aboutsummaryrefslogtreecommitdiffstats
path: root/net/wireless
diff options
context:
space:
mode:
authorAndrea Bastoni <bastoni@cs.unc.edu>2010-05-30 19:16:45 -0400
committerAndrea Bastoni <bastoni@cs.unc.edu>2010-05-30 19:16:45 -0400
commitada47b5fe13d89735805b566185f4885f5a3f750 (patch)
tree644b88f8a71896307d71438e9b3af49126ffb22b /net/wireless
parent43e98717ad40a4ae64545b5ba047c7b86aa44f4f (diff)
parent3280f21d43ee541f97f8cda5792150d2dbec20d5 (diff)
Merge branch 'wip-2.6.34' into old-private-masterarchived-private-master
Diffstat (limited to 'net/wireless')
-rw-r--r--net/wireless/.gitignore1
-rw-r--r--net/wireless/Kconfig57
-rw-r--r--net/wireless/Makefile16
-rw-r--r--net/wireless/chan.c41
-rw-r--r--net/wireless/core.c114
-rw-r--r--net/wireless/core.h35
-rw-r--r--net/wireless/db.txt17
-rw-r--r--net/wireless/debugfs.c16
-rw-r--r--net/wireless/debugfs.h3
-rw-r--r--net/wireless/ethtool.c45
-rw-r--r--net/wireless/ethtool.h6
-rw-r--r--net/wireless/genregdb.awk118
-rw-r--r--net/wireless/ibss.c17
-rw-r--r--net/wireless/lib80211_crypt_ccmp.c2
-rw-r--r--net/wireless/lib80211_crypt_tkip.c23
-rw-r--r--net/wireless/mlme.c331
-rw-r--r--net/wireless/nl80211.c1271
-rw-r--r--net/wireless/nl80211.h23
-rw-r--r--net/wireless/radiotap.c305
-rw-r--r--net/wireless/reg.c732
-rw-r--r--net/wireless/reg.h29
-rw-r--r--net/wireless/regdb.h7
-rw-r--r--net/wireless/scan.c230
-rw-r--r--net/wireless/sme.c61
-rw-r--r--net/wireless/sysfs.c20
-rw-r--r--net/wireless/util.c178
-rw-r--r--net/wireless/wext-compat.c148
-rw-r--r--net/wireless/wext-core.c (renamed from net/wireless/wext.c)1465
-rw-r--r--net/wireless/wext-priv.c249
-rw-r--r--net/wireless/wext-proc.c155
-rw-r--r--net/wireless/wext-sme.c1
-rw-r--r--net/wireless/wext-spy.c231
32 files changed, 4146 insertions, 1801 deletions
diff --git a/net/wireless/.gitignore b/net/wireless/.gitignore
new file mode 100644
index 000000000000..c33451b896d9
--- /dev/null
+++ b/net/wireless/.gitignore
@@ -0,0 +1 @@
regdb.c
diff --git a/net/wireless/Kconfig b/net/wireless/Kconfig
index abf7ca3f9ff9..d0ee29063e5d 100644
--- a/net/wireless/Kconfig
+++ b/net/wireless/Kconfig
@@ -1,3 +1,21 @@
1config WIRELESS_EXT
2 bool
3
4config WEXT_CORE
5 def_bool y
6 depends on CFG80211_WEXT || WIRELESS_EXT
7
8config WEXT_PROC
9 def_bool y
10 depends on PROC_FS
11 depends on WEXT_CORE
12
13config WEXT_SPY
14 bool
15
16config WEXT_PRIV
17 bool
18
1config CFG80211 19config CFG80211
2 tristate "cfg80211 - wireless configuration API" 20 tristate "cfg80211 - wireless configuration API"
3 depends on RFKILL || !RFKILL 21 depends on RFKILL || !RFKILL
@@ -67,47 +85,44 @@ config CFG80211_DEFAULT_PS
67 applications instead -- they need to register their network 85 applications instead -- they need to register their network
68 latency requirement, see Documentation/power/pm_qos_interface.txt. 86 latency requirement, see Documentation/power/pm_qos_interface.txt.
69 87
70config CFG80211_DEFAULT_PS_VALUE
71 int
72 default 1 if CFG80211_DEFAULT_PS
73 default 0
74
75config CFG80211_DEBUGFS 88config CFG80211_DEBUGFS
76 bool "cfg80211 DebugFS entries" 89 bool "cfg80211 DebugFS entries"
77 depends on CFG80211 && DEBUG_FS 90 depends on CFG80211
91 depends on DEBUG_FS
78 ---help--- 92 ---help---
79 You can enable this if you want to debugfs entries for cfg80211. 93 You can enable this if you want to debugfs entries for cfg80211.
80 94
81 If unsure, say N. 95 If unsure, say N.
82 96
83config WIRELESS_OLD_REGULATORY 97config CFG80211_INTERNAL_REGDB
84 bool "Old wireless static regulatory definitions" 98 bool "use statically compiled regulatory rules database" if EMBEDDED
85 default n 99 default n
100 depends on CFG80211
86 ---help--- 101 ---help---
87 This option enables the old static regulatory information 102 This option generates an internal data structure representing
88 and uses it within the new framework. This option is available 103 the wireless regulatory rules described in net/wireless/db.txt
89 for historical reasons and it is advised to leave it off. 104 and includes code to query that database. This is an alternative
105 to using CRDA for defining regulatory rules for the kernel.
90 106
91 For details see: 107 For details see:
92 108
93 http://wireless.kernel.org/en/developers/Regulatory 109 http://wireless.kernel.org/en/developers/Regulatory
94 110
95 Say N and if you say Y, please tell us why. The default is N. 111 Most distributions have a CRDA package. So if unsure, say N.
96 112
97config WIRELESS_EXT 113config CFG80211_WEXT
98 bool "Wireless extensions" 114 bool "cfg80211 wireless extensions compatibility"
115 depends on CFG80211
116 select WEXT_CORE
99 default y 117 default y
100 ---help--- 118 help
101 This option enables the legacy wireless extensions 119 Enable this option if you need old userspace for wireless
102 (wireless network interface configuration via ioctls.) 120 extensions with cfg80211-based drivers.
103
104 Say Y unless you've upgraded all your userspace to use
105 nl80211 instead of wireless extensions.
106 121
107config WIRELESS_EXT_SYSFS 122config WIRELESS_EXT_SYSFS
108 bool "Wireless extensions sysfs files" 123 bool "Wireless extensions sysfs files"
109 default y 124 default y
110 depends on WIRELESS_EXT && SYSFS 125 depends on WEXT_CORE && SYSFS
111 help 126 help
112 This option enables the deprecated wireless statistics 127 This option enables the deprecated wireless statistics
113 files in /sys/class/net/*/wireless/. The same information 128 files in /sys/class/net/*/wireless/. The same information
diff --git a/net/wireless/Makefile b/net/wireless/Makefile
index 3ecaa9179977..e77e508126fa 100644
--- a/net/wireless/Makefile
+++ b/net/wireless/Makefile
@@ -1,13 +1,23 @@
1obj-$(CONFIG_WIRELESS_EXT) += wext.o
2obj-$(CONFIG_CFG80211) += cfg80211.o 1obj-$(CONFIG_CFG80211) += cfg80211.o
3obj-$(CONFIG_LIB80211) += lib80211.o 2obj-$(CONFIG_LIB80211) += lib80211.o
4obj-$(CONFIG_LIB80211_CRYPT_WEP) += lib80211_crypt_wep.o 3obj-$(CONFIG_LIB80211_CRYPT_WEP) += lib80211_crypt_wep.o
5obj-$(CONFIG_LIB80211_CRYPT_CCMP) += lib80211_crypt_ccmp.o 4obj-$(CONFIG_LIB80211_CRYPT_CCMP) += lib80211_crypt_ccmp.o
6obj-$(CONFIG_LIB80211_CRYPT_TKIP) += lib80211_crypt_tkip.o 5obj-$(CONFIG_LIB80211_CRYPT_TKIP) += lib80211_crypt_tkip.o
7 6
7obj-$(CONFIG_WEXT_CORE) += wext-core.o
8obj-$(CONFIG_WEXT_PROC) += wext-proc.o
9obj-$(CONFIG_WEXT_SPY) += wext-spy.o
10obj-$(CONFIG_WEXT_PRIV) += wext-priv.o
11
8cfg80211-y += core.o sysfs.o radiotap.o util.o reg.o scan.o nl80211.o 12cfg80211-y += core.o sysfs.o radiotap.o util.o reg.o scan.o nl80211.o
9cfg80211-y += mlme.o ibss.o sme.o chan.o 13cfg80211-y += mlme.o ibss.o sme.o chan.o ethtool.o
10cfg80211-$(CONFIG_CFG80211_DEBUGFS) += debugfs.o 14cfg80211-$(CONFIG_CFG80211_DEBUGFS) += debugfs.o
11cfg80211-$(CONFIG_WIRELESS_EXT) += wext-compat.o wext-sme.o 15cfg80211-$(CONFIG_CFG80211_WEXT) += wext-compat.o wext-sme.o
16cfg80211-$(CONFIG_CFG80211_INTERNAL_REGDB) += regdb.o
12 17
13ccflags-y += -D__CHECK_ENDIAN__ 18ccflags-y += -D__CHECK_ENDIAN__
19
20$(obj)/regdb.c: $(src)/db.txt $(src)/genregdb.awk
21 @$(AWK) -f $(srctree)/$(src)/genregdb.awk < $< > $@
22
23clean-files := regdb.c
diff --git a/net/wireless/chan.c b/net/wireless/chan.c
index a46ac6c9b365..bf1737fc9a7e 100644
--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
@@ -41,44 +41,57 @@ rdev_fixed_channel(struct cfg80211_registered_device *rdev,
41 return result; 41 return result;
42} 42}
43 43
44int rdev_set_freq(struct cfg80211_registered_device *rdev, 44struct ieee80211_channel *
45 struct wireless_dev *for_wdev, 45rdev_freq_to_chan(struct cfg80211_registered_device *rdev,
46 int freq, enum nl80211_channel_type channel_type) 46 int freq, enum nl80211_channel_type channel_type)
47{ 47{
48 struct ieee80211_channel *chan; 48 struct ieee80211_channel *chan;
49 struct ieee80211_sta_ht_cap *ht_cap; 49 struct ieee80211_sta_ht_cap *ht_cap;
50 int result;
51
52 if (rdev_fixed_channel(rdev, for_wdev))
53 return -EBUSY;
54
55 if (!rdev->ops->set_channel)
56 return -EOPNOTSUPP;
57 50
58 chan = ieee80211_get_channel(&rdev->wiphy, freq); 51 chan = ieee80211_get_channel(&rdev->wiphy, freq);
59 52
60 /* Primary channel not allowed */ 53 /* Primary channel not allowed */
61 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) 54 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
62 return -EINVAL; 55 return NULL;
63 56
64 if (channel_type == NL80211_CHAN_HT40MINUS && 57 if (channel_type == NL80211_CHAN_HT40MINUS &&
65 chan->flags & IEEE80211_CHAN_NO_HT40MINUS) 58 chan->flags & IEEE80211_CHAN_NO_HT40MINUS)
66 return -EINVAL; 59 return NULL;
67 else if (channel_type == NL80211_CHAN_HT40PLUS && 60 else if (channel_type == NL80211_CHAN_HT40PLUS &&
68 chan->flags & IEEE80211_CHAN_NO_HT40PLUS) 61 chan->flags & IEEE80211_CHAN_NO_HT40PLUS)
69 return -EINVAL; 62 return NULL;
70 63
71 ht_cap = &rdev->wiphy.bands[chan->band]->ht_cap; 64 ht_cap = &rdev->wiphy.bands[chan->band]->ht_cap;
72 65
73 if (channel_type != NL80211_CHAN_NO_HT) { 66 if (channel_type != NL80211_CHAN_NO_HT) {
74 if (!ht_cap->ht_supported) 67 if (!ht_cap->ht_supported)
75 return -EINVAL; 68 return NULL;
76 69
77 if (!(ht_cap->cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) || 70 if (!(ht_cap->cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) ||
78 ht_cap->cap & IEEE80211_HT_CAP_40MHZ_INTOLERANT) 71 ht_cap->cap & IEEE80211_HT_CAP_40MHZ_INTOLERANT)
79 return -EINVAL; 72 return NULL;
80 } 73 }
81 74
75 return chan;
76}
77
78int rdev_set_freq(struct cfg80211_registered_device *rdev,
79 struct wireless_dev *for_wdev,
80 int freq, enum nl80211_channel_type channel_type)
81{
82 struct ieee80211_channel *chan;
83 int result;
84
85 if (rdev_fixed_channel(rdev, for_wdev))
86 return -EBUSY;
87
88 if (!rdev->ops->set_channel)
89 return -EOPNOTSUPP;
90
91 chan = rdev_freq_to_chan(rdev, freq, channel_type);
92 if (!chan)
93 return -EINVAL;
94
82 result = rdev->ops->set_channel(&rdev->wiphy, chan, channel_type); 95 result = rdev->ops->set_channel(&rdev->wiphy, chan, channel_type);
83 if (result) 96 if (result)
84 return result; 97 return result;
diff --git a/net/wireless/core.c b/net/wireless/core.c
index a595f712b5bf..6ac70c101523 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1,13 +1,14 @@
1/* 1/*
2 * This is the linux wireless configuration interface. 2 * This is the linux wireless configuration interface.
3 * 3 *
4 * Copyright 2006-2009 Johannes Berg <johannes@sipsolutions.net> 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 */ 5 */
6 6
7#include <linux/if.h> 7#include <linux/if.h>
8#include <linux/module.h> 8#include <linux/module.h>
9#include <linux/err.h> 9#include <linux/err.h>
10#include <linux/list.h> 10#include <linux/list.h>
11#include <linux/slab.h>
11#include <linux/nl80211.h> 12#include <linux/nl80211.h>
12#include <linux/debugfs.h> 13#include <linux/debugfs.h>
13#include <linux/notifier.h> 14#include <linux/notifier.h>
@@ -22,6 +23,7 @@
22#include "sysfs.h" 23#include "sysfs.h"
23#include "debugfs.h" 24#include "debugfs.h"
24#include "wext-compat.h" 25#include "wext-compat.h"
26#include "ethtool.h"
25 27
26/* name for sysfs, %d is appended */ 28/* name for sysfs, %d is appended */
27#define PHY_NAME "phy" 29#define PHY_NAME "phy"
@@ -30,20 +32,18 @@ MODULE_AUTHOR("Johannes Berg");
30MODULE_LICENSE("GPL"); 32MODULE_LICENSE("GPL");
31MODULE_DESCRIPTION("wireless configuration support"); 33MODULE_DESCRIPTION("wireless configuration support");
32 34
33/* RCU might be appropriate here since we usually 35/* RCU-protected (and cfg80211_mutex for writers) */
34 * only read the list, and that can happen quite
35 * often because we need to do it for each command */
36LIST_HEAD(cfg80211_rdev_list); 36LIST_HEAD(cfg80211_rdev_list);
37int cfg80211_rdev_list_generation; 37int cfg80211_rdev_list_generation;
38 38
39/*
40 * This is used to protect the cfg80211_rdev_list
41 */
42DEFINE_MUTEX(cfg80211_mutex); 39DEFINE_MUTEX(cfg80211_mutex);
43 40
44/* for debugfs */ 41/* for debugfs */
45static struct dentry *ieee80211_debugfs_dir; 42static struct dentry *ieee80211_debugfs_dir;
46 43
44/* for the cleanup, scan and event works */
45struct workqueue_struct *cfg80211_wq;
46
47/* requires cfg80211_mutex to be held! */ 47/* requires cfg80211_mutex to be held! */
48struct cfg80211_registered_device *cfg80211_rdev_by_wiphy_idx(int wiphy_idx) 48struct cfg80211_registered_device *cfg80211_rdev_by_wiphy_idx(int wiphy_idx)
49{ 49{
@@ -230,7 +230,7 @@ int cfg80211_switch_netns(struct cfg80211_registered_device *rdev,
230 struct wireless_dev *wdev; 230 struct wireless_dev *wdev;
231 int err = 0; 231 int err = 0;
232 232
233 if (!rdev->wiphy.netnsok) 233 if (!(rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK))
234 return -EOPNOTSUPP; 234 return -EOPNOTSUPP;
235 235
236 list_for_each_entry(wdev, &rdev->netdev_list, list) { 236 list_for_each_entry(wdev, &rdev->netdev_list, list) {
@@ -359,11 +359,17 @@ struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
359 INIT_LIST_HEAD(&rdev->bss_list); 359 INIT_LIST_HEAD(&rdev->bss_list);
360 INIT_WORK(&rdev->scan_done_wk, __cfg80211_scan_done); 360 INIT_WORK(&rdev->scan_done_wk, __cfg80211_scan_done);
361 361
362#ifdef CONFIG_CFG80211_WEXT
363 rdev->wiphy.wext = &cfg80211_wext_handler;
364#endif
365
362 device_initialize(&rdev->wiphy.dev); 366 device_initialize(&rdev->wiphy.dev);
363 rdev->wiphy.dev.class = &ieee80211_class; 367 rdev->wiphy.dev.class = &ieee80211_class;
364 rdev->wiphy.dev.platform_data = rdev; 368 rdev->wiphy.dev.platform_data = rdev;
365 369
366 rdev->wiphy.ps_default = CONFIG_CFG80211_DEFAULT_PS_VALUE; 370#ifdef CONFIG_CFG80211_DEFAULT_PS
371 rdev->wiphy.flags |= WIPHY_FLAG_PS_ON_BY_DEFAULT;
372#endif
367 373
368 wiphy_net_set(&rdev->wiphy, &init_net); 374 wiphy_net_set(&rdev->wiphy, &init_net);
369 375
@@ -392,6 +398,7 @@ struct wiphy *wiphy_new(const struct cfg80211_ops *ops, int sizeof_priv)
392 rdev->wiphy.retry_long = 4; 398 rdev->wiphy.retry_long = 4;
393 rdev->wiphy.frag_threshold = (u32) -1; 399 rdev->wiphy.frag_threshold = (u32) -1;
394 rdev->wiphy.rts_threshold = (u32) -1; 400 rdev->wiphy.rts_threshold = (u32) -1;
401 rdev->wiphy.coverage_class = 0;
395 402
396 return &rdev->wiphy; 403 return &rdev->wiphy;
397} 404}
@@ -407,6 +414,18 @@ int wiphy_register(struct wiphy *wiphy)
407 int i; 414 int i;
408 u16 ifmodes = wiphy->interface_modes; 415 u16 ifmodes = wiphy->interface_modes;
409 416
417 if (WARN_ON(wiphy->addresses && !wiphy->n_addresses))
418 return -EINVAL;
419
420 if (WARN_ON(wiphy->addresses &&
421 !is_zero_ether_addr(wiphy->perm_addr) &&
422 memcmp(wiphy->perm_addr, wiphy->addresses[0].addr,
423 ETH_ALEN)))
424 return -EINVAL;
425
426 if (wiphy->addresses)
427 memcpy(wiphy->perm_addr, wiphy->addresses[0].addr, ETH_ALEN);
428
410 /* sanity check ifmodes */ 429 /* sanity check ifmodes */
411 WARN_ON(!ifmodes); 430 WARN_ON(!ifmodes);
412 ifmodes &= ((1 << __NL80211_IFTYPE_AFTER_LAST) - 1) & ~1; 431 ifmodes &= ((1 << __NL80211_IFTYPE_AFTER_LAST) - 1) & ~1;
@@ -466,7 +485,7 @@ int wiphy_register(struct wiphy *wiphy)
466 /* set up regulatory info */ 485 /* set up regulatory info */
467 wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE); 486 wiphy_update_regulatory(wiphy, NL80211_REGDOM_SET_BY_CORE);
468 487
469 list_add(&rdev->list, &cfg80211_rdev_list); 488 list_add_rcu(&rdev->list, &cfg80211_rdev_list);
470 cfg80211_rdev_list_generation++; 489 cfg80211_rdev_list_generation++;
471 490
472 mutex_unlock(&cfg80211_mutex); 491 mutex_unlock(&cfg80211_mutex);
@@ -478,7 +497,7 @@ int wiphy_register(struct wiphy *wiphy)
478 if (IS_ERR(rdev->wiphy.debugfsdir)) 497 if (IS_ERR(rdev->wiphy.debugfsdir))
479 rdev->wiphy.debugfsdir = NULL; 498 rdev->wiphy.debugfsdir = NULL;
480 499
481 if (wiphy->custom_regulatory) { 500 if (wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY) {
482 struct regulatory_request request; 501 struct regulatory_request request;
483 502
484 request.wiphy_idx = get_wiphy_idx(wiphy); 503 request.wiphy_idx = get_wiphy_idx(wiphy);
@@ -542,8 +561,9 @@ void wiphy_unregister(struct wiphy *wiphy)
542 * First remove the hardware from everywhere, this makes 561 * First remove the hardware from everywhere, this makes
543 * it impossible to find from userspace. 562 * it impossible to find from userspace.
544 */ 563 */
545 cfg80211_debugfs_rdev_del(rdev); 564 debugfs_remove_recursive(rdev->wiphy.debugfsdir);
546 list_del(&rdev->list); 565 list_del_rcu(&rdev->list);
566 synchronize_rcu();
547 567
548 /* 568 /*
549 * Try to grab rdev->mtx. If a command is still in progress, 569 * Try to grab rdev->mtx. If a command is still in progress,
@@ -565,7 +585,6 @@ void wiphy_unregister(struct wiphy *wiphy)
565 585
566 cfg80211_rdev_list_generation++; 586 cfg80211_rdev_list_generation++;
567 device_del(&rdev->wiphy.dev); 587 device_del(&rdev->wiphy.dev);
568 debugfs_remove(rdev->wiphy.debugfsdir);
569 588
570 mutex_unlock(&cfg80211_mutex); 589 mutex_unlock(&cfg80211_mutex);
571 590
@@ -626,6 +645,10 @@ static void wdev_cleanup_work(struct work_struct *work)
626 dev_put(wdev->netdev); 645 dev_put(wdev->netdev);
627} 646}
628 647
648static struct device_type wiphy_type = {
649 .name = "wlan",
650};
651
629static int cfg80211_netdev_notifier_call(struct notifier_block * nb, 652static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
630 unsigned long state, 653 unsigned long state,
631 void *ndev) 654 void *ndev)
@@ -642,6 +665,9 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
642 WARN_ON(wdev->iftype == NL80211_IFTYPE_UNSPECIFIED); 665 WARN_ON(wdev->iftype == NL80211_IFTYPE_UNSPECIFIED);
643 666
644 switch (state) { 667 switch (state) {
668 case NETDEV_POST_INIT:
669 SET_NETDEV_DEVTYPE(dev, &wiphy_type);
670 break;
645 case NETDEV_REGISTER: 671 case NETDEV_REGISTER:
646 /* 672 /*
647 * NB: cannot take rdev->mtx here because this may be 673 * NB: cannot take rdev->mtx here because this may be
@@ -652,8 +678,11 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
652 INIT_WORK(&wdev->cleanup_work, wdev_cleanup_work); 678 INIT_WORK(&wdev->cleanup_work, wdev_cleanup_work);
653 INIT_LIST_HEAD(&wdev->event_list); 679 INIT_LIST_HEAD(&wdev->event_list);
654 spin_lock_init(&wdev->event_lock); 680 spin_lock_init(&wdev->event_lock);
681 INIT_LIST_HEAD(&wdev->action_registrations);
682 spin_lock_init(&wdev->action_registrations_lock);
683
655 mutex_lock(&rdev->devlist_mtx); 684 mutex_lock(&rdev->devlist_mtx);
656 list_add(&wdev->list, &rdev->netdev_list); 685 list_add_rcu(&wdev->list, &rdev->netdev_list);
657 rdev->devlist_generation++; 686 rdev->devlist_generation++;
658 /* can only change netns with wiphy */ 687 /* can only change netns with wiphy */
659 dev->features |= NETIF_F_NETNS_LOCAL; 688 dev->features |= NETIF_F_NETNS_LOCAL;
@@ -666,22 +695,31 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
666 wdev->netdev = dev; 695 wdev->netdev = dev;
667 wdev->sme_state = CFG80211_SME_IDLE; 696 wdev->sme_state = CFG80211_SME_IDLE;
668 mutex_unlock(&rdev->devlist_mtx); 697 mutex_unlock(&rdev->devlist_mtx);
669#ifdef CONFIG_WIRELESS_EXT 698#ifdef CONFIG_CFG80211_WEXT
670 if (!dev->wireless_handlers)
671 dev->wireless_handlers = &cfg80211_wext_handler;
672 wdev->wext.default_key = -1; 699 wdev->wext.default_key = -1;
673 wdev->wext.default_mgmt_key = -1; 700 wdev->wext.default_mgmt_key = -1;
674 wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 701 wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
675 wdev->wext.ps = wdev->wiphy->ps_default; 702#endif
676 wdev->wext.ps_timeout = 100; 703
704 if (wdev->wiphy->flags & WIPHY_FLAG_PS_ON_BY_DEFAULT)
705 wdev->ps = true;
706 else
707 wdev->ps = false;
708 wdev->ps_timeout = 100;
677 if (rdev->ops->set_power_mgmt) 709 if (rdev->ops->set_power_mgmt)
678 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, 710 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev,
679 wdev->wext.ps, 711 wdev->ps,
680 wdev->wext.ps_timeout)) { 712 wdev->ps_timeout)) {
681 /* assume this means it's off */ 713 /* assume this means it's off */
682 wdev->wext.ps = false; 714 wdev->ps = false;
683 } 715 }
684#endif 716
717 if (!dev->ethtool_ops)
718 dev->ethtool_ops = &cfg80211_ethtool_ops;
719
720 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
721 wdev->iftype == NL80211_IFTYPE_ADHOC) && !wdev->use_4addr)
722 dev->priv_flags |= IFF_DONT_BRIDGE;
685 break; 723 break;
686 case NETDEV_GOING_DOWN: 724 case NETDEV_GOING_DOWN:
687 switch (wdev->iftype) { 725 switch (wdev->iftype) {
@@ -690,7 +728,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
690 break; 728 break;
691 case NL80211_IFTYPE_STATION: 729 case NL80211_IFTYPE_STATION:
692 wdev_lock(wdev); 730 wdev_lock(wdev);
693#ifdef CONFIG_WIRELESS_EXT 731#ifdef CONFIG_CFG80211_WEXT
694 kfree(wdev->wext.ie); 732 kfree(wdev->wext.ie);
695 wdev->wext.ie = NULL; 733 wdev->wext.ie = NULL;
696 wdev->wext.ie_len = 0; 734 wdev->wext.ie_len = 0;
@@ -707,7 +745,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
707 break; 745 break;
708 case NETDEV_DOWN: 746 case NETDEV_DOWN:
709 dev_hold(dev); 747 dev_hold(dev);
710 schedule_work(&wdev->cleanup_work); 748 queue_work(cfg80211_wq, &wdev->cleanup_work);
711 break; 749 break;
712 case NETDEV_UP: 750 case NETDEV_UP:
713 /* 751 /*
@@ -722,9 +760,9 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
722 mutex_unlock(&rdev->devlist_mtx); 760 mutex_unlock(&rdev->devlist_mtx);
723 dev_put(dev); 761 dev_put(dev);
724 } 762 }
725#ifdef CONFIG_WIRELESS_EXT
726 cfg80211_lock_rdev(rdev); 763 cfg80211_lock_rdev(rdev);
727 mutex_lock(&rdev->devlist_mtx); 764 mutex_lock(&rdev->devlist_mtx);
765#ifdef CONFIG_CFG80211_WEXT
728 wdev_lock(wdev); 766 wdev_lock(wdev);
729 switch (wdev->iftype) { 767 switch (wdev->iftype) {
730 case NL80211_IFTYPE_ADHOC: 768 case NL80211_IFTYPE_ADHOC:
@@ -737,10 +775,10 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
737 break; 775 break;
738 } 776 }
739 wdev_unlock(wdev); 777 wdev_unlock(wdev);
778#endif
740 rdev->opencount++; 779 rdev->opencount++;
741 mutex_unlock(&rdev->devlist_mtx); 780 mutex_unlock(&rdev->devlist_mtx);
742 cfg80211_unlock_rdev(rdev); 781 cfg80211_unlock_rdev(rdev);
743#endif
744 break; 782 break;
745 case NETDEV_UNREGISTER: 783 case NETDEV_UNREGISTER:
746 /* 784 /*
@@ -758,13 +796,22 @@ static int cfg80211_netdev_notifier_call(struct notifier_block * nb,
758 */ 796 */
759 if (!list_empty(&wdev->list)) { 797 if (!list_empty(&wdev->list)) {
760 sysfs_remove_link(&dev->dev.kobj, "phy80211"); 798 sysfs_remove_link(&dev->dev.kobj, "phy80211");
761 list_del_init(&wdev->list); 799 list_del_rcu(&wdev->list);
762 rdev->devlist_generation++; 800 rdev->devlist_generation++;
763#ifdef CONFIG_WIRELESS_EXT 801 cfg80211_mlme_purge_actions(wdev);
802#ifdef CONFIG_CFG80211_WEXT
764 kfree(wdev->wext.keys); 803 kfree(wdev->wext.keys);
765#endif 804#endif
766 } 805 }
767 mutex_unlock(&rdev->devlist_mtx); 806 mutex_unlock(&rdev->devlist_mtx);
807 /*
808 * synchronise (so that we won't find this netdev
809 * from other code any more) and then clear the list
810 * head so that the above code can safely check for
811 * !list_empty() to avoid double-cleanup.
812 */
813 synchronize_rcu();
814 INIT_LIST_HEAD(&wdev->list);
768 break; 815 break;
769 case NETDEV_PRE_UP: 816 case NETDEV_PRE_UP:
770 if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype))) 817 if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype)))
@@ -825,8 +872,14 @@ static int __init cfg80211_init(void)
825 if (err) 872 if (err)
826 goto out_fail_reg; 873 goto out_fail_reg;
827 874
875 cfg80211_wq = create_singlethread_workqueue("cfg80211");
876 if (!cfg80211_wq)
877 goto out_fail_wq;
878
828 return 0; 879 return 0;
829 880
881out_fail_wq:
882 regulatory_exit();
830out_fail_reg: 883out_fail_reg:
831 debugfs_remove(ieee80211_debugfs_dir); 884 debugfs_remove(ieee80211_debugfs_dir);
832out_fail_nl80211: 885out_fail_nl80211:
@@ -848,5 +901,6 @@ static void cfg80211_exit(void)
848 wiphy_sysfs_exit(); 901 wiphy_sysfs_exit();
849 regulatory_exit(); 902 regulatory_exit();
850 unregister_pernet_device(&cfg80211_pernet_ops); 903 unregister_pernet_device(&cfg80211_pernet_ops);
904 destroy_workqueue(cfg80211_wq);
851} 905}
852module_exit(cfg80211_exit); 906module_exit(cfg80211_exit);
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 68b321997d4c..d52da913145a 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -1,7 +1,7 @@
1/* 1/*
2 * Wireless configuration interface internals. 2 * Wireless configuration interface internals.
3 * 3 *
4 * Copyright 2006-2009 Johannes Berg <johannes@sipsolutions.net> 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 */ 5 */
6#ifndef __NET_WIRELESS_CORE_H 6#ifndef __NET_WIRELESS_CORE_H
7#define __NET_WIRELESS_CORE_H 7#define __NET_WIRELESS_CORE_H
@@ -48,6 +48,7 @@ struct cfg80211_registered_device {
48 48
49 /* associate netdev list */ 49 /* associate netdev list */
50 struct mutex devlist_mtx; 50 struct mutex devlist_mtx;
51 /* protected by devlist_mtx or RCU */
51 struct list_head netdev_list; 52 struct list_head netdev_list;
52 int devlist_generation; 53 int devlist_generation;
53 int opencount; /* also protected by devlist_mtx */ 54 int opencount; /* also protected by devlist_mtx */
@@ -72,17 +73,6 @@ struct cfg80211_registered_device {
72 /* current channel */ 73 /* current channel */
73 struct ieee80211_channel *channel; 74 struct ieee80211_channel *channel;
74 75
75#ifdef CONFIG_CFG80211_DEBUGFS
76 /* Debugfs entries */
77 struct wiphy_debugfsdentries {
78 struct dentry *rts_threshold;
79 struct dentry *fragmentation_threshold;
80 struct dentry *short_retry_limit;
81 struct dentry *long_retry_limit;
82 struct dentry *ht40allow_map;
83 } debugfs;
84#endif
85
86 /* must be last because of the way we do wiphy_priv(), 76 /* must be last because of the way we do wiphy_priv(),
87 * and it should at least be aligned to NETDEV_ALIGN */ 77 * and it should at least be aligned to NETDEV_ALIGN */
88 struct wiphy wiphy __attribute__((__aligned__(NETDEV_ALIGN))); 78 struct wiphy wiphy __attribute__((__aligned__(NETDEV_ALIGN)));
@@ -102,6 +92,8 @@ bool wiphy_idx_valid(int wiphy_idx)
102 return (wiphy_idx >= 0); 92 return (wiphy_idx >= 0);
103} 93}
104 94
95
96extern struct workqueue_struct *cfg80211_wq;
105extern struct mutex cfg80211_mutex; 97extern struct mutex cfg80211_mutex;
106extern struct list_head cfg80211_rdev_list; 98extern struct list_head cfg80211_rdev_list;
107extern int cfg80211_rdev_list_generation; 99extern int cfg80211_rdev_list_generation;
@@ -120,7 +112,8 @@ struct cfg80211_internal_bss {
120 unsigned long ts; 112 unsigned long ts;
121 struct kref ref; 113 struct kref ref;
122 atomic_t hold; 114 atomic_t hold;
123 bool ies_allocated; 115 bool beacon_ies_allocated;
116 bool proberesp_ies_allocated;
124 117
125 /* must be last because of priv member */ 118 /* must be last because of priv member */
126 struct cfg80211_bss pub; 119 struct cfg80211_bss pub;
@@ -284,6 +277,8 @@ int cfg80211_join_ibss(struct cfg80211_registered_device *rdev,
284 struct cfg80211_ibss_params *params, 277 struct cfg80211_ibss_params *params,
285 struct cfg80211_cached_keys *connkeys); 278 struct cfg80211_cached_keys *connkeys);
286void cfg80211_clear_ibss(struct net_device *dev, bool nowext); 279void cfg80211_clear_ibss(struct net_device *dev, bool nowext);
280int __cfg80211_leave_ibss(struct cfg80211_registered_device *rdev,
281 struct net_device *dev, bool nowext);
287int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev, 282int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev,
288 struct net_device *dev, bool nowext); 283 struct net_device *dev, bool nowext);
289void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid); 284void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid);
@@ -334,6 +329,15 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
334 const u8 *resp_ie, size_t resp_ie_len, 329 const u8 *resp_ie, size_t resp_ie_len,
335 u16 status, bool wextev, 330 u16 status, bool wextev,
336 struct cfg80211_bss *bss); 331 struct cfg80211_bss *bss);
332int cfg80211_mlme_register_action(struct wireless_dev *wdev, u32 snd_pid,
333 const u8 *match_data, int match_len);
334void cfg80211_mlme_unregister_actions(struct wireless_dev *wdev, u32 nlpid);
335void cfg80211_mlme_purge_actions(struct wireless_dev *wdev);
336int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
337 struct net_device *dev,
338 struct ieee80211_channel *chan,
339 enum nl80211_channel_type channel_type,
340 const u8 *buf, size_t len, u64 *cookie);
337 341
338/* SME */ 342/* SME */
339int __cfg80211_connect(struct cfg80211_registered_device *rdev, 343int __cfg80211_connect(struct cfg80211_registered_device *rdev,
@@ -381,10 +385,15 @@ void cfg80211_process_rdev_events(struct cfg80211_registered_device *rdev);
381struct ieee80211_channel * 385struct ieee80211_channel *
382rdev_fixed_channel(struct cfg80211_registered_device *rdev, 386rdev_fixed_channel(struct cfg80211_registered_device *rdev,
383 struct wireless_dev *for_wdev); 387 struct wireless_dev *for_wdev);
388struct ieee80211_channel *
389rdev_freq_to_chan(struct cfg80211_registered_device *rdev,
390 int freq, enum nl80211_channel_type channel_type);
384int rdev_set_freq(struct cfg80211_registered_device *rdev, 391int rdev_set_freq(struct cfg80211_registered_device *rdev,
385 struct wireless_dev *for_wdev, 392 struct wireless_dev *for_wdev,
386 int freq, enum nl80211_channel_type channel_type); 393 int freq, enum nl80211_channel_type channel_type);
387 394
395u16 cfg80211_calculate_bitrate(struct rate_info *rate);
396
388#ifdef CONFIG_CFG80211_DEVELOPER_WARNINGS 397#ifdef CONFIG_CFG80211_DEVELOPER_WARNINGS
389#define CFG80211_DEV_WARN_ON(cond) WARN_ON(cond) 398#define CFG80211_DEV_WARN_ON(cond) WARN_ON(cond)
390#else 399#else
diff --git a/net/wireless/db.txt b/net/wireless/db.txt
new file mode 100644
index 000000000000..a2fc3a09ccdc
--- /dev/null
+++ b/net/wireless/db.txt
@@ -0,0 +1,17 @@
1#
2# This file is a placeholder to prevent accidental build breakage if someone
3# enables CONFIG_CFG80211_INTERNAL_REGDB. Almost no one actually needs to
4# enable that build option.
5#
6# You should be using CRDA instead. It is even better if you use the CRDA
7# package provided by your distribution, since they will probably keep it
8# up-to-date on your behalf.
9#
10# If you _really_ intend to use CONFIG_CFG80211_INTERNAL_REGDB then you will
11# need to replace this file with one containing appropriately formatted
12# regulatory rules that cover the regulatory domains you will be using. Your
13# best option is to extract the db.txt file from the wireless-regdb git
14# repository:
15#
16# git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-regdb.git
17#
diff --git a/net/wireless/debugfs.c b/net/wireless/debugfs.c
index 13d93d84f902..a4991a3efec0 100644
--- a/net/wireless/debugfs.c
+++ b/net/wireless/debugfs.c
@@ -9,6 +9,7 @@
9 * published by the Free Software Foundation. 9 * published by the Free Software Foundation.
10 */ 10 */
11 11
12#include <linux/slab.h>
12#include "core.h" 13#include "core.h"
13#include "debugfs.h" 14#include "debugfs.h"
14 15
@@ -104,11 +105,7 @@ static const struct file_operations ht40allow_map_ops = {
104}; 105};
105 106
106#define DEBUGFS_ADD(name) \ 107#define DEBUGFS_ADD(name) \
107 rdev->debugfs.name = debugfs_create_file(#name, S_IRUGO, phyd, \ 108 debugfs_create_file(#name, S_IRUGO, phyd, &rdev->wiphy, &name## _ops);
108 &rdev->wiphy, &name## _ops);
109#define DEBUGFS_DEL(name) \
110 debugfs_remove(rdev->debugfs.name); \
111 rdev->debugfs.name = NULL;
112 109
113void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev) 110void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev)
114{ 111{
@@ -120,12 +117,3 @@ void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev)
120 DEBUGFS_ADD(long_retry_limit); 117 DEBUGFS_ADD(long_retry_limit);
121 DEBUGFS_ADD(ht40allow_map); 118 DEBUGFS_ADD(ht40allow_map);
122} 119}
123
124void cfg80211_debugfs_rdev_del(struct cfg80211_registered_device *rdev)
125{
126 DEBUGFS_DEL(rts_threshold);
127 DEBUGFS_DEL(fragmentation_threshold);
128 DEBUGFS_DEL(short_retry_limit);
129 DEBUGFS_DEL(long_retry_limit);
130 DEBUGFS_DEL(ht40allow_map);
131}
diff --git a/net/wireless/debugfs.h b/net/wireless/debugfs.h
index 6419b6d6ce3e..74fdd3811427 100644
--- a/net/wireless/debugfs.h
+++ b/net/wireless/debugfs.h
@@ -3,12 +3,9 @@
3 3
4#ifdef CONFIG_CFG80211_DEBUGFS 4#ifdef CONFIG_CFG80211_DEBUGFS
5void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev); 5void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev);
6void cfg80211_debugfs_rdev_del(struct cfg80211_registered_device *rdev);
7#else 6#else
8static inline 7static inline
9void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev) {} 8void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev) {}
10static inline
11void cfg80211_debugfs_rdev_del(struct cfg80211_registered_device *rdev) {}
12#endif 9#endif
13 10
14#endif /* __CFG80211_DEBUGFS_H */ 11#endif /* __CFG80211_DEBUGFS_H */
diff --git a/net/wireless/ethtool.c b/net/wireless/ethtool.c
new file mode 100644
index 000000000000..ca4c825be93d
--- /dev/null
+++ b/net/wireless/ethtool.c
@@ -0,0 +1,45 @@
1#include <linux/utsname.h>
2#include <net/cfg80211.h>
3#include "ethtool.h"
4
5static void cfg80211_get_drvinfo(struct net_device *dev,
6 struct ethtool_drvinfo *info)
7{
8 struct wireless_dev *wdev = dev->ieee80211_ptr;
9
10 strlcpy(info->driver, wiphy_dev(wdev->wiphy)->driver->name,
11 sizeof(info->driver));
12
13 strlcpy(info->version, init_utsname()->release, sizeof(info->version));
14
15 if (wdev->wiphy->fw_version[0])
16 strncpy(info->fw_version, wdev->wiphy->fw_version,
17 sizeof(info->fw_version));
18 else
19 strncpy(info->fw_version, "N/A", sizeof(info->fw_version));
20
21 strlcpy(info->bus_info, dev_name(wiphy_dev(wdev->wiphy)),
22 sizeof(info->bus_info));
23}
24
25static int cfg80211_get_regs_len(struct net_device *dev)
26{
27 /* For now, return 0... */
28 return 0;
29}
30
31static void cfg80211_get_regs(struct net_device *dev, struct ethtool_regs *regs,
32 void *data)
33{
34 struct wireless_dev *wdev = dev->ieee80211_ptr;
35
36 regs->version = wdev->wiphy->hw_version;
37 regs->len = 0;
38}
39
40const struct ethtool_ops cfg80211_ethtool_ops = {
41 .get_drvinfo = cfg80211_get_drvinfo,
42 .get_regs_len = cfg80211_get_regs_len,
43 .get_regs = cfg80211_get_regs,
44 .get_link = ethtool_op_get_link,
45};
diff --git a/net/wireless/ethtool.h b/net/wireless/ethtool.h
new file mode 100644
index 000000000000..695ecad20bd6
--- /dev/null
+++ b/net/wireless/ethtool.h
@@ -0,0 +1,6 @@
1#ifndef __CFG80211_ETHTOOL__
2#define __CFG80211_ETHTOOL__
3
4extern const struct ethtool_ops cfg80211_ethtool_ops;
5
6#endif /* __CFG80211_ETHTOOL__ */
diff --git a/net/wireless/genregdb.awk b/net/wireless/genregdb.awk
new file mode 100644
index 000000000000..3cc9e69880a8
--- /dev/null
+++ b/net/wireless/genregdb.awk
@@ -0,0 +1,118 @@
1#!/usr/bin/awk -f
2#
3# genregdb.awk -- generate regdb.c from db.txt
4#
5# Actually, it reads from stdin (presumed to be db.txt) and writes
6# to stdout (presumed to be regdb.c), but close enough...
