
Kalle Valo 已提交
8142 8143 8144 8145 8146
	return err;
}

static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
{
8147
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
K
Kalle Valo 已提交
8148 8149
	enum nl80211_ps_state ps_state;
	struct wireless_dev *wdev;
8150
	struct net_device *dev = info->user_ptr[1];
K
Kalle Valo 已提交
8151 8152 8153 8154 8155 8156
	struct sk_buff *msg;
	void *hdr;
	int err;

	wdev = dev->ieee80211_ptr;

8157 8158
	if (!rdev->ops->set_power_mgmt)
		return -EOPNOTSUPP;
K
Kalle Valo 已提交
8159 8160

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8161 8162
	if (!msg)
		return -ENOMEM;
K
Kalle Valo 已提交
8163

8164
	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
K
Kalle Valo 已提交
8165 8166
			     NL80211_CMD_GET_POWER_SAVE);
	if (!hdr) {
8167
		err = -ENOBUFS;
K
Kalle Valo 已提交
8168 8169 8170 8171 8172 8173 8174 8175
		goto free_msg;
	}

	if (wdev->ps)
		ps_state = NL80211_PS_ENABLED;
	else
		ps_state = NL80211_PS_DISABLED;

8176 8177
	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
		goto nla_put_failure;
K
Kalle Valo 已提交
8178 8179

	genlmsg_end(msg, hdr);
8180
	return genlmsg_reply(msg, info);
K
Kalle Valo 已提交
8181

8182
 nla_put_failure:
K
Kalle Valo 已提交
8183
	err = -ENOBUFS;
8184
 free_msg:
K
Kalle Valo 已提交
8185 8186 8187 8188
	nlmsg_free(msg);
	return err;
}

8189 8190
static const struct nla_policy
nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8191 8192 8193
	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8194 8195 8196
	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8197 8198
};

8199
static int nl80211_set_cqm_txe(struct genl_info *info,
J
Johannes Berg 已提交
8200
			       u32 rate, u32 pkts, u32 intvl)
8201 8202 8203
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
8204
	struct wireless_dev *wdev = dev->ieee80211_ptr;
8205

J
Johannes Berg 已提交
8206
	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8207 8208 8209 8210 8211 8212 8213 8214 8215
		return -EINVAL;

	if (!rdev->ops->set_cqm_txe_config)
		return -EOPNOTSUPP;

	if (wdev->iftype != NL80211_IFTYPE_STATION &&
	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;

8216
	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8217 8218
}

8219 8220 8221
static int nl80211_set_cqm_rssi(struct genl_info *info,
				s32 threshold, u32 hysteresis)
{
8222 8223
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
8224
	struct wireless_dev *wdev = dev->ieee80211_ptr;
8225 8226 8227 8228

	if (threshold > 0)
		return -EINVAL;

8229 8230 8231
	/* disabling - hysteresis should also be zero then */
	if (threshold == 0)
		hysteresis = 0;
8232

8233 8234
	if (!rdev->ops->set_cqm_rssi_config)
		return -EOPNOTSUPP;
8235

8236
	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8237 8238
	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
		return -EOPNOTSUPP;
8239

8240
	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8241 8242 8243 8244 8245 8246 8247 8248 8249
}

static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
{
	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
	struct nlattr *cqm;
	int err;

	cqm = info->attrs[NL80211_ATTR_CQM];
8250 8251
	if (!cqm)
		return -EINVAL;
8252 8253 8254 8255

	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
			       nl80211_attr_cqm_policy);
	if (err)
8256
		return err;
8257 8258 8259

	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8260 8261
		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8262

8263 8264 8265 8266 8267 8268 8269 8270 8271 8272 8273 8274 8275 8276
		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
	}

	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);

		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
	}

	return -EINVAL;
8277 8278
}

8279 8280 8281 8282 8283 8284 8285 8286 8287 8288 8289 8290 8291 8292 8293 8294 8295 8296 8297 8298 8299 8300
static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct ocb_setup setup = {};
	int err;

	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
	if (err)
		return err;

	return cfg80211_join_ocb(rdev, dev, &setup);
}

static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];

	return cfg80211_leave_ocb(rdev, dev);
}

8301 8302 8303 8304 8305
static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct mesh_config cfg;
8306
	struct mesh_setup setup;
8307 8308 8309 8310
	int err;

	/* start with default */
	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8311
	memcpy(&setup, &default_mesh_setup, sizeof(setup));
8312

8313
	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8314
		/* and parse parameters if given */
8315
		err = nl80211_parse_mesh_config(info, &cfg, NULL);
8316 8317 8318 8319 8320 8321 8322 8323
		if (err)
			return err;
	}

	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
		return -EINVAL;

8324 8325 8326
	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);

8327 8328 8329 8330 8331
	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
			return -EINVAL;

8332 8333 8334 8335 8336 8337 8338 8339 8340 8341 8342 8343 8344 8345 8346
	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
		setup.beacon_interval =
			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
		if (setup.beacon_interval < 10 ||
		    setup.beacon_interval > 10000)
			return -EINVAL;
	}

	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
		setup.dtim_period =
			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
		if (setup.dtim_period < 1 || setup.dtim_period > 100)
			return -EINVAL;
	}

8347 8348 8349 8350 8351 8352 8353
	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
		/* parse additional setup parameters if given */
		err = nl80211_parse_mesh_setup(info, &setup);
		if (err)
			return err;
	}

8354 8355 8356
	if (setup.user_mpm)
		cfg.auto_open_plinks = false;

8357
	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8358 8359 8360
		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
		if (err)
			return err;
8361 8362
	} else {
		/* cfg80211_join_mesh() will sort it out */
8363
		setup.chandef.chan = NULL;
8364 8365
	}

8366 8367 8368 8369 8370 8371 8372 8373 8374 8375 8376 8377 8378 8379 8380 8381 8382
	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
		int n_rates =
			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
		struct ieee80211_supported_band *sband;

		if (!setup.chandef.chan)
			return -EINVAL;

		sband = rdev->wiphy.bands[setup.chandef.chan->band];

		err = ieee80211_get_ratemask(sband, rates, n_rates,
					     &setup.basic_rates);
		if (err)
			return err;
	}

8383
	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8384 8385 8386 8387 8388 8389 8390 8391 8392 8393
}

static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];

	return cfg80211_leave_mesh(rdev, dev);
}

8394
#ifdef CONFIG_PM
8395 8396 8397
static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
					struct cfg80211_registered_device *rdev)
{
8398
	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8399 8400 8401
	struct nlattr *nl_pats, *nl_pat;
	int i, pat_len;

8402
	if (!wowlan->n_patterns)
8403 8404 8405 8406 8407 8408
		return 0;

	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
	if (!nl_pats)
		return -ENOBUFS;

8409
	for (i = 0; i < wowlan->n_patterns; i++) {
8410 8411 8412
		nl_pat = nla_nest_start(msg, i + 1);
		if (!nl_pat)
			return -ENOBUFS;
8413
		pat_len = wowlan->patterns[i].pattern_len;
8414
		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8415
			    wowlan->patterns[i].mask) ||
8416 8417 8418
		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
			    wowlan->patterns[i].pattern) ||
		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8419
				wowlan->patterns[i].pkt_offset))
8420 8421 8422 8423 8424 8425 8426 8427
			return -ENOBUFS;
		nla_nest_end(msg, nl_pat);
	}
	nla_nest_end(msg, nl_pats);

	return 0;
}

8428 8429 8430 8431 8432 8433 8434 8435 8436 8437 8438 8439 8440 8441 8442 8443 8444 8445 8446 8447 8448 8449 8450 8451 8452 8453 8454 8455 8456 8457 8458 8459 8460 8461 8462 8463 8464 8465
static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
				   struct cfg80211_wowlan_tcp *tcp)
{
	struct nlattr *nl_tcp;

	if (!tcp)
		return 0;

	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
	if (!nl_tcp)
		return -ENOBUFS;

	if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
	    nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
		    tcp->payload_len, tcp->payload) ||
	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
			tcp->data_interval) ||
	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
		    tcp->wake_len, tcp->wake_data) ||
	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
		return -ENOBUFS;

	if (tcp->payload_seq.len &&
	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
		    sizeof(tcp->payload_seq), &tcp->payload_seq))
		return -ENOBUFS;

	if (tcp->payload_tok.len &&
	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
		    sizeof(tcp->payload_tok) + tcp->tokens_size,
		    &tcp->payload_tok))
		return -ENOBUFS;

8466 8467
	nla_nest_end(msg, nl_tcp);

8468 8469 8470
	return 0;
}

J
Johannes Berg 已提交
8471 8472 8473 8474 8475
static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct sk_buff *msg;
	void *hdr;
8476
	u32 size = NLMSG_DEFAULT_SIZE;
J
Johannes Berg 已提交
8477

8478
	if (!rdev->wiphy.wowlan)
J
Johannes Berg 已提交
8479 8480
		return -EOPNOTSUPP;

8481
	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8482
		/* adjust size to have room for all the data */
8483 8484 8485 8486
		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
			rdev->wiphy.wowlan_config->tcp->payload_len +
			rdev->wiphy.wowlan_config->tcp->wake_len +
			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8487 8488 8489
	}

	msg = nlmsg_new(size, GFP_KERNEL);
J
Johannes Berg 已提交
8490 8491 8492
	if (!msg)
		return -ENOMEM;

8493
	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
J
Johannes Berg 已提交
8494 8495 8496 8497
			     NL80211_CMD_GET_WOWLAN);
	if (!hdr)
		goto nla_put_failure;

8498
	if (rdev->wiphy.wowlan_config) {
J
Johannes Berg 已提交
8499 8500 8501 8502 8503 8504
		struct nlattr *nl_wowlan;

		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
		if (!nl_wowlan)
			goto nla_put_failure;

8505
		if ((rdev->wiphy.wowlan_config->any &&
8506
		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8507
		    (rdev->wiphy.wowlan_config->disconnect &&
8508
		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8509
		    (rdev->wiphy.wowlan_config->magic_pkt &&
8510
		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8511
		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8512
		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8513
		    (rdev->wiphy.wowlan_config->eap_identity_req &&
8514
		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8515
		    (rdev->wiphy.wowlan_config->four_way_handshake &&
8516
		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8517
		    (rdev->wiphy.wowlan_config->rfkill_release &&
8518 8519
		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
			goto nla_put_failure;
8520

8521 8522
		if (nl80211_send_wowlan_patterns(msg, rdev))
			goto nla_put_failure;
8523

8524 8525
		if (nl80211_send_wowlan_tcp(msg,
					    rdev->wiphy.wowlan_config->tcp))
8526 8527
			goto nla_put_failure;

J
Johannes Berg 已提交
8528 8529 8530 8531 8532 8533 8534 8535 8536 8537 8538
		nla_nest_end(msg, nl_wowlan);
	}

	genlmsg_end(msg, hdr);
	return genlmsg_reply(msg, info);

nla_put_failure:
	nlmsg_free(msg);
	return -ENOBUFS;
}

8539 8540 8541 8542 8543 8544 8545 8546 8547 8548 8549 8550
static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
				    struct nlattr *attr,
				    struct cfg80211_wowlan *trig)
{
	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
	struct cfg80211_wowlan_tcp *cfg;
	struct nl80211_wowlan_tcp_data_token *tok = NULL;
	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
	u32 size;
	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
	int err, port;

8551
	if (!rdev->wiphy.wowlan->tcp)
8552 8553 8554 8555 8556 8557 8558 8559 8560 8561 8562 8563 8564 8565 8566 8567 8568 8569 8570
		return -EINVAL;

	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
			nla_data(attr), nla_len(attr),
			nl80211_wowlan_tcp_policy);
	if (err)
		return err;

	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
		return -EINVAL;

	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8571
	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8572 8573 8574
		return -EINVAL;

	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8575
			rdev->wiphy.wowlan->tcp->data_interval_max ||
8576
	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8577 8578 8579
		return -EINVAL;

	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8580
	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8581 8582 8583 8584 8585 8586 8587 8588 8589 8590 8591 8592 8593 8594
		return -EINVAL;

	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
		return -EINVAL;

	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);

		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
		tokens_size = tokln - sizeof(*tok);

		if (!tok->len || tokens_size % tok->len)
			return -EINVAL;
8595
		if (!rdev->wiphy.wowlan->tcp->tok)
8596
			return -EINVAL;
8597
		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8598
			return -EINVAL;
8599
		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8600
			return -EINVAL;
8601
		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8602 8603 8604 8605 8606 8607 8608
			return -EINVAL;
		if (tok->offset + tok->len > data_size)
			return -EINVAL;
	}

	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8609
		if (!rdev->wiphy.wowlan->tcp->seq)
8610 8611 8612 8613 8614 8615 8616 8617 8618 8619 8620 8621 8622 8623 8624 8625 8626 8627 8628 8629 8630 8631 8632 8633 8634 8635 8636 8637 8638 8639 8640 8641 8642 8643 8644 8645 8646 8647 8648 8649 8650 8651 8652 8653 8654 8655 8656 8657 8658 8659 8660 8661 8662 8663 8664 8665 8666 8667 8668 8669 8670 8671 8672 8673 8674 8675 8676 8677 8678 8679 8680 8681 8682 8683
			return -EINVAL;
		if (seq->len == 0 || seq->len > 4)
			return -EINVAL;
		if (seq->len + seq->offset > data_size)
			return -EINVAL;
	}

	size = sizeof(*cfg);
	size += data_size;
	size += wake_size + wake_mask_size;
	size += tokens_size;

	cfg = kzalloc(size, GFP_KERNEL);
	if (!cfg)
		return -ENOMEM;
	cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
	cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
	       ETH_ALEN);
	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
	else
		port = 0;
#ifdef CONFIG_INET
	/* allocate a socket and port for it and use it */
	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
			    IPPROTO_TCP, &cfg->sock, 1);
	if (err) {
		kfree(cfg);
		return err;
	}
	if (inet_csk_get_port(cfg->sock->sk, port)) {
		sock_release(cfg->sock);
		kfree(cfg);
		return -EADDRINUSE;
	}
	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
#else
	if (!port) {
		kfree(cfg);
		return -EINVAL;
	}
	cfg->src_port = port;
#endif

