xref: /linux/net/wireless/nl80211.c (revision 972c4dd19cb92e03d75b66c426cfade07582a1ba) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This is the new netlink-based wireless configuration interface.
4  *
5  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  * Copyright 2015-2017	Intel Deutschland GmbH
8  * Copyright (C) 2018-2026 Intel Corporation
9  */
10 
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <linux/random.h>
25 #include <net/net_namespace.h>
26 #include <net/genetlink.h>
27 #include <net/cfg80211.h>
28 #include <net/sock.h>
29 #include <net/inet_connection_sock.h>
30 #include "core.h"
31 #include "nl80211.h"
32 #include "reg.h"
33 #include "rdev-ops.h"
34 
35 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
36 				   struct genl_info *info,
37 				   struct cfg80211_crypto_settings *settings,
38 				   int cipher_limit);
39 
40 /* the netlink family */
41 static struct genl_family nl80211_fam;
42 
43 /* multicast groups */
44 enum nl80211_multicast_groups {
45 	NL80211_MCGRP_CONFIG,
46 	NL80211_MCGRP_SCAN,
47 	NL80211_MCGRP_REGULATORY,
48 	NL80211_MCGRP_MLME,
49 	NL80211_MCGRP_VENDOR,
50 	NL80211_MCGRP_NAN,
51 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
52 };
53 
54 static const struct genl_multicast_group nl80211_mcgrps[] = {
55 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
56 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
57 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
58 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
59 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
60 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
61 #ifdef CONFIG_NL80211_TESTMODE
62 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
63 #endif
64 };
65 
66 /* returns ERR_PTR values */
67 static struct wireless_dev *
68 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
69 			   struct net *netns, struct nlattr **attrs)
70 {
71 	struct wireless_dev *result = NULL;
72 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
73 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
74 	u64 wdev_id = 0;
75 	int wiphy_idx = -1;
76 	int ifidx = -1;
77 
78 	if (!have_ifidx && !have_wdev_id)
79 		return ERR_PTR(-EINVAL);
80 
81 	if (have_ifidx)
82 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 	if (have_wdev_id) {
84 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 		wiphy_idx = wdev_id >> 32;
86 	}
87 
88 	if (rdev) {
89 		struct wireless_dev *wdev;
90 
91 		lockdep_assert_held(&rdev->wiphy.mtx);
92 
93 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
94 			if (have_ifidx && wdev->netdev &&
95 			    wdev->netdev->ifindex == ifidx) {
96 				result = wdev;
97 				break;
98 			}
99 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
100 				result = wdev;
101 				break;
102 			}
103 		}
104 
105 		return result ?: ERR_PTR(-ENODEV);
106 	}
107 
108 	ASSERT_RTNL();
109 
110 	for_each_rdev(rdev) {
111 		struct wireless_dev *wdev;
112 
113 		if (wiphy_net(&rdev->wiphy) != netns)
114 			continue;
115 
116 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
117 			continue;
118 
119 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
120 			if (have_ifidx && wdev->netdev &&
121 			    wdev->netdev->ifindex == ifidx) {
122 				result = wdev;
123 				break;
124 			}
125 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
126 				result = wdev;
127 				break;
128 			}
129 		}
130 
131 		if (result)
132 			break;
133 	}
134 
135 	if (result)
136 		return result;
137 	return ERR_PTR(-ENODEV);
138 }
139 
140 static struct cfg80211_registered_device *
141 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
142 {
143 	struct cfg80211_registered_device *rdev = NULL, *tmp;
144 	struct net_device *netdev;
145 
146 	ASSERT_RTNL();
147 
148 	if (!attrs[NL80211_ATTR_WIPHY] &&
149 	    !attrs[NL80211_ATTR_IFINDEX] &&
150 	    !attrs[NL80211_ATTR_WDEV])
151 		return ERR_PTR(-EINVAL);
152 
153 	if (attrs[NL80211_ATTR_WIPHY])
154 		rdev = cfg80211_rdev_by_wiphy_idx(
155 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
156 
157 	if (attrs[NL80211_ATTR_WDEV]) {
158 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
159 		struct wireless_dev *wdev;
160 		bool found = false;
161 
162 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
163 		if (tmp) {
164 			/* make sure wdev exists */
165 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
166 				if (wdev->identifier != (u32)wdev_id)
167 					continue;
168 				found = true;
169 				break;
170 			}
171 
172 			if (!found)
173 				tmp = NULL;
174 
175 			if (rdev && tmp != rdev)
176 				return ERR_PTR(-EINVAL);
177 			rdev = tmp;
178 		}
179 	}
180 
181 	if (attrs[NL80211_ATTR_IFINDEX]) {
182 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
183 
184 		netdev = __dev_get_by_index(netns, ifindex);
185 		if (netdev) {
186 			if (netdev->ieee80211_ptr)
187 				tmp = wiphy_to_rdev(
188 					netdev->ieee80211_ptr->wiphy);
189 			else
190 				tmp = NULL;
191 
192 			/* not wireless device -- return error */
193 			if (!tmp)
194 				return ERR_PTR(-EINVAL);
195 
196 			/* mismatch -- return error */
197 			if (rdev && tmp != rdev)
198 				return ERR_PTR(-EINVAL);
199 
200 			rdev = tmp;
201 		}
202 	}
203 
204 	if (!rdev)
205 		return ERR_PTR(-ENODEV);
206 
207 	if (netns != wiphy_net(&rdev->wiphy))
208 		return ERR_PTR(-ENODEV);
209 
210 	return rdev;
211 }
212 
213 /*
214  * This function returns a pointer to the driver
215  * that the genl_info item that is passed refers to.
216  *
217  * The result of this can be a PTR_ERR and hence must
218  * be checked with IS_ERR() for errors.
219  */
220 static struct cfg80211_registered_device *
221 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
222 {
223 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
224 }
225 
226 static int validate_beacon_head(const struct nlattr *attr,
227 				struct netlink_ext_ack *extack)
228 {
229 	const u8 *data = nla_data(attr);
230 	unsigned int len = nla_len(attr);
231 	const struct element *elem;
232 	const struct ieee80211_mgmt *mgmt = (void *)data;
233 	const struct ieee80211_ext *ext;
234 	unsigned int fixedlen, hdrlen;
235 	bool s1g_bcn;
236 
237 	if (len < offsetofend(typeof(*mgmt), frame_control))
238 		goto err;
239 
240 	s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
241 	if (s1g_bcn) {
242 		ext = (struct ieee80211_ext *)mgmt;
243 		fixedlen =
244 			offsetof(struct ieee80211_ext, u.s1g_beacon.variable) +
245 			ieee80211_s1g_optional_len(ext->frame_control);
246 		hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
247 	} else {
248 		fixedlen = offsetof(struct ieee80211_mgmt,
249 				    u.beacon.variable);
250 		hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
251 	}
252 
253 	if (len < fixedlen)
254 		goto err;
255 
256 	if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
257 		goto err;
258 
259 	data += fixedlen;
260 	len -= fixedlen;
261 
262 	for_each_element(elem, data, len) {
263 		/* nothing */
264 	}
265 
266 	if (for_each_element_completed(elem, data, len))
267 		return 0;
268 
269 err:
270 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
271 	return -EINVAL;
272 }
273 
274 static int validate_ie_attr(const struct nlattr *attr,
275 			    struct netlink_ext_ack *extack)
276 {
277 	const u8 *data = nla_data(attr);
278 	unsigned int len = nla_len(attr);
279 	const struct element *elem;
280 
281 	for_each_element(elem, data, len) {
282 		/* nothing */
283 	}
284 
285 	if (for_each_element_completed(elem, data, len))
286 		return 0;
287 
288 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
289 	return -EINVAL;
290 }
291 
292 static int validate_he_capa(const struct nlattr *attr,
293 			    struct netlink_ext_ack *extack)
294 {
295 	if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
296 		return -EINVAL;
297 
298 	return 0;
299 }
300 
301 static int validate_supported_selectors(const struct nlattr *attr,
302 					struct netlink_ext_ack *extack)
303 {
304 	const u8 *supported_selectors = nla_data(attr);
305 	u8 supported_selectors_len = nla_len(attr);
306 
307 	/* The top bit must not be set as it is not part of the selector */
308 	for (int i = 0; i < supported_selectors_len; i++) {
309 		if (supported_selectors[i] & 0x80)
310 			return -EINVAL;
311 	}
312 
313 	return 0;
314 }
315 
316 static int validate_nan_cluster_id(const struct nlattr *attr,
317 				   struct netlink_ext_ack *extack)
318 {
319 	const u8 *data = nla_data(attr);
320 	unsigned int len = nla_len(attr);
321 	static const u8 cluster_id_prefix[4] = {0x50, 0x6f, 0x9a, 0x1};
322 
323 	if (len != ETH_ALEN) {
324 		NL_SET_ERR_MSG_ATTR(extack, attr, "bad cluster id length");
325 		return -EINVAL;
326 	}
327 
328 	if (memcmp(data, cluster_id_prefix, sizeof(cluster_id_prefix))) {
329 		NL_SET_ERR_MSG_ATTR(extack, attr, "invalid cluster id prefix");
330 		return -EINVAL;
331 	}
332 
333 	return 0;
334 }
335 
336 static int validate_nan_avail_blob(const struct nlattr *attr,
337 				   struct netlink_ext_ack *extack)
338 {
339 	const u8 *data = nla_data(attr);
340 	unsigned int len = nla_len(attr);
341 	u16 attr_len;
342 
343 	/* Need at least: Attr ID (1) + Length (2) */
344 	if (len < 3) {
345 		NL_SET_ERR_MSG_FMT(extack,
346 				   "NAN Availability: Too short (need at least 3 bytes, have %u)",
347 				   len);
348 		return -EINVAL;
349 	}
350 
351 	if (data[0] != 0x12) {
352 		NL_SET_ERR_MSG_FMT(extack,
353 				   "NAN Availability: Invalid Attribute ID 0x%02x (expected 0x12)",
354 				   data[0]);
355 		return -EINVAL;
356 	}
357 
358 	attr_len = get_unaligned_le16(&data[1]);
359 
360 	if (attr_len != len - 3) {
361 		NL_SET_ERR_MSG_FMT(extack,
362 				   "NAN Availability: Length field (%u) doesn't match data length (%u)",
363 				   attr_len, len - 3);
364 		return -EINVAL;
365 	}
366 
367 	return 0;
368 }
369 
370 static int validate_nan_ulw(const struct nlattr *attr,
371 			    struct netlink_ext_ack *extack)
372 {
373 	const u8 *data = nla_data(attr);
374 	unsigned int len = nla_len(attr);
375 	unsigned int pos = 0;
376 
377 	while (pos < len) {
378 		u16 attr_len;
379 
380 		/* Need at least: Attr ID (1) + Length (2) */
381 		if (pos + 3 > len) {
382 			NL_SET_ERR_MSG_FMT(extack,
383 					   "ULW: Incomplete header (need 3 bytes, have %u)",
384 					   len - pos);
385 			return -EINVAL;
386 		}
387 
388 		if (data[pos] != 0x17) {
389 			NL_SET_ERR_MSG_FMT(extack,
390 					   "ULW: Invalid Attribute ID 0x%02x (expected 0x17)",
391 					   data[pos]);
392 			return -EINVAL;
393 		}
394 		pos++;
395 
396 		/* Length is in little-endian format */
397 		attr_len = get_unaligned_le16(&data[pos]);
398 		pos += 2;
399 
400 		/*
401 		 * Check if length is one of the valid values: 16 (no
402 		 * channel/band entry included), 18 (band entry included),
403 		 * 21 (channel entry included without Auxiliary channel bitmap),
404 		 * or 23 (channel entry included with Auxiliary channel bitmap).
405 		 */
406 		if (attr_len != 16 && attr_len != 18 && attr_len != 21 &&
407 		    attr_len != 23) {
408 			NL_SET_ERR_MSG_FMT(extack,
409 					   "ULW: Invalid length %u (must be 16, 18, 21, or 23)",
410 					   attr_len);
411 			return -EINVAL;
412 		}
413 
414 		if (pos + attr_len > len) {
415 			NL_SET_ERR_MSG_FMT(extack,
416 					   "ULW: Length field (%u) exceeds remaining data (%u)",
417 					   attr_len, len - pos);
418 			return -EINVAL;
419 		}
420 
421 		pos += attr_len;
422 	}
423 
424 	return 0;
425 }
426 
427 static int validate_uhr_capa(const struct nlattr *attr,
428 			     struct netlink_ext_ack *extack)
429 {
430 	const u8 *data = nla_data(attr);
431 	unsigned int len = nla_len(attr);
432 
433 	if (!ieee80211_uhr_capa_size_ok(data, len, false))
434 		return -EINVAL;
435 	return 0;
436 }
437 
438 static int validate_uhr_operation(const struct nlattr *attr,
439 				  struct netlink_ext_ack *extack)
440 {
441 	const u8 *data = nla_data(attr);
442 	unsigned int len = nla_len(attr);
443 
444 	if (!ieee80211_uhr_oper_size_ok(data, len, false))
445 		return -EINVAL;
446 	return 0;
447 }
448 
449 /* policy for the attributes */
450 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
451 
452 static const struct nla_policy
453 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
454 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
455 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
456 					.len = U8_MAX },
457 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
458 					     .len = U8_MAX },
459 };
460 
461 static const struct nla_policy
462 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
463 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
464 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
465 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
466 		NLA_POLICY_MAX(NLA_U8, 15),
467 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
468 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
469 		NLA_POLICY_MAX(NLA_U8, 15),
470 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 },
471 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
472 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
473 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
474 	[NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
475 	[NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
476 	[NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
477 	[NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
478 	[NL80211_PMSR_FTM_REQ_ATTR_RSTA] = { .type = NLA_FLAG },
479 	[NL80211_PMSR_FTM_REQ_ATTR_MIN_TIME_BETWEEN_MEASUREMENTS] = {
480 		.type = NLA_U32
481 	},
482 	[NL80211_PMSR_FTM_REQ_ATTR_MAX_TIME_BETWEEN_MEASUREMENTS] = {
483 		.type = NLA_U32
484 	},
485 	[NL80211_PMSR_FTM_REQ_ATTR_NOMINAL_TIME] = { .type = NLA_U32 },
486 	[NL80211_PMSR_FTM_REQ_ATTR_AW_DURATION] = NLA_POLICY_MAX(NLA_U32, 255),
487 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_MEASUREMENTS] = { .type = NLA_U32 },
488 	[NL80211_PMSR_FTM_REQ_ATTR_INGRESS] = { .type = NLA_U64 },
489 	[NL80211_PMSR_FTM_REQ_ATTR_EGRESS] = { .type = NLA_U64 },
490 	[NL80211_PMSR_FTM_REQ_ATTR_PD_SUPPRESS_RESULTS] = { .type = NLA_FLAG },
491 };
492 
493 static const struct nla_policy
494 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
495 	[NL80211_PMSR_TYPE_FTM] =
496 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
497 };
498 
499 static const struct nla_policy
500 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
501 	[NL80211_PMSR_REQ_ATTR_DATA] =
502 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
503 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
504 };
505 
506 static const struct nla_policy
507 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
508 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
509 	[NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
510 	[NL80211_PMSR_PEER_ATTR_REQ] =
511 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
512 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
513 	[NL80211_PMSR_PEER_ATTR_REQ_TYPE] =
514 		NLA_POLICY_MAX(NLA_U32, NL80211_PMSR_FTM_REQ_TYPE_MAX),
515 };
516 
517 static const struct nla_policy
518 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
519 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
520 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
521 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
522 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
523 	[NL80211_PMSR_ATTR_PEERS] =
524 		NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
525 };
526 
527 static const struct nla_policy
528 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
529 	[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
530 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
531 	[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
532 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
533 	[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
534 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
535 	[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
536 		NLA_POLICY_EXACT_LEN(8),
537 	[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
538 		NLA_POLICY_EXACT_LEN(8),
539 	[NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
540 };
541 
542 static const struct nla_policy
543 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
544 	[NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
545 	[NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
546 	[NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
547 };
548 
549 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
550 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
551 				    .len = NL80211_MAX_SUPP_RATES },
552 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
553 				.len = NL80211_MAX_SUPP_HT_RATES },
554 	[NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
555 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
556 	[NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
557 	[NL80211_TXRATE_HE_GI] =  NLA_POLICY_RANGE(NLA_U8,
558 						   NL80211_RATE_INFO_HE_GI_0_8,
559 						   NL80211_RATE_INFO_HE_GI_3_2),
560 	[NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
561 						   NL80211_RATE_INFO_HE_1XLTF,
562 						   NL80211_RATE_INFO_HE_4XLTF),
563 	[NL80211_TXRATE_EHT] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_eht)),
564 	[NL80211_TXRATE_EHT_GI] =  NLA_POLICY_RANGE(NLA_U8,
565 						   NL80211_RATE_INFO_EHT_GI_0_8,
566 						   NL80211_RATE_INFO_EHT_GI_3_2),
567 	[NL80211_TXRATE_EHT_LTF] = NLA_POLICY_RANGE(NLA_U8,
568 						   NL80211_RATE_INFO_EHT_1XLTF,
569 						   NL80211_RATE_INFO_EHT_8XLTF),
570 
571 };
572 
573 static const struct nla_policy
574 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
575 	[NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
576 	[NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
577 	[NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
578 	[NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
579 	[NL80211_TID_CONFIG_ATTR_NOACK] =
580 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
581 	[NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
582 	[NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
583 	[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
584 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
585 	[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
586 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
587 	[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
588 			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
589 	[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
590 			NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
591 	[NL80211_TID_CONFIG_ATTR_TX_RATE] =
592 			NLA_POLICY_NESTED(nl80211_txattr_policy),
593 };
594 
595 static const struct nla_policy
596 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
597 	[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
598 	[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
599 	[NL80211_FILS_DISCOVERY_ATTR_TMPL] =
600 			NLA_POLICY_RANGE(NLA_BINARY,
601 					 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
602 					 IEEE80211_MAX_DATA_LEN),
603 };
604 
605 static const struct nla_policy
606 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
607 	[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
608 	[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
609 						       .len = IEEE80211_MAX_DATA_LEN }
610 };
611 
612 static const struct nla_policy
613 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
614 	[NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
615 	[NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
616 };
617 
618 static const struct nla_policy
619 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
620 	[NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
621 	[NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
622 };
623 
624 static const struct nla_policy
625 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
626 	[NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
627 	[NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
628 						NLA_POLICY_MIN(NLA_U8, 1),
629 	[NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
630 	[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
631 	[NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
632 	[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID] =
633 		NLA_POLICY_MAX(NLA_U8, IEEE80211_MLD_MAX_NUM_LINKS),
634 };
635 
636 static const struct nla_policy
637 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
638 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
639 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
640 };
641 
642 static const struct nla_policy
643 nl80211_s1g_short_beacon[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1] = {
644 	[NL80211_S1G_SHORT_BEACON_ATTR_HEAD] =
645 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
646 				       IEEE80211_MAX_DATA_LEN),
647 	[NL80211_S1G_SHORT_BEACON_ATTR_TAIL] =
648 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
649 				       IEEE80211_MAX_DATA_LEN),
650 };
651 
652 static const struct nla_policy
653 nl80211_nan_band_conf_policy[NL80211_NAN_BAND_CONF_ATTR_MAX + 1] = {
654 	[NL80211_NAN_BAND_CONF_BAND] = NLA_POLICY_MAX(NLA_U8,
655 						      NUM_NL80211_BANDS - 1),
656 	[NL80211_NAN_BAND_CONF_FREQ] = { .type = NLA_U16 },
657 	[NL80211_NAN_BAND_CONF_RSSI_CLOSE] = NLA_POLICY_MIN(NLA_S8, -59),
658 	[NL80211_NAN_BAND_CONF_RSSI_MIDDLE] = NLA_POLICY_MIN(NLA_S8, -74),
659 	[NL80211_NAN_BAND_CONF_WAKE_DW] = NLA_POLICY_MAX(NLA_U8, 5),
660 	[NL80211_NAN_BAND_CONF_DISABLE_SCAN] = { .type = NLA_FLAG },
661 };
662 
663 static const struct nla_policy
664 nl80211_nan_peer_map_policy[NL80211_NAN_PEER_MAP_ATTR_MAX + 1] = {
665 	[NL80211_NAN_PEER_MAP_ATTR_MAP_ID] = NLA_POLICY_MAX(NLA_U8, 15),
666 	[NL80211_NAN_PEER_MAP_ATTR_TIME_SLOTS] =
667 		NLA_POLICY_EXACT_LEN(CFG80211_NAN_SCHED_NUM_TIME_SLOTS),
668 };
669 
670 static const struct nla_policy
671 nl80211_nan_conf_policy[NL80211_NAN_CONF_ATTR_MAX + 1] = {
672 	[NL80211_NAN_CONF_CLUSTER_ID] =
673 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_nan_cluster_id,
674 				       ETH_ALEN),
675 	[NL80211_NAN_CONF_EXTRA_ATTRS] = { .type = NLA_BINARY,
676 					   .len = IEEE80211_MAX_DATA_LEN},
677 	[NL80211_NAN_CONF_VENDOR_ELEMS] =
678 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
679 				       IEEE80211_MAX_DATA_LEN),
680 	[NL80211_NAN_CONF_BAND_CONFIGS] =
681 		NLA_POLICY_NESTED_ARRAY(nl80211_nan_band_conf_policy),
682 	[NL80211_NAN_CONF_SCAN_PERIOD] = { .type = NLA_U16 },
683 	[NL80211_NAN_CONF_SCAN_DWELL_TIME] = NLA_POLICY_RANGE(NLA_U16, 50, 512),
684 	[NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL] =
685 		NLA_POLICY_RANGE(NLA_U8, 50, 200),
686 	[NL80211_NAN_CONF_NOTIFY_DW] = { .type = NLA_FLAG },
687 };
688 
689 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
690 	.min = 0,
691 	.max = 0xffff,
692 };
693 
694 static const struct netlink_range_validation q_range = {
695 	.max = INT_MAX,
696 };
697 
698 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
699 	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
700 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
701 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
702 				      .len = 20-1 },
703 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
704 
705 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
706 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
707 	[NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
708 						NL80211_EDMG_CHANNELS_MIN,
709 						NL80211_EDMG_CHANNELS_MAX),
710 	[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
711 						NL80211_EDMG_BW_CONFIG_MIN,
712 						NL80211_EDMG_BW_CONFIG_MAX),
713 
714 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
715 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
716 	[NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
717 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
718 
719 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
720 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
721 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
722 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
723 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
724 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
725 
726 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
727 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
728 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
729 
730 	[NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
731 	[NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
732 
733 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
734 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
735 				    .len = WLAN_MAX_KEY_LEN },
736 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
737 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
738 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
739 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
740 	[NL80211_ATTR_KEY_TYPE] =
741 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
742 
743 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
744 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
745 	[NL80211_ATTR_BEACON_HEAD] =
746 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
747 				       IEEE80211_MAX_DATA_LEN),
748 	[NL80211_ATTR_BEACON_TAIL] =
749 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
750 				       IEEE80211_MAX_DATA_LEN),
751 	[NL80211_ATTR_STA_AID] =
752 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
753 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
754 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
755 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
756 					       .len = NL80211_MAX_SUPP_RATES },
757 	[NL80211_ATTR_STA_PLINK_ACTION] =
758 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
759 	[NL80211_ATTR_STA_TX_POWER_SETTING] =
760 		NLA_POLICY_RANGE(NLA_U8,
761 				 NL80211_TX_POWER_AUTOMATIC,
762 				 NL80211_TX_POWER_FIXED),
763 	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
764 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
765 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
766 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
767 				   .len = IEEE80211_MAX_MESH_ID_LEN },
768 	[NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
769 
770 	/* allow 3 for NUL-termination, we used to declare this NLA_STRING */
771 	[NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
772 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
773 
774 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
775 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
776 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
777 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
778 					   .len = NL80211_MAX_SUPP_RATES },
779 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
780 
781 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
782 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
783 
784 	[NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
785 
786 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
787 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
788 						   validate_ie_attr,
789 						   IEEE80211_MAX_DATA_LEN),
790 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
791 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
792 
793 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
794 				.len = IEEE80211_MAX_SSID_LEN },
795 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
796 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
797 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
798 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
799 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
800 						  NL80211_MFP_NO,
801 						  NL80211_MFP_OPTIONAL),
802 	[NL80211_ATTR_STA_FLAGS2] =
803 		NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
804 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
805 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
806 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
807 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
808 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
809 	[NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
810 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
811 	[NL80211_ATTR_WPA_VERSIONS] =
812 		NLA_POLICY_RANGE(NLA_U32, 0,
813 				 NL80211_WPA_VERSION_1 |
814 				 NL80211_WPA_VERSION_2 |
815 				 NL80211_WPA_VERSION_3),
816 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
817 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
818 	[NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
819 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
820 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
821 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
822 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
823 				 .len = IEEE80211_MAX_DATA_LEN },
824 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
825 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
826 						   NL80211_PS_DISABLED,
827 						   NL80211_PS_ENABLED),
828 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
829 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
830 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
831 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
832 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
833 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
834 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
835 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
836 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
837 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
838 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
839 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
840 	[NL80211_ATTR_STA_PLINK_STATE] =
841 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
842 	[NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
843 	[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
844 	[NL80211_ATTR_MESH_PEER_AID] =
845 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
846 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
847 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
848 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
849 	[NL80211_ATTR_HIDDEN_SSID] =
850 		NLA_POLICY_RANGE(NLA_U32,
851 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
852 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
853 	[NL80211_ATTR_IE_PROBE_RESP] =
854 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
855 				       IEEE80211_MAX_DATA_LEN),
856 	[NL80211_ATTR_IE_ASSOC_RESP] =
857 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
858 				       IEEE80211_MAX_DATA_LEN),
859 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
860 	[NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
861 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
862 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
863 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
864 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
865 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
866 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
867 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
868 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
869 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
870 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
871 				      .len = IEEE80211_MAX_DATA_LEN },
872 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
873 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
874 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
875 		.len = NL80211_HT_CAPABILITY_LEN
876 	},
877 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
878 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
879 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
880 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
881 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
882 
883 	/* need to include at least Auth Transaction and Status Code */
884 	[NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
885 
886 	[NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
887 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
888 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
889 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
890 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
891 		NLA_POLICY_RANGE(NLA_U32,
892 				 NL80211_MESH_POWER_UNKNOWN + 1,
893 				 NL80211_MESH_POWER_MAX),
894 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
895 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
896 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
897 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
898 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
899 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
900 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
901 		.len = NL80211_VHT_CAPABILITY_LEN,
902 	},
903 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
904 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
905 				  .len = IEEE80211_MAX_DATA_LEN },
906 	[NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
907 	[NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
908 		NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
909 	[NL80211_ATTR_PEER_AID] =
910 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
911 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
912 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
913 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
914 	[NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
915 	[NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
916 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
917 	/*
918 	 * The value of the Length field of the Supported Operating
919 	 * Classes element is between 2 and 253.
920 	 */
921 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
922 		NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
923 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
924 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
925 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
926 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
927 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
928 	[NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
929 						  IEEE80211_QOS_MAP_LEN_MIN,
930 						  IEEE80211_QOS_MAP_LEN_MAX),
931 	[NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
932 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
933 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
934 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
935 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
936 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
937 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
938 	[NL80211_ATTR_USER_PRIO] =
939 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
940 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
941 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
942 	[NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
943 	[NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
944 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
945 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
946 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
947 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
948 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
949 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
950 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
951 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
952 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
953 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
954 	},
955 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
956 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
957 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
958 	[NL80211_ATTR_NAN_CONFIG] = NLA_POLICY_NESTED(nl80211_nan_conf_policy),
959 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
960 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
961 				    .len = FILS_MAX_KEK_LEN },
962 	[NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
963 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
964 	[NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
965 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
966 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
967 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
968 	},
969 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
970 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
971 					     .len = FILS_ERP_MAX_USERNAME_LEN },
972 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
973 					  .len = FILS_ERP_MAX_REALM_LEN },
974 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
975 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
976 					.len = FILS_ERP_MAX_RRK_LEN },
977 	[NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
978 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
979 	[NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
980 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
981 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
982 
983 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
984 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
985 	[NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
986 	[NL80211_ATTR_HE_CAPABILITY] =
987 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
988 				       NL80211_HE_MAX_CAPABILITY_LEN),
989 	[NL80211_ATTR_FTM_RESPONDER] =
990 		NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
991 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
992 	[NL80211_ATTR_PEER_MEASUREMENTS] =
993 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
994 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
995 	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
996 					.len = SAE_PASSWORD_MAX_LEN },
997 	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
998 	[NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
999 	[NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
1000 	[NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
1001 	[NL80211_ATTR_TID_CONFIG] =
1002 		NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
1003 	[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
1004 	[NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
1005 	[NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
1006 	[NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
1007 	[NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
1008 	[NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
1009 	[NL80211_ATTR_HE_6GHZ_CAPABILITY] =
1010 		NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
1011 	[NL80211_ATTR_FILS_DISCOVERY] =
1012 		NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
1013 	[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
1014 		NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
1015 	[NL80211_ATTR_S1G_CAPABILITY] =
1016 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
1017 	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
1018 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
1019 	[NL80211_ATTR_SAE_PWE] =
1020 		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
1021 				 NL80211_SAE_PWE_BOTH),
1022 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
1023 	[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
1024 	[NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
1025 	[NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
1026 	[NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
1027 	[NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
1028 	[NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
1029 	[NL80211_ATTR_MBSSID_CONFIG] =
1030 			NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
1031 	[NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
1032 	[NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
1033 	[NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
1034 	[NL80211_ATTR_EHT_CAPABILITY] =
1035 		NLA_POLICY_RANGE(NLA_BINARY,
1036 				 NL80211_EHT_MIN_CAPABILITY_LEN,
1037 				 NL80211_EHT_MAX_CAPABILITY_LEN),
1038 	[NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
1039 	[NL80211_ATTR_MLO_LINKS] =
1040 		NLA_POLICY_NESTED_ARRAY(nl80211_policy),
1041 	[NL80211_ATTR_MLO_LINK_ID] =
1042 		NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS - 1),
1043 	[NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
1044 	[NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
1045 	[NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
1046 	[NL80211_ATTR_EML_CAPABILITY] = { .type = NLA_U16 },
1047 	[NL80211_ATTR_PUNCT_BITMAP] =
1048 		NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
1049 
1050 	[NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
1051 	[NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
1052 	[NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
1053 	[NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
1054 	[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
1055 	[NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
1056 	[NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
1057 	[NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
1058 	[NL80211_ATTR_VIF_RADIO_MASK] = { .type = NLA_U32 },
1059 	[NL80211_ATTR_SUPPORTED_SELECTORS] =
1060 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_supported_selectors,
1061 				       NL80211_MAX_SUPP_SELECTORS),
1062 	[NL80211_ATTR_MLO_RECONF_REM_LINKS] = { .type = NLA_U16 },
1063 	[NL80211_ATTR_EPCS] = { .type = NLA_FLAG },
1064 	[NL80211_ATTR_EXT_MLD_CAPA_AND_OPS] = { .type = NLA_U16 },
1065 	[NL80211_ATTR_WIPHY_RADIO_INDEX] = { .type = NLA_U8 },
1066 	[NL80211_ATTR_S1G_LONG_BEACON_PERIOD] = NLA_POLICY_MIN(NLA_U8, 2),
1067 	[NL80211_ATTR_S1G_SHORT_BEACON] =
1068 		NLA_POLICY_NESTED(nl80211_s1g_short_beacon),
1069 	[NL80211_ATTR_BSS_PARAM] = { .type = NLA_FLAG },
1070 	[NL80211_ATTR_S1G_PRIMARY_2MHZ] = { .type = NLA_FLAG },
1071 	[NL80211_ATTR_EPP_PEER] = { .type = NLA_FLAG },
1072 	[NL80211_ATTR_UHR_CAPABILITY] =
1073 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_uhr_capa, 255),
1074 	[NL80211_ATTR_DISABLE_UHR] = { .type = NLA_FLAG },
1075 	[NL80211_ATTR_UHR_OPERATION] =
1076 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_uhr_operation),
1077 	[NL80211_ATTR_NAN_CHANNEL] = NLA_POLICY_NESTED(nl80211_policy),
1078 	[NL80211_ATTR_NAN_CHANNEL_ENTRY] = NLA_POLICY_EXACT_LEN(6),
1079 	[NL80211_ATTR_NAN_RX_NSS] = { .type = NLA_U8 },
1080 	[NL80211_ATTR_NAN_TIME_SLOTS] =
1081 		NLA_POLICY_EXACT_LEN(CFG80211_NAN_SCHED_NUM_TIME_SLOTS),
1082 	[NL80211_ATTR_NAN_AVAIL_BLOB] =
1083 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_nan_avail_blob),
1084 	[NL80211_ATTR_NAN_SCHED_DEFERRED] = { .type = NLA_FLAG },
1085 	[NL80211_ATTR_NAN_NMI_MAC] = NLA_POLICY_ETH_ADDR,
1086 	[NL80211_ATTR_NAN_ULW] =
1087 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_nan_ulw),
1088 	[NL80211_ATTR_NAN_COMMITTED_DW] = { .type = NLA_U16 },
1089 	[NL80211_ATTR_NAN_SEQ_ID] = { .type = NLA_U8 },
1090 	[NL80211_ATTR_NAN_MAX_CHAN_SWITCH_TIME] = { .type = NLA_U16 },
1091 	[NL80211_ATTR_NAN_PEER_MAPS] =
1092 		NLA_POLICY_NESTED_ARRAY(nl80211_nan_peer_map_policy),
1093 	[NL80211_ATTR_NPCA_PRIMARY_FREQ] = { .type = NLA_U32 },
1094 	[NL80211_ATTR_NPCA_PUNCT_BITMAP] =
1095 		NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
1096 };
1097 
1098 /* policy for the key attributes */
1099 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
1100 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
1101 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
1102 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
1103 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
1104 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
1105 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
1106 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
1107 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
1108 	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
1109 	[NL80211_KEY_LTF_SEED] = {
1110 		.type = NLA_BINARY,
1111 		.len = WLAN_MAX_SECURE_LTF_KEYSEED_LEN,
1112 	},
1113 };
1114 
1115 /* policy for the key default flags */
1116 static const struct nla_policy
1117 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
1118 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
1119 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
1120 };
1121 
1122 #ifdef CONFIG_PM
1123 /* policy for WoWLAN attributes */
1124 static const struct nla_policy
1125 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
1126 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
1127 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
1128 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
1129 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
1130 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
1131 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
1132 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
1133 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
1134 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
1135 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
1136 };
1137 
1138 static const struct nla_policy
1139 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
1140 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
1141 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
1142 	[NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1143 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
1144 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
1145 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
1146 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
1147 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
1148 	},
1149 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
1150 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
1151 	},
1152 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
1153 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
1154 	[NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
1155 };
1156 #endif /* CONFIG_PM */
1157 
1158 /* policy for coalesce rule attributes */
1159 static const struct nla_policy
1160 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
1161 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
1162 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
1163 		NLA_POLICY_RANGE(NLA_U32,
1164 				 NL80211_COALESCE_CONDITION_MATCH,
1165 				 NL80211_COALESCE_CONDITION_NO_MATCH),
1166 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
1167 };
1168 
1169 /* policy for GTK rekey offload attributes */
1170 static const struct nla_policy
1171 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
1172 	[NL80211_REKEY_DATA_KEK] = {
1173 		.type = NLA_BINARY,
1174 		.len = NL80211_KEK_EXT_LEN
1175 	},
1176 	[NL80211_REKEY_DATA_KCK] = {
1177 		.type = NLA_BINARY,
1178 		.len = NL80211_KCK_EXT_LEN_32
1179 	},
1180 	[NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
1181 	[NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
1182 };
1183 
1184 static const struct nla_policy
1185 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
1186 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
1187 						 .len = IEEE80211_MAX_SSID_LEN },
1188 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1189 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
1190 };
1191 
1192 static const struct nla_policy
1193 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
1194 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
1195 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
1196 };
1197 
1198 static const struct nla_policy
1199 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
1200 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
1201 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
1202 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
1203 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
1204 	},
1205 };
1206 
1207 /* policy for NAN function attributes */
1208 static const struct nla_policy
1209 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
1210 	[NL80211_NAN_FUNC_TYPE] =
1211 		NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
1212 	[NL80211_NAN_FUNC_SERVICE_ID] = {
1213 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
1214 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
1215 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
1216 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
1217 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
1218 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
1219 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1220 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
1221 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
1222 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
1223 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
1224 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
1225 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
1226 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
1227 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
1228 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
1229 };
1230 
1231 /* policy for Service Response Filter attributes */
1232 static const struct nla_policy
1233 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
1234 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
1235 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
1236 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
1237 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
1238 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
1239 };
1240 
1241 /* policy for packet pattern attributes */
1242 static const struct nla_policy
1243 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
1244 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
1245 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
1246 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
1247 };
1248 
1249 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
1250 				     struct cfg80211_registered_device **rdev,
1251 				     struct wireless_dev **wdev,
1252 				     struct nlattr **attrbuf)
1253 {
1254 	int err;
1255 
1256 	if (!cb->args[0]) {
1257 		struct nlattr **attrbuf_free = NULL;
1258 
1259 		if (!attrbuf) {
1260 			attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
1261 			if (!attrbuf)
1262 				return -ENOMEM;
1263 			attrbuf_free = attrbuf;
1264 		}
1265 
1266 		err = nlmsg_parse_deprecated(cb->nlh,
1267 					     GENL_HDRLEN + nl80211_fam.hdrsize,
1268 					     attrbuf, nl80211_fam.maxattr,
1269 					     nl80211_policy, NULL);
1270 		if (err) {
1271 			kfree(attrbuf_free);
1272 			return err;
1273 		}
1274 
1275 		rtnl_lock();
1276 		*wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1277 						   attrbuf);
1278 		kfree(attrbuf_free);
1279 		if (IS_ERR(*wdev)) {
1280 			rtnl_unlock();
1281 			return PTR_ERR(*wdev);
1282 		}
1283 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
1284 		mutex_lock(&(*rdev)->wiphy.mtx);
1285 		rtnl_unlock();
1286 		/* 0 is the first index - add 1 to parse only once */
1287 		cb->args[0] = (*rdev)->wiphy_idx + 1;
1288 		cb->args[1] = (*wdev)->identifier;
1289 	} else {
1290 		/* subtract the 1 again here */
1291 		struct wiphy *wiphy;
1292 		struct wireless_dev *tmp;
1293 
1294 		rtnl_lock();
1295 		wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1296 		if (!wiphy) {
1297 			rtnl_unlock();
1298 			return -ENODEV;
1299 		}
1300 
1301 		/*
1302 		 * The first invocation validated the wdev's netns against
1303 		 * the caller via __cfg80211_wdev_from_attrs(). The wiphy
1304 		 * may have moved netns between dumpit invocations (via
1305 		 * NL80211_CMD_SET_WIPHY_NETNS), so re-check here.
1306 		 */
1307 		if (!net_eq(wiphy_net(wiphy), sock_net(cb->skb->sk))) {
1308 			rtnl_unlock();
1309 			return -ENODEV;
1310 		}
1311 
1312 		*rdev = wiphy_to_rdev(wiphy);
1313 		*wdev = NULL;
1314 
1315 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1316 			if (tmp->identifier == cb->args[1]) {
1317 				*wdev = tmp;
1318 				break;
1319 			}
1320 		}
1321 
1322 		if (!*wdev) {
1323 			rtnl_unlock();
1324 			return -ENODEV;
1325 		}
1326 		mutex_lock(&(*rdev)->wiphy.mtx);
1327 		rtnl_unlock();
1328 	}
1329 
1330 	return 0;
1331 }
1332 
1333 /* message building helper */
1334 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1335 		     int flags, u8 cmd)
1336 {
1337 	/* since there is no private header just add the generic one */
1338 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1339 }
1340 
1341 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1342 				     const struct ieee80211_reg_rule *rule)
1343 {
1344 	int j;
1345 	struct nlattr *nl_wmm_rules =
1346 		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1347 
1348 	if (!nl_wmm_rules)
1349 		goto nla_put_failure;
1350 
1351 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1352 		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1353 
1354 		if (!nl_wmm_rule)
1355 			goto nla_put_failure;
1356 
1357 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1358 				rule->wmm_rule.client[j].cw_min) ||
1359 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1360 				rule->wmm_rule.client[j].cw_max) ||
1361 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
1362 			       rule->wmm_rule.client[j].aifsn) ||
1363 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
1364 			        rule->wmm_rule.client[j].cot))
1365 			goto nla_put_failure;
1366 
1367 		nla_nest_end(msg, nl_wmm_rule);
1368 	}
1369 	nla_nest_end(msg, nl_wmm_rules);
1370 
1371 	return 0;
1372 
1373 nla_put_failure:
1374 	return -ENOBUFS;
1375 }
1376 
1377 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1378 				   struct ieee80211_channel *chan,
1379 				   bool large)
1380 {
1381 	/* Some channels must be completely excluded from the
1382 	 * list to protect old user-space tools from breaking
1383 	 */
1384 	if (!large && chan->flags &
1385 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1386 		return 0;
1387 	if (!large && chan->freq_offset)
1388 		return 0;
1389 
1390 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1391 			chan->center_freq))
1392 		goto nla_put_failure;
1393 
1394 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1395 		goto nla_put_failure;
1396 
1397 	if ((chan->flags & IEEE80211_CHAN_PSD) &&
1398 	    nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1399 		goto nla_put_failure;
1400 
1401 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1402 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1403 		goto nla_put_failure;
1404 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
1405 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1406 			goto nla_put_failure;
1407 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1408 			goto nla_put_failure;
1409 	}
1410 	if (chan->flags & IEEE80211_CHAN_RADAR) {
1411 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1412 			goto nla_put_failure;
1413 		if (large) {
1414 			u32 time;
1415 
1416 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1417 
1418 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1419 					chan->dfs_state))
1420 				goto nla_put_failure;
1421 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1422 					time))
1423 				goto nla_put_failure;
1424 			if (nla_put_u32(msg,
1425 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1426 					chan->dfs_cac_ms))
1427 				goto nla_put_failure;
1428 		}
1429 	}
1430 
1431 	if (large) {
1432 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1433 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1434 			goto nla_put_failure;
1435 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1436 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1437 			goto nla_put_failure;
1438 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1439 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1440 			goto nla_put_failure;
1441 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1442 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1443 			goto nla_put_failure;
1444 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1445 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1446 			goto nla_put_failure;
1447 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1448 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1449 			goto nla_put_failure;
1450 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1451 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1452 			goto nla_put_failure;
1453 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1454 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1455 			goto nla_put_failure;
1456 		if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1457 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1458 			goto nla_put_failure;
1459 		if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1460 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1461 			goto nla_put_failure;
1462 		if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1463 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1464 			goto nla_put_failure;
1465 		if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1466 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1467 			goto nla_put_failure;
1468 		if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1469 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1470 			goto nla_put_failure;
1471 		if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1472 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1473 			goto nla_put_failure;
1474 		if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) &&
1475 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR))
1476 			goto nla_put_failure;
1477 		if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) &&
1478 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP))
1479 			goto nla_put_failure;
1480 		if ((chan->flags & IEEE80211_CHAN_ALLOW_20MHZ_ACTIVITY) &&
1481 		    nla_put_flag(msg,
1482 				 NL80211_FREQUENCY_ATTR_ALLOW_20MHZ_ACTIVITY))
1483 			goto nla_put_failure;
1484 		if ((chan->flags & IEEE80211_CHAN_NO_4MHZ) &&
1485 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_4MHZ))
1486 			goto nla_put_failure;
1487 		if ((chan->flags & IEEE80211_CHAN_NO_8MHZ) &&
1488 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_8MHZ))
1489 			goto nla_put_failure;
1490 		if ((chan->flags & IEEE80211_CHAN_NO_16MHZ) &&
1491 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_16MHZ))
1492 			goto nla_put_failure;
1493 		if ((chan->flags & IEEE80211_CHAN_S1G_NO_PRIMARY) &&
1494 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_S1G_NO_PRIMARY))
1495 			goto nla_put_failure;
1496 		if ((chan->flags & IEEE80211_CHAN_NO_UHR) &&
1497 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_UHR))
1498 			goto nla_put_failure;
1499 		if (chan->cac_start_time &&
1500 		    nla_put_u64_64bit(msg,
1501 				      NL80211_FREQUENCY_ATTR_CAC_START_TIME,
1502 				      chan->cac_start_time,
1503 				      NL80211_FREQUENCY_ATTR_PAD))
1504 			goto nla_put_failure;
1505 	}
1506 
1507 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1508 			DBM_TO_MBM(chan->max_power)))
1509 		goto nla_put_failure;
1510 
1511 	if (large) {
1512 		const struct ieee80211_reg_rule *rule =
1513 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1514 
1515 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1516 			if (nl80211_msg_put_wmm_rules(msg, rule))
1517 				goto nla_put_failure;
1518 		}
1519 	}
1520 
1521 	return 0;
1522 
1523  nla_put_failure:
1524 	return -ENOBUFS;
1525 }
1526 
1527 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1528 				  struct cfg80211_txq_stats *txqstats,
1529 				  int attrtype)
1530 {
1531 	struct nlattr *txqattr;
1532 
1533 #define PUT_TXQVAL_U32(attr, memb) do {					  \
1534 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
1535 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1536 		return false;						  \
1537 	} while (0)
1538 
1539 	txqattr = nla_nest_start_noflag(msg, attrtype);
1540 	if (!txqattr)
1541 		return false;
1542 
1543 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1544 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1545 	PUT_TXQVAL_U32(FLOWS, flows);
1546 	PUT_TXQVAL_U32(DROPS, drops);
1547 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1548 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1549 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1550 	PUT_TXQVAL_U32(COLLISIONS, collisions);
1551 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1552 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1553 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1554 	nla_nest_end(msg, txqattr);
1555 
1556 #undef PUT_TXQVAL_U32
1557 	return true;
1558 }
1559 
1560 /* netlink command implementations */
1561 
1562 /**
1563  * nl80211_link_id - return link ID
1564  * @attrs: attributes to look at
1565  *
1566  * Returns: the link ID or 0 if not given
1567  *
1568  * Note this function doesn't do any validation of the link
1569  * ID validity wrt. links that were actually added, so it must
1570  * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1571  * or if additional validation is done.