7#
8# Copyright 2009 John W. Linville <linville@tuxdriver.com>
9#
10# This program is free software; you can redistribute it and/or modify
11# it under the terms of the GNU General Public License version 2 as
12# published by the Free Software Foundation.
13#
14
15BEGIN {
16 active = 0
17 rules = 0;
18 print "/*"
19 print " * DO NOT EDIT -- file generated from data in db.txt"
20 print " */"
21 print ""
22 print "#include <linux/nl80211.h>"
23 print "#include <net/cfg80211.h>"
24 print ""
25 regdb = "const struct ieee80211_regdomain *reg_regdb[] = {\n"
26}
27
28/^[ \t]*#/ {
29 # Ignore
30}
31
32!active && /^[ \t]*$/ {
33 # Ignore
34}
35
36!active && /country/ {
37 country=$2
38 sub(/:/, "", country)
39 printf "static const struct ieee80211_regdomain regdom_%s = {\n", country
40 printf "\t.alpha2 = \"%s\",\n", country
41 printf "\t.reg_rules = {\n"
42 active = 1
43 regdb = regdb "\t&regdom_" country ",\n"
44}
45
46active && /^[ \t]*\(/ {
47 start = $1
48 sub(/\(/, "", start)
49 end = $3
50 bw = $5
51 sub(/\),/, "", bw)
52 gain = $6
53 sub(/\(/, "", gain)
54 sub(/,/, "", gain)
55 power = $7
56 sub(/\)/, "", power)
57 sub(/,/, "", power)
58 # power might be in mW...
59 units = $8
60 sub(/\)/, "", units)
61 sub(/,/, "", units)
62 if (units == "mW") {
63 if (power == 100) {
64 power = 20
65 } else if (power == 200) {
66 power = 23
67 } else if (power == 500) {
68 power = 27
69 } else if (power == 1000) {
70 power = 30
71 } else {
72 print "Unknown power value in database!"
73 }
74 }
75 flagstr = ""
76 for (i=8; i<=NF; i++)
77 flagstr = flagstr $i
78 split(flagstr, flagarray, ",")
79 flags = ""
80 for (arg in flagarray) {
81 if (flagarray[arg] == "NO-OFDM") {
82 flags = flags "\n\t\t\tNL80211_RRF_NO_OFDM | "
83 } else if (flagarray[arg] == "NO-CCK") {
84 flags = flags "\n\t\t\tNL80211_RRF_NO_CCK | "
85 } else if (flagarray[arg] == "NO-INDOOR") {
86 flags = flags "\n\t\t\tNL80211_RRF_NO_INDOOR | "
87 } else if (flagarray[arg] == "NO-OUTDOOR") {
88 flags = flags "\n\t\t\tNL80211_RRF_NO_OUTDOOR | "
89 } else if (flagarray[arg] == "DFS") {
90 flags = flags "\n\t\t\tNL80211_RRF_DFS | "
91 } else if (flagarray[arg] == "PTP-ONLY") {
92 flags = flags "\n\t\t\tNL80211_RRF_PTP_ONLY | "
93 } else if (flagarray[arg] == "PTMP-ONLY") {
94 flags = flags "\n\t\t\tNL80211_RRF_PTMP_ONLY | "
95 } else if (flagarray[arg] == "PASSIVE-SCAN") {
96 flags = flags "\n\t\t\tNL80211_RRF_PASSIVE_SCAN | "
97 } else if (flagarray[arg] == "NO-IBSS") {
98 flags = flags "\n\t\t\tNL80211_RRF_NO_IBSS | "
99 }
100 }
101 flags = flags "0"
102 printf "\t\tREG_RULE(%d, %d, %d, %d, %d, %s),\n", start, end, bw, gain, power, flags
103 rules++
104}
105
106active && /^[ \t]*$/ {
107 active = 0
108 printf "\t},\n"
109 printf "\t.n_reg_rules = %d\n", rules
110 printf "};\n\n"
111 rules = 0;
112}
113
114END {
115 print regdb "};"
116 print ""
117 print "int reg_regdb_size = ARRAY_SIZE(reg_regdb);"
118}
diff --git a/net/wireless/ibss.c b/net/wireless/ibss.c
index c88338911979..6a5acf750174 100644
--- a/net/wireless/ibss.c
+++ b/net/wireless/ibss.c
@@ -6,6 +6,7 @@
6 6
7#include <linux/etherdevice.h> 7#include <linux/etherdevice.h>
8#include <linux/if_arp.h> 8#include <linux/if_arp.h>
9#include <linux/slab.h>
9#include <net/cfg80211.h> 10#include <net/cfg80211.h>
10#include "wext-compat.h" 11#include "wext-compat.h"
11#include "nl80211.h" 12#include "nl80211.h"
@@ -15,7 +16,7 @@ void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid)
15{ 16{
16 struct wireless_dev *wdev = dev->ieee80211_ptr; 17 struct wireless_dev *wdev = dev->ieee80211_ptr;
17 struct cfg80211_bss *bss; 18 struct cfg80211_bss *bss;
18#ifdef CONFIG_WIRELESS_EXT 19#ifdef CONFIG_CFG80211_WEXT
19 union iwreq_data wrqu; 20 union iwreq_data wrqu;
20#endif 21#endif
21 22
@@ -44,7 +45,7 @@ void __cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid)
44 45
45 nl80211_send_ibss_bssid(wiphy_to_dev(wdev->wiphy), dev, bssid, 46 nl80211_send_ibss_bssid(wiphy_to_dev(wdev->wiphy), dev, bssid,
46 GFP_KERNEL); 47 GFP_KERNEL);
47#ifdef CONFIG_WIRELESS_EXT 48#ifdef CONFIG_CFG80211_WEXT
48 memset(&wrqu, 0, sizeof(wrqu)); 49 memset(&wrqu, 0, sizeof(wrqu));
49 memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN); 50 memcpy(wrqu.ap_addr.sa_data, bssid, ETH_ALEN);
50 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 51 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
@@ -70,7 +71,7 @@ void cfg80211_ibss_joined(struct net_device *dev, const u8 *bssid, gfp_t gfp)
70 spin_lock_irqsave(&wdev->event_lock, flags); 71 spin_lock_irqsave(&wdev->event_lock, flags);
71 list_add_tail(&ev->list, &wdev->event_list); 72 list_add_tail(&ev->list, &wdev->event_list);
72 spin_unlock_irqrestore(&wdev->event_lock, flags); 73 spin_unlock_irqrestore(&wdev->event_lock, flags);
73 schedule_work(&rdev->event_work); 74 queue_work(cfg80211_wq, &rdev->event_work);
74} 75}
75EXPORT_SYMBOL(cfg80211_ibss_joined); 76EXPORT_SYMBOL(cfg80211_ibss_joined);
76 77
@@ -96,7 +97,7 @@ int __cfg80211_join_ibss(struct cfg80211_registered_device *rdev,
96 kfree(wdev->connect_keys); 97 kfree(wdev->connect_keys);
97 wdev->connect_keys = connkeys; 98 wdev->connect_keys = connkeys;
98 99
99#ifdef CONFIG_WIRELESS_EXT 100#ifdef CONFIG_CFG80211_WEXT
100 wdev->wext.ibss.channel = params->channel; 101 wdev->wext.ibss.channel = params->channel;
101#endif 102#endif
102 err = rdev->ops->join_ibss(&rdev->wiphy, dev, params); 103 err = rdev->ops->join_ibss(&rdev->wiphy, dev, params);
@@ -154,7 +155,7 @@ static void __cfg80211_clear_ibss(struct net_device *dev, bool nowext)
154 155
155 wdev->current_bss = NULL; 156 wdev->current_bss = NULL;
156 wdev->ssid_len = 0; 157 wdev->ssid_len = 0;
157#ifdef CONFIG_WIRELESS_EXT 158#ifdef CONFIG_CFG80211_WEXT
158 if (!nowext) 159 if (!nowext)
159 wdev->wext.ibss.ssid_len = 0; 160 wdev->wext.ibss.ssid_len = 0;
160#endif 161#endif
@@ -169,8 +170,8 @@ void cfg80211_clear_ibss(struct net_device *dev, bool nowext)
169 wdev_unlock(wdev); 170 wdev_unlock(wdev);
170} 171}
171 172
172static int __cfg80211_leave_ibss(struct cfg80211_registered_device *rdev, 173int __cfg80211_leave_ibss(struct cfg80211_registered_device *rdev,
173 struct net_device *dev, bool nowext) 174 struct net_device *dev, bool nowext)
174{ 175{
175 struct wireless_dev *wdev = dev->ieee80211_ptr; 176 struct wireless_dev *wdev = dev->ieee80211_ptr;
176 int err; 177 int err;
@@ -203,7 +204,7 @@ int cfg80211_leave_ibss(struct cfg80211_registered_device *rdev,
203 return err; 204 return err;
204} 205}
205 206
206#ifdef CONFIG_WIRELESS_EXT 207#ifdef CONFIG_CFG80211_WEXT
207int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev, 208int cfg80211_ibss_wext_join(struct cfg80211_registered_device *rdev,
208 struct wireless_dev *wdev) 209 struct wireless_dev *wdev)
209{ 210{
diff --git a/net/wireless/lib80211_crypt_ccmp.c b/net/wireless/lib80211_crypt_ccmp.c
index 2301dc1edc4c..b7fa31d5fd13 100644
--- a/net/wireless/lib80211_crypt_ccmp.c
+++ b/net/wireless/lib80211_crypt_ccmp.c
@@ -237,7 +237,6 @@ static int lib80211_ccmp_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
237 return -1; 237 return -1;
238 238
239 pos = skb->data + hdr_len + CCMP_HDR_LEN; 239 pos = skb->data + hdr_len + CCMP_HDR_LEN;
240 mic = skb_put(skb, CCMP_MIC_LEN);
241 hdr = (struct ieee80211_hdr *)skb->data; 240 hdr = (struct ieee80211_hdr *)skb->data;
242 ccmp_init_blocks(key->tfm, hdr, key->tx_pn, data_len, b0, b, s0); 241 ccmp_init_blocks(key->tfm, hdr, key->tx_pn, data_len, b0, b, s0);
243 242
@@ -257,6 +256,7 @@ static int lib80211_ccmp_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
257 pos += len; 256 pos += len;
258 } 257 }
259 258
259 mic = skb_put(skb, CCMP_MIC_LEN);
260 for (i = 0; i < CCMP_MIC_LEN; i++) 260 for (i = 0; i < CCMP_MIC_LEN; i++)
261 mic[i] = b[i] ^ s0[i]; 261 mic[i] = b[i] ^ s0[i];
262 262
diff --git a/net/wireless/lib80211_crypt_tkip.c b/net/wireless/lib80211_crypt_tkip.c
index c36287399d7e..8cbdb32ff316 100644
--- a/net/wireless/lib80211_crypt_tkip.c
+++ b/net/wireless/lib80211_crypt_tkip.c
@@ -36,6 +36,8 @@ MODULE_AUTHOR("Jouni Malinen");
36MODULE_DESCRIPTION("lib80211 crypt: TKIP"); 36MODULE_DESCRIPTION("lib80211 crypt: TKIP");
37MODULE_LICENSE("GPL"); 37MODULE_LICENSE("GPL");
38 38
39#define TKIP_HDR_LEN 8
40
39struct lib80211_tkip_data { 41struct lib80211_tkip_data {
40#define TKIP_KEY_LEN 32 42#define TKIP_KEY_LEN 32
41 u8 key[TKIP_KEY_LEN]; 43 u8 key[TKIP_KEY_LEN];
@@ -314,13 +316,12 @@ static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
314 u8 * rc4key, int keylen, void *priv) 316 u8 * rc4key, int keylen, void *priv)
315{ 317{
316 struct lib80211_tkip_data *tkey = priv; 318 struct lib80211_tkip_data *tkey = priv;
317 int len;
318 u8 *pos; 319 u8 *pos;
319 struct ieee80211_hdr *hdr; 320 struct ieee80211_hdr *hdr;
320 321
321 hdr = (struct ieee80211_hdr *)skb->data; 322 hdr = (struct ieee80211_hdr *)skb->data;
322 323
323 if (skb_headroom(skb) < 8 || skb->len < hdr_len) 324 if (skb_headroom(skb) < TKIP_HDR_LEN || skb->len < hdr_len)
324 return -1; 325 return -1;
325 326
326 if (rc4key == NULL || keylen < 16) 327 if (rc4key == NULL || keylen < 16)
@@ -333,9 +334,8 @@ static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
333 } 334 }
334 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16); 335 tkip_mixing_phase2(rc4key, tkey->key, tkey->tx_ttak, tkey->tx_iv16);
335 336
336 len = skb->len - hdr_len; 337 pos = skb_push(skb, TKIP_HDR_LEN);
337 pos = skb_push(skb, 8); 338 memmove(pos, pos + TKIP_HDR_LEN, hdr_len);
338 memmove(pos, pos + 8, hdr_len);
339 pos += hdr_len; 339 pos += hdr_len;
340 340
341 *pos++ = *rc4key; 341 *pos++ = *rc4key;
@@ -353,7 +353,7 @@ static int lib80211_tkip_hdr(struct sk_buff *skb, int hdr_len,
353 tkey->tx_iv32++; 353 tkey->tx_iv32++;
354 } 354 }
355 355
356 return 8; 356 return TKIP_HDR_LEN;
357} 357}
358 358
359static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 359static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
@@ -384,9 +384,8 @@ static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
384 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0) 384 if ((lib80211_tkip_hdr(skb, hdr_len, rc4key, 16, priv)) < 0)
385 return -1; 385 return -1;
386 386
387 icv = skb_put(skb, 4);
388
389 crc = ~crc32_le(~0, pos, len); 387 crc = ~crc32_le(~0, pos, len);
388 icv = skb_put(skb, 4);
390 icv[0] = crc; 389 icv[0] = crc;
391 icv[1] = crc >> 8; 390 icv[1] = crc >> 8;
392 icv[2] = crc >> 16; 391 icv[2] = crc >> 16;
@@ -434,7 +433,7 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
434 return -1; 433 return -1;
435 } 434 }
436 435
437 if (skb->len < hdr_len + 8 + 4) 436 if (skb->len < hdr_len + TKIP_HDR_LEN + 4)
438 return -1; 437 return -1;
439 438
440 pos = skb->data + hdr_len; 439 pos = skb->data + hdr_len;
@@ -462,7 +461,7 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
462 } 461 }
463 iv16 = (pos[0] << 8) | pos[2]; 462 iv16 = (pos[0] << 8) | pos[2];
464 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24); 463 iv32 = pos[4] | (pos[5] << 8) | (pos[6] << 16) | (pos[7] << 24);
465 pos += 8; 464 pos += TKIP_HDR_LEN;
466 465
467 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) { 466 if (tkip_replay_check(iv32, iv16, tkey->rx_iv32, tkey->rx_iv16)) {
468#ifdef CONFIG_LIB80211_DEBUG 467#ifdef CONFIG_LIB80211_DEBUG
@@ -523,8 +522,8 @@ static int lib80211_tkip_decrypt(struct sk_buff *skb, int hdr_len, void *priv)
523 tkey->rx_iv16_new = iv16; 522 tkey->rx_iv16_new = iv16;
524 523
525 /* Remove IV and ICV */ 524 /* Remove IV and ICV */
526 memmove(skb->data + 8, skb->data, hdr_len); 525 memmove(skb->data + TKIP_HDR_LEN, skb->data, hdr_len);
527 skb_pull(skb, 8); 526 skb_pull(skb, TKIP_HDR_LEN);
528 skb_trim(skb, skb->len - 4); 527 skb_trim(skb, skb->len - 4);
529 528
530 return keyidx; 529 return keyidx;
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 0a6b7a0eca6b..22139fa46115 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -8,6 +8,7 @@
8#include <linux/module.h> 8#include <linux/module.h>
9#include <linux/netdevice.h> 9#include <linux/netdevice.h>
10#include <linux/nl80211.h> 10#include <linux/nl80211.h>
11#include <linux/slab.h>
11#include <linux/wireless.h> 12#include <linux/wireless.h>
12#include <net/cfg80211.h> 13#include <net/cfg80211.h>
13#include <net/iw_handler.h> 14#include <net/iw_handler.h>
@@ -62,7 +63,6 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
62 u8 *ie = mgmt->u.assoc_resp.variable; 63 u8 *ie = mgmt->u.assoc_resp.variable;
63 int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable); 64 int i, ieoffs = offsetof(struct ieee80211_mgmt, u.assoc_resp.variable);
64 struct cfg80211_internal_bss *bss = NULL; 65 struct cfg80211_internal_bss *bss = NULL;
65 bool need_connect_result = true;
66 66
67 wdev_lock(wdev); 67 wdev_lock(wdev);
68 68
@@ -94,10 +94,20 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
94 } 94 }
95 } 95 }
96 96
97 WARN_ON(!bss); 97 /*
98 * We might be coming here because the driver reported
99 * a successful association at the same time as the
100 * user requested a deauth. In that case, we will have
101 * removed the BSS from the auth_bsses list due to the
102 * deauth request when the assoc response makes it. If
103 * the two code paths acquire the lock the other way
104 * around, that's just the standard situation of a
105 * deauth being requested while connected.
106 */
107 if (!bss)
108 goto out;
98 } else if (wdev->conn) { 109 } else if (wdev->conn) {
99 cfg80211_sme_failed_assoc(wdev); 110 cfg80211_sme_failed_assoc(wdev);
100 need_connect_result = false;
101 /* 111 /*
102 * do not call connect_result() now because the 112 * do not call connect_result() now because the
103 * sme will schedule work that does it later. 113 * sme will schedule work that does it later.
@@ -130,7 +140,7 @@ void cfg80211_send_rx_assoc(struct net_device *dev, const u8 *buf, size_t len)
130} 140}
131EXPORT_SYMBOL(cfg80211_send_rx_assoc); 141EXPORT_SYMBOL(cfg80211_send_rx_assoc);
132 142
133static void __cfg80211_send_deauth(struct net_device *dev, 143void __cfg80211_send_deauth(struct net_device *dev,
134 const u8 *buf, size_t len) 144 const u8 *buf, size_t len)
135{ 145{
136 struct wireless_dev *wdev = dev->ieee80211_ptr; 146 struct wireless_dev *wdev = dev->ieee80211_ptr;
@@ -139,25 +149,23 @@ static void __cfg80211_send_deauth(struct net_device *dev,
139 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf; 149 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
140 const u8 *bssid = mgmt->bssid; 150 const u8 *bssid = mgmt->bssid;
141 int i; 151 int i;
142 bool done = false; 152 bool found = false;
143 153
144 ASSERT_WDEV_LOCK(wdev); 154 ASSERT_WDEV_LOCK(wdev);
145 155
146 nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL);
147
148 if (wdev->current_bss && 156 if (wdev->current_bss &&
149 memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) { 157 memcmp(wdev->current_bss->pub.bssid, bssid, ETH_ALEN) == 0) {
150 done = true;
151 cfg80211_unhold_bss(wdev->current_bss); 158 cfg80211_unhold_bss(wdev->current_bss);
152 cfg80211_put_bss(&wdev->current_bss->pub); 159 cfg80211_put_bss(&wdev->current_bss->pub);
153 wdev->current_bss = NULL; 160 wdev->current_bss = NULL;
161 found = true;
154 } else for (i = 0; i < MAX_AUTH_BSSES; i++) { 162 } else for (i = 0; i < MAX_AUTH_BSSES; i++) {
155 if (wdev->auth_bsses[i] && 163 if (wdev->auth_bsses[i] &&
156 memcmp(wdev->auth_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) { 164 memcmp(wdev->auth_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) {
157 cfg80211_unhold_bss(wdev->auth_bsses[i]); 165 cfg80211_unhold_bss(wdev->auth_bsses[i]);
158 cfg80211_put_bss(&wdev->auth_bsses[i]->pub); 166 cfg80211_put_bss(&wdev->auth_bsses[i]->pub);
159 wdev->auth_bsses[i] = NULL; 167 wdev->auth_bsses[i] = NULL;
160 done = true; 168 found = true;
161 break; 169 break;
162 } 170 }
163 if (wdev->authtry_bsses[i] && 171 if (wdev->authtry_bsses[i] &&
@@ -165,12 +173,15 @@ static void __cfg80211_send_deauth(struct net_device *dev,
165 cfg80211_unhold_bss(wdev->authtry_bsses[i]); 173 cfg80211_unhold_bss(wdev->authtry_bsses[i]);
166 cfg80211_put_bss(&wdev->authtry_bsses[i]->pub); 174 cfg80211_put_bss(&wdev->authtry_bsses[i]->pub);
167 wdev->authtry_bsses[i] = NULL; 175 wdev->authtry_bsses[i] = NULL;
168 done = true; 176 found = true;
169 break; 177 break;
170 } 178 }
171 } 179 }
172 180
173 WARN_ON(!done); 181 if (!found)
182 return;
183
184 nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL);
174 185
175 if (wdev->sme_state == CFG80211_SME_CONNECTED) { 186 if (wdev->sme_state == CFG80211_SME_CONNECTED) {
176 u16 reason_code; 187 u16 reason_code;
@@ -186,27 +197,19 @@ static void __cfg80211_send_deauth(struct net_device *dev,
186 false, NULL); 197 false, NULL);
187 } 198 }
188} 199}
200EXPORT_SYMBOL(__cfg80211_send_deauth);
189 201
190 202void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len)
191void cfg80211_send_deauth(struct net_device *dev, const u8 *buf, size_t len,
192 void *cookie)
193{ 203{
194 struct wireless_dev *wdev = dev->ieee80211_ptr; 204 struct wireless_dev *wdev = dev->ieee80211_ptr;
195 205
196 BUG_ON(cookie && wdev != cookie); 206 wdev_lock(wdev);
197 207 __cfg80211_send_deauth(dev, buf, len);
198 if (cookie) { 208 wdev_unlock(wdev);
199 /* called within callback */
200 __cfg80211_send_deauth(dev, buf, len);
201 } else {
202 wdev_lock(wdev);
203 __cfg80211_send_deauth(dev, buf, len);
204 wdev_unlock(wdev);
205 }
206} 209}
207EXPORT_SYMBOL(cfg80211_send_deauth); 210EXPORT_SYMBOL(cfg80211_send_deauth);
208 211
209static void __cfg80211_send_disassoc(struct net_device *dev, 212void __cfg80211_send_disassoc(struct net_device *dev,
210 const u8 *buf, size_t len) 213 const u8 *buf, size_t len)
211{ 214{
212 struct wireless_dev *wdev = dev->ieee80211_ptr; 215 struct wireless_dev *wdev = dev->ieee80211_ptr;
@@ -247,40 +250,24 @@ static void __cfg80211_send_disassoc(struct net_device *dev,
247 from_ap = memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0; 250 from_ap = memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0;
248 __cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap); 251 __cfg80211_disconnected(dev, NULL, 0, reason_code, from_ap);
249} 252}
253EXPORT_SYMBOL(__cfg80211_send_disassoc);
250 254
251void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len, 255void cfg80211_send_disassoc(struct net_device *dev, const u8 *buf, size_t len)
252 void *cookie)
253{ 256{
254 struct wireless_dev *wdev = dev->ieee80211_ptr; 257 struct wireless_dev *wdev = dev->ieee80211_ptr;
255 258
256 BUG_ON(cookie && wdev != cookie); 259 wdev_lock(wdev);
257 260 __cfg80211_send_disassoc(dev, buf, len);
258 if (cookie) { 261 wdev_unlock(wdev);
259 /* called within callback */
260 __cfg80211_send_disassoc(dev, buf, len);
261 } else {
262 wdev_lock(wdev);
263 __cfg80211_send_disassoc(dev, buf, len);
264 wdev_unlock(wdev);
265 }
266} 262}
267EXPORT_SYMBOL(cfg80211_send_disassoc); 263EXPORT_SYMBOL(cfg80211_send_disassoc);
268 264
269void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr) 265static void __cfg80211_auth_remove(struct wireless_dev *wdev, const u8 *addr)
270{ 266{
271 struct wireless_dev *wdev = dev->ieee80211_ptr;
272 struct wiphy *wiphy = wdev->wiphy;
273 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
274 int i; 267 int i;
275 bool done = false; 268 bool done = false;
276 269
277 wdev_lock(wdev); 270 ASSERT_WDEV_LOCK(wdev);
278
279 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
280 if (wdev->sme_state == CFG80211_SME_CONNECTING)
281 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
282 WLAN_STATUS_UNSPECIFIED_FAILURE,
283 false, NULL);
284 271
285 for (i = 0; addr && i < MAX_AUTH_BSSES; i++) { 272 for (i = 0; addr && i < MAX_AUTH_BSSES; i++) {
286 if (wdev->authtry_bsses[i] && 273 if (wdev->authtry_bsses[i] &&
@@ -295,6 +282,29 @@ void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr)
295 } 282 }
296 283
297 WARN_ON(!done); 284 WARN_ON(!done);
285}
286
287void __cfg80211_auth_canceled(struct net_device *dev, const u8 *addr)
288{
289 __cfg80211_auth_remove(dev->ieee80211_ptr, addr);
290}
291EXPORT_SYMBOL(__cfg80211_auth_canceled);
292
293void cfg80211_send_auth_timeout(struct net_device *dev, const u8 *addr)
294{
295 struct wireless_dev *wdev = dev->ieee80211_ptr;
296 struct wiphy *wiphy = wdev->wiphy;
297 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
298
299 wdev_lock(wdev);
300
301 nl80211_send_auth_timeout(rdev, dev, addr, GFP_KERNEL);
302 if (wdev->sme_state == CFG80211_SME_CONNECTING)
303 __cfg80211_connect_result(dev, addr, NULL, 0, NULL, 0,
304 WLAN_STATUS_UNSPECIFIED_FAILURE,
305 false, NULL);
306
307 __cfg80211_auth_remove(wdev, addr);
298 308
299 wdev_unlock(wdev); 309 wdev_unlock(wdev);
300} 310}
@@ -340,7 +350,7 @@ void cfg80211_michael_mic_failure(struct net_device *dev, const u8 *addr,
340{ 350{
341 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy; 351 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
342 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 352 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
343#ifdef CONFIG_WIRELESS_EXT 353#ifdef CONFIG_CFG80211_WEXT
344 union iwreq_data wrqu; 354 union iwreq_data wrqu;
345 char *buf = kmalloc(128, gfp); 355 char *buf = kmalloc(128, gfp);
346 356
@@ -469,12 +479,23 @@ int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
469 struct cfg80211_assoc_request req; 479 struct cfg80211_assoc_request req;
470 struct cfg80211_internal_bss *bss; 480 struct cfg80211_internal_bss *bss;
471 int i, err, slot = -1; 481 int i, err, slot = -1;
482 bool was_connected = false;
472 483
473 ASSERT_WDEV_LOCK(wdev); 484 ASSERT_WDEV_LOCK(wdev);
474 485
475 memset(&req, 0, sizeof(req)); 486 memset(&req, 0, sizeof(req));
476 487
477 if (wdev->current_bss) 488 if (wdev->current_bss && prev_bssid &&
489 memcmp(wdev->current_bss->pub.bssid, prev_bssid, ETH_ALEN) == 0) {
490 /*
491 * Trying to reassociate: Allow this to proceed and let the old
492 * association to be dropped when the new one is completed.
493 */
494 if (wdev->sme_state == CFG80211_SME_CONNECTED) {
495 was_connected = true;
496 wdev->sme_state = CFG80211_SME_CONNECTING;
497 }
498 } else if (wdev->current_bss)
478 return -EALREADY; 499 return -EALREADY;
479 500
480 req.ie = ie; 501 req.ie = ie;
@@ -484,8 +505,11 @@ int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
484 req.prev_bssid = prev_bssid; 505 req.prev_bssid = prev_bssid;
485 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len, 506 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
486 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS); 507 WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS);
487 if (!req.bss) 508 if (!req.bss) {
509 if (was_connected)
510 wdev->sme_state = CFG80211_SME_CONNECTED;
488 return -ENOENT; 511 return -ENOENT;
512 }
489 513
490 bss = bss_from_pub(req.bss); 514 bss = bss_from_pub(req.bss);
491 515
@@ -503,6 +527,8 @@ int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
503 527
504 err = rdev->ops->assoc(&rdev->wiphy, dev, &req); 528 err = rdev->ops->assoc(&rdev->wiphy, dev, &req);
505 out: 529 out:
530 if (err && was_connected)
531 wdev->sme_state = CFG80211_SME_CONNECTED;
506 /* still a reference in wdev->auth_bsses[slot] */ 532 /* still a reference in wdev->auth_bsses[slot] */
507 cfg80211_put_bss(req.bss); 533 cfg80211_put_bss(req.bss);
508 return err; 534 return err;
@@ -666,3 +692,206 @@ void cfg80211_mlme_down(struct cfg80211_registered_device *rdev,
666 } 692 }
667 } 693 }
668} 694}
695
696void cfg80211_ready_on_channel(struct net_device *dev, u64 cookie,
697 struct ieee80211_channel *chan,
698 enum nl80211_channel_type channel_type,
699 unsigned int duration, gfp_t gfp)
700{
701 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
702 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
703
704 nl80211_send_remain_on_channel(rdev, dev, cookie, chan, channel_type,
705 duration, gfp);
706}
707EXPORT_SYMBOL(cfg80211_ready_on_channel);
708
709void cfg80211_remain_on_channel_expired(struct net_device *dev,
710 u64 cookie,
711 struct ieee80211_channel *chan,
712 enum nl80211_channel_type channel_type,
713 gfp_t gfp)
714{
715 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
716 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
717
718 nl80211_send_remain_on_channel_cancel(rdev, dev, cookie, chan,
719 channel_type, gfp);
720}
721EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
722
723void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
724 struct station_info *sinfo, gfp_t gfp)
725{
726 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
727 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
728
729 nl80211_send_sta_event(rdev, dev, mac_addr, sinfo, gfp);
730}
731EXPORT_SYMBOL(cfg80211_new_sta);
732
733struct cfg80211_action_registration {
734 struct list_head list;
735
736 u32 nlpid;
737
738 int match_len;
739
740 u8 match[];
741};
742
743int cfg80211_mlme_register_action(struct wireless_dev *wdev, u32 snd_pid,
744 const u8 *match_data, int match_len)
745{
746 struct cfg80211_action_registration *reg, *nreg;
747 int err = 0;
748
749 nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
750 if (!nreg)
751 return -ENOMEM;
752
753 spin_lock_bh(&wdev->action_registrations_lock);
754
755 list_for_each_entry(reg, &wdev->action_registrations, list) {
756 int mlen = min(match_len, reg->match_len);
757
758 if (memcmp(reg->match, match_data, mlen) == 0) {
759 err = -EALREADY;
760 break;
761 }
762 }
763
764 if (err) {
765 kfree(nreg);
766 goto out;
767 }
768
769 memcpy(nreg->match, match_data, match_len);
770 nreg->match_len = match_len;
771 nreg->nlpid = snd_pid;
772 list_add(&nreg->list, &wdev->action_registrations);
773
774 out:
775 spin_unlock_bh(&wdev->action_registrations_lock);
776 return err;
777}
778
779void cfg80211_mlme_unregister_actions(struct wireless_dev *wdev, u32 nlpid)
780{
781 struct cfg80211_action_registration *reg, *tmp;
782
783 spin_lock_bh(&wdev->action_registrations_lock);
784
785 list_for_each_entry_safe(reg, tmp, &wdev->action_registrations, list) {
786 if (reg->nlpid == nlpid) {
787 list_del(&reg->list);
788 kfree(reg);
789 }
790 }
791
792 spin_unlock_bh(&wdev->action_registrations_lock);
793}
794
795void cfg80211_mlme_purge_actions(struct wireless_dev *wdev)
796{
797 struct cfg80211_action_registration *reg, *tmp;
798
799 spin_lock_bh(&wdev->action_registrations_lock);
800
801 list_for_each_entry_safe(reg, tmp, &wdev->action_registrations, list) {
802 list_del(&reg->list);
803 kfree(reg);
804 }
805
806 spin_unlock_bh(&wdev->action_registrations_lock);
807}
808
809int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
810 struct net_device *dev,
811 struct ieee80211_channel *chan,
812 enum nl80211_channel_type channel_type,
813 const u8 *buf, size_t len, u64 *cookie)
814{
815 struct wireless_dev *wdev = dev->ieee80211_ptr;
816 const struct ieee80211_mgmt *mgmt;
817
818 if (rdev->ops->action == NULL)
819 return -EOPNOTSUPP;
820 if (len < 24 + 1)
821 return -EINVAL;
822
823 mgmt = (const struct ieee80211_mgmt *) buf;
824 if (!ieee80211_is_action(mgmt->frame_control))
825 return -EINVAL;
826 if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
827 /* Verify that we are associated with the destination AP */
828 if (!wdev->current_bss ||
829 memcmp(wdev->current_bss->pub.bssid, mgmt->bssid,
830 ETH_ALEN) != 0 ||
831 memcmp(wdev->current_bss->pub.bssid, mgmt->da,
832 ETH_ALEN) != 0)
833 return -ENOTCONN;
834 }
835
836 if (memcmp(mgmt->sa, dev->dev_addr, ETH_ALEN) != 0)
837 return -EINVAL;
838
839 /* Transmit the Action frame as requested by user space */
840 return rdev->ops->action(&rdev->wiphy, dev, chan, channel_type,
841 buf, len, cookie);
842}
843
844bool cfg80211_rx_action(struct net_device *dev, int freq, const u8 *buf,
845 size_t len, gfp_t gfp)
846{
847 struct wireless_dev *wdev = dev->ieee80211_ptr;
848 struct wiphy *wiphy = wdev->wiphy;
849 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
850 struct cfg80211_action_registration *reg;
851 const u8 *action_data;
852 int action_data_len;
853 bool result = false;
854
855 /* frame length - min size excluding category */
856 action_data_len = len - (IEEE80211_MIN_ACTION_SIZE - 1);
857
858 /* action data starts with category */
859 action_data = buf + IEEE80211_MIN_ACTION_SIZE - 1;
860
861 spin_lock_bh(&wdev->action_registrations_lock);
862
863 list_for_each_entry(reg, &wdev->action_registrations, list) {
864 if (reg->match_len > action_data_len)
865 continue;
866
867 if (memcmp(reg->match, action_data, reg->match_len))
868 continue;
869
870 /* found match! */
871
872 /* Indicate the received Action frame to user space */
873 if (nl80211_send_action(rdev, dev, reg->nlpid, freq,
874 buf, len, gfp))
875 continue;
876
877 result = true;
878 break;
879 }
880
881 spin_unlock_bh(&wdev->action_registrations_lock);
882
883 return result;
884}
885EXPORT_SYMBOL(cfg80211_rx_action);
886
887void cfg80211_action_tx_status(struct net_device *dev, u64 cookie,
888 const u8 *buf, size_t len, bool ack, gfp_t gfp)
889{
890 struct wireless_dev *wdev = dev->ieee80211_ptr;
891 struct wiphy *wiphy = wdev->wiphy;
892 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
893
894 /* Indicate TX status of the Action frame to user space */
895 nl80211_send_action_tx_status(rdev, dev, cookie, buf, len, ack, gfp);
896}
897EXPORT_SYMBOL(cfg80211_action_tx_status);
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index ca3c92a0a14f..030cf153bea2 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1,12 +1,13 @@
1/* 1/*
2 * This is the new netlink-based wireless configuration interface. 2 * This is the new netlink-based wireless configuration interface.
3 * 3 *
4 * Copyright 2006-2009 Johannes Berg <johannes@sipsolutions.net> 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5 */ 5 */
6 6
7#include <linux/if.h> 7#include <linux/if.h>
8#include <linux/module.h> 8#include <linux/module.h>
9#include <linux/err.h> 9#include <linux/err.h>
10#include <linux/slab.h>
10#include <linux/list.h> 11#include <linux/list.h>
11#include <linux/if_ether.h> 12#include <linux/if_ether.h>
12#include <linux/ieee80211.h> 13#include <linux/ieee80211.h>
@@ -58,7 +59,7 @@ static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
58} 59}
59 60
60/* policy for the attributes */ 61/* policy for the attributes */
61static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = { 62static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
62 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 63 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
63 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 64 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
64 .len = 20-1 }, 65 .len = 20-1 },
@@ -69,6 +70,7 @@ static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
69 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 70 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
70 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 71 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
71 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 72 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
73 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
72 74
73 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 75 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
74 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 76 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
@@ -138,11 +140,20 @@ static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
138 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 140 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
139 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 141 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
140 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 142 [NL80211_ATTR_PID] = { .type = NLA_U32 },
143 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
144 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
145 .len = WLAN_PMKID_LEN },
146 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
147 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
148 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
149 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
150 .len = IEEE80211_MAX_DATA_LEN },
151 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
152 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
141}; 153};
142 154
143/* policy for the attributes */ 155/* policy for the attributes */
144static struct nla_policy 156static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
145nl80211_key_policy[NL80211_KEY_MAX + 1] __read_mostly = {
146 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 157 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
147 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 158 [NL80211_KEY_IDX] = { .type = NLA_U8 },
148 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 159 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
@@ -151,6 +162,26 @@ nl80211_key_policy[NL80211_KEY_MAX + 1] __read_mostly = {
151 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 162 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
152}; 163};
153 164
165/* ifidx get helper */
166static int nl80211_get_ifidx(struct netlink_callback *cb)
167{
168 int res;
169
170 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
171 nl80211_fam.attrbuf, nl80211_fam.maxattr,
172 nl80211_policy);
173 if (res)
174 return res;
175
176 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
177 return -EINVAL;
178
179 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
180 if (!res)
181 return -EINVAL;
182 return res;
183}
184
154/* IE validation */ 185/* IE validation */
155static bool is_valid_ie_attr(const struct nlattr *attr) 186static bool is_valid_ie_attr(const struct nlattr *attr)
156{ 187{
@@ -419,6 +450,8 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
419 dev->wiphy.frag_threshold); 450 dev->wiphy.frag_threshold);
420 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 451 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
421 dev->wiphy.rts_threshold); 452 dev->wiphy.rts_threshold);
453 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
454 dev->wiphy.coverage_class);
422 455
423 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 456 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
424 dev->wiphy.max_scan_ssids); 457 dev->wiphy.max_scan_ssids);
@@ -429,6 +462,9 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
429 sizeof(u32) * dev->wiphy.n_cipher_suites, 462 sizeof(u32) * dev->wiphy.n_cipher_suites,
430 dev->wiphy.cipher_suites); 463 dev->wiphy.cipher_suites);
431 464
465 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
466 dev->wiphy.max_num_pmkids);
467
432 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES); 468 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
433 if (!nl_modes) 469 if (!nl_modes)
434 goto nla_put_failure; 470 goto nla_put_failure;
@@ -540,7 +576,13 @@ static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
540 CMD(deauth, DEAUTHENTICATE); 576 CMD(deauth, DEAUTHENTICATE);
541 CMD(disassoc, DISASSOCIATE); 577 CMD(disassoc, DISASSOCIATE);
542 CMD(join_ibss, JOIN_IBSS); 578 CMD(join_ibss, JOIN_IBSS);
543 if (dev->wiphy.netnsok) { 579 CMD(set_pmksa, SET_PMKSA);
580 CMD(del_pmksa, DEL_PMKSA);
581 CMD(flush_pmksa, FLUSH_PMKSA);
582 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
583 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
584 CMD(action, ACTION);
585 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
544 i++; 586 i++;
545 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 587 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
546 } 588 }
@@ -652,6 +694,7 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
652 u32 changed; 694 u32 changed;
653 u8 retry_short = 0, retry_long = 0; 695 u8 retry_short = 0, retry_long = 0;
654 u32 frag_threshold = 0, rts_threshold = 0; 696 u32 frag_threshold = 0, rts_threshold = 0;
697 u8 coverage_class = 0;
655 698
656 rtnl_lock(); 699 rtnl_lock();
657 700
@@ -774,9 +817,16 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
774 changed |= WIPHY_PARAM_RTS_THRESHOLD; 817 changed |= WIPHY_PARAM_RTS_THRESHOLD;
775 } 818 }
776 819
820 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
821 coverage_class = nla_get_u8(
822 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
823 changed |= WIPHY_PARAM_COVERAGE_CLASS;
824 }
825
777 if (changed) { 826 if (changed) {
778 u8 old_retry_short, old_retry_long; 827 u8 old_retry_short, old_retry_long;
779 u32 old_frag_threshold, old_rts_threshold; 828 u32 old_frag_threshold, old_rts_threshold;
829 u8 old_coverage_class;
780 830
781 if (!rdev->ops->set_wiphy_params) { 831 if (!rdev->ops->set_wiphy_params) {
782 result = -EOPNOTSUPP; 832 result = -EOPNOTSUPP;
@@ -787,6 +837,7 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
787 old_retry_long = rdev->wiphy.retry_long; 837 old_retry_long = rdev->wiphy.retry_long;
788 old_frag_threshold = rdev->wiphy.frag_threshold; 838 old_frag_threshold = rdev->wiphy.frag_threshold;
789 old_rts_threshold = rdev->wiphy.rts_threshold; 839 old_rts_threshold = rdev->wiphy.rts_threshold;
840 old_coverage_class = rdev->wiphy.coverage_class;
790 841
791 if (changed & WIPHY_PARAM_RETRY_SHORT) 842 if (changed & WIPHY_PARAM_RETRY_SHORT)
792 rdev->wiphy.retry_short = retry_short; 843 rdev->wiphy.retry_short = retry_short;
@@ -796,6 +847,8 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
796 rdev->wiphy.frag_threshold = frag_threshold; 847 rdev->wiphy.frag_threshold = frag_threshold;
797 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 848 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
798 rdev->wiphy.rts_threshold = rts_threshold; 849 rdev->wiphy.rts_threshold = rts_threshold;
850 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
851 rdev->wiphy.coverage_class = coverage_class;
799 852
800 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 853 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
801 if (result) { 854 if (result) {
@@ -803,6 +856,7 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
803 rdev->wiphy.retry_long = old_retry_long; 856 rdev->wiphy.retry_long = old_retry_long;
804 rdev->wiphy.frag_threshold = old_frag_threshold; 857 rdev->wiphy.frag_threshold = old_frag_threshold;
805 rdev->wiphy.rts_threshold = old_rts_threshold; 858 rdev->wiphy.rts_threshold = old_rts_threshold;
859 rdev->wiphy.coverage_class = old_coverage_class;
806 } 860 }
807 } 861 }
808 862
@@ -947,6 +1001,32 @@ static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
947 return 0; 1001 return 0;
948} 1002}
949 1003
1004static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1005 struct net_device *netdev, u8 use_4addr,
1006 enum nl80211_iftype iftype)
1007{
1008 if (!use_4addr) {
1009 if (netdev && netdev->br_port)
1010 return -EBUSY;
1011 return 0;
1012 }
1013
1014 switch (iftype) {
1015 case NL80211_IFTYPE_AP_VLAN:
1016 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1017 return 0;
1018 break;
1019 case NL80211_IFTYPE_STATION:
1020 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1021 return 0;
1022 break;
1023 default:
1024 break;
1025 }
1026
1027 return -EOPNOTSUPP;
1028}
1029
950static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1030static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
951{ 1031{
952 struct cfg80211_registered_device *rdev; 1032 struct cfg80211_registered_device *rdev;
@@ -987,6 +1067,16 @@ static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
987 change = true; 1067 change = true;
988 } 1068 }
989 1069
1070 if (info->attrs[NL80211_ATTR_4ADDR]) {
1071 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1072 change = true;
1073 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1074 if (err)
1075 goto unlock;
1076 } else {
1077 params.use_4addr = -1;
1078 }
1079
990 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1080 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
991 if (ntype != NL80211_IFTYPE_MONITOR) { 1081 if (ntype != NL80211_IFTYPE_MONITOR) {
992 err = -EINVAL; 1082 err = -EINVAL;
@@ -1006,6 +1096,9 @@ static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1006 else 1096 else
1007 err = 0; 1097 err = 0;
1008 1098
1099 if (!err && params.use_4addr != -1)
1100 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1101
1009 unlock: 1102 unlock:
1010 dev_put(dev); 1103 dev_put(dev);
1011 cfg80211_unlock_rdev(rdev); 1104 cfg80211_unlock_rdev(rdev);
@@ -1053,6 +1146,13 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1053 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1146 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1054 } 1147 }
1055 1148
1149 if (info->attrs[NL80211_ATTR_4ADDR]) {
1150 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1151 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1152 if (err)
1153 goto unlock;
1154 }
1155
1056 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1156 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1057 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1157 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1058 &flags); 1158 &flags);
@@ -1264,7 +1364,7 @@ static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1264 if (!err) 1364 if (!err)
1265 err = func(&rdev->wiphy, dev, key.idx); 1365 err = func(&rdev->wiphy, dev, key.idx);
1266 1366
1267#ifdef CONFIG_WIRELESS_EXT 1367#ifdef CONFIG_CFG80211_WEXT
1268 if (!err) { 1368 if (!err) {
1269 if (func == rdev->ops->set_default_key) 1369 if (func == rdev->ops->set_default_key)
1270 dev->ieee80211_ptr->wext.default_key = key.idx; 1370 dev->ieee80211_ptr->wext.default_key = key.idx;
@@ -1365,7 +1465,7 @@ static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1365 if (!err) 1465 if (!err)
1366 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr); 1466 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr);
1367 1467
1368#ifdef CONFIG_WIRELESS_EXT 1468#ifdef CONFIG_CFG80211_WEXT
1369 if (!err) { 1469 if (!err) {
1370 if (key.idx == dev->ieee80211_ptr->wext.default_key) 1470 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1371 dev->ieee80211_ptr->wext.default_key = -1; 1471 dev->ieee80211_ptr->wext.default_key = -1;
@@ -1562,42 +1662,9 @@ static int parse_station_flags(struct genl_info *info,
1562 return 0; 1662 return 0;
1563} 1663}
1564 1664
1565static u16 nl80211_calculate_bitrate(struct rate_info *rate)
1566{
1567 int modulation, streams, bitrate;
1568
1569 if (!(rate->flags & RATE_INFO_FLAGS_MCS))
1570 return rate->legacy;
1571
1572 /* the formula below does only work for MCS values smaller than 32 */
1573 if (rate->mcs >= 32)
1574 return 0;
1575
1576 modulation = rate->mcs & 7;
1577 streams = (rate->mcs >> 3) + 1;
1578
1579 bitrate = (rate->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) ?