	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
	cfg->payload_len = data_size;
	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
	memcpy((void *)cfg->payload,
	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
	       data_size);
	if (seq)
		cfg->payload_seq = *seq;
	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
	cfg->wake_len = wake_size;
	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
	memcpy((void *)cfg->wake_data,
	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
	       wake_size);
	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
			 data_size + wake_size;
	memcpy((void *)cfg->wake_mask,
	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
	       wake_mask_size);
	if (tok) {
		cfg->tokens_size = tokens_size;
		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
	}

	trig->tcp = cfg;

	return 0;
}

J
Johannes Berg 已提交
8684 8685 8686 8687 8688
static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
	struct cfg80211_wowlan new_triggers = {};
8689
	struct cfg80211_wowlan *ntrig;
8690
	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
J
Johannes Berg 已提交
8691
	int err, i;
8692
	bool prev_enabled = rdev->wiphy.wowlan_config;
J
Johannes Berg 已提交
8693

8694
	if (!wowlan)
J
Johannes Berg 已提交
8695 8696
		return -EOPNOTSUPP;

8697 8698
	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
		cfg80211_rdev_free_wowlan(rdev);
8699
		rdev->wiphy.wowlan_config = NULL;
8700 8701
		goto set_wakeup;
	}
J
Johannes Berg 已提交
8702 8703 8704 8705 8706 8707 8708 8709 8710 8711 8712 8713 8714 8715 8716 8717 8718 8719 8720 8721 8722 8723 8724 8725 8726 8727

	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
			nl80211_wowlan_policy);
	if (err)
		return err;

	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
			return -EINVAL;
		new_triggers.any = true;
	}

	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
			return -EINVAL;
		new_triggers.disconnect = true;
	}

	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
			return -EINVAL;
		new_triggers.magic_pkt = true;
	}

8728 8729 8730 8731 8732 8733 8734 8735 8736 8737 8738 8739 8740 8741 8742 8743 8744 8745 8746 8747 8748 8749 8750 8751 8752 8753 8754
	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
		return -EINVAL;

	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
			return -EINVAL;
		new_triggers.gtk_rekey_failure = true;
	}

	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
			return -EINVAL;
		new_triggers.eap_identity_req = true;
	}

	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
			return -EINVAL;
		new_triggers.four_way_handshake = true;
	}

	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
			return -EINVAL;
		new_triggers.rfkill_release = true;
	}

J
Johannes Berg 已提交
8755 8756 8757
	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
		struct nlattr *pat;
		int n_patterns = 0;
8758
		int rem, pat_len, mask_len, pkt_offset;
8759
		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
J
Johannes Berg 已提交
8760 8761 8762 8763 8764 8765 8766 8767 8768 8769 8770 8771 8772 8773 8774 8775 8776 8777

		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
				    rem)
			n_patterns++;
		if (n_patterns > wowlan->n_patterns)
			return -EINVAL;

		new_triggers.patterns = kcalloc(n_patterns,
						sizeof(new_triggers.patterns[0]),
						GFP_KERNEL);
		if (!new_triggers.patterns)
			return -ENOMEM;

		new_triggers.n_patterns = n_patterns;
		i = 0;

		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
				    rem) {
8778 8779
			u8 *mask_pat;

8780 8781
			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
				  nla_len(pat), NULL);
J
Johannes Berg 已提交
8782
			err = -EINVAL;
8783 8784
			if (!pat_tb[NL80211_PKTPAT_MASK] ||
			    !pat_tb[NL80211_PKTPAT_PATTERN])
J
Johannes Berg 已提交
8785
				goto error;
8786
			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
J
Johannes Berg 已提交
8787
			mask_len = DIV_ROUND_UP(pat_len, 8);
8788
			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
J
Johannes Berg 已提交
8789 8790 8791 8792 8793
				goto error;
			if (pat_len > wowlan->pattern_max_len ||
			    pat_len < wowlan->pattern_min_len)
				goto error;

8794
			if (!pat_tb[NL80211_PKTPAT_OFFSET])
8795 8796 8797
				pkt_offset = 0;
			else
				pkt_offset = nla_get_u32(
8798
					pat_tb[NL80211_PKTPAT_OFFSET]);
8799 8800 8801 8802
			if (pkt_offset > wowlan->max_pkt_offset)
				goto error;
			new_triggers.patterns[i].pkt_offset = pkt_offset;

8803 8804
			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
			if (!mask_pat) {
J
Johannes Berg 已提交
8805 8806 8807
				err = -ENOMEM;
				goto error;
			}
8808 8809
			new_triggers.patterns[i].mask = mask_pat;
			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
J
Johannes Berg 已提交
8810
			       mask_len);
8811 8812
			mask_pat += mask_len;
			new_triggers.patterns[i].pattern = mask_pat;
J
Johannes Berg 已提交
8813
			new_triggers.patterns[i].pattern_len = pat_len;
8814
			memcpy(mask_pat,
8815
			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
J
Johannes Berg 已提交
8816 8817 8818 8819 8820
			       pat_len);
			i++;
		}
	}

8821 8822 8823 8824 8825 8826 8827 8828
	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
		err = nl80211_parse_wowlan_tcp(
			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
			&new_triggers);
		if (err)
			goto error;
	}

8829 8830 8831 8832
	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
	if (!ntrig) {
		err = -ENOMEM;
		goto error;
J
Johannes Berg 已提交
8833
	}
8834
	cfg80211_rdev_free_wowlan(rdev);
8835
	rdev->wiphy.wowlan_config = ntrig;
J
Johannes Berg 已提交
8836

8837
 set_wakeup:
8838 8839 8840
	if (rdev->ops->set_wakeup &&
	    prev_enabled != !!rdev->wiphy.wowlan_config)
		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8841

J
Johannes Berg 已提交
8842 8843 8844 8845 8846
	return 0;
 error:
	for (i = 0; i < new_triggers.n_patterns; i++)
		kfree(new_triggers.patterns[i].mask);
	kfree(new_triggers.patterns);
8847 8848 8849
	if (new_triggers.tcp && new_triggers.tcp->sock)
		sock_release(new_triggers.tcp->sock);
	kfree(new_triggers.tcp);
J
Johannes Berg 已提交
8850 8851
	return err;
}
8852
#endif
J
Johannes Berg 已提交
8853

8854 8855 8856 8857 8858 8859 8860 8861 8862 8863 8864 8865 8866 8867 8868 8869 8870 8871 8872 8873 8874 8875 8876 8877 8878 8879 8880 8881 8882 8883 8884 8885 8886 8887 8888 8889 8890 8891 8892 8893 8894 8895 8896 8897 8898 8899 8900 8901 8902 8903 8904 8905 8906 8907 8908 8909 8910 8911 8912 8913 8914 8915 8916 8917 8918 8919 8920 8921 8922 8923 8924 8925 8926 8927 8928 8929 8930 8931 8932 8933 8934 8935 8936 8937 8938 8939 8940 8941 8942 8943 8944 8945 8946 8947 8948 8949 8950 8951 8952 8953 8954 8955 8956 8957 8958 8959 8960 8961 8962 8963 8964 8965 8966 8967 8968 8969 8970 8971 8972 8973 8974 8975 8976 8977 8978 8979 8980 8981 8982 8983 8984 8985 8986 8987 8988 8989 8990 8991 8992 8993 8994 8995 8996 8997 8998 8999 9000 9001 9002 9003 9004 9005
static int nl80211_send_coalesce_rules(struct sk_buff *msg,
				       struct cfg80211_registered_device *rdev)
{
	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
	int i, j, pat_len;
	struct cfg80211_coalesce_rules *rule;

	if (!rdev->coalesce->n_rules)
		return 0;

	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
	if (!nl_rules)
		return -ENOBUFS;

	for (i = 0; i < rdev->coalesce->n_rules; i++) {
		nl_rule = nla_nest_start(msg, i + 1);
		if (!nl_rule)
			return -ENOBUFS;

		rule = &rdev->coalesce->rules[i];
		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
				rule->delay))
			return -ENOBUFS;

		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
				rule->condition))
			return -ENOBUFS;

		nl_pats = nla_nest_start(msg,
				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
		if (!nl_pats)
			return -ENOBUFS;

		for (j = 0; j < rule->n_patterns; j++) {
			nl_pat = nla_nest_start(msg, j + 1);
			if (!nl_pat)
				return -ENOBUFS;
			pat_len = rule->patterns[j].pattern_len;
			if (nla_put(msg, NL80211_PKTPAT_MASK,
				    DIV_ROUND_UP(pat_len, 8),
				    rule->patterns[j].mask) ||
			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
				    rule->patterns[j].pattern) ||
			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
					rule->patterns[j].pkt_offset))
				return -ENOBUFS;
			nla_nest_end(msg, nl_pat);
		}
		nla_nest_end(msg, nl_pats);
		nla_nest_end(msg, nl_rule);
	}
	nla_nest_end(msg, nl_rules);

	return 0;
}

static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct sk_buff *msg;
	void *hdr;

	if (!rdev->wiphy.coalesce)
		return -EOPNOTSUPP;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return -ENOMEM;

	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
			     NL80211_CMD_GET_COALESCE);
	if (!hdr)
		goto nla_put_failure;

	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
		goto nla_put_failure;

	genlmsg_end(msg, hdr);
	return genlmsg_reply(msg, info);

nla_put_failure:
	nlmsg_free(msg);
	return -ENOBUFS;
}

void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
{
	struct cfg80211_coalesce *coalesce = rdev->coalesce;
	int i, j;
	struct cfg80211_coalesce_rules *rule;

	if (!coalesce)
		return;

	for (i = 0; i < coalesce->n_rules; i++) {
		rule = &coalesce->rules[i];
		for (j = 0; j < rule->n_patterns; j++)
			kfree(rule->patterns[j].mask);
		kfree(rule->patterns);
	}
	kfree(coalesce->rules);
	kfree(coalesce);
	rdev->coalesce = NULL;
}

static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
				       struct nlattr *rule,
				       struct cfg80211_coalesce_rules *new_rule)
{
	int err, i;
	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];

	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
			nla_len(rule), nl80211_coalesce_policy);
	if (err)
		return err;

	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
		new_rule->delay =
			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
	if (new_rule->delay > coalesce->max_delay)
		return -EINVAL;

	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
		new_rule->condition =
			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
		return -EINVAL;

	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
		return -EINVAL;

	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
			    rem)
		n_patterns++;
	if (n_patterns > coalesce->n_patterns)
		return -EINVAL;

	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
				     GFP_KERNEL);
	if (!new_rule->patterns)
		return -ENOMEM;

	new_rule->n_patterns = n_patterns;
	i = 0;

	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
			    rem) {
9006 9007
		u8 *mask_pat;

9008 9009 9010 9011 9012 9013 9014 9015 9016 9017 9018 9019 9020 9021 9022 9023 9024 9025 9026 9027 9028
		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
			  nla_len(pat), NULL);
		if (!pat_tb[NL80211_PKTPAT_MASK] ||
		    !pat_tb[NL80211_PKTPAT_PATTERN])
			return -EINVAL;
		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
		mask_len = DIV_ROUND_UP(pat_len, 8);
		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
			return -EINVAL;
		if (pat_len > coalesce->pattern_max_len ||
		    pat_len < coalesce->pattern_min_len)
			return -EINVAL;

		if (!pat_tb[NL80211_PKTPAT_OFFSET])
			pkt_offset = 0;
		else
			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
		if (pkt_offset > coalesce->max_pkt_offset)
			return -EINVAL;
		new_rule->patterns[i].pkt_offset = pkt_offset;

9029 9030
		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
		if (!mask_pat)
9031
			return -ENOMEM;
9032 9033 9034 9035 9036 9037 9038

		new_rule->patterns[i].mask = mask_pat;
		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
		       mask_len);

		mask_pat += mask_len;
		new_rule->patterns[i].pattern = mask_pat;
9039
		new_rule->patterns[i].pattern_len = pat_len;
9040 9041
		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
		       pat_len);
9042 9043 9044 9045 9046 9047 9048 9049 9050 9051 9052 9053 9054 9055 9056 9057 9058 9059 9060 9061 9062 9063 9064 9065 9066 9067 9068 9069 9070 9071 9072 9073 9074 9075 9076 9077 9078 9079 9080 9081 9082 9083 9084 9085 9086 9087 9088 9089 9090 9091 9092 9093 9094 9095 9096 9097 9098 9099 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109 9110 9111 9112 9113 9114 9115
		i++;
	}

	return 0;
}

static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
	struct cfg80211_coalesce new_coalesce = {};
	struct cfg80211_coalesce *n_coalesce;
	int err, rem_rule, n_rules = 0, i, j;
	struct nlattr *rule;
	struct cfg80211_coalesce_rules *tmp_rule;

	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
		return -EOPNOTSUPP;

	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
		cfg80211_rdev_free_coalesce(rdev);
		rdev->ops->set_coalesce(&rdev->wiphy, NULL);
		return 0;
	}

	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
			    rem_rule)
		n_rules++;
	if (n_rules > coalesce->n_rules)
		return -EINVAL;

	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
				     GFP_KERNEL);
	if (!new_coalesce.rules)
		return -ENOMEM;

	new_coalesce.n_rules = n_rules;
	i = 0;