1572  */
1573 static unsigned int nl80211_link_id(struct nlattr **attrs)
1574 {
1575 	struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1576 
1577 	return nla_get_u8_default(linkid, 0);
1578 }
1579 
1580 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1581 {
1582 	struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1583 
1584 	if (!linkid)
1585 		return -1;
1586 
1587 	return nla_get_u8(linkid);
1588 }
1589 
1590 struct key_parse {
1591 	struct key_params p;
1592 	int idx;
1593 	int type;
1594 	bool def, defmgmt, defbeacon;
1595 	bool def_uni, def_multi;
1596 };
1597 
1598 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1599 				 struct key_parse *k)
1600 {
1601 	struct nlattr *tb[NL80211_KEY_MAX + 1];
1602 	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1603 					      nl80211_key_policy,
1604 					      info->extack);
1605 	if (err)
1606 		return err;
1607 
1608 	k->def = !!tb[NL80211_KEY_DEFAULT];
1609 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1610 	k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1611 
1612 	if (k->def) {
1613 		k->def_uni = true;
1614 		k->def_multi = true;
1615 	}
1616 	if (k->defmgmt || k->defbeacon)
1617 		k->def_multi = true;
1618 
1619 	if (tb[NL80211_KEY_IDX])
1620 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1621 
1622 	if (tb[NL80211_KEY_DATA]) {
1623 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1624 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1625 	}
1626 
1627 	if (tb[NL80211_KEY_SEQ]) {
1628 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1629 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1630 	}
1631 
1632 	if (tb[NL80211_KEY_CIPHER])
1633 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1634 
1635 	if (tb[NL80211_KEY_TYPE])
1636 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1637 
1638 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1639 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1640 
1641 		err = nla_parse_nested_deprecated(kdt,
1642 						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1643 						  tb[NL80211_KEY_DEFAULT_TYPES],
1644 						  nl80211_key_default_policy,
1645 						  info->extack);
1646 		if (err)
1647 			return err;
1648 
1649 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1650 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1651 	}
1652 
1653 	if (tb[NL80211_KEY_MODE])
1654 		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1655 
1656 	if (tb[NL80211_KEY_LTF_SEED]) {
1657 		k->p.ltf_keyseed = nla_data(tb[NL80211_KEY_LTF_SEED]);
1658 		k->p.ltf_keyseed_len = nla_len(tb[NL80211_KEY_LTF_SEED]);
1659 	}
1660 
1661 	return 0;
1662 }
1663 
1664 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1665 {
1666 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1667 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1668 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1669 	}
1670 
1671 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1672 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1673 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1674 	}
1675 
1676 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1677 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1678 
1679 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1680 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1681 
1682 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1683 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1684 
1685 	if (k->def) {
1686 		k->def_uni = true;
1687 		k->def_multi = true;
1688 	}
1689 	if (k->defmgmt)
1690 		k->def_multi = true;
1691 
1692 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1693 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1694 
1695 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1696 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1697 		int err = nla_parse_nested_deprecated(kdt,
1698 						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1699 						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1700 						      nl80211_key_default_policy,
1701 						      info->extack);
1702 		if (err)
1703 			return err;
1704 
1705 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1706 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1707 	}
1708 
1709 	return 0;
1710 }
1711 
1712 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1713 {
1714 	int err;
1715 
1716 	memset(k, 0, sizeof(*k));
1717 	k->idx = -1;
1718 	k->type = -1;
1719 
1720 	if (info->attrs[NL80211_ATTR_KEY])
1721 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1722 	else
1723 		err = nl80211_parse_key_old(info, k);
1724 
1725 	if (err)
1726 		return err;
1727 
1728 	if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1729 	    (k->defbeacon ? 1 : 0) > 1) {
1730 		GENL_SET_ERR_MSG(info,
1731 				 "key with multiple default flags is invalid");
1732 		return -EINVAL;
1733 	}
1734 
1735 	if (k->defmgmt || k->defbeacon) {
1736 		if (k->def_uni || !k->def_multi) {
1737 			GENL_SET_ERR_MSG(info,
1738 					 "defmgmt/defbeacon key must be mcast");
1739 			return -EINVAL;
1740 		}
1741 	}
1742 
1743 	if (k->idx != -1) {
1744 		if (k->defmgmt) {
1745 			if (k->idx < 4 || k->idx > 5) {
1746 				GENL_SET_ERR_MSG(info,
1747 						 "defmgmt key idx not 4 or 5");
1748 				return -EINVAL;
1749 			}
1750 		} else if (k->defbeacon) {
1751 			if (k->idx < 6 || k->idx > 7) {
1752 				GENL_SET_ERR_MSG(info,
1753 						 "defbeacon key idx not 6 or 7");
1754 				return -EINVAL;
1755 			}
1756 		} else if (k->def) {
1757 			if (k->idx < 0 || k->idx > 3) {
1758 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1759 				return -EINVAL;
1760 			}
1761 		} else {
1762 			if (k->idx < 0 || k->idx > 7) {
1763 				GENL_SET_ERR_MSG(info, "key idx not 0-7");
1764 				return -EINVAL;
1765 			}
1766 		}
1767 	}
1768 
1769 	return 0;
1770 }
1771 
1772 static struct cfg80211_cached_keys *
1773 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1774 		       struct wireless_dev *wdev,
1775 		       struct genl_info *info, bool *no_ht)
1776 {
1777 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1778 	struct key_parse parse;
1779 	struct nlattr *key;
1780 	struct cfg80211_cached_keys *result;
1781 	int rem, err, def = 0;
1782 	bool have_key = false;
1783 
1784 	nla_for_each_nested(key, keys, rem) {
1785 		have_key = true;
1786 		break;
1787 	}
1788 
1789 	if (!have_key)
1790 		return NULL;
1791 
1792 	result = kzalloc_obj(*result);
1793 	if (!result)
1794 		return ERR_PTR(-ENOMEM);
1795 
1796 	result->def = -1;
1797 
1798 	nla_for_each_nested(key, keys, rem) {
1799 		memset(&parse, 0, sizeof(parse));
1800 		parse.idx = -1;
1801 
1802 		err = nl80211_parse_key_new(info, key, &parse);
1803 		if (err)
1804 			goto error;
1805 		err = -EINVAL;
1806 		if (!parse.p.key)
1807 			goto error;
1808 		if (parse.idx < 0 || parse.idx > 3) {
1809 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1810 			goto error;
1811 		}
1812 		if (parse.def) {
1813 			if (def) {
1814 				GENL_SET_ERR_MSG(info,
1815 						 "only one key can be default");
1816 				goto error;
1817 			}
1818 			def = 1;
1819 			result->def = parse.idx;
1820 			if (!parse.def_uni || !parse.def_multi)
1821 				goto error;
1822 		} else if (parse.defmgmt)
1823 			goto error;
1824 		err = cfg80211_validate_key_settings(rdev, wdev, &parse.p,
1825 						     parse.idx, false, NULL);
1826 		if (err)
1827 			goto error;
1828 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1829 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1830 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1831 			err = -EINVAL;
1832 			goto error;
1833 		}
1834 		result->params[parse.idx].cipher = parse.p.cipher;
1835 		result->params[parse.idx].key_len = parse.p.key_len;
1836 		result->params[parse.idx].key = result->data[parse.idx];
1837 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1838 
1839 		/* must be WEP key if we got here */
1840 		if (no_ht)
1841 			*no_ht = true;
1842 	}
1843 
1844 	if (result->def < 0) {
1845 		err = -EINVAL;
1846 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1847 		goto error;
1848 	}
1849 
1850 	return result;
1851  error:
1852 	kfree_sensitive(result);
1853 	return ERR_PTR(err);
1854 }
1855 
1856 static int nl80211_key_allowed(struct wireless_dev *wdev)
1857 {
1858 	lockdep_assert_wiphy(wdev->wiphy);
1859 
1860 	switch (wdev->iftype) {
1861 	case NL80211_IFTYPE_AP:
1862 	case NL80211_IFTYPE_AP_VLAN:
1863 	case NL80211_IFTYPE_P2P_GO:
1864 	case NL80211_IFTYPE_MESH_POINT:
1865 		break;
1866 	case NL80211_IFTYPE_ADHOC:
1867 		if (wdev->u.ibss.current_bss)
1868 			return 0;
1869 		return -ENOLINK;
1870 	case NL80211_IFTYPE_STATION:
1871 	case NL80211_IFTYPE_P2P_CLIENT:
1872 		if (wdev->connected ||
1873 		    (wiphy_ext_feature_isset(wdev->wiphy,
1874 					     NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION)))
1875 			return 0;
1876 		return -ENOLINK;
1877 	case NL80211_IFTYPE_NAN:
1878 	case NL80211_IFTYPE_NAN_DATA:
1879 		if (wiphy_ext_feature_isset(wdev->wiphy,
1880 					    NL80211_EXT_FEATURE_SECURE_NAN))
1881 			return 0;
1882 		return -EINVAL;
1883 	case NL80211_IFTYPE_PD:
1884 		if (wiphy_ext_feature_isset(wdev->wiphy,
1885 					    NL80211_EXT_FEATURE_SECURE_RTT))
1886 			return 0;
1887 		return -EINVAL;
1888 	case NL80211_IFTYPE_UNSPECIFIED:
1889 	case NL80211_IFTYPE_OCB:
1890 	case NL80211_IFTYPE_MONITOR:
1891 	case NL80211_IFTYPE_P2P_DEVICE:
1892 	case NL80211_IFTYPE_WDS:
1893 	case NUM_NL80211_IFTYPES:
1894 		return -EINVAL;
1895 	}
1896 
1897 	return 0;
1898 }
1899 
1900 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1901 							u32 freq)
1902 {
1903 	struct ieee80211_channel *chan;
1904 
1905 	chan = ieee80211_get_channel_khz(wiphy, freq);
1906 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1907 		return NULL;
1908 	return chan;
1909 }
1910 
1911 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1912 {
1913 	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1914 	int i;
1915 
1916 	if (!nl_modes)
1917 		goto nla_put_failure;
1918 
1919 	i = 0;
1920 	while (ifmodes) {
1921 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1922 			goto nla_put_failure;
1923 		ifmodes >>= 1;
1924 		i++;
1925 	}
1926 
1927 	nla_nest_end(msg, nl_modes);
1928 	return 0;
1929 
1930 nla_put_failure:
1931 	return -ENOBUFS;
1932 }
1933 
1934 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx,
1935 				   const struct ieee80211_iface_combination *c,
1936 				   u16 nested)
1937 {
1938 	struct nlattr *nl_combi, *nl_limits;
1939 	int i;
1940 
1941 	nl_combi = nla_nest_start_noflag(msg, idx | nested);
1942 	if (!nl_combi)
1943 		goto nla_put_failure;
1944 
1945 	nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS |
1946 					       nested);
1947 	if (!nl_limits)
1948 		goto nla_put_failure;
1949 
1950 	for (i = 0; i < c->n_limits; i++) {
1951 		struct nlattr *nl_limit;
1952 
1953 		nl_limit = nla_nest_start_noflag(msg, i + 1);
1954 		if (!nl_limit)
1955 			goto nla_put_failure;
1956 		if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max))
1957 			goto nla_put_failure;
1958 		if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1959 					c->limits[i].types))
1960 			goto nla_put_failure;
1961 		nla_nest_end(msg, nl_limit);
1962 	}
1963 
1964 	nla_nest_end(msg, nl_limits);
1965 
1966 	if (c->beacon_int_infra_match &&
1967 	    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1968 		goto nla_put_failure;
1969 	if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1970 			c->num_different_channels) ||
1971 	    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1972 			c->max_interfaces))
1973 		goto nla_put_failure;
1974 	if (large &&
1975 	    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1976 			c->radar_detect_widths) ||
1977 	     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1978 			c->radar_detect_regions)))
1979 		goto nla_put_failure;
1980 	if (c->beacon_int_min_gcd &&
1981 	    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1982 			c->beacon_int_min_gcd))
1983 		goto nla_put_failure;
1984 
1985 	nla_nest_end(msg, nl_combi);
1986 
1987 	return 0;
1988 nla_put_failure:
1989 	return -ENOBUFS;
1990 }
1991 
1992 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1993 					  struct sk_buff *msg,
1994 					  int attr, int radio,
1995 					  bool large, u16 nested)
1996 {
1997 	const struct ieee80211_iface_combination *c;
1998 	struct nlattr *nl_combis;
1999 	int i, n;
2000 
2001 	nl_combis = nla_nest_start_noflag(msg, attr | nested);
2002 	if (!nl_combis)
2003 		goto nla_put_failure;
2004 
2005 	if (radio >= 0) {
2006 		c = wiphy->radio[0].iface_combinations;
2007 		n = wiphy->radio[0].n_iface_combinations;
2008 	} else {
2009 		c = wiphy->iface_combinations;
2010 		n = wiphy->n_iface_combinations;
2011 	}
2012 	for (i = 0; i < n; i++)
2013 		if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested))
2014 			goto nla_put_failure;
2015 
2016 	nla_nest_end(msg, nl_combis);
2017 
2018 	return 0;
2019 nla_put_failure:
2020 	return -ENOBUFS;
2021 }
2022 
2023 #ifdef CONFIG_PM
2024 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
2025 					struct sk_buff *msg)
2026 {
2027 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
2028 	struct nlattr *nl_tcp;
2029 
2030 	if (!tcp)
2031 		return 0;
2032 
2033 	nl_tcp = nla_nest_start_noflag(msg,
2034 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
2035 	if (!nl_tcp)
2036 		return -ENOBUFS;
2037 
2038 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
2039 			tcp->data_payload_max))
2040 		return -ENOBUFS;
2041 
2042 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
2043 			tcp->data_payload_max))
2044 		return -ENOBUFS;
2045 
2046 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
2047 		return -ENOBUFS;
2048 
2049 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
2050 				sizeof(*tcp->tok), tcp->tok))
2051 		return -ENOBUFS;
2052 
2053 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
2054 			tcp->data_interval_max))
2055 		return -ENOBUFS;
2056 
2057 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
2058 			tcp->wake_payload_max))
2059 		return -ENOBUFS;
2060 
2061 	nla_nest_end(msg, nl_tcp);
2062 	return 0;
2063 }
2064 
2065 static int nl80211_send_wowlan(struct sk_buff *msg,
2066 			       struct cfg80211_registered_device *rdev,
2067 			       bool large)
2068 {
2069 	struct nlattr *nl_wowlan;
2070 
2071 	if (!rdev->wiphy.wowlan)
2072 		return 0;
2073 
2074 	nl_wowlan = nla_nest_start_noflag(msg,
2075 					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
2076 	if (!nl_wowlan)
2077 		return -ENOBUFS;
2078 
2079 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
2080 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
2081 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
2082 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
2083 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
2084 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
2085 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
2086 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
2087 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
2088 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
2089 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
2090 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
2091 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
2092 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
2093 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
2094 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
2095 		return -ENOBUFS;
2096 
2097 	if (rdev->wiphy.wowlan->n_patterns) {
2098 		struct nl80211_pattern_support pat = {
2099 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
2100 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
2101 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
2102 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
2103 		};
2104 
2105 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
2106 			    sizeof(pat), &pat))
2107 			return -ENOBUFS;
2108 	}
2109 
2110 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
2111 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
2112 			rdev->wiphy.wowlan->max_nd_match_sets))
2113 		return -ENOBUFS;
2114 
2115 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
2116 		return -ENOBUFS;
2117 
2118 	nla_nest_end(msg, nl_wowlan);
2119 
2120 	return 0;
2121 }
2122 #endif
2123 
2124 static int nl80211_send_coalesce(struct sk_buff *msg,
2125 				 struct cfg80211_registered_device *rdev)
2126 {
2127 	struct nl80211_coalesce_rule_support rule;
2128 
2129 	if (!rdev->wiphy.coalesce)
2130 		return 0;
2131 
2132 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
2133 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
2134 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
2135 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
2136 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
2137 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
2138 
2139 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
2140 		return -ENOBUFS;
2141 
2142 	return 0;
2143 }
2144 
2145 static int
2146 nl80211_send_iftype_data(struct sk_buff *msg,
2147 			 const struct ieee80211_supported_band *sband,
2148 			 const struct ieee80211_sband_iftype_data *iftdata)
2149 {
2150 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
2151 	const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
2152 	const struct ieee80211_sta_uhr_cap *uhr_cap = &iftdata->uhr_cap;
2153 
2154 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
2155 				iftdata->types_mask))
2156 		return -ENOBUFS;
2157 
2158 	if (he_cap->has_he) {
2159 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
2160 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
2161 			    he_cap->he_cap_elem.mac_cap_info) ||
2162 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
2163 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
2164 			    he_cap->he_cap_elem.phy_cap_info) ||
2165 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
2166 			    sizeof(he_cap->he_mcs_nss_supp),
2167 			    &he_cap->he_mcs_nss_supp) ||
2168 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
2169 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
2170 			return -ENOBUFS;
2171 	}
2172 
2173 	if (eht_cap->has_eht && he_cap->has_he) {
2174 		u8 mcs_nss_size, ppe_thresh_size;
2175 		u16 ppe_thres_hdr;
2176 		bool is_ap;
2177 
2178 		is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
2179 			iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
2180 
2181 		mcs_nss_size =
2182 			ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
2183 						   &eht_cap->eht_cap_elem,
2184 						   is_ap);
2185 
2186 		ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
2187 		ppe_thresh_size =
2188 			ieee80211_eht_ppe_size(ppe_thres_hdr,
2189 					       eht_cap->eht_cap_elem.phy_cap_info);
2190 
2191 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
2192 			    sizeof(eht_cap->eht_cap_elem.mac_cap_info),
2193 			    eht_cap->eht_cap_elem.mac_cap_info) ||
2194 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
2195 			    sizeof(eht_cap->eht_cap_elem.phy_cap_info),
2196 			    eht_cap->eht_cap_elem.phy_cap_info) ||
2197 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
2198 			    mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
2199 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
2200 			    ppe_thresh_size, eht_cap->eht_ppe_thres))
2201 			return -ENOBUFS;
2202 	}
2203 
2204 	if (uhr_cap->has_uhr) {
2205 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_UHR_CAP_MAC,
2206 			    sizeof(uhr_cap->mac), &uhr_cap->mac) ||
2207 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_UHR_CAP_PHY,
2208 			    sizeof(uhr_cap->phy), &uhr_cap->phy))
2209 			return -ENOBUFS;
2210 	}
2211 
2212 	if (sband->band == NL80211_BAND_6GHZ &&
2213 	    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
2214 		    sizeof(iftdata->he_6ghz_capa),
2215 		    &iftdata->he_6ghz_capa))
2216 		return -ENOBUFS;
2217 
2218 	if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
2219 	    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
2220 		    iftdata->vendor_elems.len, iftdata->vendor_elems.data))
2221 		return -ENOBUFS;
2222 
2223 	return 0;
2224 }
2225 
2226 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
2227 				      struct ieee80211_supported_band *sband,
2228 				      bool large)
2229 {
2230 	struct nlattr *nl_rates, *nl_rate;
2231 	struct ieee80211_rate *rate;
2232 	int i;
2233 
2234 	/* add HT info */
2235 	if (sband->ht_cap.ht_supported &&
2236 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
2237 		     sizeof(sband->ht_cap.mcs),
2238 		     &sband->ht_cap.mcs) ||
2239 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
2240 			 sband->ht_cap.cap) ||
2241 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
2242 			sband->ht_cap.ampdu_factor) ||
2243 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
2244 			sband->ht_cap.ampdu_density)))
2245 		return -ENOBUFS;
2246 
2247 	/* add VHT info */
2248 	if (sband->vht_cap.vht_supported &&
2249 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
2250 		     sizeof(sband->vht_cap.vht_mcs),
2251 		     &sband->vht_cap.vht_mcs) ||
2252 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
2253 			 sband->vht_cap.cap)))
2254 		return -ENOBUFS;
2255 
2256 	if (large && sband->n_iftype_data) {
2257 		struct nlattr *nl_iftype_data =
2258 			nla_nest_start_noflag(msg,
2259 					      NL80211_BAND_ATTR_IFTYPE_DATA);
2260 		const struct ieee80211_sband_iftype_data *iftd;
2261 		int err;
2262 
2263 		if (!nl_iftype_data)
2264 			return -ENOBUFS;
2265 
2266 		for_each_sband_iftype_data(sband, i, iftd) {
2267 			struct nlattr *iftdata;
2268 
2269 			iftdata = nla_nest_start_noflag(msg, i + 1);
2270 			if (!iftdata)
2271 				return -ENOBUFS;
2272 
2273 			err = nl80211_send_iftype_data(msg, sband, iftd);
2274 			if (err)
2275 				return err;
2276 
2277 			nla_nest_end(msg, iftdata);
2278 		}
2279 
2280 		nla_nest_end(msg, nl_iftype_data);
2281 	}
2282 
2283 	/* add EDMG info */
2284 	if (large && sband->edmg_cap.channels &&
2285 	    (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
2286 		       sband->edmg_cap.channels) ||
2287 	    nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
2288 		       sband->edmg_cap.bw_config)))
2289 
2290 		return -ENOBUFS;
2291 
2292 	/* add bitrates */
2293 	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
2294 	if (!nl_rates)
2295 		return -ENOBUFS;
2296 
2297 	for (i = 0; i < sband->n_bitrates; i++) {
2298 		nl_rate = nla_nest_start_noflag(msg, i);
2299 		if (!nl_rate)
2300 			return -ENOBUFS;
2301 
2302 		rate = &sband->bitrates[i];
2303 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
2304 				rate->bitrate))
2305 			return -ENOBUFS;
2306 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
2307 		    nla_put_flag(msg,
2308 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
2309 			return -ENOBUFS;
2310 
2311 		nla_nest_end(msg, nl_rate);
2312 	}
2313 
2314 	nla_nest_end(msg, nl_rates);
2315 
2316 	/* S1G capabilities */
2317 	if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
2318 	    (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
2319 		     sizeof(sband->s1g_cap.cap),
2320 		     sband->s1g_cap.cap) ||
2321 	     nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
2322 		     sizeof(sband->s1g_cap.nss_mcs),
2323 		     sband->s1g_cap.nss_mcs)))
2324 		return -ENOBUFS;
2325 
2326 	return 0;
2327 }
2328 
2329 static int
2330 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2331 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
2332 {
2333 	u16 stypes;
2334 	struct nlattr *nl_ftypes, *nl_ifs;
2335 	enum nl80211_iftype ift;
2336 	int i;
2337 
2338 	if (!mgmt_stypes)
2339 		return 0;
2340 
2341 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2342 	if (!nl_ifs)
2343 		return -ENOBUFS;
2344 
2345 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2346 		nl_ftypes = nla_nest_start_noflag(msg, ift);
2347 		if (!nl_ftypes)
2348 			return -ENOBUFS;
2349 		i = 0;
2350 		stypes = mgmt_stypes[ift].tx;
2351 		while (stypes) {
2352 			if ((stypes & 1) &&
2353 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2354 					(i << 4) | IEEE80211_FTYPE_MGMT))
2355 				return -ENOBUFS;
2356 			stypes >>= 1;
2357 			i++;
2358 		}
2359 		nla_nest_end(msg, nl_ftypes);
2360 	}
2361 
2362 	nla_nest_end(msg, nl_ifs);
2363 
2364 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2365 	if (!nl_ifs)
2366 		return -ENOBUFS;
2367 
2368 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2369 		nl_ftypes = nla_nest_start_noflag(msg, ift);
2370 		if (!nl_ftypes)
2371 			return -ENOBUFS;
2372 		i = 0;
2373 		stypes = mgmt_stypes[ift].rx;
2374 		while (stypes) {
2375 			if ((stypes & 1) &&
2376 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2377 					(i << 4) | IEEE80211_FTYPE_MGMT))
2378 				return -ENOBUFS;
2379 			stypes >>= 1;
2380 			i++;
2381 		}
2382 		nla_nest_end(msg, nl_ftypes);
2383 	}
2384 	nla_nest_end(msg, nl_ifs);
2385 
2386 	return 0;
2387 }
2388 
2389 #define CMD(op, n)							\
2390 	 do {								\
2391 		if (rdev->ops->op) {					\
2392 			i++;						\
2393 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
2394 				goto nla_put_failure;			\
2395 		}							\
2396 	} while (0)
2397 
2398 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2399 					struct sk_buff *msg)
2400 {
2401 	int i = 0;
2402 
2403 	/*
2404 	 * do *NOT* add anything into this function, new things need to be
2405 	 * advertised only to new versions of userspace that can deal with
2406 	 * the split (and they can't possibly care about new features...
2407 	 */
2408 	CMD(add_virtual_intf, NEW_INTERFACE);
2409 	CMD(change_virtual_intf, SET_INTERFACE);
2410 	CMD(add_key, NEW_KEY);
2411 	CMD(start_ap, START_AP);
2412 	CMD(add_station, NEW_STATION);
2413 	CMD(add_mpath, NEW_MPATH);
2414 	CMD(update_mesh_config, SET_MESH_CONFIG);
2415 	CMD(change_bss, SET_BSS);
2416 	CMD(auth, AUTHENTICATE);
2417 	CMD(assoc, ASSOCIATE);
2418 	CMD(deauth, DEAUTHENTICATE);
2419 	CMD(disassoc, DISASSOCIATE);
2420 	CMD(join_ibss, JOIN_IBSS);
2421 	CMD(join_mesh, JOIN_MESH);
2422 	CMD(set_pmksa, SET_PMKSA);
2423 	CMD(del_pmksa, DEL_PMKSA);
2424 	CMD(flush_pmksa, FLUSH_PMKSA);
2425 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2426 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2427 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2428 	CMD(mgmt_tx, FRAME);
2429 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2430 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2431 		i++;
2432 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2433 			goto nla_put_failure;
2434 	}
2435 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2436 	    rdev->ops->join_mesh) {
2437 		i++;
2438 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2439 			goto nla_put_failure;
2440 	}
2441 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2442 		CMD(tdls_mgmt, TDLS_MGMT);
2443 		CMD(tdls_oper, TDLS_OPER);
2444 	}
2445 	if (rdev->wiphy.max_sched_scan_reqs)
2446 		CMD(sched_scan_start, START_SCHED_SCAN);
2447 	CMD(probe_client, PROBE_CLIENT);
2448 	CMD(set_noack_map, SET_NOACK_MAP);
2449 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2450 		i++;
2451 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2452 			goto nla_put_failure;
2453 	}
2454 	CMD(start_p2p_device, START_P2P_DEVICE);
2455 	CMD(set_mcast_rate, SET_MCAST_RATE);
2456 #ifdef CONFIG_NL80211_TESTMODE
2457 	CMD(testmode_cmd, TESTMODE);
2458 #endif
2459 
2460 	if (rdev->ops->connect || rdev->ops->auth) {
2461 		i++;
2462 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2463 			goto nla_put_failure;
2464 	}
2465 
2466 	if (rdev->ops->disconnect || rdev->ops->deauth) {
2467 		i++;
2468 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2469 			goto nla_put_failure;
2470 	}
2471 
2472 	return i;
2473  nla_put_failure:
2474 	return -ENOBUFS;
2475 }
2476 
2477 static int
2478 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2479 			   struct sk_buff *msg)
2480 {
2481 	struct nlattr *ftm;
2482 
2483 	if (!cap->ftm.supported)
2484 		return 0;
2485 
2486 	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2487 	if (!ftm)
2488 		return -ENOBUFS;
2489 
2490 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2491 		return -ENOBUFS;
2492 	if (cap->ftm.non_asap &&
2493 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2494 		return -ENOBUFS;
2495 	if (cap->ftm.request_lci &&
2496 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2497 		return -ENOBUFS;
2498 	if (cap->ftm.request_civicloc &&
2499 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2500 		return -ENOBUFS;
2501 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2502 			cap->ftm.preambles))
2503 		return -ENOBUFS;
2504 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2505 			cap->ftm.bandwidths))
2506 		return -ENOBUFS;
2507 	if (cap->ftm.max_bursts_exponent >= 0 &&
2508 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2509 			cap->ftm.max_bursts_exponent))
2510 		return -ENOBUFS;
2511 	if (cap->ftm.max_ftms_per_burst &&
2512 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2513 			cap->ftm.max_ftms_per_burst))
2514 		return -ENOBUFS;
2515 	if (cap->ftm.trigger_based &&
2516 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2517 		return -ENOBUFS;
2518 	if (cap->ftm.non_trigger_based &&
2519 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2520 		return -ENOBUFS;
2521 	if (cap->ftm.support_6ghz &&
2522 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_6GHZ_SUPPORT))
2523 		return -ENOBUFS;
2524 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TX_LTF_REP,
2525 			cap->ftm.max_tx_ltf_rep))
2526 		return -ENOBUFS;
2527 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_RX_LTF_REP,
2528 			cap->ftm.max_rx_ltf_rep))
2529 		return -ENOBUFS;
2530 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TX_STS,
2531 			cap->ftm.max_tx_sts))
2532 		return -ENOBUFS;
2533 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_RX_STS,
2534 			cap->ftm.max_rx_sts))
2535 		return -ENOBUFS;
2536 	if (cap->ftm.max_total_ltf_tx > 0 &&
2537 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TOTAL_LTF_TX,
2538 			cap->ftm.max_total_ltf_tx))
2539 		return -ENOBUFS;
2540 	if (cap->ftm.max_total_ltf_rx > 0 &&
2541 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TOTAL_LTF_RX,
2542 			cap->ftm.max_total_ltf_rx))
2543 		return -ENOBUFS;
2544 
2545 	if (cap->ftm.ista.support_ntb || cap->ftm.ista.support_tb ||
2546 	    cap->ftm.ista.support_edca) {
2547 		struct nlattr *ista_caps;
2548 
2549 		ista_caps = nla_nest_start_noflag(msg,
2550 						  NL80211_PMSR_FTM_CAPA_ATTR_ISTA_CAPS);
2551 		if (!ista_caps)
2552 			return -ENOBUFS;
2553 		if (cap->ftm.ista.support_ntb &&
2554 		    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_SUPPORT_NTB))
2555 			return -ENOBUFS;
2556 		if (cap->ftm.ista.support_tb &&
2557 		    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_SUPPORT_TB))
2558 			return -ENOBUFS;
2559 		if (cap->ftm.ista.support_edca &&
2560 		    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_SUPPORT_EDCA))
2561 			return -ENOBUFS;
2562 		if (cap->ftm.ista.max_peers &&
2563 		    nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEER_ISTA_ROLE,
2564 				cap->ftm.ista.max_peers))
2565 			return -ENOBUFS;
2566 		nla_nest_end(msg, ista_caps);
2567 	}
2568 
2569 	if (cap->ftm.rsta.support_ntb || cap->ftm.rsta.support_tb ||
2570 	    cap->ftm.rsta.support_edca) {
2571 		struct nlattr *rsta_caps;
2572 
2573 		/*
2574 		 * Set the generic RSTA_SUPPORT flag if any of the specific
2575 		 * ranging modes is supported to maintain the backward
2576 		 * compatibility.
2577 		 */
2578 		if (nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_RSTA_SUPPORT))
2579 			return -ENOBUFS;
2580 
2581 		rsta_caps = nla_nest_start_noflag(msg,
2582 						  NL80211_PMSR_FTM_CAPA_ATTR_RSTA_CAPS);
2583 		if (!rsta_caps)
2584 			return -ENOBUFS;
2585 		if (cap->ftm.rsta.support_ntb &&
2586 		    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_SUPPORT_NTB))
2587 			return -ENOBUFS;
2588 		if (cap->ftm.rsta.support_tb &&
2589 		    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_SUPPORT_TB))
2590 			return -ENOBUFS;
2591 		if (cap->ftm.rsta.support_edca &&
2592 		    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_SUPPORT_EDCA))
2593 			return -ENOBUFS;
2594 		if (cap->ftm.rsta.max_peers &&
2595 		    nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEER_RSTA_ROLE,
2596 				cap->ftm.rsta.max_peers))
2597 			return -ENOBUFS;
2598 		nla_nest_end(msg, rsta_caps);
2599 	}
2600 
2601 	if (cap->ftm.max_no_of_tx_antennas &&
2602 	    nla_put_u8(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_NUM_TX_ANTENNAS,
2603 		       cap->ftm.max_no_of_tx_antennas))
2604 		return -ENOBUFS;
2605 
2606 	if (cap->ftm.max_no_of_rx_antennas &&
2607 	    nla_put_u8(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_NUM_RX_ANTENNAS,
2608 		       cap->ftm.max_no_of_rx_antennas))
2609 		return -ENOBUFS;
2610 
2611 	if (cap->ftm.min_allowed_ranging_interval_edca &&
2612 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MIN_INTERVAL_EDCA,
2613 			cap->ftm.min_allowed_ranging_interval_edca))
2614 		return -ENOBUFS;
2615 
2616 	if (cap->ftm.min_allowed_ranging_interval_ntb &&
2617 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MIN_INTERVAL_NTB,
2618 			cap->ftm.min_allowed_ranging_interval_ntb))
2619 		return -ENOBUFS;
2620 
2621 	if (cap->ftm.type.infra_support || cap->ftm.type.pd_support) {
2622 		struct nlattr *pd_caps;
2623 
2624 		pd_caps = nla_nest_start_noflag(msg,
2625 						NL80211_PMSR_FTM_CAPA_ATTR_TYPE_CAPS);
2626 		if (!pd_caps)
2627 			return -ENOBUFS;
2628 
2629 		if (cap->ftm.type.infra_support &&
2630 		    nla_put_flag(msg, NL80211_PMSR_FTM_TYPE_CAPA_ATTR_INFRA_SUPPORT))
2631 			return -ENOBUFS;
2632 
2633 		if (cap->ftm.type.pd_support &&
2634 		    nla_put_flag(msg, NL80211_PMSR_FTM_TYPE_CAPA_ATTR_PD_SUPPORT))
2635 			return -ENOBUFS;
2636 
2637 		nla_nest_end(msg, pd_caps);
2638 	}
2639 
2640 	if (cap->ftm.concurrent_ista_rsta_support &&
2641 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_CONCURRENT_ISTA_RSTA_SUPPORT))
2642 		return -ENOBUFS;
2643 
2644 	if (cap->ftm.type.pd_support) {
2645 		if (cap->ftm.pd_preambles &&
2646 		    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PD_PREAMBLES,
2647 				cap->ftm.pd_preambles))
2648 			return -ENOBUFS;
2649 		if (cap->ftm.pd_bandwidths &&
2650 		    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PD_BANDWIDTHS,
2651 				cap->ftm.pd_bandwidths))
2652 			return -ENOBUFS;
2653 	}
2654 
2655 	nla_nest_end(msg, ftm);
2656 	return 0;
2657 }
2658 
2659 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2660 				  struct sk_buff *msg)
2661 {
2662 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2663 	struct nlattr *pmsr, *caps;
2664 
2665 	if (!cap)
2666 		return 0;
2667 
2668 	/*
2669 	 * we don't need to clean up anything here since the caller
2670 	 * will genlmsg_cancel() if we fail
2671 	 */
2672 
2673 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2674 	if (!pmsr)
2675 		return -ENOBUFS;
2676 
2677 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2678 		return -ENOBUFS;
2679 
2680 	if (cap->report_ap_tsf &&
2681 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2682 		return -ENOBUFS;
2683 
2684 	if (cap->randomize_mac_addr &&
2685 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2686 		return -ENOBUFS;
2687 
2688 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2689 	if (!caps)
2690 		return -ENOBUFS;
2691 
2692 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
2693 		return -ENOBUFS;
2694 
2695 	nla_nest_end(msg, caps);
2696 	nla_nest_end(msg, pmsr);
2697 
2698 	return 0;
2699 }
2700 
2701 static int
2702 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2703 			      struct sk_buff *msg)
2704 {
2705 	int i;
2706 	struct nlattr *nested, *nested_akms;
2707 	const struct wiphy_iftype_akm_suites *iftype_akms;
2708 
2709 	if (!rdev->wiphy.num_iftype_akm_suites ||
2710 	    !rdev->wiphy.iftype_akm_suites)
2711 		return 0;
2712 
2713 	nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2714 	if (!nested)
2715 		return -ENOBUFS;
2716 
2717 	for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2718 		nested_akms = nla_nest_start(msg, i + 1);
2719 		if (!nested_akms)
2720 			return -ENOBUFS;
2721 
2722 		iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2723 
2724 		if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2725 					iftype_akms->iftypes_mask))
2726 			return -ENOBUFS;
2727 
2728 		if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2729 			    sizeof(u32) * iftype_akms->n_akm_suites,
2730 			    iftype_akms->akm_suites)) {
2731 			return -ENOBUFS;
2732 		}
2733 		nla_nest_end(msg, nested_akms);
2734 	}
2735 
2736 	nla_nest_end(msg, nested);
2737 
2738 	return 0;
2739 }
2740 
2741 static int
2742 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2743 			       struct sk_buff *msg)
2744 {
2745 	struct nlattr *supp;
2746 
2747 	if (!rdev->wiphy.tid_config_support.vif &&
2748 	    !rdev->wiphy.tid_config_support.peer)
2749 		return 0;
2750 
2751 	supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2752 	if (!supp)
2753 		return -ENOSPC;
2754 
2755 	if (rdev->wiphy.tid_config_support.vif &&
2756 	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2757 			      rdev->wiphy.tid_config_support.vif,
2758 			      NL80211_TID_CONFIG_ATTR_PAD))
2759 		goto fail;
2760 
2761 	if (rdev->wiphy.tid_config_support.peer &&
2762 	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2763 			      rdev->wiphy.tid_config_support.peer,
2764 			      NL80211_TID_CONFIG_ATTR_PAD))
2765 		goto fail;
2766 
2767 	/* for now we just use the same value ... makes more sense */
2768 	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2769 		       rdev->wiphy.tid_config_support.max_retry))
2770 		goto fail;
2771 	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2772 		       rdev->wiphy.tid_config_support.max_retry))
2773 		goto fail;
2774 
2775 	nla_nest_end(msg, supp);
2776 
2777 	return 0;
2778 fail:
2779 	nla_nest_cancel(msg, supp);
2780 	return -ENOBUFS;
2781 }
2782 
2783 static int
2784 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2785 		      struct sk_buff *msg)
2786 {
2787 	struct nlattr *sar_capa, *specs, *sub_freq_range;
2788 	u8 num_freq_ranges;
2789 	int i;
2790 
2791 	if (!rdev->wiphy.sar_capa)
2792 		return 0;
2793 
2794 	num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2795 
2796 	sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2797 	if (!sar_capa)
2798 		return -ENOSPC;
2799 
2800 	if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2801 		goto fail;
2802 
2803 	specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2804 	if (!specs)
2805 		goto fail;
2806 
2807 	/* report supported freq_ranges */
2808 	for (i = 0; i < num_freq_ranges; i++) {
2809 		sub_freq_range = nla_nest_start(msg, i + 1);
2810 		if (!sub_freq_range)
2811 			goto fail;
2812 
2813 		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2814 				rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2815 			goto fail;
2816 
2817 		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2818 				rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2819 			goto fail;
2820 
2821 		nla_nest_end(msg, sub_freq_range);
2822 	}
2823 
2824 	nla_nest_end(msg, specs);
2825 	nla_nest_end(msg, sar_capa);
2826 
2827 	return 0;
2828 fail:
2829 	nla_nest_cancel(msg, sar_capa);
2830 	return -ENOBUFS;
2831 }
2832 
2833 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2834 {
2835 	struct nlattr *config;
2836 
2837 	if (!wiphy->mbssid_max_interfaces)
2838 		return 0;
2839 
2840 	config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2841 	if (!config)
2842 		return -ENOBUFS;
2843 
2844 	if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2845 		       wiphy->mbssid_max_interfaces))
2846 		goto fail;
2847 
2848 	if (wiphy->ema_max_profile_periodicity &&
2849 	    nla_put_u8(msg,
2850 		       NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2851 		       wiphy->ema_max_profile_periodicity))
2852 		goto fail;
2853 
2854 	nla_nest_end(msg, config);
2855 	return 0;
2856 
2857 fail:
2858 	nla_nest_cancel(msg, config);
2859 	return -ENOBUFS;
2860 }
2861 
2862 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx)
2863 {
2864 	const struct wiphy_radio *r = &wiphy->radio[idx];
2865 	const struct wiphy_radio_cfg *rcfg = &wiphy->radio_cfg[idx];
2866 	struct nlattr *radio, *freq;
2867 	int i;
2868 
2869 	radio = nla_nest_start(msg, idx);
2870 	if (!radio)
2871 		return -ENOBUFS;
2872 
2873 	if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx))
2874 		goto nla_put_failure;
2875 
2876 	if (rcfg->rts_threshold &&
2877 	    nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_RTS_THRESHOLD,
2878 			rcfg->rts_threshold))
2879 		goto nla_put_failure;
2880 
2881 	if (r->antenna_mask &&
2882 	    nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_ANTENNA_MASK,
2883 			r->antenna_mask))
2884 		goto nla_put_failure;
2885 
2886 	for (i = 0; i < r->n_freq_range; i++) {
2887 		const struct wiphy_radio_freq_range *range = &r->freq_range[i];
2888 
2889 		freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE);
2890 		if (!freq)
2891 			goto nla_put_failure;
2892 
2893 		if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START,
2894 				range->start_freq) ||
2895 		    nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END,
2896 				range->end_freq))
2897 			goto nla_put_failure;
2898 
2899 		nla_nest_end(msg, freq);
2900 	}
2901 
2902 	for (i = 0; i < r->n_iface_combinations; i++)
2903 		if (nl80211_put_ifcomb_data(msg, true,
2904 					    NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION,
2905 					    &r->iface_combinations[i],
2906 					    NLA_F_NESTED))
2907 			goto nla_put_failure;
2908 
2909 	nla_nest_end(msg, radio);
2910 
2911 	return 0;
2912 
2913 nla_put_failure:
2914 	return -ENOBUFS;
2915 }
2916 
2917 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg)
2918 {
2919 	struct nlattr *radios;
2920 	int i;
2921 
2922 	if (!wiphy->n_radio)
2923 		return 0;
2924 
2925 	radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS);
2926 	if (!radios)
2927 		return -ENOBUFS;
2928 
2929 	for (i = 0; i < wiphy->n_radio; i++)
2930 		if (nl80211_put_radio(wiphy, msg, i))
2931 			goto fail;
2932 
2933 	nla_nest_end(msg, radios);
2934 
2935 	if (nl80211_put_iface_combinations(wiphy, msg,
2936 					   NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS,
2937 					   -1, true, NLA_F_NESTED))
2938 		return -ENOBUFS;
2939 
2940 	return 0;
2941 
2942 fail:
2943 	nla_nest_cancel(msg, radios);
2944 	return -ENOBUFS;
2945 }
2946 
2947 static int nl80211_put_nan_phy_cap(struct wiphy *wiphy, struct sk_buff *msg)
2948 {
2949 	struct nlattr *nl_phy_cap;
2950 	const struct ieee80211_sta_ht_cap *ht_cap;
2951 	const struct ieee80211_sta_vht_cap *vht_cap;
2952 	const struct ieee80211_sta_he_cap *he_cap;
2953 
2954 	if (!cfg80211_iftype_allowed(wiphy, NL80211_IFTYPE_NAN_DATA, false, 0))
2955 		return 0;
2956 
2957 	ht_cap = &wiphy->nan_capa.phy.ht;
2958 	vht_cap = &wiphy->nan_capa.phy.vht;
2959 	he_cap = &wiphy->nan_capa.phy.he;
2960 
2961 	/* HT is mandatory */
2962 	if (WARN_ON(!ht_cap->ht_supported))
2963 		return 0;
2964 
2965 	nl_phy_cap = nla_nest_start_noflag(msg, NL80211_NAN_CAPA_PHY);
2966 	if (!nl_phy_cap)
2967 		return -ENOBUFS;
2968 
2969 	if (nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HT_MCS_SET,
2970 		    sizeof(ht_cap->mcs), &ht_cap->mcs) ||
2971 	    nla_put_u16(msg, NL80211_NAN_PHY_CAP_ATTR_HT_CAPA, ht_cap->cap) ||
2972 	    nla_put_u8(msg, NL80211_NAN_PHY_CAP_ATTR_HT_AMPDU_FACTOR,
2973 		       ht_cap->ampdu_factor) ||
2974 	    nla_put_u8(msg, NL80211_NAN_PHY_CAP_ATTR_HT_AMPDU_DENSITY,
2975 		       ht_cap->ampdu_density))
2976 		goto fail;
2977 
2978 	if (vht_cap->vht_supported) {
2979 		if (nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_VHT_MCS_SET,
2980 			    sizeof(vht_cap->vht_mcs), &vht_cap->vht_mcs) ||
2981 		    nla_put_u32(msg, NL80211_NAN_PHY_CAP_ATTR_VHT_CAPA,
2982 				vht_cap->cap))
2983 			goto fail;
2984 	}
2985 
2986 	if (he_cap->has_he) {
2987 		if (nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_MAC,
2988 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
2989 			    he_cap->he_cap_elem.mac_cap_info) ||
2990 		    nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_PHY,
2991 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
2992 			    he_cap->he_cap_elem.phy_cap_info) ||
2993 		    nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_MCS_SET,
2994 			    sizeof(he_cap->he_mcs_nss_supp),
2995 			    &he_cap->he_mcs_nss_supp) ||
2996 		    nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_PPE,
2997 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
2998 			goto fail;
2999 	}
3000 
3001 	nla_nest_end(msg, nl_phy_cap);
3002 	return 0;
3003 
3004 fail:
3005 	nla_nest_cancel(msg, nl_phy_cap);
3006 	return -ENOBUFS;
3007 }
3008 
3009 static int nl80211_put_nan_capa(struct wiphy *wiphy, struct sk_buff *msg)
3010 {
3011 	struct nlattr *nan_caps;
3012 
3013 	nan_caps = nla_nest_start(msg, NL80211_ATTR_NAN_CAPABILITIES);
3014 	if (!nan_caps)
3015 		return -ENOBUFS;
3016 
3017 	if (wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_CONFIGURABLE_SYNC &&
3018 	    nla_put_flag(msg, NL80211_NAN_CAPA_CONFIGURABLE_SYNC))
3019 		goto fail;
3020 
3021 	if ((wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE) &&
3022 	    nla_put_flag(msg, NL80211_NAN_CAPA_USERSPACE_DE))
3023 		goto fail;
3024 
3025 	if (nla_put_u8(msg, NL80211_NAN_CAPA_OP_MODE,
3026 		       wiphy->nan_capa.op_mode) ||
3027 	    nla_put_u8(msg, NL80211_NAN_CAPA_NUM_ANTENNAS,
3028 		       wiphy->nan_capa.n_antennas) ||
3029 	    nla_put_u16(msg, NL80211_NAN_CAPA_MAX_CHANNEL_SWITCH_TIME,
3030 			wiphy->nan_capa.max_channel_switch_time) ||
3031 	    nla_put_u8(msg, NL80211_NAN_CAPA_CAPABILITIES,
3032 		       wiphy->nan_capa.dev_capabilities))
3033 		goto fail;
3034 
3035 	if (nl80211_put_nan_phy_cap(wiphy, msg))
3036 		goto fail;
3037 
3038 	nla_nest_end(msg, nan_caps);
3039 
3040 	return 0;
3041 
3042 fail:
3043 	nla_nest_cancel(msg, nan_caps);
3044 	return -ENOBUFS;
3045 }
3046 
3047 struct nl80211_dump_wiphy_state {
3048 	s64 filter_wiphy;
3049 	long start;
3050 	long split_start, band_start, chan_start, capa_start;
3051 	bool split;
3052 };
3053 
3054 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
3055 			      enum nl80211_commands cmd,
3056 			      struct sk_buff *msg, u32 portid, u32 seq,
3057 			      int flags, struct nl80211_dump_wiphy_state *state)
3058 {
3059 	void *hdr;
3060 	struct nlattr *nl_bands, *nl_band;
3061 	struct nlattr *nl_freqs, *nl_freq;
3062 	struct nlattr *nl_cmds;
3063 	enum nl80211_band band;
3064 	struct ieee80211_channel *chan;
3065 	int i;
3066 	const struct ieee80211_txrx_stypes *mgmt_stypes =
3067 				rdev->wiphy.mgmt_stypes;
3068 	u32 features;
3069 
3070 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3071 	if (!hdr)
3072 		return -ENOBUFS;
3073 
3074 	if (WARN_ON(!state))
3075 		return -EINVAL;
3076 
3077 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3078 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
3079 			   wiphy_name(&rdev->wiphy)) ||
3080 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3081 			cfg80211_rdev_list_generation))
3082 		goto nla_put_failure;
3083 
3084 	if (cmd != NL80211_CMD_NEW_WIPHY)
3085 		goto finish;
3086 
3087 	switch (state->split_start) {
3088 	case 0:
3089 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
3090 			       rdev->wiphy.retry_short) ||
3091 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
3092 			       rdev->wiphy.retry_long) ||
3093 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
3094 				rdev->wiphy.frag_threshold) ||
3095 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
3096 				rdev->wiphy.rts_threshold) ||
3097 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
3098 			       rdev->wiphy.coverage_class) ||
3099 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
3100 			       rdev->wiphy.max_scan_ssids) ||
3101 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
3102 			       rdev->wiphy.max_sched_scan_ssids) ||
3103 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
3104 				rdev->wiphy.max_scan_ie_len) ||
3105 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
3106 				rdev->wiphy.max_sched_scan_ie_len) ||
3107 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
3108 			       rdev->wiphy.max_match_sets))
3109 			goto nla_put_failure;
3110 
3111 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
3112 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
3113 			goto nla_put_failure;
3114 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
3115 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
3116 			goto nla_put_failure;
3117 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
3118 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
3119 			goto nla_put_failure;
3120 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
3121 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
3122 			goto nla_put_failure;
3123 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
3124 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
3125 			goto nla_put_failure;
3126 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
3127 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
3128 			goto nla_put_failure;
3129 		state->split_start++;
3130 		if (state->split)
3131 			break;
3132 		fallthrough;
3133 	case 1:
3134 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
3135 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
3136 			    rdev->wiphy.cipher_suites))
3137 			goto nla_put_failure;
3138 
3139 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
3140 			       rdev->wiphy.max_num_pmkids))
3141 			goto nla_put_failure;
3142 
3143 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
3144 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
3145 			goto nla_put_failure;
3146 
3147 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
3148 				rdev->wiphy.available_antennas_tx) ||
3149 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
3150 				rdev->wiphy.available_antennas_rx))
3151 			goto nla_put_failure;
3152 
3153 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
3154 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
3155 				rdev->wiphy.probe_resp_offload))
3156 			goto nla_put_failure;
3157 
3158 		if ((rdev->wiphy.available_antennas_tx ||
3159 		     rdev->wiphy.available_antennas_rx) &&
3160 		    rdev->ops->get_antenna) {
3161 			u32 tx_ant = 0, rx_ant = 0;
3162 			int res;
3163 
3164 			res = rdev_get_antenna(rdev, -1, &tx_ant, &rx_ant);
3165 			if (!res) {
3166 				if (nla_put_u32(msg,
3167 						NL80211_ATTR_WIPHY_ANTENNA_TX,
3168 						tx_ant) ||
3169 				    nla_put_u32(msg,
3170 						NL80211_ATTR_WIPHY_ANTENNA_RX,
3171 						rx_ant))
3172 					goto nla_put_failure;
3173 			}
3174 		}
3175 
3176 		state->split_start++;
3177 		if (state->split)
3178 			break;
3179 		fallthrough;
3180 	case 2:
3181 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
3182 					rdev->wiphy.interface_modes))
3183 				goto nla_put_failure;
3184 		state->split_start++;
3185 		if (state->split)
3186 			break;
3187 		fallthrough;
3188 	case 3:
3189 		nl_bands = nla_nest_start_noflag(msg,
3190 						 NL80211_ATTR_WIPHY_BANDS);
3191 		if (!nl_bands)
3192 			goto nla_put_failure;
3193 
3194 		for (band = state->band_start;
3195 		     band < (state->split ?
3196 				NUM_NL80211_BANDS :
3197 				NL80211_BAND_60GHZ + 1);
3198 		     band++) {
3199 			struct ieee80211_supported_band *sband;
3200 
3201 			/* omit higher bands for ancient software */
3202 			if (band > NL80211_BAND_5GHZ && !state->split)
3203 				break;
3204 
3205 			sband = rdev->wiphy.bands[band];
3206 
3207 			if (!sband)
3208 				continue;
3209 
3210 			nl_band = nla_nest_start_noflag(msg, band);
3211 			if (!nl_band)
3212 				goto nla_put_failure;
3213 
3214 			switch (state->chan_start) {
3215 			case 0:
3216 				if (nl80211_send_band_rateinfo(msg, sband,
3217 							       state->split))
3218 					goto nla_put_failure;
3219 				state->chan_start++;
3220 				if (state->split)
3221 					break;
3222 				fallthrough;
3223 			default:
3224 				/* add frequencies */
3225 				nl_freqs = nla_nest_start_noflag(msg,
3226 								 NL80211_BAND_ATTR_FREQS);
3227 				if (!nl_freqs)
3228 					goto nla_put_failure;
3229 
3230 				for (i = state->chan_start - 1;
3231 				     i < sband->n_channels;
3232 				     i++) {
3233 					nl_freq = nla_nest_start_noflag(msg,
3234 									i);
3235 					if (!nl_freq)
3236 						goto nla_put_failure;
3237 
3238 					chan = &sband->channels[i];
3239 
3240 					if (nl80211_msg_put_channel(
3241 							msg, &rdev->wiphy, chan,
3242 							state->split))
3243 						goto nla_put_failure;
3244 
3245 					nla_nest_end(msg, nl_freq);
3246 					if (state->split)
3247 						break;
3248 				}
3249 				if (i < sband->n_channels)
3250 					state->chan_start = i + 2;
3251 				else
3252 					state->chan_start = 0;
3253 				nla_nest_end(msg, nl_freqs);
3254 			}
3255 
3256 			nla_nest_end(msg, nl_band);
3257 
3258 			if (state->split) {
3259 				/* start again here */
3260 				if (state->chan_start)
3261 					band--;
3262 				break;
3263 			}
3264 		}
3265 		nla_nest_end(msg, nl_bands);
3266 
3267 		if (band < NUM_NL80211_BANDS)
3268 			state->band_start = band + 1;
3269 		else
3270 			state->band_start = 0;
3271 
3272 		/* if bands & channels are done, continue outside */
3273 		if (state->band_start == 0 && state->chan_start == 0)
3274 			state->split_start++;
3275 		if (state->split)
3276 			break;
3277 		fallthrough;
3278 	case 4:
3279 		nl_cmds = nla_nest_start_noflag(msg,
3280 						NL80211_ATTR_SUPPORTED_COMMANDS);
3281 		if (!nl_cmds)
3282 			goto nla_put_failure;
3283 
3284 		i = nl80211_add_commands_unsplit(rdev, msg);
3285 		if (i < 0)
3286 			goto nla_put_failure;
3287 		if (state->split) {
3288 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
3289 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
3290 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
3291 				CMD(channel_switch, CHANNEL_SWITCH);
3292 			CMD(set_qos_map, SET_QOS_MAP);
3293 			if (rdev->wiphy.features &
3294 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
3295 				CMD(add_tx_ts, ADD_TX_TS);
3296 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
3297 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
3298 			CMD(update_ft_ies, UPDATE_FT_IES);
3299 			if (rdev->wiphy.sar_capa)
3300 				CMD(set_sar_specs, SET_SAR_SPECS);
3301 			CMD(assoc_ml_reconf, ASSOC_MLO_RECONF);
3302 		}
3303 #undef CMD
3304 
3305 		nla_nest_end(msg, nl_cmds);
3306 		state->split_start++;
3307 		if (state->split)
3308 			break;
3309 		fallthrough;
3310 	case 5:
3311 		if (rdev->ops->remain_on_channel &&
3312 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
3313 		    nla_put_u32(msg,
3314 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
3315 				rdev->wiphy.max_remain_on_channel_duration))
3316 			goto nla_put_failure;
3317 
3318 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
3319 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
3320 			goto nla_put_failure;
3321 
3322 		state->split_start++;
3323 		if (state->split)
3324 			break;
3325 		fallthrough;
3326 	case 6:
3327 #ifdef CONFIG_PM
3328 		if (nl80211_send_wowlan(msg, rdev, state->split))
3329 			goto nla_put_failure;
3330 		state->split_start++;
3331 		if (state->split)
3332 			break;
3333 #else
3334 		state->split_start++;
3335 #endif
3336 		fallthrough;
3337 	case 7:
3338 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
3339 					rdev->wiphy.software_iftypes))
3340 			goto nla_put_failure;
3341 
3342 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
3343 						   NL80211_ATTR_INTERFACE_COMBINATIONS,
3344 						   rdev->wiphy.n_radio ? 0 : -1,
3345 						   state->split, 0))
3346 			goto nla_put_failure;
3347 
3348 		state->split_start++;
3349 		if (state->split)
3350 			break;
3351 		fallthrough;
3352 	case 8:
3353 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
3354 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
3355 				rdev->wiphy.ap_sme_capa))
3356 			goto nla_put_failure;
3357 
3358 		features = rdev->wiphy.features;
3359 		/*
3360 		 * We can only add the per-channel limit information if the
3361 		 * dump is split, otherwise it makes it too big. Therefore
3362 		 * only advertise it in that case.