1580 13500000 : 6500000;
1581
1582 if (modulation < 4)
1583 bitrate *= (modulation + 1);
1584 else if (modulation == 4)
1585 bitrate *= (modulation + 2);
1586 else
1587 bitrate *= (modulation + 3);
1588
1589 bitrate *= streams;
1590
1591 if (rate->flags & RATE_INFO_FLAGS_SHORT_GI)
1592 bitrate = (bitrate / 9) * 10;
1593
1594 /* do NOT round down here */
1595 return (bitrate + 50000) / 100000;
1596}
1597
1598static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 1665static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1599 int flags, struct net_device *dev, 1666 int flags, struct net_device *dev,
1600 u8 *mac_addr, struct station_info *sinfo) 1667 const u8 *mac_addr, struct station_info *sinfo)
1601{ 1668{
1602 void *hdr; 1669 void *hdr;
1603 struct nlattr *sinfoattr, *txrate; 1670 struct nlattr *sinfoattr, *txrate;
@@ -1641,8 +1708,8 @@ static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1641 if (!txrate) 1708 if (!txrate)
1642 goto nla_put_failure; 1709 goto nla_put_failure;
1643 1710
1644 /* nl80211_calculate_bitrate will return 0 for mcs >= 32 */ 1711 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
1645 bitrate = nl80211_calculate_bitrate(&sinfo->txrate); 1712 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate);
1646 if (bitrate > 0) 1713 if (bitrate > 0)
1647 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 1714 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
1648 1715
@@ -1682,20 +1749,10 @@ static int nl80211_dump_station(struct sk_buff *skb,
1682 int sta_idx = cb->args[1]; 1749 int sta_idx = cb->args[1];
1683 int err; 1750 int err;
1684 1751
1685 if (!ifidx) { 1752 if (!ifidx)
1686 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 1753 ifidx = nl80211_get_ifidx(cb);
1687 nl80211_fam.attrbuf, nl80211_fam.maxattr, 1754 if (ifidx < 0)
1688 nl80211_policy); 1755 return ifidx;
1689 if (err)
1690 return err;
1691
1692 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
1693 return -EINVAL;
1694
1695 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
1696 if (!ifidx)
1697 return -EINVAL;
1698 }
1699 1756
1700 rtnl_lock(); 1757 rtnl_lock();
1701 1758
@@ -1800,7 +1857,7 @@ static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1800} 1857}
1801 1858
1802/* 1859/*
1803 * Get vlan interface making sure it is on the right wiphy. 1860 * Get vlan interface making sure it is running and on the right wiphy.
1804 */ 1861 */
1805static int get_vlan(struct genl_info *info, 1862static int get_vlan(struct genl_info *info,
1806 struct cfg80211_registered_device *rdev, 1863 struct cfg80211_registered_device *rdev,
@@ -1818,6 +1875,8 @@ static int get_vlan(struct genl_info *info,
1818 return -EINVAL; 1875 return -EINVAL;
1819 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy) 1876 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
1820 return -EINVAL; 1877 return -EINVAL;
1878 if (!netif_running(*vlan))
1879 return -ENETDOWN;
1821 } 1880 }
1822 return 0; 1881 return 0;
1823} 1882}
@@ -1956,6 +2015,9 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1956 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2015 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
1957 return -EINVAL; 2016 return -EINVAL;
1958 2017
2018 if (!info->attrs[NL80211_ATTR_STA_AID])
2019 return -EINVAL;
2020
1959 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2021 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1960 params.supported_rates = 2022 params.supported_rates =
1961 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2023 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
@@ -1964,11 +2026,9 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1964 params.listen_interval = 2026 params.listen_interval =
1965 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2027 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1966 2028
1967 if (info->attrs[NL80211_ATTR_STA_AID]) { 2029 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
1968 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2030 if (!params.aid || params.aid > IEEE80211_MAX_AID)
1969 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2031 return -EINVAL;
1970 return -EINVAL;
1971 }
1972 2032
1973 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2033 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1974 params.ht_capa = 2034 params.ht_capa =
@@ -1983,6 +2043,12 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1983 if (err) 2043 if (err)
1984 goto out_rtnl; 2044 goto out_rtnl;
1985 2045
2046 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2047 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) {
2048 err = -EINVAL;
2049 goto out;
2050 }
2051
1986 err = get_vlan(info, rdev, &params.vlan); 2052 err = get_vlan(info, rdev, &params.vlan);
1987 if (err) 2053 if (err)
1988 goto out; 2054 goto out;
@@ -1990,35 +2056,6 @@ static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1990 /* validate settings */ 2056 /* validate settings */
1991 err = 0; 2057 err = 0;
1992 2058
1993 switch (dev->ieee80211_ptr->iftype) {
1994 case NL80211_IFTYPE_AP:
1995 case NL80211_IFTYPE_AP_VLAN:
1996 /* all ok but must have AID */
1997 if (!params.aid)
1998 err = -EINVAL;
1999 break;
2000 case NL80211_IFTYPE_MESH_POINT:
2001 /* disallow things mesh doesn't support */
2002 if (params.vlan)
2003 err = -EINVAL;
2004 if (params.aid)
2005 err = -EINVAL;
2006 if (params.ht_capa)
2007 err = -EINVAL;
2008 if (params.listen_interval >= 0)
2009 err = -EINVAL;
2010 if (params.supported_rates)
2011 err = -EINVAL;
2012 if (params.sta_flags_mask)
2013 err = -EINVAL;
2014 break;
2015 default:
2016 err = -EINVAL;
2017 }
2018
2019 if (err)
2020 goto out;
2021
2022 if (!rdev->ops->add_station) { 2059 if (!rdev->ops->add_station) {
2023 err = -EOPNOTSUPP; 2060 err = -EOPNOTSUPP;
2024 goto out; 2061 goto out;
@@ -2059,8 +2096,7 @@ static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2059 goto out_rtnl; 2096 goto out_rtnl;
2060 2097
2061 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2098 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2062 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2099 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) {
2063 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2064 err = -EINVAL; 2100 err = -EINVAL;
2065 goto out; 2101 goto out;
2066 } 2102 }
@@ -2105,9 +2141,9 @@ static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2105 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2141 if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2106 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2142 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2107 pinfo->frame_qlen); 2143 pinfo->frame_qlen);
2108 if (pinfo->filled & MPATH_INFO_DSN) 2144 if (pinfo->filled & MPATH_INFO_SN)
2109 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DSN, 2145 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2110 pinfo->dsn); 2146 pinfo->sn);
2111 if (pinfo->filled & MPATH_INFO_METRIC) 2147 if (pinfo->filled & MPATH_INFO_METRIC)
2112 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2148 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2113 pinfo->metric); 2149 pinfo->metric);
@@ -2145,20 +2181,10 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
2145 int path_idx = cb->args[1]; 2181 int path_idx = cb->args[1];
2146 int err; 2182 int err;
2147 2183
2148 if (!ifidx) { 2184 if (!ifidx)
2149 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 2185 ifidx = nl80211_get_ifidx(cb);
2150 nl80211_fam.attrbuf, nl80211_fam.maxattr, 2186 if (ifidx < 0)
2151 nl80211_policy); 2187 return ifidx;
2152 if (err)
2153 return err;
2154
2155 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
2156 return -EINVAL;
2157
2158 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
2159 if (!ifidx)
2160 return -EINVAL;
2161 }
2162 2188
2163 rtnl_lock(); 2189 rtnl_lock();
2164 2190
@@ -2457,8 +2483,7 @@ static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2457 return err; 2483 return err;
2458} 2484}
2459 2485
2460static const struct nla_policy 2486static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2461 reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2462 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 2487 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
2463 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 2488 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
2464 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 2489 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
@@ -2526,12 +2551,6 @@ static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2526 2551
2527 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2552 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2528 2553
2529#ifdef CONFIG_WIRELESS_OLD_REGULATORY
2530 /* We ignore world regdom requests with the old regdom setup */
2531 if (is_world_regdom(data))
2532 return -EINVAL;
2533#endif
2534
2535 r = regulatory_hint_user(data); 2554 r = regulatory_hint_user(data);
2536 2555
2537 return r; 2556 return r;
@@ -2605,6 +2624,8 @@ static int nl80211_get_mesh_params(struct sk_buff *skb,
2605 cur_params.dot11MeshHWMPpreqMinInterval); 2624 cur_params.dot11MeshHWMPpreqMinInterval);
2606 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2625 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2607 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 2626 cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2627 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2628 cur_params.dot11MeshHWMPRootMode);
2608 nla_nest_end(msg, pinfoattr); 2629 nla_nest_end(msg, pinfoattr);
2609 genlmsg_end(msg, hdr); 2630 genlmsg_end(msg, hdr);
2610 err = genlmsg_reply(msg, info); 2631 err = genlmsg_reply(msg, info);
@@ -2631,8 +2652,7 @@ do {\
2631 } \ 2652 } \
2632} while (0);\ 2653} while (0);\
2633 2654
2634static struct nla_policy 2655static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
2635nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] __read_mostly = {
2636 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 2656 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2637 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 2657 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2638 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 2658 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
@@ -2715,6 +2735,10 @@ static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2715 dot11MeshHWMPnetDiameterTraversalTime, 2735 dot11MeshHWMPnetDiameterTraversalTime,
2716 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2736 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2717 nla_get_u16); 2737 nla_get_u16);
2738 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2739 dot11MeshHWMPRootMode, mask,
2740 NL80211_MESHCONF_HWMP_ROOTMODE,
2741 nla_get_u8);
2718 2742
2719 /* Apply changes */ 2743 /* Apply changes */
2720 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask); 2744 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask);
@@ -2988,7 +3012,6 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
2988 goto out; 3012 goto out;
2989 } 3013 }
2990 3014
2991 request->n_channels = n_channels;
2992 if (n_ssids) 3015 if (n_ssids)
2993 request->ssids = (void *)&request->channels[n_channels]; 3016 request->ssids = (void *)&request->channels[n_channels];
2994 request->n_ssids = n_ssids; 3017 request->n_ssids = n_ssids;
@@ -2999,32 +3022,53 @@ static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
2999 request->ie = (void *)(request->channels + n_channels); 3022 request->ie = (void *)(request->channels + n_channels);
3000 } 3023 }
3001 3024
3025 i = 0;
3002 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3026 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3003 /* user specified, bail out if channel not found */ 3027 /* user specified, bail out if channel not found */
3004 request->n_channels = n_channels;
3005 i = 0;
3006 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3028 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3007 request->channels[i] = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3029 struct ieee80211_channel *chan;
3008 if (!request->channels[i]) { 3030
3031 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3032
3033 if (!chan) {
3009 err = -EINVAL; 3034 err = -EINVAL;
3010 goto out_free; 3035 goto out_free;
3011 } 3036 }
3037
3038 /* ignore disabled channels */
3039 if (chan->flags & IEEE80211_CHAN_DISABLED)
3040 continue;
3041
3042 request->channels[i] = chan;
3012 i++; 3043 i++;
3013 } 3044 }
3014 } else { 3045 } else {
3015 /* all channels */ 3046 /* all channels */
3016 i = 0;
3017 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3047 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3018 int j; 3048 int j;
3019 if (!wiphy->bands[band]) 3049 if (!wiphy->bands[band])
3020 continue; 3050 continue;
3021 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3051 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3022 request->channels[i] = &wiphy->bands[band]->channels[j]; 3052 struct ieee80211_channel *chan;
3053
3054 chan = &wiphy->bands[band]->channels[j];
3055
3056 if (chan->flags & IEEE80211_CHAN_DISABLED)
3057 continue;
3058
3059 request->channels[i] = chan;
3023 i++; 3060 i++;
3024 } 3061 }
3025 } 3062 }
3026 } 3063 }
3027 3064
3065 if (!i) {
3066 err = -EINVAL;
3067 goto out_free;
3068 }
3069
3070 request->n_channels = i;
3071
3028 i = 0; 3072 i = 0;
3029 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3073 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3030 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3074 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
@@ -3099,12 +3143,18 @@ static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
3099 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 3143 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3100 res->len_information_elements, 3144 res->len_information_elements,
3101 res->information_elements); 3145 res->information_elements);
3146 if (res->beacon_ies && res->len_beacon_ies &&
3147 res->beacon_ies != res->information_elements)
3148 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3149 res->len_beacon_ies, res->beacon_ies);
3102 if (res->tsf) 3150 if (res->tsf)
3103 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 3151 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3104 if (res->beacon_interval) 3152 if (res->beacon_interval)
3105 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 3153 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3106 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 3154 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3107 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 3155 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3156 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3157 jiffies_to_msecs(jiffies - intbss->ts));
3108 3158
3109 switch (rdev->wiphy.signal_type) { 3159 switch (rdev->wiphy.signal_type) {
3110 case CFG80211_SIGNAL_TYPE_MBM: 3160 case CFG80211_SIGNAL_TYPE_MBM:
@@ -3159,21 +3209,11 @@ static int nl80211_dump_scan(struct sk_buff *skb,
3159 int start = cb->args[1], idx = 0; 3209 int start = cb->args[1], idx = 0;
3160 int err; 3210 int err;
3161 3211
3162 if (!ifidx) { 3212 if (!ifidx)
3163 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 3213 ifidx = nl80211_get_ifidx(cb);
3164 nl80211_fam.attrbuf, nl80211_fam.maxattr, 3214 if (ifidx < 0)
3165 nl80211_policy); 3215 return ifidx;
3166 if (err) 3216 cb->args[0] = ifidx;
3167 return err;
3168
3169 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
3170 return -EINVAL;
3171
3172 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
3173 if (!ifidx)
3174 return -EINVAL;
3175 cb->args[0] = ifidx;
3176 }
3177 3217
3178 dev = dev_get_by_index(sock_net(skb->sk), ifidx); 3218 dev = dev_get_by_index(sock_net(skb->sk), ifidx);
3179 if (!dev) 3219 if (!dev)
@@ -3216,6 +3256,106 @@ static int nl80211_dump_scan(struct sk_buff *skb,
3216 return err; 3256 return err;
3217} 3257}
3218 3258
3259static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3260 int flags, struct net_device *dev,
3261 struct survey_info *survey)
3262{
3263 void *hdr;
3264 struct nlattr *infoattr;
3265
3266 /* Survey without a channel doesn't make sense */
3267 if (!survey->channel)
3268 return -EINVAL;
3269
3270 hdr = nl80211hdr_put(msg, pid, seq, flags,
3271 NL80211_CMD_NEW_SURVEY_RESULTS);
3272 if (!hdr)
3273 return -ENOMEM;
3274
3275 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3276
3277 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3278 if (!infoattr)
3279 goto nla_put_failure;
3280
3281 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3282 survey->channel->center_freq);
3283 if (survey->filled & SURVEY_INFO_NOISE_DBM)
3284 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3285 survey->noise);
3286
3287 nla_nest_end(msg, infoattr);
3288
3289 return genlmsg_end(msg, hdr);
3290
3291 nla_put_failure:
3292 genlmsg_cancel(msg, hdr);
3293 return -EMSGSIZE;
3294}
3295
3296static int nl80211_dump_survey(struct sk_buff *skb,
3297 struct netlink_callback *cb)
3298{
3299 struct survey_info survey;
3300 struct cfg80211_registered_device *dev;
3301 struct net_device *netdev;
3302 int ifidx = cb->args[0];
3303 int survey_idx = cb->args[1];
3304 int res;
3305
3306 if (!ifidx)
3307 ifidx = nl80211_get_ifidx(cb);
3308 if (ifidx < 0)
3309 return ifidx;
3310 cb->args[0] = ifidx;
3311
3312 rtnl_lock();
3313
3314 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3315 if (!netdev) {
3316 res = -ENODEV;
3317 goto out_rtnl;
3318 }
3319
3320 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3321 if (IS_ERR(dev)) {
3322 res = PTR_ERR(dev);
3323 goto out_rtnl;
3324 }
3325
3326 if (!dev->ops->dump_survey) {
3327 res = -EOPNOTSUPP;
3328 goto out_err;
3329 }
3330
3331 while (1) {
3332 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3333 &survey);
3334 if (res == -ENOENT)
3335 break;
3336 if (res)
3337 goto out_err;
3338
3339 if (nl80211_send_survey(skb,
3340 NETLINK_CB(cb->skb).pid,
3341 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3342 netdev,
3343 &survey) < 0)
3344 goto out;
3345 survey_idx++;
3346 }
3347
3348 out:
3349 cb->args[1] = survey_idx;
3350 res = skb->len;
3351 out_err:
3352 cfg80211_unlock_rdev(dev);
3353 out_rtnl:
3354 rtnl_unlock();
3355
3356 return res;
3357}
3358
3219static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 3359static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3220{ 3360{
3221 return auth_type <= NL80211_AUTHTYPE_MAX; 3361 return auth_type <= NL80211_AUTHTYPE_MAX;
@@ -3411,6 +3551,7 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3411{ 3551{
3412 struct cfg80211_registered_device *rdev; 3552 struct cfg80211_registered_device *rdev;
3413 struct net_device *dev; 3553 struct net_device *dev;
3554 struct wireless_dev *wdev;
3414 struct cfg80211_crypto_settings crypto; 3555 struct cfg80211_crypto_settings crypto;
3415 struct ieee80211_channel *chan, *fixedchan; 3556 struct ieee80211_channel *chan, *fixedchan;
3416 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 3557 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
@@ -3456,7 +3597,8 @@ static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3456 } 3597 }
3457 3598
3458 mutex_lock(&rdev->devlist_mtx); 3599 mutex_lock(&rdev->devlist_mtx);
3459 fixedchan = rdev_fixed_channel(rdev, NULL); 3600 wdev = dev->ieee80211_ptr;
3601 fixedchan = rdev_fixed_channel(rdev, wdev);
3460 if (fixedchan && chan != fixedchan) { 3602 if (fixedchan && chan != fixedchan) {
3461 err = -EBUSY; 3603 err = -EBUSY;
3462 mutex_unlock(&rdev->devlist_mtx); 3604 mutex_unlock(&rdev->devlist_mtx);
@@ -4054,6 +4196,589 @@ static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4054 return err; 4196 return err;
4055} 4197}
4056 4198
4199static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4200{
4201 struct cfg80211_registered_device *rdev;
4202 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4203 struct cfg80211_pmksa *pmksa) = NULL;
4204 int err;
4205 struct net_device *dev;
4206 struct cfg80211_pmksa pmksa;
4207
4208 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4209
4210 if (!info->attrs[NL80211_ATTR_MAC])
4211 return -EINVAL;
4212
4213 if (!info->attrs[NL80211_ATTR_PMKID])
4214 return -EINVAL;
4215
4216 rtnl_lock();
4217
4218 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4219 if (err)
4220 goto out_rtnl;
4221
4222 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4223 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4224
4225 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4226 err = -EOPNOTSUPP;
4227 goto out;
4228 }
4229
4230 switch (info->genlhdr->cmd) {
4231 case NL80211_CMD_SET_PMKSA:
4232 rdev_ops = rdev->ops->set_pmksa;
4233 break;
4234 case NL80211_CMD_DEL_PMKSA:
4235 rdev_ops = rdev->ops->del_pmksa;
4236 break;
4237 default:
4238 WARN_ON(1);
4239 break;
4240 }
4241
4242 if (!rdev_ops) {
4243 err = -EOPNOTSUPP;
4244 goto out;
4245 }
4246
4247 err = rdev_ops(&rdev->wiphy, dev, &pmksa);
4248
4249 out:
4250 cfg80211_unlock_rdev(rdev);
4251 dev_put(dev);
4252 out_rtnl:
4253 rtnl_unlock();
4254
4255 return err;
4256}
4257
4258static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4259{
4260 struct cfg80211_registered_device *rdev;
4261 int err;
4262 struct net_device *dev;
4263
4264 rtnl_lock();
4265
4266 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4267 if (err)
4268 goto out_rtnl;
4269
4270 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4271 err = -EOPNOTSUPP;
4272 goto out;
4273 }
4274
4275 if (!rdev->ops->flush_pmksa) {
4276 err = -EOPNOTSUPP;
4277 goto out;
4278 }
4279
4280 err = rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4281
4282 out:
4283 cfg80211_unlock_rdev(rdev);
4284 dev_put(dev);
4285 out_rtnl:
4286 rtnl_unlock();
4287
4288 return err;
4289
4290}
4291
4292static int nl80211_remain_on_channel(struct sk_buff *skb,
4293 struct genl_info *info)
4294{
4295 struct cfg80211_registered_device *rdev;
4296 struct net_device *dev;
4297 struct ieee80211_channel *chan;
4298 struct sk_buff *msg;
4299 void *hdr;
4300 u64 cookie;
4301 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4302 u32 freq, duration;
4303 int err;
4304
4305 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4306 !info->attrs[NL80211_ATTR_DURATION])
4307 return -EINVAL;
4308
4309 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4310
4311 /*
4312 * We should be on that channel for at least one jiffie,
4313 * and more than 5 seconds seems excessive.
4314 */
4315 if (!duration || !msecs_to_jiffies(duration) || duration > 5000)
4316 return -EINVAL;
4317
4318 rtnl_lock();
4319
4320 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4321 if (err)
4322 goto unlock_rtnl;
4323
4324 if (!rdev->ops->remain_on_channel) {
4325 err = -EOPNOTSUPP;
4326 goto out;
4327 }
4328
4329 if (!netif_running(dev)) {
4330 err = -ENETDOWN;
4331 goto out;
4332 }
4333
4334 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4335 channel_type = nla_get_u32(
4336 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4337 if (channel_type != NL80211_CHAN_NO_HT &&
4338 channel_type != NL80211_CHAN_HT20 &&
4339 channel_type != NL80211_CHAN_HT40PLUS &&
4340 channel_type != NL80211_CHAN_HT40MINUS)
4341 err = -EINVAL;
4342 goto out;
4343 }
4344
4345 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4346 chan = rdev_freq_to_chan(rdev, freq, channel_type);
4347 if (chan == NULL) {
4348 err = -EINVAL;
4349 goto out;
4350 }
4351
4352 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4353 if (!msg) {
4354 err = -ENOMEM;
4355 goto out;
4356 }
4357
4358 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4359 NL80211_CMD_REMAIN_ON_CHANNEL);
4360
4361 if (IS_ERR(hdr)) {
4362 err = PTR_ERR(hdr);
4363 goto free_msg;
4364 }
4365
4366 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4367 channel_type, duration, &cookie);
4368
4369 if (err)
4370 goto free_msg;
4371
4372 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4373
4374 genlmsg_end(msg, hdr);
4375 err = genlmsg_reply(msg, info);
4376 goto out;
4377
4378 nla_put_failure:
4379 err = -ENOBUFS;
4380 free_msg:
4381 nlmsg_free(msg);
4382 out:
4383 cfg80211_unlock_rdev(rdev);
4384 dev_put(dev);
4385 unlock_rtnl:
4386 rtnl_unlock();
4387 return err;
4388}
4389
4390static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4391 struct genl_info *info)
4392{
4393 struct cfg80211_registered_device *rdev;
4394 struct net_device *dev;
4395 u64 cookie;
4396 int err;
4397
4398 if (!info->attrs[NL80211_ATTR_COOKIE])
4399 return -EINVAL;
4400
4401 rtnl_lock();
4402
4403 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4404 if (err)
4405 goto unlock_rtnl;
4406
4407 if (!rdev->ops->cancel_remain_on_channel) {
4408 err = -EOPNOTSUPP;
4409 goto out;
4410 }
4411
4412 if (!netif_running(dev)) {
4413 err = -ENETDOWN;
4414 goto out;
4415 }
4416
4417 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4418
4419 err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4420
4421 out:
4422 cfg80211_unlock_rdev(rdev);
4423 dev_put(dev);
4424 unlock_rtnl:
4425 rtnl_unlock();
4426 return err;
4427}
4428
4429static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4430 u8 *rates, u8 rates_len)
4431{
4432 u8 i;
4433 u32 mask = 0;
4434
4435 for (i = 0; i < rates_len; i++) {
4436 int rate = (rates[i] & 0x7f) * 5;
4437 int ridx;
4438 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4439 struct ieee80211_rate *srate =
4440 &sband->bitrates[ridx];
4441 if (rate == srate->bitrate) {
4442 mask |= 1 << ridx;
4443 break;
4444 }
4445 }
4446 if (ridx == sband->n_bitrates)
4447 return 0; /* rate not found */
4448 }
4449
4450 return mask;
4451}
4452
4453static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4454 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4455 .len = NL80211_MAX_SUPP_RATES },
4456};
4457
4458static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4459 struct genl_info *info)
4460{
4461 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4462 struct cfg80211_registered_device *rdev;
4463 struct cfg80211_bitrate_mask mask;
4464 int err, rem, i;
4465 struct net_device *dev;
4466 struct nlattr *tx_rates;
4467 struct ieee80211_supported_band *sband;
4468
4469 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4470 return -EINVAL;
4471
4472 rtnl_lock();
4473
4474 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4475 if (err)
4476 goto unlock_rtnl;
4477
4478 if (!rdev->ops->set_bitrate_mask) {
4479 err = -EOPNOTSUPP;
4480 goto unlock;
4481 }
4482
4483 memset(&mask, 0, sizeof(mask));
4484 /* Default to all rates enabled */
4485 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4486 sband = rdev->wiphy.bands[i];
4487 mask.control[i].legacy =
4488 sband ? (1 << sband->n_bitrates) - 1 : 0;
4489 }
4490
4491 /*
4492 * The nested attribute uses enum nl80211_band as the index. This maps
4493 * directly to the enum ieee80211_band values used in cfg80211.
4494 */
4495 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4496 {
4497 enum ieee80211_band band = nla_type(tx_rates);
4498 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4499 err = -EINVAL;
4500 goto unlock;
4501 }
4502 sband = rdev->wiphy.bands[band];
4503 if (sband == NULL) {
4504 err = -EINVAL;
4505 goto unlock;
4506 }
4507 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4508 nla_len(tx_rates), nl80211_txattr_policy);
4509 if (tb[NL80211_TXRATE_LEGACY]) {
4510 mask.control[band].legacy = rateset_to_mask(
4511 sband,
4512 nla_data(tb[NL80211_TXRATE_LEGACY]),
4513 nla_len(tb[NL80211_TXRATE_LEGACY]));
4514 if (mask.control[band].legacy == 0) {
4515 err = -EINVAL;
4516 goto unlock;
4517 }
4518 }
4519 }
4520
4521 err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4522
4523 unlock:
4524 dev_put(dev);
4525 cfg80211_unlock_rdev(rdev);
4526 unlock_rtnl:
4527 rtnl_unlock();
4528 return err;
4529}
4530
4531static int nl80211_register_action(struct sk_buff *skb, struct genl_info *info)
4532{
4533 struct cfg80211_registered_device *rdev;
4534 struct net_device *dev;
4535 int err;
4536
4537 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4538 return -EINVAL;
4539
4540 if (nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]) < 1)
4541 return -EINVAL;
4542
4543 rtnl_lock();
4544
4545 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4546 if (err)
4547 goto unlock_rtnl;
4548
4549 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4550 err = -EOPNOTSUPP;
4551 goto out;
4552 }
4553
4554 /* not much point in registering if we can't reply */
4555 if (!rdev->ops->action) {
4556 err = -EOPNOTSUPP;
4557 goto out;
4558 }
4559
4560 err = cfg80211_mlme_register_action(dev->ieee80211_ptr, info->snd_pid,
4561 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4562 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4563 out:
4564 cfg80211_unlock_rdev(rdev);
4565 dev_put(dev);
4566 unlock_rtnl:
4567 rtnl_unlock();
4568 return err;
4569}
4570
4571static int nl80211_action(struct sk_buff *skb, struct genl_info *info)
4572{
4573 struct cfg80211_registered_device *rdev;
4574 struct net_device *dev;
4575 struct ieee80211_channel *chan;
4576 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4577 u32 freq;
4578 int err;
4579 void *hdr;
4580 u64 cookie;
4581 struct sk_buff *msg;
4582
4583 if (!info->attrs[NL80211_ATTR_FRAME] ||
4584 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4585 return -EINVAL;
4586
4587 rtnl_lock();
4588
4589 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4590 if (err)
4591 goto unlock_rtnl;
4592
4593 if (!rdev->ops->action) {
4594 err = -EOPNOTSUPP;
4595 goto out;
4596 }
4597
4598 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4599 err = -EOPNOTSUPP;
4600 goto out;
4601 }
4602
4603 if (!netif_running(dev)) {
4604 err = -ENETDOWN;
4605 goto out;
4606 }
4607
4608 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4609 channel_type = nla_get_u32(
4610 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4611 if (channel_type != NL80211_CHAN_NO_HT &&
4612 channel_type != NL80211_CHAN_HT20 &&
4613 channel_type != NL80211_CHAN_HT40PLUS &&
4614 channel_type != NL80211_CHAN_HT40MINUS)
4615 err = -EINVAL;
4616 goto out;
4617 }
4618
4619 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4620 chan = rdev_freq_to_chan(rdev, freq, channel_type);
4621 if (chan == NULL) {
4622 err = -EINVAL;
4623 goto out;
4624 }
4625
4626 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4627 if (!msg) {
4628 err = -ENOMEM;
4629 goto out;
4630 }
4631
4632 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4633 NL80211_CMD_ACTION);
4634
4635 if (IS_ERR(hdr)) {
4636 err = PTR_ERR(hdr);
4637 goto free_msg;
4638 }
4639 err = cfg80211_mlme_action(rdev, dev, chan, channel_type,
4640 nla_data(info->attrs[NL80211_ATTR_FRAME]),
4641 nla_len(info->attrs[NL80211_ATTR_FRAME]),
4642 &cookie);
4643 if (err)
4644 goto free_msg;
4645
4646 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4647
4648 genlmsg_end(msg, hdr);
4649 err = genlmsg_reply(msg, info);
4650 goto out;
4651
4652 nla_put_failure:
4653 err = -ENOBUFS;
4654 free_msg:
4655 nlmsg_free(msg);
4656 out:
4657 cfg80211_unlock_rdev(rdev);
4658 dev_put(dev);
4659unlock_rtnl:
4660 rtnl_unlock();
4661 return err;
4662}
4663
4664static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
4665{
4666 struct cfg80211_registered_device *rdev;
4667 struct wireless_dev *wdev;
4668 struct net_device *dev;
4669 u8 ps_state;
4670 bool state;
4671 int err;
4672
4673 if (!info->attrs[NL80211_ATTR_PS_STATE]) {
4674 err = -EINVAL;
4675 goto out;
4676 }
4677
4678 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
4679
4680 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) {
4681 err = -EINVAL;
4682 goto out;
4683 }
4684
4685 rtnl_lock();
4686
4687 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4688 if (err)
4689 goto unlock_rdev;
4690
4691 wdev = dev->ieee80211_ptr;
4692
4693 if (!rdev->ops->set_power_mgmt) {
4694 err = -EOPNOTSUPP;
4695 goto unlock_rdev;
4696 }
4697
4698 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
4699
4700 if (state == wdev->ps)
4701 goto unlock_rdev;
4702
4703 wdev->ps = state;
4704
4705 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps,
4706 wdev->ps_timeout))
4707 /* assume this means it's off */
4708 wdev->ps = false;
4709
4710unlock_rdev:
4711 cfg80211_unlock_rdev(rdev);
4712 dev_put(dev);
4713 rtnl_unlock();
4714
4715out:
4716 return err;
4717}
4718
4719static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
4720{
4721 struct cfg80211_registered_device *rdev;
4722 enum nl80211_ps_state ps_state;
4723 struct wireless_dev *wdev;
4724 struct net_device *dev;
4725 struct sk_buff *msg;
4726 void *hdr;
4727 int err;
4728
4729 rtnl_lock();
4730
4731 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4732 if (err)
4733 goto unlock_rtnl;
4734
4735 wdev = dev->ieee80211_ptr;
4736
4737 if (!rdev->ops->set_power_mgmt) {
4738 err = -EOPNOTSUPP;
4739 goto out;
4740 }
4741
4742 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4743 if (!msg) {
4744 err = -ENOMEM;
4745 goto out;
4746 }
4747
4748 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4749 NL80211_CMD_GET_POWER_SAVE);
4750 if (!hdr) {
4751 err = -ENOMEM;
4752 goto free_msg;
4753 }
4754
4755 if (wdev->ps)
4756 ps_state = NL80211_PS_ENABLED;
4757 else
4758 ps_state = NL80211_PS_DISABLED;
4759
4760 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
4761
4762 genlmsg_end(msg, hdr);
4763 err = genlmsg_reply(msg, info);
4764 goto out;
4765
4766nla_put_failure:
4767 err = -ENOBUFS;
4768
4769free_msg:
4770 nlmsg_free(msg);
4771
4772out:
4773 cfg80211_unlock_rdev(rdev);
4774 dev_put(dev);
4775
4776unlock_rtnl:
4777 rtnl_unlock();
4778
4779 return err;
4780}
4781
4057static struct genl_ops nl80211_ops[] = { 4782static struct genl_ops nl80211_ops[] = {
4058 { 4783 {
4059 .cmd = NL80211_CMD_GET_WIPHY, 4784 .cmd = NL80211_CMD_GET_WIPHY,
@@ -4293,7 +5018,73 @@ static struct genl_ops nl80211_ops[] = {
4293 .policy = nl80211_policy, 5018 .policy = nl80211_policy,
4294 .flags = GENL_ADMIN_PERM, 5019 .flags = GENL_ADMIN_PERM,
4295 }, 5020 },
5021 {
5022 .cmd = NL80211_CMD_GET_SURVEY,
5023 .policy = nl80211_policy,
5024 .dumpit = nl80211_dump_survey,
5025 },
5026 {
5027 .cmd = NL80211_CMD_SET_PMKSA,
5028 .doit = nl80211_setdel_pmksa,
5029 .policy = nl80211_policy,
5030 .flags = GENL_ADMIN_PERM,
5031 },
5032 {
5033 .cmd = NL80211_CMD_DEL_PMKSA,
5034 .doit = nl80211_setdel_pmksa,
5035 .policy = nl80211_policy,
5036 .flags = GENL_ADMIN_PERM,
5037 },
5038 {
5039 .cmd = NL80211_CMD_FLUSH_PMKSA,
5040 .doit = nl80211_flush_pmksa,
5041 .policy = nl80211_policy,
5042 .flags = GENL_ADMIN_PERM,
5043 },
5044 {
5045 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
5046 .doit = nl80211_remain_on_channel,
5047 .policy = nl80211_policy,
5048 .flags = GENL_ADMIN_PERM,
5049 },
5050 {
5051 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5052 .doit = nl80211_cancel_remain_on_channel,
5053 .policy = nl80211_policy,
5054 .flags = GENL_ADMIN_PERM,
5055 },
5056 {
5057 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
5058 .doit = nl80211_set_tx_bitrate_mask,
5059 .policy = nl80211_policy,
5060 .flags = GENL_ADMIN_PERM,
5061 },
5062 {
5063 .cmd = NL80211_CMD_REGISTER_ACTION,
5064 .doit = nl80211_register_action,
5065 .policy = nl80211_policy,
5066 .flags = GENL_ADMIN_PERM,
5067 },
5068 {
5069 .cmd = NL80211_CMD_ACTION,
5070 .doit = nl80211_action,
5071 .policy = nl80211_policy,
5072 .flags = GENL_ADMIN_PERM,
5073 },
5074 {
5075 .cmd = NL80211_CMD_SET_POWER_SAVE,
5076 .doit = nl80211_set_power_save,
5077 .policy = nl80211_policy,
5078 .flags = GENL_ADMIN_PERM,
5079 },
5080 {
5081 .cmd = NL80211_CMD_GET_POWER_SAVE,
5082 .doit = nl80211_get_power_save,
5083 .policy = nl80211_policy,
5084 /* can be retrieved by unprivileged users */
5085 },
4296}; 5086};
5087
4297static struct genl_multicast_group nl80211_mlme_mcgrp = { 5088static struct genl_multicast_group nl80211_mlme_mcgrp = {
4298 .name = "mlme", 5089 .name = "mlme",
4299}; 5090};
@@ -4881,6 +5672,193 @@ nla_put_failure:
4881 nlmsg_free(msg); 5672 nlmsg_free(msg);
4882} 5673}
4883 5674
5675static void nl80211_send_remain_on_chan_event(
5676 int cmd, struct cfg80211_registered_device *rdev,
5677 struct net_device *netdev, u64 cookie,
5678 struct ieee80211_channel *chan,
5679 enum nl80211_channel_type channel_type,
5680 unsigned int duration, gfp_t gfp)
5681{
5682 struct sk_buff *msg;
5683 void *hdr;
5684
5685 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5686 if (!msg)
5687 return;
5688
5689 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5690 if (!hdr) {
5691 nlmsg_free(msg);
5692 return;
5693 }
5694
5695 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5696 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5697 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq);
5698 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type);
5699 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5700
5701 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL)
5702 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
5703
5704 if (genlmsg_end(msg, hdr) < 0) {
5705 nlmsg_free(msg);
5706 return;
5707 }
5708
5709 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5710 nl80211_mlme_mcgrp.id, gfp);
5711 return;
5712
5713 nla_put_failure:
5714 genlmsg_cancel(msg, hdr);
5715 nlmsg_free(msg);
5716}
5717
5718void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
5719 struct net_device *netdev, u64 cookie,
5720 struct ieee80211_channel *chan,
5721 enum nl80211_channel_type channel_type,
5722 unsigned int duration, gfp_t gfp)
5723{
5724 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
5725 rdev, netdev, cookie, chan,
5726 channel_type, duration, gfp);
5727}
5728
5729void nl80211_send_remain_on_channel_cancel(
5730 struct cfg80211_registered_device *rdev, struct net_device *netdev,
5731 u64 cookie, struct ieee80211_channel *chan,
5732 enum nl80211_channel_type channel_type, gfp_t gfp)
5733{
5734 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5735 rdev, netdev, cookie, chan,
5736 channel_type, 0, gfp);
5737}
5738
5739void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
5740 struct net_device *dev, const u8 *mac_addr,
5741 struct station_info *sinfo, gfp_t gfp)
5742{
5743 struct sk_buff *msg;
5744
5745 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5746 if (!msg)
5747 return;
5748
5749 if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) {
5750 nlmsg_free(msg);
5751 return;
5752 }
5753
5754 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5755 nl80211_mlme_mcgrp.id, gfp);
5756}
5757
5758int nl80211_send_action(struct cfg80211_registered_device *rdev,
5759 struct net_device *netdev, u32 nlpid,
5760 int freq, const u8 *buf, size_t len, gfp_t gfp)
5761{
5762 struct sk_buff *msg;
5763 void *hdr;
5764 int err;
5765
5766 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5767 if (!msg)
5768 return -ENOMEM;
5769
5770 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION);
5771 if (!hdr) {
5772 nlmsg_free(msg);
5773 return -ENOMEM;
5774 }
5775
5776 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5777 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5778 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5779 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5780
5781 err = genlmsg_end(msg, hdr);
5782 if (err < 0) {
5783 nlmsg_free(msg);
5784 return err;
5785 }
5786
5787 err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
5788 if (err < 0)
5789 return err;
5790 return 0;
5791
5792 nla_put_failure:
5793 genlmsg_cancel(msg, hdr);
5794 nlmsg_free(msg);
5795 return -ENOBUFS;
5796}
5797
5798void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev,
5799 struct net_device *netdev, u64 cookie,
5800 const u8 *buf, size_t len, bool ack,
5801 gfp_t gfp)
5802{
5803 struct sk_buff *msg;
5804 void *hdr;
5805
5806 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5807 if (!msg)
5808 return;
5809
5810 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION_TX_STATUS);
5811 if (!hdr) {
5812 nlmsg_free(msg);
5813 return;
5814 }
5815
5816 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5817 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5818 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5819 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5820 if (ack)
5821 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
5822
5823 if (genlmsg_end(msg, hdr) < 0) {
5824 nlmsg_free(msg);
5825 return;
5826 }
5827
5828 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
5829 return;
5830
5831 nla_put_failure:
5832 genlmsg_cancel(msg, hdr);
5833 nlmsg_free(msg);
5834}
5835
5836static int nl80211_netlink_notify(struct notifier_block * nb,
5837 unsigned long state,
5838 void *_notify)
5839{
5840 struct netlink_notify *notify = _notify;
5841 struct cfg80211_registered_device *rdev;
5842 struct wireless_dev *wdev;
5843
5844 if (state != NETLINK_URELEASE)
5845 return NOTIFY_DONE;
5846
5847 rcu_read_lock();
5848
5849 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list)
5850 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list)
5851 cfg80211_mlme_unregister_actions(wdev, notify->pid);
5852
5853 rcu_read_unlock();
5854
5855 return NOTIFY_DONE;
5856}
5857
5858static struct notifier_block nl80211_netlink_notifier = {
5859 .notifier_call = nl80211_netlink_notify,
5860};
5861
4884/* initialisation/exit functions */ 5862/* initialisation/exit functions */
4885 5863
4886int nl80211_init(void) 5864int nl80211_init(void)
@@ -4914,6 +5892,10 @@ int nl80211_init(void)
4914 goto err_out; 5892 goto err_out;
4915#endif 5893#endif
4916 5894
5895 err = netlink_register_notifier(&nl80211_netlink_notifier);
5896 if (err)
5897 goto err_out;
5898
4917 return 0; 5899 return 0;
4918 err_out: 5900 err_out:
4919 genl_unregister_family(&nl80211_fam); 5901 genl_unregister_family(&nl80211_fam);
@@ -4922,5 +5904,6 @@ int nl80211_init(void)
4922 5904
4923void nl80211_exit(void) 5905void nl80211_exit(void)
4924{ 5906{
5907 netlink_unregister_notifier(&nl80211_netlink_notifier);
4925 genl_unregister_family(&nl80211_fam); 5908 genl_unregister_family(&nl80211_fam);
4926} 5909}
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h
index 44cc2a76a1b0..4ca511102c6c 100644
--- a/net/wireless/nl80211.h
+++ b/net/wireless/nl80211.h
@@ -59,4 +59,27 @@ void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
59 struct net_device *netdev, const u8 *bssid, 59 struct net_device *netdev, const u8 *bssid,
60 gfp_t gfp); 60 gfp_t gfp);
61 61
62void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
63 struct net_device *netdev,
64 u64 cookie,
65 struct ieee80211_channel *chan,
66 enum nl80211_channel_type channel_type,
67 unsigned int duration, gfp_t gfp);
68void nl80211_send_remain_on_channel_cancel(
69 struct cfg80211_registered_device *rdev, struct net_device *netdev,
70 u64 cookie, struct ieee80211_channel *chan,
71 enum nl80211_channel_type channel_type, gfp_t gfp);
72
73void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
74 struct net_device *dev, const u8 *mac_addr,
75 struct station_info *sinfo, gfp_t gfp);
76
77int nl80211_send_action(struct cfg80211_registered_device *rdev,
78 struct net_device *netdev, u32 nlpid, int freq,
79 const u8 *buf, size_t len, gfp_t gfp);
80void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev,
81 struct net_device *netdev, u64 cookie,
82 const u8 *buf, size_t len, bool ack,
83 gfp_t gfp);
84
62#endif /* __NET_WIRELESS_NL80211_H */ 85#endif /* __NET_WIRELESS_NL80211_H */
diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c
index f591871a7b4f..1332c445d1c7 100644
--- a/net/wireless/radiotap.c
+++ b/net/wireless/radiotap.c
@@ -2,6 +2,16 @@
2 * Radiotap parser 2 * Radiotap parser
3 * 3 *
4 * Copyright 2007 Andy Green <andy@warmcat.com> 4 * Copyright 2007 Andy Green <andy@warmcat.com>
5 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 *
11 * Alternatively, this software may be distributed under the terms of BSD
12 * license.