	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
			    rem_rule) {
		err = nl80211_parse_coalesce_rule(rdev, rule,
						  &new_coalesce.rules[i]);
		if (err)
			goto error;

		i++;
	}

	err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
	if (err)
		goto error;

	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
	if (!n_coalesce) {
		err = -ENOMEM;
		goto error;
	}
	cfg80211_rdev_free_coalesce(rdev);
	rdev->coalesce = n_coalesce;

	return 0;
error:
	for (i = 0; i < new_coalesce.n_rules; i++) {
		tmp_rule = &new_coalesce.rules[i];
		for (j = 0; j < tmp_rule->n_patterns; j++)
			kfree(tmp_rule->patterns[j].mask);
		kfree(tmp_rule->patterns);
	}
	kfree(new_coalesce.rules);

	return err;
}

9116 9117 9118 9119 9120 9121 9122 9123 9124 9125 9126 9127 9128 9129 9130 9131 9132 9133 9134 9135 9136 9137 9138 9139 9140 9141
static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
	struct cfg80211_gtk_rekey_data rekey_data;
	int err;

	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
		return -EINVAL;

	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
			nl80211_rekey_policy);
	if (err)
		return err;

	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
		return -ERANGE;
	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
		return -ERANGE;
	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
		return -ERANGE;

9142 9143 9144
	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
9145 9146 9147 9148 9149 9150 9151 9152 9153 9154 9155 9156

	wdev_lock(wdev);
	if (!wdev->current_bss) {
		err = -ENOTCONN;
		goto out;
	}

	if (!rdev->ops->set_rekey_data) {
		err = -EOPNOTSUPP;
		goto out;
	}

9157
	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
9158 9159 9160 9161 9162
 out:
	wdev_unlock(wdev);
	return err;
}

9163 9164 9165 9166 9167 9168 9169 9170 9171 9172
static int nl80211_register_unexpected_frame(struct sk_buff *skb,
					     struct genl_info *info)
{
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;

	if (wdev->iftype != NL80211_IFTYPE_AP &&
	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
		return -EINVAL;

9173
	if (wdev->ap_unexpected_nlportid)
9174 9175
		return -EBUSY;

9176
	wdev->ap_unexpected_nlportid = info->snd_portid;
9177 9178 9179
	return 0;
}

J
Johannes Berg 已提交
9180 9181 9182 9183 9184 9185 9186 9187 9188 9189 9190 9191 9192 9193 9194 9195 9196 9197 9198 9199 9200 9201 9202 9203 9204 9205
static int nl80211_probe_client(struct sk_buff *skb,
				struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct sk_buff *msg;
	void *hdr;
	const u8 *addr;
	u64 cookie;
	int err;

	if (wdev->iftype != NL80211_IFTYPE_AP &&
	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
		return -EOPNOTSUPP;

	if (!info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	if (!rdev->ops->probe_client)
		return -EOPNOTSUPP;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return -ENOMEM;

9206
	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
J
Johannes Berg 已提交
9207
			     NL80211_CMD_PROBE_CLIENT);
9208 9209
	if (!hdr) {
		err = -ENOBUFS;
J
Johannes Berg 已提交
9210 9211 9212 9213 9214
		goto free_msg;
	}

	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

9215
	err = rdev_probe_client(rdev, dev, addr, &cookie);
J
Johannes Berg 已提交
9216 9217 9218
	if (err)
		goto free_msg;

9219 9220
	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
		goto nla_put_failure;
J
Johannes Berg 已提交
9221 9222 9223 9224 9225 9226 9227 9228 9229 9230 9231 9232

	genlmsg_end(msg, hdr);

	return genlmsg_reply(msg, info);

 nla_put_failure:
	err = -ENOBUFS;
 free_msg:
	nlmsg_free(msg);
	return err;
}

9233 9234 9235
static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9236 9237
	struct cfg80211_beacon_registration *reg, *nreg;
	int rv;
9238 9239 9240 9241

	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
		return -EOPNOTSUPP;

9242 9243 9244 9245 9246 9247 9248 9249 9250 9251 9252 9253 9254 9255 9256
	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
	if (!nreg)
		return -ENOMEM;

	/* First, check if already registered. */
	spin_lock_bh(&rdev->beacon_registrations_lock);
	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
		if (reg->nlportid == info->snd_portid) {
			rv = -EALREADY;
			goto out_err;
		}
	}
	/* Add it to the list */
	nreg->nlportid = info->snd_portid;
	list_add(&nreg->list, &rdev->beacon_registrations);
9257

9258
	spin_unlock_bh(&rdev->beacon_registrations_lock);
9259 9260

	return 0;
9261 9262 9263 9264
out_err:
	spin_unlock_bh(&rdev->beacon_registrations_lock);
	kfree(nreg);
	return rv;
9265 9266
}

9267 9268 9269 9270 9271 9272 9273 9274 9275 9276 9277 9278 9279 9280 9281
static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct wireless_dev *wdev = info->user_ptr[1];
	int err;

	if (!rdev->ops->start_p2p_device)
		return -EOPNOTSUPP;

	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
		return -EOPNOTSUPP;

	if (wdev->p2p_started)
		return 0;

9282 9283
	if (rfkill_blocked(rdev->rfkill))
		return -ERFKILL;
9284

9285
	err = rdev_start_p2p_device(rdev, wdev);
9286 9287 9288 9289 9290 9291 9292 9293 9294 9295 9296 9297 9298 9299 9300 9301 9302 9303 9304 9305
	if (err)
		return err;

	wdev->p2p_started = true;
	rdev->opencount++;

	return 0;
}

static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct wireless_dev *wdev = info->user_ptr[1];

	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
		return -EOPNOTSUPP;

	if (!rdev->ops->stop_p2p_device)
		return -EOPNOTSUPP;

9306
	cfg80211_stop_p2p_device(rdev, wdev);
9307 9308 9309 9310

	return 0;
}

9311 9312 9313 9314 9315 9316 9317 9318 9319 9320 9321 9322 9323 9324 9325 9326 9327 9328 9329 9330 9331 9332 9333 9334 9335 9336 9337
static int nl80211_get_protocol_features(struct sk_buff *skb,
					 struct genl_info *info)
{
	void *hdr;
	struct sk_buff *msg;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return -ENOMEM;

	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
			     NL80211_CMD_GET_PROTOCOL_FEATURES);
	if (!hdr)
		goto nla_put_failure;

	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
		goto nla_put_failure;

	genlmsg_end(msg, hdr);
	return genlmsg_reply(msg, info);

 nla_put_failure:
	kfree_skb(msg);
	return -ENOBUFS;
}

9338 9339 9340 9341 9342 9343 9344 9345 9346 9347 9348 9349 9350 9351 9352 9353 9354 9355 9356 9357 9358
static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct cfg80211_update_ft_ies_params ft_params;
	struct net_device *dev = info->user_ptr[1];

	if (!rdev->ops->update_ft_ies)
		return -EOPNOTSUPP;

	if (!info->attrs[NL80211_ATTR_MDID] ||
	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
		return -EINVAL;

	memset(&ft_params, 0, sizeof(ft_params));
	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);

	return rdev_update_ft_ies(rdev, dev, &ft_params);
}

9359 9360 9361 9362 9363 9364 9365 9366 9367 9368 9369 9370 9371 9372 9373 9374 9375 9376 9377 9378 9379 9380 9381 9382 9383 9384 9385 9386 9387 9388 9389 9390 9391 9392 9393 9394 9395 9396 9397 9398 9399 9400 9401 9402 9403 9404 9405 9406 9407 9408 9409 9410 9411 9412 9413 9414 9415 9416
static int nl80211_crit_protocol_start(struct sk_buff *skb,
				       struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct wireless_dev *wdev = info->user_ptr[1];
	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
	u16 duration;
	int ret;

	if (!rdev->ops->crit_proto_start)
		return -EOPNOTSUPP;

	if (WARN_ON(!rdev->ops->crit_proto_stop))
		return -EINVAL;

	if (rdev->crit_proto_nlportid)
		return -EBUSY;

	/* determine protocol if provided */
	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);

	if (proto >= NUM_NL80211_CRIT_PROTO)
		return -EINVAL;

	/* timeout must be provided */
	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
		return -EINVAL;

	duration =
		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);

	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
		return -ERANGE;

	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
	if (!ret)
		rdev->crit_proto_nlportid = info->snd_portid;

	return ret;
}

static int nl80211_crit_protocol_stop(struct sk_buff *skb,
				      struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct wireless_dev *wdev = info->user_ptr[1];

	if (!rdev->ops->crit_proto_stop)
		return -EOPNOTSUPP;

	if (rdev->crit_proto_nlportid) {
		rdev->crit_proto_nlportid = 0;
		rdev_crit_proto_stop(rdev, wdev);
	}
	return 0;
}

J
Johannes Berg 已提交
9417 9418 9419 9420 9421 9422 9423 9424 9425 9426 9427 9428 9429 9430 9431 9432 9433 9434 9435 9436 9437 9438 9439 9440 9441 9442 9443 9444 9445 9446 9447 9448 9449 9450 9451 9452 9453 9454 9455 9456 9457 9458 9459 9460 9461 9462 9463 9464 9465 9466 9467 9468 9469 9470 9471 9472 9473 9474 9475 9476 9477 9478 9479 9480 9481 9482 9483 9484 9485 9486 9487 9488 9489 9490 9491
static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct wireless_dev *wdev =
		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
	int i, err;
	u32 vid, subcmd;

	if (!rdev->wiphy.vendor_commands)
		return -EOPNOTSUPP;

	if (IS_ERR(wdev)) {
		err = PTR_ERR(wdev);
		if (err != -EINVAL)
			return err;
		wdev = NULL;
	} else if (wdev->wiphy != &rdev->wiphy) {
		return -EINVAL;
	}

	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
		return -EINVAL;

	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
		const struct wiphy_vendor_command *vcmd;
		void *data = NULL;
		int len = 0;

		vcmd = &rdev->wiphy.vendor_commands[i];

		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
			continue;

		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
			if (!wdev)
				return -EINVAL;
			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
			    !wdev->netdev)
				return -EINVAL;

			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
				if (wdev->netdev &&
				    !netif_running(wdev->netdev))
					return -ENETDOWN;
				if (!wdev->netdev && !wdev->p2p_started)
					return -ENETDOWN;
			}
		} else {
			wdev = NULL;
		}

		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
		}

		rdev->cur_cmd_info = info;
		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
							  data, len);
		rdev->cur_cmd_info = NULL;
		return err;
	}

	return -EOPNOTSUPP;
}

struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
					   enum nl80211_commands cmd,
					   enum nl80211_attrs attr,
					   int approxlen)
{
9492
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
J
Johannes Berg 已提交
9493 9494 9495 9496 9497 9498 9499

	if (WARN_ON(!rdev->cur_cmd_info))
		return NULL;

	return __cfg80211_alloc_vendor_skb(rdev, approxlen,
					   rdev->cur_cmd_info->snd_portid,
					   rdev->cur_cmd_info->snd_seq,
9500
					   cmd, attr, NULL, GFP_KERNEL);
J
Johannes Berg 已提交
9501 9502 9503 9504 9505 9506 9507 9508 9509
}
EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);

int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
{
	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
	void *hdr = ((void **)skb->cb)[1];
	struct nlattr *data = ((void **)skb->cb)[2];

9510 9511 9512
	/* clear CB data for netlink core to own from now on */
	memset(skb->cb, 0, sizeof(skb->cb));

J
Johannes Berg 已提交
9513 9514 9515 9516 9517 9518 9519 9520 9521 9522 9523 9524
	if (WARN_ON(!rdev->cur_cmd_info)) {
		kfree_skb(skb);
		return -EINVAL;
	}

	nla_nest_end(skb, data);
	genlmsg_end(skb, hdr);
	return genlmsg_reply(skb, rdev->cur_cmd_info);
}
EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);


9525 9526 9527 9528 9529 9530 9531 9532 9533 9534 9535 9536 9537 9538 9539 9540 9541 9542 9543 9544 9545 9546 9547 9548 9549 9550 9551 9552 9553 9554 9555 9556 9557 9558 9559 9560 9561 9562 9563 9564 9565 9566 9567 9568 9569 9570 9571 9572 9573 9574 9575
static int nl80211_set_qos_map(struct sk_buff *skb,
			       struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct cfg80211_qos_map *qos_map = NULL;
	struct net_device *dev = info->user_ptr[1];
	u8 *pos, len, num_des, des_len, des;
	int ret;

	if (!rdev->ops->set_qos_map)
		return -EOPNOTSUPP;

	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);

		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
		    len > IEEE80211_QOS_MAP_LEN_MAX)
			return -EINVAL;

		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
		if (!qos_map)
			return -ENOMEM;

		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
		if (num_des) {
			des_len = num_des *
				sizeof(struct cfg80211_dscp_exception);
			memcpy(qos_map->dscp_exception, pos, des_len);
			qos_map->num_des = num_des;
			for (des = 0; des < num_des; des++) {
				if (qos_map->dscp_exception[des].up > 7) {
					kfree(qos_map);
					return -EINVAL;
				}
			}
			pos += des_len;
		}
		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
	}

	wdev_lock(dev->ieee80211_ptr);
	ret = nl80211_key_allowed(dev->ieee80211_ptr);
	if (!ret)
		ret = rdev_set_qos_map(rdev, dev, qos_map);
	wdev_unlock(dev->ieee80211_ptr);

	kfree(qos_map);
	return ret;
}

9576 9577 9578 9579 9580 9581 9582 9583 9584 9585
static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	const u8 *peer;
	u8 tsid, up;
	u16 admitted_time = 0;
	int err;

9586
	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
9587 9588 9589 9590 9591 9592 9593 9594 9595 9596 9597 9598 9599 9600 9601
		return -EOPNOTSUPP;