3363 		 */
3364 		if (state->split)
3365 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
3366 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
3367 			goto nla_put_failure;
3368 
3369 		if (rdev->wiphy.ht_capa_mod_mask &&
3370 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
3371 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
3372 			    rdev->wiphy.ht_capa_mod_mask))
3373 			goto nla_put_failure;
3374 
3375 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
3376 		    rdev->wiphy.max_acl_mac_addrs &&
3377 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
3378 				rdev->wiphy.max_acl_mac_addrs))
3379 			goto nla_put_failure;
3380 
3381 		/*
3382 		 * Any information below this point is only available to
3383 		 * applications that can deal with it being split. This
3384 		 * helps ensure that newly added capabilities don't break
3385 		 * older tools by overrunning their buffers.
3386 		 *
3387 		 * We still increment split_start so that in the split
3388 		 * case we'll continue with more data in the next round,
3389 		 * but break unconditionally so unsplit data stops here.
3390 		 */
3391 		if (state->split)
3392 			state->split_start++;
3393 		else
3394 			state->split_start = 0;
3395 		break;
3396 	case 9:
3397 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
3398 			goto nla_put_failure;
3399 
3400 		if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
3401 				rdev->wiphy.max_sched_scan_plans) ||
3402 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
3403 				rdev->wiphy.max_sched_scan_plan_interval) ||
3404 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
3405 				rdev->wiphy.max_sched_scan_plan_iterations))
3406 			goto nla_put_failure;
3407 
3408 		if (rdev->wiphy.extended_capabilities &&
3409 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
3410 			     rdev->wiphy.extended_capabilities_len,
3411 			     rdev->wiphy.extended_capabilities) ||
3412 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3413 			     rdev->wiphy.extended_capabilities_len,
3414 			     rdev->wiphy.extended_capabilities_mask)))
3415 			goto nla_put_failure;
3416 
3417 		if (rdev->wiphy.vht_capa_mod_mask &&
3418 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
3419 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
3420 			    rdev->wiphy.vht_capa_mod_mask))
3421 			goto nla_put_failure;
3422 
3423 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
3424 			    rdev->wiphy.perm_addr))
3425 			goto nla_put_failure;
3426 
3427 		if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
3428 		    nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
3429 			    rdev->wiphy.addr_mask))
3430 			goto nla_put_failure;
3431 
3432 		if (rdev->wiphy.n_addresses > 1) {
3433 			void *attr;
3434 
3435 			attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
3436 			if (!attr)
3437 				goto nla_put_failure;
3438 
3439 			for (i = 0; i < rdev->wiphy.n_addresses; i++)
3440 				if (nla_put(msg, i + 1, ETH_ALEN,
3441 					    rdev->wiphy.addresses[i].addr))
3442 					goto nla_put_failure;
3443 
3444 			nla_nest_end(msg, attr);
3445 		}
3446 
3447 		state->split_start++;
3448 		break;
3449 	case 10:
3450 		if (nl80211_send_coalesce(msg, rdev))
3451 			goto nla_put_failure;
3452 
3453 		if (rdev->wiphy.max_ap_assoc_sta &&
3454 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
3455 				rdev->wiphy.max_ap_assoc_sta))
3456 			goto nla_put_failure;
3457 
3458 		state->split_start++;
3459 		break;
3460 	case 11:
3461 		if (rdev->wiphy.n_vendor_commands) {
3462 			const struct nl80211_vendor_cmd_info *info;
3463 			struct nlattr *nested;
3464 
3465 			nested = nla_nest_start_noflag(msg,
3466 						       NL80211_ATTR_VENDOR_DATA);
3467 			if (!nested)
3468 				goto nla_put_failure;
3469 
3470 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
3471 				info = &rdev->wiphy.vendor_commands[i].info;
3472 				if (nla_put(msg, i + 1, sizeof(*info), info))
3473 					goto nla_put_failure;
3474 			}
3475 			nla_nest_end(msg, nested);
3476 		}
3477 
3478 		if (rdev->wiphy.n_vendor_events) {
3479 			const struct nl80211_vendor_cmd_info *info;
3480 			struct nlattr *nested;
3481 
3482 			nested = nla_nest_start_noflag(msg,
3483 						       NL80211_ATTR_VENDOR_EVENTS);
3484 			if (!nested)
3485 				goto nla_put_failure;
3486 
3487 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
3488 				info = &rdev->wiphy.vendor_events[i];
3489 				if (nla_put(msg, i + 1, sizeof(*info), info))
3490 					goto nla_put_failure;
3491 			}
3492 			nla_nest_end(msg, nested);
3493 		}
3494 		state->split_start++;
3495 		break;
3496 	case 12:
3497 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
3498 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
3499 			       rdev->wiphy.max_num_csa_counters))
3500 			goto nla_put_failure;
3501 
3502 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
3503 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
3504 			goto nla_put_failure;
3505 
3506 		if (rdev->wiphy.max_sched_scan_reqs &&
3507 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
3508 				rdev->wiphy.max_sched_scan_reqs))
3509 			goto nla_put_failure;
3510 
3511 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
3512 			    sizeof(rdev->wiphy.ext_features),
3513 			    rdev->wiphy.ext_features))
3514 			goto nla_put_failure;
3515 
3516 		if (rdev->wiphy.bss_param_support) {
3517 			struct nlattr *nested;
3518 			u32 parsup = rdev->wiphy.bss_param_support;
3519 
3520 			nested = nla_nest_start(msg, NL80211_ATTR_BSS_PARAM);
3521 			if (!nested)
3522 				goto nla_put_failure;
3523 
3524 			if ((parsup & WIPHY_BSS_PARAM_CTS_PROT) &&
3525 			    nla_put_flag(msg, NL80211_ATTR_BSS_CTS_PROT))
3526 				goto nla_put_failure;
3527 			if ((parsup & WIPHY_BSS_PARAM_SHORT_PREAMBLE) &&
3528 			    nla_put_flag(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE))
3529 				goto nla_put_failure;
3530 			if ((parsup & WIPHY_BSS_PARAM_SHORT_SLOT_TIME) &&
3531 			    nla_put_flag(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME))
3532 				goto nla_put_failure;
3533 			if ((parsup & WIPHY_BSS_PARAM_BASIC_RATES) &&
3534 			    nla_put_flag(msg, NL80211_ATTR_BSS_BASIC_RATES))
3535 				goto nla_put_failure;
3536 			if ((parsup & WIPHY_BSS_PARAM_AP_ISOLATE) &&
3537 			    nla_put_flag(msg, NL80211_ATTR_AP_ISOLATE))
3538 				goto nla_put_failure;
3539 			if ((parsup & WIPHY_BSS_PARAM_HT_OPMODE) &&
3540 			    nla_put_flag(msg, NL80211_ATTR_BSS_HT_OPMODE))
3541 				goto nla_put_failure;
3542 			if ((parsup & WIPHY_BSS_PARAM_P2P_CTWINDOW) &&
3543 			    nla_put_flag(msg, NL80211_ATTR_P2P_CTWINDOW))
3544 				goto nla_put_failure;
3545 			if ((parsup & WIPHY_BSS_PARAM_P2P_OPPPS) &&
3546 			    nla_put_flag(msg, NL80211_ATTR_P2P_OPPPS))
3547 				goto nla_put_failure;
3548 			nla_nest_end(msg, nested);
3549 		}
3550 		if (rdev->wiphy.bss_select_support) {
3551 			struct nlattr *nested;
3552 			u32 bss_select_support = rdev->wiphy.bss_select_support;
3553 
3554 			nested = nla_nest_start_noflag(msg,
3555 						       NL80211_ATTR_BSS_SELECT);
3556 			if (!nested)
3557 				goto nla_put_failure;
3558 
3559 			i = 0;
3560 			while (bss_select_support) {
3561 				if ((bss_select_support & 1) &&
3562 				    nla_put_flag(msg, i))
3563 					goto nla_put_failure;
3564 				i++;
3565 				bss_select_support >>= 1;
3566 			}
3567 			nla_nest_end(msg, nested);
3568 		}
3569 
3570 		state->split_start++;
3571 		break;
3572 	case 13:
3573 		if (rdev->wiphy.num_iftype_ext_capab &&
3574 		    rdev->wiphy.iftype_ext_capab) {
3575 			struct nlattr *nested_ext_capab, *nested;
3576 
3577 			nested = nla_nest_start_noflag(msg,
3578 						       NL80211_ATTR_IFTYPE_EXT_CAPA);
3579 			if (!nested)
3580 				goto nla_put_failure;
3581 
3582 			for (i = state->capa_start;
3583 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
3584 				const struct wiphy_iftype_ext_capab *capab;
3585 
3586 				capab = &rdev->wiphy.iftype_ext_capab[i];
3587 
3588 				nested_ext_capab = nla_nest_start_noflag(msg,
3589 									 i);
3590 				if (!nested_ext_capab ||
3591 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
3592 						capab->iftype) ||
3593 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
3594 					    capab->extended_capabilities_len,
3595 					    capab->extended_capabilities) ||
3596 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3597 					    capab->extended_capabilities_len,
3598 					    capab->extended_capabilities_mask))
3599 					goto nla_put_failure;
3600 
3601 				if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3602 				    (nla_put_u16(msg,
3603 						 NL80211_ATTR_EML_CAPABILITY,
3604 						 capab->eml_capabilities) ||
3605 				     nla_put_u16(msg,
3606 						 NL80211_ATTR_MLD_CAPA_AND_OPS,
3607 						 capab->mld_capa_and_ops)))
3608 					goto nla_put_failure;
3609 				if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3610 				    capab->ext_mld_capa_and_ops &&
3611 				    nla_put_u16(msg,
3612 						NL80211_ATTR_EXT_MLD_CAPA_AND_OPS,
3613 						capab->ext_mld_capa_and_ops))
3614 					goto nla_put_failure;
3615 
3616 				nla_nest_end(msg, nested_ext_capab);
3617 				if (state->split)
3618 					break;
3619 			}
3620 			nla_nest_end(msg, nested);
3621 			if (i < rdev->wiphy.num_iftype_ext_capab) {
3622 				state->capa_start = i + 1;
3623 				break;
3624 			}
3625 		}
3626 
3627 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
3628 				rdev->wiphy.nan_supported_bands))
3629 			goto nla_put_failure;
3630 
3631 		if (wiphy_ext_feature_isset(&rdev->wiphy,
3632 					    NL80211_EXT_FEATURE_TXQS)) {
3633 			struct cfg80211_txq_stats txqstats = {};
3634 			int res;
3635 
3636 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
3637 			if (!res &&
3638 			    !nl80211_put_txq_stats(msg, &txqstats,
3639 						   NL80211_ATTR_TXQ_STATS))
3640 				goto nla_put_failure;
3641 
3642 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
3643 					rdev->wiphy.txq_limit))
3644 				goto nla_put_failure;
3645 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
3646 					rdev->wiphy.txq_memory_limit))
3647 				goto nla_put_failure;
3648 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
3649 					rdev->wiphy.txq_quantum))
3650 				goto nla_put_failure;
3651 		}
3652 
3653 		state->split_start++;
3654 		break;
3655 	case 14:
3656 		if (nl80211_send_pmsr_capa(rdev, msg))
3657 			goto nla_put_failure;
3658 
3659 		state->split_start++;
3660 		break;
3661 	case 15:
3662 		if (rdev->wiphy.akm_suites &&
3663 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
3664 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
3665 			    rdev->wiphy.akm_suites))
3666 			goto nla_put_failure;
3667 
3668 		if (nl80211_put_iftype_akm_suites(rdev, msg))
3669 			goto nla_put_failure;
3670 
3671 		if (nl80211_put_tid_config_support(rdev, msg))
3672 			goto nla_put_failure;
3673 		state->split_start++;
3674 		break;
3675 	case 16:
3676 		if (nl80211_put_sar_specs(rdev, msg))
3677 			goto nla_put_failure;
3678 
3679 		if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
3680 			goto nla_put_failure;
3681 
3682 		if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
3683 				rdev->wiphy.max_num_akm_suites))
3684 			goto nla_put_failure;
3685 
3686 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3687 			nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3688 
3689 		if (rdev->wiphy.hw_timestamp_max_peers &&
3690 		    nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3691 				rdev->wiphy.hw_timestamp_max_peers))
3692 			goto nla_put_failure;
3693 
3694 		state->split_start++;
3695 		break;
3696 	case 17:
3697 		if (nl80211_put_radios(&rdev->wiphy, msg))
3698 			goto nla_put_failure;
3699 
3700 		state->split_start++;
3701 		break;
3702 	case 18:
3703 		if (nl80211_put_nan_capa(&rdev->wiphy, msg))
3704 			goto nla_put_failure;
3705 
3706 		/* done */
3707 		state->split_start = 0;
3708 		break;
3709 	}
3710  finish:
3711 	genlmsg_end(msg, hdr);
3712 	return 0;
3713 
3714  nla_put_failure:
3715 	genlmsg_cancel(msg, hdr);
3716 	return -EMSGSIZE;
3717 }
3718 
3719 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3720 				    struct netlink_callback *cb,
3721 				    struct nl80211_dump_wiphy_state *state)
3722 {
3723 	struct nlattr **tb = kzalloc_objs(*tb, NUM_NL80211_ATTR);
3724 	int ret;
3725 
3726 	if (!tb)
3727 		return -ENOMEM;
3728 
3729 	ret = nlmsg_parse_deprecated(cb->nlh,
3730 				     GENL_HDRLEN + nl80211_fam.hdrsize,
3731 				     tb, nl80211_fam.maxattr,
3732 				     nl80211_policy, NULL);
3733 	/* ignore parse errors for backward compatibility */
3734 	if (ret) {
3735 		ret = 0;
3736 		goto out;
3737 	}
3738 
3739 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3740 	if (tb[NL80211_ATTR_WIPHY])
3741 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3742 	if (tb[NL80211_ATTR_WDEV])
3743 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3744 	if (tb[NL80211_ATTR_IFINDEX]) {
3745 		struct net_device *netdev;
3746 		struct cfg80211_registered_device *rdev;
3747 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3748 
3749 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3750 		if (!netdev) {
3751 			ret = -ENODEV;
3752 			goto out;
3753 		}
3754 		if (netdev->ieee80211_ptr) {
3755 			rdev = wiphy_to_rdev(
3756 				netdev->ieee80211_ptr->wiphy);
3757 			state->filter_wiphy = rdev->wiphy_idx;
3758 		}
3759 	}
3760 
3761 	ret = 0;
3762 out:
3763 	kfree(tb);
3764 	return ret;
3765 }
3766 
3767 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3768 {
3769 	int idx = 0, ret;
3770 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3771 	struct cfg80211_registered_device *rdev;
3772 
3773 	rtnl_lock();
3774 	if (!state) {
3775 		state = kzalloc_obj(*state);
3776 		if (!state) {
3777 			rtnl_unlock();
3778 			return -ENOMEM;
3779 		}
3780 		state->filter_wiphy = -1;
3781 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
3782 		if (ret) {
3783 			kfree(state);
3784 			rtnl_unlock();
3785 			return ret;
3786 		}
3787 		cb->args[0] = (long)state;
3788 	}
3789 
3790 	for_each_rdev(rdev) {
3791 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3792 			continue;
3793 		if (++idx <= state->start)
3794 			continue;
3795 		if (state->filter_wiphy != -1 &&
3796 		    state->filter_wiphy != rdev->wiphy_idx)
3797 			continue;
3798 		wiphy_lock(&rdev->wiphy);
3799 		/* attempt to fit multiple wiphy data chunks into the skb */
3800 		do {
3801 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3802 						 skb,
3803 						 NETLINK_CB(cb->skb).portid,
3804 						 cb->nlh->nlmsg_seq,
3805 						 NLM_F_MULTI, state);
3806 			if (ret < 0) {
3807 				/*
3808 				 * If sending the wiphy data didn't fit (ENOBUFS
3809 				 * or EMSGSIZE returned), this SKB is still
3810 				 * empty (so it's not too big because another
3811 				 * wiphy dataset is already in the skb) and
3812 				 * we've not tried to adjust the dump allocation
3813 				 * yet ... then adjust the alloc size to be
3814 				 * bigger, and return 1 but with the empty skb.
3815 				 * This results in an empty message being RX'ed
3816 				 * in userspace, but that is ignored.
3817 				 *
3818 				 * We can then retry with the larger buffer.
3819 				 */
3820 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3821 				    !skb->len && !state->split &&
3822 				    cb->min_dump_alloc < 4096) {
3823 					cb->min_dump_alloc = 4096;
3824 					state->split_start = 0;
3825 					wiphy_unlock(&rdev->wiphy);
3826 					rtnl_unlock();
3827 					return 1;
3828 				}
3829 				idx--;
3830 				break;
3831 			}
3832 		} while (state->split_start > 0);
3833 		wiphy_unlock(&rdev->wiphy);
3834 		break;
3835 	}
3836 	rtnl_unlock();
3837 
3838 	state->start = idx;
3839 
3840 	return skb->len;
3841 }
3842 
3843 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3844 {
3845 	kfree((void *)cb->args[0]);
3846 	return 0;
3847 }
3848 
3849 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3850 {
3851 	struct sk_buff *msg;
3852 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3853 	struct nl80211_dump_wiphy_state state = {};
3854 
3855 	msg = nlmsg_new(4096, GFP_KERNEL);
3856 	if (!msg)
3857 		return -ENOMEM;
3858 
3859 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3860 			       info->snd_portid, info->snd_seq, 0,
3861 			       &state) < 0) {
3862 		nlmsg_free(msg);
3863 		return -ENOBUFS;
3864 	}
3865 
3866 	return genlmsg_reply(msg, info);
3867 }
3868 
3869 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3870 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
3871 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
3872 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
3873 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
3874 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
3875 };
3876 
3877 static int parse_txq_params(struct nlattr *tb[],
3878 			    struct ieee80211_txq_params *txq_params)
3879 {
3880 	u8 ac;
3881 
3882 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3883 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3884 	    !tb[NL80211_TXQ_ATTR_AIFS])
3885 		return -EINVAL;
3886 
3887 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3888 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3889 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3890 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3891 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3892 
3893 	if (ac >= NL80211_NUM_ACS)
3894 		return -EINVAL;
3895 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3896 	return 0;
3897 }
3898 
3899 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3900 {
3901 	/*
3902 	 * You can only set the channel explicitly for some interfaces,
3903 	 * most have their channel managed via their respective
3904 	 * "establish a connection" command (connect, join, ...)
3905 	 *
3906 	 * For AP/GO and mesh mode, the channel can be set with the
3907 	 * channel userspace API, but is only stored and passed to the
3908 	 * low-level driver when the AP starts or the mesh is joined.
3909 	 * This is for backward compatibility, userspace can also give
3910 	 * the channel in the start-ap or join-mesh commands instead.
3911 	 *
3912 	 * Monitors are special as they are normally slaved to
3913 	 * whatever else is going on, so they have their own special
3914 	 * operation to set the monitor channel if possible.
3915 	 */
3916 	return !wdev ||
3917 		wdev->iftype == NL80211_IFTYPE_AP ||
3918 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3919 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
3920 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
3921 }
3922 
3923 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3924 				  struct netlink_ext_ack *extack,
3925 				  struct nlattr **attrs, bool monitor,
3926 				  struct cfg80211_chan_def *chandef,
3927 				  bool permit_npca)
3928 {
3929 	u32 control_freq;
3930 
3931 	if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3932 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3933 				    "Frequency is missing");
3934 		return -EINVAL;
3935 	}
3936 
3937 	control_freq = MHZ_TO_KHZ(
3938 			nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
3939 	if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3940 		control_freq +=
3941 		    nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3942 
3943 	memset(chandef, 0, sizeof(*chandef));
3944 	chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3945 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3946 	chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3947 	chandef->freq1_offset = control_freq % 1000;
3948 	chandef->center_freq2 = 0;
3949 	chandef->s1g_primary_2mhz = false;
3950 
3951 	if (!chandef->chan) {
3952 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3953 				    "Unknown channel");
3954 		return -EINVAL;
3955 	}
3956 
3957 	if (cfg80211_chandef_is_s1g(chandef))
3958 		chandef->width = NL80211_CHAN_WIDTH_1;
3959 
3960 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3961 		enum nl80211_channel_type chantype;
3962 
3963 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3964 
3965 		switch (chantype) {
3966 		case NL80211_CHAN_NO_HT:
3967 		case NL80211_CHAN_HT20:
3968 		case NL80211_CHAN_HT40PLUS:
3969 		case NL80211_CHAN_HT40MINUS:
3970 			if (chandef->chan->band == NL80211_BAND_60GHZ ||
3971 			    chandef->chan->band == NL80211_BAND_S1GHZ)
3972 				return -EINVAL;
3973 			cfg80211_chandef_create(chandef, chandef->chan,
3974 						chantype);
3975 			/* user input for center_freq is incorrect */
3976 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3977 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3978 				NL_SET_ERR_MSG_ATTR(extack,
3979 						    attrs[NL80211_ATTR_CENTER_FREQ1],
3980 						    "bad center frequency 1");
3981 				return -EINVAL;
3982 			}
3983 			/* center_freq2 must be zero */
3984 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3985 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3986 				NL_SET_ERR_MSG_ATTR(extack,
3987 						    attrs[NL80211_ATTR_CENTER_FREQ2],
3988 						    "center frequency 2 can't be used");
3989 				return -EINVAL;
3990 			}
3991 			break;
3992 		default:
3993 			NL_SET_ERR_MSG_ATTR(extack,
3994 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3995 					    "invalid channel type");
3996 			return -EINVAL;
3997 		}
3998 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3999 		chandef->width = nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
4000 		if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
4001 			chandef->center_freq1 =
4002 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
4003 			chandef->freq1_offset = nla_get_u32_default(
4004 				attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET], 0);
4005 		}
4006 
4007 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
4008 			chandef->center_freq2 =
4009 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
4010 
4011 		chandef->s1g_primary_2mhz = nla_get_flag(
4012 			attrs[NL80211_ATTR_S1G_PRIMARY_2MHZ]);
4013 	}
4014 
4015 	if (attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
4016 		chandef->edmg.channels =
4017 		      nla_get_u8(attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
4018 
4019 		if (attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
4020 			chandef->edmg.bw_config =
4021 		     nla_get_u8(attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
4022 	} else {
4023 		chandef->edmg.bw_config = 0;
4024 		chandef->edmg.channels = 0;
4025 	}
4026 
4027 	if (attrs[NL80211_ATTR_PUNCT_BITMAP]) {
4028 		chandef->punctured =
4029 			nla_get_u32(attrs[NL80211_ATTR_PUNCT_BITMAP]);
4030 
4031 		if (chandef->punctured &&
4032 		    !wiphy_ext_feature_isset(&rdev->wiphy,
4033 					     NL80211_EXT_FEATURE_PUNCT)) {
4034 			NL_SET_ERR_MSG_ATTR(extack,
4035 					    attrs[NL80211_ATTR_WIPHY_FREQ],
4036 					    "driver doesn't support puncturing");
4037 			return -EINVAL;
4038 		}
4039 	}
4040 
4041 	if (attrs[NL80211_ATTR_NPCA_PRIMARY_FREQ]) {
4042 		if (!permit_npca) {
4043 			NL_SET_ERR_MSG_ATTR(extack,
4044 					    attrs[NL80211_ATTR_NPCA_PRIMARY_FREQ],
4045 					    "NPCA not supported");
4046 			return -EINVAL;
4047 		}
4048 
4049 		chandef->npca_chan =
4050 			ieee80211_get_channel(&rdev->wiphy,
4051 					      nla_get_u32(attrs[NL80211_ATTR_NPCA_PRIMARY_FREQ]));
4052 		if (!chandef->npca_chan) {
4053 			NL_SET_ERR_MSG_ATTR(extack,
4054 					    attrs[NL80211_ATTR_NPCA_PRIMARY_FREQ],
4055 					    "invalid NPCA primary channel");
4056 			return -EINVAL;
4057 		}
4058 
4059 		chandef->npca_punctured =
4060 			nla_get_u32_default(attrs[NL80211_ATTR_NPCA_PUNCT_BITMAP],
4061 					    chandef->punctured);
4062 	} else if (attrs[NL80211_ATTR_NPCA_PUNCT_BITMAP]) {
4063 		NL_SET_ERR_MSG_ATTR(extack,
4064 				    attrs[NL80211_ATTR_NPCA_PUNCT_BITMAP],
4065 				    "NPCA puncturing only valid with NPCA");
4066 		return -EINVAL;
4067 	}
4068 
4069 	if (!cfg80211_chandef_valid(chandef)) {
4070 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
4071 				    "invalid channel definition");
4072 		return -EINVAL;
4073 	}
4074 
4075 	if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
4076 				      IEEE80211_CHAN_DISABLED,
4077 				      monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) {
4078 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
4079 				    "(extension) channel is disabled");
4080 		return -EINVAL;
4081 	}
4082 
4083 	if (chandef->width == NL80211_CHAN_WIDTH_5 ||
4084 	    chandef->width == NL80211_CHAN_WIDTH_10) {
4085 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported any more");
4086 		return -EINVAL;
4087 	}
4088 
4089 	return 0;
4090 }
4091 
4092 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
4093 			  struct netlink_ext_ack *extack,
4094 			  struct nlattr **attrs,
4095 			  struct cfg80211_chan_def *chandef,
4096 			  bool permit_npca)
4097 {
4098 	return _nl80211_parse_chandef(rdev, extack, attrs, false, chandef,
4099 				      permit_npca);
4100 }
4101 
4102 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
4103 				 struct net_device *dev,
4104 				 struct genl_info *info,
4105 				 int _link_id)
4106 {
4107 	struct cfg80211_chan_def chandef;
4108 	int result;
4109 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
4110 	struct wireless_dev *wdev = NULL;
4111 	int link_id = _link_id;
4112 	bool permit_npca;
4113 
4114 	if (dev)
4115 		wdev = dev->ieee80211_ptr;
4116 	if (!nl80211_can_set_dev_channel(wdev))
4117 		return -EOPNOTSUPP;
4118 	if (wdev)
4119 		iftype = wdev->iftype;
4120 
4121 	if (link_id < 0) {
4122 		if (wdev && wdev->valid_links)
4123 			return -EINVAL;
4124 		link_id = 0;
4125 	}
4126 
4127 	/* allow parsing it - will check on start_ap or below */
4128 	permit_npca = iftype == NL80211_IFTYPE_AP ||
4129 		      iftype == NL80211_IFTYPE_P2P_GO;
4130 
4131 	result = _nl80211_parse_chandef(rdev, info->extack, info->attrs,
4132 					iftype == NL80211_IFTYPE_MONITOR,
4133 					&chandef, permit_npca);
4134 	if (result)
4135 		return result;
4136 
4137 	switch (iftype) {
4138 	case NL80211_IFTYPE_AP:
4139 	case NL80211_IFTYPE_P2P_GO:
4140 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
4141 						   iftype))
4142 			return -EINVAL;
4143 		if (wdev->links[link_id].ap.beacon_interval) {
4144 			struct ieee80211_channel *cur_chan;
4145 
4146 			if (!dev || !rdev->ops->set_ap_chanwidth ||
4147 			    !(rdev->wiphy.features &
4148 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
4149 				return -EBUSY;
4150 
4151 			/* Only allow dynamic channel width changes */
4152 			cur_chan = wdev->links[link_id].ap.chandef.npca_chan;
4153 			if (chandef.npca_chan != cur_chan)
4154 				return -EBUSY;
4155 			cur_chan = wdev->links[link_id].ap.chandef.chan;
4156 			if (chandef.chan != cur_chan)
4157 				return -EBUSY;
4158 
4159 			/* only allow this for regular channel widths */
4160 			switch (wdev->links[link_id].ap.chandef.width) {
4161 			case NL80211_CHAN_WIDTH_20_NOHT:
4162 			case NL80211_CHAN_WIDTH_20:
4163 			case NL80211_CHAN_WIDTH_40:
4164 			case NL80211_CHAN_WIDTH_80:
4165 			case NL80211_CHAN_WIDTH_80P80:
4166 			case NL80211_CHAN_WIDTH_160:
4167 			case NL80211_CHAN_WIDTH_320:
4168 				break;
4169 			default:
4170 				return -EINVAL;
4171 			}
4172 
4173 			switch (chandef.width) {
4174 			case NL80211_CHAN_WIDTH_20_NOHT:
4175 			case NL80211_CHAN_WIDTH_20:
4176 			case NL80211_CHAN_WIDTH_40:
4177 			case NL80211_CHAN_WIDTH_80:
4178 			case NL80211_CHAN_WIDTH_80P80:
4179 			case NL80211_CHAN_WIDTH_160:
4180 			case NL80211_CHAN_WIDTH_320:
4181 				break;
4182 			default:
4183 				return -EINVAL;
4184 			}
4185 
4186 			result = rdev_set_ap_chanwidth(rdev, dev, link_id,
4187 						       &chandef);
4188 			if (result)
4189 				return result;
4190 			wdev->links[link_id].ap.chandef = chandef;
4191 		} else {
4192 			wdev->u.ap.preset_chandef = chandef;
4193 		}
4194 		return 0;
4195 	case NL80211_IFTYPE_MESH_POINT:
4196 		return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
4197 	case NL80211_IFTYPE_MONITOR:
4198 		return cfg80211_set_monitor_channel(rdev, dev, &chandef);
4199 	default:
4200 		break;
4201 	}
4202 
4203 	return -EINVAL;
4204 }
4205 
4206 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
4207 {
4208 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4209 	int link_id = nl80211_link_id_or_invalid(info->attrs);
4210 	struct net_device *netdev = info->user_ptr[1];
4211 
4212 	return __nl80211_set_channel(rdev, netdev, info, link_id);
4213 }
4214 
4215 static int nl80211_set_wiphy_radio(struct genl_info *info,
4216 				   struct cfg80211_registered_device *rdev,
4217 				   int radio_idx)
4218 {
4219 	u32 rts_threshold = 0, old_rts, changed = 0;
4220 	int result;
4221 
4222 	if (!rdev->ops->set_wiphy_params)
4223 		return -EOPNOTSUPP;
4224 
4225 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
4226 		rts_threshold = nla_get_u32(
4227 				info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
4228 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
4229 	}
4230 
4231 	old_rts = rdev->wiphy.radio_cfg[radio_idx].rts_threshold;
4232 
4233 	rdev->wiphy.radio_cfg[radio_idx].rts_threshold = rts_threshold;
4234 
4235 	result = rdev_set_wiphy_params(rdev, radio_idx, changed);
4236 	if (result)
4237 		rdev->wiphy.radio_cfg[radio_idx].rts_threshold = old_rts;
4238 
4239 	return 0;
4240 }
4241 
4242 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
4243 {
4244 	struct cfg80211_registered_device *rdev = NULL;
4245 	struct net_device *netdev = NULL;
4246 	struct wireless_dev *wdev;
4247 	int result = 0, rem_txq_params = 0;
4248 	struct nlattr *nl_txq_params;
4249 	u32 changed;
4250 	u8 retry_short = 0, retry_long = 0;
4251 	u32 frag_threshold = 0, rts_threshold = 0;
4252 	u8 coverage_class = 0;
4253 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
4254 	int radio_idx = -1;
4255 
4256 	rtnl_lock();
4257 	/*
4258 	 * Try to find the wiphy and netdev. Normally this
4259 	 * function shouldn't need the netdev, but this is
4260 	 * done for backward compatibility -- previously
4261 	 * setting the channel was done per wiphy, but now
4262 	 * it is per netdev. Previous userland like hostapd
4263 	 * also passed a netdev to set_wiphy, so that it is
4264 	 * possible to let that go to the right netdev!
4265 	 */
4266 
4267 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
4268 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
4269 
4270 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
4271 		if (netdev && netdev->ieee80211_ptr)
4272 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
4273 		else
4274 			netdev = NULL;
4275 	}
4276 
4277 	if (!netdev) {
4278 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
4279 						  info->attrs);
4280 		if (IS_ERR(rdev)) {
4281 			rtnl_unlock();
4282 			return PTR_ERR(rdev);
4283 		}
4284 		wdev = NULL;
4285 		netdev = NULL;
4286 		result = 0;
4287 	} else
4288 		wdev = netdev->ieee80211_ptr;
4289 
4290 	guard(wiphy)(&rdev->wiphy);
4291 
4292 	/*
4293 	 * end workaround code, by now the rdev is available
4294 	 * and locked, and wdev may or may not be NULL.
4295 	 */
4296 
4297 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
4298 		result = cfg80211_dev_rename(
4299 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
4300 	rtnl_unlock();
4301 
4302 	if (result)
4303 		return result;
4304 
4305 	if (info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]) {
4306 		/* Radio idx is not expected for non-multi radio wiphy */
4307 		if (rdev->wiphy.n_radio <= 0)
4308 			return -EINVAL;
4309 
4310 		radio_idx = nla_get_u8(
4311 				info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]);
4312 		if (radio_idx >= rdev->wiphy.n_radio)
4313 			return -EINVAL;
4314 
4315 		return nl80211_set_wiphy_radio(info, rdev, radio_idx);
4316 	}
4317 
4318 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
4319 		struct ieee80211_txq_params txq_params;
4320 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
4321 
4322 		if (!rdev->ops->set_txq_params)
4323 			return -EOPNOTSUPP;
4324 
4325 		if (!netdev)
4326 			return -EINVAL;
4327 
4328 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4329 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4330 			return -EINVAL;
4331 
4332 		if (!netif_running(netdev))
4333 			return -ENETDOWN;
4334 
4335 		nla_for_each_nested(nl_txq_params,
4336 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
4337 				    rem_txq_params) {
4338 			result = nla_parse_nested_deprecated(tb,
4339 							     NL80211_TXQ_ATTR_MAX,
4340 							     nl_txq_params,
4341 							     txq_params_policy,
4342 							     info->extack);
4343 			if (result)
4344 				return result;
4345 
4346 			result = parse_txq_params(tb, &txq_params);
4347 			if (result)
4348 				return result;
4349 
4350 			txq_params.link_id =
4351 				nl80211_link_id_or_invalid(info->attrs);
4352 
4353 			if (txq_params.link_id >= 0 &&
4354 			    !(netdev->ieee80211_ptr->valid_links &
4355 			      BIT(txq_params.link_id)))
4356 				result = -ENOLINK;
4357 			else if (txq_params.link_id >= 0 &&
4358 				 !netdev->ieee80211_ptr->valid_links)
4359 				result = -EINVAL;
4360 			else
4361 				result = rdev_set_txq_params(rdev, netdev,
4362 							     &txq_params);
4363 			if (result)
4364 				return result;
4365 		}
4366 	}
4367 
4368 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4369 		int link_id = nl80211_link_id_or_invalid(info->attrs);
4370 
4371 		if (wdev) {
4372 			result = __nl80211_set_channel(
4373 				rdev,
4374 				nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
4375 				info, link_id);
4376 		} else {
4377 			result = __nl80211_set_channel(rdev, netdev, info, link_id);
4378 		}
4379 
4380 		if (result)
4381 			return result;
4382 	}
4383 
4384 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
4385 		struct wireless_dev *txp_wdev = wdev;
4386 		enum nl80211_tx_power_setting type;
4387 		int idx, mbm = 0;
4388 
4389 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
4390 			txp_wdev = NULL;
4391 
4392 		if (!rdev->ops->set_tx_power)
4393 			return -EOPNOTSUPP;
4394 
4395 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
4396 		type = nla_get_u32(info->attrs[idx]);
4397 
4398 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
4399 		    (type != NL80211_TX_POWER_AUTOMATIC))
4400 			return -EINVAL;
4401 
4402 		if (type != NL80211_TX_POWER_AUTOMATIC) {
4403 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
4404 			mbm = nla_get_u32(info->attrs[idx]);
4405 		}
4406 
4407 		result = rdev_set_tx_power(rdev, txp_wdev, radio_idx, type,
4408 					   mbm);
4409 		if (result)
4410 			return result;
4411 	}
4412 
4413 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
4414 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
4415 		u32 tx_ant, rx_ant;
4416 
4417 		if ((!rdev->wiphy.available_antennas_tx &&
4418 		     !rdev->wiphy.available_antennas_rx) ||
4419 		    !rdev->ops->set_antenna)
4420 			return -EOPNOTSUPP;
4421 
4422 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
4423 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
4424 
4425 		/* reject antenna configurations which don't match the
4426 		 * available antenna masks, except for the "all" mask */
4427 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
4428 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
4429 			return -EINVAL;
4430 
4431 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
4432 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
4433 
4434 		result = rdev_set_antenna(rdev, radio_idx, tx_ant, rx_ant);
4435 		if (result)
4436 			return result;
4437 	}
4438 
4439 	changed = 0;
4440 
4441 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
4442 		retry_short = nla_get_u8(
4443 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
4444 
4445 		changed |= WIPHY_PARAM_RETRY_SHORT;
4446 	}
4447 
4448 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
4449 		retry_long = nla_get_u8(
4450 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
4451 
4452 		changed |= WIPHY_PARAM_RETRY_LONG;
4453 	}
4454 
4455 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
4456 		frag_threshold = nla_get_u32(
4457 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
4458 		if (frag_threshold < 256)
4459 			return -EINVAL;
4460 
4461 		if (frag_threshold != (u32) -1) {
4462 			/*
4463 			 * Fragments (apart from the last one) are required to
4464 			 * have even length. Make the fragmentation code
4465 			 * simpler by stripping LSB should someone try to use
4466 			 * odd threshold value.
4467 			 */
4468 			frag_threshold &= ~0x1;
4469 		}
4470 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
4471 	}
4472 
4473 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
4474 		rts_threshold = nla_get_u32(
4475 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
4476 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
4477 	}
4478 
4479 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
4480 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
4481 			return -EINVAL;
4482 
4483 		coverage_class = nla_get_u8(
4484 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
4485 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
4486 	}
4487 
4488 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
4489 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
4490 			return -EOPNOTSUPP;
4491 
4492 		changed |= WIPHY_PARAM_DYN_ACK;
4493 	}
4494 
4495 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
4496 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4497 					     NL80211_EXT_FEATURE_TXQS))
4498 			return -EOPNOTSUPP;
4499 
4500 		txq_limit = nla_get_u32(
4501 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
4502 		changed |= WIPHY_PARAM_TXQ_LIMIT;
4503 	}
4504 
4505 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
4506 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4507 					     NL80211_EXT_FEATURE_TXQS))
4508 			return -EOPNOTSUPP;
4509 
4510 		txq_memory_limit = nla_get_u32(
4511 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
4512 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
4513 	}
4514 
4515 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
4516 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4517 					     NL80211_EXT_FEATURE_TXQS))
4518 			return -EOPNOTSUPP;
4519 
4520 		txq_quantum = nla_get_u32(
4521 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
4522 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
4523 	}
4524 
4525 	if (changed) {
4526 		u8 old_retry_short, old_retry_long;
4527 		u32 old_frag_threshold, old_rts_threshold;
4528 		u8 old_coverage_class, i;
4529 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
4530 		u32 *old_radio_rts_threshold = NULL;
4531 
4532 		if (!rdev->ops->set_wiphy_params)
4533 			return -EOPNOTSUPP;
4534 
4535 		if (rdev->wiphy.n_radio) {
4536 			old_radio_rts_threshold = kcalloc(rdev->wiphy.n_radio,
4537 							  sizeof(u32),
4538 							  GFP_KERNEL);
4539 			if (!old_radio_rts_threshold)
4540 				return -ENOMEM;
4541 		}
4542 
4543 		old_retry_short = rdev->wiphy.retry_short;
4544 		old_retry_long = rdev->wiphy.retry_long;
4545 		old_frag_threshold = rdev->wiphy.frag_threshold;
4546 		old_rts_threshold = rdev->wiphy.rts_threshold;
4547 		if (old_radio_rts_threshold) {
4548 			for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4549 				old_radio_rts_threshold[i] =
4550 					rdev->wiphy.radio_cfg[i].rts_threshold;
4551 		}
4552 		old_coverage_class = rdev->wiphy.coverage_class;
4553 		old_txq_limit = rdev->wiphy.txq_limit;
4554 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
4555 		old_txq_quantum = rdev->wiphy.txq_quantum;
4556 
4557 		if (changed & WIPHY_PARAM_RETRY_SHORT)
4558 			rdev->wiphy.retry_short = retry_short;
4559 		if (changed & WIPHY_PARAM_RETRY_LONG)
4560 			rdev->wiphy.retry_long = retry_long;
4561 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
4562 			rdev->wiphy.frag_threshold = frag_threshold;
4563 		if ((changed & WIPHY_PARAM_RTS_THRESHOLD) &&
4564 		    old_radio_rts_threshold) {
4565 			rdev->wiphy.rts_threshold = rts_threshold;
4566 			for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4567 				rdev->wiphy.radio_cfg[i].rts_threshold =
4568 					rdev->wiphy.rts_threshold;
4569 		}
4570 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
4571 			rdev->wiphy.coverage_class = coverage_class;
4572 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
4573 			rdev->wiphy.txq_limit = txq_limit;
4574 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
4575 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
4576 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
4577 			rdev->wiphy.txq_quantum = txq_quantum;
4578 
4579 		result = rdev_set_wiphy_params(rdev, radio_idx, changed);
4580 		if (result) {
4581 			rdev->wiphy.retry_short = old_retry_short;
4582 			rdev->wiphy.retry_long = old_retry_long;
4583 			rdev->wiphy.frag_threshold = old_frag_threshold;
4584 			rdev->wiphy.rts_threshold = old_rts_threshold;
4585 			if (old_radio_rts_threshold) {
4586 				for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4587 					rdev->wiphy.radio_cfg[i].rts_threshold =
4588 						old_radio_rts_threshold[i];
4589 			}
4590 			rdev->wiphy.coverage_class = old_coverage_class;
4591 			rdev->wiphy.txq_limit = old_txq_limit;
4592 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
4593 			rdev->wiphy.txq_quantum = old_txq_quantum;
4594 		}
4595 
4596 		kfree(old_radio_rts_threshold);
4597 		return result;
4598 	}
4599 
4600 	return 0;
4601 }
4602 
4603 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
4604 {
4605 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
4606 		return -EINVAL;
4607 
4608 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
4609 			chandef->chan->center_freq))
4610 		return -ENOBUFS;
4611 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
4612 			chandef->chan->freq_offset))
4613 		return -ENOBUFS;
4614 	switch (chandef->width) {
4615 	case NL80211_CHAN_WIDTH_20_NOHT:
4616 	case NL80211_CHAN_WIDTH_20:
4617 	case NL80211_CHAN_WIDTH_40:
4618 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4619 				cfg80211_get_chandef_type(chandef)))
4620 			return -ENOBUFS;
4621 		break;
4622 	default:
4623 		break;
4624 	}
4625 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
4626 		return -ENOBUFS;
4627 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
4628 		return -ENOBUFS;
4629 	if (chandef->center_freq2 &&
4630 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
4631 		return -ENOBUFS;
4632 	if (chandef->punctured &&
4633 	    nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
4634 		return -ENOBUFS;
4635 	if (chandef->s1g_primary_2mhz &&
4636 	    nla_put_flag(msg, NL80211_ATTR_S1G_PRIMARY_2MHZ))
4637 		return -ENOBUFS;
4638 
4639 	if (chandef->npca_chan &&
4640 	    nla_put_u32(msg, NL80211_ATTR_NPCA_PRIMARY_FREQ,
4641 			chandef->npca_chan->center_freq))
4642 		return -ENOBUFS;
4643 	if (chandef->npca_punctured &&
4644 	    nla_put_u32(msg, NL80211_ATTR_NPCA_PUNCT_BITMAP,
4645 			chandef->npca_punctured))
4646 		return -ENOBUFS;
4647 
4648 	return 0;
4649 }
4650 EXPORT_SYMBOL(nl80211_send_chandef);
4651 
4652 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
4653 			      struct cfg80211_registered_device *rdev,
4654 			      struct wireless_dev *wdev,
4655 			      enum nl80211_commands cmd)
4656 {
4657 	struct net_device *dev = wdev->netdev;
4658 	void *hdr;
4659 
4660 	lockdep_assert_wiphy(&rdev->wiphy);
4661 
4662 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
4663 		cmd != NL80211_CMD_DEL_INTERFACE &&
4664 		cmd != NL80211_CMD_SET_INTERFACE);
4665 
4666 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4667 	if (!hdr)
4668 		return -1;
4669 
4670 	if (dev &&
4671 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4672 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
4673 		goto nla_put_failure;
4674 
4675 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
4676 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
4677 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
4678 			      NL80211_ATTR_PAD) ||
4679 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
4680 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
4681 			rdev->devlist_generation ^
4682 			(cfg80211_rdev_list_generation << 2)) ||
4683 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr) ||
4684 	    nla_put_u32(msg, NL80211_ATTR_VIF_RADIO_MASK, wdev->radio_mask))
4685 		goto nla_put_failure;
4686 
4687 	if (rdev->ops->get_channel && !wdev->valid_links) {
4688 		struct cfg80211_chan_def chandef = {};
4689 		int ret;
4690 
4691 		ret = rdev_get_channel(rdev, wdev, 0, &chandef);
4692 		if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4693 			goto nla_put_failure;
4694 	}
4695 
4696 	if (rdev->ops->get_tx_power && !wdev->valid_links) {
4697 		int dbm, ret;
4698 
4699 		ret = rdev_get_tx_power(rdev, wdev, -1, 0, &dbm);
4700 		if (ret == 0 &&
4701 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4702 				DBM_TO_MBM(dbm)))
4703 			goto nla_put_failure;
4704 	}
4705 
4706 	switch (wdev->iftype) {
4707 	case NL80211_IFTYPE_AP:
4708 	case NL80211_IFTYPE_P2P_GO:
4709 		if (wdev->u.ap.ssid_len &&
4710 		    nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
4711 			    wdev->u.ap.ssid))
4712 			goto nla_put_failure;
4713 		break;
4714 	case NL80211_IFTYPE_STATION:
4715 	case NL80211_IFTYPE_P2P_CLIENT:
4716 		if (wdev->u.client.ssid_len &&
4717 		    nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
4718 			    wdev->u.client.ssid))
4719 			goto nla_put_failure;
4720 		break;
4721 	case NL80211_IFTYPE_ADHOC:
4722 		if (wdev->u.ibss.ssid_len &&
4723 		    nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
4724 			    wdev->u.ibss.ssid))
4725 			goto nla_put_failure;
4726 		break;
4727 	default:
4728 		/* nothing */
4729 		break;
4730 	}
4731 
4732 	if (rdev->ops->get_txq_stats) {
4733 		struct cfg80211_txq_stats txqstats = {};
4734 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
4735 
4736 		if (ret == 0 &&
4737 		    !nl80211_put_txq_stats(msg, &txqstats,
4738 					   NL80211_ATTR_TXQ_STATS))
4739 			goto nla_put_failure;
4740 	}
4741 
4742 	if (wdev->valid_links) {
4743 		unsigned int link_id;
4744 		struct nlattr *links = nla_nest_start(msg,
4745 						      NL80211_ATTR_MLO_LINKS);
4746 
4747 		if (!links)
4748 			goto nla_put_failure;
4749 
4750 		for_each_valid_link(wdev, link_id) {
4751 			struct nlattr *link = nla_nest_start(msg, link_id + 1);
4752 			struct cfg80211_chan_def chandef = {};
4753 			int ret;
4754 
4755 			if (!link)
4756 				goto nla_put_failure;
4757 
4758 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
4759 				goto nla_put_failure;
4760 			if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
4761 				    wdev->links[link_id].addr))
4762 				goto nla_put_failure;
4763 
4764 			ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
4765 			if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4766 				goto nla_put_failure;
4767 
4768 			if (rdev->ops->get_tx_power) {
4769 				int dbm, ret;
4770 
4771 				ret = rdev_get_tx_power(rdev, wdev, -1, link_id, &dbm);
4772 				if (ret == 0 &&
4773 				    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4774 						DBM_TO_MBM(dbm)))
4775 					goto nla_put_failure;
4776 			}
4777 			nla_nest_end(msg, link);
4778 		}
4779 
4780 		nla_nest_end(msg, links);
4781 	}
4782 
4783 	genlmsg_end(msg, hdr);
4784 	return 0;
4785 
4786  nla_put_failure:
4787 	genlmsg_cancel(msg, hdr);
4788 	return -EMSGSIZE;
4789 }
4790 
4791 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
4792 {
4793 	int wp_idx = 0;
4794 	int if_idx = 0;
4795 	int wp_start = cb->args[0];
4796 	int if_start = cb->args[1];
4797 	int filter_wiphy = -1;
4798 	struct cfg80211_registered_device *rdev;
4799 	struct wireless_dev *wdev;
4800 	int ret;
4801 
4802 	rtnl_lock();
4803 	if (!cb->args[2]) {
4804 		struct nl80211_dump_wiphy_state state = {
4805 			.filter_wiphy = -1,
4806 		};
4807 
4808 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
4809 		if (ret)
4810 			goto out_unlock;
4811 
4812 		filter_wiphy = state.filter_wiphy;
4813 
4814 		/*
4815 		 * if filtering, set cb->args[2] to +1 since 0 is the default
4816 		 * value needed to determine that parsing is necessary.