13 *
14 * See COPYING for more details.
5 */ 15 */
6 16
7#include <net/cfg80211.h> 17#include <net/cfg80211.h>
@@ -10,6 +20,35 @@
10 20
11/* function prototypes and related defs are in include/net/cfg80211.h */ 21/* function prototypes and related defs are in include/net/cfg80211.h */
12 22
23static const struct radiotap_align_size rtap_namespace_sizes[] = {
24 [IEEE80211_RADIOTAP_TSFT] = { .align = 8, .size = 8, },
25 [IEEE80211_RADIOTAP_FLAGS] = { .align = 1, .size = 1, },
26 [IEEE80211_RADIOTAP_RATE] = { .align = 1, .size = 1, },
27 [IEEE80211_RADIOTAP_CHANNEL] = { .align = 2, .size = 4, },
28 [IEEE80211_RADIOTAP_FHSS] = { .align = 2, .size = 2, },
29 [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = { .align = 1, .size = 1, },
30 [IEEE80211_RADIOTAP_DBM_ANTNOISE] = { .align = 1, .size = 1, },
31 [IEEE80211_RADIOTAP_LOCK_QUALITY] = { .align = 2, .size = 2, },
32 [IEEE80211_RADIOTAP_TX_ATTENUATION] = { .align = 2, .size = 2, },
33 [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = { .align = 2, .size = 2, },
34 [IEEE80211_RADIOTAP_DBM_TX_POWER] = { .align = 1, .size = 1, },
35 [IEEE80211_RADIOTAP_ANTENNA] = { .align = 1, .size = 1, },
36 [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = { .align = 1, .size = 1, },
37 [IEEE80211_RADIOTAP_DB_ANTNOISE] = { .align = 1, .size = 1, },
38 [IEEE80211_RADIOTAP_RX_FLAGS] = { .align = 2, .size = 2, },
39 [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, },
40 [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, },
41 [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, },
42 /*
43 * add more here as they are defined in radiotap.h
44 */
45};
46
47static const struct ieee80211_radiotap_namespace radiotap_ns = {
48 .n_bits = sizeof(rtap_namespace_sizes) / sizeof(rtap_namespace_sizes[0]),
49 .align_size = rtap_namespace_sizes,
50};
51
13/** 52/**
14 * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization 53 * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
15 * @iterator: radiotap_iterator to initialize 54 * @iterator: radiotap_iterator to initialize
@@ -50,9 +89,9 @@
50 */ 89 */
51 90
52int ieee80211_radiotap_iterator_init( 91int ieee80211_radiotap_iterator_init(
53 struct ieee80211_radiotap_iterator *iterator, 92 struct ieee80211_radiotap_iterator *iterator,
54 struct ieee80211_radiotap_header *radiotap_header, 93 struct ieee80211_radiotap_header *radiotap_header,
55 int max_length) 94 int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns)
56{ 95{
57 /* Linux only supports version 0 radiotap format */ 96 /* Linux only supports version 0 radiotap format */
58 if (radiotap_header->it_version) 97 if (radiotap_header->it_version)
@@ -62,19 +101,24 @@ int ieee80211_radiotap_iterator_init(
62 if (max_length < get_unaligned_le16(&radiotap_header->it_len)) 101 if (max_length < get_unaligned_le16(&radiotap_header->it_len))
63 return -EINVAL; 102 return -EINVAL;
64 103
65 iterator->rtheader = radiotap_header; 104 iterator->_rtheader = radiotap_header;
66 iterator->max_length = get_unaligned_le16(&radiotap_header->it_len); 105 iterator->_max_length = get_unaligned_le16(&radiotap_header->it_len);
67 iterator->arg_index = 0; 106 iterator->_arg_index = 0;
68 iterator->bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present); 107 iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
69 iterator->arg = (u8 *)radiotap_header + sizeof(*radiotap_header); 108 iterator->_arg = (uint8_t *)radiotap_header + sizeof(*radiotap_header);
70 iterator->this_arg = NULL; 109 iterator->_reset_on_ext = 0;
110 iterator->_next_bitmap = &radiotap_header->it_present;
111 iterator->_next_bitmap++;
112 iterator->_vns = vns;
113 iterator->current_namespace = &radiotap_ns;
114 iterator->is_radiotap_ns = 1;
71 115
72 /* find payload start allowing for extended bitmap(s) */ 116 /* find payload start allowing for extended bitmap(s) */
73 117
74 if (unlikely(iterator->bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT))) { 118 if (iterator->_bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT)) {
75 while (get_unaligned_le32(iterator->arg) & 119 while (get_unaligned_le32(iterator->_arg) &
76 (1 << IEEE80211_RADIOTAP_EXT)) { 120 (1 << IEEE80211_RADIOTAP_EXT)) {
77 iterator->arg += sizeof(u32); 121 iterator->_arg += sizeof(uint32_t);
78 122
79 /* 123 /*
80 * check for insanity where the present bitmaps 124 * check for insanity where the present bitmaps
@@ -82,12 +126,13 @@ int ieee80211_radiotap_iterator_init(
82 * stated radiotap header length 126 * stated radiotap header length
83 */ 127 */
84 128
85 if (((ulong)iterator->arg - 129 if ((unsigned long)iterator->_arg -
86 (ulong)iterator->rtheader) > iterator->max_length) 130 (unsigned long)iterator->_rtheader >
131 (unsigned long)iterator->_max_length)
87 return -EINVAL; 132 return -EINVAL;
88 } 133 }
89 134
90 iterator->arg += sizeof(u32); 135 iterator->_arg += sizeof(uint32_t);
91 136
92 /* 137 /*
93 * no need to check again for blowing past stated radiotap 138 * no need to check again for blowing past stated radiotap
@@ -96,12 +141,36 @@ int ieee80211_radiotap_iterator_init(
96 */ 141 */
97 } 142 }
98 143
144 iterator->this_arg = iterator->_arg;
145
99 /* we are all initialized happily */ 146 /* we are all initialized happily */
100 147
101 return 0; 148 return 0;
102} 149}
103EXPORT_SYMBOL(ieee80211_radiotap_iterator_init); 150EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
104 151
152static void find_ns(struct ieee80211_radiotap_iterator *iterator,
153 uint32_t oui, uint8_t subns)
154{
155 int i;
156
157 iterator->current_namespace = NULL;
158
159 if (!iterator->_vns)
160 return;
161
162 for (i = 0; i < iterator->_vns->n_ns; i++) {
163 if (iterator->_vns->ns[i].oui != oui)
164 continue;
165 if (iterator->_vns->ns[i].subns != subns)
166 continue;
167
168 iterator->current_namespace = &iterator->_vns->ns[i];
169 break;
170 }
171}
172
173
105 174
106/** 175/**
107 * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg 176 * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
@@ -127,99 +196,80 @@ EXPORT_SYMBOL(ieee80211_radiotap_iterator_init);
127 */ 196 */
128 197
129int ieee80211_radiotap_iterator_next( 198int ieee80211_radiotap_iterator_next(
130 struct ieee80211_radiotap_iterator *iterator) 199 struct ieee80211_radiotap_iterator *iterator)
131{ 200{
132 201 while (1) {
133 /*
134 * small length lookup table for all radiotap types we heard of
135 * starting from b0 in the bitmap, so we can walk the payload
136 * area of the radiotap header
137 *
138 * There is a requirement to pad args, so that args
139 * of a given length must begin at a boundary of that length
140 * -- but note that compound args are allowed (eg, 2 x u16
141 * for IEEE80211_RADIOTAP_CHANNEL) so total arg length is not
142 * a reliable indicator of alignment requirement.
143 *
144 * upper nybble: content alignment for arg
145 * lower nybble: content length for arg
146 */
147
148 static const u8 rt_sizes[] = {
149 [IEEE80211_RADIOTAP_TSFT] = 0x88,
150 [IEEE80211_RADIOTAP_FLAGS] = 0x11,
151 [IEEE80211_RADIOTAP_RATE] = 0x11,
152 [IEEE80211_RADIOTAP_CHANNEL] = 0x24,
153 [IEEE80211_RADIOTAP_FHSS] = 0x22,
154 [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = 0x11,
155 [IEEE80211_RADIOTAP_DBM_ANTNOISE] = 0x11,
156 [IEEE80211_RADIOTAP_LOCK_QUALITY] = 0x22,
157 [IEEE80211_RADIOTAP_TX_ATTENUATION] = 0x22,
158 [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = 0x22,
159 [IEEE80211_RADIOTAP_DBM_TX_POWER] = 0x11,
160 [IEEE80211_RADIOTAP_ANTENNA] = 0x11,
161 [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = 0x11,
162 [IEEE80211_RADIOTAP_DB_ANTNOISE] = 0x11,
163 [IEEE80211_RADIOTAP_RX_FLAGS] = 0x22,
164 [IEEE80211_RADIOTAP_TX_FLAGS] = 0x22,
165 [IEEE80211_RADIOTAP_RTS_RETRIES] = 0x11,
166 [IEEE80211_RADIOTAP_DATA_RETRIES] = 0x11,
167 /*
168 * add more here as they are defined in
169 * include/net/ieee80211_radiotap.h
170 */
171 };
172
173 /*
174 * for every radiotap entry we can at
175 * least skip (by knowing the length)...
176 */
177
178 while (iterator->arg_index < sizeof(rt_sizes)) {
179 int hit = 0; 202 int hit = 0;
180 int pad; 203 int pad, align, size, subns, vnslen;
204 uint32_t oui;
181 205
182 if (!(iterator->bitmap_shifter & 1)) 206 /* if no more EXT bits, that's it */
207 if ((iterator->_arg_index % 32) == IEEE80211_RADIOTAP_EXT &&
208 !(iterator->_bitmap_shifter & 1))
209 return -ENOENT;
210
211 if (!(iterator->_bitmap_shifter & 1))
183 goto next_entry; /* arg not present */ 212 goto next_entry; /* arg not present */
184 213
214 /* get alignment/size of data */
215 switch (iterator->_arg_index % 32) {
216 case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
217 case IEEE80211_RADIOTAP_EXT:
218 align = 1;
219 size = 0;
220 break;
221 case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
222 align = 2;
223 size = 6;
224 break;
225 default:
226 if (!iterator->current_namespace ||
227 iterator->_arg_index >= iterator->current_namespace->n_bits) {
228 if (iterator->current_namespace == &radiotap_ns)
229 return -ENOENT;
230 align = 0;
231 } else {
232 align = iterator->current_namespace->align_size[iterator->_arg_index].align;
233 size = iterator->current_namespace->align_size[iterator->_arg_index].size;
234 }
235 if (!align) {
236 /* skip all subsequent data */
237 iterator->_arg = iterator->_next_ns_data;
238 /* give up on this namespace */
239 iterator->current_namespace = NULL;
240 goto next_entry;
241 }
242 break;
243 }
244
185 /* 245 /*
186 * arg is present, account for alignment padding 246 * arg is present, account for alignment padding
187 * 8-bit args can be at any alignment
188 * 16-bit args must start on 16-bit boundary
189 * 32-bit args must start on 32-bit boundary
190 * 64-bit args must start on 64-bit boundary
191 * 247 *
192 * note that total arg size can differ from alignment of 248 * Note that these alignments are relative to the start
193 * elements inside arg, so we use upper nybble of length 249 * of the radiotap header. There is no guarantee
194 * table to base alignment on
195 *
196 * also note: these alignments are ** relative to the
197 * start of the radiotap header **. There is no guarantee
198 * that the radiotap header itself is aligned on any 250 * that the radiotap header itself is aligned on any
199 * kind of boundary. 251 * kind of boundary.
200 * 252 *
201 * the above is why get_unaligned() is used to dereference 253 * The above is why get_unaligned() is used to dereference
202 * multibyte elements from the radiotap area 254 * multibyte elements from the radiotap area.
203 */ 255 */
204 256
205 pad = (((ulong)iterator->arg) - 257 pad = ((unsigned long)iterator->_arg -
206 ((ulong)iterator->rtheader)) & 258 (unsigned long)iterator->_rtheader) & (align - 1);
207 ((rt_sizes[iterator->arg_index] >> 4) - 1);
208 259
209 if (pad) 260 if (pad)
210 iterator->arg += 261 iterator->_arg += align - pad;
211 (rt_sizes[iterator->arg_index] >> 4) - pad;
212 262
213 /* 263 /*
214 * this is what we will return to user, but we need to 264 * this is what we will return to user, but we need to
215 * move on first so next call has something fresh to test 265 * move on first so next call has something fresh to test
216 */ 266 */
217 iterator->this_arg_index = iterator->arg_index; 267 iterator->this_arg_index = iterator->_arg_index;
218 iterator->this_arg = iterator->arg; 268 iterator->this_arg = iterator->_arg;
219 hit = 1; 269 iterator->this_arg_size = size;
220 270
221 /* internally move on the size of this arg */ 271 /* internally move on the size of this arg */
222 iterator->arg += rt_sizes[iterator->arg_index] & 0x0f; 272 iterator->_arg += size;
223 273
224 /* 274 /*
225 * check for insanity where we are given a bitmap that 275 * check for insanity where we are given a bitmap that
@@ -228,32 +278,73 @@ int ieee80211_radiotap_iterator_next(
228 * max_length on the last arg, never exceeding it. 278 * max_length on the last arg, never exceeding it.
229 */ 279 */
230 280
231 if (((ulong)iterator->arg - (ulong)iterator->rtheader) > 281 if ((unsigned long)iterator->_arg -
232 iterator->max_length) 282 (unsigned long)iterator->_rtheader >
283 (unsigned long)iterator->_max_length)
233 return -EINVAL; 284 return -EINVAL;
234 285
235 next_entry: 286 /* these special ones are valid in each bitmap word */
236 iterator->arg_index++; 287 switch (iterator->_arg_index % 32) {
237 if (unlikely((iterator->arg_index & 31) == 0)) { 288 case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
238 /* completed current u32 bitmap */ 289 iterator->_bitmap_shifter >>= 1;
239 if (iterator->bitmap_shifter & 1) { 290 iterator->_arg_index++;
240 /* b31 was set, there is more */ 291
241 /* move to next u32 bitmap */ 292 iterator->_reset_on_ext = 1;
242 iterator->bitmap_shifter = 293
243 get_unaligned_le32(iterator->next_bitmap); 294 vnslen = get_unaligned_le16(iterator->this_arg + 4);
244 iterator->next_bitmap++; 295 iterator->_next_ns_data = iterator->_arg + vnslen;
245 } else 296 oui = (*iterator->this_arg << 16) |
246 /* no more bitmaps: end */ 297 (*(iterator->this_arg + 1) << 8) |
247 iterator->arg_index = sizeof(rt_sizes); 298 *(iterator->this_arg + 2);
248 } else /* just try the next bit */ 299 subns = *(iterator->this_arg + 3);
249 iterator->bitmap_shifter >>= 1; 300
301 find_ns(iterator, oui, subns);
302
303 iterator->is_radiotap_ns = 0;
304 /* allow parsers to show this information */
305 iterator->this_arg_index =
306 IEEE80211_RADIOTAP_VENDOR_NAMESPACE;
307 iterator->this_arg_size += vnslen;
308 if ((unsigned long)iterator->this_arg +
309 iterator->this_arg_size -
310 (unsigned long)iterator->_rtheader >
311 (unsigned long)(unsigned long)iterator->_max_length)
312 return -EINVAL;
313 hit = 1;
314 break;
315 case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
316 iterator->_bitmap_shifter >>= 1;
317 iterator->_arg_index++;
318
319 iterator->_reset_on_ext = 1;
320 iterator->current_namespace = &radiotap_ns;
321 iterator->is_radiotap_ns = 1;
322 break;
323 case IEEE80211_RADIOTAP_EXT:
324 /*
325 * bit 31 was set, there is more
326 * -- move to next u32 bitmap
327 */
328 iterator->_bitmap_shifter =
329 get_unaligned_le32(iterator->_next_bitmap);
330 iterator->_next_bitmap++;
331 if (iterator->_reset_on_ext)
332 iterator->_arg_index = 0;
333 else
334 iterator->_arg_index++;
335 iterator->_reset_on_ext = 0;
336 break;
337 default:
338 /* we've got a hit! */
339 hit = 1;
340 next_entry:
341 iterator->_bitmap_shifter >>= 1;
342 iterator->_arg_index++;
343 }
250 344
251 /* if we found a valid arg earlier, return it now */ 345 /* if we found a valid arg earlier, return it now */
252 if (hit) 346 if (hit)
253 return 0; 347 return 0;
254 } 348 }
255
256 /* we don't know how to handle any more args, we're done */
257 return -ENOENT;
258} 349}
259EXPORT_SYMBOL(ieee80211_radiotap_iterator_next); 350EXPORT_SYMBOL(ieee80211_radiotap_iterator_next);
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index f256dfffbf46..422da20d1e5b 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -33,6 +33,7 @@
33 * 33 *
34 */ 34 */
35#include <linux/kernel.h> 35#include <linux/kernel.h>
36#include <linux/slab.h>
36#include <linux/list.h> 37#include <linux/list.h>
37#include <linux/random.h> 38#include <linux/random.h>
38#include <linux/nl80211.h> 39#include <linux/nl80211.h>
@@ -40,8 +41,18 @@
40#include <net/cfg80211.h> 41#include <net/cfg80211.h>
41#include "core.h" 42#include "core.h"
42#include "reg.h" 43#include "reg.h"
44#include "regdb.h"
43#include "nl80211.h" 45#include "nl80211.h"
44 46
47#ifdef CONFIG_CFG80211_REG_DEBUG
48#define REG_DBG_PRINT(format, args...) \
49 do { \
50 printk(KERN_DEBUG format , ## args); \
51 } while (0)
52#else
53#define REG_DBG_PRINT(args...)
54#endif
55
45/* Receipt of information from last regulatory request */ 56/* Receipt of information from last regulatory request */
46static struct regulatory_request *last_request; 57static struct regulatory_request *last_request;
47 58
@@ -124,107 +135,11 @@ static const struct ieee80211_regdomain *cfg80211_world_regdom =
124 &world_regdom; 135 &world_regdom;
125 136
126static char *ieee80211_regdom = "00"; 137static char *ieee80211_regdom = "00";
138static char user_alpha2[2];
127 139
128module_param(ieee80211_regdom, charp, 0444); 140module_param(ieee80211_regdom, charp, 0444);
129MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain code"); 141MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain code");
130 142
131#ifdef CONFIG_WIRELESS_OLD_REGULATORY
132/*
133 * We assume 40 MHz bandwidth for the old regulatory work.
134 * We make emphasis we are using the exact same frequencies
135 * as before
136 */
137
138static const struct ieee80211_regdomain us_regdom = {
139 .n_reg_rules = 6,
140 .alpha2 = "US",
141 .reg_rules = {
142 /* IEEE 802.11b/g, channels 1..11 */
143 REG_RULE(2412-10, 2462+10, 40, 6, 27, 0),
144 /* IEEE 802.11a, channel 36 */
145 REG_RULE(5180-10, 5180+10, 40, 6, 23, 0),
146 /* IEEE 802.11a, channel 40 */
147 REG_RULE(5200-10, 5200+10, 40, 6, 23, 0),
148 /* IEEE 802.11a, channel 44 */
149 REG_RULE(5220-10, 5220+10, 40, 6, 23, 0),
150 /* IEEE 802.11a, channels 48..64 */
151 REG_RULE(5240-10, 5320+10, 40, 6, 23, 0),
152 /* IEEE 802.11a, channels 149..165, outdoor */
153 REG_RULE(5745-10, 5825+10, 40, 6, 30, 0),
154 }
155};
156
157static const struct ieee80211_regdomain jp_regdom = {
158 .n_reg_rules = 3,
159 .alpha2 = "JP",
160 .reg_rules = {
161 /* IEEE 802.11b/g, channels 1..14 */
162 REG_RULE(2412-10, 2484+10, 40, 6, 20, 0),
163 /* IEEE 802.11a, channels 34..48 */
164 REG_RULE(5170-10, 5240+10, 40, 6, 20,
165 NL80211_RRF_PASSIVE_SCAN),
166 /* IEEE 802.11a, channels 52..64 */
167 REG_RULE(5260-10, 5320+10, 40, 6, 20,
168 NL80211_RRF_NO_IBSS |
169 NL80211_RRF_DFS),
170 }
171};
172
173static const struct ieee80211_regdomain eu_regdom = {
174 .n_reg_rules = 6,
175 /*
176 * This alpha2 is bogus, we leave it here just for stupid
177 * backward compatibility
178 */
179 .alpha2 = "EU",
180 .reg_rules = {
181 /* IEEE 802.11b/g, channels 1..13 */
182 REG_RULE(2412-10, 2472+10, 40, 6, 20, 0),
183 /* IEEE 802.11a, channel 36 */
184 REG_RULE(5180-10, 5180+10, 40, 6, 23,
185 NL80211_RRF_PASSIVE_SCAN),
186 /* IEEE 802.11a, channel 40 */
187 REG_RULE(5200-10, 5200+10, 40, 6, 23,
188 NL80211_RRF_PASSIVE_SCAN),
189 /* IEEE 802.11a, channel 44 */
190 REG_RULE(5220-10, 5220+10, 40, 6, 23,
191 NL80211_RRF_PASSIVE_SCAN),
192 /* IEEE 802.11a, channels 48..64 */
193 REG_RULE(5240-10, 5320+10, 40, 6, 20,
194 NL80211_RRF_NO_IBSS |
195 NL80211_RRF_DFS),
196 /* IEEE 802.11a, channels 100..140 */
197 REG_RULE(5500-10, 5700+10, 40, 6, 30,
198 NL80211_RRF_NO_IBSS |
199 NL80211_RRF_DFS),
200 }
201};
202
203static const struct ieee80211_regdomain *static_regdom(char *alpha2)
204{
205 if (alpha2[0] == 'U' && alpha2[1] == 'S')
206 return &us_regdom;
207 if (alpha2[0] == 'J' && alpha2[1] == 'P')
208 return &jp_regdom;
209 if (alpha2[0] == 'E' && alpha2[1] == 'U')
210 return &eu_regdom;
211 /* Default, as per the old rules */
212 return &us_regdom;
213}
214
215static bool is_old_static_regdom(const struct ieee80211_regdomain *rd)
216{
217 if (rd == &us_regdom || rd == &jp_regdom || rd == &eu_regdom)
218 return true;
219 return false;
220}
221#else
222static inline bool is_old_static_regdom(const struct ieee80211_regdomain *rd)
223{
224 return false;
225}
226#endif
227
228static void reset_regdomains(void) 143static void reset_regdomains(void)
229{ 144{
230 /* avoid freeing static information or freeing something twice */ 145 /* avoid freeing static information or freeing something twice */
@@ -234,8 +149,6 @@ static void reset_regdomains(void)
234 cfg80211_world_regdom = NULL; 149 cfg80211_world_regdom = NULL;
235 if (cfg80211_regdomain == &world_regdom) 150 if (cfg80211_regdomain == &world_regdom)
236 cfg80211_regdomain = NULL; 151 cfg80211_regdomain = NULL;
237 if (is_old_static_regdom(cfg80211_regdomain))
238 cfg80211_regdomain = NULL;
239 152
240 kfree(cfg80211_regdomain); 153 kfree(cfg80211_regdomain);
241 kfree(cfg80211_world_regdom); 154 kfree(cfg80211_world_regdom);
@@ -341,6 +254,27 @@ static bool regdom_changes(const char *alpha2)
341 return true; 254 return true;
342} 255}
343 256
257/*
258 * The NL80211_REGDOM_SET_BY_USER regdom alpha2 is cached, this lets
259 * you know if a valid regulatory hint with NL80211_REGDOM_SET_BY_USER
260 * has ever been issued.
261 */
262static bool is_user_regdom_saved(void)
263{
264 if (user_alpha2[0] == '9' && user_alpha2[1] == '7')
265 return false;
266
267 /* This would indicate a mistake on the design */
268 if (WARN((!is_world_regdom(user_alpha2) &&
269 !is_an_alpha2(user_alpha2)),
270 "Unexpected user alpha2: %c%c\n",
271 user_alpha2[0],
272 user_alpha2[1]))
273 return false;
274
275 return true;
276}
277
344/** 278/**
345 * country_ie_integrity_changes - tells us if the country IE has changed 279 * country_ie_integrity_changes - tells us if the country IE has changed
346 * @checksum: checksum of country IE of fields we are interested in 280 * @checksum: checksum of country IE of fields we are interested in
@@ -360,6 +294,96 @@ static bool country_ie_integrity_changes(u32 checksum)
360 return false; 294 return false;
361} 295}
362 296
297static int reg_copy_regd(const struct ieee80211_regdomain **dst_regd,
298 const struct ieee80211_regdomain *src_regd)
299{
300 struct ieee80211_regdomain *regd;
301 int size_of_regd = 0;
302 unsigned int i;
303
304 size_of_regd = sizeof(struct ieee80211_regdomain) +
305 ((src_regd->n_reg_rules + 1) * sizeof(struct ieee80211_reg_rule));
306
307 regd = kzalloc(size_of_regd, GFP_KERNEL);
308 if (!regd)
309 return -ENOMEM;
310
311 memcpy(regd, src_regd, sizeof(struct ieee80211_regdomain));
312
313 for (i = 0; i < src_regd->n_reg_rules; i++)
314 memcpy(&regd->reg_rules[i], &src_regd->reg_rules[i],
315 sizeof(struct ieee80211_reg_rule));
316
317 *dst_regd = regd;
318 return 0;
319}
320
321#ifdef CONFIG_CFG80211_INTERNAL_REGDB
322struct reg_regdb_search_request {
323 char alpha2[2];
324 struct list_head list;
325};
326
327static LIST_HEAD(reg_regdb_search_list);
328static DEFINE_MUTEX(reg_regdb_search_mutex);
329
330static void reg_regdb_search(struct work_struct *work)
331{
332 struct reg_regdb_search_request *request;
333 const struct ieee80211_regdomain *curdom, *regdom;
334 int i, r;
335
336 mutex_lock(&reg_regdb_search_mutex);
337 while (!list_empty(&reg_regdb_search_list)) {
338 request = list_first_entry(&reg_regdb_search_list,
339 struct reg_regdb_search_request,
340 list);
341 list_del(&request->list);
342
343 for (i=0; i<reg_regdb_size; i++) {
344 curdom = reg_regdb[i];
345
346 if (!memcmp(request->alpha2, curdom->alpha2, 2)) {
347 r = reg_copy_regd(&regdom, curdom);
348 if (r)
349 break;
350 mutex_lock(&cfg80211_mutex);
351 set_regdom(regdom);
352 mutex_unlock(&cfg80211_mutex);
353 break;
354 }
355 }
356
357 kfree(request);
358 }
359 mutex_unlock(&reg_regdb_search_mutex);
360}
361
362static DECLARE_WORK(reg_regdb_work, reg_regdb_search);
363
364static void reg_regdb_query(const char *alpha2)
365{
366 struct reg_regdb_search_request *request;
367
368 if (!alpha2)
369 return;
370
371 request = kzalloc(sizeof(struct reg_regdb_search_request), GFP_KERNEL);
372 if (!request)
373 return;
374
375 memcpy(request->alpha2, alpha2, 2);
376
377 mutex_lock(&reg_regdb_search_mutex);
378 list_add_tail(&request->list, &reg_regdb_search_list);
379 mutex_unlock(&reg_regdb_search_mutex);
380
381 schedule_work(&reg_regdb_work);
382}
383#else
384static inline void reg_regdb_query(const char *alpha2) {}
385#endif /* CONFIG_CFG80211_INTERNAL_REGDB */
386
363/* 387/*
364 * This lets us keep regulatory code which is updated on a regulatory 388 * This lets us keep regulatory code which is updated on a regulatory
365 * basis in userspace. 389 * basis in userspace.
@@ -379,6 +403,9 @@ static int call_crda(const char *alpha2)
379 printk(KERN_INFO "cfg80211: Calling CRDA to update world " 403 printk(KERN_INFO "cfg80211: Calling CRDA to update world "
380 "regulatory domain\n"); 404 "regulatory domain\n");
381 405
406 /* query internal regulatory database (if it exists) */
407 reg_regdb_query(alpha2);
408
382 country_env[8] = alpha2[0]; 409 country_env[8] = alpha2[0];
383 country_env[9] = alpha2[1]; 410 country_env[9] = alpha2[1];
384 411
@@ -479,12 +506,212 @@ static bool freq_in_rule_band(const struct ieee80211_freq_range *freq_range,
479} 506}
480 507
481/* 508/*
509 * This is a work around for sanity checking ieee80211_channel_to_frequency()'s
510 * work. ieee80211_channel_to_frequency() can for example currently provide a
511 * 2 GHz channel when in fact a 5 GHz channel was desired. An example would be
512 * an AP providing channel 8 on a country IE triplet when it sent this on the
513 * 5 GHz band, that channel is designed to be channel 8 on 5 GHz, not a 2 GHz
514 * channel.
515 *
516 * This can be removed once ieee80211_channel_to_frequency() takes in a band.
517 */
518static bool chan_in_band(int chan, enum ieee80211_band band)
519{
520 int center_freq = ieee80211_channel_to_frequency(chan);
521
522 switch (band) {
523 case IEEE80211_BAND_2GHZ:
524 if (center_freq <= 2484)
525 return true;
526 return false;
527 case IEEE80211_BAND_5GHZ:
528 if (center_freq >= 5005)
529 return true;
530 return false;
531 default:
532 return false;
533 }
534}
535
536/*
537 * Some APs may send a country IE triplet for each channel they
538 * support and while this is completely overkill and silly we still
539 * need to support it. We avoid making a single rule for each channel
540 * though and to help us with this we use this helper to find the
541 * actual subband end channel. These type of country IE triplet
542 * scenerios are handled then, all yielding two regulaotry rules from
543 * parsing a country IE:
544 *
545 * [1]
546 * [2]
547 * [36]
548 * [40]
549 *
550 * [1]
551 * [2-4]
552 * [5-12]
553 * [36]
554 * [40-44]
555 *
556 * [1-4]
557 * [5-7]
558 * [36-44]
559 * [48-64]
560 *
561 * [36-36]
562 * [40-40]
563 * [44-44]
564 * [48-48]
565 * [52-52]
566 * [56-56]
567 * [60-60]
568 * [64-64]
569 * [100-100]
570 * [104-104]
571 * [108-108]
572 * [112-112]
573 * [116-116]
574 * [120-120]
575 * [124-124]
576 * [128-128]
577 * [132-132]
578 * [136-136]
579 * [140-140]
580 *
581 * Returns 0 if the IE has been found to be invalid in the middle
582 * somewhere.
583 */
584static int max_subband_chan(enum ieee80211_band band,
585 int orig_cur_chan,
586 int orig_end_channel,
587 s8 orig_max_power,
588 u8 **country_ie,
589 u8 *country_ie_len)
590{
591 u8 *triplets_start = *country_ie;
592 u8 len_at_triplet = *country_ie_len;
593 int end_subband_chan = orig_end_channel;
594
595 /*
596 * We'll deal with padding for the caller unless
597 * its not immediate and we don't process any channels
598 */
599 if (*country_ie_len == 1) {
600 *country_ie += 1;
601 *country_ie_len -= 1;
602 return orig_end_channel;
603 }
604
605 /* Move to the next triplet and then start search */
606 *country_ie += 3;
607 *country_ie_len -= 3;
608
609 if (!chan_in_band(orig_cur_chan, band))
610 return 0;
611
612 while (*country_ie_len >= 3) {
613 int end_channel = 0;
614 struct ieee80211_country_ie_triplet *triplet =
615 (struct ieee80211_country_ie_triplet *) *country_ie;
616 int cur_channel = 0, next_expected_chan;
617
618 /* means last triplet is completely unrelated to this one */
619 if (triplet->ext.reg_extension_id >=
620 IEEE80211_COUNTRY_EXTENSION_ID) {
621 *country_ie -= 3;
622 *country_ie_len += 3;
623 break;
624 }
625
626 if (triplet->chans.first_channel == 0) {
627 *country_ie += 1;
628 *country_ie_len -= 1;
629 if (*country_ie_len != 0)
630 return 0;
631 break;
632 }
633
634 if (triplet->chans.num_channels == 0)
635 return 0;
636
637 /* Monitonically increasing channel order */
638 if (triplet->chans.first_channel <= end_subband_chan)
639 return 0;
640
641 if (!chan_in_band(triplet->chans.first_channel, band))
642 return 0;
643
644 /* 2 GHz */
645 if (triplet->chans.first_channel <= 14) {
646 end_channel = triplet->chans.first_channel +
647 triplet->chans.num_channels - 1;
648 }
649 else {
650 end_channel = triplet->chans.first_channel +
651 (4 * (triplet->chans.num_channels - 1));
652 }
653
654 if (!chan_in_band(end_channel, band))
655 return 0;
656
657 if (orig_max_power != triplet->chans.max_power) {
658 *country_ie -= 3;
659 *country_ie_len += 3;
660 break;
661 }
662
663 cur_channel = triplet->chans.first_channel;
664
665 /* The key is finding the right next expected channel */
666 if (band == IEEE80211_BAND_2GHZ)
667 next_expected_chan = end_subband_chan + 1;
668 else
669 next_expected_chan = end_subband_chan + 4;
670
671 if (cur_channel != next_expected_chan) {
672 *country_ie -= 3;
673 *country_ie_len += 3;
674 break;
675 }
676
677 end_subband_chan = end_channel;
678
679 /* Move to the next one */
680 *country_ie += 3;
681 *country_ie_len -= 3;
682
683 /*
684 * Padding needs to be dealt with if we processed
685 * some channels.
686 */
687 if (*country_ie_len == 1) {
688 *country_ie += 1;
689 *country_ie_len -= 1;
690 break;
691 }
692
693 /* If seen, the IE is invalid */
694 if (*country_ie_len == 2)
695 return 0;
696 }
697
698 if (end_subband_chan == orig_end_channel) {
699 *country_ie = triplets_start;
700 *country_ie_len = len_at_triplet;
701 return orig_end_channel;
702 }
703
704 return end_subband_chan;
705}
706
707/*
482 * Converts a country IE to a regulatory domain. A regulatory domain 708 * Converts a country IE to a regulatory domain. A regulatory domain
483 * structure has a lot of information which the IE doesn't yet have, 709 * structure has a lot of information which the IE doesn't yet have,
484 * so for the other values we use upper max values as we will intersect 710 * so for the other values we use upper max values as we will intersect
485 * with our userspace regulatory agent to get lower bounds. 711 * with our userspace regulatory agent to get lower bounds.
486 */ 712 */
487static struct ieee80211_regdomain *country_ie_2_rd( 713static struct ieee80211_regdomain *country_ie_2_rd(
714 enum ieee80211_band band,
488 u8 *country_ie, 715 u8 *country_ie,
489 u8 country_ie_len, 716 u8 country_ie_len,
490 u32 *checksum) 717 u32 *checksum)
@@ -546,10 +773,29 @@ static struct ieee80211_regdomain *country_ie_2_rd(
546 continue; 773 continue;
547 } 774 }
548 775
776 /*
777 * APs can add padding to make length divisible
778 * by two, required by the spec.
779 */
780 if (triplet->chans.first_channel == 0) {
781 country_ie++;
782 country_ie_len--;
783 /* This is expected to be at the very end only */
784 if (country_ie_len != 0)
785 return NULL;
786 break;
787 }
788
789 if (triplet->chans.num_channels == 0)
790 return NULL;
791
792 if (!chan_in_band(triplet->chans.first_channel, band))
793 return NULL;
794
549 /* 2 GHz */ 795 /* 2 GHz */
550 if (triplet->chans.first_channel <= 14) 796 if (band == IEEE80211_BAND_2GHZ)
551 end_channel = triplet->chans.first_channel + 797 end_channel = triplet->chans.first_channel +
552 triplet->chans.num_channels; 798 triplet->chans.num_channels - 1;
553 else 799 else
554 /* 800 /*
555 * 5 GHz -- For example in country IEs if the first 801 * 5 GHz -- For example in country IEs if the first
@@ -564,6 +810,24 @@ static struct ieee80211_regdomain *country_ie_2_rd(
564 (4 * (triplet->chans.num_channels - 1)); 810 (4 * (triplet->chans.num_channels - 1));
565 811
566 cur_channel = triplet->chans.first_channel; 812 cur_channel = triplet->chans.first_channel;
813
814 /*
815 * Enhancement for APs that send a triplet for every channel
816 * or for whatever reason sends triplets with multiple channels
817 * separated when in fact they should be together.