	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
	    !info->attrs[NL80211_ATTR_USER_PRIO])
		return -EINVAL;

	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
	if (tsid >= IEEE80211_NUM_TIDS)
		return -EINVAL;

	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
	if (up >= IEEE80211_NUM_UPS)
		return -EINVAL;

	/* WMM uses TIDs 0-7 even for TSPEC */
9602
	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
9603
		/* TODO: handle 802.11 TSPEC/admission control
9604 9605
		 * need more attributes for that (e.g. BA session requirement);
		 * change the WMM adminssion test above to allow both then
9606 9607 9608 9609 9610 9611 9612 9613 9614 9615 9616 9617 9618 9619 9620 9621 9622 9623 9624 9625 9626 9627 9628 9629 9630 9631 9632 9633 9634 9635 9636 9637 9638 9639 9640 9641 9642 9643 9644 9645 9646 9647 9648 9649 9650 9651 9652 9653 9654 9655 9656 9657 9658 9659 9660
		 */
		return -EINVAL;
	}

	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);

	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
		admitted_time =
			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
		if (!admitted_time)
			return -EINVAL;
	}

	wdev_lock(wdev);
	switch (wdev->iftype) {
	case NL80211_IFTYPE_STATION:
	case NL80211_IFTYPE_P2P_CLIENT:
		if (wdev->current_bss)
			break;
		err = -ENOTCONN;
		goto out;
	default:
		err = -EOPNOTSUPP;
		goto out;
	}

	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);

 out:
	wdev_unlock(wdev);
	return err;
}

static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
{
	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	struct net_device *dev = info->user_ptr[1];
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	const u8 *peer;
	u8 tsid;
	int err;

	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
		return -EINVAL;

	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);

	wdev_lock(wdev);
	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
	wdev_unlock(wdev);

	return err;
}

9661 9662 9663
#define NL80211_FLAG_NEED_WIPHY		0x01
#define NL80211_FLAG_NEED_NETDEV	0x02
#define NL80211_FLAG_NEED_RTNL		0x04
9664 9665 9666
#define NL80211_FLAG_CHECK_NETDEV_UP	0x08
#define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
					 NL80211_FLAG_CHECK_NETDEV_UP)
9667
#define NL80211_FLAG_NEED_WDEV		0x10
9668
/* If a netdev is associated, it must be UP, P2P must be started */
9669 9670
#define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
					 NL80211_FLAG_CHECK_NETDEV_UP)
9671
#define NL80211_FLAG_CLEAR_SKB		0x20
9672

J
Johannes Berg 已提交
9673
static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
9674 9675 9676
			    struct genl_info *info)
{
	struct cfg80211_registered_device *rdev;
9677
	struct wireless_dev *wdev;
9678 9679 9680 9681 9682 9683 9684
	struct net_device *dev;
	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;

	if (rtnl)
		rtnl_lock();

	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
J
Johannes Berg 已提交
9685
		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9686 9687 9688 9689 9690 9691
		if (IS_ERR(rdev)) {
			if (rtnl)
				rtnl_unlock();
			return PTR_ERR(rdev);
		}
		info->user_ptr[0] = rdev;
9692 9693
	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9694 9695
		ASSERT_RTNL();

9696 9697 9698
		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
						  info->attrs);
		if (IS_ERR(wdev)) {
9699 9700
			if (rtnl)
				rtnl_unlock();
9701
			return PTR_ERR(wdev);
9702
		}
9703 9704

		dev = wdev->netdev;
9705
		rdev = wiphy_to_rdev(wdev->wiphy);
9706

9707 9708 9709 9710 9711 9712 9713 9714 9715 9716
		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
			if (!dev) {
				if (rtnl)
					rtnl_unlock();
				return -EINVAL;
			}

			info->user_ptr[1] = dev;
		} else {
			info->user_ptr[1] = wdev;
9717
		}
9718 9719 9720 9721 9722 9723 9724 9725 9726 9727

		if (dev) {
			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
			    !netif_running(dev)) {
				if (rtnl)
					rtnl_unlock();
				return -ENETDOWN;
			}

			dev_hold(dev);
9728 9729 9730 9731 9732 9733
		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
			if (!wdev->p2p_started) {
				if (rtnl)
					rtnl_unlock();
				return -ENETDOWN;
			}
9734
		}
9735

9736 9737 9738 9739 9740 9741
		info->user_ptr[0] = rdev;
	}

	return 0;
}

J
Johannes Berg 已提交
9742
static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
9743 9744
			      struct genl_info *info)
{
9745 9746 9747 9748 9749 9750 9751 9752 9753 9754
	if (info->user_ptr[1]) {
		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
			struct wireless_dev *wdev = info->user_ptr[1];

			if (wdev->netdev)
				dev_put(wdev->netdev);
		} else {
			dev_put(info->user_ptr[1]);
		}
	}
9755

9756 9757
	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
		rtnl_unlock();
9758 9759 9760 9761 9762 9763 9764 9765 9766 9767 9768

	/* If needed, clear the netlink message payload from the SKB
	 * as it might contain key data that shouldn't stick around on
	 * the heap after the SKB is freed. The netlink message header
	 * is still needed for further processing, so leave it intact.
	 */
	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
		struct nlmsghdr *nlh = nlmsg_hdr(skb);