4817 		 */
4818 		if (filter_wiphy >= 0)
4819 			cb->args[2] = filter_wiphy + 1;
4820 		else
4821 			cb->args[2] = -1;
4822 	} else if (cb->args[2] > 0) {
4823 		filter_wiphy = cb->args[2] - 1;
4824 	}
4825 
4826 	for_each_rdev(rdev) {
4827 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4828 			continue;
4829 		if (wp_idx < wp_start) {
4830 			wp_idx++;
4831 			continue;
4832 		}
4833 
4834 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4835 			continue;
4836 
4837 		if_idx = 0;
4838 
4839 		guard(wiphy)(&rdev->wiphy);
4840 
4841 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4842 			if (if_idx < if_start) {
4843 				if_idx++;
4844 				continue;
4845 			}
4846 
4847 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4848 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4849 					       rdev, wdev,
4850 					       NL80211_CMD_NEW_INTERFACE) < 0)
4851 				goto out;
4852 
4853 			if_idx++;
4854 		}
4855 
4856 		if_start = 0;
4857 		wp_idx++;
4858 	}
4859  out:
4860 	cb->args[0] = wp_idx;
4861 	cb->args[1] = if_idx;
4862 
4863 	ret = skb->len;
4864  out_unlock:
4865 	rtnl_unlock();
4866 
4867 	return ret;
4868 }
4869 
4870 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4871 {
4872 	struct sk_buff *msg;
4873 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4874 	struct wireless_dev *wdev = info->user_ptr[1];
4875 
4876 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4877 	if (!msg)
4878 		return -ENOMEM;
4879 
4880 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4881 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4882 		nlmsg_free(msg);
4883 		return -ENOBUFS;
4884 	}
4885 
4886 	return genlmsg_reply(msg, info);
4887 }
4888 
4889 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4890 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4891 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4892 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4893 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4894 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4895 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4896 	[NL80211_MNTR_FLAG_SKIP_TX] = { .type = NLA_FLAG },
4897 };
4898 
4899 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4900 {
4901 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4902 	int flag;
4903 
4904 	*mntrflags = 0;
4905 
4906 	if (!nla)
4907 		return -EINVAL;
4908 
4909 	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4910 		return -EINVAL;
4911 
4912 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4913 		if (flags[flag])
4914 			*mntrflags |= (1<<flag);
4915 
4916 	/* cooked monitor mode is incompatible with other modes */
4917 	if (*mntrflags & MONITOR_FLAG_COOK_FRAMES &&
4918 	    *mntrflags != MONITOR_FLAG_COOK_FRAMES)
4919 		return -EOPNOTSUPP;
4920 
4921 	*mntrflags |= MONITOR_FLAG_CHANGED;
4922 
4923 	return 0;
4924 }
4925 
4926 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4927 				     enum nl80211_iftype type,
4928 				     struct genl_info *info,
4929 				     struct vif_params *params)
4930 {
4931 	bool change = false;
4932 	int err;
4933 
4934 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4935 		if (type != NL80211_IFTYPE_MONITOR)
4936 			return -EINVAL;
4937 
4938 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4939 					  &params->flags);
4940 		if (err)
4941 			return err;
4942 
4943 		change = true;
4944 	}
4945 
4946 	/* MONITOR_FLAG_COOK_FRAMES is deprecated, refuse cooperation */
4947 	if (params->flags & MONITOR_FLAG_COOK_FRAMES)
4948 		return -EOPNOTSUPP;
4949 
4950 	if (params->flags & MONITOR_FLAG_ACTIVE &&
4951 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4952 		return -EOPNOTSUPP;
4953 
4954 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4955 		const u8 *mumimo_groups;
4956 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4957 
4958 		if (type != NL80211_IFTYPE_MONITOR)
4959 			return -EINVAL;
4960 
4961 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4962 			return -EOPNOTSUPP;
4963 
4964 		mumimo_groups =
4965 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4966 
4967 		/* bits 0 and 63 are reserved and must be zero */
4968 		if ((mumimo_groups[0] & BIT(0)) ||
4969 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4970 			return -EINVAL;
4971 
4972 		params->vht_mumimo_groups = mumimo_groups;
4973 		change = true;
4974 	}
4975 
4976 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4977 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4978 
4979 		if (type != NL80211_IFTYPE_MONITOR)
4980 			return -EINVAL;
4981 
4982 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4983 			return -EOPNOTSUPP;
4984 
4985 		params->vht_mumimo_follow_addr =
4986 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4987 		change = true;
4988 	}
4989 
4990 	return change ? 1 : 0;
4991 }
4992 
4993 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4994 			       struct net_device *netdev, u8 use_4addr,
4995 			       enum nl80211_iftype iftype)
4996 {
4997 	if (!use_4addr) {
4998 		if (netdev && netif_is_bridge_port(netdev))
4999 			return -EBUSY;
5000 		return 0;
5001 	}
5002 
5003 	switch (iftype) {
5004 	case NL80211_IFTYPE_AP_VLAN:
5005 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
5006 			return 0;
5007 		break;
5008 	case NL80211_IFTYPE_STATION:
5009 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
5010 			return 0;
5011 		break;
5012 	default:
5013 		break;
5014 	}
5015 
5016 	return -EOPNOTSUPP;
5017 }
5018 
5019 static int nl80211_parse_vif_radio_mask(struct genl_info *info,
5020 					u32 *radio_mask)
5021 {
5022 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5023 	struct nlattr *attr = info->attrs[NL80211_ATTR_VIF_RADIO_MASK];
5024 	u32 mask, allowed;
5025 
5026 	if (!attr) {
5027 		*radio_mask = 0;
5028 		return 0;
5029 	}
5030 
5031 	allowed = BIT(rdev->wiphy.n_radio) - 1;
5032 	mask = nla_get_u32(attr);
5033 	if (mask & ~allowed)
5034 		return -EINVAL;
5035 	if (!mask)
5036 		mask = allowed;
5037 	*radio_mask = mask;
5038 
5039 	return 1;
5040 }
5041 
5042 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
5043 {
5044 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5045 	struct vif_params params;
5046 	int err;
5047 	enum nl80211_iftype otype, ntype;
5048 	struct net_device *dev = info->user_ptr[1];
5049 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5050 	u32 radio_mask = 0;
5051 	bool change = false;
5052 
5053 	memset(&params, 0, sizeof(params));
5054 
5055 	otype = ntype = dev->ieee80211_ptr->iftype;
5056 
5057 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
5058 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
5059 		if (otype != ntype)
5060 			change = true;
5061 	}
5062 
5063 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
5064 		if (ntype != NL80211_IFTYPE_MESH_POINT)
5065 			return -EINVAL;
5066 		if (otype != NL80211_IFTYPE_MESH_POINT)
5067 			return -EINVAL;
5068 		if (netif_running(dev))
5069 			return -EBUSY;
5070 
5071 		wdev->u.mesh.id_up_len =
5072 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5073 		memcpy(wdev->u.mesh.id,
5074 		       nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
5075 		       wdev->u.mesh.id_up_len);
5076 	}
5077 
5078 	if (info->attrs[NL80211_ATTR_4ADDR]) {
5079 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
5080 		change = true;
5081 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
5082 		if (err)
5083 			return err;
5084 	} else {
5085 		params.use_4addr = -1;
5086 	}
5087 
5088 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
5089 	if (err < 0)
5090 		return err;
5091 	if (err > 0)
5092 		change = true;
5093 
5094 	err = nl80211_parse_vif_radio_mask(info, &radio_mask);
5095 	if (err < 0)
5096 		return err;
5097 	if (err && netif_running(dev))
5098 		return -EBUSY;
5099 
5100 	if (change)
5101 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
5102 	else
5103 		err = 0;
5104 
5105 	if (!err && params.use_4addr != -1)
5106 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
5107 
5108 	if (radio_mask)
5109 		wdev->radio_mask = radio_mask;
5110 
5111 	if (change && !err)
5112 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
5113 
5114 	return err;
5115 }
5116 
5117 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
5118 {
5119 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5120 	struct vif_params params;
5121 	struct wireless_dev *wdev;
5122 	struct sk_buff *msg;
5123 	u32 radio_mask;
5124 	int err;
5125 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
5126 
5127 	memset(&params, 0, sizeof(params));
5128 
5129 	if (!info->attrs[NL80211_ATTR_IFNAME])
5130 		return -EINVAL;
5131 
5132 	if (info->attrs[NL80211_ATTR_IFTYPE])
5133 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
5134 
5135 	if (!rdev->ops->add_virtual_intf)
5136 		return -EOPNOTSUPP;
5137 
5138 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
5139 	     type == NL80211_IFTYPE_PD ||
5140 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
5141 	    info->attrs[NL80211_ATTR_MAC]) {
5142 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
5143 			   ETH_ALEN);
5144 		if (!is_valid_ether_addr(params.macaddr))
5145 			return -EADDRNOTAVAIL;
5146 	}
5147 
5148 	if (info->attrs[NL80211_ATTR_4ADDR]) {
5149 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
5150 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
5151 		if (err)
5152 			return err;
5153 	}
5154 
5155 	if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
5156 		return -EOPNOTSUPP;
5157 
5158 	err = nl80211_parse_mon_options(rdev, type, info, &params);
5159 	if (err < 0)
5160 		return err;
5161 
5162 	err = nl80211_parse_vif_radio_mask(info, &radio_mask);
5163 	if (err < 0)
5164 		return err;
5165 
5166 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5167 	if (!msg)
5168 		return -ENOMEM;
5169 
5170 	wdev = rdev_add_virtual_intf(rdev,
5171 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
5172 				NET_NAME_USER, type, &params);
5173 	if (WARN_ON(!wdev)) {
5174 		nlmsg_free(msg);
5175 		return -EPROTO;
5176 	} else if (IS_ERR(wdev)) {
5177 		nlmsg_free(msg);
5178 		return PTR_ERR(wdev);
5179 	}
5180 
5181 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5182 		wdev->owner_nlportid = info->snd_portid;
5183 
5184 	switch (type) {
5185 	case NL80211_IFTYPE_MESH_POINT:
5186 		if (!info->attrs[NL80211_ATTR_MESH_ID])
5187 			break;
5188 		wdev->u.mesh.id_up_len =
5189 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5190 		memcpy(wdev->u.mesh.id,
5191 		       nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
5192 		       wdev->u.mesh.id_up_len);
5193 		break;
5194 	case NL80211_IFTYPE_NAN:
5195 	case NL80211_IFTYPE_P2P_DEVICE:
5196 	case NL80211_IFTYPE_PD:
5197 		/*
5198 		 * P2P Device, NAN and PD do not have a netdev, so don't go
5199 		 * through the netdev notifier and must be added here
5200 		 */
5201 		cfg80211_init_wdev(wdev);
5202 		cfg80211_register_wdev(rdev, wdev);
5203 		break;
5204 	default:
5205 		break;
5206 	}
5207 
5208 	if (radio_mask)
5209 		wdev->radio_mask = radio_mask;
5210 
5211 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
5212 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
5213 		nlmsg_free(msg);
5214 		return -ENOBUFS;
5215 	}
5216 
5217 	return genlmsg_reply(msg, info);
5218 }
5219 
5220 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
5221 {
5222 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5223 
5224 	/* to avoid failing a new interface creation due to pending removal */
5225 	cfg80211_destroy_ifaces(rdev);
5226 
5227 	guard(wiphy)(&rdev->wiphy);
5228 
5229 	return _nl80211_new_interface(skb, info);
5230 }
5231 
5232 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
5233 {
5234 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5235 	struct wireless_dev *wdev = info->user_ptr[1];
5236 
5237 	if (!rdev->ops->del_virtual_intf)
5238 		return -EOPNOTSUPP;
5239 
5240 	/*
5241 	 * We hold RTNL, so this is safe, without RTNL opencount cannot
5242 	 * reach 0, and thus the rdev cannot be deleted.
5243 	 *
5244 	 * We need to do it for the dev_close(), since that will call
5245 	 * the netdev notifiers, and we need to acquire the mutex there
5246 	 * but don't know if we get there from here or from some other
5247 	 * place (e.g. "ip link set ... down").
5248 	 */
5249 	mutex_unlock(&rdev->wiphy.mtx);
5250 
5251 	/*
5252 	 * If we remove a wireless device without a netdev then clear
5253 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
5254 	 * to check if it needs to do dev_put(). Otherwise it crashes
5255 	 * since the wdev has been freed, unlike with a netdev where
5256 	 * we need the dev_put() for the netdev to really be freed.
5257 	 */
5258 	if (!wdev->netdev)
5259 		info->user_ptr[1] = NULL;
5260 	else
5261 		dev_close(wdev->netdev);
5262 
5263 	cfg80211_close_dependents(rdev, wdev);
5264 
5265 	mutex_lock(&rdev->wiphy.mtx);
5266 
5267 	return cfg80211_remove_virtual_intf(rdev, wdev);
5268 }
5269 
5270 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
5271 {
5272 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5273 	struct net_device *dev = info->user_ptr[1];
5274 	u16 noack_map;
5275 
5276 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
5277 		return -EINVAL;
5278 
5279 	if (!rdev->ops->set_noack_map)
5280 		return -EOPNOTSUPP;
5281 
5282 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
5283 
5284 	return rdev_set_noack_map(rdev, dev, noack_map);
5285 }
5286 
5287 static int nl80211_validate_key_link_id(struct genl_info *info,
5288 					struct wireless_dev *wdev,
5289 					int link_id, bool pairwise)
5290 {
5291 	if (pairwise) {
5292 		if (link_id != -1) {
5293 			GENL_SET_ERR_MSG(info,
5294 					 "link ID not allowed for pairwise key");
5295 			return -EINVAL;
5296 		}
5297 
5298 		return 0;
5299 	}
5300 
5301 	if (wdev->valid_links) {
5302 		if (link_id == -1) {
5303 			GENL_SET_ERR_MSG(info,
5304 					 "link ID must be set for MLO group key");
5305 			return -EINVAL;
5306 		}
5307 		if (!(wdev->valid_links & BIT(link_id))) {
5308 			GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
5309 			return -EINVAL;
5310 		}
5311 	} else if (link_id != -1) {
5312 		GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
5313 		return -EINVAL;
5314 	}
5315 
5316 	return 0;
5317 }
5318 
5319 struct get_key_cookie {
5320 	struct sk_buff *msg;
5321 	int error;
5322 	int idx;
5323 };
5324 
5325 static void get_key_callback(void *c, struct key_params *params)
5326 {
5327 	struct nlattr *key;
5328 	struct get_key_cookie *cookie = c;
5329 
5330 	if ((params->seq &&
5331 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
5332 		     params->seq_len, params->seq)) ||
5333 	    (params->cipher &&
5334 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
5335 			 params->cipher)))
5336 		goto nla_put_failure;
5337 
5338 	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
5339 	if (!key)
5340 		goto nla_put_failure;
5341 
5342 	if ((params->seq &&
5343 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
5344 		     params->seq_len, params->seq)) ||
5345 	    (params->cipher &&
5346 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
5347 			 params->cipher)))
5348 		goto nla_put_failure;
5349 
5350 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
5351 		goto nla_put_failure;
5352 
5353 	nla_nest_end(cookie->msg, key);
5354 
5355 	return;
5356  nla_put_failure:
5357 	cookie->error = 1;
5358 }
5359 
5360 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
5361 {
5362 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5363 	int err;
5364 	struct wireless_dev *wdev = info->user_ptr[1];
5365 	u8 key_idx = 0;
5366 	const u8 *mac_addr = NULL;
5367 	bool pairwise;
5368 	struct get_key_cookie cookie = {
5369 		.error = 0,
5370 	};
5371 	void *hdr;
5372 	struct sk_buff *msg;
5373 	bool bigtk_support = false;
5374 	int link_id = nl80211_link_id_or_invalid(info->attrs);
5375 
5376 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5377 				    NL80211_EXT_FEATURE_BEACON_PROTECTION))
5378 		bigtk_support = true;
5379 
5380 	if ((wdev->iftype == NL80211_IFTYPE_STATION ||
5381 	     wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
5382 	    wiphy_ext_feature_isset(&rdev->wiphy,
5383 				    NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
5384 		bigtk_support = true;
5385 
5386 	if (info->attrs[NL80211_ATTR_KEY_IDX]) {
5387 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
5388 
5389 		if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
5390 			GENL_SET_ERR_MSG(info, "BIGTK not supported");
5391 			return -EINVAL;
5392 		}
5393 	}
5394 
5395 	if (info->attrs[NL80211_ATTR_MAC])
5396 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5397 
5398 	pairwise = !!mac_addr;
5399 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
5400 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
5401 
5402 		if (kt != NL80211_KEYTYPE_GROUP &&
5403 		    kt != NL80211_KEYTYPE_PAIRWISE)
5404 			return -EINVAL;
5405 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
5406 	}
5407 
5408 	if (!rdev->ops->get_key)
5409 		return -EOPNOTSUPP;
5410 
5411 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
5412 		return -ENOENT;
5413 
5414 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5415 	if (!msg)
5416 		return -ENOMEM;
5417 
5418 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5419 			     NL80211_CMD_NEW_KEY);
5420 	if (!hdr)
5421 		goto nla_put_failure;
5422 
5423 	cookie.msg = msg;
5424 	cookie.idx = key_idx;
5425 
5426 	if ((wdev->netdev &&
5427 	     nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) ||
5428 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
5429 			      NL80211_ATTR_PAD) ||
5430 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
5431 		goto nla_put_failure;
5432 	if (mac_addr &&
5433 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
5434 		goto nla_put_failure;
5435 
5436 	err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
5437 	if (err)
5438 		goto free_msg;
5439 
5440 	err = rdev_get_key(rdev, wdev, link_id, key_idx, pairwise, mac_addr,
5441 			   &cookie, get_key_callback);
5442 
5443 	if (err)
5444 		goto free_msg;
5445 
5446 	if (cookie.error)
5447 		goto nla_put_failure;
5448 
5449 	genlmsg_end(msg, hdr);
5450 	return genlmsg_reply(msg, info);
5451 
5452  nla_put_failure:
5453 	err = -ENOBUFS;
5454  free_msg:
5455 	nlmsg_free(msg);
5456 	return err;
5457 }
5458 
5459 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
5460 {
5461 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5462 	struct key_parse key;
5463 	int err;
5464 	struct wireless_dev *wdev = info->user_ptr[1];
5465 	int link_id = nl80211_link_id_or_invalid(info->attrs);
5466 
5467 	err = nl80211_parse_key(info, &key);
5468 	if (err)
5469 		return err;
5470 
5471 	if (key.idx < 0)
5472 		return -EINVAL;
5473 
5474 	/* Only support setting default key and
5475 	 * Extended Key ID action NL80211_KEY_SET_TX.
5476 	 */
5477 	if (!key.def && !key.defmgmt && !key.defbeacon &&
5478 	    !(key.p.mode == NL80211_KEY_SET_TX))
5479 		return -EINVAL;
5480 
5481 	if (key.def) {
5482 		if (!rdev->ops->set_default_key)
5483 			return -EOPNOTSUPP;
5484 
5485 		if (!wdev->netdev)
5486 			return -EINVAL;
5487 
5488 		err = nl80211_key_allowed(wdev);
5489 		if (err)
5490 			return err;
5491 
5492 		err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5493 		if (err)
5494 			return err;
5495 
5496 		err = rdev_set_default_key(rdev, wdev->netdev, link_id, key.idx,
5497 					   key.def_uni, key.def_multi);
5498 
5499 		if (err)
5500 			return err;
5501 
5502 #ifdef CONFIG_CFG80211_WEXT
5503 		wdev->wext.default_key = key.idx;
5504 #endif
5505 		return 0;
5506 	} else if (key.defmgmt) {
5507 		if (key.def_uni || !key.def_multi)
5508 			return -EINVAL;
5509 
5510 		if (!rdev->ops->set_default_mgmt_key)
5511 			return -EOPNOTSUPP;
5512 
5513 		err = nl80211_key_allowed(wdev);
5514 		if (err)
5515 			return err;
5516 
5517 		err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5518 		if (err)
5519 			return err;
5520 
5521 		err = rdev_set_default_mgmt_key(rdev, wdev, link_id, key.idx);
5522 		if (err)
5523 			return err;
5524 
5525 #ifdef CONFIG_CFG80211_WEXT
5526 		wdev->wext.default_mgmt_key = key.idx;
5527 #endif
5528 		return 0;
5529 	} else if (key.defbeacon) {
5530 		if (key.def_uni || !key.def_multi)
5531 			return -EINVAL;
5532 
5533 		if (!rdev->ops->set_default_beacon_key)
5534 			return -EOPNOTSUPP;
5535 
5536 		err = nl80211_key_allowed(wdev);
5537 		if (err)
5538 			return err;
5539 
5540 		err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5541 		if (err)
5542 			return err;
5543 
5544 		return rdev_set_default_beacon_key(rdev, wdev, link_id,
5545 						   key.idx);
5546 	} else if (key.p.mode == NL80211_KEY_SET_TX &&
5547 		   wiphy_ext_feature_isset(&rdev->wiphy,
5548 					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
5549 		u8 *mac_addr = NULL;
5550 
5551 		if (info->attrs[NL80211_ATTR_MAC])
5552 			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5553 
5554 		if (!mac_addr || key.idx < 0 || key.idx > 1)
5555 			return -EINVAL;
5556 
5557 		err = nl80211_validate_key_link_id(info, wdev, link_id, true);
5558 		if (err)
5559 			return err;
5560 
5561 		return rdev_add_key(rdev, wdev, link_id, key.idx,
5562 				    NL80211_KEYTYPE_PAIRWISE,
5563 				    mac_addr, &key.p);
5564 	}
5565 
5566 	return -EINVAL;
5567 }
5568 
5569 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
5570 {
5571 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5572 	int err;
5573 	struct wireless_dev *wdev = info->user_ptr[1];
5574 	struct key_parse key;
5575 	const u8 *mac_addr = NULL;
5576 	int link_id = nl80211_link_id_or_invalid(info->attrs);
5577 
5578 	err = nl80211_parse_key(info, &key);
5579 	if (err)
5580 		return err;
5581 
5582 	if (!key.p.key) {
5583 		GENL_SET_ERR_MSG(info, "no key");
5584 		return -EINVAL;
5585 	}
5586 
5587 	if (info->attrs[NL80211_ATTR_MAC])
5588 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5589 
5590 	if (key.type == -1) {
5591 		if (mac_addr)
5592 			key.type = NL80211_KEYTYPE_PAIRWISE;
5593 		else
5594 			key.type = NL80211_KEYTYPE_GROUP;
5595 	}
5596 
5597 	/* for now */
5598 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
5599 	    key.type != NL80211_KEYTYPE_GROUP) {
5600 		GENL_SET_ERR_MSG(info, "key type not pairwise or group");
5601 		return -EINVAL;
5602 	}
5603 
5604 	if (key.type == NL80211_KEYTYPE_GROUP &&
5605 	    info->attrs[NL80211_ATTR_VLAN_ID])
5606 		key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5607 
5608 	if (!rdev->ops->add_key)
5609 		return -EOPNOTSUPP;
5610 
5611 	if (cfg80211_validate_key_settings(rdev, wdev, &key.p, key.idx,
5612 					   key.type == NL80211_KEYTYPE_PAIRWISE,
5613 					   mac_addr)) {
5614 		GENL_SET_ERR_MSG(info, "key setting validation failed");
5615 		return -EINVAL;
5616 	}
5617 
5618 	err = nl80211_key_allowed(wdev);
5619 	if (err)
5620 		GENL_SET_ERR_MSG(info, "key not allowed");
5621 
5622 	if (!err)
5623 		err = nl80211_validate_key_link_id(info, wdev, link_id,
5624 				key.type == NL80211_KEYTYPE_PAIRWISE);
5625 
5626 	if (!err) {
5627 		err = rdev_add_key(rdev, wdev, link_id, key.idx,
5628 				   key.type == NL80211_KEYTYPE_PAIRWISE,
5629 				    mac_addr, &key.p);
5630 		if (err)
5631 			GENL_SET_ERR_MSG(info, "key addition failed");
5632 	}
5633 
5634 	return err;
5635 }
5636 
5637 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
5638 {
5639 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5640 	int err;
5641 	struct wireless_dev *wdev = info->user_ptr[1];
5642 	u8 *mac_addr = NULL;
5643 	struct key_parse key;
5644 	int link_id = nl80211_link_id_or_invalid(info->attrs);
5645 
5646 	err = nl80211_parse_key(info, &key);
5647 	if (err)
5648 		return err;
5649 
5650 	if (info->attrs[NL80211_ATTR_MAC])
5651 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5652 
5653 	if (key.type == -1) {
5654 		if (mac_addr)
5655 			key.type = NL80211_KEYTYPE_PAIRWISE;
5656 		else
5657 			key.type = NL80211_KEYTYPE_GROUP;
5658 	}
5659 
5660 	/* for now */
5661 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
5662 	    key.type != NL80211_KEYTYPE_GROUP)
5663 		return -EINVAL;
5664 
5665 	if (!cfg80211_valid_key_idx(rdev, key.idx,
5666 				    key.type == NL80211_KEYTYPE_PAIRWISE))
5667 		return -EINVAL;
5668 
5669 	if (!rdev->ops->del_key)
5670 		return -EOPNOTSUPP;
5671 
5672 	err = nl80211_key_allowed(wdev);
5673 
5674 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
5675 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
5676 		err = -ENOENT;
5677 
5678 	if (!err)
5679 		err = nl80211_validate_key_link_id(info, wdev, link_id,
5680 				key.type == NL80211_KEYTYPE_PAIRWISE);
5681 
5682 	if (!err)
5683 		err = rdev_del_key(rdev, wdev, link_id, key.idx,
5684 				   key.type == NL80211_KEYTYPE_PAIRWISE,
5685 				   mac_addr);
5686 
5687 #ifdef CONFIG_CFG80211_WEXT
5688 	if (!err) {
5689 		if (key.idx == wdev->wext.default_key)
5690 			wdev->wext.default_key = -1;
5691 		else if (key.idx == wdev->wext.default_mgmt_key)
5692 			wdev->wext.default_mgmt_key = -1;
5693 	}
5694 #endif
5695 
5696 	return err;
5697 }
5698 
5699 /* This function returns an error or the number of nested attributes */
5700 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
5701 {
5702 	struct nlattr *attr;
5703 	int n_entries = 0, tmp;
5704 
5705 	nla_for_each_nested(attr, nl_attr, tmp) {
5706 		if (nla_len(attr) != ETH_ALEN)
5707 			return -EINVAL;
5708 
5709 		n_entries++;
5710 	}
5711 
5712 	return n_entries;
5713 }
5714 
5715 /*
5716  * This function parses ACL information and allocates memory for ACL data.
5717  * On successful return, the calling function is responsible to free the
5718  * ACL buffer returned by this function.
5719  */
5720 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
5721 						struct genl_info *info)
5722 {
5723 	enum nl80211_acl_policy acl_policy;
5724 	struct nlattr *attr;
5725 	struct cfg80211_acl_data *acl;
5726 	int i = 0, n_entries, tmp;
5727 
5728 	if (!wiphy->max_acl_mac_addrs)
5729 		return ERR_PTR(-EOPNOTSUPP);
5730 
5731 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
5732 		return ERR_PTR(-EINVAL);
5733 
5734 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
5735 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
5736 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
5737 		return ERR_PTR(-EINVAL);
5738 
5739 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
5740 		return ERR_PTR(-EINVAL);
5741 
5742 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
5743 	if (n_entries < 0)
5744 		return ERR_PTR(n_entries);
5745 
5746 	if (n_entries > wiphy->max_acl_mac_addrs)
5747 		return ERR_PTR(-EOPNOTSUPP);
5748 
5749 	acl = kzalloc_flex(*acl, mac_addrs, n_entries);
5750 	if (!acl)
5751 		return ERR_PTR(-ENOMEM);
5752 	acl->n_acl_entries = n_entries;
5753 
5754 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
5755 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
5756 		i++;
5757 	}
5758 	acl->acl_policy = acl_policy;
5759 
5760 	return acl;
5761 }
5762 
5763 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
5764 {
5765 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5766 	struct net_device *dev = info->user_ptr[1];
5767 	struct cfg80211_acl_data *acl;
5768 	int err;
5769 
5770 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5771 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5772 		return -EOPNOTSUPP;
5773 
5774 	if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
5775 		return -EINVAL;
5776 
5777 	acl = parse_acl_data(&rdev->wiphy, info);
5778 	if (IS_ERR(acl))
5779 		return PTR_ERR(acl);
5780 
5781 	err = rdev_set_mac_acl(rdev, dev, acl);
5782 
5783 	kfree(acl);
5784 
5785 	return err;
5786 }
5787 
5788 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5789 			   u8 *rates, u8 rates_len)
5790 {
5791 	u8 i;
5792 	u32 mask = 0;
5793 
5794 	for (i = 0; i < rates_len; i++) {
5795 		int rate = (rates[i] & 0x7f) * 5;
5796 		int ridx;
5797 
5798 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5799 			struct ieee80211_rate *srate =
5800 				&sband->bitrates[ridx];
5801 			if (rate == srate->bitrate) {
5802 				mask |= 1 << ridx;
5803 				break;
5804 			}
5805 		}
5806 		if (ridx == sband->n_bitrates)
5807 			return 0; /* rate not found */
5808 	}
5809 
5810 	return mask;
5811 }
5812 
5813 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5814 			       u8 *rates, u8 rates_len,
5815 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5816 {
5817 	u8 i;
5818 
5819 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5820 
5821 	for (i = 0; i < rates_len; i++) {
5822 		int ridx, rbit;
5823 
5824 		ridx = rates[i] / 8;
5825 		rbit = BIT(rates[i] % 8);
5826 
5827 		/* check validity */
5828 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5829 			return false;
5830 
5831 		/* check availability */
5832 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
5833 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5834 			mcs[ridx] |= rbit;
5835 		else
5836 			return false;
5837 	}
5838 
5839 	return true;
5840 }
5841 
5842 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
5843 {
5844 	u16 mcs_mask = 0;
5845 
5846 	switch (vht_mcs_map) {
5847 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
5848 		break;
5849 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
5850 		mcs_mask = 0x00FF;
5851 		break;
5852 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
5853 		mcs_mask = 0x01FF;
5854 		break;
5855 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
5856 		mcs_mask = 0x03FF;
5857 		break;
5858 	default:
5859 		break;
5860 	}
5861 
5862 	return mcs_mask;
5863 }
5864 
5865 static void vht_build_mcs_mask(u16 vht_mcs_map,
5866 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
5867 {
5868 	u8 nss;
5869 
5870 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5871 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5872 		vht_mcs_map >>= 2;
5873 	}
5874 }
5875 
5876 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5877 			     struct nl80211_txrate_vht *txrate,
5878 			     u16 mcs[NL80211_VHT_NSS_MAX])
5879 {
5880 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5881 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5882 	u8 i;
5883 
5884 	if (!sband->vht_cap.vht_supported)
5885 		return false;
5886 
5887 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5888 
5889 	/* Build vht_mcs_mask from VHT capabilities */
5890 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5891 
5892 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5893 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5894 			mcs[i] = txrate->mcs[i];
5895 		else
5896 			return false;
5897 	}
5898 
5899 	return true;
5900 }
5901 
5902 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5903 {
5904 	switch (he_mcs_map) {
5905 	case IEEE80211_HE_MCS_NOT_SUPPORTED:
5906 		return 0;
5907 	case IEEE80211_HE_MCS_SUPPORT_0_7:
5908 		return 0x00FF;
5909 	case IEEE80211_HE_MCS_SUPPORT_0_9:
5910 		return 0x03FF;
5911 	case IEEE80211_HE_MCS_SUPPORT_0_11:
5912 		return 0xFFF;
5913 	default:
5914 		break;
5915 	}
5916 	return 0;
5917 }
5918 
5919 static void he_build_mcs_mask(u16 he_mcs_map,
5920 			      u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5921 {
5922 	u8 nss;
5923 
5924 	for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5925 		he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5926 		he_mcs_map >>= 2;
5927 	}
5928 }
5929 
5930 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5931 			   const struct ieee80211_sta_he_cap *he_cap)
5932 {
5933 	struct net_device *dev = info->user_ptr[1];
5934 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5935 	struct cfg80211_chan_def *chandef;
5936 	__le16 tx_mcs;
5937 
5938 	chandef = wdev_chandef(wdev, link_id);
5939 	if (!chandef) {
5940 		/*
5941 		 * This is probably broken, but we never maintained
5942 		 * a chandef in these cases, so it always was.
5943 		 */
5944 		return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5945 	}
5946 
5947 	switch (chandef->width) {
5948 	case NL80211_CHAN_WIDTH_80P80:
5949 		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5950 		break;
5951 	case NL80211_CHAN_WIDTH_160:
5952 		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5953 		break;
5954 	default:
5955 		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5956 		break;
5957 	}
5958 
5959 	return le16_to_cpu(tx_mcs);
5960 }
5961 
5962 static bool he_set_mcs_mask(struct genl_info *info,
5963 			    struct wireless_dev *wdev,
5964 			    struct ieee80211_supported_band *sband,
5965 			    struct nl80211_txrate_he *txrate,
5966 			    u16 mcs[NL80211_HE_NSS_MAX],
5967 			    unsigned int link_id)
5968 {
5969 	const struct ieee80211_sta_he_cap *he_cap;
5970 	u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5971 	u16 tx_mcs_map = 0;
5972 	u8 i;
5973 
5974 	he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5975 	if (!he_cap)
5976 		return false;
5977 
5978 	memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5979 
5980 	tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5981 
5982 	/* Build he_mcs_mask from HE capabilities */
5983 	he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5984 
5985 	for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5986 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5987 			mcs[i] = txrate->mcs[i];
5988 		else
5989 			return false;
5990 	}
5991 
5992 	return true;
5993 }
5994 
5995 static void eht_build_mcs_mask(struct genl_info *info,
5996 			       const struct ieee80211_sta_eht_cap *eht_cap,
5997 			       u8 mcs_nss_len, u16 *mcs_mask)
5998 {
5999 	struct net_device *dev = info->user_ptr[1];
6000 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6001 	u8 nss, mcs_7 = 0, mcs_9 = 0, mcs_11 = 0, mcs_13 = 0;
6002 	unsigned int link_id = nl80211_link_id(info->attrs);
6003 
6004 	if (mcs_nss_len == 4) {
6005 		const struct ieee80211_eht_mcs_nss_supp_20mhz_only *mcs =
6006 					&eht_cap->eht_mcs_nss_supp.only_20mhz;
6007 
6008 		mcs_7 = u8_get_bits(mcs->rx_tx_mcs7_max_nss,
6009 				    IEEE80211_EHT_MCS_NSS_TX);
6010 		mcs_9 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
6011 				    IEEE80211_EHT_MCS_NSS_TX);
6012 		mcs_11 = u8_get_bits(mcs->rx_tx_mcs11_max_nss,
6013 				     IEEE80211_EHT_MCS_NSS_TX);
6014 		mcs_13 = u8_get_bits(mcs->rx_tx_mcs13_max_nss,
6015 				     IEEE80211_EHT_MCS_NSS_TX);
6016 
6017 	} else {
6018 		const struct ieee80211_eht_mcs_nss_supp_bw *mcs;
6019 		enum nl80211_chan_width width;
6020 
6021 		switch (wdev->iftype) {
6022 		case NL80211_IFTYPE_ADHOC:
6023 			width = wdev->u.ibss.chandef.width;
6024 			break;
6025 		case NL80211_IFTYPE_MESH_POINT:
6026 			width = wdev->u.mesh.chandef.width;
6027 			break;
6028 		case NL80211_IFTYPE_OCB:
6029 			width = wdev->u.ocb.chandef.width;
6030 			break;
6031 		default:
6032 			if (wdev->valid_links)
6033 				width = wdev->links[link_id].ap.chandef.width;
6034 			else
6035 				width = wdev->u.ap.preset_chandef.width;
6036 			break;
6037 		}
6038 
6039 		switch (width) {
6040 		case NL80211_CHAN_WIDTH_320:
6041 			mcs = &eht_cap->eht_mcs_nss_supp.bw._320;
6042 			break;
6043 		case NL80211_CHAN_WIDTH_160:
6044 			mcs = &eht_cap->eht_mcs_nss_supp.bw._160;
6045 			break;
6046 		default:
6047 			mcs = &eht_cap->eht_mcs_nss_supp.bw._80;
6048 			break;
6049 		}
6050 
6051 		mcs_7 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
6052 				    IEEE80211_EHT_MCS_NSS_TX);
6053 		mcs_9 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
6054 				    IEEE80211_EHT_MCS_NSS_TX);
6055 		mcs_11 = u8_get_bits(mcs->rx_tx_mcs11_max_nss,
6056 				     IEEE80211_EHT_MCS_NSS_TX);
6057 		mcs_13 = u8_get_bits(mcs->rx_tx_mcs13_max_nss,
6058 				     IEEE80211_EHT_MCS_NSS_TX);
6059 	}
6060 
6061 	/* Enable MCS 14 for NSS 0 */
6062 	if (eht_cap->eht_cap_elem.phy_cap_info[6] &
6063 	    IEEE80211_EHT_PHY_CAP6_EHT_DUP_6GHZ_SUPP)
6064 		mcs_mask[0] |= 0x4000;
6065 
6066 	/* Enable MCS 15 for NSS 0 */
6067 	mcs_mask[0] |= 0x8000;
6068 
6069 	for (nss = 0; nss < NL80211_EHT_NSS_MAX; nss++) {
6070 		if (!mcs_7)
6071 			continue;
6072 		mcs_mask[nss] |= 0x00FF;
6073 		mcs_7--;
6074 
6075 		if (!mcs_9)
6076 			continue;
6077 		mcs_mask[nss] |= 0x0300;
6078 		mcs_9--;
6079 
6080 		if (!mcs_11)
6081 			continue;
6082 		mcs_mask[nss] |= 0x0C00;
6083 		mcs_11--;
6084 
6085 		if (!mcs_13)
6086 			continue;
6087 		mcs_mask[nss] |= 0x3000;
6088 		mcs_13--;
6089 	}
6090 }
6091 
6092 static bool eht_set_mcs_mask(struct genl_info *info, struct wireless_dev *wdev,
6093 			     struct ieee80211_supported_band *sband,
6094 			     struct nl80211_txrate_eht *txrate,
6095 			     u16 mcs[NL80211_EHT_NSS_MAX])
6096 {
6097 	const struct ieee80211_sta_he_cap *he_cap;
6098 	const struct ieee80211_sta_eht_cap *eht_cap;
6099 	u16 tx_mcs_mask[NL80211_EHT_NSS_MAX] = { 0 };
6100 	u8 i, mcs_nss_len;
6101 
6102 	he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
6103 	if (!he_cap)
6104 		return false;
6105 
6106 	eht_cap = ieee80211_get_eht_iftype_cap(sband, wdev->iftype);
6107 	if (!eht_cap)
6108 		return false;
6109 
6110 	/* Checks for MCS 14 */
6111 	if (txrate->mcs[0] & 0x4000) {
6112 		if (sband->band != NL80211_BAND_6GHZ)
6113 			return false;
6114 
6115 		if (!(eht_cap->eht_cap_elem.phy_cap_info[6] &
6116 		      IEEE80211_EHT_PHY_CAP6_EHT_DUP_6GHZ_SUPP))
6117 			return false;
6118 	}
6119 
6120 	mcs_nss_len = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
6121 						 &eht_cap->eht_cap_elem,
6122 						 wdev->iftype ==
6123 							NL80211_IFTYPE_STATION);
6124 
6125 	if (mcs_nss_len == 3) {
6126 		/* Supported iftypes for setting non-20 MHZ only EHT MCS */
6127 		switch (wdev->iftype) {
6128 		case NL80211_IFTYPE_ADHOC:
6129 		case NL80211_IFTYPE_AP:
6130 		case NL80211_IFTYPE_P2P_GO:
6131 		case NL80211_IFTYPE_MESH_POINT:
6132 		case NL80211_IFTYPE_OCB:
6133 			break;
6134 		default:
6135 			return false;
6136 		}
6137 	}
6138 
6139 	/* Build eht_mcs_mask from EHT and HE capabilities */
6140 	eht_build_mcs_mask(info, eht_cap, mcs_nss_len, tx_mcs_mask);
6141 
6142 	memset(mcs, 0, sizeof(u16) * NL80211_EHT_NSS_MAX);
6143 	for (i = 0; i < NL80211_EHT_NSS_MAX; i++) {
6144 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
6145 			mcs[i] = txrate->mcs[i];
6146 		else
6147 			return false;
6148 	}
6149 
6150 	return true;
6151 }
6152 
6153 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
6154 					 struct nlattr *attrs[],
6155 					 enum nl80211_attrs attr,
6156 					 struct cfg80211_bitrate_mask *mask,
6157 					 struct net_device *dev,
6158 					 bool default_all_enabled,
6159 					 unsigned int link_id)
6160 {
6161 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
6162 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6163 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6164 	int rem, i;
6165 	struct nlattr *tx_rates;
6166 	struct ieee80211_supported_band *sband;
6167 	u16 vht_tx_mcs_map, he_tx_mcs_map;
6168 
6169 	memset(mask, 0, sizeof(*mask));
6170 	/* Default to all rates enabled */
6171 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
6172 		const struct ieee80211_sta_he_cap *he_cap;
6173 		const struct ieee80211_sta_eht_cap *eht_cap;
6174 		u8 mcs_nss_len;
6175 
6176 		if (!default_all_enabled)
6177 			break;
6178 
6179 		sband = rdev->wiphy.bands[i];
6180 
6181 		if (!sband)
6182 			continue;
6183 
6184 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
6185 		memcpy(mask->control[i].ht_mcs,
6186 		       sband->ht_cap.mcs.rx_mask,
6187 		       sizeof(mask->control[i].ht_mcs));
6188 
6189 		if (sband->vht_cap.vht_supported) {
6190 			vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
6191 			vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
6192 		}
6193 
6194 		he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
6195 		if (!he_cap)
6196 			continue;
6197 
6198 		he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
6199 		he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
6200 
6201 		mask->control[i].he_gi = 0xFF;
6202 		mask->control[i].he_ltf = 0xFF;
6203 
6204 		eht_cap = ieee80211_get_eht_iftype_cap(sband, wdev->iftype);
6205 		if (!eht_cap)
6206 			continue;
6207 
6208 		mcs_nss_len = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
6209 							 &eht_cap->eht_cap_elem,
6210 							 wdev->iftype ==
6211 							 NL80211_IFTYPE_STATION);
6212 
6213 		eht_build_mcs_mask(info, eht_cap, mcs_nss_len,
6214 				   mask->control[i].eht_mcs);
6215 
6216 		mask->control[i].eht_gi = 0xFF;
6217 		mask->control[i].eht_ltf = 0xFF;
6218 	}
6219 
6220 	/* if no rates are given set it back to the defaults */
6221 	if (!attrs[attr])
6222 		goto out;
6223 
6224 	/* The nested attribute uses enum nl80211_band as the index. This maps
6225 	 * directly to the enum nl80211_band values used in cfg80211.
6226 	 */
6227 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
6228 	nla_for_each_nested(tx_rates, attrs[attr], rem) {
6229 		int band = nla_type(tx_rates);
6230 		int err;
6231 
6232 		if (band < 0 || band >= NUM_NL80211_BANDS)
6233 			return -EINVAL;
6234 		sband = rdev->wiphy.bands[band];
6235 		if (sband == NULL)
6236 			return -EINVAL;
6237 		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
6238 						  tx_rates,
6239 						  nl80211_txattr_policy,
6240 						  info->extack);
6241 		if (err)
6242 			return err;
6243 		if (tb[NL80211_TXRATE_LEGACY]) {
6244 			mask->control[band].legacy = rateset_to_mask(
6245 				sband,
6246 				nla_data(tb[NL80211_TXRATE_LEGACY]),
6247 				nla_len(tb[NL80211_TXRATE_LEGACY]));
6248 			if ((mask->control[band].legacy == 0) &&
6249 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
6250 				return -EINVAL;
6251 		}
6252 		if (tb[NL80211_TXRATE_HT]) {
6253 			if (!ht_rateset_to_mask(
6254 					sband,
6255 					nla_data(tb[NL80211_TXRATE_HT]),
6256 					nla_len(tb[NL80211_TXRATE_HT]),
6257 					mask->control[band].ht_mcs))
6258 				return -EINVAL;
6259 		}
6260 
6261 		if (tb[NL80211_TXRATE_VHT]) {
6262 			if (!vht_set_mcs_mask(
6263 					sband,
6264 					nla_data(tb[NL80211_TXRATE_VHT]),
6265 					mask->control[band].vht_mcs))
6266 				return -EINVAL;
6267 		}
6268 
6269 		if (tb[NL80211_TXRATE_GI]) {
6270 			mask->control[band].gi =
6271 				nla_get_u8(tb[NL80211_TXRATE_GI]);
6272 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
6273 				return -EINVAL;
6274 		}
6275 		if (tb[NL80211_TXRATE_HE] &&
6276 		    !he_set_mcs_mask(info, wdev, sband,
6277 				     nla_data(tb[NL80211_TXRATE_HE]),
6278 				     mask->control[band].he_mcs,
6279 				     link_id))
6280 			return -EINVAL;
6281 
6282 		if (tb[NL80211_TXRATE_HE_GI])
6283 			mask->control[band].he_gi =
6284 				nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
6285 		if (tb[NL80211_TXRATE_HE_LTF])
6286 			mask->control[band].he_ltf =
6287 				nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
6288 
6289 		if (tb[NL80211_TXRATE_EHT] &&
6290 		    !eht_set_mcs_mask(info, wdev, sband,
6291 				      nla_data(tb[NL80211_TXRATE_EHT]),
6292 				      mask->control[band].eht_mcs))
6293 			return -EINVAL;
6294 
6295 		if (tb[NL80211_TXRATE_EHT_GI])
6296 			mask->control[band].eht_gi =
6297 				nla_get_u8(tb[NL80211_TXRATE_EHT_GI]);
6298 		if (tb[NL80211_TXRATE_EHT_LTF])
6299 			mask->control[band].eht_ltf =
6300 				nla_get_u8(tb[NL80211_TXRATE_EHT_LTF]);
6301 
6302 		if (mask->control[band].legacy == 0) {
6303 			/* don't allow empty legacy rates if HT, VHT, HE or EHT
6304 			 * are not even supported.
6305 			 */
6306 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
6307 			      rdev->wiphy.bands[band]->vht_cap.vht_supported ||
6308 			      ieee80211_get_he_iftype_cap(sband, wdev->iftype) ||
6309 			      ieee80211_get_eht_iftype_cap(sband, wdev->iftype)))
6310 				return -EINVAL;
6311 
6312 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
6313 				if (mask->control[band].ht_mcs[i])
6314 					goto out;
6315 
6316 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
6317 				if (mask->control[band].vht_mcs[i])
6318 					goto out;
6319 
6320 			for (i = 0; i < NL80211_HE_NSS_MAX; i++)
6321 				if (mask->control[band].he_mcs[i])
6322 					goto out;
6323 
6324 			for (i = 0; i < NL80211_EHT_NSS_MAX; i++)
6325 				if (mask->control[band].eht_mcs[i])
6326 					goto out;
6327 
6328 			/* legacy and mcs rates may not be both empty */
6329 			return -EINVAL;
6330 		}
6331 	}
6332 
6333 out:
6334 	return 0;
6335 }
6336 
6337 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
6338 				   enum nl80211_band band,
6339 				   struct cfg80211_bitrate_mask *beacon_rate)
6340 {
6341 	u32 count_ht, count_vht, count_he, count_eht, i;
6342 	u32 rate = beacon_rate->control[band].legacy;
6343 
6344 	/* Allow only one rate */
6345 	if (hweight32(rate) > 1)
6346 		return -EINVAL;
6347 
6348 	count_ht = 0;
6349 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
6350 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
6351 			return -EINVAL;
6352 		} else if (beacon_rate->control[band].ht_mcs[i]) {
6353 			count_ht++;
6354 			if (count_ht > 1)
6355 				return -EINVAL;
6356 		}
6357 		if (count_ht && rate)
6358 			return -EINVAL;
6359 	}
6360 
6361 	count_vht = 0;
6362 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
6363 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
6364 			return -EINVAL;
6365 		} else if (beacon_rate->control[band].vht_mcs[i]) {
6366 			count_vht++;
6367 			if (count_vht > 1)
6368 				return -EINVAL;
6369 		}
6370 		if (count_vht && rate)
6371 			return -EINVAL;
6372 	}
6373 
6374 	count_he = 0;
6375 	for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
6376 		if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
6377 			return -EINVAL;
6378 		} else if (beacon_rate->control[band].he_mcs[i]) {
6379 			count_he++;
6380 			if (count_he > 1)
6381 				return -EINVAL;
6382 		}
6383 		if (count_he && rate)
6384 			return -EINVAL;
6385 	}
6386 
6387 	count_eht = 0;
6388 	for (i = 0; i < NL80211_EHT_NSS_MAX; i++) {
6389 		if (hweight16(beacon_rate->control[band].eht_mcs[i]) > 1) {
6390 			return -EINVAL;
6391 		} else if (beacon_rate->control[band].eht_mcs[i]) {
6392 			count_eht++;
6393 			if (count_eht > 1)
6394 				return -EINVAL;
6395 		}
6396 		if (count_eht && rate)
6397 			return -EINVAL;
6398 	}
6399 
6400 	if ((count_ht && count_vht && count_he && count_eht) ||
6401 	    (!rate && !count_ht && !count_vht && !count_he && !count_eht))
6402 		return -EINVAL;
6403 
6404 	if (rate &&
6405 	    !wiphy_ext_feature_isset(&rdev->wiphy,
6406 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
6407 		return -EINVAL;
6408 	if (count_ht &&
6409 	    !wiphy_ext_feature_isset(&rdev->wiphy,
6410 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
6411 		return -EINVAL;
6412 	if (count_vht &&
6413 	    !wiphy_ext_feature_isset(&rdev->wiphy,
6414 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
6415 		return -EINVAL;
6416 	if (count_he &&
6417 	    !wiphy_ext_feature_isset(&rdev->wiphy,
6418 				     NL80211_EXT_FEATURE_BEACON_RATE_HE))
6419 		return -EINVAL;
6420 
6421 	if (count_eht &&
6422 	    !wiphy_ext_feature_isset(&rdev->wiphy,
6423 				     NL80211_EXT_FEATURE_BEACON_RATE_EHT))
6424 		return -EINVAL;
6425 
6426 	return 0;
6427 }
6428 
6429 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
6430 				       struct net_device *dev,
6431 				       unsigned int link_id,
6432 				       struct nlattr *attrs,
6433 				       struct cfg80211_mbssid_config *config,
6434 				       u8 num_elems)
6435 {
6436 	struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
6437 	int tx_link_id = -1;
6438 
6439 	if (!wiphy->mbssid_max_interfaces)
6440 		return -EOPNOTSUPP;
6441 
6442 	if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
6443 			     NULL) ||
6444 	    !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
6445 		return -EINVAL;
6446 
6447 	config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
6448 	if (config->ema) {
6449 		if (!wiphy->ema_max_profile_periodicity)
6450 			return -EOPNOTSUPP;
6451 
6452 		if (num_elems > wiphy->ema_max_profile_periodicity)
6453 			return -EINVAL;
6454 	}
6455 
6456 	config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
6457 	if (config->index >= wiphy->mbssid_max_interfaces ||
6458 	    (!config->index && !num_elems))
6459 		return -EINVAL;
6460 
6461 	if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID])
6462 		tx_link_id = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID]);
6463 
6464 	if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
6465 		u32 tx_ifindex =
6466 			nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
6467 
6468 		if ((!config->index && tx_ifindex != dev->ifindex) ||
6469 		    (config->index && tx_ifindex == dev->ifindex))
6470 			return -EINVAL;
6471 
6472 		if (tx_ifindex != dev->ifindex) {
6473 			struct net_device *tx_netdev =
6474 				dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
6475 
6476 			if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
6477 			    tx_netdev->ieee80211_ptr->wiphy != wiphy ||
6478 			    tx_netdev->ieee80211_ptr->iftype !=
6479 							NL80211_IFTYPE_AP) {
6480 				dev_put(tx_netdev);
6481 				return -EINVAL;
6482 			}
6483 
6484 			config->tx_wdev = tx_netdev->ieee80211_ptr;
6485 			/* Caller should call dev_put(config->tx_wdev) from this point */
6486 
6487 			if (config->tx_wdev->valid_links) {
6488 				if (tx_link_id == -1 ||
6489 				    !(config->tx_wdev->valid_links & BIT(tx_link_id)))
6490 					return -ENOLINK;
6491 
6492 				config->tx_link_id = tx_link_id;
6493 			}
6494 		} else {
6495 			if (tx_link_id >= 0 && tx_link_id != link_id)
6496 				return -EINVAL;
6497 
6498 			config->tx_wdev = dev->ieee80211_ptr;
6499 		}
6500 	} else if (!config->index) {
6501 		if (tx_link_id >= 0 && tx_link_id != link_id)
6502 			return -EINVAL;
6503 
6504 		config->tx_wdev = dev->ieee80211_ptr;
6505 	} else {
6506 		return -EINVAL;
6507 	}
6508 
6509 	return 0;
6510 }
6511 
6512 static struct cfg80211_mbssid_elems *
6513 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
6514 {
6515 	struct nlattr *nl_elems;
6516 	struct cfg80211_mbssid_elems *elems;
6517 	int rem_elems;
6518 	u8 i = 0, num_elems = 0;
6519 
6520 	if (!wiphy->mbssid_max_interfaces)
6521 		return ERR_PTR(-EINVAL);
6522 
6523 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
6524 		if (num_elems >= 255)
6525 			return ERR_PTR(-EINVAL);
6526 		num_elems++;
6527 	}
6528 
6529 	elems = kzalloc_flex(*elems, elem, num_elems);
6530 	if (!elems)
6531 		return ERR_PTR(-ENOMEM);
6532 	elems->cnt = num_elems;
6533 
6534 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
6535 		elems->elem[i].data = nla_data(nl_elems);
6536 		elems->elem[i].len = nla_len(nl_elems);
6537 		i++;
6538 	}
6539 	return elems;
6540 }
6541 
6542 static struct cfg80211_rnr_elems *
6543 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
6544 			struct netlink_ext_ack *extack)
6545 {
6546 	struct nlattr *nl_elems;
6547 	struct cfg80211_rnr_elems *elems;
6548 	int rem_elems;
6549 	u8 i = 0, num_elems = 0;
6550 
6551 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
6552 		int ret;
6553 
6554 		ret = validate_ie_attr(nl_elems, extack);
6555 		if (ret)
6556 			return ERR_PTR(ret);
6557 
6558 		if (num_elems >= 255)
6559 			return ERR_PTR(-EINVAL);
6560 
6561 		num_elems++;
6562 	}
6563 
6564 	elems = kzalloc_flex(*elems, elem, num_elems);
6565 	if (!elems)
6566 		return ERR_PTR(-ENOMEM);
6567 	elems->cnt = num_elems;
6568 
6569 	nla_for_each_nested(nl_elems, attrs, rem_elems) {
6570 		elems->elem[i].data = nla_data(nl_elems);
6571 		elems->elem[i].len = nla_len(nl_elems);
6572 		i++;
6573 	}
6574 	return elems;
6575 }
6576 
6577 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
6578 				      struct cfg80211_he_bss_color *he_bss_color)
6579 {
6580 	struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
6581 	int err;
6582 
6583 	err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
6584 			       he_bss_color_policy, NULL);
6585 	if (err)
6586 		return err;
6587 
6588 	if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
6589 		return -EINVAL;
6590 
6591 	he_bss_color->color =
6592 		nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
6593 	he_bss_color->enabled =
6594 		!nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
6595 	he_bss_color->partial =
6596 		nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
6597 
6598 	return 0;
6599 }
6600 
6601 static void nl80211_check_ap_rate_selectors(struct cfg80211_beacon_data *bcn,
6602 					    const struct element *rates)
6603 {
6604 	int i;
6605 
6606 	if (!rates)
6607 		return;
6608 
6609 	for (i = 0; i < rates->datalen; i++) {
6610 		if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
6611 			bcn->ht_required = true;
6612 		if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
6613 			bcn->vht_required = true;
6614 	}
6615 }
6616 
6617 /*
6618  * Since the nl80211 API didn't include, from the beginning, attributes about
6619  * HT/VHT/... operation, we parse them out of the elements and check for
6620  * validity for use by drivers/mac80211.
