Now that there is support for BIGTK configuration and AP/STA
functionality for using BIP with Beacon frames, indicate support for the
Beacon protection functionality.

Johannes: move this to hwsim, since it's not clear that all drivers
using mac80211 will do this correctly - lots of them modify the
beacon before transmission e.g. to update the TIM element, and that
would obviously break the signature.
Signed-off-by: NJouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20200222132548.20835-7-jouni@codeaurora.orgSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

Advertise the correct flags to mac80211 to indicate PS
trigger frames and frame buffering should be handled by
mac80211. This means mac80211_hwsim will now also have to
release buffered multicast frames after a (DTIM) beacon.

Leave STA power save disabled by default since it causes
several p2p, scanning, and rrm hostap tests to fail.
Signed-off-by: NThomas Pedersen <thomas@adapt-ip.com>
Link: https://lore.kernel.org/r/20200114055940.18502-2-thomas@adapt-ip.comSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

This is too low, at least ETSI regulatory domain would
allow 36 dBm on 5 GHz in (some? most?) cases. But there's
no reason hwsim should have a limit at all, so remove it.

See also
https://lore.kernel.org/r/20191108152013.13418-1-ramonreisfontes@gmail.com

Change-Id: I6edf81d2e82bc8ce7baa40bfc0f210b7b56ef275
Reported-by: NRamon Fontes <ramonreisfontes@gmail.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

It is more clear to use DEFINE_DEBUGFS_ATTRIBUTE to define debugfs file
operation rather than DEFINE_SIMPLE_ATTRIBUTE.

It is detected with the help of coccinelle.
Signed-off-by: Nzhong jiang <zhongjiang@huawei.com>
Link: https://lore.kernel.org/r/1572404462-45462-1-git-send-email-zhongjiang@huawei.comSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

OCB (Outside the Context of a BSS) interfaces are the
implementation of 802.11p, support that.
Signed-off-by: NRamon Fontes <ramonreisfontes@gmail.com>
Link: https://lore.kernel.org/r/20191010181307.11821-2-ramonreisfontes@gmail.comSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

These new 5GHz channels and 5/10 MHz support should be
available for OCB usage (802.11p).
Signed-off-by: NRamon Fontes <ramonreisfontes@gmail.com>
Link: https://lore.kernel.org/r/20191010181307.11821-1-ramonreisfontes@gmail.comSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

If dev_alloc_name fails, hwsim_mon's memory allocated in alloc_netdev
needs to be freed.
Change goto command in dev_alloc_name failure to out_free_mon in
order to perform free_netdev.
Signed-off-by: NMichael Vassernis <michael.vassernis@tandemg.com>
Link: https://lore.kernel.org/r/20191003073049.3760-1-michael.vassernis@tandemg.comSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

There really is no need to make drivers call the
ieee80211_start_tx_ba_cb_irqsafe() function and then
schedule the worker if all we want is to set a bit.

Add a new return value (that was previously considered
invalid) to indicate that the driver is immediately
ready for the session, and make drivers use it. The
only drivers that remain different are the Intel ones
as they need to negotiate more with the firmware.

Link: https://lore.kernel.org/r/1570007543-I152912660131cbab2e5d80b4218238c20f8a06e5@changeidSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

commit 174e2381
("sk_buff: drop all skb extensions on free and skb scrubbing") made napi
recycle always drop skb extensions.  The additional skb_ext_del() that is
performed via nf_reset on napi skb recycle is not needed anymore.

Most nf_reset() calls in the stack are there so queued skb won't block
'rmmod nf_conntrack' indefinitely.

This removes the skb_ext_del from nf_reset, and renames it to a more
fitting nf_reset_ct().

In a few selected places, add a call to skb_ext_reset to make sure that
no active extensions remain.

I am submitting this for "net", because we're still early in the release
cycle.  The patch applies to net-next too, but I think the rename causes
needless divergence between those trees.
Suggested-by: NEric Dumazet <edumazet@google.com>
Signed-off-by: NFlorian Westphal <fw@strlen.de>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>

Some features of 802.11ax without central organizing (AP) STA can also be
used in mesh mode. hwsim can be used to assist initial development of these
features without having access to HW.
Signed-off-by: NSven Eckelmann <seckelmann@datto.com>
Link: https://lore.kernel.org/r/20190813063657.7544-1-sven@narfation.orgSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

Give a proper boottime_ns value for netlink RX to avoid scan
issues here.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20190729160605.1074-1-johannes@sipsolutions.netSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

In hwsim_dump_radio_nl(), when genlmsg_put() on line 3617 fails, hdr is
assigned to NULL. Then hdr is used on lines 3622 and 3623:
    genl_dump_check_consistent(cb, hdr);
    genlmsg_end(skb, hdr);

Thus, possible null-pointer dereferences may occur.