		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
	}
9769 9770
}

9771
static const struct genl_ops nl80211_ops[] = {
9772 9773 9774 9775
	{
		.cmd = NL80211_CMD_GET_WIPHY,
		.doit = nl80211_get_wiphy,
		.dumpit = nl80211_dump_wiphy,
9776
		.done = nl80211_dump_wiphy_done,
9777 9778
		.policy = nl80211_policy,
		/* can be retrieved by unprivileged users */
9779 9780
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
9781 9782 9783 9784 9785 9786
	},
	{
		.cmd = NL80211_CMD_SET_WIPHY,
		.doit = nl80211_set_wiphy,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9787
		.internal_flags = NL80211_FLAG_NEED_RTNL,
9788 9789 9790 9791 9792 9793 9794
	},
	{
		.cmd = NL80211_CMD_GET_INTERFACE,
		.doit = nl80211_get_interface,
		.dumpit = nl80211_dump_interface,
		.policy = nl80211_policy,
		/* can be retrieved by unprivileged users */
9795 9796
		.internal_flags = NL80211_FLAG_NEED_WDEV |
				  NL80211_FLAG_NEED_RTNL,
9797 9798 9799 9800 9801 9802
	},
	{
		.cmd = NL80211_CMD_SET_INTERFACE,
		.doit = nl80211_set_interface,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9803 9804
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
9805 9806 9807 9808 9809 9810
	},
	{
		.cmd = NL80211_CMD_NEW_INTERFACE,
		.doit = nl80211_new_interface,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9811 9812
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
9813 9814 9815 9816 9817
	},
	{
		.cmd = NL80211_CMD_DEL_INTERFACE,
		.doit = nl80211_del_interface,
		.policy = nl80211_policy,
9818
		.flags = GENL_ADMIN_PERM,
9819
		.internal_flags = NL80211_FLAG_NEED_WDEV |
9820
				  NL80211_FLAG_NEED_RTNL,
9821 9822 9823 9824 9825 9826
	},
	{
		.cmd = NL80211_CMD_GET_KEY,
		.doit = nl80211_get_key,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9827
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9828
				  NL80211_FLAG_NEED_RTNL,
9829 9830 9831 9832 9833 9834
	},
	{
		.cmd = NL80211_CMD_SET_KEY,
		.doit = nl80211_set_key,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9835
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9836 9837
				  NL80211_FLAG_NEED_RTNL |
				  NL80211_FLAG_CLEAR_SKB,
9838 9839 9840 9841 9842 9843
	},
	{
		.cmd = NL80211_CMD_NEW_KEY,
		.doit = nl80211_new_key,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9844
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9845 9846
				  NL80211_FLAG_NEED_RTNL |
				  NL80211_FLAG_CLEAR_SKB,
9847 9848 9849 9850 9851
	},
	{
		.cmd = NL80211_CMD_DEL_KEY,
		.doit = nl80211_del_key,
		.policy = nl80211_policy,
9852
		.flags = GENL_ADMIN_PERM,
9853
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9854
				  NL80211_FLAG_NEED_RTNL,
9855
	},
9856 9857 9858 9859
	{
		.cmd = NL80211_CMD_SET_BEACON,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9860
		.doit = nl80211_set_beacon,
9861
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9862
				  NL80211_FLAG_NEED_RTNL,
9863 9864
	},
	{
9865
		.cmd = NL80211_CMD_START_AP,
9866 9867
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9868
		.doit = nl80211_start_ap,
9869
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9870
				  NL80211_FLAG_NEED_RTNL,
9871 9872
	},
	{
9873
		.cmd = NL80211_CMD_STOP_AP,
9874 9875
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9876
		.doit = nl80211_stop_ap,
9877
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9878
				  NL80211_FLAG_NEED_RTNL,
9879
	},
9880 9881 9882
	{
		.cmd = NL80211_CMD_GET_STATION,
		.doit = nl80211_get_station,
9883
		.dumpit = nl80211_dump_station,
9884
		.policy = nl80211_policy,
9885 9886
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
9887 9888 9889 9890 9891 9892
	},
	{
		.cmd = NL80211_CMD_SET_STATION,
		.doit = nl80211_set_station,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9893
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9894
				  NL80211_FLAG_NEED_RTNL,
9895 9896 9897 9898 9899 9900
	},
	{
		.cmd = NL80211_CMD_NEW_STATION,
		.doit = nl80211_new_station,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9901
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9902
				  NL80211_FLAG_NEED_RTNL,
9903 9904 9905 9906 9907
	},
	{
		.cmd = NL80211_CMD_DEL_STATION,
		.doit = nl80211_del_station,
		.policy = nl80211_policy,
9908
		.flags = GENL_ADMIN_PERM,
9909
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9910
				  NL80211_FLAG_NEED_RTNL,
9911 9912 9913 9914 9915 9916 9917
	},
	{
		.cmd = NL80211_CMD_GET_MPATH,
		.doit = nl80211_get_mpath,
		.dumpit = nl80211_dump_mpath,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9918
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9919
				  NL80211_FLAG_NEED_RTNL,
9920
	},
9921 9922 9923 9924 9925 9926 9927 9928 9929
	{
		.cmd = NL80211_CMD_GET_MPP,
		.doit = nl80211_get_mpp,
		.dumpit = nl80211_dump_mpp,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
9930 9931 9932 9933 9934
	{
		.cmd = NL80211_CMD_SET_MPATH,
		.doit = nl80211_set_mpath,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9935
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9936
				  NL80211_FLAG_NEED_RTNL,
9937 9938 9939 9940 9941 9942
	},
	{
		.cmd = NL80211_CMD_NEW_MPATH,
		.doit = nl80211_new_mpath,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9943
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9944
				  NL80211_FLAG_NEED_RTNL,
9945 9946 9947 9948 9949
	},
	{
		.cmd = NL80211_CMD_DEL_MPATH,
		.doit = nl80211_del_mpath,
		.policy = nl80211_policy,
9950
		.flags = GENL_ADMIN_PERM,
9951
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9952
				  NL80211_FLAG_NEED_RTNL,
9953 9954 9955 9956 9957
	},
	{
		.cmd = NL80211_CMD_SET_BSS,
		.doit = nl80211_set_bss,
		.policy = nl80211_policy,
9958
		.flags = GENL_ADMIN_PERM,
9959
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9960
				  NL80211_FLAG_NEED_RTNL,
9961
	},
9962 9963 9964 9965
	{
		.cmd = NL80211_CMD_GET_REG,
		.doit = nl80211_get_reg,
		.policy = nl80211_policy,
9966
		.internal_flags = NL80211_FLAG_NEED_RTNL,
9967 9968
		/* can be retrieved by unprivileged users */
	},
9969 9970 9971 9972 9973
	{
		.cmd = NL80211_CMD_SET_REG,
		.doit = nl80211_set_reg,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
9974
		.internal_flags = NL80211_FLAG_NEED_RTNL,
9975 9976 9977 9978 9979
	},
	{
		.cmd = NL80211_CMD_REQ_SET_REG,
		.doit = nl80211_req_set_reg,
		.policy = nl80211_policy,
9980 9981 9982
		.flags = GENL_ADMIN_PERM,
	},
	{
9983 9984
		.cmd = NL80211_CMD_GET_MESH_CONFIG,
		.doit = nl80211_get_mesh_config,
9985 9986
		.policy = nl80211_policy,
		/* can be retrieved by unprivileged users */
9987
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9988
				  NL80211_FLAG_NEED_RTNL,
9989 9990
	},
	{
9991 9992
		.cmd = NL80211_CMD_SET_MESH_CONFIG,
		.doit = nl80211_update_mesh_config,
9993
		.policy = nl80211_policy,
9994
		.flags = GENL_ADMIN_PERM,
9995
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9996
				  NL80211_FLAG_NEED_RTNL,
9997
	},
9998 9999 10000 10001 10002
	{
		.cmd = NL80211_CMD_TRIGGER_SCAN,
		.doit = nl80211_trigger_scan,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
J
Johannes Berg 已提交
10003
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10004
				  NL80211_FLAG_NEED_RTNL,
10005 10006 10007 10008 10009 10010
	},
	{
		.cmd = NL80211_CMD_GET_SCAN,
		.policy = nl80211_policy,
		.dumpit = nl80211_dump_scan,
	},
10011 10012 10013 10014 10015 10016 10017 10018 10019 10020 10021 10022 10023 10024 10025 10026
	{
		.cmd = NL80211_CMD_START_SCHED_SCAN,
		.doit = nl80211_start_sched_scan,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
		.doit = nl80211_stop_sched_scan,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10027 10028 10029 10030 10031
	{
		.cmd = NL80211_CMD_AUTHENTICATE,
		.doit = nl80211_authenticate,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10032
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10033 10034
				  NL80211_FLAG_NEED_RTNL |
				  NL80211_FLAG_CLEAR_SKB,
10035 10036 10037 10038 10039 10040
	},
	{
		.cmd = NL80211_CMD_ASSOCIATE,
		.doit = nl80211_associate,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10041
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10042
				  NL80211_FLAG_NEED_RTNL,
10043 10044 10045 10046 10047 10048
	},
	{
		.cmd = NL80211_CMD_DEAUTHENTICATE,
		.doit = nl80211_deauthenticate,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10049
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10050
				  NL80211_FLAG_NEED_RTNL,
10051 10052 10053 10054 10055 10056
	},
	{
		.cmd = NL80211_CMD_DISASSOCIATE,
		.doit = nl80211_disassociate,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10057
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10058
				  NL80211_FLAG_NEED_RTNL,
10059
	},
J
Johannes Berg 已提交
10060 10061 10062 10063 10064
	{
		.cmd = NL80211_CMD_JOIN_IBSS,
		.doit = nl80211_join_ibss,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10065
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10066
				  NL80211_FLAG_NEED_RTNL,
J
Johannes Berg 已提交
10067 10068 10069 10070 10071 10072
	},
	{
		.cmd = NL80211_CMD_LEAVE_IBSS,
		.doit = nl80211_leave_ibss,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10073
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10074
				  NL80211_FLAG_NEED_RTNL,
J
Johannes Berg 已提交
10075
	},
10076 10077 10078 10079
#ifdef CONFIG_NL80211_TESTMODE
	{
		.cmd = NL80211_CMD_TESTMODE,
		.doit = nl80211_testmode_do,
W
Wey-Yi Guy 已提交
10080
		.dumpit = nl80211_testmode_dump,
10081 10082
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10083 10084
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
10085 10086
	},
#endif
S
Samuel Ortiz 已提交
10087 10088 10089 10090 10091
	{
		.cmd = NL80211_CMD_CONNECT,
		.doit = nl80211_connect,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10092
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10093
				  NL80211_FLAG_NEED_RTNL,
S
Samuel Ortiz 已提交
10094 10095 10096 10097 10098 10099
	},
	{
		.cmd = NL80211_CMD_DISCONNECT,
		.doit = nl80211_disconnect,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10100
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10101
				  NL80211_FLAG_NEED_RTNL,
S
Samuel Ortiz 已提交
10102
	},
10103 10104 10105 10106 10107
	{
		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
		.doit = nl80211_wiphy_netns,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10108 10109
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
10110
	},
10111 10112 10113 10114 10115
	{
		.cmd = NL80211_CMD_GET_SURVEY,
		.policy = nl80211_policy,
		.dumpit = nl80211_dump_survey,
	},
S
Samuel Ortiz 已提交
10116 10117 10118 10119 10120
	{
		.cmd = NL80211_CMD_SET_PMKSA,
		.doit = nl80211_setdel_pmksa,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10121
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10122
				  NL80211_FLAG_NEED_RTNL,
S
Samuel Ortiz 已提交
10123 10124 10125 10126 10127 10128
	},
	{
		.cmd = NL80211_CMD_DEL_PMKSA,
		.doit = nl80211_setdel_pmksa,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10129
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10130
				  NL80211_FLAG_NEED_RTNL,
S
Samuel Ortiz 已提交
10131 10132 10133 10134 10135 10136
	},
	{
		.cmd = NL80211_CMD_FLUSH_PMKSA,
		.doit = nl80211_flush_pmksa,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10137
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10138
				  NL80211_FLAG_NEED_RTNL,
S
Samuel Ortiz 已提交
10139
	},
10140 10141 10142 10143 10144
	{
		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
		.doit = nl80211_remain_on_channel,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10145
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10146
				  NL80211_FLAG_NEED_RTNL,
10147 10148 10149 10150 10151 10152
	},
	{
		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
		.doit = nl80211_cancel_remain_on_channel,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10153
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10154
				  NL80211_FLAG_NEED_RTNL,
10155
	},
10156 10157 10158 10159 10160
	{
		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
		.doit = nl80211_set_tx_bitrate_mask,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10161 10162
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
10163
	},
10164
	{
10165 10166
		.cmd = NL80211_CMD_REGISTER_FRAME,
		.doit = nl80211_register_mgmt,
10167 10168
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10169
		.internal_flags = NL80211_FLAG_NEED_WDEV |
10170
				  NL80211_FLAG_NEED_RTNL,
10171 10172
	},
	{
10173 10174
		.cmd = NL80211_CMD_FRAME,
		.doit = nl80211_tx_mgmt,
10175
		.policy = nl80211_policy,
10176
		.flags = GENL_ADMIN_PERM,
10177
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10178 10179 10180 10181 10182 10183
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
		.doit = nl80211_tx_mgmt_cancel_wait,
		.policy = nl80211_policy,
10184
		.flags = GENL_ADMIN_PERM,
10185
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10186
				  NL80211_FLAG_NEED_RTNL,
10187
	},
K
Kalle Valo 已提交
10188 10189 10190 10191 10192
	{
		.cmd = NL80211_CMD_SET_POWER_SAVE,
		.doit = nl80211_set_power_save,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10193 10194
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
K
Kalle Valo 已提交
10195 10196 10197 10198 10199 10200
	},
	{
		.cmd = NL80211_CMD_GET_POWER_SAVE,
		.doit = nl80211_get_power_save,
		.policy = nl80211_policy,
		/* can be retrieved by unprivileged users */
10201 10202
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
K
Kalle Valo 已提交
10203
	},
10204 10205 10206 10207 10208
	{
		.cmd = NL80211_CMD_SET_CQM,
		.doit = nl80211_set_cqm,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10209 10210
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
10211
	},
10212 10213 10214 10215 10216
	{
		.cmd = NL80211_CMD_SET_CHANNEL,
		.doit = nl80211_set_channel,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10217 10218
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
10219
	},
10220 10221 10222 10223 10224
	{
		.cmd = NL80211_CMD_SET_WDS_PEER,
		.doit = nl80211_set_wds_peer,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10225 10226
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
10227
	},
10228 10229 10230 10231 10232 10233 10234 10235 10236 10237 10238 10239 10240 10241 10242 10243
	{
		.cmd = NL80211_CMD_JOIN_MESH,
		.doit = nl80211_join_mesh,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_LEAVE_MESH,
		.doit = nl80211_leave_mesh,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10244 10245 10246 10247 10248 10249 10250 10251 10252 10253 10254 10255 10256 10257 10258 10259
	{
		.cmd = NL80211_CMD_JOIN_OCB,
		.doit = nl80211_join_ocb,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_LEAVE_OCB,
		.doit = nl80211_leave_ocb,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10260
#ifdef CONFIG_PM
J
Johannes Berg 已提交
10261 10262 10263 10264 10265 10266 10267 10268 10269 10270 10271 10272 10273 10274 10275 10276
	{
		.cmd = NL80211_CMD_GET_WOWLAN,
		.doit = nl80211_get_wowlan,
		.policy = nl80211_policy,
		/* can be retrieved by unprivileged users */
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_SET_WOWLAN,
		.doit = nl80211_set_wowlan,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
	},
10277
#endif
10278 10279 10280 10281 10282 10283
	{
		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
		.doit = nl80211_set_rekey_data,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10284 10285
				  NL80211_FLAG_NEED_RTNL |
				  NL80211_FLAG_CLEAR_SKB,
10286
	},
10287 10288 10289 10290 10291 10292 10293 10294 10295 10296 10297 10298 10299 10300 10301 10302
	{
		.cmd = NL80211_CMD_TDLS_MGMT,
		.doit = nl80211_tdls_mgmt,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_TDLS_OPER,
		.doit = nl80211_tdls_oper,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10303 10304 10305 10306 10307 10308 10309 10310
	{
		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
		.doit = nl80211_register_unexpected_frame,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
	},
J
Johannes Berg 已提交
10311 10312 10313 10314 10315
	{
		.cmd = NL80211_CMD_PROBE_CLIENT,
		.doit = nl80211_probe_client,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
10316
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
J
Johannes Berg 已提交
10317 10318
				  NL80211_FLAG_NEED_RTNL,
	},
10319 10320 10321 10322 10323 10324 10325 10326
	{
		.cmd = NL80211_CMD_REGISTER_BEACONS,
		.doit = nl80211_register_beacons,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
	},
10327 10328 10329 10330 10331 10332 10333 10334
	{
		.cmd = NL80211_CMD_SET_NOACK_MAP,
		.doit = nl80211_set_noack_map,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
	},
10335 10336 10337 10338 10339 10340 10341 10342 10343 10344 10345 10346 10347 10348 10349 10350
	{
		.cmd = NL80211_CMD_START_P2P_DEVICE,
		.doit = nl80211_start_p2p_device,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WDEV |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
		.doit = nl80211_stop_p2p_device,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10351 10352 10353
	{
		.cmd = NL80211_CMD_SET_MCAST_RATE,
		.doit = nl80211_set_mcast_rate,
10354 10355 10356 10357 10358 10359 10360 10361
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_SET_MAC_ACL,
		.doit = nl80211_set_mac_acl,
10362 10363 10364 10365 10366
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV |
				  NL80211_FLAG_NEED_RTNL,
	},
10367 10368 10369 10370 10371 10372 10373 10374
	{
		.cmd = NL80211_CMD_RADAR_DETECT,
		.doit = nl80211_start_radar_detection,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10375 10376 10377 10378 10379
	{
		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
		.doit = nl80211_get_protocol_features,
		.policy = nl80211_policy,
	},
10380 10381 10382 10383 10384 10385 10386 10387
	{
		.cmd = NL80211_CMD_UPDATE_FT_IES,
		.doit = nl80211_update_ft_ies,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10388 10389 10390 10391 10392 10393 10394 10395 10396 10397 10398 10399 10400 10401 10402
	{
		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
		.doit = nl80211_crit_protocol_start,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
		.doit = nl80211_crit_protocol_stop,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
10403 10404 10405 10406 10407 10408 10409 10410 10411 10412 10413 10414 10415 10416 10417
	},
	{
		.cmd = NL80211_CMD_GET_COALESCE,
		.doit = nl80211_get_coalesce,
		.policy = nl80211_policy,
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_SET_COALESCE,
		.doit = nl80211_set_coalesce,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
10418 10419 10420 10421 10422 10423 10424 10425 10426
	},
	{
		.cmd = NL80211_CMD_CHANNEL_SWITCH,
		.doit = nl80211_channel_switch,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
J
Johannes Berg 已提交
10427 10428 10429 10430 10431 10432 10433 10434
	{
		.cmd = NL80211_CMD_VENDOR,
		.doit = nl80211_vendor_cmd,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_WIPHY |
				  NL80211_FLAG_NEED_RTNL,
	},
10435 10436 10437 10438 10439 10440 10441 10442
	{
		.cmd = NL80211_CMD_SET_QOS_MAP,
		.doit = nl80211_set_qos_map,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10443 10444 10445 10446 10447 10448 10449 10450 10451 10452 10453 10454 10455 10456 10457 10458
	{
		.cmd = NL80211_CMD_ADD_TX_TS,
		.doit = nl80211_add_tx_ts,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
	{
		.cmd = NL80211_CMD_DEL_TX_TS,
		.doit = nl80211_del_tx_ts,
		.policy = nl80211_policy,
		.flags = GENL_ADMIN_PERM,
		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
				  NL80211_FLAG_NEED_RTNL,
	},
10459
};
10460

10461 10462
/* notification functions */

10463 10464
void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
			  enum nl80211_commands cmd)
10465 10466
{
	struct sk_buff *msg;
10467
	struct nl80211_dump_wiphy_state state = {};
10468

10469 10470 10471
	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
		cmd != NL80211_CMD_DEL_WIPHY);

10472
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10473 10474 10475
	if (!msg)
		return;

10476
	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
10477 10478 10479 10480
		nlmsg_free(msg);
		return;
	}

10481
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10482
				NL80211_MCGRP_CONFIG, GFP_KERNEL);
10483 10484
}

10485 10486 10487 10488 10489 10490 10491 10492 10493 10494 10495 10496 10497
static int nl80211_add_scan_req(struct sk_buff *msg,
				struct cfg80211_registered_device *rdev)
{
	struct cfg80211_scan_request *req = rdev->scan_req;
	struct nlattr *nest;
	int i;

	if (WARN_ON(!req))
		return 0;

	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
	if (!nest)
		goto nla_put_failure;
10498 10499 10500 10501
	for (i = 0; i < req->n_ssids; i++) {
		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
			goto nla_put_failure;
	}
10502 10503 10504 10505 10506
	nla_nest_end(msg, nest);

	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
	if (!nest)
		goto nla_put_failure;
10507 10508 10509 10510
	for (i = 0; i < req->n_channels; i++) {
		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
			goto nla_put_failure;
	}
10511 10512
	nla_nest_end(msg, nest);

10513 10514 10515
	if (req->ie &&
	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
		goto nla_put_failure;
10516

10517 10518 10519
	if (req->flags &&
	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
		goto nla_put_failure;
10520

10521 10522 10523 10524 10525
	return 0;
 nla_put_failure:
	return -ENOBUFS;
}

10526 10527
static int nl80211_send_scan_msg(struct sk_buff *msg,
				 struct cfg80211_registered_device *rdev,
J
Johannes Berg 已提交
10528
				 struct wireless_dev *wdev,
10529
				 u32 portid, u32 seq, int flags,
10530
				 u32 cmd)
10531 10532 10533
{
	void *hdr;

10534
	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10535 10536 10537
	if (!hdr)
		return -1;