6621  */
6622 static int nl80211_calculate_ap_operation(struct nlattr *attrs[],
6623 					  struct cfg80211_beacon_data *bcn,
6624 					  struct netlink_ext_ack *extack)
6625 {
6626 	size_t ies_len = bcn->tail_len;
6627 	const u8 *ies = bcn->tail;
6628 	const struct element *rates;
6629 	const struct element *op;
6630 
6631 	rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
6632 	nl80211_check_ap_rate_selectors(bcn, rates);
6633 
6634 	rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
6635 	nl80211_check_ap_rate_selectors(bcn, rates);
6636 
6637 	op = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
6638 	if (op) {
6639 		if (op->datalen < sizeof(*bcn->he_oper) + 1) {
6640 			NL_SET_ERR_MSG(extack, "bad HE operation in beacon");
6641 			return -EINVAL;
6642 		}
6643 		bcn->he_oper = (void *)(op->data + 1);
6644 		/* takes extension ID into account */
6645 		if (op->datalen < ieee80211_he_oper_size((void *)bcn->he_oper)) {
6646 			NL_SET_ERR_MSG(extack, "bad HE operation in beacon");
6647 			return -EINVAL;
6648 		}
6649 	}
6650 
6651 	op = cfg80211_find_elem(WLAN_EID_HT_OPERATION, ies, ies_len);
6652 	if (op) {
6653 		if (op->datalen < sizeof(*bcn->ht_oper)) {
6654 			NL_SET_ERR_MSG(extack, "bad HT operation in beacon");
6655 			return -EINVAL;
6656 		}
6657 		bcn->ht_oper = (void *)op->data;
6658 	}
6659 
6660 	op = cfg80211_find_elem(WLAN_EID_VHT_OPERATION, ies, ies_len);
6661 	if (op) {
6662 		if (op->datalen < sizeof(*bcn->vht_oper)) {
6663 			NL_SET_ERR_MSG(extack, "bad VHT operation in beacon");
6664 			return -EINVAL;
6665 		}
6666 		bcn->vht_oper = (void *)op->data;
6667 	}
6668 
6669 	op = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
6670 	if (op) {
6671 		if (!ieee80211_eht_oper_size_ok(op->data + 1,
6672 						op->datalen - 1)) {
6673 			NL_SET_ERR_MSG(extack, "bad EHT operation in beacon");
6674 			return -EINVAL;
6675 		}
6676 		bcn->eht_oper = (void *)(op->data + 1);
6677 	}
6678 
6679 	op = cfg80211_find_ext_elem(WLAN_EID_EXT_UHR_OPER, ies, ies_len);
6680 	if (op) {
6681 		/* need full UHR operation separately */
6682 		if (!attrs[NL80211_ATTR_UHR_OPERATION]) {
6683 			NL_SET_ERR_MSG(extack, "missing UHR operation");
6684 			return -EINVAL;
6685 		}
6686 		bcn->uhr_oper = nla_data(attrs[NL80211_ATTR_UHR_OPERATION]);
6687 	} else if (attrs[NL80211_ATTR_UHR_OPERATION]) {
6688 		NL_SET_ERR_MSG(extack, "unexpected UHR operation");
6689 		return -EINVAL;
6690 	}
6691 
6692 	return 0;
6693 }
6694 
6695 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
6696 				struct nlattr *attrs[],
6697 				struct cfg80211_beacon_data *bcn,
6698 				struct ieee80211_channel *chan,
6699 				struct netlink_ext_ack *extack)
6700 {
6701 	bool haveinfo = false;
6702 	int err;
6703 
6704 	memset(bcn, 0, sizeof(*bcn));
6705 
6706 	bcn->link_id = nl80211_link_id(attrs);
6707 
6708 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
6709 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
6710 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
6711 		if (!bcn->head_len)
6712 			return -EINVAL;
6713 		haveinfo = true;
6714 	}
6715 
6716 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
6717 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
6718 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
6719 		haveinfo = true;
6720 	}
6721 
6722 	if (!haveinfo)
6723 		return -EINVAL;
6724 
6725 	if (attrs[NL80211_ATTR_IE]) {
6726 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
6727 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
6728 	}
6729 
6730 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
6731 		bcn->proberesp_ies =
6732 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
6733 		bcn->proberesp_ies_len =
6734 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
6735 	}
6736 
6737 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
6738 		bcn->assocresp_ies =
6739 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
6740 		bcn->assocresp_ies_len =
6741 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
6742 	}
6743 
6744 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
6745 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
6746 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
6747 	}
6748 
6749 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
6750 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
6751 
6752 		err = nla_parse_nested_deprecated(tb,
6753 						  NL80211_FTM_RESP_ATTR_MAX,
6754 						  attrs[NL80211_ATTR_FTM_RESPONDER],
6755 						  NULL, NULL);
6756 		if (err)
6757 			return err;
6758 
6759 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
6760 		    wiphy_ext_feature_isset(&rdev->wiphy,
6761 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
6762 			bcn->ftm_responder = 1;
6763 		else
6764 			return -EOPNOTSUPP;
6765 
6766 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
6767 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
6768 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
6769 		}
6770 
6771 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
6772 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
6773 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
6774 		}
6775 	} else {
6776 		bcn->ftm_responder = -1;
6777 	}
6778 
6779 	if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
6780 		err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
6781 						 &bcn->he_bss_color);
6782 		if (err)
6783 			return err;
6784 		bcn->he_bss_color_valid = true;
6785 	}
6786 
6787 	if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
6788 		struct cfg80211_mbssid_elems *mbssid =
6789 			nl80211_parse_mbssid_elems(&rdev->wiphy,
6790 						   attrs[NL80211_ATTR_MBSSID_ELEMS]);
6791 
6792 		if (IS_ERR(mbssid))
6793 			return PTR_ERR(mbssid);
6794 
6795 		bcn->mbssid_ies = mbssid;
6796 
6797 		if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
6798 			struct cfg80211_rnr_elems *rnr =
6799 				nl80211_parse_rnr_elems(&rdev->wiphy,
6800 							attrs[NL80211_ATTR_EMA_RNR_ELEMS],
6801 							extack);
6802 
6803 			if (IS_ERR(rnr))
6804 				return PTR_ERR(rnr);
6805 
6806 			if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
6807 				return -EINVAL;
6808 
6809 			bcn->rnr_ies = rnr;
6810 		}
6811 	}
6812 
6813 	err = nl80211_calculate_ap_operation(attrs, bcn, extack);
6814 	if (err)
6815 		return err;
6816 
6817 	if (bcn->he_oper && (chan->flags & IEEE80211_CHAN_NO_HE))
6818 		return -EOPNOTSUPP;
6819 
6820 	if (bcn->eht_oper && (chan->flags & IEEE80211_CHAN_NO_EHT))
6821 		return -EOPNOTSUPP;
6822 
6823 	if (bcn->uhr_oper && (chan->flags & IEEE80211_CHAN_NO_UHR))
6824 		return -EOPNOTSUPP;
6825 
6826 	return 0;
6827 }
6828 
6829 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
6830 				    struct ieee80211_he_obss_pd *he_obss_pd)
6831 {
6832 	struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
6833 	int err;
6834 
6835 	err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
6836 			       he_obss_pd_policy, NULL);
6837 	if (err)
6838 		return err;
6839 
6840 	if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
6841 		return -EINVAL;
6842 
6843 	he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
6844 
6845 	if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
6846 		he_obss_pd->min_offset =
6847 			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
6848 	if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
6849 		he_obss_pd->max_offset =
6850 			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
6851 	if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
6852 		he_obss_pd->non_srg_max_offset =
6853 			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
6854 
6855 	if (he_obss_pd->min_offset > he_obss_pd->max_offset)
6856 		return -EINVAL;
6857 
6858 	if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
6859 		memcpy(he_obss_pd->bss_color_bitmap,
6860 		       nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
6861 		       sizeof(he_obss_pd->bss_color_bitmap));
6862 
6863 	if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
6864 		memcpy(he_obss_pd->partial_bssid_bitmap,
6865 		       nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
6866 		       sizeof(he_obss_pd->partial_bssid_bitmap));
6867 
6868 	he_obss_pd->enable = true;
6869 
6870 	return 0;
6871 }
6872 
6873 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
6874 					struct nlattr *attrs,
6875 					struct cfg80211_fils_discovery *fd)
6876 {
6877 	struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
6878 	int ret;
6879 
6880 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
6881 				     NL80211_EXT_FEATURE_FILS_DISCOVERY))
6882 		return -EINVAL;
6883 
6884 	ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
6885 			       NULL, NULL);
6886 	if (ret)
6887 		return ret;
6888 
6889 	if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
6890 	    !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
6891 	    !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
6892 		fd->update = true;
6893 		return 0;
6894 	}
6895 
6896 	if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
6897 	    !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
6898 	    !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
6899 		return -EINVAL;
6900 
6901 	fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
6902 	fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
6903 	fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
6904 	fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
6905 	fd->update = true;
6906 	return 0;
6907 }
6908 
6909 static int
6910 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
6911 				     struct nlattr *attrs,
6912 				     struct cfg80211_unsol_bcast_probe_resp *presp)
6913 {
6914 	struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
6915 	int ret;
6916 
6917 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
6918 				     NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
6919 		return -EINVAL;
6920 
6921 	ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
6922 			       attrs, NULL, NULL);
6923 	if (ret)
6924 		return ret;
6925 
6926 	if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
6927 	    !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
6928 		presp->update = true;
6929 		return 0;
6930 	}
6931 
6932 	if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
6933 	    !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
6934 		return -EINVAL;
6935 
6936 	presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6937 	presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6938 	presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
6939 	presp->update = true;
6940 	return 0;
6941 }
6942 
6943 /*
6944  * Since the nl80211 API didn't include, from the beginning, attributes about
6945  * HT/VHT/... capabilities, we parse them out of the elements and check for
6946  * validity for use by drivers/mac80211.
6947  */
6948 static int nl80211_calculate_ap_capabilities(struct genl_info *info,
6949 					     struct cfg80211_ap_settings *params)
6950 {
6951 	size_t ies_len = params->beacon.tail_len;
6952 	const u8 *ies = params->beacon.tail;
6953 	const struct element *cap;
6954 
6955 	cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
6956 	if (cap) {
6957 		if (cap->datalen < sizeof(*params->ht_cap)) {
6958 			GENL_SET_ERR_MSG(info, "bad HT capability in beacon");
6959 			return -EINVAL;
6960 		}
6961 		params->ht_cap = (void *)cap->data;
6962 	}
6963 
6964 	cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
6965 	if (cap) {
6966 		if (cap->datalen < sizeof(*params->vht_cap)) {
6967 			GENL_SET_ERR_MSG(info, "bad VHT capability in beacon");
6968 			return -EINVAL;
6969 		}
6970 		params->vht_cap = (void *)cap->data;
6971 	}
6972 
6973 	cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
6974 	if (cap) {
6975 		if (cap->datalen < sizeof(*params->he_cap) + 1) {
6976 			GENL_SET_ERR_MSG(info, "bad HE capability in beacon");
6977 			return -EINVAL;
6978 		}
6979 		params->he_cap = (void *)(cap->data + 1);
6980 	}
6981 
6982 	cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
6983 	if (cap) {
6984 		params->eht_cap = (void *)(cap->data + 1);
6985 		if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
6986 						(const u8 *)params->eht_cap,
6987 						cap->datalen - 1, true)) {
6988 			GENL_SET_ERR_MSG(info, "bad EHT capability in beacon");
6989 			return -EINVAL;
6990 		}
6991 	}
6992 
6993 	if (!!params->he_cap != !!params->beacon.he_oper)
6994 		return -EINVAL;
6995 
6996 	if (!!params->eht_cap != !!params->beacon.eht_oper)
6997 		return -EINVAL;
6998 
6999 	return 0;
7000 }
7001 
7002 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
7003 				   struct cfg80211_ap_settings *params)
7004 {
7005 	struct wireless_dev *wdev;
7006 
7007 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
7008 		if (wdev->iftype != NL80211_IFTYPE_AP &&
7009 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
7010 			continue;
7011 
7012 		if (!wdev->u.ap.preset_chandef.chan)
7013 			continue;
7014 
7015 		params->chandef = wdev->u.ap.preset_chandef;
7016 		return true;
7017 	}
7018 
7019 	return false;
7020 }
7021 
7022 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
7023 				    enum nl80211_auth_type auth_type,
7024 				    enum nl80211_commands cmd)
7025 {
7026 	if (auth_type > NL80211_AUTHTYPE_MAX)
7027 		return false;
7028 
7029 	switch (cmd) {
7030 	case NL80211_CMD_AUTHENTICATE:
7031 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
7032 		    auth_type == NL80211_AUTHTYPE_SAE)
7033 			return false;
7034 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7035 					     NL80211_EXT_FEATURE_FILS_STA) &&
7036 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
7037 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
7038 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
7039 			return false;
7040 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7041 					     NL80211_EXT_FEATURE_EPPKE) &&
7042 		    auth_type == NL80211_AUTHTYPE_EPPKE)
7043 			return false;
7044 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7045 					     NL80211_EXT_FEATURE_IEEE8021X_AUTH) &&
7046 		    auth_type == NL80211_AUTHTYPE_IEEE8021X)
7047 			return false;
7048 		return true;
7049 	case NL80211_CMD_CONNECT:
7050 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
7051 		    !wiphy_ext_feature_isset(&rdev->wiphy,
7052 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
7053 		    auth_type == NL80211_AUTHTYPE_SAE)
7054 			return false;
7055 
7056 		/* FILS with SK PFS or PK not supported yet */
7057 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
7058 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
7059 			return false;
7060 		if (!wiphy_ext_feature_isset(
7061 			    &rdev->wiphy,
7062 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
7063 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
7064 			return false;
7065 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7066 					     NL80211_EXT_FEATURE_EPPKE) &&
7067 		    auth_type == NL80211_AUTHTYPE_EPPKE)
7068 			return false;
7069 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7070 					     NL80211_EXT_FEATURE_IEEE8021X_AUTH) &&
7071 		    auth_type == NL80211_AUTHTYPE_IEEE8021X)
7072 			return false;
7073 		return true;
7074 	case NL80211_CMD_START_AP:
7075 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7076 					     NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
7077 		    auth_type == NL80211_AUTHTYPE_SAE)
7078 			return false;
7079 		/* FILS not supported yet */
7080 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
7081 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
7082 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
7083 			return false;
7084 		return true;
7085 	default:
7086 		return false;
7087 	}
7088 }
7089 
7090 static void nl80211_send_ap_started(struct wireless_dev *wdev,
7091 				    unsigned int link_id)
7092 {
7093 	struct wiphy *wiphy = wdev->wiphy;
7094 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
7095 	struct sk_buff *msg;
7096 	void *hdr;
7097 
7098 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7099 	if (!msg)
7100 		return;
7101 
7102 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
7103 	if (!hdr)
7104 		goto out;
7105 
7106 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7107 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
7108 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7109 			      NL80211_ATTR_PAD) ||
7110 	    (wdev->u.ap.ssid_len &&
7111 	     nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
7112 		     wdev->u.ap.ssid)) ||
7113 	    (wdev->valid_links &&
7114 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
7115 		goto out;
7116 
7117 	genlmsg_end(msg, hdr);
7118 
7119 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
7120 				NL80211_MCGRP_MLME, GFP_KERNEL);
7121 	return;
7122 out:
7123 	nlmsg_free(msg);
7124 }
7125 
7126 static int
7127 nl80211_parse_s1g_short_beacon(struct cfg80211_registered_device *rdev,
7128 			       struct nlattr *attrs,
7129 			       struct cfg80211_s1g_short_beacon *sb)
7130 {
7131 	struct nlattr *tb[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1];
7132 	int ret;
7133 
7134 	if (!rdev->wiphy.bands[NL80211_BAND_S1GHZ])
7135 		return -EINVAL;
7136 
7137 	ret = nla_parse_nested(tb, NL80211_S1G_SHORT_BEACON_ATTR_MAX, attrs,
7138 			       NULL, NULL);
7139 	if (ret)
7140 		return ret;
7141 
7142 	/* Short beacon tail is optional (i.e might only include the TIM) */
7143 	if (!tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD])
7144 		return -EINVAL;
7145 
7146 	sb->short_head = nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
7147 	sb->short_head_len = nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
7148 	sb->short_tail_len = 0;
7149 
7150 	if (tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]) {
7151 		sb->short_tail =
7152 			nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
7153 		sb->short_tail_len =
7154 			nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
7155 	}
7156 
7157 	sb->update = true;
7158 	return 0;
7159 }
7160 
7161 static int nl80211_check_npca(struct cfg80211_registered_device *rdev,
7162 			      const struct cfg80211_chan_def *chandef,
7163 			      enum nl80211_iftype iftype,
7164 			      struct netlink_ext_ack *extack)
7165 {
7166 	const struct ieee80211_supported_band *sband;
7167 	const struct ieee80211_sta_uhr_cap *uhr_cap;
7168 
7169 	if (!chandef->npca_chan)
7170 		return 0;
7171 
7172 	sband = rdev->wiphy.bands[chandef->chan->band];
7173 	uhr_cap = ieee80211_get_uhr_iftype_cap(sband, iftype);
7174 
7175 	if (uhr_cap &&
7176 	    (uhr_cap->mac.mac_cap[0] & IEEE80211_UHR_MAC_CAP0_NPCA_SUPP))
7177 		return 0;
7178 
7179 	NL_SET_ERR_MSG(extack, "NPCA not supported");
7180 	return -EINVAL;
7181 }
7182 
7183 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
7184 {
7185 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7186 	struct cfg80211_beaconing_check_config beacon_check = {};
7187 	unsigned int link_id = nl80211_link_id(info->attrs);
7188 	struct net_device *dev = info->user_ptr[1];
7189 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7190 	struct cfg80211_ap_settings *params;
7191 	int err;
7192 
7193 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7194 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7195 		return -EOPNOTSUPP;
7196 
7197 	if (!rdev->ops->start_ap)
7198 		return -EOPNOTSUPP;
7199 
7200 	if (wdev->links[link_id].cac_started)
7201 		return -EBUSY;
7202 
7203 	if (wdev->links[link_id].ap.beacon_interval)
7204 		return -EALREADY;
7205 
7206 	/* these are required for START_AP */
7207 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
7208 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
7209 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
7210 		return -EINVAL;
7211 
7212 	if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
7213 	    nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
7214 		return -EOPNOTSUPP;
7215 
7216 	params = kzalloc_obj(*params);
7217 	if (!params)
7218 		return -ENOMEM;
7219 
7220 	params->beacon_interval =
7221 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7222 	params->dtim_period =
7223 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
7224 
7225 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
7226 					   params->beacon_interval);
7227 	if (err)
7228 		goto out;
7229 
7230 	/*
7231 	 * In theory, some of these attributes should be required here
7232 	 * but since they were not used when the command was originally
7233 	 * added, keep them optional for old user space programs to let
7234 	 * them continue to work with drivers that do not need the
7235 	 * additional information -- drivers must check!
7236 	 */
7237 	if (info->attrs[NL80211_ATTR_SSID]) {
7238 		params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7239 		params->ssid_len =
7240 			nla_len(info->attrs[NL80211_ATTR_SSID]);
7241 		if (params->ssid_len == 0) {
7242 			err = -EINVAL;
7243 			goto out;
7244 		}
7245 
7246 		if (wdev->u.ap.ssid_len &&
7247 		    (wdev->u.ap.ssid_len != params->ssid_len ||
7248 		     memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
7249 			/* require identical SSID for MLO */
7250 			err = -EINVAL;
7251 			goto out;
7252 		}
7253 	} else if (wdev->valid_links) {
7254 		/* require SSID for MLO */
7255 		err = -EINVAL;
7256 		goto out;
7257 	}
7258 
7259 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
7260 		params->hidden_ssid = nla_get_u32(
7261 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
7262 
7263 	params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
7264 
7265 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7266 		params->auth_type = nla_get_u32(
7267 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
7268 		if (!nl80211_valid_auth_type(rdev, params->auth_type,
7269 					     NL80211_CMD_START_AP)) {
7270 			err = -EINVAL;
7271 			goto out;
7272 		}
7273 	} else
7274 		params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7275 
7276 	err = nl80211_crypto_settings(rdev, info, &params->crypto,
7277 				      NL80211_MAX_NR_CIPHER_SUITES);
7278 	if (err)
7279 		goto out;
7280 
7281 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
7282 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
7283 			err = -EOPNOTSUPP;
7284 			goto out;
7285 		}
7286 		params->inactivity_timeout = nla_get_u16(
7287 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
7288 	}
7289 
7290 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
7291 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7292 			err = -EINVAL;
7293 			goto out;
7294 		}
7295 		params->p2p_ctwindow =
7296 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
7297 		if (params->p2p_ctwindow != 0 &&
7298 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
7299 			err = -EINVAL;
7300 			goto out;
7301 		}
7302 	}
7303 
7304 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
7305 		u8 tmp;
7306 
7307 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7308 			err = -EINVAL;
7309 			goto out;
7310 		}
7311 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
7312 		params->p2p_opp_ps = tmp;
7313 		if (params->p2p_opp_ps != 0 &&
7314 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
7315 			err = -EINVAL;
7316 			goto out;
7317 		}
7318 	}
7319 
7320 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7321 		err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
7322 					    &params->chandef, true);
7323 		if (err)
7324 			goto out;
7325 	} else if (wdev->valid_links) {
7326 		/* with MLD need to specify the channel configuration */
7327 		err = -EINVAL;
7328 		goto out;
7329 	} else if (wdev->u.ap.preset_chandef.chan) {
7330 		params->chandef = wdev->u.ap.preset_chandef;
7331 	} else if (!nl80211_get_ap_channel(rdev, params)) {
7332 		err = -EINVAL;
7333 		goto out;
7334 	}
7335 
7336 	err = nl80211_parse_beacon(rdev, info->attrs, &params->beacon,
7337 				   params->chandef.chan, info->extack);
7338 	if (err)
7339 		goto out;
7340 
7341 	err = nl80211_check_npca(rdev, &params->chandef, wdev->iftype,
7342 				 info->extack);
7343 	if (err)
7344 		goto out;
7345 
7346 	beacon_check.iftype = wdev->iftype;
7347 	beacon_check.relax = true;
7348 	beacon_check.reg_power =
7349 		cfg80211_get_6ghz_power_type(params->beacon.tail,
7350 					     params->beacon.tail_len, 0);
7351 	if (!cfg80211_reg_check_beaconing(&rdev->wiphy, &params->chandef,
7352 					  &beacon_check)) {
7353 		err = -EINVAL;
7354 		goto out;
7355 	}
7356 
7357 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
7358 		err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
7359 						    NL80211_ATTR_TX_RATES,
7360 						    &params->beacon_rate,
7361 						    dev, false, link_id);
7362 		if (err)
7363 			goto out;
7364 
7365 		err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
7366 					      &params->beacon_rate);
7367 		if (err)
7368 			goto out;
7369 	}
7370 
7371 	params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
7372 	if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
7373 		err = -EOPNOTSUPP;
7374 		goto out;
7375 	}
7376 
7377 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
7378 		params->acl = parse_acl_data(&rdev->wiphy, info);
7379 		if (IS_ERR(params->acl)) {
7380 			err = PTR_ERR(params->acl);
7381 			params->acl = NULL;
7382 			goto out;
7383 		}
7384 	}
7385 
7386 	params->twt_responder =
7387 		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
7388 
7389 	if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
7390 		err = nl80211_parse_he_obss_pd(
7391 					info->attrs[NL80211_ATTR_HE_OBSS_PD],
7392 					&params->he_obss_pd);
7393 		if (err)
7394 			goto out;
7395 	}
7396 
7397 	if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
7398 		err = nl80211_parse_fils_discovery(rdev,
7399 						   info->attrs[NL80211_ATTR_FILS_DISCOVERY],
7400 						   &params->fils_discovery);
7401 		if (err)
7402 			goto out;
7403 	}
7404 
7405 	if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
7406 		err = nl80211_parse_unsol_bcast_probe_resp(
7407 			rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
7408 			&params->unsol_bcast_probe_resp);
7409 		if (err)
7410 			goto out;
7411 	}
7412 
7413 	if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
7414 		err = nl80211_parse_mbssid_config(&rdev->wiphy, dev, link_id,
7415 						  info->attrs[NL80211_ATTR_MBSSID_CONFIG],
7416 						  &params->mbssid_config,
7417 						  params->beacon.mbssid_ies ?
7418 							params->beacon.mbssid_ies->cnt :
7419 							0);
7420 		if (err)
7421 			goto out;
7422 	}
7423 
7424 	if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
7425 		err = -EINVAL;
7426 		goto out;
7427 	}
7428 
7429 	if (info->attrs[NL80211_ATTR_S1G_SHORT_BEACON]) {
7430 		if (!info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]) {
7431 			err = -EINVAL;
7432 			goto out;
7433 		}
7434 
7435 		params->s1g_long_beacon_period = nla_get_u8(
7436 			info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]);
7437 
7438 		err = nl80211_parse_s1g_short_beacon(
7439 			rdev, info->attrs[NL80211_ATTR_S1G_SHORT_BEACON],
7440 			&params->s1g_short_beacon);
7441 		if (err)
7442 			goto out;
7443 	}
7444 
7445 	err = nl80211_calculate_ap_capabilities(info, params);
7446 	if (err)
7447 		goto out;
7448 
7449 	if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
7450 		params->flags = nla_get_u32(
7451 			info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
7452 	else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
7453 		params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
7454 
7455 	if (wdev->conn_owner_nlportid &&
7456 	    info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
7457 	    wdev->conn_owner_nlportid != info->snd_portid) {
7458 		err = -EINVAL;
7459 		goto out;
7460 	}
7461 
7462 	/* FIXME: validate MLO/link-id against driver capabilities */
7463 
7464 	err = rdev_start_ap(rdev, dev, params);
7465 	if (!err) {
7466 		wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
7467 		wdev->links[link_id].ap.chandef = params->chandef;
7468 		wdev->u.ap.ssid_len = params->ssid_len;
7469 		memcpy(wdev->u.ap.ssid, params->ssid,
7470 		       params->ssid_len);
7471 
7472 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7473 			wdev->conn_owner_nlportid = info->snd_portid;
7474 
7475 		nl80211_send_ap_started(wdev, link_id);
7476 	}
7477 out:
7478 	kfree(params->acl);
7479 	kfree(params->beacon.mbssid_ies);
7480 	if (params->mbssid_config.tx_wdev &&
7481 	    params->mbssid_config.tx_wdev->netdev &&
7482 	    params->mbssid_config.tx_wdev->netdev != dev)
7483 		dev_put(params->mbssid_config.tx_wdev->netdev);
7484 	kfree(params->beacon.rnr_ies);
7485 	kfree(params);
7486 
7487 	return err;
7488 }
7489 
7490 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
7491 {
7492 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7493 	struct cfg80211_beaconing_check_config beacon_check = {};
7494 	unsigned int link_id = nl80211_link_id(info->attrs);
7495 	struct net_device *dev = info->user_ptr[1];
7496 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7497 	struct cfg80211_ap_update *params;
7498 	struct nlattr *attr;
7499 	int err;
7500 
7501 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7502 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7503 		return -EOPNOTSUPP;
7504 
7505 	if (!rdev->ops->change_beacon)
7506 		return -EOPNOTSUPP;
7507 
7508 	if (!wdev->links[link_id].ap.beacon_interval)
7509 		return -EINVAL;
7510 
7511 	params = kzalloc_obj(*params);
7512 	if (!params)
7513 		return -ENOMEM;
7514 
7515 	err = nl80211_parse_beacon(rdev, info->attrs, &params->beacon,
7516 				   wdev->links[link_id].ap.chandef.chan,
7517 				   info->extack);
7518 	if (err)
7519 		goto out;
7520 
7521 	/* recheck beaconing is permitted with possibly changed power type */
7522 	beacon_check.iftype = wdev->iftype;
7523 	beacon_check.relax = true;
7524 	beacon_check.reg_power =
7525 		cfg80211_get_6ghz_power_type(params->beacon.tail,
7526 					     params->beacon.tail_len, 0);
7527 	if (!cfg80211_reg_check_beaconing(&rdev->wiphy,
7528 					  &wdev->links[link_id].ap.chandef,
7529 					  &beacon_check)) {
7530 		err = -EINVAL;
7531 		goto out;
7532 	}
7533 
7534 	attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
7535 	if (attr) {
7536 		err = nl80211_parse_fils_discovery(rdev, attr,
7537 						   &params->fils_discovery);
7538 		if (err)
7539 			goto out;
7540 	}
7541 
7542 	attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
7543 	if (attr) {
7544 		err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
7545 							   &params->unsol_bcast_probe_resp);
7546 		if (err)
7547 			goto out;
7548 	}
7549 
7550 	attr = info->attrs[NL80211_ATTR_S1G_SHORT_BEACON];
7551 	if (attr) {
7552 		err = nl80211_parse_s1g_short_beacon(rdev, attr,
7553 						     &params->s1g_short_beacon);
7554 		if (err)
7555 			goto out;
7556 	}
7557 
7558 	err = rdev_change_beacon(rdev, dev, params);
7559 
7560 out:
7561 	kfree(params->beacon.mbssid_ies);
7562 	kfree(params->beacon.rnr_ies);
7563 	kfree(params);
7564 	return err;
7565 }
7566 
7567 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
7568 {
7569 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7570 	unsigned int link_id = nl80211_link_id(info->attrs);
7571 	struct net_device *dev = info->user_ptr[1];
7572 
7573 	return cfg80211_stop_ap(rdev, dev, link_id, false);
7574 }
7575 
7576 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
7577 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
7578 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
7579 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
7580 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
7581 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
7582 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
7583 };
7584 
7585 static int parse_station_flags(struct genl_info *info,
7586 			       enum nl80211_iftype iftype,
7587 			       struct station_parameters *params)
7588 {
7589 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
7590 	struct nlattr *nla;
7591 	int flag;
7592 
7593 	/*
7594 	 * Try parsing the new attribute first so userspace
7595 	 * can specify both for older kernels.
7596 	 */
7597 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
7598 	if (nla) {
7599 		struct nl80211_sta_flag_update *sta_flags;
7600 
7601 		sta_flags = nla_data(nla);
7602 		params->sta_flags_mask = sta_flags->mask;
7603 		params->sta_flags_set = sta_flags->set;
7604 		params->sta_flags_set &= params->sta_flags_mask;
7605 		if ((params->sta_flags_mask |
7606 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
7607 			return -EINVAL;
7608 
7609 		if ((iftype == NL80211_IFTYPE_NAN ||
7610 		     iftype == NL80211_IFTYPE_NAN_DATA) &&
7611 		    params->sta_flags_mask &
7612 		    ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7613 		      BIT(NL80211_STA_FLAG_ASSOCIATED) |
7614 		      BIT(NL80211_STA_FLAG_AUTHORIZED) |
7615 		      BIT(NL80211_STA_FLAG_MFP)))
7616 				return -EINVAL;
7617 
7618 		/* WME is always used in NAN */
7619 		if (iftype == NL80211_IFTYPE_NAN_DATA) {
7620 			/* but don't let userspace control it */
7621 			if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_WME))
7622 				return -EINVAL;
7623 
7624 			params->sta_flags_mask |= BIT(NL80211_STA_FLAG_WME);
7625 			params->sta_flags_set |= BIT(NL80211_STA_FLAG_WME);
7626 		}
7627 
7628 		return 0;
7629 	}
7630 
7631 	/* if present, parse the old attribute */
7632 
7633 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
7634 	if (!nla)
7635 		return 0;
7636 
7637 	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
7638 		return -EINVAL;
7639 
7640 	/*
7641 	 * Only allow certain flags for interface types so that
7642 	 * other attributes are silently ignored. Remember that
7643 	 * this is backward compatibility code with old userspace
7644 	 * and shouldn't be hit in other cases anyway.
7645 	 */
7646 	switch (iftype) {
7647 	case NL80211_IFTYPE_AP:
7648 	case NL80211_IFTYPE_AP_VLAN:
7649 	case NL80211_IFTYPE_P2P_GO:
7650 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
7651 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
7652 					 BIT(NL80211_STA_FLAG_WME) |
7653 					 BIT(NL80211_STA_FLAG_MFP);
7654 		break;
7655 	case NL80211_IFTYPE_P2P_CLIENT:
7656 	case NL80211_IFTYPE_STATION:
7657 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
7658 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
7659 		break;
7660 	case NL80211_IFTYPE_MESH_POINT:
7661 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7662 					 BIT(NL80211_STA_FLAG_MFP) |
7663 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
7664 		break;
7665 	default:
7666 		return -EINVAL;
7667 	}
7668 
7669 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
7670 		if (flags[flag]) {
7671 			params->sta_flags_set |= (1<<flag);
7672 
7673 			/* no longer support new API additions in old API */
7674 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
7675 				return -EINVAL;
7676 		}
7677 	}
7678 
7679 	return 0;
7680 }
7681 
7682 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
7683 {
7684 	struct nlattr *rate;
7685 	u32 bitrate;
7686 	u16 bitrate_compat;
7687 	enum nl80211_rate_info rate_flg;
7688 
7689 	rate = nla_nest_start_noflag(msg, attr);
7690 	if (!rate)
7691 		return false;
7692 
7693 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
7694 	bitrate = cfg80211_calculate_bitrate(info);
7695 	/* report 16-bit bitrate only if we can */
7696 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
7697 	if (bitrate > 0 &&
7698 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
7699 		return false;
7700 	if (bitrate_compat > 0 &&
7701 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
7702 		return false;
7703 
7704 	switch (info->bw) {
7705 	case RATE_INFO_BW_1:
7706 		rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
7707 		break;
7708 	case RATE_INFO_BW_2:
7709 		rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
7710 		break;
7711 	case RATE_INFO_BW_4:
7712 		rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
7713 		break;
7714 	case RATE_INFO_BW_5:
7715 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
7716 		break;
7717 	case RATE_INFO_BW_8:
7718 		rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
7719 		break;
7720 	case RATE_INFO_BW_10:
7721 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
7722 		break;
7723 	case RATE_INFO_BW_16:
7724 		rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
7725 		break;
7726 	default:
7727 		WARN_ON(1);
7728 		fallthrough;
7729 	case RATE_INFO_BW_20:
7730 		rate_flg = 0;
7731 		break;
7732 	case RATE_INFO_BW_40:
7733 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
7734 		break;
7735 	case RATE_INFO_BW_80:
7736 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
7737 		break;
7738 	case RATE_INFO_BW_160:
7739 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
7740 		break;
7741 	case RATE_INFO_BW_HE_RU:
7742 		rate_flg = 0;
7743 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
7744 		break;
7745 	case RATE_INFO_BW_320:
7746 		rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
7747 		break;
7748 	case RATE_INFO_BW_EHT_RU:
7749 		rate_flg = 0;
7750 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS) &&
7751 			!(info->flags & RATE_INFO_FLAGS_UHR_MCS));
7752 		break;
7753 	}
7754 
7755 	if (rate_flg && nla_put_flag(msg, rate_flg))
7756 		return false;
7757 
7758 	if (info->flags & RATE_INFO_FLAGS_MCS) {
7759 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
7760 			return false;
7761 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7762 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7763 			return false;
7764 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
7765 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
7766 			return false;
7767 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
7768 			return false;
7769 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7770 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7771 			return false;
7772 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
7773 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
7774 			return false;
7775 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
7776 			return false;
7777 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
7778 			return false;
7779 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
7780 			return false;
7781 		if (info->bw == RATE_INFO_BW_HE_RU &&
7782 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
7783 			       info->he_ru_alloc))
7784 			return false;
7785 	} else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
7786 		if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
7787 			return false;
7788 		if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
7789 			return false;
7790 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7791 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7792 			return false;
7793 	} else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
7794 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
7795 			return false;
7796 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
7797 			return false;
7798 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
7799 			return false;
7800 		if (info->bw == RATE_INFO_BW_EHT_RU &&
7801 		    nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
7802 			       info->eht_ru_alloc))
7803 			return false;
7804 	} else if (info->flags & RATE_INFO_FLAGS_UHR_MCS) {
7805 		if (nla_put_u8(msg, NL80211_RATE_INFO_UHR_MCS, info->mcs))
7806 			return false;
7807 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
7808 			return false;
7809 		if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
7810 			return false;
7811 		if (info->bw == RATE_INFO_BW_EHT_RU &&
7812 		    nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
7813 			       info->eht_ru_alloc))
7814 			return false;
7815 		if (info->flags & RATE_INFO_FLAGS_UHR_ELR_MCS &&
7816 		    nla_put_flag(msg, NL80211_RATE_INFO_UHR_ELR))
7817 			return false;
7818 		if (info->flags & RATE_INFO_FLAGS_UHR_IM &&
7819 		    nla_put_flag(msg, NL80211_RATE_INFO_UHR_IM))
7820 			return false;
7821 	}
7822 
7823 	nla_nest_end(msg, rate);
7824 	return true;
7825 }
7826 
7827 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
7828 			       int id)
7829 {
7830 	void *attr;
7831 	int i = 0;
7832 
7833 	if (!mask)
7834 		return true;
7835 
7836 	attr = nla_nest_start_noflag(msg, id);
7837 	if (!attr)
7838 		return false;
7839 
7840 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
7841 		if (!(mask & BIT(i)))
7842 			continue;
7843 
7844 		if (nla_put_u8(msg, i, signal[i]))
7845 			return false;
7846 	}
7847 
7848 	nla_nest_end(msg, attr);
7849 
7850 	return true;
7851 }
7852 
7853 static int nl80211_fill_link_station(struct sk_buff *msg,
7854 				     struct cfg80211_registered_device *rdev,
7855 				     struct link_station_info *link_sinfo)
7856 {
7857 	struct nlattr *bss_param, *link_sinfoattr;
7858 
7859 #define PUT_LINK_SINFO(attr, memb, type) do {				\
7860 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
7861 	if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
7862 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
7863 			     link_sinfo->memb))				\
7864 		goto nla_put_failure;					\
7865 	} while (0)
7866 #define PUT_LINK_SINFO_U64(attr, memb) do {				\
7867 	if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
7868 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
7869 			      link_sinfo->memb, NL80211_STA_INFO_PAD))	\
7870 		goto nla_put_failure;					\
7871 	} while (0)
7872 
7873 	link_sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
7874 	if (!link_sinfoattr)
7875 		goto nla_put_failure;
7876 
7877 	PUT_LINK_SINFO(INACTIVE_TIME, inactive_time, u32);
7878 
7879 	if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7880 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
7881 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
7882 			(u32)link_sinfo->rx_bytes))
7883 		goto nla_put_failure;
7884 
7885 	if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7886 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
7887 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
7888 			(u32)link_sinfo->tx_bytes))
7889 		goto nla_put_failure;
7890 
7891 	PUT_LINK_SINFO_U64(RX_BYTES64, rx_bytes);
7892 	PUT_LINK_SINFO_U64(TX_BYTES64, tx_bytes);
7893 	PUT_LINK_SINFO_U64(RX_DURATION, rx_duration);
7894 	PUT_LINK_SINFO_U64(TX_DURATION, tx_duration);
7895 
7896 	if (wiphy_ext_feature_isset(&rdev->wiphy,
7897 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7898 		PUT_LINK_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
7899 
7900 	switch (rdev->wiphy.signal_type) {
7901 	case CFG80211_SIGNAL_TYPE_MBM:
7902 		PUT_LINK_SINFO(SIGNAL, signal, u8);
7903 		PUT_LINK_SINFO(SIGNAL_AVG, signal_avg, u8);
7904 		break;
7905 	default:
7906 		break;
7907 	}
7908 	if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
7909 		if (!nl80211_put_signal(msg, link_sinfo->chains,
7910 					link_sinfo->chain_signal,
7911 					NL80211_STA_INFO_CHAIN_SIGNAL))
7912 			goto nla_put_failure;
7913 	}
7914 	if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
7915 		if (!nl80211_put_signal(msg, link_sinfo->chains,
7916 					link_sinfo->chain_signal_avg,
7917 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
7918 			goto nla_put_failure;
7919 	}
7920 	if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
7921 		if (!nl80211_put_sta_rate(msg, &link_sinfo->txrate,
7922 					  NL80211_STA_INFO_TX_BITRATE))
7923 			goto nla_put_failure;
7924 	}
7925 	if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
7926 		if (!nl80211_put_sta_rate(msg, &link_sinfo->rxrate,
7927 					  NL80211_STA_INFO_RX_BITRATE))
7928 			goto nla_put_failure;
7929 	}
7930 
7931 	PUT_LINK_SINFO(RX_PACKETS, rx_packets, u32);
7932 	PUT_LINK_SINFO(TX_PACKETS, tx_packets, u32);
7933 	PUT_LINK_SINFO(TX_RETRIES, tx_retries, u32);
7934 	PUT_LINK_SINFO(TX_FAILED, tx_failed, u32);
7935 	PUT_LINK_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
7936 	PUT_LINK_SINFO(BEACON_LOSS, beacon_loss_count, u32);
7937 
7938 	if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
7939 		bss_param = nla_nest_start_noflag(msg,
7940 						  NL80211_STA_INFO_BSS_PARAM);
7941 		if (!bss_param)
7942 			goto nla_put_failure;
7943 
7944 		if (((link_sinfo->bss_param.flags &
7945 		      BSS_PARAM_FLAGS_CTS_PROT) &&
7946 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
7947 		    ((link_sinfo->bss_param.flags &
7948 		      BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
7949 		     nla_put_flag(msg,
7950 				  NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
7951 		    ((link_sinfo->bss_param.flags &
7952 		      BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
7953 		     nla_put_flag(msg,
7954 				  NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
7955 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
7956 			       link_sinfo->bss_param.dtim_period) ||
7957 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
7958 				link_sinfo->bss_param.beacon_interval))
7959 			goto nla_put_failure;
7960 
7961 		nla_nest_end(msg, bss_param);
7962 	}
7963 
7964 	PUT_LINK_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
7965 	PUT_LINK_SINFO_U64(BEACON_RX, rx_beacon);
7966 	PUT_LINK_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
7967 	PUT_LINK_SINFO(RX_MPDUS, rx_mpdu_count, u32);
7968 	PUT_LINK_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
7969 	if (wiphy_ext_feature_isset(&rdev->wiphy,
7970 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
7971 		PUT_LINK_SINFO(ACK_SIGNAL, ack_signal, u8);
7972 		PUT_LINK_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
7973 	}
7974 
7975 #undef PUT_LINK_SINFO
7976 #undef PUT_LINK_SINFO_U64
7977 
7978 	if (link_sinfo->pertid) {
7979 		struct nlattr *tidsattr;
7980 		int tid;
7981 
7982 		tidsattr = nla_nest_start_noflag(msg,
7983 						 NL80211_STA_INFO_TID_STATS);
7984 		if (!tidsattr)
7985 			goto nla_put_failure;
7986 
7987 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
7988 			struct cfg80211_tid_stats *tidstats;
7989 			struct nlattr *tidattr;
7990 
7991 			tidstats = &link_sinfo->pertid[tid];
7992 
7993 			if (!tidstats->filled)
7994 				continue;
7995 
7996 			tidattr = nla_nest_start_noflag(msg, tid + 1);
7997 			if (!tidattr)
7998 				goto nla_put_failure;
7999 
8000 #define PUT_TIDVAL_U64(attr, memb) do {					\
8001 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
8002 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
8003 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
8004 		goto nla_put_failure;					\
8005 	} while (0)
8006 
8007 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
8008 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
8009 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
8010 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
8011 
8012 #undef PUT_TIDVAL_U64
8013 			if ((tidstats->filled &
8014 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
8015 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
8016 						   NL80211_TID_STATS_TXQ_STATS))
8017 				goto nla_put_failure;
8018 
8019 			nla_nest_end(msg, tidattr);
8020 		}
8021 
8022 		nla_nest_end(msg, tidsattr);
8023 	}
8024 
8025 	nla_nest_end(msg, link_sinfoattr);
8026 	return 0;
8027 
8028 nla_put_failure:
8029 	return -EMSGSIZE;
8030 }
8031 
8032 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
8033 				u32 seq, int flags,
8034 				struct cfg80211_registered_device *rdev,
8035 				struct wireless_dev *wdev,
8036 				const u8 *mac_addr, struct station_info *sinfo,
8037 				bool link_stats)
8038 {
8039 	void *hdr;
8040 	struct nlattr *sinfoattr, *bss_param;
8041 	struct link_station_info *link_sinfo;
8042 	struct nlattr *links, *link;
8043 	int link_id;
8044 
8045 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
8046 	if (!hdr) {
8047 		cfg80211_sinfo_release_content(sinfo);
8048 		return -1;
8049 	}
8050 
8051 	if ((wdev->netdev &&
8052 	     nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) ||
8053 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8054 			      NL80211_ATTR_PAD) ||
8055 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
8056 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
8057 		goto nla_put_failure;
8058 
8059 	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
8060 	if (!sinfoattr)
8061 		goto nla_put_failure;
8062 
8063 #define PUT_SINFO(attr, memb, type) do {				\
8064 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
8065 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
8066 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
8067 			     sinfo->memb))				\
8068 		goto nla_put_failure;					\
8069 	} while (0)
8070 #define PUT_SINFO_U64(attr, memb) do {					\
8071 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
8072 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
8073 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
8074 		goto nla_put_failure;					\
8075 	} while (0)
8076 
8077 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
8078 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
8079 	PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
8080 
8081 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
8082 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
8083 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
8084 			(u32)sinfo->rx_bytes))
8085 		goto nla_put_failure;
8086 
8087 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
8088 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
8089 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
8090 			(u32)sinfo->tx_bytes))
8091 		goto nla_put_failure;
8092 
8093 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
8094 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
8095 	PUT_SINFO_U64(RX_DURATION, rx_duration);
8096 	PUT_SINFO_U64(TX_DURATION, tx_duration);
8097 
8098 	if (wiphy_ext_feature_isset(&rdev->wiphy,
8099 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
8100 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
8101 
8102 	switch (rdev->wiphy.signal_type) {
8103 	case CFG80211_SIGNAL_TYPE_MBM:
8104 		PUT_SINFO(SIGNAL, signal, u8);
8105 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
8106 		break;
8107 	default:
8108 		break;
8109 	}
8110 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
8111 		if (!nl80211_put_signal(msg, sinfo->chains,
8112 					sinfo->chain_signal,
8113 					NL80211_STA_INFO_CHAIN_SIGNAL))
8114 			goto nla_put_failure;
8115 	}
8116 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
8117 		if (!nl80211_put_signal(msg, sinfo->chains,
8118 					sinfo->chain_signal_avg,
8119 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
8120 			goto nla_put_failure;
8121 	}
8122 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
8123 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
8124 					  NL80211_STA_INFO_TX_BITRATE))
8125 			goto nla_put_failure;
8126 	}
8127 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
8128 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
8129 					  NL80211_STA_INFO_RX_BITRATE))
8130 			goto nla_put_failure;
8131 	}
8132 
8133 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
8134 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
8135 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
8136 	PUT_SINFO(TX_FAILED, tx_failed, u32);
8137 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
8138 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
8139 
8140 	PUT_SINFO(LLID, llid, u16);
8141 	PUT_SINFO(PLID, plid, u16);
8142 	PUT_SINFO(PLINK_STATE, plink_state, u8);
8143 	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
8144 	PUT_SINFO(LOCAL_PM, local_pm, u32);
8145 	PUT_SINFO(PEER_PM, peer_pm, u32);
8146 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
8147 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
8148 	PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
8149 	PUT_SINFO_U64(T_OFFSET, t_offset);
8150 
8151 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
8152 		bss_param = nla_nest_start_noflag(msg,
8153 						  NL80211_STA_INFO_BSS_PARAM);
8154 		if (!bss_param)
8155 			goto nla_put_failure;
8156 
8157 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
8158 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
8159 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
8160 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
8161 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
8162 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
8163 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
8164 			       sinfo->bss_param.dtim_period) ||
8165 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
8166 				sinfo->bss_param.beacon_interval))
8167 			goto nla_put_failure;
8168 
8169 		nla_nest_end(msg, bss_param);
8170 	}
8171 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
8172 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
8173 		    sizeof(struct nl80211_sta_flag_update),
8174 		    &sinfo->sta_flags))
8175 		goto nla_put_failure;
8176 
8177 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
8178 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
8179 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
8180 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
8181 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
8182 	if (wiphy_ext_feature_isset(&rdev->wiphy,
8183 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
8184 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
8185 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
8186 	}
8187 
8188 #undef PUT_SINFO
8189 #undef PUT_SINFO_U64
8190 
8191 	if (sinfo->pertid) {
8192 		struct nlattr *tidsattr;
8193 		int tid;
8194 
8195 		tidsattr = nla_nest_start_noflag(msg,
8196 						 NL80211_STA_INFO_TID_STATS);
8197 		if (!tidsattr)
8198 			goto nla_put_failure;
8199 
8200 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
8201 			struct cfg80211_tid_stats *tidstats;
8202 			struct nlattr *tidattr;
8203 
8204 			tidstats = &sinfo->pertid[tid];
8205 
8206 			if (!tidstats->filled)
8207 				continue;
8208 
8209 			tidattr = nla_nest_start_noflag(msg, tid + 1);
8210 			if (!tidattr)
8211 				goto nla_put_failure;
8212 
8213 #define PUT_TIDVAL_U64(attr, memb) do {					\
8214 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
8215 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
8216 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
8217 		goto nla_put_failure;					\
8218 	} while (0)
8219 
8220 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
8221 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
8222 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
8223 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
8224 
8225 #undef PUT_TIDVAL_U64
8226 			if ((tidstats->filled &
8227 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
8228 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
8229 						   NL80211_TID_STATS_TXQ_STATS))
8230 				goto nla_put_failure;
8231 
8232 			nla_nest_end(msg, tidattr);
8233 		}
8234 
8235 		nla_nest_end(msg, tidsattr);
8236 	}
8237 
8238 	nla_nest_end(msg, sinfoattr);
8239 
8240 	if (sinfo->assoc_req_ies_len &&
8241 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
8242 		    sinfo->assoc_req_ies))
8243 		goto nla_put_failure;
8244 
8245 	if (sinfo->assoc_resp_ies_len &&
8246 	    nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
8247 		    sinfo->assoc_resp_ies))
8248 		goto nla_put_failure;
8249 
8250 	if (sinfo->mlo_params_valid) {
8251 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
8252 			       sinfo->assoc_link_id))
8253 			goto nla_put_failure;
8254 
8255 		if (!is_zero_ether_addr(sinfo->mld_addr) &&
8256 		    nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
8257 			    sinfo->mld_addr))
8258 			goto nla_put_failure;
8259 	}
8260 
8261 	if (link_stats && sinfo->valid_links) {
8262 		links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
8263 		if (!links)
8264 			goto nla_put_failure;
8265 
8266 		for_each_valid_link(sinfo, link_id) {
8267 			link_sinfo = sinfo->links[link_id];
8268 
8269 			if (WARN_ON_ONCE(!link_sinfo))
8270 				continue;
8271 
8272 			if (!is_valid_ether_addr(link_sinfo->addr))
8273 				continue;
8274 
8275 			link = nla_nest_start(msg, link_id + 1);
8276 			if (!link)
8277 				goto nla_put_failure;
8278 
8279 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
8280 				       link_id))
8281 				goto nla_put_failure;
8282 
8283 			if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
8284 				    link_sinfo->addr))
8285 				goto nla_put_failure;
8286 
8287 			if (nl80211_fill_link_station(msg, rdev, link_sinfo))
8288 				goto nla_put_failure;
8289 
8290 			nla_nest_end(msg, link);
8291 		}
8292 		nla_nest_end(msg, links);
8293 	}
8294 
8295 	cfg80211_sinfo_release_content(sinfo);
8296 	genlmsg_end(msg, hdr);
8297 	return 0;
8298 
8299  nla_put_failure:
8300 	cfg80211_sinfo_release_content(sinfo);
8301 	genlmsg_cancel(msg, hdr);
8302 	return -EMSGSIZE;
8303 }
8304 
8305 static void cfg80211_sta_set_mld_sinfo(struct station_info *sinfo)
8306 {
8307 	struct link_station_info *link_sinfo;
8308 	int link_id, init = 0;
8309 	u32 link_inactive_time;
8310 
8311 	sinfo->signal = -99;
8312 
8313 	for_each_valid_link(sinfo, link_id) {
8314 		link_sinfo = sinfo->links[link_id];
8315 		if (!link_sinfo)
8316 			continue;
8317 
8318 		if ((link_sinfo->filled &
8319 		     BIT_ULL(NL80211_STA_INFO_TX_PACKETS))) {
8320 			sinfo->tx_packets += link_sinfo->tx_packets;
8321 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
8322 		}
8323 
8324 		if ((link_sinfo->filled &
8325 		     BIT_ULL(NL80211_STA_INFO_RX_PACKETS))) {
8326 			sinfo->rx_packets += link_sinfo->rx_packets;
8327 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
8328 		}
8329 
8330 		if (link_sinfo->filled &
8331 		    (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
8332 		     BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
8333 			sinfo->tx_bytes += link_sinfo->tx_bytes;
8334 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
8335 		}
8336 
8337 		if (link_sinfo->filled &
8338 		    (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
8339 		     BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
8340 			sinfo->rx_bytes += link_sinfo->rx_bytes;
8341 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
8342 		}
8343 
8344 		if (link_sinfo->filled &
8345 		    BIT_ULL(NL80211_STA_INFO_TX_RETRIES)) {
8346 			sinfo->tx_retries += link_sinfo->tx_retries;
8347 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
8348 		}
8349 
8350 		if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_FAILED)) {
8351 			sinfo->tx_failed += link_sinfo->tx_failed;
8352 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
8353 		}
8354 
8355 		if (link_sinfo->filled &
8356 		    BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC)) {
8357 			sinfo->rx_dropped_misc += link_sinfo->rx_dropped_misc;
8358 			sinfo->filled |=
8359 				BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC);
8360 		}
8361 
8362 		if (link_sinfo->filled &
8363 		    BIT_ULL(NL80211_STA_INFO_BEACON_LOSS)) {
8364 			sinfo->beacon_loss_count +=
8365 				link_sinfo->beacon_loss_count;
8366 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_LOSS);
8367 		}
8368 
8369 		if (link_sinfo->filled &
8370 		    BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) {
8371 			sinfo->expected_throughput +=
8372 				link_sinfo->expected_throughput;
8373 			sinfo->filled |=
8374 				BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT);
8375 		}
8376 
8377 		if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_MPDUS)) {
8378 			sinfo->rx_mpdu_count += link_sinfo->rx_mpdu_count;
8379 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_MPDUS);
8380 		}
8381 
8382 		if (link_sinfo->filled &
8383 		    BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT)) {
8384 			sinfo->fcs_err_count += link_sinfo->fcs_err_count;
8385 			sinfo->filled |=
8386 				BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT);
8387 		}
8388 
8389 		if (link_sinfo->filled &
8390 		    BIT_ULL(NL80211_STA_INFO_BEACON_RX)) {
8391 			sinfo->rx_beacon += link_sinfo->rx_beacon;
8392 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_RX);
8393 		}
8394 
8395 		/* Update MLO signal, signal_avg as best among links */
8396 		if ((link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_SIGNAL)) &&
8397 		    link_sinfo->signal > sinfo->signal) {
8398 			sinfo->signal = link_sinfo->signal;
8399 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
8400 		}
8401 
8402 		if ((link_sinfo->filled &
8403 			BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG)) &&
8404 		    link_sinfo->signal_avg > sinfo->signal_avg) {
8405 			sinfo->signal_avg = link_sinfo->signal_avg;
8406 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
8407 		}
8408 
8409 		/* Update MLO inactive_time, bss_param based on least
8410 		 * value for corresponding field of link.