To fix these bugs, hdr is used here when it is not NULL.

This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: NJia-Ju Bai <baijiaju1990@gmail.com>
Link: https://lore.kernel.org/r/20190729082332.28895-1-baijiaju1990@gmail.com
[put braces on all branches]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Prepare hwsim Extended Key ID support for a mac80211 API change.

The mac80211 flag IEEE80211_HW_EXT_KEY_ID_NATIVE is being replaced by
NL80211_EXT_FEATURE_EXT_KEY_ID which only must be set by drivers when
they support HW crypto.

This reverts commit cfe7007a ("mac80211_hwsim: Extended Key ID support").
Signed-off-by: NAlexander Wetzel <alexander@wetzel-home.de>
Link: https://lore.kernel.org/r/20190629195015.19680-1-alexander@wetzel-home.deSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

This low level driver can find it useful to get the vif
when a remain on channel session is cancelled.

iwlwifi will need this soon.
Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
Link: https://lore.kernel.org/r/20190723180001.5828-1-emmanuel.grumbach@intel.comSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

This function name should be 'mac80211_hwsim_he_capab()' (s wand w
switched) to be consistent with the rest of the file.
Fix and use it.
Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/20190725191328.18010-1-christophe.jaillet@wanadoo.frSigned-off-by: NJohannes Berg <johannes.berg@intel.com>

This makes boot uniformly boottime and tai uniformly clocktai, to
address the remaining oversights.
Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Reviewed-by: NArnd Bergmann <arnd@arndb.de>
Link: https://lkml.kernel.org/r/20190621203249.3909-2-Jason@zx2c4.com

Based on 2 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license version 2 as
  published by the free software foundation

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license version 2 as
  published by the free software foundation #

extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

has been chosen to replace the boilerplate/reference in 4122 file(s).
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Reviewed-by: NEnrico Weigelt <info@metux.net>
Reviewed-by: NKate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: NAllison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.deSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

Require that each vendor command give a policy of its sub-attributes
in NL80211_ATTR_VENDOR_DATA, and then (stricly) check the contents,
including the NLA_F_NESTED flag that we couldn't check on the outer
layer because there we don't know yet.

It is possible to use VENDOR_CMD_RAW_DATA for raw data, but then no
nested data can be given (NLA_F_NESTED flag must be clear) and the
data is just passed as is to the command.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

This patch fixes the following warning:

drivers/net/wireless/mac80211_hwsim.c: In function ‘init_mac80211_hwsim’:
drivers/net/wireless/mac80211_hwsim.c:3853:21: warning: this statement may fall through [-Wimplicit-fallthrough=]
    param.reg_strict = true;
    ~~~~~~~~~~~~~~~~~^~~~~~
drivers/net/wireless/mac80211_hwsim.c:3854:3: note: here
   case HWSIM_REGTEST_DRIVER_REG_ALL:
   ^~~~

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enable
-Wimplicit-fallthrough.
Signed-off-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Add options to strictly validate messages and dump messages,
sometimes perhaps validating dump messages non-strictly may
be required, so add an option for that as well.

Since none of this can really be applied to existing commands,
set the options everwhere using the following spatch:

    @@
    identifier ops;
    expression X;
    @@
    struct genl_ops ops[] = {
    ...,
     {
            .cmd = X,
    +       .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
            ...
     },
    ...
    };

For new commands one should just not copy the .validate 'opt-out'
flags and thus get strict validation.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

We currently have two levels of strict validation:

 1) liberal (default)
     - undefined (type >= max) & NLA_UNSPEC attributes accepted
     - attribute length >= expected accepted
     - garbage at end of message accepted
 2) strict (opt-in)
     - NLA_UNSPEC attributes accepted
     - attribute length >= expected accepted

Split out parsing strictness into four different options:
 * TRAILING     - check that there's no trailing data after parsing
                  attributes (in message or nested)
 * MAXTYPE      - reject attrs > max known type
 * UNSPEC       - reject attributes with NLA_UNSPEC policy entries
 * STRICT_ATTRS - strictly validate attribute size

The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().

Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.