10538
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
J
Johannes Berg 已提交
10539 10540 10541
	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
					 wdev->netdev->ifindex)) ||
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10542
		goto nla_put_failure;
10543

10544 10545
	/* ignore errors and send incomplete event anyway */
	nl80211_add_scan_req(msg, rdev);
10546 10547 10548 10549 10550 10551 10552 10553

	return genlmsg_end(msg, hdr);

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
}

10554 10555 10556 10557
static int
nl80211_send_sched_scan_msg(struct sk_buff *msg,
			    struct cfg80211_registered_device *rdev,
			    struct net_device *netdev,
10558
			    u32 portid, u32 seq, int flags, u32 cmd)
10559 10560 10561
{
	void *hdr;

10562
	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10563 10564 10565
	if (!hdr)
		return -1;

10566 10567 10568
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
		goto nla_put_failure;
10569 10570 10571 10572 10573 10574 10575 10576

	return genlmsg_end(msg, hdr);

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	return -EMSGSIZE;
}

10577
void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
J
Johannes Berg 已提交
10578
			     struct wireless_dev *wdev)
10579 10580 10581
{
	struct sk_buff *msg;

10582
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10583 10584 10585
	if (!msg)
		return;

J
Johannes Berg 已提交
10586
	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10587 10588 10589 10590 10591
				  NL80211_CMD_TRIGGER_SCAN) < 0) {
		nlmsg_free(msg);
		return;
	}

10592
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10593
				NL80211_MCGRP_SCAN, GFP_KERNEL);
10594 10595
}

10596 10597
struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
				       struct wireless_dev *wdev, bool aborted)
10598 10599 10600
{
	struct sk_buff *msg;

10601
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10602
	if (!msg)
10603
		return NULL;
10604

J
Johannes Berg 已提交
10605
	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10606 10607
				  aborted ? NL80211_CMD_SCAN_ABORTED :
					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
10608
		nlmsg_free(msg);
10609
		return NULL;
10610 10611
	}

10612
	return msg;
10613 10614
}

10615 10616
void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
			      struct sk_buff *msg)
10617 10618 10619 10620
{
	if (!msg)
		return;

10621
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10622
				NL80211_MCGRP_SCAN, GFP_KERNEL);
10623 10624
}

10625 10626 10627 10628 10629 10630 10631 10632 10633 10634 10635 10636 10637 10638 10639
void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
				     struct net_device *netdev)
{
	struct sk_buff *msg;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return;

	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
		nlmsg_free(msg);
		return;
	}

10640
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10641
				NL80211_MCGRP_SCAN, GFP_KERNEL);
10642 10643 10644 10645 10646 10647 10648
}

void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
			     struct net_device *netdev, u32 cmd)
{
	struct sk_buff *msg;

10649
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10650 10651 10652 10653 10654 10655 10656 10657
	if (!msg)
		return;

	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
		nlmsg_free(msg);
		return;
	}

10658
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10659
				NL80211_MCGRP_SCAN, GFP_KERNEL);
10660 10661
}

10662 10663 10664 10665 10666 10667 10668 10669 10670
/*
 * This can happen on global regulatory changes or device specific settings
 * based on custom world regulatory domains.
 */
void nl80211_send_reg_change_event(struct regulatory_request *request)
{
	struct sk_buff *msg;
	void *hdr;

10671
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10672 10673 10674 10675 10676 10677 10678 10679 10680 10681
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

	/* Userspace can always count this one always being set */
10682 10683 10684 10685 10686 10687 10688 10689 10690 10691 10692 10693 10694 10695 10696 10697 10698 10699 10700 10701 10702 10703 10704 10705
	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
		goto nla_put_failure;

	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
			       NL80211_REGDOM_TYPE_WORLD))
			goto nla_put_failure;
	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
			goto nla_put_failure;
	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
		   request->intersect) {
		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
			       NL80211_REGDOM_TYPE_INTERSECTION))
			goto nla_put_failure;
	} else {
		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
			       NL80211_REGDOM_TYPE_COUNTRY) ||
		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
				   request->alpha2))
			goto nla_put_failure;
	}

J
Johannes Berg 已提交
10706
	if (request->wiphy_idx != WIPHY_IDX_INVALID &&
10707 10708
	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
		goto nla_put_failure;
10709

J
Johannes Berg 已提交
10710
	genlmsg_end(msg, hdr);
10711

10712
	rcu_read_lock();
10713
	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10714
				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10715
	rcu_read_unlock();
10716 10717 10718 10719 10720 10721 10722 10723

	return;

nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

10724 10725 10726
static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
				    struct net_device *netdev,
				    const u8 *buf, size_t len,
10727 10728
				    enum nl80211_commands cmd, gfp_t gfp,
				    int uapsd_queues)
10729 10730 10731 10732
{
	struct sk_buff *msg;
	void *hdr;

10733
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10734 10735 10736 10737 10738 10739 10740 10741 10742
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

10743 10744 10745 10746
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
		goto nla_put_failure;
10747

10748 10749 10750 10751 10752 10753 10754 10755 10756 10757 10758 10759 10760
	if (uapsd_queues >= 0) {
		struct nlattr *nla_wmm =
			nla_nest_start(msg, NL80211_ATTR_STA_WME);
		if (!nla_wmm)
			goto nla_put_failure;

		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
			       uapsd_queues))
			goto nla_put_failure;

		nla_nest_end(msg, nla_wmm);
	}

J
Johannes Berg 已提交
10761
	genlmsg_end(msg, hdr);
10762

10763
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10764
				NL80211_MCGRP_MLME, gfp);
10765 10766 10767 10768 10769 10770 10771 10772
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
10773 10774
			  struct net_device *netdev, const u8 *buf,
			  size_t len, gfp_t gfp)
10775 10776
{
	nl80211_send_mlme_event(rdev, netdev, buf, len,
10777
				NL80211_CMD_AUTHENTICATE, gfp, -1);
10778 10779 10780 10781
}

void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
			   struct net_device *netdev, const u8 *buf,
10782
			   size_t len, gfp_t gfp, int uapsd_queues)
10783
{
10784
	nl80211_send_mlme_event(rdev, netdev, buf, len,
10785
				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
10786 10787
}

10788
void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
10789 10790
			 struct net_device *netdev, const u8 *buf,
			 size_t len, gfp_t gfp)
10791 10792
{
	nl80211_send_mlme_event(rdev, netdev, buf, len,
10793
				NL80211_CMD_DEAUTHENTICATE, gfp, -1);
10794 10795
}

10796 10797
void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
			   struct net_device *netdev, const u8 *buf,
10798
			   size_t len, gfp_t gfp)
10799 10800
{
	nl80211_send_mlme_event(rdev, netdev, buf, len,
10801
				NL80211_CMD_DISASSOCIATE, gfp, -1);
10802 10803
}

10804 10805
void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
				  size_t len)
10806
{
10807 10808
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct wiphy *wiphy = wdev->wiphy;
10809
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10810 10811
	const struct ieee80211_mgmt *mgmt = (void *)buf;
	u32 cmd;
10812

10813 10814
	if (WARN_ON(len < 2))
		return;
10815

10816 10817 10818 10819
	if (ieee80211_is_deauth(mgmt->frame_control))
		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
	else
		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
10820

10821
	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
10822
	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
10823
}
10824
EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
10825

10826 10827
static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
				      struct net_device *netdev, int cmd,
10828
				      const u8 *addr, gfp_t gfp)
10829 10830 10831 10832
{
	struct sk_buff *msg;
	void *hdr;

10833
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10834 10835 10836 10837 10838 10839 10840 10841 10842
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

10843 10844 10845 10846 10847
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
		goto nla_put_failure;
10848

J
Johannes Berg 已提交
10849
	genlmsg_end(msg, hdr);
10850

10851
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10852
				NL80211_MCGRP_MLME, gfp);
10853 10854 10855 10856 10857 10858 10859 10860
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
10861 10862
			       struct net_device *netdev, const u8 *addr,
			       gfp_t gfp)
10863 10864
{
	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
10865
				  addr, gfp);
10866 10867 10868
}

void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10869 10870
				struct net_device *netdev, const u8 *addr,
				gfp_t gfp)
10871
{
10872 10873
	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
				  addr, gfp);
10874 10875
}

S
Samuel Ortiz 已提交
10876 10877 10878 10879 10880 10881 10882 10883 10884
void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
				 struct net_device *netdev, const u8 *bssid,
				 const u8 *req_ie, size_t req_ie_len,
				 const u8 *resp_ie, size_t resp_ie_len,
				 u16 status, gfp_t gfp)
{
	struct sk_buff *msg;
	void *hdr;

10885
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
S
Samuel Ortiz 已提交
10886 10887 10888 10889 10890 10891 10892 10893 10894
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

10895 10896 10897 10898 10899 10900 10901 10902 10903
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
	    (req_ie &&
	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
	    (resp_ie &&
	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
		goto nla_put_failure;
S
Samuel Ortiz 已提交
10904

J
Johannes Berg 已提交
10905
	genlmsg_end(msg, hdr);
S
Samuel Ortiz 已提交
10906

10907
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10908
				NL80211_MCGRP_MLME, gfp);
S
Samuel Ortiz 已提交
10909 10910 10911 10912 10913 10914 10915 10916 10917 10918 10919 10920 10921 10922 10923 10924
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);

}

void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
			 struct net_device *netdev, const u8 *bssid,
			 const u8 *req_ie, size_t req_ie_len,
			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
{
	struct sk_buff *msg;
	void *hdr;

10925
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
S
Samuel Ortiz 已提交
10926 10927 10928 10929 10930 10931 10932 10933 10934
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

10935 10936 10937 10938 10939 10940 10941 10942
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
	    (req_ie &&
	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
	    (resp_ie &&
	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
		goto nla_put_failure;
S
Samuel Ortiz 已提交
10943

J
Johannes Berg 已提交
10944
	genlmsg_end(msg, hdr);
S
Samuel Ortiz 已提交
10945

10946
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10947
				NL80211_MCGRP_MLME, gfp);
S
Samuel Ortiz 已提交
10948 10949 10950 10951 10952 10953 10954 10955 10956 10957
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);

}

void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
			       struct net_device *netdev, u16 reason,
J
Johannes Berg 已提交
10958
			       const u8 *ie, size_t ie_len, bool from_ap)
S
Samuel Ortiz 已提交
10959 10960 10961 10962
{
	struct sk_buff *msg;
	void *hdr;

10963
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
S
Samuel Ortiz 已提交
10964 10965 10966 10967 10968 10969 10970 10971 10972
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

10973 10974 10975 10976 10977 10978 10979 10980
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    (from_ap && reason &&
	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
	    (from_ap &&
	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
		goto nla_put_failure;
S
Samuel Ortiz 已提交
10981

J
Johannes Berg 已提交
10982
	genlmsg_end(msg, hdr);
S
Samuel Ortiz 已提交
10983

10984
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10985
				NL80211_MCGRP_MLME, GFP_KERNEL);
S
Samuel Ortiz 已提交
10986 10987 10988 10989 10990 10991 10992 10993
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);

}

J
Johannes Berg 已提交
10994 10995 10996 10997 10998 10999 11000
void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
			     struct net_device *netdev, const u8 *bssid,
			     gfp_t gfp)
{
	struct sk_buff *msg;
	void *hdr;

11001
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
J
Johannes Berg 已提交
11002 11003 11004 11005 11006 11007 11008 11009 11010
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11011 11012 11013 11014
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
		goto nla_put_failure;
J
Johannes Berg 已提交
11015

J
Johannes Berg 已提交
11016
	genlmsg_end(msg, hdr);
J
Johannes Berg 已提交
11017

11018
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11019
				NL80211_MCGRP_MLME, gfp);
J
Johannes Berg 已提交
11020 11021 11022 11023 11024 11025 11026
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11027 11028
void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
					const u8* ie, u8 ie_len, gfp_t gfp)
11029
{
11030
	struct wireless_dev *wdev = dev->ieee80211_ptr;
11031
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11032 11033 11034
	struct sk_buff *msg;
	void *hdr;

11035 11036 11037 11038 11039
	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
		return;

	trace_cfg80211_notify_new_peer_candidate(dev, addr);

11040 11041 11042 11043 11044 11045 11046 11047 11048 11049
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11050
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11051 11052
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11053 11054 11055
	    (ie_len && ie &&
	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
		goto nla_put_failure;
11056

J
Johannes Berg 已提交
11057
	genlmsg_end(msg, hdr);
11058

11059
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11060
				NL80211_MCGRP_MLME, gfp);
11061 11062 11063 11064 11065 11066
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
11067
EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
11068

11069 11070 11071
void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
				 struct net_device *netdev, const u8 *addr,
				 enum nl80211_key_type key_type, int key_id,
11072
				 const u8 *tsc, gfp_t gfp)
11073 11074 11075 11076
{
	struct sk_buff *msg;
	void *hdr;

11077
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11078 11079 11080 11081 11082 11083 11084 11085 11086
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11087 11088 11089 11090 11091 11092 11093 11094
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
	    (key_id != -1 &&
	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
		goto nla_put_failure;
11095

J
Johannes Berg 已提交
11096
	genlmsg_end(msg, hdr);
11097

11098
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11099
				NL80211_MCGRP_MLME, gfp);
11100 11101 11102 11103 11104 11105 11106
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11107 11108 11109 11110 11111 11112 11113 11114
void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
				    struct ieee80211_channel *channel_before,
				    struct ieee80211_channel *channel_after)
{
	struct sk_buff *msg;
	void *hdr;
	struct nlattr *nl_freq;

11115
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
11116 11117 11118 11119 11120 11121 11122 11123 11124 11125 11126 11127 11128
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