8411 		 */
8412 		if ((link_sinfo->filled &
8413 		     BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME)) &&
8414 		    (!init ||
8415 		     link_inactive_time > link_sinfo->inactive_time)) {
8416 			link_inactive_time = link_sinfo->inactive_time;
8417 			sinfo->inactive_time = link_sinfo->inactive_time;
8418 			sinfo->filled |= NL80211_STA_INFO_INACTIVE_TIME;
8419 		}
8420 
8421 		if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM) &&
8422 		    (!init ||
8423 		     sinfo->bss_param.dtim_period >
8424 		      link_sinfo->bss_param.dtim_period)) {
8425 			sinfo->bss_param.dtim_period =
8426 				link_sinfo->bss_param.dtim_period;
8427 			sinfo->filled |= NL80211_STA_BSS_PARAM_DTIM_PERIOD;
8428 			sinfo->bss_param.beacon_interval =
8429 				link_sinfo->bss_param.beacon_interval;
8430 			sinfo->filled |= NL80211_STA_BSS_PARAM_BEACON_INTERVAL;
8431 		}
8432 
8433 		/* Update MLO rates as per last updated link rate */
8434 		if ((link_sinfo->filled &
8435 		     BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) &&
8436 		    (!init ||
8437 		     link_inactive_time > link_sinfo->inactive_time)) {
8438 			sinfo->txrate = link_sinfo->txrate;
8439 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
8440 		}
8441 		if ((link_sinfo->filled &
8442 		     BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) &&
8443 		    (!init ||
8444 		     link_inactive_time > link_sinfo->inactive_time)) {
8445 			sinfo->rxrate = link_sinfo->rxrate;
8446 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
8447 		}
8448 
8449 		if (link_sinfo->filled &
8450 		    BIT_ULL(NL80211_STA_INFO_TX_DURATION) &&
8451 		    (!init ||
8452 		     link_inactive_time > link_sinfo->inactive_time)) {
8453 			sinfo->tx_duration += link_sinfo->tx_duration;
8454 			sinfo->filled |=
8455 				BIT_ULL(NL80211_STA_INFO_TX_DURATION);
8456 		}
8457 		if (link_sinfo->filled &
8458 		    BIT_ULL(NL80211_STA_INFO_RX_DURATION) &&
8459 		    (!init ||
8460 		     link_inactive_time > link_sinfo->inactive_time)) {
8461 			sinfo->rx_duration += link_sinfo->rx_duration;
8462 			sinfo->filled |=
8463 				BIT_ULL(NL80211_STA_INFO_RX_DURATION);
8464 		}
8465 		init++;
8466 
8467 		/* pertid stats accumulate for rx/tx fields */
8468 		if (sinfo->pertid) {
8469 			sinfo->pertid->rx_msdu +=
8470 				link_sinfo->pertid->rx_msdu;
8471 			sinfo->pertid->tx_msdu +=
8472 				link_sinfo->pertid->tx_msdu;
8473 			sinfo->pertid->tx_msdu_retries +=
8474 				link_sinfo->pertid->tx_msdu_retries;
8475 			sinfo->pertid->tx_msdu_failed +=
8476 				link_sinfo->pertid->tx_msdu_failed;
8477 
8478 			sinfo->pertid->filled |=
8479 				BIT(NL80211_TID_STATS_RX_MSDU) |
8480 				BIT(NL80211_TID_STATS_TX_MSDU) |
8481 				BIT(NL80211_TID_STATS_TX_MSDU_RETRIES) |
8482 				BIT(NL80211_TID_STATS_TX_MSDU_FAILED);
8483 		}
8484 	}
8485 
8486 	/* Reset sinfo->filled bits to exclude fields which don't make
8487 	 * much sense at the MLO level.
8488 	 */
8489 	sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
8490 	sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
8491 }
8492 
8493 static int nl80211_dump_station(struct sk_buff *skb,
8494 				struct netlink_callback *cb)
8495 {
8496 	struct station_info sinfo;
8497 	struct cfg80211_registered_device *rdev;
8498 	struct wireless_dev *wdev;
8499 	u8 mac_addr[ETH_ALEN];
8500 	int sta_idx = cb->args[2];
8501 	bool sinfo_alloc = false;
8502 	int err, i;
8503 
8504 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
8505 	if (err)
8506 		return err;
8507 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
8508 	__acquire(&rdev->wiphy.mtx);
8509 
8510 	if (!wdev->netdev && wdev->iftype != NL80211_IFTYPE_NAN) {
8511 		err = -EINVAL;
8512 		goto out_err;
8513 	}
8514 
8515 	if (!rdev->ops->dump_station) {
8516 		err = -EOPNOTSUPP;
8517 		goto out_err;
8518 	}
8519 
8520 	while (1) {
8521 		memset(&sinfo, 0, sizeof(sinfo));
8522 
8523 		for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8524 			sinfo.links[i] =
8525 				kzalloc_obj(*sinfo.links[0]);
8526 			if (!sinfo.links[i]) {
8527 				err = -ENOMEM;
8528 				goto out_err;
8529 			}
8530 			sinfo_alloc = true;
8531 		}
8532 
8533 		err = rdev_dump_station(rdev, wdev, sta_idx,
8534 					mac_addr, &sinfo);
8535 		if (err == -ENOENT)
8536 			break;
8537 		if (err)
8538 			goto out_err;
8539 
8540 		if (sinfo.valid_links)
8541 			cfg80211_sta_set_mld_sinfo(&sinfo);
8542 
8543 		/* reset the sinfo_alloc flag as nl80211_send_station()
8544 		 * always releases sinfo
8545 		 */
8546 		sinfo_alloc = false;
8547 
8548 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
8549 				NETLINK_CB(cb->skb).portid,
8550 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8551 				rdev, wdev, mac_addr,
8552 				&sinfo, false) < 0)
8553 			goto out;
8554 
8555 		sta_idx++;
8556 	}
8557 
8558  out:
8559 	cb->args[2] = sta_idx;
8560 	err = skb->len;
8561  out_err:
8562 	if (sinfo_alloc)
8563 		cfg80211_sinfo_release_content(&sinfo);
8564 	wiphy_unlock(&rdev->wiphy);
8565 
8566 	return err;
8567 }
8568 
8569 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
8570 {
8571 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8572 	struct wireless_dev *wdev = info->user_ptr[1];
8573 	struct station_info sinfo;
8574 	struct sk_buff *msg;
8575 	u8 *mac_addr = NULL;
8576 	int err, i;
8577 
8578 	memset(&sinfo, 0, sizeof(sinfo));
8579 
8580 	if (!wdev->netdev)
8581 		return -EINVAL;
8582 
8583 	if (!info->attrs[NL80211_ATTR_MAC])
8584 		return -EINVAL;
8585 
8586 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8587 
8588 	if (!rdev->ops->get_station)
8589 		return -EOPNOTSUPP;
8590 
8591 	for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8592 		sinfo.links[i] = kzalloc_obj(*sinfo.links[0]);
8593 		if (!sinfo.links[i]) {
8594 			cfg80211_sinfo_release_content(&sinfo);
8595 			return -ENOMEM;
8596 		}
8597 	}
8598 
8599 	err = rdev_get_station(rdev, wdev, mac_addr, &sinfo);
8600 	if (err) {
8601 		cfg80211_sinfo_release_content(&sinfo);
8602 		return err;
8603 	}
8604 
8605 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8606 	if (!msg) {
8607 		cfg80211_sinfo_release_content(&sinfo);
8608 		return -ENOMEM;
8609 	}
8610 
8611 	if (sinfo.valid_links)
8612 		cfg80211_sta_set_mld_sinfo(&sinfo);
8613 
8614 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
8615 				 info->snd_portid, info->snd_seq, 0,
8616 				 rdev, wdev, mac_addr, &sinfo, false) < 0) {
8617 		nlmsg_free(msg);
8618 		return -ENOBUFS;
8619 	}
8620 
8621 	return genlmsg_reply(msg, info);
8622 }
8623 
8624 int cfg80211_check_station_change(struct wiphy *wiphy,
8625 				  struct station_parameters *params,
8626 				  enum cfg80211_station_type statype)
8627 {
8628 	if (params->listen_interval != -1 &&
8629 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8630 		return -EINVAL;
8631 
8632 	if (params->support_p2p_ps != -1 &&
8633 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8634 		return -EINVAL;
8635 
8636 	if (params->aid &&
8637 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
8638 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8639 		return -EINVAL;
8640 
8641 	/* When you run into this, adjust the code below for the new flag */
8642 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
8643 
8644 	switch (statype) {
8645 	case CFG80211_STA_MESH_PEER_KERNEL:
8646 	case CFG80211_STA_MESH_PEER_USER:
8647 		/*
8648 		 * No ignoring the TDLS flag here -- the userspace mesh
8649 		 * code doesn't have the bug of including TDLS in the
8650 		 * mask everywhere.
8651 		 */
8652 		if (params->sta_flags_mask &
8653 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8654 				  BIT(NL80211_STA_FLAG_MFP) |
8655 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
8656 			return -EINVAL;
8657 		break;
8658 	case CFG80211_STA_TDLS_PEER_SETUP:
8659 	case CFG80211_STA_TDLS_PEER_ACTIVE:
8660 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
8661 			return -EINVAL;
8662 		/* ignore since it can't change */
8663 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8664 		break;
8665 	default:
8666 		/* disallow mesh-specific things */
8667 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
8668 			return -EINVAL;
8669 		if (params->local_pm)
8670 			return -EINVAL;
8671 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
8672 			return -EINVAL;
8673 	}
8674 
8675 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
8676 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
8677 		/* TDLS can't be set, ... */
8678 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
8679 			return -EINVAL;
8680 		/*
8681 		 * ... but don't bother the driver with it. This works around
8682 		 * a hostapd/wpa_supplicant issue -- it always includes the
8683 		 * TLDS_PEER flag in the mask even for AP mode.
8684 		 */
8685 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8686 	}
8687 
8688 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
8689 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
8690 		/* reject other things that can't change */
8691 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
8692 			return -EINVAL;
8693 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
8694 			return -EINVAL;
8695 		if (params->link_sta_params.supported_rates)
8696 			return -EINVAL;
8697 		if (statype != CFG80211_STA_NAN_MGMT &&
8698 		    (params->link_sta_params.ht_capa ||
8699 		     params->link_sta_params.vht_capa ||
8700 		     params->link_sta_params.he_capa))
8701 			return -EINVAL;
8702 		if (params->ext_capab || params->link_sta_params.eht_capa ||
8703 		    params->link_sta_params.uhr_capa)
8704 			return -EINVAL;
8705 		if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
8706 			return -EINVAL;
8707 	}
8708 
8709 	if (statype != CFG80211_STA_AP_CLIENT &&
8710 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
8711 		if (params->vlan)
8712 			return -EINVAL;
8713 	}
8714 
8715 	/* Accept EMLSR capabilities only for AP client before association */
8716 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
8717 	    params->eml_cap_present)
8718 		return -EINVAL;
8719 
8720 	switch (statype) {
8721 	case CFG80211_STA_AP_MLME_CLIENT:
8722 		/* Use this only for authorizing/unauthorizing a station */
8723 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
8724 			return -EOPNOTSUPP;
8725 		break;
8726 	case CFG80211_STA_AP_CLIENT:
8727 	case CFG80211_STA_AP_CLIENT_UNASSOC:
8728 		/* accept only the listed bits */
8729 		if (params->sta_flags_mask &
8730 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8731 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8732 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
8733 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
8734 				  BIT(NL80211_STA_FLAG_WME) |
8735 				  BIT(NL80211_STA_FLAG_MFP) |
8736 				  BIT(NL80211_STA_FLAG_SPP_AMSDU)))
8737 			return -EINVAL;
8738 
8739 		/* but authenticated/associated only if driver handles it */
8740 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
8741 		    params->sta_flags_mask &
8742 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8743 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
8744 			return -EINVAL;
8745 		break;
8746 	case CFG80211_STA_IBSS:
8747 	case CFG80211_STA_AP_STA:
8748 		/* reject any changes other than AUTHORIZED */
8749 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
8750 			return -EINVAL;
8751 		break;
8752 	case CFG80211_STA_TDLS_PEER_SETUP:
8753 		/* reject any changes other than AUTHORIZED or WME */
8754 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8755 					       BIT(NL80211_STA_FLAG_WME)))
8756 			return -EINVAL;
8757 		/* force (at least) rates when authorizing */
8758 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
8759 		    !params->link_sta_params.supported_rates)
8760 			return -EINVAL;
8761 		break;
8762 	case CFG80211_STA_TDLS_PEER_ACTIVE:
8763 		/* reject any changes */
8764 		return -EINVAL;
8765 	case CFG80211_STA_MESH_PEER_KERNEL:
8766 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
8767 			return -EINVAL;
8768 		break;
8769 	case CFG80211_STA_MESH_PEER_USER:
8770 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
8771 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
8772 			return -EINVAL;
8773 		break;
8774 	case CFG80211_STA_NAN_MGMT:
8775 		if (params->sta_flags_mask &
8776 		    ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8777 		      BIT(NL80211_STA_FLAG_MFP)))
8778 			return -EINVAL;
8779 		break;
8780 	case CFG80211_STA_NAN_DATA:
8781 		if (params->sta_flags_mask &
8782 		    ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8783 		      BIT(NL80211_STA_FLAG_MFP) |
8784 		      BIT(NL80211_STA_FLAG_WME)))
8785 			return -EINVAL;
8786 		break;
8787 	}
8788 
8789 	/*
8790 	 * Older kernel versions ignored this attribute entirely, so don't
8791 	 * reject attempts to update it but mark it as unused instead so the
8792 	 * driver won't look at the data.
8793 	 */
8794 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
8795 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
8796 		params->link_sta_params.opmode_notif_used = false;
8797 
8798 	return 0;
8799 }
8800 EXPORT_SYMBOL(cfg80211_check_station_change);
8801 
8802 /*
8803  * Get vlan interface making sure it is running and on the right wiphy.
8804  */
8805 static struct net_device *get_vlan(struct genl_info *info,
8806 				   struct cfg80211_registered_device *rdev)
8807 {
8808 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
8809 	struct net_device *v;
8810 	int ret;
8811 
8812 	if (!vlanattr)
8813 		return NULL;
8814 
8815 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
8816 	if (!v)
8817 		return ERR_PTR(-ENODEV);
8818 
8819 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
8820 		ret = -EINVAL;
8821 		goto error;
8822 	}
8823 
8824 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
8825 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8826 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
8827 		ret = -EINVAL;
8828 		goto error;
8829 	}
8830 
8831 	if (!netif_running(v)) {
8832 		ret = -ENETDOWN;
8833 		goto error;
8834 	}
8835 
8836 	return v;
8837  error:
8838 	dev_put(v);
8839 	return ERR_PTR(ret);
8840 }
8841 
8842 static int nl80211_parse_sta_wme(struct genl_info *info,
8843 				 struct station_parameters *params)
8844 {
8845 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
8846 	struct nlattr *nla;
8847 	int err;
8848 
8849 	/* parse WME attributes if present */
8850 	if (!info->attrs[NL80211_ATTR_STA_WME])
8851 		return 0;
8852 
8853 	nla = info->attrs[NL80211_ATTR_STA_WME];
8854 	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
8855 					  nl80211_sta_wme_policy,
8856 					  info->extack);
8857 	if (err)
8858 		return err;
8859 
8860 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
8861 		params->uapsd_queues = nla_get_u8(
8862 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
8863 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
8864 		return -EINVAL;
8865 
8866 	if (tb[NL80211_STA_WME_MAX_SP])
8867 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
8868 
8869 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
8870 		return -EINVAL;
8871 
8872 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
8873 
8874 	return 0;
8875 }
8876 
8877 static int nl80211_parse_sta_channel_info(struct genl_info *info,
8878 				      struct station_parameters *params)
8879 {
8880 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
8881 		params->supported_channels =
8882 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
8883 		params->supported_channels_len =
8884 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
8885 		/*
8886 		 * Need to include at least one (first channel, number of
8887 		 * channels) tuple for each subband (checked in policy),
8888 		 * and must have proper tuples for the rest of the data as well.
8889 		 */
8890 		if (params->supported_channels_len % 2)
8891 			return -EINVAL;
8892 	}
8893 
8894 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
8895 		params->supported_oper_classes =
8896 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
8897 		params->supported_oper_classes_len =
8898 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
8899 	}
8900 	return 0;
8901 }
8902 
8903 static int nl80211_set_station_tdls(struct genl_info *info,
8904 				    struct station_parameters *params)
8905 {
8906 	int err;
8907 	/* Dummy STA entry gets updated once the peer capabilities are known */
8908 	if (info->attrs[NL80211_ATTR_PEER_AID])
8909 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
8910 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
8911 		params->link_sta_params.ht_capa =
8912 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
8913 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
8914 		params->link_sta_params.vht_capa =
8915 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
8916 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
8917 		params->link_sta_params.he_capa =
8918 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8919 		params->link_sta_params.he_capa_len =
8920 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8921 
8922 		if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
8923 			params->link_sta_params.eht_capa =
8924 				nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8925 			params->link_sta_params.eht_capa_len =
8926 				nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8927 
8928 			if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
8929 							(const u8 *)params->link_sta_params.eht_capa,
8930 							params->link_sta_params.eht_capa_len,
8931 							false))
8932 				return -EINVAL;
8933 		}
8934 	}
8935 
8936 	if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
8937 		if (!params->link_sta_params.eht_capa)
8938 			return -EINVAL;
8939 
8940 		params->link_sta_params.uhr_capa =
8941 			nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8942 		params->link_sta_params.uhr_capa_len =
8943 			nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8944 	}
8945 
8946 	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
8947 		params->link_sta_params.s1g_capa =
8948 			nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
8949 
8950 	err = nl80211_parse_sta_channel_info(info, params);
8951 	if (err)
8952 		return err;
8953 
8954 	return nl80211_parse_sta_wme(info, params);
8955 }
8956 
8957 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
8958 					     struct sta_txpwr *txpwr,
8959 					     bool *txpwr_set)
8960 {
8961 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8962 	int idx;
8963 
8964 	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
8965 		if (!rdev->ops->set_tx_power ||
8966 		    !wiphy_ext_feature_isset(&rdev->wiphy,
8967 					 NL80211_EXT_FEATURE_STA_TX_PWR))
8968 			return -EOPNOTSUPP;
8969 
8970 		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
8971 		txpwr->type = nla_get_u8(info->attrs[idx]);
8972 
8973 		if (txpwr->type == NL80211_TX_POWER_LIMITED) {
8974 			idx = NL80211_ATTR_STA_TX_POWER;
8975 
8976 			if (info->attrs[idx])
8977 				txpwr->power = nla_get_s16(info->attrs[idx]);
8978 			else
8979 				return -EINVAL;
8980 		}
8981 
8982 		*txpwr_set = true;
8983 	} else {
8984 		*txpwr_set = false;
8985 	}
8986 
8987 	return 0;
8988 }
8989 
8990 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
8991 {
8992 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8993 	struct wireless_dev *wdev = info->user_ptr[1];
8994 	struct net_device *dev = wdev->netdev;
8995 	struct station_parameters params;
8996 	u8 *mac_addr;
8997 	int err;
8998 
8999 	memset(&params, 0, sizeof(params));
9000 
9001 	if (!dev && wdev->iftype != NL80211_IFTYPE_NAN &&
9002 	    wdev->iftype != NL80211_IFTYPE_NAN_DATA)
9003 		return -EINVAL;
9004 
9005 	if (!rdev->ops->change_station)
9006 		return -EOPNOTSUPP;
9007 
9008 	/*
9009 	 * AID and listen_interval properties can be set only for unassociated
9010 	 * station. Include these parameters here and will check them in
9011 	 * cfg80211_check_station_change().
9012 	 */
9013 	if (info->attrs[NL80211_ATTR_STA_AID])
9014 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
9015 
9016 	if (info->attrs[NL80211_ATTR_VLAN_ID])
9017 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
9018 
9019 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
9020 		params.listen_interval =
9021 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
9022 	else
9023 		params.listen_interval = -1;
9024 
9025 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
9026 		params.support_p2p_ps =
9027 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
9028 	else
9029 		params.support_p2p_ps = -1;
9030 
9031 	if (!info->attrs[NL80211_ATTR_MAC])
9032 		return -EINVAL;
9033 
9034 	params.link_sta_params.link_id =
9035 		nl80211_link_id_or_invalid(info->attrs);
9036 
9037 	if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
9038 		/* If MLD_ADDR attribute is set then this is an MLD station
9039 		 * and the MLD_ADDR attribute holds the MLD address and the
9040 		 * MAC attribute holds for the LINK address.
9041 		 * In that case, the link_id is also expected to be valid.
9042 		 */
9043 		if (params.link_sta_params.link_id < 0)
9044 			return -EINVAL;
9045 
9046 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
9047 		params.link_sta_params.mld_mac = mac_addr;
9048 		params.link_sta_params.link_mac =
9049 			nla_data(info->attrs[NL80211_ATTR_MAC]);
9050 		if (!is_valid_ether_addr(params.link_sta_params.link_mac))
9051 			return -EINVAL;
9052 	} else {
9053 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9054 	}
9055 
9056 
9057 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
9058 		params.link_sta_params.supported_rates =
9059 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
9060 		params.link_sta_params.supported_rates_len =
9061 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
9062 	}
9063 
9064 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
9065 		params.capability =
9066 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
9067 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
9068 	}
9069 
9070 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
9071 		params.ext_capab =
9072 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
9073 		params.ext_capab_len =
9074 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
9075 	}
9076 
9077 	if (parse_station_flags(info, wdev->iftype, &params))
9078 		return -EINVAL;
9079 
9080 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
9081 		params.plink_action =
9082 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
9083 
9084 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
9085 		params.plink_state =
9086 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
9087 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
9088 			params.peer_aid = nla_get_u16(
9089 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
9090 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
9091 	}
9092 
9093 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
9094 		params.local_pm = nla_get_u32(
9095 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
9096 
9097 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
9098 		params.link_sta_params.opmode_notif_used = true;
9099 		params.link_sta_params.opmode_notif =
9100 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
9101 	}
9102 
9103 	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
9104 		params.link_sta_params.he_6ghz_capa =
9105 			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
9106 
9107 	if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
9108 		params.eml_cap_present = true;
9109 		params.eml_cap =
9110 			nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
9111 	}
9112 
9113 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
9114 		params.airtime_weight =
9115 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
9116 
9117 	if (params.airtime_weight &&
9118 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9119 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
9120 		return -EOPNOTSUPP;
9121 
9122 	err = nl80211_parse_sta_txpower_setting(info,
9123 						&params.link_sta_params.txpwr,
9124 						&params.link_sta_params.txpwr_set);
9125 	if (err)
9126 		return err;
9127 
9128 	/* Include parameters for TDLS peer (will check later) */
9129 	err = nl80211_set_station_tdls(info, &params);
9130 	if (err)
9131 		return err;
9132 
9133 	params.vlan = get_vlan(info, rdev);
9134 	if (IS_ERR(params.vlan))
9135 		return PTR_ERR(params.vlan);
9136 
9137 	switch (wdev->iftype) {
9138 	case NL80211_IFTYPE_AP:
9139 	case NL80211_IFTYPE_AP_VLAN:
9140 	case NL80211_IFTYPE_P2P_GO:
9141 	case NL80211_IFTYPE_P2P_CLIENT:
9142 	case NL80211_IFTYPE_STATION:
9143 	case NL80211_IFTYPE_ADHOC:
9144 	case NL80211_IFTYPE_MESH_POINT:
9145 	case NL80211_IFTYPE_NAN:
9146 	case NL80211_IFTYPE_NAN_DATA:
9147 		break;
9148 	default:
9149 		err = -EOPNOTSUPP;
9150 		goto out_put_vlan;
9151 	}
9152 
9153 	/* driver will call cfg80211_check_station_change() */
9154 	err = rdev_change_station(rdev, wdev, mac_addr, &params);
9155 
9156  out_put_vlan:
9157 	dev_put(params.vlan);
9158 
9159 	return err;
9160 }
9161 
9162 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
9163 {
9164 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9165 	int err;
9166 	struct wireless_dev *wdev = info->user_ptr[1];
9167 	struct net_device *dev = wdev->netdev;
9168 	struct station_parameters params;
9169 	u8 *mac_addr = NULL;
9170 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
9171 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
9172 
9173 	memset(&params, 0, sizeof(params));
9174 
9175 	if (!dev && wdev->iftype != NL80211_IFTYPE_NAN)
9176 		return -EINVAL;
9177 
9178 	if (!rdev->ops->add_station)
9179 		return -EOPNOTSUPP;
9180 
9181 	if (!info->attrs[NL80211_ATTR_MAC])
9182 		return -EINVAL;
9183 
9184 	if (wdev->iftype == NL80211_IFTYPE_NAN ||
9185 	    wdev->iftype == NL80211_IFTYPE_NAN_DATA) {
9186 		if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
9187 			return -EINVAL;
9188 		if (wdev->iftype == NL80211_IFTYPE_NAN_DATA) {
9189 			if (!info->attrs[NL80211_ATTR_NAN_NMI_MAC])
9190 				return -EINVAL;
9191 
9192 			/* Only NMI stations receive the HT/VHT/HE capabilities */
9193 			if (info->attrs[NL80211_ATTR_HT_CAPABILITY] ||
9194 			    info->attrs[NL80211_ATTR_VHT_CAPABILITY] ||
9195 			    info->attrs[NL80211_ATTR_HE_CAPABILITY])
9196 				return -EINVAL;
9197 		}
9198 	} else {
9199 		if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
9200 			return -EINVAL;
9201 
9202 		if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
9203 			return -EINVAL;
9204 
9205 		if (!info->attrs[NL80211_ATTR_STA_AID] &&
9206 		    !info->attrs[NL80211_ATTR_PEER_AID])
9207 			return -EINVAL;
9208 	}
9209 
9210 	params.link_sta_params.link_id =
9211 		nl80211_link_id_or_invalid(info->attrs);
9212 
9213 	if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
9214 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
9215 		params.link_sta_params.mld_mac = mac_addr;
9216 		params.link_sta_params.link_mac =
9217 			nla_data(info->attrs[NL80211_ATTR_MAC]);
9218 		if (!is_valid_ether_addr(params.link_sta_params.link_mac))
9219 			return -EINVAL;
9220 	} else {
9221 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9222 	}
9223 
9224 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
9225 		params.link_sta_params.supported_rates =
9226 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
9227 		params.link_sta_params.supported_rates_len =
9228 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
9229 	}
9230 
9231 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
9232 		params.listen_interval =
9233 			nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
9234 
9235 	if (info->attrs[NL80211_ATTR_VLAN_ID])
9236 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
9237 
9238 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
9239 		params.support_p2p_ps =
9240 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
9241 	} else {
9242 		/*
9243 		 * if not specified, assume it's supported for P2P GO interface,
9244 		 * and is NOT supported for AP interface
9245 		 */
9246 		params.support_p2p_ps =
9247 			wdev->iftype == NL80211_IFTYPE_P2P_GO;
9248 	}
9249 
9250 	if (info->attrs[NL80211_ATTR_PEER_AID])
9251 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
9252 	else if (info->attrs[NL80211_ATTR_STA_AID])
9253 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
9254 
9255 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
9256 		params.capability =
9257 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
9258 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
9259 	}
9260 
9261 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
9262 		params.ext_capab =
9263 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
9264 		params.ext_capab_len =
9265 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
9266 	}
9267 
9268 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
9269 		params.link_sta_params.ht_capa =
9270 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
9271 
9272 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
9273 		params.link_sta_params.vht_capa =
9274 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
9275 
9276 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
9277 		params.link_sta_params.he_capa =
9278 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
9279 		params.link_sta_params.he_capa_len =
9280 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
9281 
9282 		if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
9283 			params.link_sta_params.eht_capa =
9284 				nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
9285 			params.link_sta_params.eht_capa_len =
9286 				nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
9287 
9288 			if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
9289 							(const u8 *)params.link_sta_params.eht_capa,
9290 							params.link_sta_params.eht_capa_len,
9291 							false))
9292 				return -EINVAL;
9293 		}
9294 	}
9295 
9296 	if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
9297 		if (!params.link_sta_params.eht_capa)
9298 			return -EINVAL;
9299 
9300 		params.link_sta_params.uhr_capa =
9301 			nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
9302 		params.link_sta_params.uhr_capa_len =
9303 			nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
9304 	}
9305 
9306 	if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
9307 		params.eml_cap_present = true;
9308 		params.eml_cap =
9309 			nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
9310 	}
9311 
9312 	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
9313 		params.link_sta_params.he_6ghz_capa =
9314 			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
9315 
9316 	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
9317 		params.link_sta_params.s1g_capa =
9318 			nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
9319 
9320 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
9321 		params.link_sta_params.opmode_notif_used = true;
9322 		params.link_sta_params.opmode_notif =
9323 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
9324 	}
9325 
9326 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
9327 		params.plink_action =
9328 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
9329 
9330 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
9331 		params.airtime_weight =
9332 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
9333 
9334 	if (params.airtime_weight &&
9335 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9336 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
9337 		return -EOPNOTSUPP;
9338 
9339 	err = nl80211_parse_sta_txpower_setting(info,
9340 						&params.link_sta_params.txpwr,
9341 						&params.link_sta_params.txpwr_set);
9342 	if (err)
9343 		return err;
9344 
9345 	err = nl80211_parse_sta_channel_info(info, &params);
9346 	if (err)
9347 		return err;
9348 
9349 	err = nl80211_parse_sta_wme(info, &params);
9350 	if (err)
9351 		return err;
9352 
9353 	if (parse_station_flags(info, wdev->iftype, &params))
9354 		return -EINVAL;
9355 
9356 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
9357 	 * as userspace might just pass through the capabilities from the IEs
9358 	 * directly, rather than enforcing this restriction and returning an
9359 	 * error in this case.
9360 	 */
9361 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
9362 		params.link_sta_params.ht_capa = NULL;
9363 		params.link_sta_params.vht_capa = NULL;
9364 
9365 		/* HE, EHT and UHR require WME */
9366 		if (params.link_sta_params.he_capa_len ||
9367 		    params.link_sta_params.he_6ghz_capa ||
9368 		    params.link_sta_params.eht_capa_len ||
9369 		    params.link_sta_params.uhr_capa_len)
9370 			return -EINVAL;
9371 	}
9372 
9373 	if (wdev->iftype == NL80211_IFTYPE_NAN ||
9374 	    wdev->iftype == NL80211_IFTYPE_NAN_DATA) {
9375 		if (params.sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
9376 			return -EINVAL;
9377 		/* NAN NMI station must be added in associated or authorized state */
9378 		if (!(params.sta_flags_set & (BIT(NL80211_STA_FLAG_ASSOCIATED) |
9379 					      BIT(NL80211_STA_FLAG_AUTHENTICATED))))
9380 			return -EINVAL;
9381 	}
9382 
9383 	/* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
9384 	if (params.link_sta_params.he_6ghz_capa &&
9385 	    (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
9386 		return -EINVAL;
9387 
9388 	/* When you run into this, adjust the code below for the new flag */
9389 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
9390 
9391 	switch (wdev->iftype) {
9392 	case NL80211_IFTYPE_AP:
9393 	case NL80211_IFTYPE_AP_VLAN:
9394 	case NL80211_IFTYPE_P2P_GO:
9395 		/* ignore WME attributes if iface/sta is not capable */
9396 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
9397 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
9398 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
9399 
9400 		/* TDLS peers cannot be added */
9401 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
9402 		    info->attrs[NL80211_ATTR_PEER_AID])
9403 			return -EINVAL;
9404 		/* but don't bother the driver with it */
9405 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
9406 
9407 		/* allow authenticated/associated only if driver handles it */
9408 		if (!(rdev->wiphy.features &
9409 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
9410 		    params.sta_flags_mask & auth_assoc)
9411 			return -EINVAL;
9412 
9413 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9414 					     NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
9415 		    params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
9416 			return -EINVAL;
9417 
9418 		/* Older userspace, or userspace wanting to be compatible with
9419 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
9420 		 * and assoc flags in the mask, but assumes the station will be
9421 		 * added as associated anyway since this was the required driver
9422 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
9423 		 * introduced.
9424 		 * In order to not bother drivers with this quirk in the API
9425 		 * set the flags in both the mask and set for new stations in
9426 		 * this case.
9427 		 */
9428 		if (!(params.sta_flags_mask & auth_assoc)) {
9429 			params.sta_flags_mask |= auth_assoc;
9430 			params.sta_flags_set |= auth_assoc;
9431 		}
9432 
9433 		/* must be last in here for error handling */
9434 		params.vlan = get_vlan(info, rdev);
9435 		if (IS_ERR(params.vlan))
9436 			return PTR_ERR(params.vlan);
9437 		break;
9438 	case NL80211_IFTYPE_MESH_POINT:
9439 		/* ignore uAPSD data */
9440 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
9441 
9442 		/* associated is disallowed */
9443 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
9444 			return -EINVAL;
9445 		/* TDLS peers cannot be added */
9446 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
9447 		    info->attrs[NL80211_ATTR_PEER_AID])
9448 			return -EINVAL;
9449 		break;
9450 	case NL80211_IFTYPE_STATION:
9451 	case NL80211_IFTYPE_P2P_CLIENT:
9452 		/* ignore uAPSD data */
9453 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
9454 
9455 		/* these are disallowed */
9456 		if (params.sta_flags_mask &
9457 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
9458 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
9459 			return -EINVAL;
9460 		/* Only TDLS peers can be added */
9461 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
9462 			return -EINVAL;
9463 		/* Can only add if TDLS ... */
9464 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
9465 			return -EOPNOTSUPP;
9466 		/* ... with external setup is supported */
9467 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
9468 			return -EOPNOTSUPP;
9469 		/*
9470 		 * Older wpa_supplicant versions always mark the TDLS peer
9471 		 * as authorized, but it shouldn't yet be.