818 */
819 end_channel = max_subband_chan(band,
820 cur_channel,
821 end_channel,
822 triplet->chans.max_power,
823 &country_ie,
824 &country_ie_len);
825 if (!end_channel)
826 return NULL;
827
828 if (!chan_in_band(end_channel, band))
829 return NULL;
830
567 cur_sub_max_channel = end_channel; 831 cur_sub_max_channel = end_channel;
568 832
569 /* Basic sanity check */ 833 /* Basic sanity check */
@@ -594,10 +858,13 @@ static struct ieee80211_regdomain *country_ie_2_rd(
594 858
595 last_sub_max_channel = cur_sub_max_channel; 859 last_sub_max_channel = cur_sub_max_channel;
596 860
597 country_ie += 3;
598 country_ie_len -= 3;
599 num_rules++; 861 num_rules++;
600 862
863 if (country_ie_len >= 3) {
864 country_ie += 3;
865 country_ie_len -= 3;
866 }
867
601 /* 868 /*
602 * Note: this is not a IEEE requirement but 869 * Note: this is not a IEEE requirement but
603 * simply a memory requirement 870 * simply a memory requirement
@@ -640,6 +907,12 @@ static struct ieee80211_regdomain *country_ie_2_rd(
640 continue; 907 continue;
641 } 908 }
642 909
910 if (triplet->chans.first_channel == 0) {
911 country_ie++;
912 country_ie_len--;
913 break;
914 }
915
643 reg_rule = &rd->reg_rules[i]; 916 reg_rule = &rd->reg_rules[i];
644 freq_range = &reg_rule->freq_range; 917 freq_range = &reg_rule->freq_range;
645 power_rule = &reg_rule->power_rule; 918 power_rule = &reg_rule->power_rule;
@@ -647,13 +920,20 @@ static struct ieee80211_regdomain *country_ie_2_rd(
647 reg_rule->flags = flags; 920 reg_rule->flags = flags;
648 921
649 /* 2 GHz */ 922 /* 2 GHz */
650 if (triplet->chans.first_channel <= 14) 923 if (band == IEEE80211_BAND_2GHZ)
651 end_channel = triplet->chans.first_channel + 924 end_channel = triplet->chans.first_channel +
652 triplet->chans.num_channels; 925 triplet->chans.num_channels -1;
653 else 926 else
654 end_channel = triplet->chans.first_channel + 927 end_channel = triplet->chans.first_channel +
655 (4 * (triplet->chans.num_channels - 1)); 928 (4 * (triplet->chans.num_channels - 1));
656 929
930 end_channel = max_subband_chan(band,
931 triplet->chans.first_channel,
932 end_channel,
933 triplet->chans.max_power,
934 &country_ie,
935 &country_ie_len);
936
657 /* 937 /*
658 * The +10 is since the regulatory domain expects 938 * The +10 is since the regulatory domain expects
659 * the actual band edge, not the center of freq for 939 * the actual band edge, not the center of freq for
@@ -674,12 +954,15 @@ static struct ieee80211_regdomain *country_ie_2_rd(
674 */ 954 */
675 freq_range->max_bandwidth_khz = MHZ_TO_KHZ(40); 955 freq_range->max_bandwidth_khz = MHZ_TO_KHZ(40);
676 power_rule->max_antenna_gain = DBI_TO_MBI(100); 956 power_rule->max_antenna_gain = DBI_TO_MBI(100);
677 power_rule->max_eirp = DBM_TO_MBM(100); 957 power_rule->max_eirp = DBM_TO_MBM(triplet->chans.max_power);
678 958
679 country_ie += 3;
680 country_ie_len -= 3;
681 i++; 959 i++;
682 960
961 if (country_ie_len >= 3) {
962 country_ie += 3;
963 country_ie_len -= 3;
964 }
965
683 BUG_ON(i > NL80211_MAX_SUPP_REG_RULES); 966 BUG_ON(i > NL80211_MAX_SUPP_REG_RULES);
684 } 967 }
685 968
@@ -975,25 +1258,21 @@ static void handle_channel(struct wiphy *wiphy, enum ieee80211_band band,
975 if (r == -ERANGE && 1258 if (r == -ERANGE &&
976 last_request->initiator == 1259 last_request->initiator ==
977 NL80211_REGDOM_SET_BY_COUNTRY_IE) { 1260 NL80211_REGDOM_SET_BY_COUNTRY_IE) {
978#ifdef CONFIG_CFG80211_REG_DEBUG 1261 REG_DBG_PRINT("cfg80211: Leaving channel %d MHz "
979 printk(KERN_DEBUG "cfg80211: Leaving channel %d MHz "
980 "intact on %s - no rule found in band on " 1262 "intact on %s - no rule found in band on "
981 "Country IE\n", 1263 "Country IE\n",
982 chan->center_freq, wiphy_name(wiphy)); 1264 chan->center_freq, wiphy_name(wiphy));
983#endif
984 } else { 1265 } else {
985 /* 1266 /*
986 * In this case we know the country IE has at least one reg rule 1267 * In this case we know the country IE has at least one reg rule
987 * for the band so we respect its band definitions 1268 * for the band so we respect its band definitions
988 */ 1269 */
989#ifdef CONFIG_CFG80211_REG_DEBUG
990 if (last_request->initiator == 1270 if (last_request->initiator ==
991 NL80211_REGDOM_SET_BY_COUNTRY_IE) 1271 NL80211_REGDOM_SET_BY_COUNTRY_IE)
992 printk(KERN_DEBUG "cfg80211: Disabling " 1272 REG_DBG_PRINT("cfg80211: Disabling "
993 "channel %d MHz on %s due to " 1273 "channel %d MHz on %s due to "
994 "Country IE\n", 1274 "Country IE\n",
995 chan->center_freq, wiphy_name(wiphy)); 1275 chan->center_freq, wiphy_name(wiphy));
996#endif
997 flags |= IEEE80211_CHAN_DISABLED; 1276 flags |= IEEE80211_CHAN_DISABLED;
998 chan->flags = flags; 1277 chan->flags = flags;
999 } 1278 }
@@ -1008,7 +1287,7 @@ static void handle_channel(struct wiphy *wiphy, enum ieee80211_band band,
1008 1287
1009 if (last_request->initiator == NL80211_REGDOM_SET_BY_DRIVER && 1288 if (last_request->initiator == NL80211_REGDOM_SET_BY_DRIVER &&
1010 request_wiphy && request_wiphy == wiphy && 1289 request_wiphy && request_wiphy == wiphy &&
1011 request_wiphy->strict_regulatory) { 1290 request_wiphy->flags & WIPHY_FLAG_STRICT_REGULATORY) {
1012 /* 1291 /*
1013 * This gaurantees the driver's requested regulatory domain 1292 * This gaurantees the driver's requested regulatory domain
1014 * will always be used as a base for further regulatory 1293 * will always be used as a base for further regulatory
@@ -1051,13 +1330,13 @@ static bool ignore_reg_update(struct wiphy *wiphy,
1051 if (!last_request) 1330 if (!last_request)
1052 return true; 1331 return true;
1053 if (initiator == NL80211_REGDOM_SET_BY_CORE && 1332 if (initiator == NL80211_REGDOM_SET_BY_CORE &&
1054 wiphy->custom_regulatory) 1333 wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY)
1055 return true; 1334 return true;
1056 /* 1335 /*
1057 * wiphy->regd will be set once the device has its own 1336 * wiphy->regd will be set once the device has its own
1058 * desired regulatory domain set 1337 * desired regulatory domain set
1059 */ 1338 */
1060 if (wiphy->strict_regulatory && !wiphy->regd && 1339 if (wiphy->flags & WIPHY_FLAG_STRICT_REGULATORY && !wiphy->regd &&
1061 !is_world_regdom(last_request->alpha2)) 1340 !is_world_regdom(last_request->alpha2))
1062 return true; 1341 return true;
1063 return false; 1342 return false;
@@ -1093,7 +1372,7 @@ static void handle_reg_beacon(struct wiphy *wiphy,
1093 1372
1094 chan->beacon_found = true; 1373 chan->beacon_found = true;
1095 1374
1096 if (wiphy->disable_beacon_hints) 1375 if (wiphy->flags & WIPHY_FLAG_DISABLE_BEACON_HINTS)
1097 return; 1376 return;
1098 1377
1099 chan_before.center_freq = chan->center_freq; 1378 chan_before.center_freq = chan->center_freq;
@@ -1164,7 +1443,7 @@ static bool reg_is_world_roaming(struct wiphy *wiphy)
1164 return true; 1443 return true;
1165 if (last_request && 1444 if (last_request &&
1166 last_request->initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE && 1445 last_request->initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE &&
1167 wiphy->custom_regulatory) 1446 wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY)
1168 return true; 1447 return true;
1169 return false; 1448 return false;
1170} 1449}
@@ -1367,30 +1646,6 @@ void wiphy_apply_custom_regulatory(struct wiphy *wiphy,
1367} 1646}
1368EXPORT_SYMBOL(wiphy_apply_custom_regulatory); 1647EXPORT_SYMBOL(wiphy_apply_custom_regulatory);
1369 1648
1370static int reg_copy_regd(const struct ieee80211_regdomain **dst_regd,
1371 const struct ieee80211_regdomain *src_regd)
1372{
1373 struct ieee80211_regdomain *regd;
1374 int size_of_regd = 0;
1375 unsigned int i;
1376
1377 size_of_regd = sizeof(struct ieee80211_regdomain) +
1378 ((src_regd->n_reg_rules + 1) * sizeof(struct ieee80211_reg_rule));
1379
1380 regd = kzalloc(size_of_regd, GFP_KERNEL);
1381 if (!regd)
1382 return -ENOMEM;
1383
1384 memcpy(regd, src_regd, sizeof(struct ieee80211_regdomain));
1385
1386 for (i = 0; i < src_regd->n_reg_rules; i++)
1387 memcpy(&regd->reg_rules[i], &src_regd->reg_rules[i],
1388 sizeof(struct ieee80211_reg_rule));
1389
1390 *dst_regd = regd;
1391 return 0;
1392}
1393
1394/* 1649/*
1395 * Return value which can be used by ignore_request() to indicate 1650 * Return value which can be used by ignore_request() to indicate
1396 * it has been determined we should intersect two regulatory domains 1651 * it has been determined we should intersect two regulatory domains
@@ -1412,7 +1667,7 @@ static int ignore_request(struct wiphy *wiphy,
1412 1667
1413 switch (pending_request->initiator) { 1668 switch (pending_request->initiator) {
1414 case NL80211_REGDOM_SET_BY_CORE: 1669 case NL80211_REGDOM_SET_BY_CORE:
1415 return -EINVAL; 1670 return 0;
1416 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 1671 case NL80211_REGDOM_SET_BY_COUNTRY_IE:
1417 1672
1418 last_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx); 1673 last_wiphy = wiphy_idx_to_wiphy(last_request->wiphy_idx);
@@ -1443,8 +1698,6 @@ static int ignore_request(struct wiphy *wiphy,
1443 return REG_INTERSECT; 1698 return REG_INTERSECT;
1444 case NL80211_REGDOM_SET_BY_DRIVER: 1699 case NL80211_REGDOM_SET_BY_DRIVER:
1445 if (last_request->initiator == NL80211_REGDOM_SET_BY_CORE) { 1700 if (last_request->initiator == NL80211_REGDOM_SET_BY_CORE) {
1446 if (is_old_static_regdom(cfg80211_regdomain))
1447 return 0;
1448 if (regdom_changes(pending_request->alpha2)) 1701 if (regdom_changes(pending_request->alpha2))
1449 return 0; 1702 return 0;
1450 return -EALREADY; 1703 return -EALREADY;
@@ -1481,8 +1734,7 @@ static int ignore_request(struct wiphy *wiphy,
1481 return -EAGAIN; 1734 return -EAGAIN;
1482 } 1735 }
1483 1736
1484 if (!is_old_static_regdom(cfg80211_regdomain) && 1737 if (!regdom_changes(pending_request->alpha2))
1485 !regdom_changes(pending_request->alpha2))
1486 return -EALREADY; 1738 return -EALREADY;
1487 1739
1488 return 0; 1740 return 0;
@@ -1554,6 +1806,11 @@ new_request:
1554 1806
1555 pending_request = NULL; 1807 pending_request = NULL;
1556 1808
1809 if (last_request->initiator == NL80211_REGDOM_SET_BY_USER) {
1810 user_alpha2[0] = last_request->alpha2[0];
1811 user_alpha2[1] = last_request->alpha2[1];
1812 }
1813
1557 /* When r == REG_INTERSECT we do need to call CRDA */ 1814 /* When r == REG_INTERSECT we do need to call CRDA */
1558 if (r < 0) { 1815 if (r < 0) {
1559 /* 1816 /*
@@ -1591,7 +1848,8 @@ static void reg_process_hint(struct regulatory_request *reg_request)
1591 1848
1592 r = __regulatory_hint(wiphy, reg_request); 1849 r = __regulatory_hint(wiphy, reg_request);
1593 /* This is required so that the orig_* parameters are saved */ 1850 /* This is required so that the orig_* parameters are saved */
1594 if (r == -EALREADY && wiphy && wiphy->strict_regulatory) 1851 if (r == -EALREADY && wiphy &&
1852 wiphy->flags & WIPHY_FLAG_STRICT_REGULATORY)
1595 wiphy_update_regulatory(wiphy, reg_request->initiator); 1853 wiphy_update_regulatory(wiphy, reg_request->initiator);
1596out: 1854out:
1597 mutex_unlock(&reg_mutex); 1855 mutex_unlock(&reg_mutex);
@@ -1672,12 +1930,16 @@ static void queue_regulatory_request(struct regulatory_request *request)
1672 schedule_work(&reg_work); 1930 schedule_work(&reg_work);
1673} 1931}
1674 1932
1675/* Core regulatory hint -- happens once during cfg80211_init() */ 1933/*
1934 * Core regulatory hint -- happens during cfg80211_init()
1935 * and when we restore regulatory settings.
1936 */
1676static int regulatory_hint_core(const char *alpha2) 1937static int regulatory_hint_core(const char *alpha2)
1677{ 1938{
1678 struct regulatory_request *request; 1939 struct regulatory_request *request;
1679 1940
1680 BUG_ON(last_request); 1941 kfree(last_request);
1942 last_request = NULL;
1681 1943
1682 request = kzalloc(sizeof(struct regulatory_request), 1944 request = kzalloc(sizeof(struct regulatory_request),
1683 GFP_KERNEL); 1945 GFP_KERNEL);
@@ -1688,14 +1950,12 @@ static int regulatory_hint_core(const char *alpha2)
1688 request->alpha2[1] = alpha2[1]; 1950 request->alpha2[1] = alpha2[1];
1689 request->initiator = NL80211_REGDOM_SET_BY_CORE; 1951 request->initiator = NL80211_REGDOM_SET_BY_CORE;
1690 1952
1691 queue_regulatory_request(request);
1692
1693 /* 1953 /*
1694 * This ensures last_request is populated once modules 1954 * This ensures last_request is populated once modules
1695 * come swinging in and calling regulatory hints and 1955 * come swinging in and calling regulatory hints and
1696 * wiphy_apply_custom_regulatory(). 1956 * wiphy_apply_custom_regulatory().
1697 */ 1957 */
1698 flush_scheduled_work(); 1958 reg_process_hint(request);
1699 1959
1700 return 0; 1960 return 0;
1701} 1961}
@@ -1714,7 +1974,7 @@ int regulatory_hint_user(const char *alpha2)
1714 request->wiphy_idx = WIPHY_IDX_STALE; 1974 request->wiphy_idx = WIPHY_IDX_STALE;
1715 request->alpha2[0] = alpha2[0]; 1975 request->alpha2[0] = alpha2[0];
1716 request->alpha2[1] = alpha2[1]; 1976 request->alpha2[1] = alpha2[1];
1717 request->initiator = NL80211_REGDOM_SET_BY_USER, 1977 request->initiator = NL80211_REGDOM_SET_BY_USER;
1718 1978
1719 queue_regulatory_request(request); 1979 queue_regulatory_request(request);
1720 1980
@@ -1782,8 +2042,9 @@ static bool reg_same_country_ie_hint(struct wiphy *wiphy,
1782 * therefore cannot iterate over the rdev list here. 2042 * therefore cannot iterate over the rdev list here.
1783 */ 2043 */
1784void regulatory_hint_11d(struct wiphy *wiphy, 2044void regulatory_hint_11d(struct wiphy *wiphy,
1785 u8 *country_ie, 2045 enum ieee80211_band band,
1786 u8 country_ie_len) 2046 u8 *country_ie,
2047 u8 country_ie_len)
1787{ 2048{
1788 struct ieee80211_regdomain *rd = NULL; 2049 struct ieee80211_regdomain *rd = NULL;
1789 char alpha2[2]; 2050 char alpha2[2];
@@ -1829,9 +2090,11 @@ void regulatory_hint_11d(struct wiphy *wiphy,
1829 wiphy_idx_valid(last_request->wiphy_idx))) 2090 wiphy_idx_valid(last_request->wiphy_idx)))
1830 goto out; 2091 goto out;
1831 2092
1832 rd = country_ie_2_rd(country_ie, country_ie_len, &checksum); 2093 rd = country_ie_2_rd(band, country_ie, country_ie_len, &checksum);
1833 if (!rd) 2094 if (!rd) {
2095 REG_DBG_PRINT("cfg80211: Ignoring bogus country IE\n");
1834 goto out; 2096 goto out;
2097 }
1835 2098
1836 /* 2099 /*
1837 * This will not happen right now but we leave it here for the 2100 * This will not happen right now but we leave it here for the
@@ -1874,6 +2137,123 @@ out:
1874 mutex_unlock(&reg_mutex); 2137 mutex_unlock(&reg_mutex);
1875} 2138}
1876 2139
2140static void restore_alpha2(char *alpha2, bool reset_user)
2141{
2142 /* indicates there is no alpha2 to consider for restoration */
2143 alpha2[0] = '9';
2144 alpha2[1] = '7';
2145
2146 /* The user setting has precedence over the module parameter */
2147 if (is_user_regdom_saved()) {
2148 /* Unless we're asked to ignore it and reset it */
2149 if (reset_user) {
2150 REG_DBG_PRINT("cfg80211: Restoring regulatory settings "
2151 "including user preference\n");
2152 user_alpha2[0] = '9';
2153 user_alpha2[1] = '7';
2154
2155 /*
2156 * If we're ignoring user settings, we still need to
2157 * check the module parameter to ensure we put things
2158 * back as they were for a full restore.
2159 */
2160 if (!is_world_regdom(ieee80211_regdom)) {
2161 REG_DBG_PRINT("cfg80211: Keeping preference on "
2162 "module parameter ieee80211_regdom: %c%c\n",
2163 ieee80211_regdom[0],
2164 ieee80211_regdom[1]);
2165 alpha2[0] = ieee80211_regdom[0];
2166 alpha2[1] = ieee80211_regdom[1];
2167 }
2168 } else {
2169 REG_DBG_PRINT("cfg80211: Restoring regulatory settings "
2170 "while preserving user preference for: %c%c\n",
2171 user_alpha2[0],
2172 user_alpha2[1]);
2173 alpha2[0] = user_alpha2[0];
2174 alpha2[1] = user_alpha2[1];
2175 }
2176 } else if (!is_world_regdom(ieee80211_regdom)) {
2177 REG_DBG_PRINT("cfg80211: Keeping preference on "
2178 "module parameter ieee80211_regdom: %c%c\n",
2179 ieee80211_regdom[0],
2180 ieee80211_regdom[1]);
2181 alpha2[0] = ieee80211_regdom[0];
2182 alpha2[1] = ieee80211_regdom[1];
2183 } else
2184 REG_DBG_PRINT("cfg80211: Restoring regulatory settings\n");
2185}
2186
2187/*
2188 * Restoring regulatory settings involves ingoring any
2189 * possibly stale country IE information and user regulatory
2190 * settings if so desired, this includes any beacon hints
2191 * learned as we could have traveled outside to another country
2192 * after disconnection. To restore regulatory settings we do
2193 * exactly what we did at bootup:
2194 *
2195 * - send a core regulatory hint
2196 * - send a user regulatory hint if applicable
2197 *
2198 * Device drivers that send a regulatory hint for a specific country
2199 * keep their own regulatory domain on wiphy->regd so that does does
2200 * not need to be remembered.
2201 */
2202static void restore_regulatory_settings(bool reset_user)
2203{
2204 char alpha2[2];
2205 struct reg_beacon *reg_beacon, *btmp;
2206
2207 mutex_lock(&cfg80211_mutex);
2208 mutex_lock(&reg_mutex);
2209
2210 reset_regdomains();
2211 restore_alpha2(alpha2, reset_user);
2212
2213 /* Clear beacon hints */
2214 spin_lock_bh(&reg_pending_beacons_lock);
2215 if (!list_empty(&reg_pending_beacons)) {
2216 list_for_each_entry_safe(reg_beacon, btmp,
2217 &reg_pending_beacons, list) {
2218 list_del(&reg_beacon->list);
2219 kfree(reg_beacon);
2220 }
2221 }
2222 spin_unlock_bh(&reg_pending_beacons_lock);
2223
2224 if (!list_empty(&reg_beacon_list)) {
2225 list_for_each_entry_safe(reg_beacon, btmp,
2226 &reg_beacon_list, list) {
2227 list_del(&reg_beacon->list);
2228 kfree(reg_beacon);
2229 }
2230 }
2231
2232 /* First restore to the basic regulatory settings */
2233 cfg80211_regdomain = cfg80211_world_regdom;
2234
2235 mutex_unlock(&reg_mutex);
2236 mutex_unlock(&cfg80211_mutex);
2237
2238 regulatory_hint_core(cfg80211_regdomain->alpha2);
2239
2240 /*
2241 * This restores the ieee80211_regdom module parameter
2242 * preference or the last user requested regulatory
2243 * settings, user regulatory settings takes precedence.
2244 */
2245 if (is_an_alpha2(alpha2))
2246 regulatory_hint_user(user_alpha2);
2247}
2248
2249
2250void regulatory_hint_disconnect(void)
2251{
2252 REG_DBG_PRINT("cfg80211: All devices are disconnected, going to "
2253 "restore regulatory settings\n");
2254 restore_regulatory_settings(false);
2255}
2256
1877static bool freq_is_chan_12_13_14(u16 freq) 2257static bool freq_is_chan_12_13_14(u16 freq)
1878{ 2258{
1879 if (freq == ieee80211_channel_to_frequency(12) || 2259 if (freq == ieee80211_channel_to_frequency(12) ||
@@ -1899,13 +2279,12 @@ int regulatory_hint_found_beacon(struct wiphy *wiphy,
1899 if (!reg_beacon) 2279 if (!reg_beacon)
1900 return -ENOMEM; 2280 return -ENOMEM;
1901 2281
1902#ifdef CONFIG_CFG80211_REG_DEBUG 2282 REG_DBG_PRINT("cfg80211: Found new beacon on "
1903 printk(KERN_DEBUG "cfg80211: Found new beacon on " 2283 "frequency: %d MHz (Ch %d) on %s\n",
1904 "frequency: %d MHz (Ch %d) on %s\n", 2284 beacon_chan->center_freq,
1905 beacon_chan->center_freq, 2285 ieee80211_frequency_to_channel(beacon_chan->center_freq),
1906 ieee80211_frequency_to_channel(beacon_chan->center_freq), 2286 wiphy_name(wiphy));
1907 wiphy_name(wiphy)); 2287
1908#endif
1909 memcpy(&reg_beacon->chan, beacon_chan, 2288 memcpy(&reg_beacon->chan, beacon_chan,
1910 sizeof(struct ieee80211_channel)); 2289 sizeof(struct ieee80211_channel));
1911 2290
@@ -1930,7 +2309,7 @@ static void print_rd_rules(const struct ieee80211_regdomain *rd)
1930 const struct ieee80211_freq_range *freq_range = NULL; 2309 const struct ieee80211_freq_range *freq_range = NULL;
1931 const struct ieee80211_power_rule *power_rule = NULL; 2310 const struct ieee80211_power_rule *power_rule = NULL;
1932 2311
1933 printk(KERN_INFO "\t(start_freq - end_freq @ bandwidth), " 2312 printk(KERN_INFO " (start_freq - end_freq @ bandwidth), "
1934 "(max_antenna_gain, max_eirp)\n"); 2313 "(max_antenna_gain, max_eirp)\n");
1935 2314
1936 for (i = 0; i < rd->n_reg_rules; i++) { 2315 for (i = 0; i < rd->n_reg_rules; i++) {
@@ -1943,7 +2322,7 @@ static void print_rd_rules(const struct ieee80211_regdomain *rd)
1943 * in certain regions 2322 * in certain regions
1944 */ 2323 */
1945 if (power_rule->max_antenna_gain) 2324 if (power_rule->max_antenna_gain)
1946 printk(KERN_INFO "\t(%d KHz - %d KHz @ %d KHz), " 2325 printk(KERN_INFO " (%d KHz - %d KHz @ %d KHz), "
1947 "(%d mBi, %d mBm)\n", 2326 "(%d mBi, %d mBm)\n",
1948 freq_range->start_freq_khz, 2327 freq_range->start_freq_khz,
1949 freq_range->end_freq_khz, 2328 freq_range->end_freq_khz,
@@ -1951,7 +2330,7 @@ static void print_rd_rules(const struct ieee80211_regdomain *rd)
1951 power_rule->max_antenna_gain, 2330 power_rule->max_antenna_gain,
1952 power_rule->max_eirp); 2331 power_rule->max_eirp);
1953 else 2332 else
1954 printk(KERN_INFO "\t(%d KHz - %d KHz @ %d KHz), " 2333 printk(KERN_INFO " (%d KHz - %d KHz @ %d KHz), "
1955 "(N/A, %d mBm)\n", 2334 "(N/A, %d mBm)\n",
1956 freq_range->start_freq_khz, 2335 freq_range->start_freq_khz,
1957 freq_range->end_freq_khz, 2336 freq_range->end_freq_khz,
@@ -2063,8 +2442,7 @@ static int __set_regdom(const struct ieee80211_regdomain *rd)
2063 * If someone else asked us to change the rd lets only bother 2442 * If someone else asked us to change the rd lets only bother
2064 * checking if the alpha2 changes if CRDA was already called 2443 * checking if the alpha2 changes if CRDA was already called
2065 */ 2444 */
2066 if (!is_old_static_regdom(cfg80211_regdomain) && 2445 if (!regdom_changes(rd->alpha2))
2067 !regdom_changes(rd->alpha2))
2068 return -EINVAL; 2446 return -EINVAL;
2069 } 2447 }
2070 2448
@@ -2263,15 +2641,11 @@ int regulatory_init(void)
2263 spin_lock_init(&reg_requests_lock); 2641 spin_lock_init(&reg_requests_lock);
2264 spin_lock_init(&reg_pending_beacons_lock); 2642 spin_lock_init(&reg_pending_beacons_lock);
2265 2643
2266#ifdef CONFIG_WIRELESS_OLD_REGULATORY
2267 cfg80211_regdomain = static_regdom(ieee80211_regdom);
2268
2269 printk(KERN_INFO "cfg80211: Using static regulatory domain info\n");
2270 print_regdomain_info(cfg80211_regdomain);
2271#else
2272 cfg80211_regdomain = cfg80211_world_regdom; 2644 cfg80211_regdomain = cfg80211_world_regdom;
2273 2645
2274#endif 2646 user_alpha2[0] = '9';
2647 user_alpha2[1] = '7';
2648
2275 /* We always try to get an update for the static regdomain */ 2649 /* We always try to get an update for the static regdomain */
2276 err = regulatory_hint_core(cfg80211_regdomain->alpha2); 2650 err = regulatory_hint_core(cfg80211_regdomain->alpha2);
2277 if (err) { 2651 if (err) {
diff --git a/net/wireless/reg.h b/net/wireless/reg.h
index 3362c7c069b2..b26224a9f3bc 100644
--- a/net/wireless/reg.h
+++ b/net/wireless/reg.h
@@ -41,15 +41,44 @@ int regulatory_hint_found_beacon(struct wiphy *wiphy,
41 * regulatory_hint_11d - hints a country IE as a regulatory domain 41 * regulatory_hint_11d - hints a country IE as a regulatory domain
42 * @wiphy: the wireless device giving the hint (used only for reporting 42 * @wiphy: the wireless device giving the hint (used only for reporting
43 * conflicts) 43 * conflicts)
44 * @band: the band on which the country IE was received on. This determines
45 * the band we'll process the country IE channel triplets for.
44 * @country_ie: pointer to the country IE 46 * @country_ie: pointer to the country IE
45 * @country_ie_len: length of the country IE 47 * @country_ie_len: length of the country IE
46 * 48 *
47 * We will intersect the rd with the what CRDA tells us should apply 49 * We will intersect the rd with the what CRDA tells us should apply
48 * for the alpha2 this country IE belongs to, this prevents APs from 50 * for the alpha2 this country IE belongs to, this prevents APs from
49 * sending us incorrect or outdated information against a country. 51 * sending us incorrect or outdated information against a country.
52 *
53 * The AP is expected to provide Country IE channel triplets for the
54 * band it is on. It is technically possible for APs to send channel
55 * country IE triplets even for channels outside of the band they are
56 * in but for that they would have to use the regulatory extension
57 * in combination with a triplet but this behaviour is currently
58 * not observed. For this reason if a triplet is seen with channel
59 * information for a band the BSS is not present in it will be ignored.
50 */ 60 */
51void regulatory_hint_11d(struct wiphy *wiphy, 61void regulatory_hint_11d(struct wiphy *wiphy,
62 enum ieee80211_band band,
52 u8 *country_ie, 63 u8 *country_ie,
53 u8 country_ie_len); 64 u8 country_ie_len);
54 65
66/**
67 * regulatory_hint_disconnect - informs all devices have been disconneted
68 *
69 * Regulotory rules can be enhanced further upon scanning and upon
70 * connection to an AP. These rules become stale if we disconnect
71 * and go to another country, whether or not we suspend and resume.
72 * If we suspend, go to another country and resume we'll automatically
73 * get disconnected shortly after resuming and things will be reset as well.
74 * This routine is a helper to restore regulatory settings to how they were
75 * prior to our first connect attempt. This includes ignoring country IE and
76 * beacon regulatory hints. The ieee80211_regdom module parameter will always
77 * be respected but if a user had set the regulatory domain that will take
78 * precedence.
79 *
80 * Must be called from process context.
81 */
82void regulatory_hint_disconnect(void);
83
55#endif /* __NET_WIRELESS_REG_H */ 84#endif /* __NET_WIRELESS_REG_H */
diff --git a/net/wireless/regdb.h b/net/wireless/regdb.h
new file mode 100644
index 000000000000..818222c92513
--- /dev/null
+++ b/net/wireless/regdb.h
@@ -0,0 +1,7 @@
1#ifndef __REGDB_H__
2#define __REGDB_H__
3
4extern const struct ieee80211_regdomain *reg_regdb[];
5extern int reg_regdb_size;
6
7#endif /* __REGDB_H__ */
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index e5f92ee758f4..a026c6d56bd3 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -4,6 +4,7 @@
4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net> 4 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
5 */ 5 */
6#include <linux/kernel.h> 6#include <linux/kernel.h>
7#include <linux/slab.h>
7#include <linux/module.h> 8#include <linux/module.h>
8#include <linux/netdevice.h> 9#include <linux/netdevice.h>
9#include <linux/wireless.h> 10#include <linux/wireless.h>
@@ -22,7 +23,7 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
22{ 23{
23 struct cfg80211_scan_request *request; 24 struct cfg80211_scan_request *request;
24 struct net_device *dev; 25 struct net_device *dev;
25#ifdef CONFIG_WIRELESS_EXT 26#ifdef CONFIG_CFG80211_WEXT
26 union iwreq_data wrqu; 27 union iwreq_data wrqu;
27#endif 28#endif
28 29
@@ -47,7 +48,7 @@ void ___cfg80211_scan_done(struct cfg80211_registered_device *rdev, bool leak)
47 else 48 else
48 nl80211_send_scan_done(rdev, dev); 49 nl80211_send_scan_done(rdev, dev);
49 50
50#ifdef CONFIG_WIRELESS_EXT 51#ifdef CONFIG_CFG80211_WEXT
51 if (!request->aborted) { 52 if (!request->aborted) {
52 memset(&wrqu, 0, sizeof(wrqu)); 53 memset(&wrqu, 0, sizeof(wrqu));
53 54
@@ -88,7 +89,7 @@ void cfg80211_scan_done(struct cfg80211_scan_request *request, bool aborted)
88 WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req); 89 WARN_ON(request != wiphy_to_dev(request->wiphy)->scan_req);
89 90
90 request->aborted = aborted; 91 request->aborted = aborted;
91 schedule_work(&wiphy_to_dev(request->wiphy)->scan_done_wk); 92 queue_work(cfg80211_wq, &wiphy_to_dev(request->wiphy)->scan_done_wk);
92} 93}
93EXPORT_SYMBOL(cfg80211_scan_done); 94EXPORT_SYMBOL(cfg80211_scan_done);
94 95
@@ -100,8 +101,10 @@ static void bss_release(struct kref *ref)
100 if (bss->pub.free_priv) 101 if (bss->pub.free_priv)
101 bss->pub.free_priv(&bss->pub); 102 bss->pub.free_priv(&bss->pub);
102 103
103 if (bss->ies_allocated) 104 if (bss->beacon_ies_allocated)
104 kfree(bss->pub.information_elements); 105 kfree(bss->pub.beacon_ies);
106 if (bss->proberesp_ies_allocated)
107 kfree(bss->pub.proberesp_ies);
105 108
106 BUG_ON(atomic_read(&bss->hold)); 109 BUG_ON(atomic_read(&bss->hold));
107 110
@@ -141,9 +144,9 @@ void cfg80211_bss_expire(struct cfg80211_registered_device *dev)
141 dev->bss_generation++; 144 dev->bss_generation++;
142} 145}
143 146
144static u8 *find_ie(u8 num, u8 *ies, int len) 147const u8 *cfg80211_find_ie(u8 eid, const u8 *ies, int len)
145{ 148{
146 while (len > 2 && ies[0] != num) { 149 while (len > 2 && ies[0] != eid) {
147 len -= ies[1] + 2; 150 len -= ies[1] + 2;
148 ies += ies[1] + 2; 151 ies += ies[1] + 2;
149 } 152 }
@@ -153,11 +156,12 @@ static u8 *find_ie(u8 num, u8 *ies, int len)
153 return NULL; 156 return NULL;
154 return ies; 157 return ies;
155} 158}
159EXPORT_SYMBOL(cfg80211_find_ie);
156 160
157static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2) 161static int cmp_ies(u8 num, u8 *ies1, size_t len1, u8 *ies2, size_t len2)
158{ 162{
159 const u8 *ie1 = find_ie(num, ies1, len1); 163 const u8 *ie1 = cfg80211_find_ie(num, ies1, len1);
160 const u8 *ie2 = find_ie(num, ies2, len2); 164 const u8 *ie2 = cfg80211_find_ie(num, ies2, len2);
161 int r; 165 int r;
162 166
163 if (!ie1 && !ie2) 167 if (!ie1 && !ie2)
@@ -183,9 +187,9 @@ static bool is_bss(struct cfg80211_bss *a,
183 if (!ssid) 187 if (!ssid)
184 return true; 188 return true;
185 189
186 ssidie = find_ie(WLAN_EID_SSID, 190 ssidie = cfg80211_find_ie(WLAN_EID_SSID,
187 a->information_elements, 191 a->information_elements,
188 a->len_information_elements); 192 a->len_information_elements);
189 if (!ssidie) 193 if (!ssidie)
190 return false; 194 return false;
191 if (ssidie[1] != ssid_len) 195 if (ssidie[1] != ssid_len)
@@ -202,9 +206,9 @@ static bool is_mesh(struct cfg80211_bss *a,
202 if (!is_zero_ether_addr(a->bssid)) 206 if (!is_zero_ether_addr(a->bssid))
203 return false; 207 return false;
204 208
205 ie = find_ie(WLAN_EID_MESH_ID, 209 ie = cfg80211_find_ie(WLAN_EID_MESH_ID,
206 a->information_elements, 210 a->information_elements,
207 a->len_information_elements); 211 a->len_information_elements);
208 if (!ie) 212 if (!ie)
209 return false; 213 return false;
210 if (ie[1] != meshidlen) 214 if (ie[1] != meshidlen)
@@ -212,12 +216,12 @@ static bool is_mesh(struct cfg80211_bss *a,
212 if (memcmp(ie + 2, meshid, meshidlen)) 216 if (memcmp(ie + 2, meshid, meshidlen))
213 return false; 217 return false;
214 218
215 ie = find_ie(WLAN_EID_MESH_CONFIG, 219 ie = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
216 a->information_elements, 220 a->information_elements,
217 a->len_information_elements); 221 a->len_information_elements);
218 if (!ie) 222 if (!ie)
219 return false; 223 return false;
220 if (ie[1] != IEEE80211_MESH_CONFIG_LEN) 224 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
221 return false; 225 return false;
222 226
223 /* 227 /*
@@ -225,7 +229,8 @@ static bool is_mesh(struct cfg80211_bss *a,
225 * comparing since that may differ between stations taking 229 * comparing since that may differ between stations taking
226 * part in the same mesh. 230 * part in the same mesh.
227 */ 231 */
228 return memcmp(ie + 2, meshcfg, IEEE80211_MESH_CONFIG_LEN - 2) == 0; 232 return memcmp(ie + 2, meshcfg,
233 sizeof(struct ieee80211_meshconf_ie) - 2) == 0;
229} 234}
230 235
231static int cmp_bss(struct cfg80211_bss *a, 236static int cmp_bss(struct cfg80211_bss *a,
@@ -374,8 +379,7 @@ rb_find_bss(struct cfg80211_registered_device *dev,
374 379
375static struct cfg80211_internal_bss * 380static struct cfg80211_internal_bss *
376cfg80211_bss_update(struct cfg80211_registered_device *dev, 381cfg80211_bss_update(struct cfg80211_registered_device *dev,
377 struct cfg80211_internal_bss *res, 382 struct cfg80211_internal_bss *res)
378 bool overwrite)
379{ 383{
380 struct cfg80211_internal_bss *found = NULL; 384 struct cfg80211_internal_bss *found = NULL;
381 const u8 *meshid, *meshcfg; 385 const u8 *meshid, *meshcfg;
@@ -393,13 +397,14 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
393 397
394 if (is_zero_ether_addr(res->pub.bssid)) { 398 if (is_zero_ether_addr(res->pub.bssid)) {
395 /* must be mesh, verify */ 399 /* must be mesh, verify */
396 meshid = find_ie(WLAN_EID_MESH_ID, res->pub.information_elements, 400 meshid = cfg80211_find_ie(WLAN_EID_MESH_ID,
397 res->pub.len_information_elements); 401 res->pub.information_elements,
398 meshcfg = find_ie(WLAN_EID_MESH_CONFIG, 402 res->pub.len_information_elements);
399 res->pub.information_elements, 403 meshcfg = cfg80211_find_ie(WLAN_EID_MESH_CONFIG,
400 res->pub.len_information_elements); 404 res->pub.information_elements,
405 res->pub.len_information_elements);
401 if (!meshid || !meshcfg || 406 if (!meshid || !meshcfg ||
402 meshcfg[1] != IEEE80211_MESH_CONFIG_LEN) { 407 meshcfg[1] != sizeof(struct ieee80211_meshconf_ie)) {
403 /* bogus mesh */ 408 /* bogus mesh */
404 kref_put(&res->ref, bss_release); 409 kref_put(&res->ref, bss_release);
405 return NULL; 410 return NULL;
@@ -417,28 +422,64 @@ cfg80211_bss_update(struct cfg80211_registered_device *dev,
417 found->pub.capability = res->pub.capability; 422 found->pub.capability = res->pub.capability;
418 found->ts = res->ts; 423 found->ts = res->ts;
419 424
420 /* overwrite IEs */ 425 /* Update IEs */
421 if (overwrite) { 426 if (res->pub.proberesp_ies) {
422 size_t used = dev->wiphy.bss_priv_size + sizeof(*res); 427 size_t used = dev->wiphy.bss_priv_size + sizeof(*res);
423 size_t ielen = res->pub.len_information_elements; 428 size_t ielen = res->pub.len_proberesp_ies;
429
430 if (found->pub.proberesp_ies &&
431 !found->proberesp_ies_allocated &&
432 ksize(found) >= used + ielen) {
433 memcpy(found->pub.proberesp_ies,
434 res->pub.proberesp_ies, ielen);
435 found->pub.len_proberesp_ies = ielen;
436 } else {
437 u8 *ies = found->pub.proberesp_ies;
438
439 if (found->proberesp_ies_allocated)
440 ies = krealloc(ies, ielen, GFP_ATOMIC);
441 else
442 ies = kmalloc(ielen, GFP_ATOMIC);
424 443
425 if (!found->ies_allocated && ksize(found) >= used + ielen) { 444 if (ies) {
426 memcpy(found->pub.information_elements, 445 memcpy(ies, res->pub.proberesp_ies,
427 res->pub.information_elements, ielen); 446 ielen);
428 found->pub.len_information_elements = ielen; 447 found->proberesp_ies_allocated = true;
448 found->pub.proberesp_ies = ies;
449 found->pub.len_proberesp_ies = ielen;
450 }
451 }
452
453 /* Override possible earlier Beacon frame IEs */
454 found->pub.information_elements =
455 found->pub.proberesp_ies;
456 found->pub.len_information_elements =
457 found->pub.len_proberesp_ies;
458 }
459 if (res->pub.beacon_ies) {
460 size_t used = dev->wiphy.bss_priv_size + sizeof(*res);
461 size_t ielen = res->pub.len_beacon_ies;
462
463 if (found->pub.beacon_ies &&
464 !found->beacon_ies_allocated &&
465 ksize(found) >= used + ielen) {
466 memcpy(found->pub.beacon_ies,
467 res->pub.beacon_ies, ielen);
468 found->pub.len_beacon_ies = ielen;
429 } else { 469 } else {
430 u8 *ies = found->pub.information_elements; 470 u8 *ies = found->pub.beacon_ies;
431 471
432 if (found->ies_allocated) 472 if (found->beacon_ies_allocated)
433 ies = krealloc(ies, ielen, GFP_ATOMIC); 473 ies = krealloc(ies, ielen, GFP_ATOMIC);
434 else 474 else
435 ies = kmalloc(ielen, GFP_ATOMIC); 475 ies = kmalloc(ielen, GFP_ATOMIC);
436 476
437 if (ies) { 477 if (ies) {
438 memcpy(ies, res->pub.information_elements, ielen); 478 memcpy(ies, res->pub.beacon_ies,
439 found->ies_allocated = true; 479 ielen);
440 found->pub.information_elements = ies; 480 found->beacon_ies_allocated = true;
441 found->pub.len_information_elements = ielen; 481 found->pub.beacon_ies = ies;
482 found->pub.len_beacon_ies = ielen;
442 } 483 }
443 } 484 }
444 } 485 }
@@ -488,14 +529,26 @@ cfg80211_inform_bss(struct wiphy *wiphy,
488 res->pub.tsf = timestamp; 529 res->pub.tsf = timestamp;
489 res->pub.beacon_interval = beacon_interval; 530 res->pub.beacon_interval = beacon_interval;
490 res->pub.capability = capability; 531 res->pub.capability = capability;
491 /* point to after the private area */ 532 /*
492 res->pub.information_elements = (u8 *)res + sizeof(*res) + privsz; 533 * Since we do not know here whether the IEs are from a Beacon or Probe
493 memcpy(res->pub.information_elements, ie, ielen); 534 * Response frame, we need to pick one of the options and only use it
494 res->pub.len_information_elements = ielen; 535 * with the driver that does not provide the full Beacon/Probe Response
536 * frame. Use Beacon frame pointer to avoid indicating that this should
537 * override the information_elements pointer should we have received an
538 * earlier indication of Probe Response data.
539 *
540 * The initial buffer for the IEs is allocated with the BSS entry and
541 * is located after the private area.
542 */
543 res->pub.beacon_ies = (u8 *)res + sizeof(*res) + privsz;
544 memcpy(res->pub.beacon_ies, ie, ielen);
545 res->pub.len_beacon_ies = ielen;
546 res->pub.information_elements = res->pub.beacon_ies;
547 res->pub.len_information_elements = res->pub.len_beacon_ies;
495 548
496 kref_init(&res->ref); 549 kref_init(&res->ref);
497 550
498 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res, 0); 551 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res);
499 if (!res) 552 if (!res)
500 return NULL; 553 return NULL;
501 554
@@ -516,7 +569,6 @@ cfg80211_inform_bss_frame(struct wiphy *wiphy,
516 struct cfg80211_internal_bss *res; 569 struct cfg80211_internal_bss *res;
517 size_t ielen = len - offsetof(struct ieee80211_mgmt, 570 size_t ielen = len - offsetof(struct ieee80211_mgmt,
518 u.probe_resp.variable); 571 u.probe_resp.variable);
519 bool overwrite;
520 size_t privsz = wiphy->bss_priv_size; 572 size_t privsz = wiphy->bss_priv_size;
521 573
522 if (WARN_ON(wiphy->signal_type == NL80211_BSS_SIGNAL_UNSPEC && 574 if (WARN_ON(wiphy->signal_type == NL80211_BSS_SIGNAL_UNSPEC &&
@@ -537,16 +589,28 @@ cfg80211_inform_bss_frame(struct wiphy *wiphy,
537 res->pub.tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp); 589 res->pub.tsf = le64_to_cpu(mgmt->u.probe_resp.timestamp);
538 res->pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int); 590 res->pub.beacon_interval = le16_to_cpu(mgmt->u.probe_resp.beacon_int);
539 res->pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info); 591 res->pub.capability = le16_to_cpu(mgmt->u.probe_resp.capab_info);
540 /* point to after the private area */ 592 /*
541 res->pub.information_elements = (u8 *)res + sizeof(*res) + privsz; 593 * The initial buffer for the IEs is allocated with the BSS entry and
542 memcpy(res->pub.information_elements, mgmt->u.probe_resp.variable, ielen); 594 * is located after the private area.