	/*
	 * Since we are applying the beacon hint to a wiphy we know its
	 * wiphy_idx is valid
	 */
11129 11130
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
		goto nla_put_failure;
11131 11132 11133 11134 11135

	/* Before */
	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
	if (!nl_freq)
		goto nla_put_failure;
11136
	if (nl80211_msg_put_channel(msg, channel_before, false))
11137 11138 11139 11140 11141 11142 11143
		goto nla_put_failure;
	nla_nest_end(msg, nl_freq);

	/* After */
	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
	if (!nl_freq)
		goto nla_put_failure;
11144
	if (nl80211_msg_put_channel(msg, channel_after, false))
11145 11146 11147
		goto nla_put_failure;
	nla_nest_end(msg, nl_freq);

J
Johannes Berg 已提交
11148
	genlmsg_end(msg, hdr);
11149

11150
	rcu_read_lock();
11151
	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
11152
				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
11153
	rcu_read_unlock();
11154 11155 11156 11157 11158 11159 11160 11161

	return;

nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11162 11163
static void nl80211_send_remain_on_chan_event(
	int cmd, struct cfg80211_registered_device *rdev,
11164
	struct wireless_dev *wdev, u64 cookie,
11165 11166 11167 11168 11169 11170 11171 11172 11173 11174 11175 11176 11177 11178 11179 11180
	struct ieee80211_channel *chan,
	unsigned int duration, gfp_t gfp)
{
	struct sk_buff *msg;
	void *hdr;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11181
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11182 11183
	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
					 wdev->netdev->ifindex)) ||
11184
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11185
	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
11186 11187
	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
			NL80211_CHAN_NO_HT) ||
11188 11189
	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
		goto nla_put_failure;
11190

11191 11192 11193
	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
		goto nla_put_failure;
11194

J
Johannes Berg 已提交
11195
	genlmsg_end(msg, hdr);
11196

11197
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11198
				NL80211_MCGRP_MLME, gfp);
11199 11200 11201 11202 11203 11204 11205
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11206 11207 11208
void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
			       struct ieee80211_channel *chan,
			       unsigned int duration, gfp_t gfp)
11209
{
11210
	struct wiphy *wiphy = wdev->wiphy;
11211
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11212 11213

	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
11214
	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
11215
					  rdev, wdev, cookie, chan,
11216
					  duration, gfp);
11217
}
11218
EXPORT_SYMBOL(cfg80211_ready_on_channel);
11219

11220 11221 11222
void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
					struct ieee80211_channel *chan,
					gfp_t gfp)
11223
{
11224
	struct wiphy *wiphy = wdev->wiphy;
11225
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11226 11227

	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
11228
	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11229
					  rdev, wdev, cookie, chan, 0, gfp);
11230
}
11231
EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
11232

11233 11234
void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
		      struct station_info *sinfo, gfp_t gfp)
11235
{
11236
	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11237
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11238 11239
	struct sk_buff *msg;

11240 11241
	trace_cfg80211_new_sta(dev, mac_addr, sinfo);

11242
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11243 11244 11245
	if (!msg)
		return;

11246 11247
	if (nl80211_send_station(msg, 0, 0, 0,
				 rdev, dev, mac_addr, sinfo) < 0) {
11248 11249 11250 11251
		nlmsg_free(msg);
		return;
	}

11252
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11253
				NL80211_MCGRP_MLME, gfp);
11254
}
11255
EXPORT_SYMBOL(cfg80211_new_sta);
11256

11257
void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
11258
{
11259
	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11260
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11261 11262 11263
	struct sk_buff *msg;
	void *hdr;

11264 11265
	trace_cfg80211_del_sta(dev, mac_addr);

11266
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11267 11268 11269 11270 11271 11272 11273 11274 11275
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11276 11277 11278
	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
		goto nla_put_failure;
11279

J
Johannes Berg 已提交
11280
	genlmsg_end(msg, hdr);
11281

11282
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11283
				NL80211_MCGRP_MLME, gfp);
11284 11285 11286 11287 11288 11289
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
11290
EXPORT_SYMBOL(cfg80211_del_sta);
11291

11292 11293 11294
void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
			  enum nl80211_connect_failed_reason reason,
			  gfp_t gfp)
11295
{
11296
	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11297
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11298 11299 11300 11301 11302 11303 11304 11305 11306 11307 11308 11309 11310 11311 11312 11313 11314 11315 11316 11317
	struct sk_buff *msg;
	void *hdr;

	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
		goto nla_put_failure;

	genlmsg_end(msg, hdr);

11318
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11319
				NL80211_MCGRP_MLME, gfp);
11320 11321 11322 11323 11324 11325
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
11326
EXPORT_SYMBOL(cfg80211_conn_failed);
11327

11328 11329
static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
				       const u8 *addr, gfp_t gfp)
11330 11331
{
	struct wireless_dev *wdev = dev->ieee80211_ptr;
11332
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11333 11334
	struct sk_buff *msg;
	void *hdr;
11335
	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
11336

11337
	if (!nlportid)
11338 11339 11340 11341 11342 11343
		return false;

	msg = nlmsg_new(100, gfp);
	if (!msg)
		return true;

11344
	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11345 11346 11347 11348 11349
	if (!hdr) {
		nlmsg_free(msg);
		return true;
	}

11350 11351 11352 11353
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
		goto nla_put_failure;
11354

11355
	genlmsg_end(msg, hdr);
11356
	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11357 11358 11359 11360 11361 11362 11363 11364
	return true;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
	return true;
}

11365 11366
bool cfg80211_rx_spurious_frame(struct net_device *dev,
				const u8 *addr, gfp_t gfp)
11367
{
11368 11369 11370 11371 11372 11373 11374 11375 11376 11377 11378 11379 11380 11381
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	bool ret;

	trace_cfg80211_rx_spurious_frame(dev, addr);

	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
		trace_cfg80211_return_bool(false);
		return false;
	}
	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
					 addr, gfp);
	trace_cfg80211_return_bool(ret);
	return ret;
11382
}
11383
EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
11384

11385 11386
bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
					const u8 *addr, gfp_t gfp)
11387
{
11388 11389 11390 11391 11392 11393 11394 11395 11396 11397 11398 11399 11400 11401 11402 11403
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	bool ret;

	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);

	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
		trace_cfg80211_return_bool(false);
		return false;
	}
	ret = __nl80211_unexpected_frame(dev,
					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
					 addr, gfp);
	trace_cfg80211_return_bool(ret);
	return ret;
11404
}
11405
EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
11406

11407
int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
11408
		      struct wireless_dev *wdev, u32 nlportid,
11409
		      int freq, int sig_dbm,
11410
		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
11411
{
11412
	struct net_device *netdev = wdev->netdev;
11413 11414 11415 11416 11417 11418 11419
	struct sk_buff *msg;
	void *hdr;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
	if (!msg)
		return -ENOMEM;

11420
	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11421 11422 11423 11424 11425
	if (!hdr) {
		nlmsg_free(msg);
		return -ENOMEM;
	}

11426
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11427 11428
	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
					netdev->ifindex)) ||
11429
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11430 11431 11432
	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
	    (sig_dbm &&
	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11433 11434 11435
	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
	    (flags &&
	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
11436
		goto nla_put_failure;
11437

J
Johannes Berg 已提交
11438
	genlmsg_end(msg, hdr);
11439

11440
	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11441 11442 11443 11444 11445 11446 11447

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
	return -ENOBUFS;
}

11448 11449
void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
11450
{
11451
	struct wiphy *wiphy = wdev->wiphy;
11452
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11453
	struct net_device *netdev = wdev->netdev;
11454 11455 11456
	struct sk_buff *msg;
	void *hdr;

11457 11458
	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);

11459 11460 11461 11462
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
	if (!msg)
		return;

11463
	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
11464 11465 11466 11467 11468
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11469
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11470 11471
	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
				   netdev->ifindex)) ||
11472
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11473 11474 11475 11476
	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
		goto nla_put_failure;
11477

J
Johannes Berg 已提交
11478
	genlmsg_end(msg, hdr);
11479

11480
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11481
				NL80211_MCGRP_MLME, gfp);
11482 11483 11484 11485 11486 11487
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
11488
EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
11489

11490 11491 11492
void cfg80211_cqm_rssi_notify(struct net_device *dev,
			      enum nl80211_cqm_rssi_threshold_event rssi_event,
			      gfp_t gfp)
11493
{
11494 11495
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct wiphy *wiphy = wdev->wiphy;
11496
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11497 11498 11499 11500
	struct sk_buff *msg;
	struct nlattr *pinfoattr;
	void *hdr;

11501 11502
	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);

11503
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11504 11505 11506 11507 11508 11509 11510 11511 11512
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11513
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11514
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11515
		goto nla_put_failure;
11516 11517 11518 11519 11520

	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
	if (!pinfoattr)
		goto nla_put_failure;

11521 11522 11523
	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
			rssi_event))
		goto nla_put_failure;
11524 11525 11526

	nla_nest_end(msg, pinfoattr);

J
Johannes Berg 已提交
11527
	genlmsg_end(msg, hdr);
11528

11529
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11530
				NL80211_MCGRP_MLME, gfp);
11531 11532 11533 11534 11535 11536
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
11537
EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
11538

11539 11540 11541
static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
				     struct net_device *netdev, const u8 *bssid,
				     const u8 *replay_ctr, gfp_t gfp)
11542 11543 11544 11545 11546
{
	struct sk_buff *msg;
	struct nlattr *rekey_attr;
	void *hdr;

11547
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11548 11549 11550 11551 11552 11553 11554 11555 11556
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11557 11558 11559 11560
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
		goto nla_put_failure;
11561 11562 11563 11564 11565

	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
	if (!rekey_attr)
		goto nla_put_failure;

11566 11567 11568
	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
		    NL80211_REPLAY_CTR_LEN, replay_ctr))
		goto nla_put_failure;
11569 11570 11571

	nla_nest_end(msg, rekey_attr);

J
Johannes Berg 已提交
11572
	genlmsg_end(msg, hdr);
11573

11574
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11575
				NL80211_MCGRP_MLME, gfp);
11576 11577 11578 11579 11580 11581 11582
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11583 11584 11585 11586 11587
void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
			       const u8 *replay_ctr, gfp_t gfp)
{
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct wiphy *wiphy = wdev->wiphy;
11588
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11589 11590 11591 11592 11593 11594 11595 11596 11597 11598

	trace_cfg80211_gtk_rekey_notify(dev, bssid);
	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
}
EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);

static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
			       struct net_device *netdev, int index,
			       const u8 *bssid, bool preauth, gfp_t gfp)
11599 11600 11601 11602 11603
{
	struct sk_buff *msg;
	struct nlattr *attr;
	void *hdr;

11604
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11605 11606 11607 11608 11609 11610 11611 11612 11613
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11614 11615 11616
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
		goto nla_put_failure;
11617 11618 11619 11620 11621

	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
	if (!attr)
		goto nla_put_failure;

11622 11623 11624 11625 11626
	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
	    (preauth &&
	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
		goto nla_put_failure;
11627 11628 11629

	nla_nest_end(msg, attr);

J
Johannes Berg 已提交
11630
	genlmsg_end(msg, hdr);
11631

11632
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11633
				NL80211_MCGRP_MLME, gfp);
11634 11635 11636 11637 11638 11639 11640
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11641 11642 11643 11644 11645
void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
				     const u8 *bssid, bool preauth, gfp_t gfp)
{
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct wiphy *wiphy = wdev->wiphy;
11646
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11647 11648 11649 11650 11651 11652 11653 11654 11655 11656

	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
}
EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);

static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
				     struct net_device *netdev,
				     struct cfg80211_chan_def *chandef,
				     gfp_t gfp)
11657 11658 11659 11660
{
	struct sk_buff *msg;
	void *hdr;

11661
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11662 11663 11664 11665 11666 11667 11668 11669 11670
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11671 11672 11673 11674
	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
		goto nla_put_failure;

	if (nl80211_send_chandef(msg, chandef))
11675
		goto nla_put_failure;
11676 11677 11678

	genlmsg_end(msg, hdr);

11679
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11680
				NL80211_MCGRP_MLME, gfp);
11681 11682 11683 11684 11685 11686 11687
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11688 11689
void cfg80211_ch_switch_notify(struct net_device *dev,
			       struct cfg80211_chan_def *chandef)
11690
{
11691 11692
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct wiphy *wiphy = wdev->wiphy;
11693
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11694

11695
	ASSERT_WDEV_LOCK(wdev);
11696

11697
	trace_cfg80211_ch_switch_notify(dev, chandef);
11698 11699

	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11700
		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11701 11702
		    wdev->iftype != NL80211_IFTYPE_ADHOC &&
		    wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11703
		return;
11704

11705
	wdev->chandef = *chandef;
11706
	wdev->preset_chandef = *chandef;
11707 11708 11709 11710 11711 11712 11713 11714 11715 11716
	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
}
EXPORT_SYMBOL(cfg80211_ch_switch_notify);

void cfg80211_cqm_txe_notify(struct net_device *dev,
			     const u8 *peer, u32 num_packets,
			     u32 rate, u32 intvl, gfp_t gfp)
{
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct wiphy *wiphy = wdev->wiphy;
11717
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11718 11719 11720 11721 11722 11723 11724 11725 11726 11727 11728 11729 11730 11731 11732
	struct sk_buff *msg;
	struct nlattr *pinfoattr;
	void *hdr;

	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11733
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11734 11735 11736 11737 11738 11739 11740 11741 11742 11743 11744 11745 11746 11747 11748 11749 11750 11751 11752 11753
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
		goto nla_put_failure;

	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
	if (!pinfoattr)
		goto nla_put_failure;

	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
		goto nla_put_failure;

	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
		goto nla_put_failure;