9472 		 */
9473 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
9474 		break;
9475 	case NL80211_IFTYPE_NAN:
9476 		break;
9477 	case NL80211_IFTYPE_NAN_DATA:
9478 		params.nmi_mac = nla_data(info->attrs[NL80211_ATTR_NAN_NMI_MAC]);
9479 		break;
9480 	default:
9481 		return -EOPNOTSUPP;
9482 	}
9483 
9484 	/* be aware of params.vlan when changing code here */
9485 
9486 	if (wdev->valid_links) {
9487 		if (params.link_sta_params.link_id < 0) {
9488 			err = -EINVAL;
9489 			goto out;
9490 		}
9491 		if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
9492 			err = -ENOLINK;
9493 			goto out;
9494 		}
9495 	} else {
9496 		if (params.link_sta_params.link_id >= 0) {
9497 			err = -EINVAL;
9498 			goto out;
9499 		}
9500 	}
9501 
9502 	params.epp_peer =
9503 		nla_get_flag(info->attrs[NL80211_ATTR_EPP_PEER]);
9504 
9505 	err = rdev_add_station(rdev, wdev, mac_addr, &params);
9506 out:
9507 	dev_put(params.vlan);
9508 	return err;
9509 }
9510 
9511 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
9512 {
9513 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9514 	struct wireless_dev *wdev = info->user_ptr[1];
9515 	struct net_device *dev = wdev->netdev;
9516 	struct station_del_parameters params;
9517 	int link_id = nl80211_link_id_or_invalid(info->attrs);
9518 
9519 	memset(&params, 0, sizeof(params));
9520 
9521 	if (!dev && wdev->iftype != NL80211_IFTYPE_NAN)
9522 		return -EINVAL;
9523 
9524 	if (info->attrs[NL80211_ATTR_MAC])
9525 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
9526 
9527 	switch (wdev->iftype) {
9528 	case NL80211_IFTYPE_AP:
9529 	case NL80211_IFTYPE_AP_VLAN:
9530 	case NL80211_IFTYPE_MESH_POINT:
9531 	case NL80211_IFTYPE_P2P_GO:
9532 	case NL80211_IFTYPE_NAN:
9533 	case NL80211_IFTYPE_NAN_DATA:
9534 		/* always accept these */
9535 		break;
9536 	case NL80211_IFTYPE_ADHOC:
9537 		/* conditionally accept */
9538 		if (wiphy_ext_feature_isset(&rdev->wiphy,
9539 					    NL80211_EXT_FEATURE_DEL_IBSS_STA))
9540 			break;
9541 		return -EINVAL;
9542 	default:
9543 		return -EINVAL;
9544 	}
9545 
9546 	if (!rdev->ops->del_station)
9547 		return -EOPNOTSUPP;
9548 
9549 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
9550 		params.subtype =
9551 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
9552 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
9553 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
9554 			return -EINVAL;
9555 	} else {
9556 		/* Default to Deauthentication frame */
9557 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
9558 	}
9559 
9560 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
9561 		params.reason_code =
9562 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9563 		if (params.reason_code == 0)
9564 			return -EINVAL; /* 0 is reserved */
9565 	} else {
9566 		/* Default to reason code 2 */
9567 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
9568 	}
9569 
9570 	/* Link ID not expected in case of non-ML operation */
9571 	if (!wdev->valid_links && link_id != -1)
9572 		return -EINVAL;
9573 
9574 	/* If given, a valid link ID should be passed during MLO */
9575 	if (wdev->valid_links && link_id >= 0 &&
9576 	    !(wdev->valid_links & BIT(link_id)))
9577 		return -EINVAL;
9578 
9579 	params.link_id = link_id;
9580 
9581 	return rdev_del_station(rdev, wdev, &params);
9582 }
9583 
9584 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
9585 				int flags, struct net_device *dev,
9586 				u8 *dst, u8 *next_hop,
9587 				struct mpath_info *pinfo)
9588 {
9589 	void *hdr;
9590 	struct nlattr *pinfoattr;
9591 
9592 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
9593 	if (!hdr)
9594 		return -1;
9595 
9596 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9597 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
9598 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
9599 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
9600 		goto nla_put_failure;
9601 
9602 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
9603 	if (!pinfoattr)
9604 		goto nla_put_failure;
9605 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
9606 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
9607 			pinfo->frame_qlen))
9608 		goto nla_put_failure;
9609 	if (((pinfo->filled & MPATH_INFO_SN) &&
9610 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
9611 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
9612 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
9613 			 pinfo->metric)) ||
9614 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
9615 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
9616 			 pinfo->exptime)) ||
9617 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
9618 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
9619 			pinfo->flags)) ||
9620 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
9621 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
9622 			 pinfo->discovery_timeout)) ||
9623 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
9624 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
9625 			pinfo->discovery_retries)) ||
9626 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
9627 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
9628 			pinfo->hop_count)) ||
9629 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
9630 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
9631 			 pinfo->path_change_count)))
9632 		goto nla_put_failure;
9633 
9634 	nla_nest_end(msg, pinfoattr);
9635 
9636 	genlmsg_end(msg, hdr);
9637 	return 0;
9638 
9639  nla_put_failure:
9640 	genlmsg_cancel(msg, hdr);
9641 	return -EMSGSIZE;
9642 }
9643 
9644 static int nl80211_dump_mpath(struct sk_buff *skb,
9645 			      struct netlink_callback *cb)
9646 {
9647 	struct mpath_info pinfo;
9648 	struct cfg80211_registered_device *rdev;
9649 	struct wireless_dev *wdev;
9650 	u8 dst[ETH_ALEN];
9651 	u8 next_hop[ETH_ALEN];
9652 	int path_idx = cb->args[2];
9653 	int err;
9654 
9655 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
9656 	if (err)
9657 		return err;
9658 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
9659 	__acquire(&rdev->wiphy.mtx);
9660 
9661 	if (!rdev->ops->dump_mpath) {
9662 		err = -EOPNOTSUPP;
9663 		goto out_err;
9664 	}
9665 
9666 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
9667 		err = -EOPNOTSUPP;
9668 		goto out_err;
9669 	}
9670 
9671 	while (1) {
9672 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
9673 				      next_hop, &pinfo);
9674 		if (err == -ENOENT)
9675 			break;
9676 		if (err)
9677 			goto out_err;
9678 
9679 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
9680 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
9681 				       wdev->netdev, dst, next_hop,
9682 				       &pinfo) < 0)
9683 			goto out;
9684 
9685 		path_idx++;
9686 	}
9687 
9688  out:
9689 	cb->args[2] = path_idx;
9690 	err = skb->len;
9691  out_err:
9692 	wiphy_unlock(&rdev->wiphy);
9693 	return err;
9694 }
9695 
9696 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
9697 {
9698 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9699 	int err;
9700 	struct net_device *dev = info->user_ptr[1];
9701 	struct mpath_info pinfo;
9702 	struct sk_buff *msg;
9703 	u8 *dst = NULL;
9704 	u8 next_hop[ETH_ALEN];
9705 
9706 	memset(&pinfo, 0, sizeof(pinfo));
9707 
9708 	if (!info->attrs[NL80211_ATTR_MAC])
9709 		return -EINVAL;
9710 
9711 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9712 
9713 	if (!rdev->ops->get_mpath)
9714 		return -EOPNOTSUPP;
9715 
9716 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9717 		return -EOPNOTSUPP;
9718 
9719 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
9720 	if (err)
9721 		return err;
9722 
9723 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9724 	if (!msg)
9725 		return -ENOMEM;
9726 
9727 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
9728 				 dev, dst, next_hop, &pinfo) < 0) {
9729 		nlmsg_free(msg);
9730 		return -ENOBUFS;
9731 	}
9732 
9733 	return genlmsg_reply(msg, info);
9734 }
9735 
9736 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
9737 {
9738 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9739 	struct net_device *dev = info->user_ptr[1];
9740 	u8 *dst = NULL;
9741 	u8 *next_hop = NULL;
9742 
9743 	if (!info->attrs[NL80211_ATTR_MAC])
9744 		return -EINVAL;
9745 
9746 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
9747 		return -EINVAL;
9748 
9749 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9750 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
9751 
9752 	if (!rdev->ops->change_mpath)
9753 		return -EOPNOTSUPP;
9754 
9755 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9756 		return -EOPNOTSUPP;
9757 
9758 	return rdev_change_mpath(rdev, dev, dst, next_hop);
9759 }
9760 
9761 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
9762 {
9763 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9764 	struct net_device *dev = info->user_ptr[1];
9765 	u8 *dst = NULL;
9766 	u8 *next_hop = NULL;
9767 
9768 	if (!info->attrs[NL80211_ATTR_MAC])
9769 		return -EINVAL;
9770 
9771 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
9772 		return -EINVAL;
9773 
9774 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9775 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
9776 
9777 	if (!rdev->ops->add_mpath)
9778 		return -EOPNOTSUPP;
9779 
9780 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9781 		return -EOPNOTSUPP;
9782 
9783 	return rdev_add_mpath(rdev, dev, dst, next_hop);
9784 }
9785 
9786 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
9787 {
9788 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9789 	struct net_device *dev = info->user_ptr[1];
9790 	u8 *dst = NULL;
9791 
9792 	if (info->attrs[NL80211_ATTR_MAC])
9793 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9794 
9795 	if (!rdev->ops->del_mpath)
9796 		return -EOPNOTSUPP;
9797 
9798 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9799 		return -EOPNOTSUPP;
9800 
9801 	return rdev_del_mpath(rdev, dev, dst);
9802 }
9803 
9804 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
9805 {
9806 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9807 	int err;
9808 	struct net_device *dev = info->user_ptr[1];
9809 	struct mpath_info pinfo;
9810 	struct sk_buff *msg;
9811 	u8 *dst = NULL;
9812 	u8 mpp[ETH_ALEN];
9813 
9814 	memset(&pinfo, 0, sizeof(pinfo));
9815 
9816 	if (!info->attrs[NL80211_ATTR_MAC])
9817 		return -EINVAL;
9818 
9819 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9820 
9821 	if (!rdev->ops->get_mpp)
9822 		return -EOPNOTSUPP;
9823 
9824 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9825 		return -EOPNOTSUPP;
9826 
9827 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
9828 	if (err)
9829 		return err;
9830 
9831 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9832 	if (!msg)
9833 		return -ENOMEM;
9834 
9835 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
9836 			       dev, dst, mpp, &pinfo) < 0) {
9837 		nlmsg_free(msg);
9838 		return -ENOBUFS;
9839 	}
9840 
9841 	return genlmsg_reply(msg, info);
9842 }
9843 
9844 static int nl80211_dump_mpp(struct sk_buff *skb,
9845 			    struct netlink_callback *cb)
9846 {
9847 	struct mpath_info pinfo;
9848 	struct cfg80211_registered_device *rdev;
9849 	struct wireless_dev *wdev;
9850 	u8 dst[ETH_ALEN];
9851 	u8 mpp[ETH_ALEN];
9852 	int path_idx = cb->args[2];
9853 	int err;
9854 
9855 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
9856 	if (err)
9857 		return err;
9858 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
9859 	__acquire(&rdev->wiphy.mtx);
9860 
9861 	if (!rdev->ops->dump_mpp) {
9862 		err = -EOPNOTSUPP;
9863 		goto out_err;
9864 	}
9865 
9866 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
9867 		err = -EOPNOTSUPP;
9868 		goto out_err;
9869 	}
9870 
9871 	while (1) {
9872 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
9873 				    mpp, &pinfo);
9874 		if (err == -ENOENT)
9875 			break;
9876 		if (err)
9877 			goto out_err;
9878 
9879 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
9880 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
9881 				       wdev->netdev, dst, mpp,
9882 				       &pinfo) < 0)
9883 			goto out;
9884 
9885 		path_idx++;
9886 	}
9887 
9888  out:
9889 	cb->args[2] = path_idx;
9890 	err = skb->len;
9891  out_err:
9892 	wiphy_unlock(&rdev->wiphy);
9893 	return err;
9894 }
9895 
9896 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
9897 {
9898 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9899 	struct net_device *dev = info->user_ptr[1];
9900 	struct bss_parameters params;
9901 	u32 bss_param_support = rdev->wiphy.bss_param_support;
9902 	u32 changed = 0;
9903 	bool strict;
9904 
9905 	memset(&params, 0, sizeof(params));
9906 	params.link_id = nl80211_link_id_or_invalid(info->attrs);
9907 	/* default to not changing parameters */
9908 	params.use_cts_prot = -1;
9909 	params.use_short_preamble = -1;
9910 	params.use_short_slot_time = -1;
9911 	params.ap_isolate = -1;
9912 	params.ht_opmode = -1;
9913 	params.p2p_ctwindow = -1;
9914 	params.p2p_opp_ps = -1;
9915 
9916 	strict = nla_get_flag(info->attrs[NL80211_ATTR_BSS_PARAM]);
9917 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) {
9918 		if (strict && !(bss_param_support & WIPHY_BSS_PARAM_CTS_PROT))
9919 			return -EINVAL;
9920 		params.use_cts_prot =
9921 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
9922 		changed |= WIPHY_BSS_PARAM_CTS_PROT;
9923 	}
9924 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) {
9925 		if (strict &&
9926 		    !(bss_param_support & WIPHY_BSS_PARAM_SHORT_PREAMBLE))
9927 			return -EINVAL;
9928 		params.use_short_preamble =
9929 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
9930 		changed |= WIPHY_BSS_PARAM_SHORT_PREAMBLE;
9931 	}
9932 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) {
9933 		if (strict &&
9934 		    !(bss_param_support & WIPHY_BSS_PARAM_SHORT_SLOT_TIME))
9935 			return -EINVAL;
9936 		params.use_short_slot_time =
9937 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
9938 		changed |= WIPHY_BSS_PARAM_SHORT_SLOT_TIME;
9939 	}
9940 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9941 		if (strict &&
9942 		    !(bss_param_support & WIPHY_BSS_PARAM_BASIC_RATES))
9943 			return -EINVAL;
9944 		params.basic_rates =
9945 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9946 		params.basic_rates_len =
9947 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9948 		changed |= WIPHY_BSS_PARAM_BASIC_RATES;
9949 	}
9950 	if (info->attrs[NL80211_ATTR_AP_ISOLATE]) {
9951 		if (strict && !(bss_param_support & WIPHY_BSS_PARAM_AP_ISOLATE))
9952 			return -EINVAL;
9953 		params.ap_isolate =
9954 			!!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
9955 		changed |= WIPHY_BSS_PARAM_AP_ISOLATE;
9956 	}
9957 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) {
9958 		if (strict && !(bss_param_support & WIPHY_BSS_PARAM_HT_OPMODE))
9959 			return -EINVAL;
9960 		params.ht_opmode =
9961 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
9962 		changed |= WIPHY_BSS_PARAM_HT_OPMODE;
9963 	}
9964 
9965 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
9966 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9967 			return -EINVAL;
9968 		params.p2p_ctwindow =
9969 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
9970 		if (params.p2p_ctwindow != 0 &&
9971 		    !(bss_param_support & WIPHY_BSS_PARAM_P2P_CTWINDOW))
9972 			return -EINVAL;
9973 		changed |= WIPHY_BSS_PARAM_P2P_CTWINDOW;
9974 	}
9975 
9976 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
9977 		u8 tmp;
9978 
9979 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9980 			return -EINVAL;
9981 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
9982 		if (tmp && !(bss_param_support & WIPHY_BSS_PARAM_P2P_OPPPS))
9983 			return -EINVAL;
9984 		params.p2p_opp_ps = tmp;
9985 		if (params.p2p_opp_ps &&
9986 		    !(rdev->wiphy.bss_param_support & WIPHY_BSS_PARAM_P2P_OPPPS))
9987 			return -EINVAL;
9988 	}
9989 
9990 	if (!rdev->ops->change_bss)
9991 		return -EOPNOTSUPP;
9992 
9993 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
9994 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9995 		return -EOPNOTSUPP;
9996 
9997 	changed &= rdev->wiphy.bss_param_support;
9998 	if (!changed)
9999 		return 0;
10000 
10001 	return rdev_change_bss(rdev, dev, &params);
10002 }
10003 
10004 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
10005 {
10006 	char *data = NULL;
10007 	bool is_indoor;
10008 	enum nl80211_user_reg_hint_type user_reg_hint_type;
10009 	u32 owner_nlportid;
10010 
10011 	/*
10012 	 * You should only get this when cfg80211 hasn't yet initialized
10013 	 * completely when built-in to the kernel right between the time
10014 	 * window between nl80211_init() and regulatory_init(), if that is
10015 	 * even possible.
10016 	 */
10017 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
10018 		return -EINPROGRESS;
10019 
10020 	user_reg_hint_type =
10021 		nla_get_u32_default(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE],
10022 				    NL80211_USER_REG_HINT_USER);
10023 
10024 	switch (user_reg_hint_type) {
10025 	case NL80211_USER_REG_HINT_USER:
10026 	case NL80211_USER_REG_HINT_CELL_BASE:
10027 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
10028 			return -EINVAL;
10029 
10030 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
10031 		return regulatory_hint_user(data, user_reg_hint_type);
10032 	case NL80211_USER_REG_HINT_INDOOR:
10033 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10034 			owner_nlportid = info->snd_portid;
10035 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
10036 		} else {
10037 			owner_nlportid = 0;
10038 			is_indoor = true;
10039 		}
10040 
10041 		regulatory_hint_indoor(is_indoor, owner_nlportid);
10042 		return 0;
10043 	default:
10044 		return -EINVAL;
10045 	}
10046 }
10047 
10048 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
10049 {
10050 	return reg_reload_regdb();
10051 }
10052 
10053 static int nl80211_get_mesh_config(struct sk_buff *skb,
10054 				   struct genl_info *info)
10055 {
10056 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10057 	struct net_device *dev = info->user_ptr[1];
10058 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10059 	struct mesh_config cur_params;
10060 	int err = 0;
10061 	void *hdr;
10062 	struct nlattr *pinfoattr;
10063 	struct sk_buff *msg;
10064 
10065 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
10066 		return -EOPNOTSUPP;
10067 
10068 	if (!rdev->ops->get_mesh_config)
10069 		return -EOPNOTSUPP;
10070 
10071 	/* If not connected, get default parameters */
10072 	if (!wdev->u.mesh.id_len)
10073 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
10074 	else
10075 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
10076 
10077 	if (err)
10078 		return err;
10079 
10080 	/* Draw up a netlink message to send back */
10081 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10082 	if (!msg)
10083 		return -ENOMEM;
10084 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10085 			     NL80211_CMD_GET_MESH_CONFIG);
10086 	if (!hdr)
10087 		goto out;
10088 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
10089 	if (!pinfoattr)
10090 		goto nla_put_failure;
10091 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10092 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
10093 			cur_params.dot11MeshRetryTimeout) ||
10094 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
10095 			cur_params.dot11MeshConfirmTimeout) ||
10096 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
10097 			cur_params.dot11MeshHoldingTimeout) ||
10098 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
10099 			cur_params.dot11MeshMaxPeerLinks) ||
10100 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
10101 		       cur_params.dot11MeshMaxRetries) ||
10102 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
10103 		       cur_params.dot11MeshTTL) ||
10104 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
10105 		       cur_params.element_ttl) ||
10106 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
10107 		       cur_params.auto_open_plinks) ||
10108 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
10109 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
10110 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
10111 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
10112 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
10113 			cur_params.path_refresh_time) ||
10114 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
10115 			cur_params.min_discovery_timeout) ||
10116 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
10117 			cur_params.dot11MeshHWMPactivePathTimeout) ||
10118 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
10119 			cur_params.dot11MeshHWMPpreqMinInterval) ||
10120 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
10121 			cur_params.dot11MeshHWMPperrMinInterval) ||
10122 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
10123 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
10124 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
10125 		       cur_params.dot11MeshHWMPRootMode) ||
10126 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
10127 			cur_params.dot11MeshHWMPRannInterval) ||
10128 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
10129 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
10130 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
10131 		       cur_params.dot11MeshForwarding) ||
10132 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
10133 			cur_params.rssi_threshold) ||
10134 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
10135 			cur_params.ht_opmode) ||
10136 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
10137 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
10138 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
10139 			cur_params.dot11MeshHWMProotInterval) ||
10140 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
10141 			cur_params.dot11MeshHWMPconfirmationInterval) ||
10142 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
10143 			cur_params.power_mode) ||
10144 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
10145 			cur_params.dot11MeshAwakeWindowDuration) ||
10146 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
10147 			cur_params.plink_timeout) ||
10148 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
10149 		       cur_params.dot11MeshConnectedToMeshGate) ||
10150 	    nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
10151 		       cur_params.dot11MeshNolearn) ||
10152 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
10153 		       cur_params.dot11MeshConnectedToAuthServer))
10154 		goto nla_put_failure;
10155 	nla_nest_end(msg, pinfoattr);
10156 	genlmsg_end(msg, hdr);
10157 	return genlmsg_reply(msg, info);
10158 
10159  nla_put_failure:
10160  out:
10161 	nlmsg_free(msg);
10162 	return -ENOBUFS;
10163 }
10164 
10165 static const struct nla_policy
10166 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
10167 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
10168 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
10169 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
10170 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
10171 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
10172 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
10173 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
10174 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
10175 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
10176 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
10177 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
10178 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
10179 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
10180 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
10181 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
10182 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
10183 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
10184 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
10185 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
10186 		NLA_POLICY_MIN(NLA_U16, 1),
10187 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
10188 		NLA_POLICY_MIN(NLA_U16, 1),
10189 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
10190 		NLA_POLICY_MIN(NLA_U16, 1),
10191 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
10192 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
10193 		NLA_POLICY_MIN(NLA_U16, 1),
10194 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
10195 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
10196 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
10197 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
10198 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
10199 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
10200 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
10201 		NLA_POLICY_MIN(NLA_U16, 1),
10202 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
10203 		NLA_POLICY_MIN(NLA_U16, 1),
10204 	[NL80211_MESHCONF_POWER_MODE] =
10205 		NLA_POLICY_RANGE(NLA_U32,
10206 				 NL80211_MESH_POWER_ACTIVE,
10207 				 NL80211_MESH_POWER_MAX),
10208 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
10209 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
10210 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
10211 	[NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
10212 	[NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
10213 };
10214 
10215 static const struct nla_policy
10216 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
10217 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
10218 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
10219 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
10220 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
10221 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
10222 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
10223 	[NL80211_MESH_SETUP_IE] =
10224 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
10225 				       IEEE80211_MAX_DATA_LEN),
10226 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
10227 };
10228 
10229 static int nl80211_parse_mesh_config(struct genl_info *info,
10230 				     struct mesh_config *cfg,
10231 				     u32 *mask_out)
10232 {
10233 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
10234 	u32 mask = 0;
10235 	u16 ht_opmode;
10236 
10237 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
10238 do {									\
10239 	if (tb[attr]) {							\
10240 		cfg->param = fn(tb[attr]);				\
10241 		mask |= BIT((attr) - 1);				\
10242 	}								\
10243 } while (0)
10244 
10245 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
10246 		return -EINVAL;
10247 	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
10248 		return -EINVAL;
10249 
10250 	/* This makes sure that there aren't more than 32 mesh config
10251 	 * parameters (otherwise our bitfield scheme would not work.) */
10252 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
10253 
10254 	/* Fill in the params struct */
10255 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
10256 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
10257 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
10258 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
10259 				  nla_get_u16);
10260 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
10261 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
10262 				  nla_get_u16);
10263 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
10264 				  NL80211_MESHCONF_MAX_PEER_LINKS,
10265 				  nla_get_u16);
10266 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
10267 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
10268 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
10269 				  NL80211_MESHCONF_TTL, nla_get_u8);
10270 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
10271 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
10272 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
10273 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
10274 				  nla_get_u8);
10275 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
10276 				  mask,
10277 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
10278 				  nla_get_u32);
10279 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
10280 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
10281 				  nla_get_u8);
10282 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
10283 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
10284 				  nla_get_u32);
10285 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
10286 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
10287 		return -EINVAL;
10288 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
10289 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
10290 				  nla_get_u16);
10291 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
10292 				  mask,
10293 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
10294 				  nla_get_u32);
10295 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
10296 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
10297 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
10298 		return -EINVAL;
10299 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
10300 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
10301 				  nla_get_u16);
10302 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
10303 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
10304 				  nla_get_u16);
10305 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
10306 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
10307 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
10308 				  nla_get_u16);
10309 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
10310 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
10311 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
10312 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
10313 				  nla_get_u16);
10314 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
10315 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
10316 				  nla_get_u8);
10317 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
10318 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
10319 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
10320 				  NL80211_MESHCONF_RSSI_THRESHOLD,
10321 				  nla_get_s32);
10322 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
10323 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
10324 				  nla_get_u8);
10325 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
10326 				  NL80211_MESHCONF_CONNECTED_TO_AS,
10327 				  nla_get_u8);
10328 	/*
10329 	 * Check HT operation mode based on
10330 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
10331 	 */
10332 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
10333 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
10334 
10335 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
10336 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
10337 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
10338 			return -EINVAL;
10339 
10340 		/* NON_HT_STA bit is reserved, but some programs set it */
10341 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
10342 
10343 		cfg->ht_opmode = ht_opmode;
10344 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
10345 	}
10346 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
10347 				  dot11MeshHWMPactivePathToRootTimeout, mask,
10348 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
10349 				  nla_get_u32);
10350 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
10351 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
10352 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
10353 		return -EINVAL;
10354 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
10355 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
10356 				  nla_get_u16);
10357 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
10358 				  mask,
10359 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
10360 				  nla_get_u16);
10361 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
10362 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
10363 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
10364 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
10365 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
10366 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
10367 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
10368 				  NL80211_MESHCONF_NOLEARN, nla_get_u8);
10369 	if (mask_out)
10370 		*mask_out = mask;
10371 
10372 	return 0;
10373 
10374 #undef FILL_IN_MESH_PARAM_IF_SET
10375 }
10376 
10377 static int nl80211_parse_mesh_setup(struct genl_info *info,
10378 				     struct mesh_setup *setup)
10379 {
10380 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10381 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
10382 
10383 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
10384 		return -EINVAL;
10385 	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
10386 		return -EINVAL;
10387 
10388 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
10389 		setup->sync_method =
10390 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
10391 		 IEEE80211_SYNC_METHOD_VENDOR :
10392 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
10393 
10394 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
10395 		setup->path_sel_proto =
10396 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
10397 		 IEEE80211_PATH_PROTOCOL_VENDOR :
10398 		 IEEE80211_PATH_PROTOCOL_HWMP;
10399 
10400 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
10401 		setup->path_metric =
10402 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
10403 		 IEEE80211_PATH_METRIC_VENDOR :
10404 		 IEEE80211_PATH_METRIC_AIRTIME;
10405 
10406 	if (tb[NL80211_MESH_SETUP_IE]) {
10407 		struct nlattr *ieattr =
10408 			tb[NL80211_MESH_SETUP_IE];
10409 		setup->ie = nla_data(ieattr);
10410 		setup->ie_len = nla_len(ieattr);
10411 	}
10412 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
10413 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
10414 		return -EINVAL;
10415 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
10416 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
10417 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
10418 	if (setup->is_secure)
10419 		setup->user_mpm = true;
10420 
10421 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
10422 		if (!setup->user_mpm)
10423 			return -EINVAL;
10424 		setup->auth_id =
10425 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
10426 	}
10427 
10428 	return 0;
10429 }
10430 
10431 static int nl80211_update_mesh_config(struct sk_buff *skb,
10432 				      struct genl_info *info)
10433 {
10434 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10435 	struct net_device *dev = info->user_ptr[1];
10436 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10437 	struct mesh_config cfg = {};
10438 	u32 mask;
10439 	int err;
10440 
10441 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
10442 		return -EOPNOTSUPP;
10443 
10444 	if (!rdev->ops->update_mesh_config)
10445 		return -EOPNOTSUPP;
10446 
10447 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
10448 	if (err)
10449 		return err;
10450 
10451 	if (!wdev->u.mesh.id_len)
10452 		err = -ENOLINK;
10453 
10454 	if (!err)
10455 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
10456 
10457 	return err;
10458 }
10459 
10460 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
10461 			      struct sk_buff *msg)
10462 {
10463 	struct nlattr *nl_reg_rules;
10464 	unsigned int i;
10465 
10466 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
10467 	    (regdom->dfs_region &&
10468 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
10469 		goto nla_put_failure;
10470 
10471 	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
10472 	if (!nl_reg_rules)
10473 		goto nla_put_failure;
10474 
10475 	for (i = 0; i < regdom->n_reg_rules; i++) {
10476 		struct nlattr *nl_reg_rule;
10477 		const struct ieee80211_reg_rule *reg_rule;
10478 		const struct ieee80211_freq_range *freq_range;
10479 		const struct ieee80211_power_rule *power_rule;
10480 		unsigned int max_bandwidth_khz;
10481 
10482 		reg_rule = &regdom->reg_rules[i];
10483 		freq_range = &reg_rule->freq_range;
10484 		power_rule = &reg_rule->power_rule;
10485 
10486 		nl_reg_rule = nla_nest_start_noflag(msg, i);
10487 		if (!nl_reg_rule)
10488 			goto nla_put_failure;
10489 
10490 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
10491 		if (!max_bandwidth_khz)
10492 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
10493 								  reg_rule);
10494 
10495 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
10496 				reg_rule->flags) ||
10497 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
10498 				freq_range->start_freq_khz) ||
10499 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
10500 				freq_range->end_freq_khz) ||
10501 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
10502 				max_bandwidth_khz) ||
10503 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
10504 				power_rule->max_antenna_gain) ||
10505 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
10506 				power_rule->max_eirp) ||
10507 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
10508 				reg_rule->dfs_cac_ms))
10509 			goto nla_put_failure;
10510 
10511 		if ((reg_rule->flags & NL80211_RRF_PSD) &&
10512 		    nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
10513 			       reg_rule->psd))
10514 			goto nla_put_failure;
10515 
10516 		nla_nest_end(msg, nl_reg_rule);
10517 	}
10518 
10519 	nla_nest_end(msg, nl_reg_rules);
10520 	return 0;
10521 
10522 nla_put_failure:
10523 	return -EMSGSIZE;
10524 }
10525 
10526 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
10527 {
10528 	const struct ieee80211_regdomain *regdom = NULL;
10529 	struct cfg80211_registered_device *rdev;
10530 	struct wiphy *wiphy = NULL;
10531 	struct sk_buff *msg;
10532 	int err = -EMSGSIZE;
10533 	void *hdr;
10534 
10535 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10536 	if (!msg)
10537 		return -ENOBUFS;
10538 
10539 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10540 			     NL80211_CMD_GET_REG);
10541 	if (!hdr)
10542 		goto put_failure;
10543 
10544 	rtnl_lock();
10545 
10546 	if (info->attrs[NL80211_ATTR_WIPHY]) {
10547 		bool self_managed;
10548 
10549 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
10550 		if (IS_ERR(rdev)) {
10551 			err = PTR_ERR(rdev);
10552 			goto nla_put_failure;
10553 		}
10554 
10555 		wiphy = &rdev->wiphy;
10556 		self_managed = wiphy->regulatory_flags &
10557 			       REGULATORY_WIPHY_SELF_MANAGED;
10558 
10559 		rcu_read_lock();
10560 
10561 		regdom = get_wiphy_regdom(wiphy);
10562 
10563 		/* a self-managed-reg device must have a private regdom */
10564 		if (WARN_ON(!regdom && self_managed)) {
10565 			err = -EINVAL;
10566 			goto nla_put_failure_rcu;
10567 		}
10568 
10569 		if (regdom &&
10570 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10571 			goto nla_put_failure_rcu;
10572 	} else {
10573 		rcu_read_lock();
10574 	}
10575 
10576 	if (!wiphy && reg_last_request_cell_base() &&
10577 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
10578 			NL80211_USER_REG_HINT_CELL_BASE))
10579 		goto nla_put_failure_rcu;
10580 
10581 	if (!regdom)
10582 		regdom = rcu_dereference(cfg80211_regdomain);
10583 
10584 	if (nl80211_put_regdom(regdom, msg))
10585 		goto nla_put_failure_rcu;
10586 
10587 	rcu_read_unlock();
10588 
10589 	genlmsg_end(msg, hdr);
10590 	rtnl_unlock();
10591 	return genlmsg_reply(msg, info);
10592 
10593 nla_put_failure_rcu:
10594 	rcu_read_unlock();
10595 nla_put_failure:
10596 	rtnl_unlock();
10597 put_failure:
10598 	nlmsg_free(msg);
10599 	return err;
10600 }
10601 
10602 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
10603 			       u32 seq, int flags, struct wiphy *wiphy,
10604 			       const struct ieee80211_regdomain *regdom)
10605 {
10606 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
10607 				   NL80211_CMD_GET_REG);
10608 
10609 	if (!hdr)
10610 		return -1;
10611 
10612 	genl_dump_check_consistent(cb, hdr);
10613 
10614 	if (nl80211_put_regdom(regdom, msg))
10615 		goto nla_put_failure;
10616 
10617 	if (!wiphy && reg_last_request_cell_base() &&
10618 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
10619 			NL80211_USER_REG_HINT_CELL_BASE))
10620 		goto nla_put_failure;
10621 
10622 	if (wiphy &&
10623 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10624 		goto nla_put_failure;
10625 
10626 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
10627 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
10628 		goto nla_put_failure;
10629 
10630 	genlmsg_end(msg, hdr);
10631 	return 0;
10632 
10633 nla_put_failure:
10634 	genlmsg_cancel(msg, hdr);
10635 	return -EMSGSIZE;
10636 }
10637 
10638 static int nl80211_get_reg_dump(struct sk_buff *skb,
10639 				struct netlink_callback *cb)
10640 {
10641 	const struct ieee80211_regdomain *regdom = NULL;
10642 	struct cfg80211_registered_device *rdev;
10643 	int err, reg_idx, start = cb->args[2];
10644 
10645 	rcu_read_lock();
10646 
10647 	if (cfg80211_regdomain && start == 0) {
10648 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
10649 					  NLM_F_MULTI, NULL,
10650 					  rcu_dereference(cfg80211_regdomain));
10651 		if (err < 0)
10652 			goto out_err;
10653 	}
10654 
10655 	/* the global regdom is idx 0 */
10656 	reg_idx = 1;
10657 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
10658 		regdom = get_wiphy_regdom(&rdev->wiphy);
10659 		if (!regdom)
10660 			continue;
10661 
10662 		if (++reg_idx <= start)
10663 			continue;
10664 
10665 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
10666 					  NLM_F_MULTI, &rdev->wiphy, regdom);
10667 		if (err < 0) {
10668 			reg_idx--;
10669 			break;
10670 		}
10671 	}
10672 
10673 	cb->args[2] = reg_idx;
10674 	err = skb->len;
10675 out_err:
10676 	rcu_read_unlock();
10677 	return err;
10678 }
10679 
10680 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
10681 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
10682 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
10683 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
10684 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
10685 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
10686 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
10687 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
10688 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
10689 };
10690 
10691 static int parse_reg_rule(struct nlattr *tb[],
10692 	struct ieee80211_reg_rule *reg_rule)
10693 {
10694 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
10695 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
10696 
10697 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
10698 		return -EINVAL;
10699 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
10700 		return -EINVAL;
10701 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
10702 		return -EINVAL;
10703 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
10704 		return -EINVAL;
10705 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
10706 		return -EINVAL;
10707 
10708 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
10709 
10710 	freq_range->start_freq_khz =
10711 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
10712 	freq_range->end_freq_khz =
10713 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
10714 	freq_range->max_bandwidth_khz =
10715 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
10716 
10717 	power_rule->max_eirp =
10718 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
10719 
10720 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
10721 		power_rule->max_antenna_gain =
10722 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
10723 
10724 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
10725 		reg_rule->dfs_cac_ms =
10726 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
10727 
10728 	return 0;
10729 }
10730 
10731 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
10732 {
10733 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
10734 	struct nlattr *nl_reg_rule;
10735 	char *alpha2;
10736 	int rem_reg_rules, r;
10737 	u32 num_rules = 0, rule_idx = 0;
10738 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
10739 	struct ieee80211_regdomain *rd;
10740 
10741 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
10742 		return -EINVAL;
10743 
10744 	if (!info->attrs[NL80211_ATTR_REG_RULES])
10745 		return -EINVAL;
10746 
10747 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
10748 
10749 	if (info->attrs[NL80211_ATTR_DFS_REGION])
10750 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
10751 
10752 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
10753 			    rem_reg_rules) {
10754 		num_rules++;
10755 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
10756 			return -EINVAL;
10757 	}
10758 
10759 	rtnl_lock();
10760 	if (!reg_is_valid_request(alpha2)) {
10761 		r = -EINVAL;
10762 		goto out;
10763 	}
10764 
10765 	rd = kzalloc_flex(*rd, reg_rules, num_rules);
10766 	if (!rd) {
10767 		r = -ENOMEM;
10768 		goto out;
10769 	}
10770 
10771 	rd->n_reg_rules = num_rules;
10772 	rd->alpha2[0] = alpha2[0];
10773 	rd->alpha2[1] = alpha2[1];
10774 
10775 	/*
10776 	 * Disable DFS master mode if the DFS region was
10777 	 * not supported or known on this kernel.
10778 	 */
10779 	if (reg_supported_dfs_region(dfs_region))
10780 		rd->dfs_region = dfs_region;
10781 
10782 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
10783 			    rem_reg_rules) {
10784 		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
10785 						nl_reg_rule, reg_rule_policy,
10786 						info->extack);
10787 		if (r)
10788 			goto bad_reg;
10789 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
10790 		if (r)
10791 			goto bad_reg;
10792 
10793 		rule_idx++;
10794 
10795 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
10796 			r = -EINVAL;
10797 			goto bad_reg;
10798 		}
10799 	}
10800 
10801 	r = set_regdom(rd, REGD_SOURCE_CRDA);
10802 	/* set_regdom takes ownership of rd */
10803 	rd = NULL;
10804  bad_reg:
10805 	kfree(rd);
10806  out:
10807 	rtnl_unlock();
10808 	return r;
10809 }
10810 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
10811 
10812 static int validate_scan_freqs(struct nlattr *freqs)
10813 {
10814 	struct nlattr *attr1, *attr2;
10815 	int n_channels = 0, tmp1, tmp2;
10816 
10817 	nla_for_each_nested(attr1, freqs, tmp1)
10818 		if (nla_len(attr1) != sizeof(u32))
10819 			return 0;
10820 
10821 	nla_for_each_nested(attr1, freqs, tmp1) {
10822 		n_channels++;
10823 		/*
10824 		 * Some hardware has a limited channel list for
10825 		 * scanning, and it is pretty much nonsensical
10826 		 * to scan for a channel twice, so disallow that
10827 		 * and don't require drivers to check that the
10828 		 * channel list they get isn't longer than what
10829 		 * they can scan, as long as they can scan all
10830 		 * the channels they registered at once.
10831 		 */
10832 		nla_for_each_nested(attr2, freqs, tmp2)
10833 			if (attr1 != attr2 &&
10834 			    nla_get_u32(attr1) == nla_get_u32(attr2))
10835 				return 0;
10836 	}
10837 
10838 	return n_channels;
10839 }
10840 
10841 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
10842 {
10843 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
10844 }
10845 
10846 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
10847 			    struct cfg80211_bss_selection *bss_select)
10848 {
10849 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
10850 	struct nlattr *nest;
10851 	int err;
10852 	bool found = false;
10853 	int i;
10854 
10855 	/* only process one nested attribute */
10856 	nest = nla_data(nla);
10857 	if (!nla_ok(nest, nla_len(nest)))
10858 		return -EINVAL;
10859 
10860 	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
10861 					  nest, nl80211_bss_select_policy,
10862 					  NULL);
10863 	if (err)
10864 		return err;
10865 
10866 	/* only one attribute may be given */
10867 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
10868 		if (attr[i]) {
10869 			if (found)
10870 				return -EINVAL;
10871 			found = true;
10872 		}
10873 	}
10874 
10875 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
10876 
10877 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
10878 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
10879 
10880 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
10881 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
10882 		bss_select->param.band_pref =
10883 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
10884 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
10885 			return -EINVAL;
10886 	}
10887 
10888 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
10889 		struct nl80211_bss_select_rssi_adjust *adj_param;
10890 
10891 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
10892 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
10893 		bss_select->param.adjust.band = adj_param->band;
10894 		bss_select->param.adjust.delta = adj_param->delta;
10895 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
10896 			return -EINVAL;
10897 	}
10898 
10899 	/* user-space did not provide behaviour attribute */
10900 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
10901 		return -EINVAL;
10902 
10903 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
10904 		return -EINVAL;
10905 
10906 	return 0;
10907 }
10908 
10909 int nl80211_parse_random_mac(struct nlattr **attrs,
10910 			     u8 *mac_addr, u8 *mac_addr_mask)
10911 {
10912 	int i;
10913 
10914 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
10915 		eth_zero_addr(mac_addr);
10916 		eth_zero_addr(mac_addr_mask);
10917 		mac_addr[0] = 0x2;
10918 		mac_addr_mask[0] = 0x3;
10919 
10920 		return 0;
10921 	}
10922 
10923 	/* need both or none */
10924 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
10925 		return -EINVAL;
10926 
10927 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
10928 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
10929 
10930 	/* don't allow or configure an mcast address */
10931 	if (!is_multicast_ether_addr(mac_addr_mask) ||
10932 	    is_multicast_ether_addr(mac_addr))
10933 		return -EINVAL;
10934 
10935 	/*
10936 	 * allow users to pass a MAC address that has bits set outside
10937 	 * of the mask, but don't bother drivers with having to deal
10938 	 * with such bits
10939 	 */
10940 	for (i = 0; i < ETH_ALEN; i++)
10941 		mac_addr[i] &= mac_addr_mask[i];
10942 
10943 	return 0;
10944 }
10945 
10946 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
10947 					      struct ieee80211_channel *chan)
10948 {
10949 	unsigned int link_id;
10950 	bool all_ok = true;
10951 	int radio_idx;
10952 
10953 	lockdep_assert_wiphy(wdev->wiphy);
10954 
10955 	if (!cfg80211_wdev_channel_allowed(wdev, chan))
10956 		return false;
10957 
10958 	if (!cfg80211_beaconing_iface_active(wdev))
10959 		return true;
10960 
10961 	radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy, chan);
10962 
10963 	/*
10964 	 * FIXME: check if we have a free radio/link for chan
10965 	 *
10966 	 * This, as well as the FIXME below, requires knowing the link
10967 	 * capabilities of the hardware.
10968 	 */
10969 
10970 	/* we cannot leave radar channels */
10971 	for_each_valid_link(wdev, link_id) {
10972 		struct cfg80211_chan_def *chandef;
10973 		int link_radio_idx;
10974 
10975 		chandef = wdev_chandef(wdev, link_id);
10976 		if (!chandef || !chandef->chan)
10977 			continue;
10978 
10979 		if (!(chandef->chan->flags & IEEE80211_CHAN_RADAR))
10980 			continue;
10981 
10982 		/*
10983 		 * chandef->chan is a radar channel. If the radio/link onto
10984 		 * which this radar channel falls is the same radio/link onto
10985 		 * which the input 'chan' falls, off-channel operation should
10986 		 * not be allowed. Hence, set 'all_ok' to false.
10987 		 */
10988 
10989 		link_radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy,
10990 								chandef->chan);
10991 		if (link_radio_idx == radio_idx) {
10992 			all_ok = false;
10993 			break;
10994 		}
10995 	}
10996 
10997 	if (all_ok)
10998 		return true;
10999 
11000 	return regulatory_pre_cac_allowed(wdev->wiphy);
11001 }
11002 
11003 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
11004 				    enum nl80211_ext_feature_index feat)
11005 {
11006 	if (!(flags & flag))
11007 		return true;
11008 	if (wiphy_ext_feature_isset(wiphy, feat))
11009 		return true;
11010 	return false;
11011 }
11012 
11013 static int
11014 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
11015 			 struct nlattr **attrs, u8 *mac_addr, u8 *mac_addr_mask,
11016 			 u32 *flags, enum nl80211_feature_flags randomness_flag)
11017 {
11018 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
11019 		return 0;
11020 
11021 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
11022 
11023 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
11024 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
11025 	    !nl80211_check_scan_feat(wiphy, *flags,
11026 				     NL80211_SCAN_FLAG_LOW_SPAN,
11027 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
11028 	    !nl80211_check_scan_feat(wiphy, *flags,
11029 				     NL80211_SCAN_FLAG_LOW_POWER,
11030 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
11031 	    !nl80211_check_scan_feat(wiphy, *flags,
11032 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
11033 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
11034 	    !nl80211_check_scan_feat(wiphy, *flags,
11035 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
11036 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
11037 	    !nl80211_check_scan_feat(wiphy, *flags,
11038 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
11039 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
11040 	    !nl80211_check_scan_feat(wiphy, *flags,
11041 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
11042 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
11043 	    !nl80211_check_scan_feat(wiphy, *flags,
11044 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
11045 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
11046 	    !nl80211_check_scan_feat(wiphy, *flags,
11047 				     NL80211_SCAN_FLAG_RANDOM_SN,
11048 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
11049 	    !nl80211_check_scan_feat(wiphy, *flags,
11050 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
11051 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
11052 		return -EOPNOTSUPP;
11053 
11054 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
11055 		int err;
11056 
11057 		if (!(wiphy->features & randomness_flag) ||
11058 		    (wdev && wdev->connected))
11059 			return -EOPNOTSUPP;
11060 
11061 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
11062 		if (err)
11063 			return err;
11064 	}
11065 
11066 	return 0;
11067 }
11068 
11069 static int
11070 nl80211_check_scan_flags_sched(struct wiphy *wiphy, struct wireless_dev *wdev,
11071 			       struct nlattr **attrs,
11072 			       struct cfg80211_sched_scan_request *req)
11073 {
11074 	return nl80211_check_scan_flags(wiphy, wdev, attrs,
11075 					req->mac_addr, req->mac_addr_mask,
11076 					&req->flags,
11077 					wdev ? NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
11078 					       NL80211_FEATURE_ND_RANDOM_MAC_ADDR);
11079 }
11080 
11081 static int
11082 nl80211_check_scan_flags_reg(struct wiphy *wiphy, struct wireless_dev *wdev,
11083 			     struct nlattr **attrs,
11084 			     struct cfg80211_scan_request_int *req)
11085 {
11086 	return nl80211_check_scan_flags(wiphy, wdev, attrs,
11087 					req->req.mac_addr,
11088 					req->req.mac_addr_mask,
11089 					&req->req.flags,
11090 					NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR);
11091 }
11092 
11093 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
11094 {
11095 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11096 	struct wireless_dev *wdev = info->user_ptr[1];
11097 	struct cfg80211_scan_request_int *request;
11098 	struct nlattr *scan_freqs = NULL;
11099 	bool scan_freqs_khz = false;
11100 	struct nlattr *attr;
11101 	struct wiphy *wiphy;
11102 	int err, tmp, n_ssids = 0, n_channels, i;
11103 	size_t ie_len, size;
11104 	size_t ssids_offset, ie_offset;
11105 
11106 	wiphy = &rdev->wiphy;
11107 
11108 	if (wdev->iftype == NL80211_IFTYPE_NAN ||
11109 	    wdev->iftype == NL80211_IFTYPE_PD)
11110 		return -EOPNOTSUPP;
11111 
11112 	if (!rdev->ops->scan)
11113 		return -EOPNOTSUPP;
11114 
11115 	if (rdev->scan_req || rdev->scan_msg)
11116 		return -EBUSY;
11117 
11118 	if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
11119 		if (!wiphy_ext_feature_isset(wiphy,
11120 					     NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
11121 			return -EOPNOTSUPP;
11122 		scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
11123 		scan_freqs_khz = true;
11124 	} else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
11125 		scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
11126 
11127 	if (scan_freqs) {
11128 		n_channels = validate_scan_freqs(scan_freqs);
11129 		if (!n_channels)
11130 			return -EINVAL;
11131 	} else {
11132 		n_channels = ieee80211_get_num_supported_channels(wiphy);
11133 	}
11134 
11135 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
11136 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
11137 			n_ssids++;
11138 
11139 	if (n_ssids > wiphy->max_scan_ssids)
11140 		return -EINVAL;
11141 
11142 	if (info->attrs[NL80211_ATTR_IE])
11143 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11144 	else
11145 		ie_len = 0;
11146 
11147 	if (ie_len > wiphy->max_scan_ie_len)
11148 		return -EINVAL;
11149 
11150 	size = struct_size(request, req.channels, n_channels);
11151 	ssids_offset = size;
11152 	size = size_add(size, array_size(sizeof(*request->req.ssids), n_ssids));
11153 	ie_offset = size;
11154 	size = size_add(size, ie_len);
11155 	request = kzalloc(size, GFP_KERNEL);
11156 	if (!request)
11157 		return -ENOMEM;
11158 
11159 	if (n_ssids)
11160 		request->req.ssids = (void *)request + ssids_offset;
11161 	request->req.n_ssids = n_ssids;
11162 	if (ie_len)
11163 		request->req.ie = (void *)request + ie_offset;
11164 
11165 	i = 0;
11166 	if (scan_freqs) {
11167 		/* user specified, bail out if channel not found */
11168 		nla_for_each_nested(attr, scan_freqs, tmp) {
11169 			struct ieee80211_channel *chan;
11170 			int freq = nla_get_u32(attr);
11171 
11172 			if (!scan_freqs_khz)
11173 				freq = MHZ_TO_KHZ(freq);
11174 
11175 			chan = ieee80211_get_channel_khz(wiphy, freq);
11176 			if (!chan) {
11177 				err = -EINVAL;
11178 				goto out_free;
11179 			}
11180 
11181 			/* Ignore disabled / no primary channels */
11182 			if (chan->flags & IEEE80211_CHAN_DISABLED ||
11183 			    chan->flags & IEEE80211_CHAN_S1G_NO_PRIMARY ||
11184 			    !cfg80211_wdev_channel_allowed(wdev, chan))
11185 				continue;
11186 
11187 			request->req.channels[i] = chan;
11188 			i++;
11189 		}
11190 	} else {
11191 		enum nl80211_band band;
11192 
11193 		/* all channels */
11194 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
11195 			int j;
11196 
11197 			if (!wiphy->bands[band])
11198 				continue;
11199 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
11200 				struct ieee80211_channel *chan;
11201 
11202 				chan = &wiphy->bands[band]->channels[j];
11203 
11204 				if (chan->flags & IEEE80211_CHAN_DISABLED ||
11205 				    chan->flags &
11206 					    IEEE80211_CHAN_S1G_NO_PRIMARY ||
11207 				    !cfg80211_wdev_channel_allowed(wdev, chan))
11208 					continue;
11209 
11210 				request->req.channels[i] = chan;
11211 				i++;
11212 			}
11213 		}
11214 	}
11215 
11216 	if (!i) {
11217 		err = -EINVAL;
11218 		goto out_free;
11219 	}
11220 
11221 	request->req.n_channels = i;
11222 
11223 	for (i = 0; i < request->req.n_channels; i++) {
11224 		struct ieee80211_channel *chan = request->req.channels[i];
11225 
11226 		/* if we can go off-channel to the target channel we're good */
11227 		if (cfg80211_off_channel_oper_allowed(wdev, chan))
11228 			continue;
11229 
11230 		if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
11231 			err = -EBUSY;
11232 			goto out_free;
11233 		}
11234 	}
11235 
11236 	i = 0;
11237 	if (n_ssids) {
11238 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
11239 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
11240 				err = -EINVAL;
11241 				goto out_free;
11242 			}
11243 			request->req.ssids[i].ssid_len = nla_len(attr);
11244 			memcpy(request->req.ssids[i].ssid,
11245 			       nla_data(attr), nla_len(attr));
11246 			i++;
11247 		}
11248 	}
11249 
11250 	if (info->attrs[NL80211_ATTR_IE]) {
11251 		request->req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
11252 		memcpy((void *)request->req.ie,
11253 		       nla_data(info->attrs[NL80211_ATTR_IE]),
11254 		       request->req.ie_len);
11255 	}
11256 
11257 	for (i = 0; i < NUM_NL80211_BANDS; i++)
11258 		if (wiphy->bands[i])
11259 			request->req.rates[i] =
11260 				(1 << wiphy->bands[i]->n_bitrates) - 1;
11261 
11262 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
11263 		nla_for_each_nested(attr,
11264 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
11265 				    tmp) {
11266 			int band = nla_type(attr);
11267 
11268 			if (band < 0 || band >= NUM_NL80211_BANDS) {
11269 				err = -EINVAL;
11270 				goto out_free;
11271 			}
11272 
11273 			if (!wiphy->bands[band])
11274 				continue;
11275 
11276 			err = ieee80211_get_ratemask(wiphy->bands[band],
11277 						     nla_data(attr),
11278 						     nla_len(attr),
11279 						     &request->req.rates[band]);
11280 			if (err)
11281 				goto out_free;
11282 		}
11283 	}
11284 
11285 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
11286 		request->req.duration =
11287 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
11288 		request->req.duration_mandatory =
11289 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
11290 	}
11291 
11292 	err = nl80211_check_scan_flags_reg(wiphy, wdev, info->attrs, request);
11293 	if (err)
11294 		goto out_free;
11295 
11296 	request->req.no_cck =
11297 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
11298 
11299 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
11300 	 * BSSID to scan for. This was problematic because that same attribute
11301 	 * was already used for another purpose (local random MAC address). The
11302 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
11303 	 * compatibility with older userspace components, also use the
11304 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
11305 	 * the specific BSSID use case instead of the random MAC address
11306 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
11307 	 */
11308 	if (info->attrs[NL80211_ATTR_BSSID])
11309 		memcpy(request->req.bssid,
11310 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
11311 	else if (!(request->req.flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
11312 		 info->attrs[NL80211_ATTR_MAC])
11313 		memcpy(request->req.bssid,
11314 		       nla_data(info->attrs[NL80211_ATTR_MAC]),
11315 		       ETH_ALEN);
11316 	else
11317 		eth_broadcast_addr(request->req.bssid);
11318 
11319 	request->req.tsf_report_link_id =
11320 		nl80211_link_id_or_invalid(info->attrs);
11321 	request->req.wdev = wdev;
11322 	request->req.wiphy = &rdev->wiphy;
11323 	request->req.scan_start = jiffies;
11324 
11325 	rdev->scan_req = request;
11326 	err = cfg80211_scan(rdev);
11327 
11328 	if (err)
11329 		goto out_free;
11330 
11331 	nl80211_send_scan_start(rdev, wdev);
11332 	dev_hold(wdev->netdev);
11333 
11334 	return 0;
11335 
11336  out_free:
11337 	rdev->scan_req = NULL;
11338 	kfree(request);
11339 
11340 	return err;
11341 }
11342 
11343 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
11344 {
11345 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11346 	struct wireless_dev *wdev = info->user_ptr[1];
11347 
11348 	if (!rdev->ops->abort_scan)
11349 		return -EOPNOTSUPP;
11350 
11351 	if (rdev->scan_msg)
11352 		return 0;
11353 
11354 	if (!rdev->scan_req)
11355 		return -ENOENT;
11356 
11357 	rdev_abort_scan(rdev, wdev);
11358 	return 0;
11359 }
11360 
11361 static int
11362 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
11363 			       struct cfg80211_sched_scan_request *request,
11364 			       struct nlattr **attrs)
11365 {
11366 	int tmp, err, i = 0;
11367 	struct nlattr *attr;
11368 
11369 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
11370 		u32 interval;
11371 
11372 		/*
11373 		 * If scan plans are not specified,
11374 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
11375 		 * case one scan plan will be set with the specified scan
11376 		 * interval and infinite number of iterations.
11377 		 */
11378 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
11379 		if (!interval)
11380 			return -EINVAL;
11381 
11382 		request->scan_plans[0].interval =
11383 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
11384 		if (!request->scan_plans[0].interval)
11385 			return -EINVAL;
11386 
11387 		if (request->scan_plans[0].interval >
11388 		    wiphy->max_sched_scan_plan_interval)
11389 			request->scan_plans[0].interval =
11390 				wiphy->max_sched_scan_plan_interval;
11391 
11392 		return 0;
11393 	}
11394 
11395 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
11396 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
11397 
11398 		if (WARN_ON(i >= n_plans))
11399 			return -EINVAL;
11400 
11401 		err = nla_parse_nested_deprecated(plan,
11402 						  NL80211_SCHED_SCAN_PLAN_MAX,
11403 						  attr, nl80211_plan_policy,
11404 						  NULL);
11405 		if (err)
11406 			return err;
11407 
11408 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
11409 			return -EINVAL;
11410 
11411 		request->scan_plans[i].interval =
11412 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
11413 		if (!request->scan_plans[i].interval ||
11414 		    request->scan_plans[i].interval >
11415 		    wiphy->max_sched_scan_plan_interval)
11416 			return -EINVAL;
11417 
11418 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
11419 			request->scan_plans[i].iterations =
11420 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
11421 			if (!request->scan_plans[i].iterations ||
11422 			    (request->scan_plans[i].iterations >
11423 			     wiphy->max_sched_scan_plan_iterations))
11424 				return -EINVAL;
11425 		} else if (i < n_plans - 1) {
11426 			/*
11427 			 * All scan plans but the last one must specify
11428 			 * a finite number of iterations
11429 			 */
11430 			return -EINVAL;
11431 		}
11432 
11433 		i++;
11434 	}
11435 
11436 	/*
11437 	 * The last scan plan must not specify the number of
11438 	 * iterations, it is supposed to run infinitely
11439 	 */
11440 	if (request->scan_plans[n_plans - 1].iterations)
11441 		return  -EINVAL;
11442 
11443 	return 0;
11444 }
11445 
11446 static struct cfg80211_sched_scan_request *
11447 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
11448 			 struct nlattr **attrs, int max_match_sets)
11449 {
11450 	struct cfg80211_sched_scan_request *request;
11451 	struct nlattr *attr;
11452 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
11453 	enum nl80211_band band;
11454 	size_t ie_len, size;
11455 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
11456 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
11457 
11458 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
11459 		n_channels = validate_scan_freqs(
11460 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
11461 		if (!n_channels)
11462 			return ERR_PTR(-EINVAL);
11463 	} else {
11464 		n_channels = ieee80211_get_num_supported_channels(wiphy);
11465 	}
11466 
11467 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
11468 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
11469 				    tmp)
11470 			n_ssids++;
11471 
11472 	if (n_ssids > wiphy->max_sched_scan_ssids)
11473 		return ERR_PTR(-EINVAL);
11474 
11475 	/*
11476 	 * First, count the number of 'real' matchsets. Due to an issue with
11477 	 * the old implementation, matchsets containing only the RSSI attribute
11478 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
11479 	 * RSSI for all matchsets, rather than their own matchset for reporting
11480 	 * all APs with a strong RSSI. This is needed to be compatible with
11481 	 * older userspace that treated a matchset with only the RSSI as the
11482 	 * global RSSI for all other matchsets - if there are other matchsets.