We end up with the following renames:
 * nla_parse           -> nla_parse_deprecated
 * nla_parse_strict    -> nla_parse_deprecated_strict
 * nlmsg_parse         -> nlmsg_parse_deprecated
 * nlmsg_parse_strict  -> nlmsg_parse_deprecated_strict
 * nla_parse_nested    -> nla_parse_nested_deprecated
 * nla_validate_nested -> nla_validate_nested_deprecated

Using spatch, of course:
    @@
    expression TB, MAX, HEAD, LEN, POL, EXT;
    @@
    -nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
    +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, TB, MAX, POL, EXT;
    @@
    -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
    +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)

    @@
    expression TB, MAX, NLA, POL, EXT;
    @@
    -nla_parse_nested(TB, MAX, NLA, POL, EXT)
    +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)

    @@
    expression START, MAX, POL, EXT;
    @@
    -nla_validate_nested(START, MAX, POL, EXT)
    +nla_validate_nested_deprecated(START, MAX, POL, EXT)

    @@
    expression NLH, HDRLEN, MAX, POL, EXT;
    @@
    -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
    +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)

For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.

Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.

Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.

In effect then, this adds fully strict validation for any new command.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Allow Extended Key ID to be used with hwsim.

Hwsim can only communicate with other hwsim cards, allowing it to bypass
creation of A-MPDUs in the first place.

Mixing keyIDs in an A-MPDU is therefore impossible and can never cause
interoperability issues with other cards.
Signed-off-by: NAlexander Wetzel <alexander@wetzel-home.de>
[reword comment slightly]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

P2P device interface type was not indicated in the supported
interface types even when hwsim was configured with p2p device
support. Fix it.
Signed-off-by: NAvraham Stern <avraham.stern@intel.com>
Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

If we just set this to 2048, and have multiple limits you
can select from, the total number might run over and cause
a warning in cfg80211. This doesn't make sense, so we just
calculate the total max_interfaces now.

Reported-by: syzbot+8f91bd563bbff230d0ee@syzkaller.appspotmail.com
Fixes: 99e3a44b ("mac80211_hwsim: allow setting iftype support")
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Since maxattr is common, the policy can't really differ sanely,
so make it common as well.

The only user that did in fact manage to make a non-common policy
is taskstats, which has to be really careful about it (since it's
still using a common maxattr!). This is no longer supported, but
we can fake it using pre_doit.

This reduces the size of e.g. nl80211.o (which has lots of commands):

   text	   data	    bss	    dec	    hex	filename
 398745	  14323	   2240	 415308	  6564c	net/wireless/nl80211.o (before)
 397913	  14331	   2240	 414484	  65314	net/wireless/nl80211.o (after)
--------------------------------
   -832      +8       0    -824

Which is obviously just 8 bytes for each command, and an added 8
bytes for the new policy pointer. I'm not sure why the ops list is
counted as .text though.

Most of the code transformations were done using the following spatch:
    @ops@
    identifier OPS;
    expression POLICY;
    @@
    struct genl_ops OPS[] = {
    ...,
     {
    -	.policy = POLICY,
     },
    ...
    };

    @@
    identifier ops.OPS;
    expression ops.POLICY;
    identifier fam;
    expression M;
    @@
    struct genl_family fam = {
            .ops = OPS,
            .maxattr = M,
    +       .policy = POLICY,
            ...
    };

This also gets rid of devlink_nl_cmd_region_read_dumpit() accessing
the cb->data as ops, which we want to change in a later genl patch.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Switch the timer to HRTIMER_MODE_REL_SOFT, which executed the timer callback in
softirq context and remove the hrtimer_tasklet.
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NAnna-Maria Gleixner <anna-maria@linutronix.de>
Signed-off-by: NSebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
Acked-by: NDavid S. Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Cc: linux-wireless@vger.kernel.org
Cc: Kalle Valo <kvalo@codeaurora.org>
Link: https://lkml.kernel.org/r/20190301224821.29843-2-bigeasy@linutronix.de

genlmsg_reply can fail, so propagate its return code
Signed-off-by: NLi RongQing <lirongqing@baidu.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

This can be used to test cfg80211 support for Multi-BSSID scan result
parsing.
Signed-off-by: NJouni Malinen <jouni@codeaurora.org>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

This makes the age information for cfg80211 scan results more accurate
and fixes issues with wpa_supplicant dropping "old" scan results (e.g.,
"wlan0: Own scan request started a scan in 0.000456 seconds") that
looked like would have been received before a scan started due to the
inaccuracy of the default timing mechanism for calculating the BSS entry
age. This makes hwsim test cases significantly more robust to run.
Signed-off-by: NJouni Malinen <j@w1.fi>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Under certain circumstances, radios created via netlink could
have n_limits be zero and no possible interface types, which
makes no sense. Reject this early to prevent a WARN_ON() in
cfg80211.