543 res->pub.len_information_elements = ielen; 595 */
596 if (ieee80211_is_probe_resp(mgmt->frame_control)) {
597 res->pub.proberesp_ies = (u8 *) res + sizeof(*res) + privsz;
598 memcpy(res->pub.proberesp_ies, mgmt->u.probe_resp.variable,
599 ielen);
600 res->pub.len_proberesp_ies = ielen;
601 res->pub.information_elements = res->pub.proberesp_ies;
602 res->pub.len_information_elements = res->pub.len_proberesp_ies;
603 } else {
604 res->pub.beacon_ies = (u8 *) res + sizeof(*res) + privsz;
605 memcpy(res->pub.beacon_ies, mgmt->u.beacon.variable, ielen);
606 res->pub.len_beacon_ies = ielen;
607 res->pub.information_elements = res->pub.beacon_ies;
608 res->pub.len_information_elements = res->pub.len_beacon_ies;
609 }
544 610
545 kref_init(&res->ref); 611 kref_init(&res->ref);
546 612
547 overwrite = ieee80211_is_probe_resp(mgmt->frame_control); 613 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res);
548
549 res = cfg80211_bss_update(wiphy_to_dev(wiphy), res, overwrite);
550 if (!res) 614 if (!res)
551 return NULL; 615 return NULL;
552 616
@@ -592,7 +656,7 @@ void cfg80211_unlink_bss(struct wiphy *wiphy, struct cfg80211_bss *pub)
592} 656}
593EXPORT_SYMBOL(cfg80211_unlink_bss); 657EXPORT_SYMBOL(cfg80211_unlink_bss);
594 658
595#ifdef CONFIG_WIRELESS_EXT 659#ifdef CONFIG_CFG80211_WEXT
596int cfg80211_wext_siwscan(struct net_device *dev, 660int cfg80211_wext_siwscan(struct net_device *dev,
597 struct iw_request_info *info, 661 struct iw_request_info *info,
598 union iwreq_data *wrqu, char *extra) 662 union iwreq_data *wrqu, char *extra)
@@ -600,7 +664,7 @@ int cfg80211_wext_siwscan(struct net_device *dev,
600 struct cfg80211_registered_device *rdev; 664 struct cfg80211_registered_device *rdev;
601 struct wiphy *wiphy; 665 struct wiphy *wiphy;
602 struct iw_scan_req *wreq = NULL; 666 struct iw_scan_req *wreq = NULL;
603 struct cfg80211_scan_request *creq; 667 struct cfg80211_scan_request *creq = NULL;
604 int i, err, n_channels = 0; 668 int i, err, n_channels = 0;
605 enum ieee80211_band band; 669 enum ieee80211_band band;
606 670
@@ -650,9 +714,15 @@ int cfg80211_wext_siwscan(struct net_device *dev,
650 i = 0; 714 i = 0;
651 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 715 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
652 int j; 716 int j;
717
653 if (!wiphy->bands[band]) 718 if (!wiphy->bands[band])
654 continue; 719 continue;
720
655 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 721 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
722 /* ignore disabled channels */
723 if (wiphy->bands[band]->channels[j].flags &
724 IEEE80211_CHAN_DISABLED)
725 continue;
656 726
657 /* If we have a wireless request structure and the 727 /* If we have a wireless request structure and the
658 * wireless request specifies frequencies, then search 728 * wireless request specifies frequencies, then search
@@ -687,8 +757,10 @@ int cfg80211_wext_siwscan(struct net_device *dev,
687 /* translate "Scan for SSID" request */ 757 /* translate "Scan for SSID" request */
688 if (wreq) { 758 if (wreq) {
689 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) { 759 if (wrqu->data.flags & IW_SCAN_THIS_ESSID) {
690 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) 760 if (wreq->essid_len > IEEE80211_MAX_SSID_LEN) {
691 return -EINVAL; 761 err = -EINVAL;
762 goto out;
763 }
692 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len); 764 memcpy(creq->ssids[0].ssid, wreq->essid, wreq->essid_len);
693 creq->ssids[0].ssid_len = wreq->essid_len; 765 creq->ssids[0].ssid_len = wreq->essid_len;
694 } 766 }
@@ -700,12 +772,15 @@ int cfg80211_wext_siwscan(struct net_device *dev,
700 err = rdev->ops->scan(wiphy, dev, creq); 772 err = rdev->ops->scan(wiphy, dev, creq);
701 if (err) { 773 if (err) {
702 rdev->scan_req = NULL; 774 rdev->scan_req = NULL;
703 kfree(creq); 775 /* creq will be freed below */
704 } else { 776 } else {
705 nl80211_send_scan_start(rdev, dev); 777 nl80211_send_scan_start(rdev, dev);
778 /* creq now owned by driver */
779 creq = NULL;
706 dev_hold(dev); 780 dev_hold(dev);
707 } 781 }
708 out: 782 out:
783 kfree(creq);
709 cfg80211_unlock_rdev(rdev); 784 cfg80211_unlock_rdev(rdev);
710 return err; 785 return err;
711} 786}
@@ -859,7 +934,7 @@ ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
859 break; 934 break;
860 case WLAN_EID_MESH_CONFIG: 935 case WLAN_EID_MESH_CONFIG:
861 ismesh = true; 936 ismesh = true;
862 if (ie[1] != IEEE80211_MESH_CONFIG_LEN) 937 if (ie[1] != sizeof(struct ieee80211_meshconf_ie))
863 break; 938 break;
864 buf = kmalloc(50, GFP_ATOMIC); 939 buf = kmalloc(50, GFP_ATOMIC);
865 if (!buf) 940 if (!buf)
@@ -867,35 +942,40 @@ ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
867 cfg = ie + 2; 942 cfg = ie + 2;
868 memset(&iwe, 0, sizeof(iwe)); 943 memset(&iwe, 0, sizeof(iwe));
869 iwe.cmd = IWEVCUSTOM; 944 iwe.cmd = IWEVCUSTOM;
870 sprintf(buf, "Mesh network (version %d)", cfg[0]); 945 sprintf(buf, "Mesh Network Path Selection Protocol ID: "
946 "0x%02X", cfg[0]);
947 iwe.u.data.length = strlen(buf);
948 current_ev = iwe_stream_add_point(info, current_ev,
949 end_buf,
950 &iwe, buf);
951 sprintf(buf, "Path Selection Metric ID: 0x%02X",
952 cfg[1]);
953 iwe.u.data.length = strlen(buf);
954 current_ev = iwe_stream_add_point(info, current_ev,
955 end_buf,
956 &iwe, buf);
957 sprintf(buf, "Congestion Control Mode ID: 0x%02X",
958 cfg[2]);
871 iwe.u.data.length = strlen(buf); 959 iwe.u.data.length = strlen(buf);
872 current_ev = iwe_stream_add_point(info, current_ev, 960 current_ev = iwe_stream_add_point(info, current_ev,
873 end_buf, 961 end_buf,
874 &iwe, buf); 962 &iwe, buf);
875 sprintf(buf, "Path Selection Protocol ID: " 963 sprintf(buf, "Synchronization ID: 0x%02X", cfg[3]);
876 "0x%02X%02X%02X%02X", cfg[1], cfg[2], cfg[3],
877 cfg[4]);
878 iwe.u.data.length = strlen(buf); 964 iwe.u.data.length = strlen(buf);
879 current_ev = iwe_stream_add_point(info, current_ev, 965 current_ev = iwe_stream_add_point(info, current_ev,
880 end_buf, 966 end_buf,
881 &iwe, buf); 967 &iwe, buf);
882 sprintf(buf, "Path Selection Metric ID: " 968 sprintf(buf, "Authentication ID: 0x%02X", cfg[4]);
883 "0x%02X%02X%02X%02X", cfg[5], cfg[6], cfg[7],
884 cfg[8]);
885 iwe.u.data.length = strlen(buf); 969 iwe.u.data.length = strlen(buf);
886 current_ev = iwe_stream_add_point(info, current_ev, 970 current_ev = iwe_stream_add_point(info, current_ev,
887 end_buf, 971 end_buf,
888 &iwe, buf); 972 &iwe, buf);
889 sprintf(buf, "Congestion Control Mode ID: " 973 sprintf(buf, "Formation Info: 0x%02X", cfg[5]);
890 "0x%02X%02X%02X%02X", cfg[9], cfg[10],
891 cfg[11], cfg[12]);
892 iwe.u.data.length = strlen(buf); 974 iwe.u.data.length = strlen(buf);
893 current_ev = iwe_stream_add_point(info, current_ev, 975 current_ev = iwe_stream_add_point(info, current_ev,
894 end_buf, 976 end_buf,
895 &iwe, buf); 977 &iwe, buf);
896 sprintf(buf, "Channel Precedence: " 978 sprintf(buf, "Capabilities: 0x%02X", cfg[6]);
897 "0x%02X%02X%02X%02X", cfg[13], cfg[14],
898 cfg[15], cfg[16]);
899 iwe.u.data.length = strlen(buf); 979 iwe.u.data.length = strlen(buf);
900 current_ev = iwe_stream_add_point(info, current_ev, 980 current_ev = iwe_stream_add_point(info, current_ev,
901 end_buf, 981 end_buf,
@@ -925,8 +1005,8 @@ ieee80211_bss(struct wiphy *wiphy, struct iw_request_info *info,
925 ie += ie[1] + 2; 1005 ie += ie[1] + 2;
926 } 1006 }
927 1007
928 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) 1008 if (bss->pub.capability & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS) ||
929 || ismesh) { 1009 ismesh) {
930 memset(&iwe, 0, sizeof(iwe)); 1010 memset(&iwe, 0, sizeof(iwe));
931 iwe.cmd = SIOCGIWMODE; 1011 iwe.cmd = SIOCGIWMODE;
932 if (ismesh) 1012 if (ismesh)
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 9f0b2800a9d7..f4dfd5f5f2ea 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -7,6 +7,7 @@
7 7
8#include <linux/etherdevice.h> 8#include <linux/etherdevice.h>
9#include <linux/if_arp.h> 9#include <linux/if_arp.h>
10#include <linux/slab.h>
10#include <linux/workqueue.h> 11#include <linux/workqueue.h>
11#include <linux/wireless.h> 12#include <linux/wireless.h>
12#include <net/iw_handler.h> 13#include <net/iw_handler.h>
@@ -34,6 +35,44 @@ struct cfg80211_conn {
34 bool auto_auth, prev_bssid_valid; 35 bool auto_auth, prev_bssid_valid;
35}; 36};
36 37
38bool cfg80211_is_all_idle(void)
39{
40 struct cfg80211_registered_device *rdev;
41 struct wireless_dev *wdev;
42 bool is_all_idle = true;
43
44 mutex_lock(&cfg80211_mutex);
45
46 /*
47 * All devices must be idle as otherwise if you are actively
48 * scanning some new beacon hints could be learned and would
49 * count as new regulatory hints.
50 */
51 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
52 cfg80211_lock_rdev(rdev);
53 list_for_each_entry(wdev, &rdev->netdev_list, list) {
54 wdev_lock(wdev);
55 if (wdev->sme_state != CFG80211_SME_IDLE)
56 is_all_idle = false;
57 wdev_unlock(wdev);
58 }
59 cfg80211_unlock_rdev(rdev);
60 }
61
62 mutex_unlock(&cfg80211_mutex);
63
64 return is_all_idle;
65}
66
67static void disconnect_work(struct work_struct *work)
68{
69 if (!cfg80211_is_all_idle())
70 return;
71
72 regulatory_hint_disconnect();
73}
74
75static DECLARE_WORK(cfg80211_disconnect_work, disconnect_work);
37 76
38static int cfg80211_conn_scan(struct wireless_dev *wdev) 77static int cfg80211_conn_scan(struct wireless_dev *wdev)
39{ 78{
@@ -365,7 +404,7 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
365{ 404{
366 struct wireless_dev *wdev = dev->ieee80211_ptr; 405 struct wireless_dev *wdev = dev->ieee80211_ptr;
367 u8 *country_ie; 406 u8 *country_ie;
368#ifdef CONFIG_WIRELESS_EXT 407#ifdef CONFIG_CFG80211_WEXT
369 union iwreq_data wrqu; 408 union iwreq_data wrqu;
370#endif 409#endif
371 410
@@ -382,7 +421,7 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
382 resp_ie, resp_ie_len, 421 resp_ie, resp_ie_len,
383 status, GFP_KERNEL); 422 status, GFP_KERNEL);
384 423
385#ifdef CONFIG_WIRELESS_EXT 424#ifdef CONFIG_CFG80211_WEXT
386 if (wextev) { 425 if (wextev) {
387 if (req_ie && status == WLAN_STATUS_SUCCESS) { 426 if (req_ie && status == WLAN_STATUS_SUCCESS) {
388 memset(&wrqu, 0, sizeof(wrqu)); 427 memset(&wrqu, 0, sizeof(wrqu));
@@ -454,6 +493,7 @@ void __cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
454 * - and country_ie[1] which is the IE length 493 * - and country_ie[1] which is the IE length
455 */ 494 */
456 regulatory_hint_11d(wdev->wiphy, 495 regulatory_hint_11d(wdev->wiphy,
496 bss->channel->band,
457 country_ie + 2, 497 country_ie + 2,
458 country_ie[1]); 498 country_ie[1]);
459} 499}
@@ -488,7 +528,7 @@ void cfg80211_connect_result(struct net_device *dev, const u8 *bssid,
488 spin_lock_irqsave(&wdev->event_lock, flags); 528 spin_lock_irqsave(&wdev->event_lock, flags);
489 list_add_tail(&ev->list, &wdev->event_list); 529 list_add_tail(&ev->list, &wdev->event_list);
490 spin_unlock_irqrestore(&wdev->event_lock, flags); 530 spin_unlock_irqrestore(&wdev->event_lock, flags);
491 schedule_work(&rdev->event_work); 531 queue_work(cfg80211_wq, &rdev->event_work);
492} 532}
493EXPORT_SYMBOL(cfg80211_connect_result); 533EXPORT_SYMBOL(cfg80211_connect_result);
494 534
@@ -497,7 +537,7 @@ void __cfg80211_roamed(struct wireless_dev *wdev, const u8 *bssid,
497 const u8 *resp_ie, size_t resp_ie_len) 537 const u8 *resp_ie, size_t resp_ie_len)
498{ 538{
499 struct cfg80211_bss *bss; 539 struct cfg80211_bss *bss;
500#ifdef CONFIG_WIRELESS_EXT 540#ifdef CONFIG_CFG80211_WEXT
501 union iwreq_data wrqu; 541 union iwreq_data wrqu;
502#endif 542#endif
503 543
@@ -532,7 +572,7 @@ void __cfg80211_roamed(struct wireless_dev *wdev, const u8 *bssid,
532 req_ie, req_ie_len, resp_ie, resp_ie_len, 572 req_ie, req_ie_len, resp_ie, resp_ie_len,
533 GFP_KERNEL); 573 GFP_KERNEL);
534 574
535#ifdef CONFIG_WIRELESS_EXT 575#ifdef CONFIG_CFG80211_WEXT
536 if (req_ie) { 576 if (req_ie) {
537 memset(&wrqu, 0, sizeof(wrqu)); 577 memset(&wrqu, 0, sizeof(wrqu));
538 wrqu.data.length = req_ie_len; 578 wrqu.data.length = req_ie_len;
@@ -583,7 +623,7 @@ void cfg80211_roamed(struct net_device *dev, const u8 *bssid,
583 spin_lock_irqsave(&wdev->event_lock, flags); 623 spin_lock_irqsave(&wdev->event_lock, flags);
584 list_add_tail(&ev->list, &wdev->event_list); 624 list_add_tail(&ev->list, &wdev->event_list);
585 spin_unlock_irqrestore(&wdev->event_lock, flags); 625 spin_unlock_irqrestore(&wdev->event_lock, flags);
586 schedule_work(&rdev->event_work); 626 queue_work(cfg80211_wq, &rdev->event_work);
587} 627}
588EXPORT_SYMBOL(cfg80211_roamed); 628EXPORT_SYMBOL(cfg80211_roamed);
589 629
@@ -593,7 +633,7 @@ void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
593 struct wireless_dev *wdev = dev->ieee80211_ptr; 633 struct wireless_dev *wdev = dev->ieee80211_ptr;
594 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 634 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
595 int i; 635 int i;
596#ifdef CONFIG_WIRELESS_EXT 636#ifdef CONFIG_CFG80211_WEXT
597 union iwreq_data wrqu; 637 union iwreq_data wrqu;
598#endif 638#endif
599 639
@@ -651,11 +691,14 @@ void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
651 for (i = 0; i < 6; i++) 691 for (i = 0; i < 6; i++)
652 rdev->ops->del_key(wdev->wiphy, dev, i, NULL); 692 rdev->ops->del_key(wdev->wiphy, dev, i, NULL);
653 693
654#ifdef CONFIG_WIRELESS_EXT 694#ifdef CONFIG_CFG80211_WEXT
655 memset(&wrqu, 0, sizeof(wrqu)); 695 memset(&wrqu, 0, sizeof(wrqu));
656 wrqu.ap_addr.sa_family = ARPHRD_ETHER; 696 wrqu.ap_addr.sa_family = ARPHRD_ETHER;
657 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL); 697 wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
698 wdev->wext.connect.ssid_len = 0;
658#endif 699#endif
700
701 schedule_work(&cfg80211_disconnect_work);
659} 702}
660 703
661void cfg80211_disconnected(struct net_device *dev, u16 reason, 704void cfg80211_disconnected(struct net_device *dev, u16 reason,
@@ -681,7 +724,7 @@ void cfg80211_disconnected(struct net_device *dev, u16 reason,
681 spin_lock_irqsave(&wdev->event_lock, flags); 724 spin_lock_irqsave(&wdev->event_lock, flags);
682 list_add_tail(&ev->list, &wdev->event_list); 725 list_add_tail(&ev->list, &wdev->event_list);
683 spin_unlock_irqrestore(&wdev->event_lock, flags); 726 spin_unlock_irqrestore(&wdev->event_lock, flags);
684 schedule_work(&rdev->event_work); 727 queue_work(cfg80211_wq, &rdev->event_work);
685} 728}
686EXPORT_SYMBOL(cfg80211_disconnected); 729EXPORT_SYMBOL(cfg80211_disconnected);
687 730
diff --git a/net/wireless/sysfs.c b/net/wireless/sysfs.c
index efe3c5c92b2d..9f2cef3e0ca0 100644
--- a/net/wireless/sysfs.c
+++ b/net/wireless/sysfs.c
@@ -33,10 +33,30 @@ static ssize_t name ## _show(struct device *dev, \
33 33
34SHOW_FMT(index, "%d", wiphy_idx); 34SHOW_FMT(index, "%d", wiphy_idx);
35SHOW_FMT(macaddress, "%pM", wiphy.perm_addr); 35SHOW_FMT(macaddress, "%pM", wiphy.perm_addr);
36SHOW_FMT(address_mask, "%pM", wiphy.addr_mask);
37
38static ssize_t addresses_show(struct device *dev,
39 struct device_attribute *attr,
40 char *buf)
41{
42 struct wiphy *wiphy = &dev_to_rdev(dev)->wiphy;
43 char *start = buf;
44 int i;
45
46 if (!wiphy->addresses)
47 return sprintf(buf, "%pM\n", wiphy->perm_addr);
48
49 for (i = 0; i < wiphy->n_addresses; i++)
50 buf += sprintf(buf, "%pM\n", &wiphy->addresses[i].addr);
51
52 return buf - start;
53}
36 54
37static struct device_attribute ieee80211_dev_attrs[] = { 55static struct device_attribute ieee80211_dev_attrs[] = {
38 __ATTR_RO(index), 56 __ATTR_RO(index),
39 __ATTR_RO(macaddress), 57 __ATTR_RO(macaddress),
58 __ATTR_RO(address_mask),
59 __ATTR_RO(addresses),
40 {} 60 {}
41}; 61};
42 62
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 3fc2df86278f..d3574a4eb3ba 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -5,6 +5,7 @@
5 */ 5 */
6#include <linux/bitops.h> 6#include <linux/bitops.h>
7#include <linux/etherdevice.h> 7#include <linux/etherdevice.h>
8#include <linux/slab.h>
8#include <net/cfg80211.h> 9#include <net/cfg80211.h>
9#include <net/ip.h> 10#include <net/ip.h>
10#include "core.h" 11#include "core.h"
@@ -227,8 +228,11 @@ unsigned int ieee80211_hdrlen(__le16 fc)
227 if (ieee80211_is_data(fc)) { 228 if (ieee80211_is_data(fc)) {
228 if (ieee80211_has_a4(fc)) 229 if (ieee80211_has_a4(fc))
229 hdrlen = 30; 230 hdrlen = 30;
230 if (ieee80211_is_data_qos(fc)) 231 if (ieee80211_is_data_qos(fc)) {
231 hdrlen += IEEE80211_QOS_CTL_LEN; 232 hdrlen += IEEE80211_QOS_CTL_LEN;
233 if (ieee80211_has_order(fc))
234 hdrlen += IEEE80211_HT_CTL_LEN;
235 }
232 goto out; 236 goto out;
233 } 237 }
234 238
@@ -285,7 +289,7 @@ static int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr)
285 } 289 }
286} 290}
287 291
288int ieee80211_data_to_8023(struct sk_buff *skb, u8 *addr, 292int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
289 enum nl80211_iftype iftype) 293 enum nl80211_iftype iftype)
290{ 294{
291 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 295 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
@@ -320,7 +324,9 @@ int ieee80211_data_to_8023(struct sk_buff *skb, u8 *addr,
320 break; 324 break;
321 case cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS): 325 case cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS):
322 if (unlikely(iftype != NL80211_IFTYPE_WDS && 326 if (unlikely(iftype != NL80211_IFTYPE_WDS &&
323 iftype != NL80211_IFTYPE_MESH_POINT)) 327 iftype != NL80211_IFTYPE_MESH_POINT &&
328 iftype != NL80211_IFTYPE_AP_VLAN &&
329 iftype != NL80211_IFTYPE_STATION))
324 return -1; 330 return -1;
325 if (iftype == NL80211_IFTYPE_MESH_POINT) { 331 if (iftype == NL80211_IFTYPE_MESH_POINT) {
326 struct ieee80211s_hdr *meshdr = 332 struct ieee80211s_hdr *meshdr =
@@ -381,7 +387,7 @@ int ieee80211_data_to_8023(struct sk_buff *skb, u8 *addr,
381} 387}
382EXPORT_SYMBOL(ieee80211_data_to_8023); 388EXPORT_SYMBOL(ieee80211_data_to_8023);
383 389
384int ieee80211_data_from_8023(struct sk_buff *skb, u8 *addr, 390int ieee80211_data_from_8023(struct sk_buff *skb, const u8 *addr,
385 enum nl80211_iftype iftype, u8 *bssid, bool qos) 391 enum nl80211_iftype iftype, u8 *bssid, bool qos)
386{ 392{
387 struct ieee80211_hdr hdr; 393 struct ieee80211_hdr hdr;
@@ -495,6 +501,101 @@ int ieee80211_data_from_8023(struct sk_buff *skb, u8 *addr,
495} 501}
496EXPORT_SYMBOL(ieee80211_data_from_8023); 502EXPORT_SYMBOL(ieee80211_data_from_8023);
497 503
504
505void ieee80211_amsdu_to_8023s(struct sk_buff *skb, struct sk_buff_head *list,
506 const u8 *addr, enum nl80211_iftype iftype,
507 const unsigned int extra_headroom)
508{
509 struct sk_buff *frame = NULL;
510 u16 ethertype;
511 u8 *payload;
512 const struct ethhdr *eth;
513 int remaining, err;
514 u8 dst[ETH_ALEN], src[ETH_ALEN];
515
516 err = ieee80211_data_to_8023(skb, addr, iftype);
517 if (err)
518 goto out;
519
520 /* skip the wrapping header */
521 eth = (struct ethhdr *) skb_pull(skb, sizeof(struct ethhdr));
522 if (!eth)
523 goto out;
524
525 while (skb != frame) {
526 u8 padding;
527 __be16 len = eth->h_proto;
528 unsigned int subframe_len = sizeof(struct ethhdr) + ntohs(len);
529
530 remaining = skb->len;
531 memcpy(dst, eth->h_dest, ETH_ALEN);
532 memcpy(src, eth->h_source, ETH_ALEN);
533
534 padding = (4 - subframe_len) & 0x3;
535 /* the last MSDU has no padding */
536 if (subframe_len > remaining)
537 goto purge;
538
539 skb_pull(skb, sizeof(struct ethhdr));
540 /* reuse skb for the last subframe */
541 if (remaining <= subframe_len + padding)
542 frame = skb;
543 else {
544 unsigned int hlen = ALIGN(extra_headroom, 4);
545 /*
546 * Allocate and reserve two bytes more for payload
547 * alignment since sizeof(struct ethhdr) is 14.
548 */
549 frame = dev_alloc_skb(hlen + subframe_len + 2);
550 if (!frame)
551 goto purge;
552
553 skb_reserve(frame, hlen + sizeof(struct ethhdr) + 2);
554 memcpy(skb_put(frame, ntohs(len)), skb->data,
555 ntohs(len));
556
557 eth = (struct ethhdr *)skb_pull(skb, ntohs(len) +
558 padding);
559 if (!eth) {
560 dev_kfree_skb(frame);
561 goto purge;
562 }
563 }
564
565 skb_reset_network_header(frame);
566 frame->dev = skb->dev;
567 frame->priority = skb->priority;
568
569 payload = frame->data;
570 ethertype = (payload[6] << 8) | payload[7];
571
572 if (likely((compare_ether_addr(payload, rfc1042_header) == 0 &&
573 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) ||
574 compare_ether_addr(payload,
575 bridge_tunnel_header) == 0)) {
576 /* remove RFC1042 or Bridge-Tunnel
577 * encapsulation and replace EtherType */
578 skb_pull(frame, 6);
579 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
580 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
581 } else {
582 memcpy(skb_push(frame, sizeof(__be16)), &len,
583 sizeof(__be16));
584 memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN);
585 memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN);
586 }
587 __skb_queue_tail(list, frame);
588 }
589
590 return;
591
592 purge:
593 __skb_queue_purge(list);
594 out:
595 dev_kfree_skb(skb);
596}
597EXPORT_SYMBOL(ieee80211_amsdu_to_8023s);
598
498/* Given a data frame determine the 802.1p/1d tag to use. */ 599/* Given a data frame determine the 802.1p/1d tag to use. */
499unsigned int cfg80211_classify8021d(struct sk_buff *skb) 600unsigned int cfg80211_classify8021d(struct sk_buff *skb)
500{ 601{
@@ -656,7 +757,14 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
656 !(rdev->wiphy.interface_modes & (1 << ntype))) 757 !(rdev->wiphy.interface_modes & (1 << ntype)))
657 return -EOPNOTSUPP; 758 return -EOPNOTSUPP;
658 759
760 /* if it's part of a bridge, reject changing type to station/ibss */
761 if (dev->br_port && (ntype == NL80211_IFTYPE_ADHOC ||
762 ntype == NL80211_IFTYPE_STATION))
763 return -EBUSY;
764
659 if (ntype != otype) { 765 if (ntype != otype) {
766 dev->ieee80211_ptr->use_4addr = false;
767
660 switch (otype) { 768 switch (otype) {
661 case NL80211_IFTYPE_ADHOC: 769 case NL80211_IFTYPE_ADHOC:
662 cfg80211_leave_ibss(rdev, dev, false); 770 cfg80211_leave_ibss(rdev, dev, false);
@@ -680,5 +788,67 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev,
680 788
681 WARN_ON(!err && dev->ieee80211_ptr->iftype != ntype); 789 WARN_ON(!err && dev->ieee80211_ptr->iftype != ntype);
682 790
791 if (!err && params && params->use_4addr != -1)
792 dev->ieee80211_ptr->use_4addr = params->use_4addr;
793
794 if (!err) {
795 dev->priv_flags &= ~IFF_DONT_BRIDGE;
796 switch (ntype) {
797 case NL80211_IFTYPE_STATION:
798 if (dev->ieee80211_ptr->use_4addr)
799 break;
800 /* fall through */
801 case NL80211_IFTYPE_ADHOC:
802 dev->priv_flags |= IFF_DONT_BRIDGE;
803 break;
804 case NL80211_IFTYPE_AP:
805 case NL80211_IFTYPE_AP_VLAN:
806 case NL80211_IFTYPE_WDS:
807 case NL80211_IFTYPE_MESH_POINT:
808 /* bridging OK */
809 break;
810 case NL80211_IFTYPE_MONITOR:
811 /* monitor can't bridge anyway */
812 break;
813 case NL80211_IFTYPE_UNSPECIFIED:
814 case __NL80211_IFTYPE_AFTER_LAST:
815 /* not happening */
816 break;
817 }
818 }
819
683 return err; 820 return err;
684} 821}
822
823u16 cfg80211_calculate_bitrate(struct rate_info *rate)
824{
825 int modulation, streams, bitrate;
826
827 if (!(rate->flags & RATE_INFO_FLAGS_MCS))
828 return rate->legacy;
829
830 /* the formula below does only work for MCS values smaller than 32 */
831 if (rate->mcs >= 32)
832 return 0;
833
834 modulation = rate->mcs & 7;
835 streams = (rate->mcs >> 3) + 1;
836
837 bitrate = (rate->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) ?
838 13500000 : 6500000;
839
840 if (modulation < 4)
841 bitrate *= (modulation + 1);
842 else if (modulation == 4)
843 bitrate *= (modulation + 2);
844 else
845 bitrate *= (modulation + 3);
846
847 bitrate *= streams;
848
849 if (rate->flags & RATE_INFO_FLAGS_SHORT_GI)
850 bitrate = (bitrate / 9) * 10;
851
852 /* do NOT round down here */
853 return (bitrate + 50000) / 100000;
854}
diff --git a/net/wireless/wext-compat.c b/net/wireless/wext-compat.c
index 561a45cf2a6a..a60a2773b497 100644
--- a/net/wireless/wext-compat.c
+++ b/net/wireless/wext-compat.c
@@ -12,6 +12,7 @@
12#include <linux/nl80211.h> 12#include <linux/nl80211.h>
13#include <linux/if_arp.h> 13#include <linux/if_arp.h>
14#include <linux/etherdevice.h> 14#include <linux/etherdevice.h>
15#include <linux/slab.h>
15#include <net/iw_handler.h> 16#include <net/iw_handler.h>
16#include <net/cfg80211.h> 17#include <net/cfg80211.h>
17#include "wext-compat.h" 18#include "wext-compat.h"
@@ -437,6 +438,7 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
437{ 438{
438 struct wireless_dev *wdev = dev->ieee80211_ptr; 439 struct wireless_dev *wdev = dev->ieee80211_ptr;
439 int err, i; 440 int err, i;
441 bool rejoin = false;
440 442
441 if (!wdev->wext.keys) { 443 if (!wdev->wext.keys) {
442 wdev->wext.keys = kzalloc(sizeof(*wdev->wext.keys), 444 wdev->wext.keys = kzalloc(sizeof(*wdev->wext.keys),
@@ -466,8 +468,25 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
466 468
467 if (remove) { 469 if (remove) {
468 err = 0; 470 err = 0;
469 if (wdev->current_bss) 471 if (wdev->current_bss) {
472 /*
473 * If removing the current TX key, we will need to
474 * join a new IBSS without the privacy bit clear.
475 */
476 if (idx == wdev->wext.default_key &&
477 wdev->iftype == NL80211_IFTYPE_ADHOC) {
478 __cfg80211_leave_ibss(rdev, wdev->netdev, true);
479 rejoin = true;
480 }
470 err = rdev->ops->del_key(&rdev->wiphy, dev, idx, addr); 481 err = rdev->ops->del_key(&rdev->wiphy, dev, idx, addr);
482 }
483 wdev->wext.connect.privacy = false;
484 /*
485 * Applications using wireless extensions expect to be
486 * able to delete keys that don't exist, so allow that.
487 */
488 if (err == -ENOENT)
489 err = 0;
471 if (!err) { 490 if (!err) {
472 if (!addr) { 491 if (!addr) {
473 wdev->wext.keys->params[idx].key_len = 0; 492 wdev->wext.keys->params[idx].key_len = 0;
@@ -478,12 +497,9 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
478 else if (idx == wdev->wext.default_mgmt_key) 497 else if (idx == wdev->wext.default_mgmt_key)
479 wdev->wext.default_mgmt_key = -1; 498 wdev->wext.default_mgmt_key = -1;
480 } 499 }
481 /* 500
482 * Applications using wireless extensions expect to be 501 if (!err && rejoin)
483 * able to delete keys that don't exist, so allow that. 502 err = cfg80211_ibss_wext_join(rdev, wdev);
484 */
485 if (err == -ENOENT)
486 return 0;
487 503
488 return err; 504 return err;
489 } 505 }
@@ -511,11 +527,25 @@ static int __cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
511 if ((params->cipher == WLAN_CIPHER_SUITE_WEP40 || 527 if ((params->cipher == WLAN_CIPHER_SUITE_WEP40 ||
512 params->cipher == WLAN_CIPHER_SUITE_WEP104) && 528 params->cipher == WLAN_CIPHER_SUITE_WEP104) &&
513 (tx_key || (!addr && wdev->wext.default_key == -1))) { 529 (tx_key || (!addr && wdev->wext.default_key == -1))) {
514 if (wdev->current_bss) 530 if (wdev->current_bss) {
531 /*
532 * If we are getting a new TX key from not having
533 * had one before we need to join a new IBSS with
534 * the privacy bit set.
535 */
536 if (wdev->iftype == NL80211_IFTYPE_ADHOC &&
537 wdev->wext.default_key == -1) {
538 __cfg80211_leave_ibss(rdev, wdev->netdev, true);
539 rejoin = true;
540 }
515 err = rdev->ops->set_default_key(&rdev->wiphy, 541 err = rdev->ops->set_default_key(&rdev->wiphy,
516 dev, idx); 542 dev, idx);
517 if (!err) 543 }
544 if (!err) {
518 wdev->wext.default_key = idx; 545 wdev->wext.default_key = idx;
546 if (rejoin)
547 err = cfg80211_ibss_wext_join(rdev, wdev);
548 }
519 return err; 549 return err;
520 } 550 }
521 551
@@ -539,10 +569,13 @@ static int cfg80211_set_encryption(struct cfg80211_registered_device *rdev,
539{ 569{
540 int err; 570 int err;
541 571
572 /* devlist mutex needed for possible IBSS re-join */
573 mutex_lock(&rdev->devlist_mtx);
542 wdev_lock(dev->ieee80211_ptr); 574 wdev_lock(dev->ieee80211_ptr);
543 err = __cfg80211_set_encryption(rdev, dev, addr, remove, 575 err = __cfg80211_set_encryption(rdev, dev, addr, remove,
544 tx_key, idx, params); 576 tx_key, idx, params);
545 wdev_unlock(dev->ieee80211_ptr); 577 wdev_unlock(dev->ieee80211_ptr);
578 mutex_unlock(&rdev->devlist_mtx);
546 579
547 return err; 580 return err;
548} 581}
@@ -904,8 +937,6 @@ static int cfg80211_set_auth_alg(struct wireless_dev *wdev,
904 937
905static int cfg80211_set_wpa_version(struct wireless_dev *wdev, u32 wpa_versions) 938static int cfg80211_set_wpa_version(struct wireless_dev *wdev, u32 wpa_versions)
906{ 939{
907 wdev->wext.connect.crypto.wpa_versions = 0;
908
909 if (wpa_versions & ~(IW_AUTH_WPA_VERSION_WPA | 940 if (wpa_versions & ~(IW_AUTH_WPA_VERSION_WPA |
910 IW_AUTH_WPA_VERSION_WPA2| 941 IW_AUTH_WPA_VERSION_WPA2|
911 IW_AUTH_WPA_VERSION_DISABLED)) 942 IW_AUTH_WPA_VERSION_DISABLED))
@@ -933,8 +964,6 @@ static int cfg80211_set_wpa_version(struct wireless_dev *wdev, u32 wpa_versions)
933 964
934static int cfg80211_set_cipher_group(struct wireless_dev *wdev, u32 cipher) 965static int cfg80211_set_cipher_group(struct wireless_dev *wdev, u32 cipher)
935{ 966{
936 wdev->wext.connect.crypto.cipher_group = 0;
937
938 if (cipher & IW_AUTH_CIPHER_WEP40) 967 if (cipher & IW_AUTH_CIPHER_WEP40)
939 wdev->wext.connect.crypto.cipher_group = 968 wdev->wext.connect.crypto.cipher_group =
940 WLAN_CIPHER_SUITE_WEP40; 969 WLAN_CIPHER_SUITE_WEP40;
@@ -950,6 +979,8 @@ static int cfg80211_set_cipher_group(struct wireless_dev *wdev, u32 cipher)
950 else if (cipher & IW_AUTH_CIPHER_AES_CMAC) 979 else if (cipher & IW_AUTH_CIPHER_AES_CMAC)
951 wdev->wext.connect.crypto.cipher_group = 980 wdev->wext.connect.crypto.cipher_group =
952 WLAN_CIPHER_SUITE_AES_CMAC; 981 WLAN_CIPHER_SUITE_AES_CMAC;
982 else if (cipher & IW_AUTH_CIPHER_NONE)
983 wdev->wext.connect.crypto.cipher_group = 0;
953 else 984 else
954 return -EINVAL; 985 return -EINVAL;
955 986
@@ -1069,8 +1100,8 @@ int cfg80211_wext_siwpower(struct net_device *dev,
1069{ 1100{
1070 struct wireless_dev *wdev = dev->ieee80211_ptr; 1101 struct wireless_dev *wdev = dev->ieee80211_ptr;
1071 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 1102 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
1072 bool ps = wdev->wext.ps; 1103 bool ps = wdev->ps;
1073 int timeout = wdev->wext.ps_timeout; 1104 int timeout = wdev->ps_timeout;
1074 int err; 1105 int err;
1075 1106
1076 if (wdev->iftype != NL80211_IFTYPE_STATION) 1107 if (wdev->iftype != NL80211_IFTYPE_STATION)
@@ -1103,8 +1134,8 @@ int cfg80211_wext_siwpower(struct net_device *dev,
1103 if (err) 1134 if (err)
1104 return err; 1135 return err;
1105 1136
1106 wdev->wext.ps = ps; 1137 wdev->ps = ps;
1107 wdev->wext.ps_timeout = timeout; 1138 wdev->ps_timeout = timeout;
1108 1139
1109 return 0; 1140 return 0;
1110 1141
@@ -1117,7 +1148,7 @@ int cfg80211_wext_giwpower(struct net_device *dev,
1117{ 1148{
1118 struct wireless_dev *wdev = dev->ieee80211_ptr; 1149 struct wireless_dev *wdev = dev->ieee80211_ptr;
1119 1150
1120 wrq->disabled = !wdev->wext.ps; 1151 wrq->disabled = !wdev->ps;
1121 1152
1122 return 0; 1153 return 0;
1123} 1154}
@@ -1174,21 +1205,47 @@ int cfg80211_wext_siwrate(struct net_device *dev,
1174 struct wireless_dev *wdev = dev->ieee80211_ptr; 1205 struct wireless_dev *wdev = dev->ieee80211_ptr;
1175 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy); 1206 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
1176 struct cfg80211_bitrate_mask mask; 1207 struct cfg80211_bitrate_mask mask;
1208 u32 fixed, maxrate;
1209 struct ieee80211_supported_band *sband;
1210 int band, ridx;
1211 bool match = false;
1177 1212
1178 if (!rdev->ops->set_bitrate_mask) 1213 if (!rdev->ops->set_bitrate_mask)
1179 return -EOPNOTSUPP; 1214 return -EOPNOTSUPP;
1180 1215
1181 mask.fixed = 0; 1216 memset(&mask, 0, sizeof(mask));
1182 mask.maxrate = 0; 1217 fixed = 0;
1218 maxrate = (u32)-1;
1183 1219
1184 if (rate->value < 0) { 1220 if (rate->value < 0) {
1185 /* nothing */ 1221 /* nothing */
1186 } else if (rate->fixed) { 1222 } else if (rate->fixed) {
1187 mask.fixed = rate->value / 1000; /* kbps */ 1223 fixed = rate->value / 100000;
1188 } else { 1224 } else {
1189 mask.maxrate = rate->value / 1000; /* kbps */ 1225 maxrate = rate->value / 100000;
1190 } 1226 }
1191 1227
1228 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
1229 sband = wdev->wiphy->bands[band];
1230 if (sband == NULL)
1231 continue;
1232 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
1233 struct ieee80211_rate *srate = &sband->bitrates[ridx];
1234 if (fixed == srate->bitrate) {
1235 mask.control[band].legacy = 1 << ridx;
1236 match = true;
1237 break;
1238 }
1239 if (srate->bitrate <= maxrate) {
1240 mask.control[band].legacy |= 1 << ridx;
1241 match = true;
1242 }
1243 }
1244 }
1245
1246 if (!match)
1247 return -EINVAL;
1248
1192 return rdev->ops->set_bitrate_mask(wdev->wiphy, dev, NULL, &mask); 1249 return rdev->ops->set_bitrate_mask(wdev->wiphy, dev, NULL, &mask);
1193} 1250}
1194EXPORT_SYMBOL_GPL(cfg80211_wext_siwrate); 1251EXPORT_SYMBOL_GPL(cfg80211_wext_siwrate);
@@ -1227,10 +1284,7 @@ int cfg80211_wext_giwrate(struct net_device *dev,
1227 if (!(sinfo.filled & STATION_INFO_TX_BITRATE)) 1284 if (!(sinfo.filled & STATION_INFO_TX_BITRATE))
1228 return -EOPNOTSUPP; 1285 return -EOPNOTSUPP;
1229 1286
1230 rate->value = 0; 1287 rate->value = 100000 * cfg80211_calculate_bitrate(&sinfo.txrate);
1231
1232 if (!(sinfo.txrate.flags & RATE_INFO_FLAGS_MCS))
1233 rate->value = 100000 * sinfo.txrate.legacy;
1234 1288
1235 return 0; 1289 return 0;
1236} 1290}
@@ -1372,6 +1426,47 @@ int cfg80211_wext_giwessid(struct net_device *dev,
1372} 1426}
1373EXPORT_SYMBOL_GPL(cfg80211_wext_giwessid); 1427EXPORT_SYMBOL_GPL(cfg80211_wext_giwessid);
1374 1428
1429int cfg80211_wext_siwpmksa(struct net_device *dev,
1430 struct iw_request_info *info,
1431 struct iw_point *data, char *extra)
1432{
1433 struct wireless_dev *wdev = dev->ieee80211_ptr;
1434 struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
1435 struct cfg80211_pmksa cfg_pmksa;
1436 struct iw_pmksa *pmksa = (struct iw_pmksa *)extra;
1437
1438 memset(&cfg_pmksa, 0, sizeof(struct cfg80211_pmksa));
1439
1440 if (wdev->iftype != NL80211_IFTYPE_STATION)
1441 return -EINVAL;
1442
1443 cfg_pmksa.bssid = pmksa->bssid.sa_data;
1444 cfg_pmksa.pmkid = pmksa->pmkid;
1445
1446 switch (pmksa->cmd) {
1447 case IW_PMKSA_ADD:
1448 if (!rdev->ops->set_pmksa)
1449 return -EOPNOTSUPP;
1450
1451 return rdev->ops->set_pmksa(&rdev->wiphy, dev, &cfg_pmksa);
1452
1453 case IW_PMKSA_REMOVE:
1454 if (!rdev->ops->del_pmksa)
1455 return -EOPNOTSUPP;
1456
1457 return rdev->ops->del_pmksa(&rdev->wiphy, dev, &cfg_pmksa);
1458
1459 case IW_PMKSA_FLUSH:
1460 if (!rdev->ops->flush_pmksa)
1461 return -EOPNOTSUPP;
1462
1463 return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
1464
1465 default:
1466 return -EOPNOTSUPP;
1467 }
1468}
1469
1375static const iw_handler cfg80211_handlers[] = { 1470static const iw_handler cfg80211_handlers[] = {
1376 [IW_IOCTL_IDX(SIOCGIWNAME)] = (iw_handler) cfg80211_wext_giwname, 1471 [IW_IOCTL_IDX(SIOCGIWNAME)] = (iw_handler) cfg80211_wext_giwname,
1377 [IW_IOCTL_IDX(SIOCSIWFREQ)] = (iw_handler) cfg80211_wext_siwfreq, 1472 [IW_IOCTL_IDX(SIOCSIWFREQ)] = (iw_handler) cfg80211_wext_siwfreq,
@@ -1404,6 +1499,7 @@ static const iw_handler cfg80211_handlers[] = {
1404 [IW_IOCTL_IDX(SIOCSIWAUTH)] = (iw_handler) cfg80211_wext_siwauth, 1499 [IW_IOCTL_IDX(SIOCSIWAUTH)] = (iw_handler) cfg80211_wext_siwauth,
1405 [IW_IOCTL_IDX(SIOCGIWAUTH)] = (iw_handler) cfg80211_wext_giwauth, 1500 [IW_IOCTL_IDX(SIOCGIWAUTH)] = (iw_handler) cfg80211_wext_giwauth,
1406 [IW_IOCTL_IDX(SIOCSIWENCODEEXT)]= (iw_handler) cfg80211_wext_siwencodeext, 1501 [IW_IOCTL_IDX(SIOCSIWENCODEEXT)]= (iw_handler) cfg80211_wext_siwencodeext,
1502 [IW_IOCTL_IDX(SIOCSIWPMKSA)] = (iw_handler) cfg80211_wext_siwpmksa,
1407}; 1503};
1408 1504
1409const struct iw_handler_def cfg80211_wext_handler = { 1505const struct iw_handler_def cfg80211_wext_handler = {
diff --git a/net/wireless/wext.c b/net/wireless/wext-core.c
index 60fe57761ca9..4f5a47091fde 100644
--- a/net/wireless/wext.c
+++ b/net/wireless/wext-core.c
@@ -1,112 +1,29 @@
1/* 1/*
2 * This file implement the Wireless Extensions APIs. 2 * This file implement the Wireless Extensions core API.