	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
		goto nla_put_failure;

	nla_nest_end(msg, pinfoattr);

	genlmsg_end(msg, hdr);

11754
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11755
				NL80211_MCGRP_MLME, gfp);
11756 11757 11758 11759 11760 11761
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
11762
EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11763

11764 11765
void
nl80211_radar_notify(struct cfg80211_registered_device *rdev,
11766
		     const struct cfg80211_chan_def *chandef,
11767 11768 11769 11770 11771 11772 11773 11774 11775 11776 11777 11778 11779 11780 11781 11782 11783 11784 11785 11786 11787 11788 11789 11790 11791 11792 11793 11794 11795 11796 11797 11798 11799 11800
		     enum nl80211_radar_event event,
		     struct net_device *netdev, gfp_t gfp)
{
	struct sk_buff *msg;
	void *hdr;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
		goto nla_put_failure;

	/* NOP and radar events don't need a netdev parameter */
	if (netdev) {
		struct wireless_dev *wdev = netdev->ieee80211_ptr;

		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
			goto nla_put_failure;
	}

	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
		goto nla_put_failure;

	if (nl80211_send_chandef(msg, chandef))
		goto nla_put_failure;

11801
	genlmsg_end(msg, hdr);
11802

11803
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11804
				NL80211_MCGRP_MLME, gfp);
11805 11806 11807 11808 11809 11810 11811
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}

11812 11813
void cfg80211_cqm_pktloss_notify(struct net_device *dev,
				 const u8 *peer, u32 num_packets, gfp_t gfp)
11814
{
11815 11816
	struct wireless_dev *wdev = dev->ieee80211_ptr;
	struct wiphy *wiphy = wdev->wiphy;
11817
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11818 11819 11820 11821
	struct sk_buff *msg;
	struct nlattr *pinfoattr;
	void *hdr;

11822 11823
	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);

11824
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11825 11826 11827 11828 11829 11830 11831 11832 11833
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11834
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11835
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11836 11837
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
		goto nla_put_failure;
11838 11839 11840 11841 11842

	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
	if (!pinfoattr)
		goto nla_put_failure;

11843 11844
	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
		goto nla_put_failure;
11845 11846 11847

	nla_nest_end(msg, pinfoattr);

J
Johannes Berg 已提交
11848
	genlmsg_end(msg, hdr);
11849

11850
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11851
				NL80211_MCGRP_MLME, gfp);
11852 11853 11854 11855 11856 11857
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
11858
EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11859

J
Johannes Berg 已提交
11860 11861 11862 11863
void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
			   u64 cookie, bool acked, gfp_t gfp)
{
	struct wireless_dev *wdev = dev->ieee80211_ptr;
11864
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
J
Johannes Berg 已提交
11865 11866 11867
	struct sk_buff *msg;
	void *hdr;

11868 11869
	trace_cfg80211_probe_status(dev, addr, cookie, acked);

11870
	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11871

J
Johannes Berg 已提交
11872 11873 11874 11875 11876 11877 11878 11879 11880
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

11881 11882 11883 11884 11885 11886
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
		goto nla_put_failure;
J
Johannes Berg 已提交
11887

11888
	genlmsg_end(msg, hdr);
J
Johannes Berg 已提交
11889

11890
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11891
				NL80211_MCGRP_MLME, gfp);
J
Johannes Berg 已提交
11892 11893 11894 11895 11896 11897 11898 11899
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
EXPORT_SYMBOL(cfg80211_probe_status);

11900 11901
void cfg80211_report_obss_beacon(struct wiphy *wiphy,
				 const u8 *frame, size_t len,
11902
				 int freq, int sig_dbm)
11903
{
11904
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11905 11906
	struct sk_buff *msg;
	void *hdr;
11907
	struct cfg80211_beacon_registration *reg;
11908

11909 11910
	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);

11911 11912 11913 11914 11915 11916 11917
	spin_lock_bh(&rdev->beacon_registrations_lock);
	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
		msg = nlmsg_new(len + 100, GFP_ATOMIC);
		if (!msg) {
			spin_unlock_bh(&rdev->beacon_registrations_lock);
			return;
		}
11918

11919 11920 11921
		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
		if (!hdr)
			goto nla_put_failure;
11922

11923 11924 11925 11926 11927 11928 11929
		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
		    (freq &&
		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
		    (sig_dbm &&
		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
			goto nla_put_failure;
11930

11931
		genlmsg_end(msg, hdr);
11932

11933 11934 11935
		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
	}
	spin_unlock_bh(&rdev->beacon_registrations_lock);
11936 11937 11938
	return;

 nla_put_failure:
11939 11940 11941
	spin_unlock_bh(&rdev->beacon_registrations_lock);
	if (hdr)
		genlmsg_cancel(msg, hdr);
11942 11943 11944 11945
	nlmsg_free(msg);
}
EXPORT_SYMBOL(cfg80211_report_obss_beacon);

11946 11947 11948 11949 11950
#ifdef CONFIG_PM
void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
				   struct cfg80211_wowlan_wakeup *wakeup,
				   gfp_t gfp)
{
11951
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11952 11953
	struct sk_buff *msg;
	void *hdr;
11954
	int size = 200;
11955 11956 11957 11958 11959 11960 11961 11962 11963 11964 11965 11966 11967 11968 11969 11970 11971 11972 11973 11974 11975 11976 11977 11978 11979 11980

	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);

	if (wakeup)
		size += wakeup->packet_present_len;

	msg = nlmsg_new(size, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
	if (!hdr)
		goto free_msg;

	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
		goto free_msg;

	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
					wdev->netdev->ifindex))
		goto free_msg;

	if (wakeup) {
		struct nlattr *reasons;

		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11981 11982
		if (!reasons)
			goto free_msg;
11983 11984 11985 11986 11987 11988 11989 11990 11991 11992 11993 11994 11995 11996 11997 11998 11999 12000 12001 12002 12003 12004 12005 12006 12007

		if (wakeup->disconnect &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
			goto free_msg;
		if (wakeup->magic_pkt &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
			goto free_msg;
		if (wakeup->gtk_rekey_failure &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
			goto free_msg;
		if (wakeup->eap_identity_req &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
			goto free_msg;
		if (wakeup->four_way_handshake &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
			goto free_msg;
		if (wakeup->rfkill_release &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
			goto free_msg;

		if (wakeup->pattern_idx >= 0 &&
		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
				wakeup->pattern_idx))
			goto free_msg;

12008 12009 12010
		if (wakeup->tcp_match &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
			goto free_msg;
12011

12012 12013 12014
		if (wakeup->tcp_connlost &&
		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
			goto free_msg;
12015

12016 12017 12018 12019
		if (wakeup->tcp_nomoretokens &&
		    nla_put_flag(msg,
				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
			goto free_msg;
12020

12021 12022 12023 12024 12025 12026 12027 12028 12029 12030 12031 12032 12033 12034 12035 12036 12037 12038 12039 12040 12041 12042 12043
		if (wakeup->packet) {
			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;

			if (!wakeup->packet_80211) {
				pkt_attr =
					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
				len_attr =
					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
			}

			if (wakeup->packet_len &&
			    nla_put_u32(msg, len_attr, wakeup->packet_len))
				goto free_msg;

			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
				    wakeup->packet))
				goto free_msg;
		}

		nla_nest_end(msg, reasons);
	}

12044
	genlmsg_end(msg, hdr);
12045

12046
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12047
				NL80211_MCGRP_MLME, gfp);
12048 12049 12050 12051 12052 12053 12054 12055
	return;

 free_msg:
	nlmsg_free(msg);
}
EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
#endif

12056 12057 12058 12059 12060
void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
				enum nl80211_tdls_operation oper,
				u16 reason_code, gfp_t gfp)
{
	struct wireless_dev *wdev = dev->ieee80211_ptr;
12061
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12062 12063 12064 12065 12066 12067 12068 12069 12070 12071 12072 12073 12074 12075 12076 12077 12078 12079 12080 12081 12082 12083 12084 12085
	struct sk_buff *msg;
	void *hdr;

	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
					 reason_code);

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
	if (!hdr) {
		nlmsg_free(msg);
		return;
	}

	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
	    (reason_code > 0 &&
	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
		goto nla_put_failure;

12086
	genlmsg_end(msg, hdr);
12087

12088
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12089
				NL80211_MCGRP_MLME, gfp);
12090 12091 12092 12093 12094 12095 12096 12097
	return;

 nla_put_failure:
	genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);
}
EXPORT_SYMBOL(cfg80211_tdls_oper_request);

12098 12099 12100 12101 12102 12103 12104
static int nl80211_netlink_notify(struct notifier_block * nb,
				  unsigned long state,
				  void *_notify)
{
	struct netlink_notify *notify = _notify;
	struct cfg80211_registered_device *rdev;
	struct wireless_dev *wdev;
12105
	struct cfg80211_beacon_registration *reg, *tmp;
12106 12107 12108 12109 12110 12111

	if (state != NETLINK_URELEASE)
		return NOTIFY_DONE;

	rcu_read_lock();

12112
	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
12113 12114 12115
		bool schedule_destroy_work = false;

		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
12116
			cfg80211_mlme_unregister_socket(wdev, notify->portid);
12117

12118 12119 12120 12121
			if (wdev->owner_nlportid == notify->portid)
				schedule_destroy_work = true;
		}

12122 12123 12124 12125 12126 12127 12128 12129 12130 12131
		spin_lock_bh(&rdev->beacon_registrations_lock);
		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
					 list) {
			if (reg->nlportid == notify->portid) {
				list_del(&reg->list);
				kfree(reg);
				break;
			}
		}
		spin_unlock_bh(&rdev->beacon_registrations_lock);
12132 12133 12134 12135 12136 12137 12138 12139 12140 12141 12142 12143 12144

		if (schedule_destroy_work) {
			struct cfg80211_iface_destroy *destroy;

			destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
			if (destroy) {
				destroy->nlportid = notify->portid;
				spin_lock(&rdev->destroy_list_lock);
				list_add(&destroy->list, &rdev->destroy_list);
				spin_unlock(&rdev->destroy_list_lock);
				schedule_work(&rdev->destroy_work);
			}
		}
12145
	}
12146 12147 12148

	rcu_read_unlock();

12149
	return NOTIFY_OK;
12150 12151 12152 12153 12154 12155
}

static struct notifier_block nl80211_netlink_notifier = {
	.notifier_call = nl80211_netlink_notify,
};

12156 12157 12158 12159
void cfg80211_ft_event(struct net_device *netdev,
		       struct cfg80211_ft_event_params *ft_event)
{
	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
12160
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12161 12162 12163 12164 12165 12166 12167 12168 12169 12170 12171 12172 12173
	struct sk_buff *msg;
	void *hdr;

	trace_cfg80211_ft_event(wiphy, netdev, ft_event);

	if (!ft_event->target_ap)
		return;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
12174 12175
	if (!hdr)
		goto out;
12176

12177 12178 12179 12180
	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
		goto out;
12181

12182 12183 12184 12185 12186 12187 12188
	if (ft_event->ies &&
	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
		goto out;
	if (ft_event->ric_ies &&
	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
		    ft_event->ric_ies))
		goto out;
12189

12190
	genlmsg_end(msg, hdr);
12191

12192
	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12193
				NL80211_MCGRP_MLME, GFP_KERNEL);
12194 12195 12196
	return;
 out:
	nlmsg_free(msg);
12197 12198 12199
}
EXPORT_SYMBOL(cfg80211_ft_event);

12200 12201 12202 12203 12204 12205 12206
void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
{
	struct cfg80211_registered_device *rdev;
	struct sk_buff *msg;
	void *hdr;
	u32 nlportid;

12207
	rdev = wiphy_to_rdev(wdev->wiphy);
12208 12209 12210 12211 12212 12213 12214 12215 12216 12217 12218 12219 12220 12221 12222 12223 12224 12225 12226 12227 12228 12229 12230 12231 12232 12233 12234 12235 12236 12237 12238
	if (!rdev->crit_proto_nlportid)
		return;

	nlportid = rdev->crit_proto_nlportid;
	rdev->crit_proto_nlportid = 0;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
	if (!hdr)
		goto nla_put_failure;

	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
		goto nla_put_failure;

	genlmsg_end(msg, hdr);

	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
	return;

 nla_put_failure:
	if (hdr)
		genlmsg_cancel(msg, hdr);
	nlmsg_free(msg);

}
EXPORT_SYMBOL(cfg80211_crit_proto_stopped);

12239 12240 12241
void nl80211_send_ap_stopped(struct wireless_dev *wdev)
{
	struct wiphy *wiphy = wdev->wiphy;
12242
	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12243 12244 12245 12246 12247 12248 12249 12250 12251 12252 12253 12254 12255 12256 12257 12258 12259 12260 12261 12262 12263 12264 12265 12266 12267
	struct sk_buff *msg;
	void *hdr;

	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	if (!msg)
		return;

	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
	if (!hdr)
		goto out;

	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
		goto out;

	genlmsg_end(msg, hdr);

	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
				NL80211_MCGRP_MLME, GFP_KERNEL);
	return;
 out:
	nlmsg_free(msg);
}

12268 12269 12270 12271
/* initialisation/exit functions */

int nl80211_init(void)
{
12272
	int err;
12273

12274 12275
	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
						   nl80211_mcgrps);
12276 12277 12278
	if (err)
		return err;

12279 12280 12281 12282
	err = netlink_register_notifier(&nl80211_netlink_notifier);
	if (err)
		goto err_out;

12283 12284 12285 12286 12287 12288 12289 12290
	return 0;
 err_out:
	genl_unregister_family(&nl80211_fam);
	return err;
}

void nl80211_exit(void)
{
12291
	netlink_unregister_notifier(&nl80211_netlink_notifier);
12292 12293
	genl_unregister_family(&nl80211_fam);
}