Fixes: 99e3a44b ("mac80211_hwsim: allow setting iftype support")
Reported-by: syzbot+73fd8b0aa60c67fa4b60@syzkaller.appspotmail.com
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Moved setting if_combination.num_different_channels/radar_detect_widths
into an else after use_chanctx. In the case of use_chanctx, these two
settings were getting overwritten.
Signed-off-by: NJames Prestwood <james.prestwood@linux.intel.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Creating radios during startup follows a different code path than
HWSIM_CMD_NEW_RADIO. The problem was that param.iftypes was not
being set to the deafult before calling mac80211_hwsim_new_radio
Signed-off-by: NJames Prestwood <james.prestwood@linux.intel.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The mac80211_hwsim driver does not specify supported cipher types, which
in turn enables all ciphers to be supported in software. (see
net/mac80211/main.c:ieee80211_init_cipher_suites). Allowing ciphers
to be configurable is valuable for simulating older drivers that may
not support all ciphers.

This patch adds a new attribute:

 - HWSIM_ATTR_CIPHER_SUPPORT
	A u32 array/list of supported cipher types

This only allows enabling/disabling cipher types listed in the (new)
"hwsim_ciphers" array in mac80211_hwsim.c. Any unknown cipher type
will result in -EINVAL.
Signed-off-by: NJames Prestwood <james.prestwood@linux.intel.com>
[fix some indentation, change to hwsim_known_ciphers(),
 add error messages, validate length better]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The mac80211_hwsim driver hard codes its supported interface types. For
testing purposes it would be valuable to allow changing these supported
types in order to simulate actual drivers than support a limited set of
iftypes. A new attribute was added to allow this:

- HWSIM_ATTR_IFTYPE_SUPPORT
	A u32 bit field of supported NL80211_IFTYPE_* bits

This will only enable/disable iftypes that mac80211_hwsim already
supports.

In order to accomplish this, the ieee80211_iface_limit structure needed
to be built dynamically to only include limit rules for iftypes that
the user requested to enable.
Signed-off-by: NJames Prestwood <james.prestwood@linux.intel.com>
[fix some indentation, add netlink error string]
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Avoid the need to kfree() the name in many places by moving
the name parsing last.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

Otherwise if network manager starts configuring Wi-Fi interface
immidiatelly after getting notification of its creation, we will get
NULL pointer dereference:

  BUG: unable to handle kernel NULL pointer dereference at           (null)
  IP: [<ffffffff95ae94c8>] hrtimer_active+0x28/0x50
  ...
  Call Trace:
   [<ffffffff95ae9997>] ? hrtimer_try_to_cancel+0x27/0x110
   [<ffffffff95ae9a95>] ? hrtimer_cancel+0x15/0x20
   [<ffffffffc0803bf0>] ? mac80211_hwsim_config+0x140/0x1c0 [mac80211_hwsim]

Cc: stable@vger.kernel.org
Signed-off-by: NVasyl Vavrychuk <vasyl.vavrychuk@globallogic.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

There is no unregister netlink notifier and family on error paths
in init_mac80211_hwsim(). Also there is an error path where
hwsim_class is not destroyed.

Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: 62759361 ("mac80211-hwsim: Provide multicast event for HWSIM_CMD_NEW_RADIO")
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The work-queue was used for deferred destruction of hwsim radios;
this does not work well with namespaces about to exit. The one
remaining user has been migrated, so drop the now unused work-queue
instance.
Signed-off-by: NMartin Willi <martin@strongswan.org>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The allocation of hwsim radio identifiers uses a post-increment from 0,
so the first radio has idx 0. This idx is explicitly excluded from
multicast announcements ever since, but it is unclear why.

Drop that idx check and announce the first radio as well. This makes
userspace happy if it relies on these events.
Signed-off-by: NMartin Willi <martin@strongswan.org>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>

The asynchronous destruction from a work-queue of radios tagged with
destroy-on-close may race with the owning namespace about to exit,
resulting in potential use-after-free of that namespace.

Instead of using a work-queue, move radios about to destroy to a
temporary list, which can be worked on synchronously after releasing
the lock. This should be safe to do from the netlink socket notifier,
as the namespace is guaranteed to not get released.
Signed-off-by: NMartin Willi <martin@strongswan.org>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>