3 * 3 *
4 * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com> 4 * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com>
5 * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved. 5 * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved.
6 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
6 * 7 *
7 * (As all part of the Linux kernel, this file is GPL) 8 * (As all part of the Linux kernel, this file is GPL)
8 */ 9 */
9 10#include <linux/kernel.h>
10/************************** DOCUMENTATION **************************/ 11#include <linux/netdevice.h>
11/* 12#include <linux/rtnetlink.h>
12 * API definition : 13#include <linux/slab.h>
13 * -------------- 14#include <linux/wireless.h>
14 * See <linux/wireless.h> for details of the APIs and the rest. 15#include <linux/uaccess.h>
15 * 16#include <net/cfg80211.h>
16 * History : 17#include <net/iw_handler.h>
17 * -------
18 *
19 * v1 - 5.12.01 - Jean II
20 * o Created this file.
21 *
22 * v2 - 13.12.01 - Jean II
23 * o Move /proc/net/wireless stuff from net/core/dev.c to here
24 * o Make Wireless Extension IOCTLs go through here
25 * o Added iw_handler handling ;-)
26 * o Added standard ioctl description
27 * o Initial dumb commit strategy based on orinoco.c
28 *
29 * v3 - 19.12.01 - Jean II
30 * o Make sure we don't go out of standard_ioctl[] in ioctl_standard_call
31 * o Add event dispatcher function
32 * o Add event description
33 * o Propagate events as rtnetlink IFLA_WIRELESS option
34 * o Generate event on selected SET requests
35 *
36 * v4 - 18.04.02 - Jean II
37 * o Fix stupid off by one in iw_ioctl_description : IW_ESSID_MAX_SIZE + 1
38 *
39 * v5 - 21.06.02 - Jean II
40 * o Add IW_PRIV_TYPE_ADDR in priv_type_size (+cleanup)
41 * o Reshuffle IW_HEADER_TYPE_XXX to map IW_PRIV_TYPE_XXX changes
42 * o Add IWEVCUSTOM for driver specific event/scanning token
43 * o Turn on WE_STRICT_WRITE by default + kernel warning
44 * o Fix WE_STRICT_WRITE in ioctl_export_private() (32 => iw_num)
45 * o Fix off-by-one in test (extra_size <= IFNAMSIZ)
46 *
47 * v6 - 9.01.03 - Jean II
48 * o Add common spy support : iw_handler_set_spy(), wireless_spy_update()
49 * o Add enhanced spy support : iw_handler_set_thrspy() and event.
50 * o Add WIRELESS_EXT version display in /proc/net/wireless
51 *
52 * v6 - 18.06.04 - Jean II
53 * o Change get_spydata() method for added safety
54 * o Remove spy #ifdef, they are always on -> cleaner code
55 * o Allow any size GET request if user specifies length > max
56 * and if request has IW_DESCR_FLAG_NOMAX flag or is SIOCGIWPRIV
57 * o Start migrating get_wireless_stats to struct iw_handler_def
58 * o Add wmb() in iw_handler_set_spy() for non-coherent archs/cpus
59 * Based on patch from Pavel Roskin <proski@gnu.org> :
60 * o Fix kernel data leak to user space in private handler handling
61 *
62 * v7 - 18.3.05 - Jean II
63 * o Remove (struct iw_point *)->pointer from events and streams
64 * o Remove spy_offset from struct iw_handler_def
65 * o Start deprecating dev->get_wireless_stats, output a warning
66 * o If IW_QUAL_DBM is set, show dBm values in /proc/net/wireless
67 * o Don't lose INVALID/DBM flags when clearing UPDATED flags (iwstats)
68 *
69 * v8 - 17.02.06 - Jean II
70 * o RtNetlink requests support (SET/GET)
71 *
72 * v8b - 03.08.06 - Herbert Xu
73 * o Fix Wireless Event locking issues.
74 *
75 * v9 - 14.3.06 - Jean II
76 * o Change length in ESSID and NICK to strlen() instead of strlen()+1
77 * o Make standard_ioctl_num and standard_event_num unsigned
78 * o Remove (struct net_device *)->get_wireless_stats()
79 *
80 * v10 - 16.3.07 - Jean II
81 * o Prevent leaking of kernel space in stream on 64 bits.
82 */
83
84/***************************** INCLUDES *****************************/
85
86#include <linux/module.h>
87#include <linux/types.h> /* off_t */
88#include <linux/netdevice.h> /* struct ifreq, dev_get_by_name() */
89#include <linux/proc_fs.h>
90#include <linux/rtnetlink.h> /* rtnetlink stuff */
91#include <linux/seq_file.h>
92#include <linux/init.h> /* for __init */
93#include <linux/if_arp.h> /* ARPHRD_ETHER */
94#include <linux/etherdevice.h> /* compare_ether_addr */
95#include <linux/interrupt.h>
96#include <net/net_namespace.h>
97
98#include <linux/wireless.h> /* Pretty obvious */
99#include <net/iw_handler.h> /* New driver API */
100#include <net/netlink.h> 18#include <net/netlink.h>
101#include <net/wext.h> 19#include <net/wext.h>
20#include <net/net_namespace.h>
21
22typedef int (*wext_ioctl_func)(struct net_device *, struct iwreq *,
23 unsigned int, struct iw_request_info *,
24 iw_handler);
102 25
103#include <asm/uaccess.h> /* copy_to_user() */
104 26
105/************************* GLOBAL VARIABLES *************************/
106/*
107 * You should not use global variables, because of re-entrancy.
108 * On our case, it's only const, so it's OK...
109 */
110/* 27/*
111 * Meta-data about all the standard Wireless Extension request we 28 * Meta-data about all the standard Wireless Extension request we
112 * know about. 29 * know about.
@@ -390,18 +307,6 @@ static const struct iw_ioctl_description standard_event[] = {
390}; 307};
391static const unsigned standard_event_num = ARRAY_SIZE(standard_event); 308static const unsigned standard_event_num = ARRAY_SIZE(standard_event);
392 309
393/* Size (in bytes) of the various private data types */
394static const char iw_priv_type_size[] = {
395 0, /* IW_PRIV_TYPE_NONE */
396 1, /* IW_PRIV_TYPE_BYTE */
397 1, /* IW_PRIV_TYPE_CHAR */
398 0, /* Not defined */
399 sizeof(__u32), /* IW_PRIV_TYPE_INT */
400 sizeof(struct iw_freq), /* IW_PRIV_TYPE_FLOAT */
401 sizeof(struct sockaddr), /* IW_PRIV_TYPE_ADDR */
402 0, /* Not defined */
403};
404
405/* Size (in bytes) of various events */ 310/* Size (in bytes) of various events */
406static const int event_type_size[] = { 311static const int event_type_size[] = {
407 IW_EV_LCP_LEN, /* IW_HEADER_TYPE_NULL */ 312 IW_EV_LCP_LEN, /* IW_HEADER_TYPE_NULL */
@@ -433,323 +338,346 @@ static const int compat_event_type_size[] = {
433}; 338};
434#endif 339#endif
435 340
436/************************ COMMON SUBROUTINES ************************/
437/*
438 * Stuff that may be used in various place or doesn't fit in one
439 * of the section below.
440 */
441
442/* ---------------------------------------------------------------- */
443/*
444 * Return the driver handler associated with a specific Wireless Extension.
445 */
446static iw_handler get_handler(struct net_device *dev, unsigned int cmd)
447{
448 /* Don't "optimise" the following variable, it will crash */
449 unsigned int index; /* *MUST* be unsigned */
450 341
451 /* Check if we have some wireless handlers defined */ 342/* IW event code */
452 if (dev->wireless_handlers == NULL)
453 return NULL;
454
455 /* Try as a standard command */
456 index = cmd - SIOCIWFIRST;
457 if (index < dev->wireless_handlers->num_standard)
458 return dev->wireless_handlers->standard[index];
459
460 /* Try as a private command */
461 index = cmd - SIOCIWFIRSTPRIV;
462 if (index < dev->wireless_handlers->num_private)
463 return dev->wireless_handlers->private[index];
464 343
465 /* Not found */ 344static int __net_init wext_pernet_init(struct net *net)
466 return NULL;
467}
468
469/* ---------------------------------------------------------------- */
470/*
471 * Get statistics out of the driver
472 */
473struct iw_statistics *get_wireless_stats(struct net_device *dev)
474{ 345{
475 /* New location */ 346 skb_queue_head_init(&net->wext_nlevents);
476 if ((dev->wireless_handlers != NULL) && 347 return 0;
477 (dev->wireless_handlers->get_wireless_stats != NULL))
478 return dev->wireless_handlers->get_wireless_stats(dev);
479
480 /* Not found */
481 return NULL;
482} 348}
483 349
484/* ---------------------------------------------------------------- */ 350static void __net_exit wext_pernet_exit(struct net *net)
485/*
486 * Call the commit handler in the driver
487 * (if exist and if conditions are right)
488 *
489 * Note : our current commit strategy is currently pretty dumb,
490 * but we will be able to improve on that...
491 * The goal is to try to agreagate as many changes as possible
492 * before doing the commit. Drivers that will define a commit handler
493 * are usually those that need a reset after changing parameters, so
494 * we want to minimise the number of reset.
495 * A cool idea is to use a timer : at each "set" command, we re-set the
496 * timer, when the timer eventually fires, we call the driver.
497 * Hopefully, more on that later.
498 *
499 * Also, I'm waiting to see how many people will complain about the
500 * netif_running(dev) test. I'm open on that one...
501 * Hopefully, the driver will remember to do a commit in "open()" ;-)
502 */
503static int call_commit_handler(struct net_device *dev)
504{ 351{
505 if ((netif_running(dev)) && 352 skb_queue_purge(&net->wext_nlevents);
506 (dev->wireless_handlers->standard[0] != NULL))
507 /* Call the commit handler on the driver */
508 return dev->wireless_handlers->standard[0](dev, NULL,
509 NULL, NULL);
510 else
511 return 0; /* Command completed successfully */
512} 353}
513 354
514/* ---------------------------------------------------------------- */ 355static struct pernet_operations wext_pernet_ops = {
515/* 356 .init = wext_pernet_init,
516 * Calculate size of private arguments 357 .exit = wext_pernet_exit,
517 */ 358};
518static int get_priv_size(__u16 args)
519{
520 int num = args & IW_PRIV_SIZE_MASK;
521 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
522 359
523 return num * iw_priv_type_size[type]; 360static int __init wireless_nlevent_init(void)
361{
362 return register_pernet_subsys(&wext_pernet_ops);
524} 363}
525 364
526/* ---------------------------------------------------------------- */ 365subsys_initcall(wireless_nlevent_init);
527/* 366
528 * Re-calculate the size of private arguments 367/* Process events generated by the wireless layer or the driver. */
529 */ 368static void wireless_nlevent_process(struct work_struct *work)
530static int adjust_priv_size(__u16 args, struct iw_point *iwp)
531{ 369{
532 int num = iwp->length; 370 struct sk_buff *skb;
533 int max = args & IW_PRIV_SIZE_MASK; 371 struct net *net;
534 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
535 372
536 /* Make sure the driver doesn't goof up */ 373 rtnl_lock();
537 if (max < num) 374
538 num = max; 375 for_each_net(net) {
376 while ((skb = skb_dequeue(&net->wext_nlevents)))
377 rtnl_notify(skb, net, 0, RTNLGRP_LINK, NULL,
378 GFP_KERNEL);
379 }
539 380
540 return num * iw_priv_type_size[type]; 381 rtnl_unlock();
541} 382}
542 383
543/* ---------------------------------------------------------------- */ 384static DECLARE_WORK(wireless_nlevent_work, wireless_nlevent_process);
544/* 385
545 * Standard Wireless Handler : get wireless stats 386static struct nlmsghdr *rtnetlink_ifinfo_prep(struct net_device *dev,
546 * Allow programatic access to /proc/net/wireless even if /proc 387 struct sk_buff *skb)
547 * doesn't exist... Also more efficient...
548 */
549static int iw_handler_get_iwstats(struct net_device * dev,
550 struct iw_request_info * info,
551 union iwreq_data * wrqu,
552 char * extra)
553{ 388{
554 /* Get stats from the driver */ 389 struct ifinfomsg *r;
555 struct iw_statistics *stats; 390 struct nlmsghdr *nlh;
556 391
557 stats = get_wireless_stats(dev); 392 nlh = nlmsg_put(skb, 0, 0, RTM_NEWLINK, sizeof(*r), 0);
558 if (stats) { 393 if (!nlh)
559 /* Copy statistics to extra */ 394 return NULL;
560 memcpy(extra, stats, sizeof(struct iw_statistics));
561 wrqu->data.length = sizeof(struct iw_statistics);
562 395
563 /* Check if we need to clear the updated flag */ 396 r = nlmsg_data(nlh);
564 if (wrqu->data.flags != 0) 397 r->ifi_family = AF_UNSPEC;
565 stats->qual.updated &= ~IW_QUAL_ALL_UPDATED; 398 r->__ifi_pad = 0;
566 return 0; 399 r->ifi_type = dev->type;
567 } else 400 r->ifi_index = dev->ifindex;
568 return -EOPNOTSUPP; 401 r->ifi_flags = dev_get_flags(dev);
402 r->ifi_change = 0; /* Wireless changes don't affect those flags */
403
404 NLA_PUT_STRING(skb, IFLA_IFNAME, dev->name);
405
406 return nlh;
407 nla_put_failure:
408 nlmsg_cancel(skb, nlh);
409 return NULL;
569} 410}
570 411
571/* ---------------------------------------------------------------- */ 412
572/* 413/*
573 * Standard Wireless Handler : get iwpriv definitions 414 * Main event dispatcher. Called from other parts and drivers.
574 * Export the driver private handler definition 415 * Send the event on the appropriate channels.
575 * They will be picked up by tools like iwpriv... 416 * May be called from interrupt context.
576 */ 417 */
577static int iw_handler_get_private(struct net_device * dev, 418void wireless_send_event(struct net_device * dev,
578 struct iw_request_info * info, 419 unsigned int cmd,
579 union iwreq_data * wrqu, 420 union iwreq_data * wrqu,
580 char * extra) 421 const char * extra)
581{ 422{
582 /* Check if the driver has something to export */ 423 const struct iw_ioctl_description * descr = NULL;
583 if ((dev->wireless_handlers->num_private_args == 0) || 424 int extra_len = 0;
584 (dev->wireless_handlers->private_args == NULL)) 425 struct iw_event *event; /* Mallocated whole event */
585 return -EOPNOTSUPP; 426 int event_len; /* Its size */
427 int hdr_len; /* Size of the event header */
428 int wrqu_off = 0; /* Offset in wrqu */
429 /* Don't "optimise" the following variable, it will crash */
430 unsigned cmd_index; /* *MUST* be unsigned */
431 struct sk_buff *skb;
432 struct nlmsghdr *nlh;
433 struct nlattr *nla;
434#ifdef CONFIG_COMPAT
435 struct __compat_iw_event *compat_event;
436 struct compat_iw_point compat_wrqu;
437 struct sk_buff *compskb;
438#endif
586 439
587 /* Check if there is enough buffer up there */ 440 /*
588 if (wrqu->data.length < dev->wireless_handlers->num_private_args) { 441 * Nothing in the kernel sends scan events with data, be safe.
589 /* User space can't know in advance how large the buffer 442 * This is necessary because we cannot fix up scan event data
590 * needs to be. Give it a hint, so that we can support 443 * for compat, due to being contained in 'extra', but normally
591 * any size buffer we want somewhat efficiently... */ 444 * applications are required to retrieve the scan data anyway
592 wrqu->data.length = dev->wireless_handlers->num_private_args; 445 * and no data is included in the event, this codifies that
593 return -E2BIG; 446 * practice.
447 */
448 if (WARN_ON(cmd == SIOCGIWSCAN && extra))
449 extra = NULL;
450
451 /* Get the description of the Event */
452 if (cmd <= SIOCIWLAST) {
453 cmd_index = cmd - SIOCIWFIRST;
454 if (cmd_index < standard_ioctl_num)
455 descr = &(standard_ioctl[cmd_index]);
456 } else {
457 cmd_index = cmd - IWEVFIRST;
458 if (cmd_index < standard_event_num)
459 descr = &(standard_event[cmd_index]);
460 }
461 /* Don't accept unknown events */
462 if (descr == NULL) {
463 /* Note : we don't return an error to the driver, because
464 * the driver would not know what to do about it. It can't
465 * return an error to the user, because the event is not
466 * initiated by a user request.
467 * The best the driver could do is to log an error message.
468 * We will do it ourselves instead...
469 */
470 printk(KERN_ERR "%s (WE) : Invalid/Unknown Wireless Event (0x%04X)\n",
471 dev->name, cmd);
472 return;
594 } 473 }
595 474
596 /* Set the number of available ioctls. */ 475 /* Check extra parameters and set extra_len */
597 wrqu->data.length = dev->wireless_handlers->num_private_args; 476 if (descr->header_type == IW_HEADER_TYPE_POINT) {
477 /* Check if number of token fits within bounds */
478 if (wrqu->data.length > descr->max_tokens) {
479 printk(KERN_ERR "%s (WE) : Wireless Event too big (%d)\n", dev->name, wrqu->data.length);
480 return;
481 }
482 if (wrqu->data.length < descr->min_tokens) {
483 printk(KERN_ERR "%s (WE) : Wireless Event too small (%d)\n", dev->name, wrqu->data.length);
484 return;
485 }
486 /* Calculate extra_len - extra is NULL for restricted events */
487 if (extra != NULL)
488 extra_len = wrqu->data.length * descr->token_size;
489 /* Always at an offset in wrqu */
490 wrqu_off = IW_EV_POINT_OFF;
491 }
598 492
599 /* Copy structure to the user buffer. */ 493 /* Total length of the event */
600 memcpy(extra, dev->wireless_handlers->private_args, 494 hdr_len = event_type_size[descr->header_type];
601 sizeof(struct iw_priv_args) * wrqu->data.length); 495 event_len = hdr_len + extra_len;
602 496
603 return 0; 497 /*
604} 498 * The problem for 64/32 bit.
499 *
500 * On 64-bit, a regular event is laid out as follows:
501 * | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
502 * | event.len | event.cmd | p a d d i n g |
503 * | wrqu data ... (with the correct size) |
504 *
505 * This padding exists because we manipulate event->u,
506 * and 'event' is not packed.
507 *
508 * An iw_point event is laid out like this instead:
509 * | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
510 * | event.len | event.cmd | p a d d i n g |
511 * | iwpnt.len | iwpnt.flg | p a d d i n g |
512 * | extra data ...
513 *
514 * The second padding exists because struct iw_point is extended,
515 * but this depends on the platform...
516 *
517 * On 32-bit, all the padding shouldn't be there.
518 */
605 519
520 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
521 if (!skb)
522 return;
606 523
607/******************** /proc/net/wireless SUPPORT ********************/ 524 /* Send via the RtNetlink event channel */
608/* 525 nlh = rtnetlink_ifinfo_prep(dev, skb);
609 * The /proc/net/wireless file is a human readable user-space interface 526 if (WARN_ON(!nlh)) {
610 * exporting various wireless specific statistics from the wireless devices. 527 kfree_skb(skb);
611 * This is the most popular part of the Wireless Extensions ;-) 528 return;
612 * 529 }
613 * This interface is a pure clone of /proc/net/dev (in net/core/dev.c).
614 * The content of the file is basically the content of "struct iw_statistics".
615 */
616 530
617#ifdef CONFIG_PROC_FS 531 /* Add the wireless events in the netlink packet */
532 nla = nla_reserve(skb, IFLA_WIRELESS, event_len);
533 if (!nla) {
534 kfree_skb(skb);
535 return;
536 }
537 event = nla_data(nla);
618 538
619/* ---------------------------------------------------------------- */ 539 /* Fill event - first clear to avoid data leaking */
620/* 540 memset(event, 0, hdr_len);
621 * Print one entry (line) of /proc/net/wireless 541 event->len = event_len;
622 */ 542 event->cmd = cmd;
623static void wireless_seq_printf_stats(struct seq_file *seq, 543 memcpy(&event->u, ((char *) wrqu) + wrqu_off, hdr_len - IW_EV_LCP_LEN);
624 struct net_device *dev) 544 if (extra_len)
625{ 545 memcpy(((char *) event) + hdr_len, extra, extra_len);
626 /* Get stats from the driver */
627 struct iw_statistics *stats = get_wireless_stats(dev);
628 static struct iw_statistics nullstats = {};
629 546
630 /* show device if it's wireless regardless of current stats */ 547 nlmsg_end(skb, nlh);
631 if (!stats && dev->wireless_handlers) 548#ifdef CONFIG_COMPAT
632 stats = &nullstats; 549 hdr_len = compat_event_type_size[descr->header_type];
550 event_len = hdr_len + extra_len;
633 551
634 if (stats) { 552 compskb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
635 seq_printf(seq, "%6s: %04x %3d%c %3d%c %3d%c %6d %6d %6d " 553 if (!compskb) {
636 "%6d %6d %6d\n", 554 kfree_skb(skb);
637 dev->name, stats->status, stats->qual.qual, 555 return;
638 stats->qual.updated & IW_QUAL_QUAL_UPDATED
639 ? '.' : ' ',
640 ((__s32) stats->qual.level) -
641 ((stats->qual.updated & IW_QUAL_DBM) ? 0x100 : 0),
642 stats->qual.updated & IW_QUAL_LEVEL_UPDATED
643 ? '.' : ' ',
644 ((__s32) stats->qual.noise) -
645 ((stats->qual.updated & IW_QUAL_DBM) ? 0x100 : 0),
646 stats->qual.updated & IW_QUAL_NOISE_UPDATED
647 ? '.' : ' ',
648 stats->discard.nwid, stats->discard.code,
649 stats->discard.fragment, stats->discard.retries,
650 stats->discard.misc, stats->miss.beacon);
651
652 if (stats != &nullstats)
653 stats->qual.updated &= ~IW_QUAL_ALL_UPDATED;
654 } 556 }
655}
656 557
657/* ---------------------------------------------------------------- */ 558 /* Send via the RtNetlink event channel */
658/* 559 nlh = rtnetlink_ifinfo_prep(dev, compskb);
659 * Print info for /proc/net/wireless (print all entries) 560 if (WARN_ON(!nlh)) {
660 */ 561 kfree_skb(skb);
661static int wireless_dev_seq_show(struct seq_file *seq, void *v) 562 kfree_skb(compskb);
662{ 563 return;
663 might_sleep(); 564 }
664 565
665 if (v == SEQ_START_TOKEN) 566 /* Add the wireless events in the netlink packet */
666 seq_printf(seq, "Inter-| sta-| Quality | Discarded " 567 nla = nla_reserve(compskb, IFLA_WIRELESS, event_len);
667 "packets | Missed | WE\n" 568 if (!nla) {
668 " face | tus | link level noise | nwid " 569 kfree_skb(skb);
669 "crypt frag retry misc | beacon | %d\n", 570 kfree_skb(compskb);
670 WIRELESS_EXT); 571 return;
671 else 572 }
672 wireless_seq_printf_stats(seq, v); 573 compat_event = nla_data(nla);
673 return 0; 574
575 compat_event->len = event_len;
576 compat_event->cmd = cmd;
577 if (descr->header_type == IW_HEADER_TYPE_POINT) {
578 compat_wrqu.length = wrqu->data.length;
579 compat_wrqu.flags = wrqu->data.flags;
580 memcpy(&compat_event->pointer,
581 ((char *) &compat_wrqu) + IW_EV_COMPAT_POINT_OFF,
582 hdr_len - IW_EV_COMPAT_LCP_LEN);
583 if (extra_len)
584 memcpy(((char *) compat_event) + hdr_len,
585 extra, extra_len);
586 } else {
587 /* extra_len must be zero, so no if (extra) needed */
588 memcpy(&compat_event->pointer, wrqu,
589 hdr_len - IW_EV_COMPAT_LCP_LEN);
590 }
591
592 nlmsg_end(compskb, nlh);
593
594 skb_shinfo(skb)->frag_list = compskb;
595#endif
596 skb_queue_tail(&dev_net(dev)->wext_nlevents, skb);
597 schedule_work(&wireless_nlevent_work);
674} 598}
599EXPORT_SYMBOL(wireless_send_event);
600
601
602
603/* IW handlers */
675 604
676static void *wireless_dev_seq_start(struct seq_file *seq, loff_t *pos) 605struct iw_statistics *get_wireless_stats(struct net_device *dev)
677{ 606{
678 struct net *net = seq_file_net(seq); 607#ifdef CONFIG_WIRELESS_EXT
679 loff_t off; 608 if ((dev->wireless_handlers != NULL) &&
680 struct net_device *dev; 609 (dev->wireless_handlers->get_wireless_stats != NULL))
610 return dev->wireless_handlers->get_wireless_stats(dev);
611#endif
681 612
682 rtnl_lock(); 613#ifdef CONFIG_CFG80211_WEXT
683 if (!*pos) 614 if (dev->ieee80211_ptr && dev->ieee80211_ptr &&
684 return SEQ_START_TOKEN; 615 dev->ieee80211_ptr->wiphy &&
616 dev->ieee80211_ptr->wiphy->wext &&
617 dev->ieee80211_ptr->wiphy->wext->get_wireless_stats)
618 return dev->ieee80211_ptr->wiphy->wext->get_wireless_stats(dev);
619#endif
685 620
686 off = 1; 621 /* not found */
687 for_each_netdev(net, dev)
688 if (off++ == *pos)
689 return dev;
690 return NULL; 622 return NULL;
691} 623}
692 624
693static void *wireless_dev_seq_next(struct seq_file *seq, void *v, loff_t *pos) 625static int iw_handler_get_iwstats(struct net_device * dev,
626 struct iw_request_info * info,
627 union iwreq_data * wrqu,
628 char * extra)
694{ 629{
695 struct net *net = seq_file_net(seq); 630 /* Get stats from the driver */
631 struct iw_statistics *stats;
696 632
697 ++*pos; 633 stats = get_wireless_stats(dev);
634 if (stats) {
635 /* Copy statistics to extra */
636 memcpy(extra, stats, sizeof(struct iw_statistics));
637 wrqu->data.length = sizeof(struct iw_statistics);
698 638
699 return v == SEQ_START_TOKEN ? 639 /* Check if we need to clear the updated flag */
700 first_net_device(net) : next_net_device(v); 640 if (wrqu->data.flags != 0)
641 stats->qual.updated &= ~IW_QUAL_ALL_UPDATED;
642 return 0;
643 } else
644 return -EOPNOTSUPP;
701} 645}
702 646
703static void wireless_dev_seq_stop(struct seq_file *seq, void *v) 647static iw_handler get_handler(struct net_device *dev, unsigned int cmd)
704{ 648{
705 rtnl_unlock(); 649 /* Don't "optimise" the following variable, it will crash */
706} 650 unsigned int index; /* *MUST* be unsigned */
707 651 const struct iw_handler_def *handlers = NULL;
708static const struct seq_operations wireless_seq_ops = {
709 .start = wireless_dev_seq_start,
710 .next = wireless_dev_seq_next,
711 .stop = wireless_dev_seq_stop,
712 .show = wireless_dev_seq_show,
713};
714 652
715static int seq_open_wireless(struct inode *inode, struct file *file) 653#ifdef CONFIG_CFG80211_WEXT
716{ 654 if (dev->ieee80211_ptr && dev->ieee80211_ptr->wiphy)
717 return seq_open_net(inode, file, &wireless_seq_ops, 655 handlers = dev->ieee80211_ptr->wiphy->wext;
718 sizeof(struct seq_net_private)); 656#endif
719} 657#ifdef CONFIG_WIRELESS_EXT
658 if (dev->wireless_handlers)
659 handlers = dev->wireless_handlers;
660#endif
720 661
721static const struct file_operations wireless_seq_fops = { 662 if (!handlers)
722 .owner = THIS_MODULE, 663 return NULL;
723 .open = seq_open_wireless,
724 .read = seq_read,
725 .llseek = seq_lseek,
726 .release = seq_release_net,
727};
728 664
729int wext_proc_init(struct net *net) 665 /* Try as a standard command */
730{ 666 index = cmd - SIOCIWFIRST;
731 /* Create /proc/net/wireless entry */ 667 if (index < handlers->num_standard)
732 if (!proc_net_fops_create(net, "wireless", S_IRUGO, &wireless_seq_fops)) 668 return handlers->standard[index];
733 return -ENOMEM;
734 669
735 return 0; 670#ifdef CONFIG_WEXT_PRIV
736} 671 /* Try as a private command */
672 index = cmd - SIOCIWFIRSTPRIV;
673 if (index < handlers->num_private)
674 return handlers->private[index];
675#endif
737 676
738void wext_proc_exit(struct net *net) 677 /* Not found */
739{ 678 return NULL;
740 proc_net_remove(net, "wireless");
741} 679}
742#endif /* CONFIG_PROC_FS */
743 680
744/************************** IOCTL SUPPORT **************************/
745/*
746 * The original user space API to configure all those Wireless Extensions
747 * is through IOCTLs.
748 * In there, we check if we need to call the new driver API (iw_handler)
749 * or just call the driver ioctl handler.
750 */
751
752/* ---------------------------------------------------------------- */
753static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, 681static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
754 const struct iw_ioctl_description *descr, 682 const struct iw_ioctl_description *descr,
755 iw_handler handler, struct net_device *dev, 683 iw_handler handler, struct net_device *dev,
@@ -875,7 +803,8 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
875 } 803 }
876 804
877 /* Generate an event to notify listeners of the change */ 805 /* Generate an event to notify listeners of the change */
878 if ((descr->flags & IW_DESCR_FLAG_EVENT) && err == -EIWCOMMIT) { 806 if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
807 ((err == 0) || (err == -EIWCOMMIT))) {
879 union iwreq_data *data = (union iwreq_data *) iwp; 808 union iwreq_data *data = (union iwreq_data *) iwp;
880 809
881 if (descr->flags & IW_DESCR_FLAG_RESTRICT) 810 if (descr->flags & IW_DESCR_FLAG_RESTRICT)
@@ -893,188 +822,39 @@ out:
893} 822}
894 823
895/* 824/*
896 * Wrapper to call a standard Wireless Extension handler. 825 * Call the commit handler in the driver
897 * We do various checks and also take care of moving data between 826 * (if exist and if conditions are right)
898 * user space and kernel space. 827 *
899 */ 828 * Note : our current commit strategy is currently pretty dumb,
900static int ioctl_standard_call(struct net_device * dev, 829 * but we will be able to improve on that...
901 struct iwreq *iwr, 830 * The goal is to try to agreagate as many changes as possible
902 unsigned int cmd, 831 * before doing the commit. Drivers that will define a commit handler
903 struct iw_request_info *info, 832 * are usually those that need a reset after changing parameters, so
904 iw_handler handler) 833 * we want to minimise the number of reset.
905{ 834 * A cool idea is to use a timer : at each "set" command, we re-set the
906 const struct iw_ioctl_description * descr; 835 * timer, when the timer eventually fires, we call the driver.
907 int ret = -EINVAL; 836 * Hopefully, more on that later.
908
909 /* Get the description of the IOCTL */
910 if ((cmd - SIOCIWFIRST) >= standard_ioctl_num)
911 return -EOPNOTSUPP;
912 descr = &(standard_ioctl[cmd - SIOCIWFIRST]);
913
914 /* Check if we have a pointer to user space data or not */
915 if (descr->header_type != IW_HEADER_TYPE_POINT) {
916
917 /* No extra arguments. Trivial to handle */
918 ret = handler(dev, info, &(iwr->u), NULL);
919
920 /* Generate an event to notify listeners of the change */
921 if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
922 ((ret == 0) || (ret == -EIWCOMMIT)))
923 wireless_send_event(dev, cmd, &(iwr->u), NULL);
924 } else {
925 ret = ioctl_standard_iw_point(&iwr->u.data, cmd, descr,
926 handler, dev, info);
927 }
928
929 /* Call commit handler if needed and defined */
930 if (ret == -EIWCOMMIT)
931 ret = call_commit_handler(dev);
932
933 /* Here, we will generate the appropriate event if needed */
934
935 return ret;
936}
937
938/* ---------------------------------------------------------------- */
939/*
940 * Wrapper to call a private Wireless Extension handler.
941 * We do various checks and also take care of moving data between
942 * user space and kernel space.
943 * It's not as nice and slimline as the standard wrapper. The cause
944 * is struct iw_priv_args, which was not really designed for the
945 * job we are going here.
946 * 837 *
947 * IMPORTANT : This function prevent to set and get data on the same 838 * Also, I'm waiting to see how many people will complain about the
948 * IOCTL and enforce the SET/GET convention. Not doing it would be 839 * netif_running(dev) test. I'm open on that one...
949 * far too hairy... 840 * Hopefully, the driver will remember to do a commit in "open()" ;-)
950 * If you need to set and get data at the same time, please don't use
951 * a iw_handler but process it in your ioctl handler (i.e. use the
952 * old driver API).
953 */ 841 */
954static int get_priv_descr_and_size(struct net_device *dev, unsigned int cmd, 842int call_commit_handler(struct net_device *dev)
955 const struct iw_priv_args **descrp)
956{
957 const struct iw_priv_args *descr;
958 int i, extra_size;
959
960 descr = NULL;
961 for (i = 0; i < dev->wireless_handlers->num_private_args; i++) {
962 if (cmd == dev->wireless_handlers->private_args[i].cmd) {
963 descr = &dev->wireless_handlers->private_args[i];
964 break;
965 }
966 }
967
968 extra_size = 0;
969 if (descr) {
970 if (IW_IS_SET(cmd)) {
971 int offset = 0; /* For sub-ioctls */
972 /* Check for sub-ioctl handler */
973 if (descr->name[0] == '\0')
974 /* Reserve one int for sub-ioctl index */
975 offset = sizeof(__u32);
976
977 /* Size of set arguments */
978 extra_size = get_priv_size(descr->set_args);
979
980 /* Does it fits in iwr ? */
981 if ((descr->set_args & IW_PRIV_SIZE_FIXED) &&
982 ((extra_size + offset) <= IFNAMSIZ))
983 extra_size = 0;
984 } else {
985 /* Size of get arguments */
986 extra_size = get_priv_size(descr->get_args);
987
988 /* Does it fits in iwr ? */
989 if ((descr->get_args & IW_PRIV_SIZE_FIXED) &&
990 (extra_size <= IFNAMSIZ))
991 extra_size = 0;
992 }
993 }
994 *descrp = descr;
995 return extra_size;
996}
997
998static int ioctl_private_iw_point(struct iw_point *iwp, unsigned int cmd,
999 const struct iw_priv_args *descr,
1000 iw_handler handler, struct net_device *dev,
1001 struct iw_request_info *info, int extra_size)
1002{
1003 char *extra;
1004 int err;
1005
1006 /* Check what user space is giving us */
1007 if (IW_IS_SET(cmd)) {
1008 if (!iwp->pointer && iwp->length != 0)
1009 return -EFAULT;
1010
1011 if (iwp->length > (descr->set_args & IW_PRIV_SIZE_MASK))
1012 return -E2BIG;
1013 } else if (!iwp->pointer)
1014 return -EFAULT;
1015
1016 extra = kmalloc(extra_size, GFP_KERNEL);
1017 if (!extra)
1018 return -ENOMEM;
1019
1020 /* If it is a SET, get all the extra data in here */
1021 if (IW_IS_SET(cmd) && (iwp->length != 0)) {
1022 if (copy_from_user(extra, iwp->pointer, extra_size)) {
1023 err = -EFAULT;
1024 goto out;
1025 }
1026 }
1027
1028 /* Call the handler */
1029 err = handler(dev, info, (union iwreq_data *) iwp, extra);
1030
1031 /* If we have something to return to the user */
1032 if (!err && IW_IS_GET(cmd)) {
1033 /* Adjust for the actual length if it's variable,
1034 * avoid leaking kernel bits outside.
1035 */
1036 if (!(descr->get_args & IW_PRIV_SIZE_FIXED))
1037 extra_size = adjust_priv_size(descr->get_args, iwp);
1038
1039 if (copy_to_user(iwp->pointer, extra, extra_size))
1040 err = -EFAULT;
1041 }
1042
1043out:
1044 kfree(extra);
1045 return err;
1046}
1047
1048static int ioctl_private_call(struct net_device *dev, struct iwreq *iwr,
1049 unsigned int cmd, struct iw_request_info *info,
1050 iw_handler handler)
1051{ 843{
1052 int extra_size = 0, ret = -EINVAL; 844#ifdef CONFIG_WIRELESS_EXT
1053 const struct iw_priv_args *descr; 845 if ((netif_running(dev)) &&
1054 846 (dev->wireless_handlers->standard[0] != NULL))
1055 extra_size = get_priv_descr_and_size(dev, cmd, &descr); 847 /* Call the commit handler on the driver */
1056 848 return dev->wireless_handlers->standard[0](dev, NULL,
1057 /* Check if we have a pointer to user space data or not. */ 849 NULL, NULL);
1058 if (extra_size == 0) { 850 else
1059 /* No extra arguments. Trivial to handle */ 851 return 0; /* Command completed successfully */
1060 ret = handler(dev, info, &(iwr->u), (char *) &(iwr->u)); 852#else
1061 } else { 853 /* cfg80211 has no commit */
1062 ret = ioctl_private_iw_point(&iwr->u.data, cmd, descr, 854 return 0;
1063 handler, dev, info, extra_size); 855#endif
1064 }
1065
1066 /* Call commit handler if needed and defined */
1067 if (ret == -EIWCOMMIT)
1068 ret = call_commit_handler(dev);
1069
1070 return ret;
1071} 856}
1072 857
1073/* ---------------------------------------------------------------- */
1074typedef int (*wext_ioctl_func)(struct net_device *, struct iwreq *,
1075 unsigned int, struct iw_request_info *,
1076 iw_handler);
1077
1078/* 858/*
1079 * Main IOCTl dispatcher. 859 * Main IOCTl dispatcher.
1080 * Check the type of IOCTL and call the appropriate wrapper... 860 * Check the type of IOCTL and call the appropriate wrapper...
@@ -1103,9 +883,11 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr,
1103 return standard(dev, iwr, cmd, info, 883 return standard(dev, iwr, cmd, info,
1104 &iw_handler_get_iwstats); 884 &iw_handler_get_iwstats);
1105 885
886#ifdef CONFIG_WEXT_PRIV
1106 if (cmd == SIOCGIWPRIV && dev->wireless_handlers) 887 if (cmd == SIOCGIWPRIV && dev->wireless_handlers)
1107 return standard(dev, iwr, cmd, info, 888 return standard(dev, iwr, cmd, info,
1108 &iw_handler_get_private); 889 iw_handler_get_private);
890#endif
1109 891
1110 /* Basic check */ 892 /* Basic check */
1111 if (!netif_device_present(dev)) 893 if (!netif_device_present(dev))
@@ -1117,7 +899,7 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr,
1117 /* Standard and private are not the same */ 899 /* Standard and private are not the same */
1118 if (cmd < SIOCIWFIRSTPRIV) 900 if (cmd < SIOCIWFIRSTPRIV)
1119 return standard(dev, iwr, cmd, info, handler); 901 return standard(dev, iwr, cmd, info, handler);
1120 else 902 else if (private)
1121 return private(dev, iwr, cmd, info, handler); 903 return private(dev, iwr, cmd, info, handler);
1122 } 904 }
1123 /* Old driver API : call driver ioctl handler */ 905 /* Old driver API : call driver ioctl handler */
@@ -1131,8 +913,9 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr,
1131 */ 913 */
1132static int wext_permission_check(unsigned int cmd) 914static int wext_permission_check(unsigned int cmd)
1133{ 915{
1134 if ((IW_IS_SET(cmd) || cmd == SIOCGIWENCODE || cmd == SIOCGIWENCODEEXT) 916 if ((IW_IS_SET(cmd) || cmd == SIOCGIWENCODE ||
1135 && !capable(CAP_NET_ADMIN)) 917 cmd == SIOCGIWENCODEEXT) &&
918 !capable(CAP_NET_ADMIN))
1136 return -EPERM; 919 return -EPERM;
1137 920
1138 return 0; 921 return 0;
@@ -1157,6 +940,50 @@ static int wext_ioctl_dispatch(struct net *net, struct ifreq *ifr,
1157 return ret; 940 return ret;
1158} 941}
1159 942
943/*
944 * Wrapper to call a standard Wireless Extension handler.
945 * We do various checks and also take care of moving data between
946 * user space and kernel space.
947 */
948static int ioctl_standard_call(struct net_device * dev,
949 struct iwreq *iwr,
950 unsigned int cmd,
951 struct iw_request_info *info,
952 iw_handler handler)
953{
954 const struct iw_ioctl_description * descr;
955 int ret = -EINVAL;
956
957 /* Get the description of the IOCTL */
958 if ((cmd - SIOCIWFIRST) >= standard_ioctl_num)
959 return -EOPNOTSUPP;
960 descr = &(standard_ioctl[cmd - SIOCIWFIRST]);
961
962 /* Check if we have a pointer to user space data or not */
963 if (descr->header_type != IW_HEADER_TYPE_POINT) {
964
965 /* No extra arguments. Trivial to handle */
966 ret = handler(dev, info, &(iwr->u), NULL);
967
968 /* Generate an event to notify listeners of the change */
969 if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
970 ((ret == 0) || (ret == -EIWCOMMIT)))
971 wireless_send_event(dev, cmd, &(iwr->u), NULL);
972 } else {
973 ret = ioctl_standard_iw_point(&iwr->u.data, cmd, descr,
974 handler, dev, info);
975 }
976
977 /* Call commit handler if needed and defined */
978 if (ret == -EIWCOMMIT)
979 ret = call_commit_handler(dev);
980
981 /* Here, we will generate the appropriate event if needed */
982
983 return ret;
984}
985
986
1160int wext_handle_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd, 987int wext_handle_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd,
1161 void __user *arg) 988 void __user *arg)
1162{ 989{
@@ -1205,43 +1032,6 @@ static int compat_standard_call(struct net_device *dev,
1205 return err; 1032 return err;
1206} 1033}
1207 1034
1208static int compat_private_call(struct net_device *dev, struct iwreq *iwr,
1209 unsigned int cmd, struct iw_request_info *info,
1210 iw_handler handler)
1211{
1212 const struct iw_priv_args *descr;
1213 int ret, extra_size;
1214
1215 extra_size = get_priv_descr_and_size(dev, cmd, &descr);
1216
1217 /* Check if we have a pointer to user space data or not. */
1218 if (extra_size == 0) {
1219 /* No extra arguments. Trivial to handle */
1220 ret = handler(dev, info, &(iwr->u), (char *) &(iwr->u));
1221 } else {
1222 struct compat_iw_point *iwp_compat;
1223 struct iw_point iwp;
1224
1225 iwp_compat = (struct compat_iw_point *) &iwr->u.data;
1226 iwp.pointer = compat_ptr(iwp_compat->pointer);
1227 iwp.length = iwp_compat->length;
1228 iwp.flags = iwp_compat->flags;
1229
1230 ret = ioctl_private_iw_point(&iwp, cmd, descr,
1231 handler, dev, info, extra_size);
1232
1233 iwp_compat->pointer = ptr_to_compat(iwp.pointer);
1234 iwp_compat->length = iwp.length;
1235 iwp_compat->flags = iwp.flags;
1236 }
1237
1238 /* Call commit handler if needed and defined */
1239 if (ret == -EIWCOMMIT)
1240 ret = call_commit_handler(dev);
1241
1242 return ret;
1243}
1244
1245int compat_wext_handle_ioctl(struct net *net, unsigned int cmd, 1035int compat_wext_handle_ioctl(struct net *net, unsigned int cmd,
1246 unsigned long arg) 1036 unsigned long arg)
1247{ 1037{
@@ -1274,502 +1064,3 @@ int compat_wext_handle_ioctl(struct net *net, unsigned int cmd,
1274 return ret; 1064 return ret;
1275} 1065}
1276#endif 1066#endif
1277
1278static int __net_init wext_pernet_init(struct net *net)
1279{
1280 skb_queue_head_init(&net->wext_nlevents);
1281 return 0;
1282}
1283
1284static void __net_exit wext_pernet_exit(struct net *net)
1285{
1286 skb_queue_purge(&net->wext_nlevents);
1287}
1288
1289static struct pernet_operations wext_pernet_ops = {
1290 .init = wext_pernet_init,
1291 .exit = wext_pernet_exit,
1292};
1293
1294static int __init wireless_nlevent_init(void)
1295{
1296 return register_pernet_subsys(&wext_pernet_ops);
1297}
1298
1299subsys_initcall(wireless_nlevent_init);
1300
1301/* Process events generated by the wireless layer or the driver. */
1302static void wireless_nlevent_process(struct work_struct *work)
1303{
1304 struct sk_buff *skb;
1305 struct net *net;
1306
1307 rtnl_lock();
1308
1309 for_each_net(net) {
1310 while ((skb = skb_dequeue(&net->wext_nlevents)))
1311 rtnl_notify(skb, net, 0, RTNLGRP_LINK, NULL,
1312 GFP_KERNEL);
1313 }
1314
1315 rtnl_unlock();
1316}
1317
1318static DECLARE_WORK(wireless_nlevent_work, wireless_nlevent_process);
1319
1320static struct nlmsghdr *rtnetlink_ifinfo_prep(struct net_device *dev,
1321 struct sk_buff *skb)
1322{
1323 struct ifinfomsg *r;
1324 struct nlmsghdr *nlh;
1325
1326 nlh = nlmsg_put(skb, 0, 0, RTM_NEWLINK, sizeof(*r), 0);
1327 if (!nlh)
1328 return NULL;
1329
1330 r = nlmsg_data(nlh);
1331 r->ifi_family = AF_UNSPEC;
1332 r->__ifi_pad = 0;
1333 r->ifi_type = dev->type;
1334 r->ifi_index = dev->ifindex;
1335 r->ifi_flags = dev_get_flags(dev);
1336 r->ifi_change = 0; /* Wireless changes don't affect those flags */
1337
1338 NLA_PUT_STRING(skb, IFLA_IFNAME, dev->name);
1339
1340 return nlh;
1341 nla_put_failure:
1342 nlmsg_cancel(skb, nlh);
1343 return NULL;
1344}
1345
1346
1347/*
1348 * Main event dispatcher. Called from other parts and drivers.
1349 * Send the event on the appropriate channels.
1350 * May be called from interrupt context.
1351 */
1352void wireless_send_event(struct net_device * dev,
1353 unsigned int cmd,
1354 union iwreq_data * wrqu,
1355 const char * extra)
1356{
1357 const struct iw_ioctl_description * descr = NULL;
1358 int extra_len = 0;
1359 struct iw_event *event; /* Mallocated whole event */
1360 int event_len; /* Its size */
1361 int hdr_len; /* Size of the event header */
1362 int wrqu_off = 0; /* Offset in wrqu */
1363 /* Don't "optimise" the following variable, it will crash */
1364 unsigned cmd_index; /* *MUST* be unsigned */
1365 struct sk_buff *skb;
1366 struct nlmsghdr *nlh;
1367 struct nlattr *nla;
1368#ifdef CONFIG_COMPAT
1369 struct __compat_iw_event *compat_event;
1370 struct compat_iw_point compat_wrqu;
1371 struct sk_buff *compskb;
1372#endif
1373
1374 /*
1375 * Nothing in the kernel sends scan events with data, be safe.
1376 * This is necessary because we cannot fix up scan event data
1377 * for compat, due to being contained in 'extra', but normally
1378 * applications are required to retrieve the scan data anyway
1379 * and no data is included in the event, this codifies that
1380 * practice.
1381 */
1382 if (WARN_ON(cmd == SIOCGIWSCAN && extra))
1383 extra = NULL;
1384
1385 /* Get the description of the Event */
1386 if (cmd <= SIOCIWLAST) {
1387 cmd_index = cmd - SIOCIWFIRST;
1388 if (cmd_index < standard_ioctl_num)
1389 descr = &(standard_ioctl[cmd_index]);
1390 } else {
1391 cmd_index = cmd - IWEVFIRST;
1392 if (cmd_index < standard_event_num)
1393 descr = &(standard_event[cmd_index]);
1394 }
1395 /* Don't accept unknown events */
1396 if (descr == NULL) {
1397 /* Note : we don't return an error to the driver, because
1398 * the driver would not know what to do about it. It can't
1399 * return an error to the user, because the event is not
1400 * initiated by a user request.
1401 * The best the driver could do is to log an error message.
1402 * We will do it ourselves instead...
1403 */
1404 printk(KERN_ERR "%s (WE) : Invalid/Unknown Wireless Event (0x%04X)\n",
1405 dev->name, cmd);
1406 return;
1407 }
1408
1409 /* Check extra parameters and set extra_len */
1410 if (descr->header_type == IW_HEADER_TYPE_POINT) {
1411 /* Check if number of token fits within bounds */
1412 if (wrqu->data.length > descr->max_tokens) {
1413 printk(KERN_ERR "%s (WE) : Wireless Event too big (%d)\n", dev->name, wrqu->data.length);
1414 return;
1415 }
1416 if (wrqu->data.length < descr->min_tokens) {
1417 printk(KERN_ERR "%s (WE) : Wireless Event too small (%d)\n", dev->name, wrqu->data.length);
1418 return;
1419 }
1420 /* Calculate extra_len - extra is NULL for restricted events */
1421 if (extra != NULL)
1422 extra_len = wrqu->data.length * descr->token_size;
1423 /* Always at an offset in wrqu */
1424 wrqu_off = IW_EV_POINT_OFF;
1425 }
1426
1427 /* Total length of the event */
1428 hdr_len = event_type_size[descr->header_type];
1429 event_len = hdr_len + extra_len;
1430
1431 /*
1432 * The problem for 64/32 bit.
1433 *
1434 * On 64-bit, a regular event is laid out as follows:
1435 * | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
1436 * | event.len | event.cmd | p a d d i n g |
1437 * | wrqu data ... (with the correct size) |
1438 *
1439 * This padding exists because we manipulate event->u,
1440 * and 'event' is not packed.
1441 *
1442 * An iw_point event is laid out like this instead:
1443 * | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
1444 * | event.len | event.cmd | p a d d i n g |
1445 * | iwpnt.len | iwpnt.flg | p a d d i n g |
1446 * | extra data ...
1447 *
1448 * The second padding exists because struct iw_point is extended,
1449 * but this depends on the platform...
1450 *
1451 * On 32-bit, all the padding shouldn't be there.
1452 */
1453
1454 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
1455 if (!skb)
1456 return;
1457
1458 /* Send via the RtNetlink event channel */
1459 nlh = rtnetlink_ifinfo_prep(dev, skb);
1460 if (WARN_ON(!nlh)) {
1461 kfree_skb(skb);
1462 return;
1463 }
1464
1465 /* Add the wireless events in the netlink packet */
1466 nla = nla_reserve(skb, IFLA_WIRELESS, event_len);
1467 if (!nla) {
1468 kfree_skb(skb);
1469 return;
1470 }
1471 event = nla_data(nla);
1472
1473 /* Fill event - first clear to avoid data leaking */
1474 memset(event, 0, hdr_len);
1475 event->len = event_len;
1476 event->cmd = cmd;
1477 memcpy(&event->u, ((char *) wrqu) + wrqu_off, hdr_len - IW_EV_LCP_LEN);
1478 if (extra_len)
1479 memcpy(((char *) event) + hdr_len, extra, extra_len);
1480
1481 nlmsg_end(skb, nlh);
1482#ifdef CONFIG_COMPAT
1483 hdr_len = compat_event_type_size[descr->header_type];
1484 event_len = hdr_len + extra_len;
1485
1486 compskb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
1487 if (!compskb) {
1488 kfree_skb(skb);
1489 return;
1490 }
1491
1492 /* Send via the RtNetlink event channel */
1493 nlh = rtnetlink_ifinfo_prep(dev, compskb);
1494 if (WARN_ON(!nlh)) {
1495 kfree_skb(skb);
1496 kfree_skb(compskb);
1497 return;
1498 }
1499
1500 /* Add the wireless events in the netlink packet */
1501 nla = nla_reserve(compskb, IFLA_WIRELESS, event_len);
1502 if (!nla) {
1503 kfree_skb(skb);
1504 kfree_skb(compskb);
1505 return;
1506 }
1507 compat_event = nla_data(nla);
1508
1509 compat_event->len = event_len;
1510 compat_event->cmd = cmd;
1511 if (descr->header_type == IW_HEADER_TYPE_POINT) {
1512 compat_wrqu.length = wrqu->data.length;
1513 compat_wrqu.flags = wrqu->data.flags;
1514 memcpy(&compat_event->pointer,
1515 ((char *) &compat_wrqu) + IW_EV_COMPAT_POINT_OFF,
1516 hdr_len - IW_EV_COMPAT_LCP_LEN);
1517 if (extra_len)
1518 memcpy(((char *) compat_event) + hdr_len,
1519 extra, extra_len);
1520 } else {
1521 /* extra_len must be zero, so no if (extra) needed */
1522 memcpy(&compat_event->pointer, wrqu,
1523 hdr_len - IW_EV_COMPAT_LCP_LEN);
1524 }
1525
1526 nlmsg_end(compskb, nlh);
1527
1528 skb_shinfo(skb)->frag_list = compskb;
1529#endif
1530 skb_queue_tail(&dev_net(dev)->wext_nlevents, skb);
1531 schedule_work(&wireless_nlevent_work);
1532}
1533EXPORT_SYMBOL(wireless_send_event);
1534
1535/********************** ENHANCED IWSPY SUPPORT **********************/
1536/*
1537 * In the old days, the driver was handling spy support all by itself.
1538 * Now, the driver can delegate this task to Wireless Extensions.
1539 * It needs to use those standard spy iw_handler in struct iw_handler_def,
1540 * push data to us via wireless_spy_update() and include struct iw_spy_data
1541 * in its private part (and export it in net_device->wireless_data->spy_data).
1542 * One of the main advantage of centralising spy support here is that
1543 * it becomes much easier to improve and extend it without having to touch
1544 * the drivers. One example is the addition of the Spy-Threshold events.
1545 */
1546
1547/* ---------------------------------------------------------------- */
1548/*
1549 * Return the pointer to the spy data in the driver.
1550 * Because this is called on the Rx path via wireless_spy_update(),
1551 * we want it to be efficient...
1552 */
1553static inline struct iw_spy_data *get_spydata(struct net_device *dev)
1554{
1555 /* This is the new way */
1556 if (dev->wireless_data)
1557 return dev->wireless_data->spy_data;
1558 return NULL;
1559}
1560
1561/*------------------------------------------------------------------*/
1562/*
1563 * Standard Wireless Handler : set Spy List
1564 */
1565int iw_handler_set_spy(struct net_device * dev,
1566 struct iw_request_info * info,
1567 union iwreq_data * wrqu,
1568 char * extra)
1569{
1570 struct iw_spy_data * spydata = get_spydata(dev);
1571 struct sockaddr * address = (struct sockaddr *) extra;
1572
1573 /* Make sure driver is not buggy or using the old API */
1574 if (!spydata)
1575 return -EOPNOTSUPP;
1576
1577 /* Disable spy collection while we copy the addresses.
1578 * While we copy addresses, any call to wireless_spy_update()
1579 * will NOP. This is OK, as anyway the addresses are changing. */
1580 spydata->spy_number = 0;
1581
1582 /* We want to operate without locking, because wireless_spy_update()
1583 * most likely will happen in the interrupt handler, and therefore
1584 * have its own locking constraints and needs performance.
1585 * The rtnl_lock() make sure we don't race with the other iw_handlers.
1586 * This make sure wireless_spy_update() "see" that the spy list
1587 * is temporarily disabled. */
1588 smp_wmb();
1589
1590 /* Are there are addresses to copy? */
1591 if (wrqu->data.length > 0) {
1592 int i;
1593
1594 /* Copy addresses */
1595 for (i = 0; i < wrqu->data.length; i++)
1596 memcpy(spydata->spy_address[i], address[i].sa_data,
1597 ETH_ALEN);
1598 /* Reset stats */
1599 memset(spydata->spy_stat, 0,
1600 sizeof(struct iw_quality) * IW_MAX_SPY);
1601 }
1602
1603 /* Make sure above is updated before re-enabling */
1604 smp_wmb();
1605
1606 /* Enable addresses */
1607 spydata->spy_number = wrqu->data.length;
1608
1609 return 0;
1610}
1611EXPORT_SYMBOL(iw_handler_set_spy);
1612
1613/*------------------------------------------------------------------*/
1614/*
1615 * Standard Wireless Handler : get Spy List
1616 */
1617int iw_handler_get_spy(struct net_device * dev,
1618 struct iw_request_info * info,
1619 union iwreq_data * wrqu,
1620 char * extra)
1621{
1622 struct iw_spy_data * spydata = get_spydata(dev);
1623 struct sockaddr * address = (struct sockaddr *) extra;
1624 int i;
1625
1626 /* Make sure driver is not buggy or using the old API */
1627 if (!spydata)
1628 return -EOPNOTSUPP;
1629
1630 wrqu->data.length = spydata->spy_number;
1631
1632 /* Copy addresses. */
1633 for (i = 0; i < spydata->spy_number; i++) {
1634 memcpy(address[i].sa_data, spydata->spy_address[i], ETH_ALEN);
1635 address[i].sa_family = AF_UNIX;
1636 }
1637 /* Copy stats to the user buffer (just after). */
1638 if (spydata->spy_number > 0)
1639 memcpy(extra + (sizeof(struct sockaddr) *spydata->spy_number),
1640 spydata->spy_stat,
1641 sizeof(struct iw_quality) * spydata->spy_number);
1642 /* Reset updated flags. */
1643 for (i = 0; i < spydata->spy_number; i++)
1644 spydata->spy_stat[i].updated &= ~IW_QUAL_ALL_UPDATED;
1645 return 0;
1646}
1647EXPORT_SYMBOL(iw_handler_get_spy);
1648
1649/*------------------------------------------------------------------*/
1650/*
1651 * Standard Wireless Handler : set spy threshold
1652 */
1653int iw_handler_set_thrspy(struct net_device * dev,
1654 struct iw_request_info *info,
1655 union iwreq_data * wrqu,
1656 char * extra)
1657{
1658 struct iw_spy_data * spydata = get_spydata(dev);
1659 struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
1660
1661 /* Make sure driver is not buggy or using the old API */
1662 if (!spydata)
1663 return -EOPNOTSUPP;
1664
1665 /* Just do it */
1666 memcpy(&(spydata->spy_thr_low), &(threshold->low),
1667 2 * sizeof(struct iw_quality));
1668
1669 /* Clear flag */
1670 memset(spydata->spy_thr_under, '\0', sizeof(spydata->spy_thr_under));
1671
1672 return 0;
1673}
1674EXPORT_SYMBOL(iw_handler_set_thrspy);
1675
1676/*------------------------------------------------------------------*/
1677/*
1678 * Standard Wireless Handler : get spy threshold
1679 */
1680int iw_handler_get_thrspy(struct net_device * dev,
1681 struct iw_request_info *info,
1682 union iwreq_data * wrqu,
1683 char * extra)
1684{
1685 struct iw_spy_data * spydata = get_spydata(dev);
1686 struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
1687
1688 /* Make sure driver is not buggy or using the old API */
1689 if (!spydata)
1690 return -EOPNOTSUPP;
1691
1692 /* Just do it */
1693 memcpy(&(threshold->low), &(spydata->spy_thr_low),
1694 2 * sizeof(struct iw_quality));
1695
1696 return 0;
1697}
1698EXPORT_SYMBOL(iw_handler_get_thrspy);
1699
1700/*------------------------------------------------------------------*/
1701/*
1702 * Prepare and send a Spy Threshold event
1703 */
1704static void iw_send_thrspy_event(struct net_device * dev,
1705 struct iw_spy_data * spydata,
1706 unsigned char * address,
1707 struct iw_quality * wstats)
1708{
1709 union iwreq_data wrqu;
1710 struct iw_thrspy threshold;
1711
1712 /* Init */
1713 wrqu.data.length = 1;
1714 wrqu.data.flags = 0;
1715 /* Copy address */
1716 memcpy(threshold.addr.sa_data, address, ETH_ALEN);
1717 threshold.addr.sa_family = ARPHRD_ETHER;
1718 /* Copy stats */
1719 memcpy(&(threshold.qual), wstats, sizeof(struct iw_quality));
1720 /* Copy also thresholds */
1721 memcpy(&(threshold.low), &(spydata->spy_thr_low),
1722 2 * sizeof(struct iw_quality));
1723
1724 /* Send event to user space */
1725 wireless_send_event(dev, SIOCGIWTHRSPY, &wrqu, (char *) &threshold);
1726}
1727
1728/* ---------------------------------------------------------------- */
1729/*
1730 * Call for the driver to update the spy data.
1731 * For now, the spy data is a simple array. As the size of the array is
1732 * small, this is good enough. If we wanted to support larger number of
1733 * spy addresses, we should use something more efficient...
1734 */
1735void wireless_spy_update(struct net_device * dev,
1736 unsigned char * address,
1737 struct iw_quality * wstats)
1738{
1739 struct iw_spy_data * spydata = get_spydata(dev);
1740 int i;
1741 int match = -1;
1742
1743 /* Make sure driver is not buggy or using the old API */
1744 if (!spydata)
1745 return;
1746
1747 /* Update all records that match */
1748 for (i = 0; i < spydata->spy_number; i++)
1749 if (!compare_ether_addr(address, spydata->spy_address[i])) {
1750 memcpy(&(spydata->spy_stat[i]), wstats,
1751 sizeof(struct iw_quality));
1752 match = i;
1753 }
1754
1755 /* Generate an event if we cross the spy threshold.
1756 * To avoid event storms, we have a simple hysteresis : we generate
1757 * event only when we go under the low threshold or above the
1758 * high threshold. */
1759 if (match >= 0) {
1760 if (spydata->spy_thr_under[match]) {
1761 if (wstats->level > spydata->spy_thr_high.level) {
1762 spydata->spy_thr_under[match] = 0;
1763 iw_send_thrspy_event(dev, spydata,
1764 address, wstats);
1765 }
1766 } else {
1767 if (wstats->level < spydata->spy_thr_low.level) {
1768 spydata->spy_thr_under[match] = 1;
1769 iw_send_thrspy_event(dev, spydata,
1770 address, wstats);
1771 }
1772 }
1773 }
1774}
1775EXPORT_SYMBOL(wireless_spy_update);
diff --git a/net/wireless/wext-priv.c b/net/wireless/wext-priv.c
new file mode 100644
index 000000000000..3feb28e41c53
--- /dev/null
+++ b/net/wireless/wext-priv.c
@@ -0,0 +1,249 @@
1/*
2 * This file implement the Wireless Extensions priv API.
3 *
4 * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com>
5 * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved.
6 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
7 *
8 * (As all part of the Linux kernel, this file is GPL)
9 */
10#include <linux/slab.h>
11#include <linux/wireless.h>
12#include <linux/netdevice.h>
13#include <net/iw_handler.h>
14#include <net/wext.h>
15
16int iw_handler_get_private(struct net_device * dev,
17 struct iw_request_info * info,
18 union iwreq_data * wrqu,
19 char * extra)
20{
21 /* Check if the driver has something to export */
22 if ((dev->wireless_handlers->num_private_args == 0) ||
23 (dev->wireless_handlers->private_args == NULL))
24 return -EOPNOTSUPP;
25
26 /* Check if there is enough buffer up there */
27 if (wrqu->data.length < dev->wireless_handlers->num_private_args) {
28 /* User space can't know in advance how large the buffer
29 * needs to be. Give it a hint, so that we can support
30 * any size buffer we want somewhat efficiently... */
31 wrqu->data.length = dev->wireless_handlers->num_private_args;
32 return -E2BIG;
33 }
34
35 /* Set the number of available ioctls. */
36 wrqu->data.length = dev->wireless_handlers->num_private_args;
37
38 /* Copy structure to the user buffer. */
39 memcpy(extra, dev->wireless_handlers->private_args,
40 sizeof(struct iw_priv_args) * wrqu->data.length);
41
42 return 0;
43}
44
45/* Size (in bytes) of the various private data types */
46static const char iw_priv_type_size[] = {
47 0, /* IW_PRIV_TYPE_NONE */
48 1, /* IW_PRIV_TYPE_BYTE */
49 1, /* IW_PRIV_TYPE_CHAR */
50 0, /* Not defined */
51 sizeof(__u32), /* IW_PRIV_TYPE_INT */
52 sizeof(struct iw_freq), /* IW_PRIV_TYPE_FLOAT */
53 sizeof(struct sockaddr), /* IW_PRIV_TYPE_ADDR */
54 0, /* Not defined */
55};
56
57static int get_priv_size(__u16 args)
58{
59 int num = args & IW_PRIV_SIZE_MASK;
60 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
61
62 return num * iw_priv_type_size[type];
63}
64
65static int adjust_priv_size(__u16 args, struct iw_point *iwp)
66{
67 int num = iwp->length;
68 int max = args & IW_PRIV_SIZE_MASK;
69 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
70
71 /* Make sure the driver doesn't goof up */
72 if (max < num)
73 num = max;
74
75 return num * iw_priv_type_size[type];
76}
77
78/*
79 * Wrapper to call a private Wireless Extension handler.
80 * We do various checks and also take care of moving data between
81 * user space and kernel space.
82 * It's not as nice and slimline as the standard wrapper. The cause
83 * is struct iw_priv_args, which was not really designed for the
84 * job we are going here.
85 *
86 * IMPORTANT : This function prevent to set and get data on the same
87 * IOCTL and enforce the SET/GET convention. Not doing it would be
88 * far too hairy...
89 * If you need to set and get data at the same time, please don't use
90 * a iw_handler but process it in your ioctl handler (i.e. use the
91 * old driver API).
92 */
93static int get_priv_descr_and_size(struct net_device *dev, unsigned int cmd,
94 const struct iw_priv_args **descrp)
95{
96 const struct iw_priv_args *descr;
97 int i, extra_size;
98
99 descr = NULL;
100 for (i = 0; i < dev->wireless_handlers->num_private_args; i++) {
101 if (cmd == dev->wireless_handlers->private_args[i].cmd) {
102 descr = &dev->wireless_handlers->private_args[i];
103 break;
104 }
105 }
106
107 extra_size = 0;
108 if (descr) {
109 if (IW_IS_SET(cmd)) {
110 int offset = 0; /* For sub-ioctls */
111 /* Check for sub-ioctl handler */
112 if (descr->name[0] == '\0')
113 /* Reserve one int for sub-ioctl index */
114 offset = sizeof(__u32);
115
116 /* Size of set arguments */
117 extra_size = get_priv_size(descr->set_args);
118
119 /* Does it fits in iwr ? */
120 if ((descr->set_args & IW_PRIV_SIZE_FIXED) &&
121 ((extra_size + offset) <= IFNAMSIZ))
122 extra_size = 0;
123 } else {
124 /* Size of get arguments */
125 extra_size = get_priv_size(descr->get_args);
126
127 /* Does it fits in iwr ? */
128 if ((descr->get_args & IW_PRIV_SIZE_FIXED) &&
129 (extra_size <= IFNAMSIZ))
130 extra_size = 0;
131 }
132 }
133 *descrp = descr;
134 return extra_size;
135}
136
137static int ioctl_private_iw_point(struct iw_point *iwp, unsigned int cmd,
138 const struct iw_priv_args *descr,
139 iw_handler handler, struct net_device *dev,
140 struct iw_request_info *info, int extra_size)
141{
142 char *extra;
143 int err;
144
145 /* Check what user space is giving us */
146 if (IW_IS_SET(cmd)) {
147 if (!iwp->pointer && iwp->length != 0)
148 return -EFAULT;
149
150 if (iwp->length > (descr->set_args & IW_PRIV_SIZE_MASK))
151 return -E2BIG;
152 } else if (!iwp->pointer)
153 return -EFAULT;
154
155 extra = kmalloc(extra_size, GFP_KERNEL);
156 if (!extra)
157 return -ENOMEM;
158
159 /* If it is a SET, get all the extra data in here */
160 if (IW_IS_SET(cmd) && (iwp->length != 0)) {
161 if (copy_from_user(extra, iwp->pointer, extra_size)) {
162 err = -EFAULT;
163 goto out;
164 }
165 }
166
167 /* Call the handler */
168 err = handler(dev, info, (union iwreq_data *) iwp, extra);
169
170 /* If we have something to return to the user */
171 if (!err && IW_IS_GET(cmd)) {
172 /* Adjust for the actual length if it's variable,
173 * avoid leaking kernel bits outside.
174 */
175 if (!(descr->get_args & IW_PRIV_SIZE_FIXED))
176 extra_size = adjust_priv_size(descr->get_args, iwp);
177
178 if (copy_to_user(iwp->pointer, extra, extra_size))
179 err = -EFAULT;
180 }
181
182out:
183 kfree(extra);
184 return err;
185}
186
187int ioctl_private_call(struct net_device *dev, struct iwreq *iwr,
188 unsigned int cmd, struct iw_request_info *info,
189 iw_handler handler)
190{
191 int extra_size = 0, ret = -EINVAL;
192 const struct iw_priv_args *descr;
193
194 extra_size = get_priv_descr_and_size(dev, cmd, &descr);
195
196 /* Check if we have a pointer to user space data or not. */
197 if (extra_size == 0) {
198 /* No extra arguments. Trivial to handle */
199 ret = handler(dev, info, &(iwr->u), (char *) &(iwr->u));
200 } else {
201 ret = ioctl_private_iw_point(&iwr->u.data, cmd, descr,
202 handler, dev, info, extra_size);
203 }
204
205 /* Call commit handler if needed and defined */
206 if (ret == -EIWCOMMIT)
207 ret = call_commit_handler(dev);
208
209 return ret;
210}
211
212#ifdef CONFIG_COMPAT
213int compat_private_call(struct net_device *dev, struct iwreq *iwr,
214 unsigned int cmd, struct iw_request_info *info,
215 iw_handler handler)
216{
217 const struct iw_priv_args *descr;
218 int ret, extra_size;
219
220 extra_size = get_priv_descr_and_size(dev, cmd, &descr);
221
222 /* Check if we have a pointer to user space data or not. */
223 if (extra_size == 0) {
224 /* No extra arguments. Trivial to handle */
225 ret = handler(dev, info, &(iwr->u), (char *) &(iwr->u));
226 } else {
227 struct compat_iw_point *iwp_compat;
228 struct iw_point iwp;
229
230 iwp_compat = (struct compat_iw_point *) &iwr->u.data;
231 iwp.pointer = compat_ptr(iwp_compat->pointer);
232 iwp.length = iwp_compat->length;
233 iwp.flags = iwp_compat->flags;
234
235 ret = ioctl_private_iw_point(&iwp, cmd, descr,
236 handler, dev, info, extra_size);
237
238 iwp_compat->pointer = ptr_to_compat(iwp.pointer);
239 iwp_compat->length = iwp.length;
240 iwp_compat->flags = iwp.flags;
241 }
242
243 /* Call commit handler if needed and defined */
244 if (ret == -EIWCOMMIT)
245 ret = call_commit_handler(dev);
246
247 return ret;
248}
249#endif
diff --git a/net/wireless/wext-proc.c b/net/wireless/wext-proc.c
new file mode 100644
index 000000000000..8bafa31fa9f8
--- /dev/null
+++ b/net/wireless/wext-proc.c
@@ -0,0 +1,155 @@
1/*
2 * This file implement the Wireless Extensions proc API.
3 *
4 * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com>
5 * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved.
6 *
7 * (As all part of the Linux kernel, this file is GPL)
8 */
9
10/*
11 * The /proc/net/wireless file is a human readable user-space interface
12 * exporting various wireless specific statistics from the wireless devices.
13 * This is the most popular part of the Wireless Extensions ;-)
14 *
15 * This interface is a pure clone of /proc/net/dev (in net/core/dev.c).
16 * The content of the file is basically the content of "struct iw_statistics".
17 */
18
19#include <linux/module.h>
20#include <linux/proc_fs.h>
21#include <linux/seq_file.h>
22#include <linux/wireless.h>
23#include <linux/netdevice.h>
24#include <linux/rtnetlink.h>
25#include <net/iw_handler.h>
26#include <net/wext.h>
27
28
29static void wireless_seq_printf_stats(struct seq_file *seq,
30 struct net_device *dev)
31{
32 /* Get stats from the driver */
33 struct iw_statistics *stats = get_wireless_stats(dev);
34 static struct iw_statistics nullstats = {};
35
36 /* show device if it's wireless regardless of current stats */
37 if (!stats) {
38#ifdef CONFIG_WIRELESS_EXT
39 if (dev->wireless_handlers)
40 stats = &nullstats;
41#endif
42#ifdef CONFIG_CFG80211
43 if (dev->ieee80211_ptr)
44 stats = &nullstats;
45#endif
46 }
47
48 if (stats) {
49 seq_printf(seq, "%6s: %04x %3d%c %3d%c %3d%c %6d %6d %6d "
50 "%6d %6d %6d\n",
51 dev->name, stats->status, stats->qual.qual,
52 stats->qual.updated & IW_QUAL_QUAL_UPDATED
53 ? '.' : ' ',
54 ((__s32) stats->qual.level) -
55 ((stats->qual.updated & IW_QUAL_DBM) ? 0x100 : 0),
56 stats->qual.updated & IW_QUAL_LEVEL_UPDATED
57 ? '.' : ' ',
58 ((__s32) stats->qual.noise) -
59 ((stats->qual.updated & IW_QUAL_DBM) ? 0x100 : 0),
60 stats->qual.updated & IW_QUAL_NOISE_UPDATED
61 ? '.' : ' ',
62 stats->discard.nwid, stats->discard.code,
63 stats->discard.fragment, stats->discard.retries,
64 stats->discard.misc, stats->miss.beacon);
65
66 if (stats != &nullstats)
67 stats->qual.updated &= ~IW_QUAL_ALL_UPDATED;
68 }
69}
70
71/* ---------------------------------------------------------------- */
72/*
73 * Print info for /proc/net/wireless (print all entries)
74 */
75static int wireless_dev_seq_show(struct seq_file *seq, void *v)
76{
77 might_sleep();
78
79 if (v == SEQ_START_TOKEN)
80 seq_printf(seq, "Inter-| sta-| Quality | Discarded "
81 "packets | Missed | WE\n"
82 " face | tus | link level noise | nwid "
83 "crypt frag retry misc | beacon | %d\n",
84 WIRELESS_EXT);
85 else
86 wireless_seq_printf_stats(seq, v);
87 return 0;
88}
89
90static void *wireless_dev_seq_start(struct seq_file *seq, loff_t *pos)
91{
92 struct net *net = seq_file_net(seq);
93 loff_t off;
94 struct net_device *dev;
95
96 rtnl_lock();
97 if (!*pos)
98 return SEQ_START_TOKEN;
99
100 off = 1;
101 for_each_netdev(net, dev)
102 if (off++ == *pos)
103 return dev;
104 return NULL;
105}
106
107static void *wireless_dev_seq_next(struct seq_file *seq, void *v, loff_t *pos)
108{
109 struct net *net = seq_file_net(seq);
110
111 ++*pos;
112
113 return v == SEQ_START_TOKEN ?
114 first_net_device(net) : next_net_device(v);
115}
116
117static void wireless_dev_seq_stop(struct seq_file *seq, void *v)
118{
119 rtnl_unlock();
120}
121
122static const struct seq_operations wireless_seq_ops = {
123 .start = wireless_dev_seq_start,
124 .next = wireless_dev_seq_next,
125 .stop = wireless_dev_seq_stop,
126 .show = wireless_dev_seq_show,
127};
128
129static int seq_open_wireless(struct inode *inode, struct file *file)
130{
131 return seq_open_net(inode, file, &wireless_seq_ops,
132 sizeof(struct seq_net_private));
133}
134
135static const struct file_operations wireless_seq_fops = {
136 .owner = THIS_MODULE,
137 .open = seq_open_wireless,
138 .read = seq_read,
139 .llseek = seq_lseek,
140 .release = seq_release_net,
141};
142
143int __net_init wext_proc_init(struct net *net)
144{
145 /* Create /proc/net/wireless entry */
146 if (!proc_net_fops_create(net, "wireless", S_IRUGO, &wireless_seq_fops))
147 return -ENOMEM;
148
149 return 0;
150}
151
152void __net_exit wext_proc_exit(struct net *net)
153{
154 proc_net_remove(net, "wireless");
155}
diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c
index 5615a8802536..d5c6140f4cb8 100644
--- a/net/wireless/wext-sme.c
+++ b/net/wireless/wext-sme.c
@@ -7,6 +7,7 @@
7 7
8#include <linux/etherdevice.h> 8#include <linux/etherdevice.h>
9#include <linux/if_arp.h> 9#include <linux/if_arp.h>
10#include <linux/slab.h>
10#include <net/cfg80211.h> 11#include <net/cfg80211.h>
11#include "wext-compat.h" 12#include "wext-compat.h"
12#include "nl80211.h" 13#include "nl80211.h"
diff --git a/net/wireless/wext-spy.c b/net/wireless/wext-spy.c
new file mode 100644
index 000000000000..6dcfe65a2d1a
--- /dev/null
+++ b/net/wireless/wext-spy.c
@@ -0,0 +1,231 @@
1/*
2 * This file implement the Wireless Extensions spy API.
3 *
4 * Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com>
5 * Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved.
6 *
7 * (As all part of the Linux kernel, this file is GPL)
8 */
9
10#include <linux/wireless.h>
11#include <linux/netdevice.h>
12#include <linux/etherdevice.h>
13#include <net/iw_handler.h>
14#include <net/arp.h>
15#include <net/wext.h>
16
17static inline struct iw_spy_data *get_spydata(struct net_device *dev)
18{
19 /* This is the new way */
20 if (dev->wireless_data)
21 return dev->wireless_data->spy_data;
22 return NULL;
23}
24
25int iw_handler_set_spy(struct net_device * dev,
26 struct iw_request_info * info,
27 union iwreq_data * wrqu,
28 char * extra)
29{
30 struct iw_spy_data * spydata = get_spydata(dev);
31 struct sockaddr * address = (struct sockaddr *) extra;
32
33 /* Make sure driver is not buggy or using the old API */
34 if (!spydata)
35 return -EOPNOTSUPP;
36
37 /* Disable spy collection while we copy the addresses.
38 * While we copy addresses, any call to wireless_spy_update()
39 * will NOP. This is OK, as anyway the addresses are changing. */
40 spydata->spy_number = 0;
41
42 /* We want to operate without locking, because wireless_spy_update()
43 * most likely will happen in the interrupt handler, and therefore
44 * have its own locking constraints and needs performance.
45 * The rtnl_lock() make sure we don't race with the other iw_handlers.
46 * This make sure wireless_spy_update() "see" that the spy list
47 * is temporarily disabled. */
48 smp_wmb();
49
50 /* Are there are addresses to copy? */
51 if (wrqu->data.length > 0) {
52 int i;
53
54 /* Copy addresses */
55 for (i = 0; i < wrqu->data.length; i++)
56 memcpy(spydata->spy_address[i], address[i].sa_data,
57 ETH_ALEN);
58 /* Reset stats */
59 memset(spydata->spy_stat, 0,
60 sizeof(struct iw_quality) * IW_MAX_SPY);
61 }
62
63 /* Make sure above is updated before re-enabling */
64 smp_wmb();
65
66 /* Enable addresses */
67 spydata->spy_number = wrqu->data.length;
68
69 return 0;
70}
71EXPORT_SYMBOL(iw_handler_set_spy);
72
73int iw_handler_get_spy(struct net_device * dev,
74 struct iw_request_info * info,
75 union iwreq_data * wrqu,
76 char * extra)
77{
78 struct iw_spy_data * spydata = get_spydata(dev);
79 struct sockaddr * address = (struct sockaddr *) extra;
80 int i;
81
82 /* Make sure driver is not buggy or using the old API */
83 if (!spydata)
84 return -EOPNOTSUPP;
85
86 wrqu->data.length = spydata->spy_number;
87
88 /* Copy addresses. */
89 for (i = 0; i < spydata->spy_number; i++) {
90 memcpy(address[i].sa_data, spydata->spy_address[i], ETH_ALEN);
91 address[i].sa_family = AF_UNIX;
92 }
93 /* Copy stats to the user buffer (just after). */
94 if (spydata->spy_number > 0)
95 memcpy(extra + (sizeof(struct sockaddr) *spydata->spy_number),
96 spydata->spy_stat,
97 sizeof(struct iw_quality) * spydata->spy_number);
98 /* Reset updated flags. */
99 for (i = 0; i < spydata->spy_number; i++)
100 spydata->spy_stat[i].updated &= ~IW_QUAL_ALL_UPDATED;
101 return 0;
102}
103EXPORT_SYMBOL(iw_handler_get_spy);
104
105/*------------------------------------------------------------------*/
106/*
107 * Standard Wireless Handler : set spy threshold
108 */
109int iw_handler_set_thrspy(struct net_device * dev,
110 struct iw_request_info *info,
111 union iwreq_data * wrqu,
112 char * extra)
113{
114 struct iw_spy_data * spydata = get_spydata(dev);
115 struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
116
117 /* Make sure driver is not buggy or using the old API */
118 if (!spydata)
119 return -EOPNOTSUPP;
120
121 /* Just do it */
122 memcpy(&(spydata->spy_thr_low), &(threshold->low),
123 2 * sizeof(struct iw_quality));
124
125 /* Clear flag */
126 memset(spydata->spy_thr_under, '\0', sizeof(spydata->spy_thr_under));
127
128 return 0;
129}
130EXPORT_SYMBOL(iw_handler_set_thrspy);
131
132/*------------------------------------------------------------------*/
133/*
134 * Standard Wireless Handler : get spy threshold
135 */
136int iw_handler_get_thrspy(struct net_device * dev,
137 struct iw_request_info *info,
138 union iwreq_data * wrqu,
139 char * extra)
140{
141 struct iw_spy_data * spydata = get_spydata(dev);
142 struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
143
144 /* Make sure driver is not buggy or using the old API */
145 if (!spydata)
146 return -EOPNOTSUPP;
147
148 /* Just do it */
149 memcpy(&(threshold->low), &(spydata->spy_thr_low),
150 2 * sizeof(struct iw_quality));
151
152 return 0;
153}
154EXPORT_SYMBOL(iw_handler_get_thrspy);
155
156/*------------------------------------------------------------------*/
157/*
158 * Prepare and send a Spy Threshold event
159 */
160static void iw_send_thrspy_event(struct net_device * dev,
161 struct iw_spy_data * spydata,
162 unsigned char * address,
163 struct iw_quality * wstats)
164{
165 union iwreq_data wrqu;
166 struct iw_thrspy threshold;
167
168 /* Init */
169 wrqu.data.length = 1;
170 wrqu.data.flags = 0;
171 /* Copy address */
172 memcpy(threshold.addr.sa_data, address, ETH_ALEN);
173 threshold.addr.sa_family = ARPHRD_ETHER;
174 /* Copy stats */
175 memcpy(&(threshold.qual), wstats, sizeof(struct iw_quality));
176 /* Copy also thresholds */
177 memcpy(&(threshold.low), &(spydata->spy_thr_low),
178 2 * sizeof(struct iw_quality));
179
180 /* Send event to user space */
181 wireless_send_event(dev, SIOCGIWTHRSPY, &wrqu, (char *) &threshold);
182}
183
184/* ---------------------------------------------------------------- */
185/*
186 * Call for the driver to update the spy data.
187 * For now, the spy data is a simple array. As the size of the array is
188 * small, this is good enough. If we wanted to support larger number of
189 * spy addresses, we should use something more efficient...
190 */
191void wireless_spy_update(struct net_device * dev,
192 unsigned char * address,
193 struct iw_quality * wstats)
194{
195 struct iw_spy_data * spydata = get_spydata(dev);
196 int i;
197 int match = -1;
198
199 /* Make sure driver is not buggy or using the old API */
200 if (!spydata)
201 return;
202
203 /* Update all records that match */
204 for (i = 0; i < spydata->spy_number; i++)
205 if (!compare_ether_addr(address, spydata->spy_address[i])) {
206 memcpy(&(spydata->spy_stat[i]), wstats,
207 sizeof(struct iw_quality));
208 match = i;
209 }
210
211 /* Generate an event if we cross the spy threshold.
212 * To avoid event storms, we have a simple hysteresis : we generate
213 * event only when we go under the low threshold or above the
214 * high threshold. */
215 if (match >= 0) {
216 if (spydata->spy_thr_under[match]) {
217 if (wstats->level > spydata->spy_thr_high.level) {
218 spydata->spy_thr_under[match] = 0;
219 iw_send_thrspy_event(dev, spydata,
220 address, wstats);
221 }
222 } else {
223 if (wstats->level < spydata->spy_thr_low.level) {
224 spydata->spy_thr_under[match] = 1;
225 iw_send_thrspy_event(dev, spydata,
226 address, wstats);
227 }
228 }
229 }
230}
231EXPORT_SYMBOL(wireless_spy_update);
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-03 14:42:23 -0400