11483 	 */
11484 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
11485 		nla_for_each_nested(attr,
11486 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
11487 				    tmp) {
11488 			struct nlattr *rssi;
11489 
11490 			err = nla_parse_nested_deprecated(tb,
11491 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
11492 							  attr,
11493 							  nl80211_match_policy,
11494 							  NULL);
11495 			if (err)
11496 				return ERR_PTR(err);
11497 
11498 			/* SSID and BSSID are mutually exclusive */
11499 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
11500 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
11501 				return ERR_PTR(-EINVAL);
11502 
11503 			/* add other standalone attributes here */
11504 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
11505 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
11506 				n_match_sets++;
11507 				continue;
11508 			}
11509 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
11510 			if (rssi)
11511 				default_match_rssi = nla_get_s32(rssi);
11512 		}
11513 	}
11514 
11515 	/* However, if there's no other matchset, add the RSSI one */
11516 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
11517 		n_match_sets = 1;
11518 
11519 	if (n_match_sets > max_match_sets)
11520 		return ERR_PTR(-EINVAL);
11521 
11522 	if (attrs[NL80211_ATTR_IE])
11523 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
11524 	else
11525 		ie_len = 0;
11526 
11527 	if (ie_len > wiphy->max_sched_scan_ie_len)
11528 		return ERR_PTR(-EINVAL);
11529 
11530 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
11531 		/*
11532 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
11533 		 * each scan plan already specifies its own interval
11534 		 */
11535 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
11536 			return ERR_PTR(-EINVAL);
11537 
11538 		nla_for_each_nested(attr,
11539 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
11540 			n_plans++;
11541 	} else {
11542 		/*
11543 		 * The scan interval attribute is kept for backward
11544 		 * compatibility. If no scan plans are specified and sched scan
11545 		 * interval is specified, one scan plan will be set with this
11546 		 * scan interval and infinite number of iterations.
11547 		 */
11548 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
11549 			return ERR_PTR(-EINVAL);
11550 
11551 		n_plans = 1;
11552 	}
11553 
11554 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
11555 		return ERR_PTR(-EINVAL);
11556 
11557 	if (!wiphy_ext_feature_isset(
11558 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
11559 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
11560 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
11561 		return ERR_PTR(-EINVAL);
11562 
11563 	size = struct_size(request, channels, n_channels);
11564 	size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
11565 	size = size_add(size, array_size(sizeof(*request->match_sets),
11566 					 n_match_sets));
11567 	size = size_add(size, array_size(sizeof(*request->scan_plans),
11568 					 n_plans));
11569 	size = size_add(size, ie_len);
11570 	request = kzalloc(size, GFP_KERNEL);
11571 	if (!request)
11572 		return ERR_PTR(-ENOMEM);
11573 	request->n_channels = n_channels;
11574 
11575 	if (n_ssids)
11576 		request->ssids = (void *)request +
11577 			struct_size(request, channels, n_channels);
11578 	request->n_ssids = n_ssids;
11579 	if (ie_len) {
11580 		if (n_ssids)
11581 			request->ie = (void *)(request->ssids + n_ssids);
11582 		else
11583 			request->ie = (void *)(request->channels + n_channels);
11584 	}
11585 
11586 	if (n_match_sets) {
11587 		if (request->ie)
11588 			request->match_sets = (void *)(request->ie + ie_len);
11589 		else if (n_ssids)
11590 			request->match_sets =
11591 				(void *)(request->ssids + n_ssids);
11592 		else
11593 			request->match_sets =
11594 				(void *)(request->channels + n_channels);
11595 	}
11596 	request->n_match_sets = n_match_sets;
11597 
11598 	if (n_match_sets)
11599 		request->scan_plans = (void *)(request->match_sets +
11600 					       n_match_sets);
11601 	else if (request->ie)
11602 		request->scan_plans = (void *)(request->ie + ie_len);
11603 	else if (n_ssids)
11604 		request->scan_plans = (void *)(request->ssids + n_ssids);
11605 	else
11606 		request->scan_plans = (void *)(request->channels + n_channels);
11607 
11608 	request->n_scan_plans = n_plans;
11609 
11610 	i = 0;
11611 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
11612 		/* user specified, bail out if channel not found */
11613 		nla_for_each_nested(attr,
11614 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
11615 				    tmp) {
11616 			struct ieee80211_channel *chan;
11617 
11618 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
11619 
11620 			if (!chan) {
11621 				err = -EINVAL;
11622 				goto out_free;
11623 			}
11624 
11625 			/* ignore disabled channels */
11626 			if (chan->flags & IEEE80211_CHAN_DISABLED)
11627 				continue;
11628 
11629 			request->channels[i] = chan;
11630 			i++;
11631 		}
11632 	} else {
11633 		/* all channels */
11634 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
11635 			int j;
11636 
11637 			if (!wiphy->bands[band])
11638 				continue;
11639 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
11640 				struct ieee80211_channel *chan;
11641 
11642 				chan = &wiphy->bands[band]->channels[j];
11643 
11644 				if (chan->flags & IEEE80211_CHAN_DISABLED)
11645 					continue;
11646 
11647 				request->channels[i] = chan;
11648 				i++;
11649 			}
11650 		}
11651 	}
11652 
11653 	if (!i) {
11654 		err = -EINVAL;
11655 		goto out_free;
11656 	}
11657 
11658 	request->n_channels = i;
11659 
11660 	i = 0;
11661 	if (n_ssids) {
11662 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
11663 				    tmp) {
11664 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
11665 				err = -EINVAL;
11666 				goto out_free;
11667 			}
11668 			request->ssids[i].ssid_len = nla_len(attr);
11669 			memcpy(request->ssids[i].ssid, nla_data(attr),
11670 			       nla_len(attr));
11671 			i++;
11672 		}
11673 	}
11674 
11675 	i = 0;
11676 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
11677 		nla_for_each_nested(attr,
11678 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
11679 				    tmp) {
11680 			struct nlattr *ssid, *bssid, *rssi;
11681 
11682 			err = nla_parse_nested_deprecated(tb,
11683 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
11684 							  attr,
11685 							  nl80211_match_policy,
11686 							  NULL);
11687 			if (err)
11688 				goto out_free;
11689 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
11690 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
11691 
11692 			if (!ssid && !bssid) {
11693 				i++;
11694 				continue;
11695 			}
11696 
11697 			if (WARN_ON(i >= n_match_sets)) {
11698 				/* this indicates a programming error,
11699 				 * the loop above should have verified
11700 				 * things properly
11701 				 */
11702 				err = -EINVAL;
11703 				goto out_free;
11704 			}
11705 
11706 			if (ssid) {
11707 				memcpy(request->match_sets[i].ssid.ssid,
11708 				       nla_data(ssid), nla_len(ssid));
11709 				request->match_sets[i].ssid.ssid_len =
11710 					nla_len(ssid);
11711 			}
11712 			if (bssid)
11713 				memcpy(request->match_sets[i].bssid,
11714 				       nla_data(bssid), ETH_ALEN);
11715 
11716 			/* special attribute - old implementation w/a */
11717 			request->match_sets[i].rssi_thold = default_match_rssi;
11718 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
11719 			if (rssi)
11720 				request->match_sets[i].rssi_thold =
11721 					nla_get_s32(rssi);
11722 			i++;
11723 		}
11724 
11725 		/* there was no other matchset, so the RSSI one is alone */
11726 		if (i == 0 && n_match_sets)
11727 			request->match_sets[0].rssi_thold = default_match_rssi;
11728 
11729 		request->min_rssi_thold = INT_MAX;
11730 		for (i = 0; i < n_match_sets; i++)
11731 			request->min_rssi_thold =
11732 				min(request->match_sets[i].rssi_thold,
11733 				    request->min_rssi_thold);
11734 	} else {
11735 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
11736 	}
11737 
11738 	if (ie_len) {
11739 		request->ie_len = ie_len;
11740 		memcpy((void *)request->ie,
11741 		       nla_data(attrs[NL80211_ATTR_IE]),
11742 		       request->ie_len);
11743 	}
11744 
11745 	err = nl80211_check_scan_flags_sched(wiphy, wdev, attrs, request);
11746 	if (err)
11747 		goto out_free;
11748 
11749 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
11750 		request->delay =
11751 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
11752 
11753 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
11754 		request->relative_rssi = nla_get_s8(
11755 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
11756 		request->relative_rssi_set = true;
11757 	}
11758 
11759 	if (request->relative_rssi_set &&
11760 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
11761 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
11762 
11763 		rssi_adjust = nla_data(
11764 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
11765 		request->rssi_adjust.band = rssi_adjust->band;
11766 		request->rssi_adjust.delta = rssi_adjust->delta;
11767 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
11768 			err = -EINVAL;
11769 			goto out_free;
11770 		}
11771 	}
11772 
11773 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
11774 	if (err)
11775 		goto out_free;
11776 
11777 	request->scan_start = jiffies;
11778 
11779 	return request;
11780 
11781 out_free:
11782 	kfree(request);
11783 	return ERR_PTR(err);
11784 }
11785 
11786 static int nl80211_start_sched_scan(struct sk_buff *skb,
11787 				    struct genl_info *info)
11788 {
11789 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11790 	struct net_device *dev = info->user_ptr[1];
11791 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11792 	struct cfg80211_sched_scan_request *sched_scan_req;
11793 	bool want_multi;
11794 	int err;
11795 
11796 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
11797 		return -EOPNOTSUPP;
11798 
11799 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
11800 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
11801 	if (err)
11802 		return err;
11803 
11804 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
11805 						  info->attrs,
11806 						  rdev->wiphy.max_match_sets);
11807 
11808 	err = PTR_ERR_OR_ZERO(sched_scan_req);
11809 	if (err)
11810 		goto out_err;
11811 
11812 	/* leave request id zero for legacy request
11813 	 * or if driver does not support multi-scheduled scan
11814 	 */
11815 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
11816 		sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
11817 
11818 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
11819 	if (err)
11820 		goto out_free;
11821 
11822 	sched_scan_req->dev = dev;
11823 	sched_scan_req->wiphy = &rdev->wiphy;
11824 
11825 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
11826 		sched_scan_req->owner_nlportid = info->snd_portid;
11827 
11828 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
11829 
11830 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
11831 	return 0;
11832 
11833 out_free:
11834 	kfree(sched_scan_req);
11835 out_err:
11836 	return err;
11837 }
11838 
11839 static int nl80211_stop_sched_scan(struct sk_buff *skb,
11840 				   struct genl_info *info)
11841 {
11842 	struct cfg80211_sched_scan_request *req;
11843 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11844 	u64 cookie;
11845 
11846 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
11847 		return -EOPNOTSUPP;
11848 
11849 	if (info->attrs[NL80211_ATTR_COOKIE]) {
11850 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11851 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
11852 	}
11853 
11854 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
11855 				     struct cfg80211_sched_scan_request,
11856 				     list);
11857 	if (!req || req->reqid ||
11858 	    (req->owner_nlportid &&
11859 	     req->owner_nlportid != info->snd_portid))
11860 		return -ENOENT;
11861 
11862 	return cfg80211_stop_sched_scan_req(rdev, req, false);
11863 }
11864 
11865 static int nl80211_start_radar_detection(struct sk_buff *skb,
11866 					 struct genl_info *info)
11867 {
11868 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11869 	struct net_device *dev = info->user_ptr[1];
11870 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11871 	int link_id = nl80211_link_id(info->attrs);
11872 	struct wiphy *wiphy = wdev->wiphy;
11873 	struct cfg80211_chan_def chandef;
11874 	enum nl80211_dfs_regions dfs_region;
11875 	unsigned int cac_time_ms;
11876 	int err;
11877 
11878 	flush_delayed_work(&rdev->dfs_update_channels_wk);
11879 
11880 	switch (wdev->iftype) {
11881 	case NL80211_IFTYPE_AP:
11882 	case NL80211_IFTYPE_P2P_GO:
11883 	case NL80211_IFTYPE_MESH_POINT:
11884 	case NL80211_IFTYPE_ADHOC:
11885 		break;
11886 	default:
11887 		/* caution - see cfg80211_beaconing_iface_active() below */
11888 		return -EINVAL;
11889 	}
11890 
11891 	guard(wiphy)(wiphy);
11892 
11893 	dfs_region = reg_get_dfs_region(wiphy);
11894 	if (dfs_region == NL80211_DFS_UNSET)
11895 		return -EINVAL;
11896 
11897 	err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef,
11898 				    false);
11899 	if (err)
11900 		return err;
11901 
11902 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
11903 	if (err < 0)
11904 		return err;
11905 
11906 	if (err == 0)
11907 		return -EINVAL;
11908 
11909 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
11910 		return -EINVAL;
11911 
11912 	if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND]))
11913 		return cfg80211_start_background_radar_detection(rdev, wdev,
11914 								 &chandef);
11915 
11916 	if (cfg80211_beaconing_iface_active(wdev)) {
11917 		/* During MLO other link(s) can beacon, only the current link
11918 		 * can not already beacon
11919 		 */
11920 		if (wdev->valid_links &&
11921 		    !wdev->links[link_id].ap.beacon_interval) {
11922 			/* nothing */
11923 		} else {
11924 			return -EBUSY;
11925 		}
11926 	}
11927 
11928 	if (wdev->links[link_id].cac_started)
11929 		return -EBUSY;
11930 
11931 	/* CAC start is offloaded to HW and can't be started manually */
11932 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
11933 		return -EOPNOTSUPP;
11934 
11935 	if (!rdev->ops->start_radar_detection)
11936 		return -EOPNOTSUPP;
11937 
11938 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
11939 	if (WARN_ON(!cac_time_ms))
11940 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
11941 
11942 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms,
11943 					 link_id);
11944 	if (err)
11945 		return err;
11946 
11947 	switch (wdev->iftype) {
11948 	case NL80211_IFTYPE_AP:
11949 	case NL80211_IFTYPE_P2P_GO:
11950 		wdev->links[link_id].ap.chandef = chandef;
11951 		break;
11952 	case NL80211_IFTYPE_ADHOC:
11953 		wdev->u.ibss.chandef = chandef;
11954 		break;
11955 	case NL80211_IFTYPE_MESH_POINT:
11956 		wdev->u.mesh.chandef = chandef;
11957 		break;
11958 	default:
11959 		break;
11960 	}
11961 	wdev->links[link_id].cac_started = true;
11962 	wdev->links[link_id].cac_start_time = jiffies;
11963 	wdev->links[link_id].cac_time_ms = cac_time_ms;
11964 	cfg80211_set_cac_state(wiphy, &chandef, true);
11965 
11966 	return 0;
11967 }
11968 
11969 static int nl80211_notify_radar_detection(struct sk_buff *skb,
11970 					  struct genl_info *info)
11971 {
11972 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11973 	struct net_device *dev = info->user_ptr[1];
11974 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11975 	struct wiphy *wiphy = wdev->wiphy;
11976 	struct cfg80211_chan_def chandef;
11977 	enum nl80211_dfs_regions dfs_region;
11978 	int err;
11979 
11980 	dfs_region = reg_get_dfs_region(wiphy);
11981 	if (dfs_region == NL80211_DFS_UNSET) {
11982 		GENL_SET_ERR_MSG(info,
11983 				 "DFS Region is not set. Unexpected Radar indication");
11984 		return -EINVAL;
11985 	}
11986 
11987 	err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef,
11988 				    false);
11989 	if (err) {
11990 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
11991 		return err;
11992 	}
11993 
11994 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
11995 	if (err < 0) {
11996 		GENL_SET_ERR_MSG(info, "chandef is invalid");
11997 		return err;
11998 	}
11999 
12000 	if (err == 0) {
12001 		GENL_SET_ERR_MSG(info,
12002 				 "Unexpected Radar indication for chandef/iftype");
12003 		return -EINVAL;
12004 	}
12005 
12006 	/* Do not process this notification if radar is already detected
12007 	 * by kernel on this channel, and return success.
12008 	 */
12009 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
12010 		return 0;
12011 
12012 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
12013 
12014 	cfg80211_sched_dfs_chan_update(rdev);
12015 
12016 	rdev->radar_chandef = chandef;
12017 
12018 	/* Propagate this notification to other radios as well */
12019 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
12020 
12021 	return 0;
12022 }
12023 
12024 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
12025 					 const u8 *data, size_t datalen,
12026 					 int first_count, struct nlattr *attr,
12027 					 const u16 **offsets, unsigned int *n_offsets)
12028 {
12029 	int i;
12030 
12031 	*n_offsets = 0;
12032 
12033 	if (!attr)
12034 		return 0;
12035 
12036 	if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
12037 		return -EINVAL;
12038 
12039 	*n_offsets = nla_len(attr) / sizeof(u16);
12040 	if (rdev->wiphy.max_num_csa_counters &&
12041 	    (*n_offsets > rdev->wiphy.max_num_csa_counters))
12042 		return -EINVAL;
12043 
12044 	*offsets = nla_data(attr);
12045 
12046 	/* sanity checks - counters should fit and be the same */
12047 	for (i = 0; i < *n_offsets; i++) {
12048 		u16 offset = (*offsets)[i];
12049 
12050 		if (offset >= datalen)
12051 			return -EINVAL;
12052 
12053 		if (first_count != -1 && data[offset] != first_count)
12054 			return -EINVAL;
12055 	}
12056 
12057 	return 0;
12058 }
12059 
12060 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
12061 {
12062 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12063 	unsigned int link_id = nl80211_link_id(info->attrs);
12064 	struct net_device *dev = info->user_ptr[1];
12065 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12066 	struct cfg80211_csa_settings params;
12067 	struct nlattr **csa_attrs = NULL;
12068 	int err;
12069 	bool need_new_beacon = false;
12070 	bool need_handle_dfs_flag = true;
12071 	bool permit_npca = false;
12072 	u32 cs_count;
12073 
12074 	if (!rdev->ops->channel_switch ||
12075 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
12076 		return -EOPNOTSUPP;
12077 
12078 	switch (dev->ieee80211_ptr->iftype) {
12079 	case NL80211_IFTYPE_AP:
12080 	case NL80211_IFTYPE_P2P_GO:
12081 		need_new_beacon = true;
12082 		/* For all modes except AP the handle_dfs flag needs to be
12083 		 * supplied to tell the kernel that userspace will handle radar
12084 		 * events when they happen. Otherwise a switch to a channel
12085 		 * requiring DFS will be rejected.
12086 		 */
12087 		need_handle_dfs_flag = false;
12088 
12089 		permit_npca = true;
12090 
12091 		/* useless if AP is not running */
12092 		if (!wdev->links[link_id].ap.beacon_interval)
12093 			return -ENOTCONN;
12094 		break;
12095 	case NL80211_IFTYPE_ADHOC:
12096 		if (!wdev->u.ibss.ssid_len)
12097 			return -ENOTCONN;
12098 		break;
12099 	case NL80211_IFTYPE_MESH_POINT:
12100 		if (!wdev->u.mesh.id_len)
12101 			return -ENOTCONN;
12102 		break;
12103 	default:
12104 		return -EOPNOTSUPP;
12105 	}
12106 
12107 	memset(&params, 0, sizeof(params));
12108 	params.beacon_csa.ftm_responder = -1;
12109 
12110 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12111 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
12112 		return -EINVAL;
12113 
12114 	/* only important for AP, IBSS and mesh create IEs internally */
12115 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
12116 		return -EINVAL;
12117 
12118 	/* Even though the attribute is u32, the specification says
12119 	 * u8, so let's make sure we don't overflow.
12120 	 */
12121 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
12122 	if (cs_count > 255)
12123 		return -EINVAL;
12124 
12125 	params.count = cs_count;
12126 
12127 	err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
12128 				    &params.chandef, permit_npca);
12129 	if (err)
12130 		goto free;
12131 
12132 	err = nl80211_check_npca(rdev, &params.chandef, wdev->iftype,
12133 				 info->extack);
12134 	if (err)
12135 		goto free;
12136 
12137 	if (!need_new_beacon)
12138 		goto skip_beacons;
12139 
12140 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after,
12141 				   params.chandef.chan, info->extack);
12142 	if (err)
12143 		goto free;
12144 
12145 	csa_attrs = kzalloc_objs(*csa_attrs, NL80211_ATTR_MAX + 1);
12146 	if (!csa_attrs) {
12147 		err = -ENOMEM;
12148 		goto free;
12149 	}
12150 
12151 	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
12152 					  info->attrs[NL80211_ATTR_CSA_IES],
12153 					  nl80211_policy, info->extack);
12154 	if (err)
12155 		goto free;
12156 
12157 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa,
12158 				   wdev->links[link_id].ap.chandef.chan,
12159 				   info->extack);
12160 	if (err)
12161 		goto free;
12162 
12163 	if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
12164 		err = -EINVAL;
12165 		goto free;
12166 	}
12167 
12168 	err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
12169 					    params.beacon_csa.tail_len,
12170 					    params.count,
12171 					    csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
12172 					    &params.counter_offsets_beacon,
12173 					    &params.n_counter_offsets_beacon);
12174 	if (err)
12175 		goto free;
12176 
12177 	err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
12178 					    params.beacon_csa.probe_resp_len,
12179 					    params.count,
12180 					    csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
12181 					    &params.counter_offsets_presp,
12182 					    &params.n_counter_offsets_presp);
12183 	if (err)
12184 		goto free;
12185 
12186 skip_beacons:
12187 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
12188 					   wdev->iftype)) {
12189 		err = -EINVAL;
12190 		goto free;
12191 	}
12192 
12193 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
12194 					    &params.chandef,
12195 					    wdev->iftype);
12196 	if (err < 0)
12197 		goto free;
12198 
12199 	if (err > 0) {
12200 		params.radar_required = true;
12201 		if (need_handle_dfs_flag &&
12202 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
12203 			err = -EINVAL;
12204 			goto free;
12205 		}
12206 	}
12207 
12208 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
12209 		params.block_tx = true;
12210 
12211 	if ((wdev->iftype == NL80211_IFTYPE_AP ||
12212 	     wdev->iftype == NL80211_IFTYPE_P2P_GO) &&
12213 	    info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
12214 		err = nl80211_parse_unsol_bcast_probe_resp(
12215 			rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
12216 			&params.unsol_bcast_probe_resp);
12217 		if (err)
12218 			goto free;
12219 	}
12220 
12221 	params.link_id = link_id;
12222 	err = rdev_channel_switch(rdev, dev, &params);
12223 
12224 free:
12225 	kfree(params.beacon_after.mbssid_ies);
12226 	kfree(params.beacon_csa.mbssid_ies);
12227 	kfree(params.beacon_after.rnr_ies);
12228 	kfree(params.beacon_csa.rnr_ies);
12229 	kfree(csa_attrs);
12230 	return err;
12231 }
12232 
12233 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
12234 			    u32 seq, int flags,
12235 			    struct cfg80211_registered_device *rdev,
12236 			    struct wireless_dev *wdev,
12237 			    struct cfg80211_internal_bss *intbss)
12238 {
12239 	struct cfg80211_bss *res = &intbss->pub;
12240 	const struct cfg80211_bss_ies *ies;
12241 	unsigned int link_id;
12242 	void *hdr;
12243 	struct nlattr *bss;
12244 
12245 	lockdep_assert_wiphy(wdev->wiphy);
12246 
12247 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
12248 			     NL80211_CMD_NEW_SCAN_RESULTS);
12249 	if (!hdr)
12250 		return -1;
12251 
12252 	genl_dump_check_consistent(cb, hdr);
12253 
12254 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
12255 		goto nla_put_failure;
12256 	if (wdev->netdev &&
12257 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
12258 		goto nla_put_failure;
12259 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12260 			      NL80211_ATTR_PAD))
12261 		goto nla_put_failure;
12262 
12263 	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
12264 	if (!bss)
12265 		goto nla_put_failure;
12266 	if ((!is_zero_ether_addr(res->bssid) &&
12267 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
12268 		goto nla_put_failure;
12269 
12270 	rcu_read_lock();
12271 	/* indicate whether we have probe response data or not */
12272 	if (rcu_access_pointer(res->proberesp_ies) &&
12273 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
12274 		goto fail_unlock_rcu;
12275 
12276 	/* this pointer prefers to be pointed to probe response data
12277 	 * but is always valid
12278 	 */
12279 	ies = rcu_dereference(res->ies);
12280 	if (ies) {
12281 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
12282 				      NL80211_BSS_PAD))
12283 			goto fail_unlock_rcu;
12284 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
12285 					ies->len, ies->data))
12286 			goto fail_unlock_rcu;
12287 	}
12288 
12289 	/* and this pointer is always (unless driver didn't know) beacon data */
12290 	ies = rcu_dereference(res->beacon_ies);
12291 	if (ies && ies->from_beacon) {
12292 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
12293 				      NL80211_BSS_PAD))
12294 			goto fail_unlock_rcu;
12295 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
12296 					ies->len, ies->data))
12297 			goto fail_unlock_rcu;
12298 	}
12299 	rcu_read_unlock();
12300 
12301 	if (res->beacon_interval &&
12302 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
12303 		goto nla_put_failure;
12304 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
12305 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
12306 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
12307 			res->channel->freq_offset) ||
12308 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
12309 			jiffies_to_msecs(jiffies - intbss->ts)))
12310 		goto nla_put_failure;
12311 
12312 	if (intbss->parent_tsf &&
12313 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
12314 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
12315 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
12316 		     intbss->parent_bssid)))
12317 		goto nla_put_failure;
12318 
12319 	if (res->ts_boottime &&
12320 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
12321 			      res->ts_boottime, NL80211_BSS_PAD))
12322 		goto nla_put_failure;
12323 
12324 	if (!nl80211_put_signal(msg, intbss->pub.chains,
12325 				intbss->pub.chain_signal,
12326 				NL80211_BSS_CHAIN_SIGNAL))
12327 		goto nla_put_failure;
12328 
12329 	if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) {
12330 		switch (rdev->wiphy.signal_type) {
12331 		case CFG80211_SIGNAL_TYPE_MBM:
12332 			if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM,
12333 					res->signal))
12334 				goto nla_put_failure;
12335 			break;
12336 		case CFG80211_SIGNAL_TYPE_UNSPEC:
12337 			if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC,
12338 				       res->signal))
12339 				goto nla_put_failure;
12340 			break;
12341 		default:
12342 			break;
12343 		}
12344 	}
12345 
12346 	switch (wdev->iftype) {
12347 	case NL80211_IFTYPE_P2P_CLIENT:
12348 	case NL80211_IFTYPE_STATION:
12349 		for_each_valid_link(wdev, link_id) {
12350 			if (intbss == wdev->links[link_id].client.current_bss &&
12351 			    (nla_put_u32(msg, NL80211_BSS_STATUS,
12352 					 NL80211_BSS_STATUS_ASSOCIATED) ||
12353 			     (wdev->valid_links &&
12354 			      (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
12355 					  link_id) ||
12356 			       nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
12357 				       wdev->u.client.connected_addr)))))
12358 				goto nla_put_failure;
12359 		}
12360 		break;
12361 	case NL80211_IFTYPE_ADHOC:
12362 		if (intbss == wdev->u.ibss.current_bss &&
12363 		    nla_put_u32(msg, NL80211_BSS_STATUS,
12364 				NL80211_BSS_STATUS_IBSS_JOINED))
12365 			goto nla_put_failure;
12366 		break;
12367 	default:
12368 		break;
12369 	}
12370 
12371 	if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
12372 		goto nla_put_failure;
12373 
12374 	if (res->cannot_use_reasons &&
12375 	    nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
12376 			      res->cannot_use_reasons,
12377 			      NL80211_BSS_PAD))
12378 		goto nla_put_failure;
12379 
12380 	nla_nest_end(msg, bss);
12381 
12382 	genlmsg_end(msg, hdr);
12383 	return 0;
12384 
12385  fail_unlock_rcu:
12386 	rcu_read_unlock();
12387  nla_put_failure:
12388 	genlmsg_cancel(msg, hdr);
12389 	return -EMSGSIZE;
12390 }
12391 
12392 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
12393 {
12394 	struct cfg80211_registered_device *rdev;
12395 	struct cfg80211_internal_bss *scan;
12396 	struct wireless_dev *wdev;
12397 	struct nlattr **attrbuf;
12398 	int start = cb->args[2], idx = 0;
12399 	bool dump_include_use_data;
12400 	int err;
12401 
12402 	attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
12403 	if (!attrbuf)
12404 		return -ENOMEM;
12405 
12406 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
12407 	if (err) {
12408 		kfree(attrbuf);
12409 		return err;
12410 	}
12411 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
12412 	__acquire(&rdev->wiphy.mtx);
12413 
12414 	dump_include_use_data =
12415 		attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
12416 	kfree(attrbuf);
12417 
12418 	spin_lock_bh(&rdev->bss_lock);
12419 
12420 	/*
12421 	 * dump_scan will be called multiple times to break up the scan results
12422 	 * into multiple messages.  It is unlikely that any more bss-es will be
12423 	 * expired after the first call, so only call only call this on the
12424 	 * first dump_scan invocation.
12425 	 */
12426 	if (start == 0)
12427 		cfg80211_bss_expire(rdev);
12428 
12429 	cb->seq = rdev->bss_generation;
12430 
12431 	list_for_each_entry(scan, &rdev->bss_list, list) {
12432 		if (++idx <= start)
12433 			continue;
12434 		if (!dump_include_use_data &&
12435 		    !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
12436 			continue;
12437 		if (nl80211_send_bss(skb, cb,
12438 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
12439 				rdev, wdev, scan) < 0) {
12440 			idx--;
12441 			break;
12442 		}
12443 	}
12444 
12445 	spin_unlock_bh(&rdev->bss_lock);
12446 
12447 	cb->args[2] = idx;
12448 	wiphy_unlock(&rdev->wiphy);
12449 
12450 	return skb->len;
12451 }
12452 
12453 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
12454 			       int flags, struct net_device *dev,
12455 			       bool allow_radio_stats,
12456 			       struct survey_info *survey)
12457 {
12458 	void *hdr;
12459 	struct nlattr *infoattr;
12460 
12461 	/* skip radio stats if userspace didn't request them */
12462 	if (!survey->channel && !allow_radio_stats)
12463 		return 0;
12464 
12465 	hdr = nl80211hdr_put(msg, portid, seq, flags,
12466 			     NL80211_CMD_NEW_SURVEY_RESULTS);
12467 	if (!hdr)
12468 		return -ENOMEM;
12469 
12470 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12471 		goto nla_put_failure;
12472 
12473 	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
12474 	if (!infoattr)
12475 		goto nla_put_failure;
12476 
12477 	if (survey->channel &&
12478 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
12479 			survey->channel->center_freq))
12480 		goto nla_put_failure;
12481 
12482 	if (survey->channel && survey->channel->freq_offset &&
12483 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
12484 			survey->channel->freq_offset))
12485 		goto nla_put_failure;
12486 
12487 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
12488 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
12489 		goto nla_put_failure;
12490 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
12491 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
12492 		goto nla_put_failure;
12493 	if ((survey->filled & SURVEY_INFO_TIME) &&
12494 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
12495 			survey->time, NL80211_SURVEY_INFO_PAD))
12496 		goto nla_put_failure;
12497 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
12498 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
12499 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
12500 		goto nla_put_failure;
12501 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
12502 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
12503 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
12504 		goto nla_put_failure;
12505 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
12506 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
12507 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
12508 		goto nla_put_failure;
12509 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
12510 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
12511 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
12512 		goto nla_put_failure;
12513 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
12514 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
12515 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
12516 		goto nla_put_failure;
12517 	if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
12518 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
12519 			      survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
12520 		goto nla_put_failure;
12521 
12522 	nla_nest_end(msg, infoattr);
12523 
12524 	genlmsg_end(msg, hdr);
12525 	return 0;
12526 
12527  nla_put_failure:
12528 	genlmsg_cancel(msg, hdr);
12529 	return -EMSGSIZE;
12530 }
12531 
12532 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
12533 {
12534 	struct nlattr **attrbuf;
12535 	struct survey_info survey;
12536 	struct cfg80211_registered_device *rdev;
12537 	struct wireless_dev *wdev;
12538 	int survey_idx = cb->args[2];
12539 	int res;
12540 	bool radio_stats;
12541 
12542 	attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
12543 	if (!attrbuf)
12544 		return -ENOMEM;
12545 
12546 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
12547 	if (res) {
12548 		kfree(attrbuf);
12549 		return res;
12550 	}
12551 	/* nl80211_prepare_wdev_dump acquired it in the successful case */
12552 	__acquire(&rdev->wiphy.mtx);
12553 
12554 	/* prepare_wdev_dump parsed the attributes */
12555 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
12556 
12557 	if (!wdev->netdev) {
12558 		res = -EINVAL;
12559 		goto out_err;
12560 	}
12561 
12562 	if (!rdev->ops->dump_survey) {
12563 		res = -EOPNOTSUPP;
12564 		goto out_err;
12565 	}
12566 
12567 	while (1) {
12568 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
12569 		if (res == -ENOENT)
12570 			break;
12571 		if (res)
12572 			goto out_err;
12573 
12574 		/* don't send disabled channels, but do send non-channel data */
12575 		if (survey.channel &&
12576 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
12577 			survey_idx++;
12578 			continue;
12579 		}
12580 
12581 		if (nl80211_send_survey(skb,
12582 				NETLINK_CB(cb->skb).portid,
12583 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
12584 				wdev->netdev, radio_stats, &survey) < 0)
12585 			goto out;
12586 		survey_idx++;
12587 	}
12588 
12589  out:
12590 	cb->args[2] = survey_idx;
12591 	res = skb->len;
12592  out_err:
12593 	kfree(attrbuf);
12594 	wiphy_unlock(&rdev->wiphy);
12595 	return res;
12596 }
12597 
12598 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
12599 {
12600 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12601 	struct net_device *dev = info->user_ptr[1];
12602 	struct ieee80211_channel *chan;
12603 	const u8 *bssid, *ssid;
12604 	int err, ssid_len;
12605 	enum nl80211_auth_type auth_type;
12606 	struct key_parse key;
12607 	bool local_state_change;
12608 	struct cfg80211_auth_request req = {};
12609 	u32 freq;
12610 
12611 	if (!info->attrs[NL80211_ATTR_MAC])
12612 		return -EINVAL;
12613 
12614 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
12615 		return -EINVAL;
12616 
12617 	if (!info->attrs[NL80211_ATTR_SSID])
12618 		return -EINVAL;
12619 
12620 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
12621 		return -EINVAL;
12622 
12623 	err = nl80211_parse_key(info, &key);
12624 	if (err)
12625 		return err;
12626 
12627 	if (key.idx >= 0) {
12628 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
12629 			return -EINVAL;
12630 		if (!key.p.key || !key.p.key_len)
12631 			return -EINVAL;
12632 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
12633 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
12634 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
12635 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
12636 			return -EINVAL;
12637 		if (key.idx > 3)
12638 			return -EINVAL;
12639 	} else {
12640 		key.p.key_len = 0;
12641 		key.p.key = NULL;
12642 	}
12643 
12644 	if (key.idx >= 0) {
12645 		int i;
12646 		bool ok = false;
12647 
12648 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
12649 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
12650 				ok = true;
12651 				break;
12652 			}
12653 		}
12654 		if (!ok)
12655 			return -EINVAL;
12656 	}
12657 
12658 	if (!rdev->ops->auth)
12659 		return -EOPNOTSUPP;
12660 
12661 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12662 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12663 		return -EOPNOTSUPP;
12664 
12665 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12666 	freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
12667 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12668 		freq +=
12669 		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12670 
12671 	chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
12672 	if (!chan)
12673 		return -EINVAL;
12674 
12675 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12676 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12677 
12678 	if (info->attrs[NL80211_ATTR_IE]) {
12679 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12680 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12681 	}
12682 
12683 	if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
12684 		req.supported_selectors =
12685 			nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12686 		req.supported_selectors_len =
12687 			nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12688 	}
12689 
12690 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12691 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
12692 		return -EINVAL;
12693 
12694 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
12695 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
12696 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
12697 	     auth_type == NL80211_AUTHTYPE_FILS_PK ||
12698 	     auth_type == NL80211_AUTHTYPE_EPPKE ||
12699 	     auth_type == NL80211_AUTHTYPE_IEEE8021X) &&
12700 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
12701 		return -EINVAL;
12702 
12703 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
12704 		if (auth_type != NL80211_AUTHTYPE_SAE &&
12705 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
12706 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
12707 		    auth_type != NL80211_AUTHTYPE_FILS_PK &&
12708 		    auth_type != NL80211_AUTHTYPE_EPPKE &&
12709 		    auth_type != NL80211_AUTHTYPE_IEEE8021X)
12710 			return -EINVAL;
12711 		req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
12712 		req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
12713 	}
12714 
12715 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12716 
12717 	/*
12718 	 * Since we no longer track auth state, ignore
12719 	 * requests to only change local state.
12720 	 */
12721 	if (local_state_change)
12722 		return 0;
12723 
12724 	req.auth_type = auth_type;
12725 	req.key = key.p.key;
12726 	req.key_len = key.p.key_len;
12727 	req.key_idx = key.idx;
12728 	req.link_id = nl80211_link_id_or_invalid(info->attrs);
12729 	if (req.link_id >= 0) {
12730 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
12731 			return -EINVAL;
12732 		if (!info->attrs[NL80211_ATTR_MLD_ADDR])
12733 			return -EINVAL;
12734 		req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
12735 		if (!is_valid_ether_addr(req.ap_mld_addr))
12736 			return -EINVAL;
12737 	}
12738 
12739 	req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
12740 				   IEEE80211_BSS_TYPE_ESS,
12741 				   IEEE80211_PRIVACY_ANY);
12742 	if (!req.bss)
12743 		return -ENOENT;
12744 
12745 	err = cfg80211_mlme_auth(rdev, dev, &req);
12746 
12747 	cfg80211_put_bss(&rdev->wiphy, req.bss);
12748 
12749 	return err;
12750 }
12751 
12752 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
12753 				     struct genl_info *info)
12754 {
12755 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12756 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
12757 		return -EINVAL;
12758 	}
12759 
12760 	if (!rdev->ops->tx_control_port ||
12761 	    !wiphy_ext_feature_isset(&rdev->wiphy,
12762 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
12763 		return -EOPNOTSUPP;
12764 
12765 	return 0;
12766 }
12767 
12768 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
12769 				   struct genl_info *info,
12770 				   struct cfg80211_crypto_settings *settings,
12771 				   int cipher_limit)
12772 {
12773 	memset(settings, 0, sizeof(*settings));
12774 
12775 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
12776 
12777 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
12778 		u16 proto;
12779 
12780 		proto = nla_get_u16(
12781 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
12782 		settings->control_port_ethertype = cpu_to_be16(proto);
12783 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
12784 		    proto != ETH_P_PAE)
12785 			return -EINVAL;
12786 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
12787 			settings->control_port_no_encrypt = true;
12788 	} else
12789 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
12790 
12791 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
12792 		int r = validate_pae_over_nl80211(rdev, info);
12793 
12794 		if (r < 0)
12795 			return r;
12796 
12797 		settings->control_port_over_nl80211 = true;
12798 
12799 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
12800 			settings->control_port_no_preauth = true;
12801 	}
12802 
12803 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
12804 		void *data;
12805 		int len, i;
12806 
12807 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
12808 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
12809 		settings->n_ciphers_pairwise = len / sizeof(u32);
12810 
12811 		if (len % sizeof(u32))
12812 			return -EINVAL;
12813 
12814 		if (settings->n_ciphers_pairwise > cipher_limit)
12815 			return -EINVAL;
12816 
12817 		memcpy(settings->ciphers_pairwise, data, len);
12818 
12819 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
12820 			if (!cfg80211_supported_cipher_suite(
12821 					&rdev->wiphy,
12822 					settings->ciphers_pairwise[i]))
12823 				return -EINVAL;
12824 	}
12825 
12826 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
12827 		settings->cipher_group =
12828 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
12829 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
12830 						     settings->cipher_group))
12831 			return -EINVAL;
12832 	}
12833 
12834 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
12835 		settings->wpa_versions =
12836 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
12837 
12838 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
12839 		void *data;
12840 		int len;
12841 
12842 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
12843 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
12844 		settings->n_akm_suites = len / sizeof(u32);
12845 
12846 		if (len % sizeof(u32))
12847 			return -EINVAL;
12848 
12849 		if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
12850 			return -EINVAL;
12851 
12852 		memcpy(settings->akm_suites, data, len);
12853 	}
12854 
12855 	if (info->attrs[NL80211_ATTR_PMK]) {
12856 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
12857 			return -EINVAL;
12858 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
12859 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
12860 		    !wiphy_ext_feature_isset(&rdev->wiphy,
12861 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
12862 			return -EINVAL;
12863 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12864 	}
12865 
12866 	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
12867 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
12868 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
12869 		    !wiphy_ext_feature_isset(&rdev->wiphy,
12870 					     NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
12871 			return -EINVAL;
12872 		settings->sae_pwd =
12873 			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
12874 		settings->sae_pwd_len =
12875 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
12876 	}
12877 
12878 	settings->sae_pwe =
12879 		nla_get_u8_default(info->attrs[NL80211_ATTR_SAE_PWE],
12880 				   NL80211_SAE_PWE_UNSPECIFIED);
12881 
12882 	return 0;
12883 }
12884 
12885 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
12886 					      const u8 *ssid, int ssid_len,
12887 					      struct nlattr **attrs,
12888 					      int assoc_link_id, int link_id)
12889 {
12890 	struct ieee80211_channel *chan;
12891 	struct cfg80211_bss *bss;
12892 	const u8 *bssid;
12893 	u32 freq, use_for = 0;
12894 
12895 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
12896 		return ERR_PTR(-EINVAL);
12897 
12898 	bssid = nla_data(attrs[NL80211_ATTR_MAC]);
12899 
12900 	freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
12901 	if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12902 		freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12903 
12904 	chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
12905 	if (!chan)
12906 		return ERR_PTR(-EINVAL);
12907 
12908 	if (assoc_link_id >= 0)
12909 		use_for = NL80211_BSS_USE_FOR_MLD_LINK;
12910 	if (assoc_link_id == link_id)
12911 		use_for |= NL80211_BSS_USE_FOR_NORMAL;
12912 
12913 	bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
12914 				 ssid, ssid_len,
12915 				 IEEE80211_BSS_TYPE_ESS,
12916 				 IEEE80211_PRIVACY_ANY,
12917 				 use_for);
12918 	if (!bss)
12919 		return ERR_PTR(-ENOENT);
12920 
12921 	return bss;
12922 }
12923 
12924 static int nl80211_process_links(struct cfg80211_registered_device *rdev,
12925 				 struct cfg80211_assoc_link *links,
12926 				 int assoc_link_id,
12927 				 const u8 *ssid, int ssid_len,
12928 				 struct genl_info *info)
12929 {
12930 	unsigned int attrsize = NUM_NL80211_ATTR * sizeof(struct nlattr *);
12931 	struct nlattr **attrs __free(kfree) = kzalloc(attrsize, GFP_KERNEL);
12932 	struct nlattr *link;
12933 	unsigned int link_id;
12934 	int rem, err;
12935 
12936 	if (!attrs)
12937 		return -ENOMEM;
12938 
12939 	nla_for_each_nested(link, info->attrs[NL80211_ATTR_MLO_LINKS], rem) {
12940 		memset(attrs, 0, attrsize);
12941 
12942 		nla_parse_nested(attrs, NL80211_ATTR_MAX, link, NULL, NULL);
12943 
12944 		if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
12945 			NL_SET_BAD_ATTR(info->extack, link);
12946 			return -EINVAL;
12947 		}
12948 
12949 		link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
12950 		/* cannot use the same link ID again */
12951 		if (links[link_id].bss) {
12952 			NL_SET_BAD_ATTR(info->extack, link);
12953 			return -EINVAL;
12954 		}
12955 		links[link_id].bss =
12956 			nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
12957 					  assoc_link_id, link_id);
12958 		if (IS_ERR(links[link_id].bss)) {
12959 			err = PTR_ERR(links[link_id].bss);
12960 			links[link_id].bss = NULL;
12961 			NL_SET_ERR_MSG_ATTR(info->extack, link,
12962 					    "Error fetching BSS for link");
12963 			return err;
12964 		}
12965 
12966 		if (attrs[NL80211_ATTR_IE]) {
12967 			links[link_id].elems = nla_data(attrs[NL80211_ATTR_IE]);
12968 			links[link_id].elems_len =
12969 				nla_len(attrs[NL80211_ATTR_IE]);
12970 
12971 			if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
12972 					       links[link_id].elems,
12973 					       links[link_id].elems_len)) {
12974 				NL_SET_ERR_MSG_ATTR(info->extack,
12975 						    attrs[NL80211_ATTR_IE],
12976 						    "cannot deal with fragmentation");
12977 				return -EINVAL;
12978 			}
12979 
12980 			if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
12981 						   links[link_id].elems,
12982 						   links[link_id].elems_len)) {
12983 				NL_SET_ERR_MSG_ATTR(info->extack,
12984 						    attrs[NL80211_ATTR_IE],
12985 						    "cannot deal with non-inheritance");
12986 				return -EINVAL;
12987 			}
12988 		}
12989 	}
12990 
12991 	return 0;
12992 }
12993 
12994 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
12995 {
12996 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12997 	struct net_device *dev = info->user_ptr[1];
12998 	struct cfg80211_assoc_request req = {};
12999 	const u8 *ap_addr, *ssid;
13000 	unsigned int link_id;
13001 	int err, ssid_len;
13002 
13003 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
13004 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
13005 		return -EPERM;
13006 
13007 	if (!info->attrs[NL80211_ATTR_SSID])
13008 		return -EINVAL;
13009 
13010 	if (!rdev->ops->assoc)
13011 		return -EOPNOTSUPP;
13012 
13013 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13014 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13015 		return -EOPNOTSUPP;
13016 
13017 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13018 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13019 
13020 	if (info->attrs[NL80211_ATTR_IE]) {
13021 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13022 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13023 
13024 		if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
13025 					   req.ie, req.ie_len)) {
13026 			NL_SET_ERR_MSG_ATTR(info->extack,
13027 					    info->attrs[NL80211_ATTR_IE],
13028 					    "non-inheritance makes no sense");
13029 			return -EINVAL;
13030 		}
13031 	}
13032 
13033 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
13034 		enum nl80211_mfp mfp =
13035 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
13036 		if (mfp == NL80211_MFP_REQUIRED)
13037 			req.use_mfp = true;
13038 		else if (mfp != NL80211_MFP_NO)
13039 			return -EINVAL;
13040 	}
13041 
13042 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
13043 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
13044 
13045 	if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
13046 		req.supported_selectors =
13047 			nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
13048 		req.supported_selectors_len =
13049 			nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
13050 	}
13051 
13052 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
13053 		req.flags |= ASSOC_REQ_DISABLE_HT;
13054 
13055 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13056 		memcpy(&req.ht_capa_mask,
13057 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
13058 		       sizeof(req.ht_capa_mask));
13059 
13060 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
13061 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13062 			return -EINVAL;
13063 		memcpy(&req.ht_capa,
13064 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
13065 		       sizeof(req.ht_capa));
13066 	}
13067 
13068 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
13069 		req.flags |= ASSOC_REQ_DISABLE_VHT;
13070 
13071 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
13072 		req.flags |= ASSOC_REQ_DISABLE_HE;
13073 
13074 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
13075 		req.flags |= ASSOC_REQ_DISABLE_EHT;
13076 
13077 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_UHR]))
13078 		req.flags |= ASSOC_REQ_DISABLE_UHR;
13079 
13080 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
13081 		memcpy(&req.vht_capa_mask,
13082 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
13083 		       sizeof(req.vht_capa_mask));
13084 
13085 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
13086 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
13087 			return -EINVAL;
13088 		memcpy(&req.vht_capa,
13089 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
13090 		       sizeof(req.vht_capa));
13091 	}
13092 
13093 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
13094 		if (!((rdev->wiphy.features &
13095 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
13096 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
13097 		    !wiphy_ext_feature_isset(&rdev->wiphy,
13098 					     NL80211_EXT_FEATURE_RRM))
13099 			return -EINVAL;
13100 		req.flags |= ASSOC_REQ_USE_RRM;
13101 	}
13102 
13103 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
13104 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
13105 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
13106 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
13107 			return -EINVAL;
13108 		req.fils_nonces =
13109 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
13110 	}
13111 
13112 	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
13113 		if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
13114 			return -EINVAL;
13115 		memcpy(&req.s1g_capa_mask,
13116 		       nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
13117 		       sizeof(req.s1g_capa_mask));
13118 	}
13119 
13120 	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
13121 		if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
13122 			return -EINVAL;
13123 		memcpy(&req.s1g_capa,
13124 		       nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
13125 		       sizeof(req.s1g_capa));
13126 	}
13127 
13128 	if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
13129 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
13130 					     NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
13131 			GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
13132 			return -EINVAL;
13133 		}
13134 		req.flags |= ASSOC_REQ_SPP_AMSDU;
13135 	}
13136 
13137 	req.link_id = nl80211_link_id_or_invalid(info->attrs);
13138 
13139 	if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
13140 		if (req.link_id < 0)
13141 			return -EINVAL;
13142 
13143 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
13144 			return -EINVAL;
13145 
13146 		if (info->attrs[NL80211_ATTR_MAC] ||
13147 		    info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
13148 		    !info->attrs[NL80211_ATTR_MLD_ADDR])
13149 			return -EINVAL;
13150 
13151 		req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
13152 		ap_addr = req.ap_mld_addr;
13153 
13154 		err = nl80211_process_links(rdev, req.links, req.link_id,
13155 					    ssid, ssid_len, info);
13156 		if (err)
13157 			goto free;
13158 
13159 		if (!req.links[req.link_id].bss) {
13160 			err = -EINVAL;
13161 			goto free;
13162 		}
13163 
13164 		if (req.links[req.link_id].elems_len) {
13165 			GENL_SET_ERR_MSG(info,
13166 					 "cannot have per-link elems on assoc link");
13167 			err = -EINVAL;
13168 			goto free;
13169 		}
13170 
13171 		if (info->attrs[NL80211_ATTR_EXT_MLD_CAPA_AND_OPS])
13172 			req.ext_mld_capa_ops =
13173 				nla_get_u16(info->attrs[NL80211_ATTR_EXT_MLD_CAPA_AND_OPS]);
13174 	} else {
13175 		if (req.link_id >= 0)
13176 			return -EINVAL;
13177 
13178 		req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
13179 					    -1, -1);
13180 		if (IS_ERR(req.bss))
13181 			return PTR_ERR(req.bss);
13182 		ap_addr = req.bss->bssid;
13183 
13184 		if (info->attrs[NL80211_ATTR_EXT_MLD_CAPA_AND_OPS])
13185 			return -EINVAL;
13186 	}
13187 
13188 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
13189 	if (!err) {
13190 		struct nlattr *link;
13191 		int rem = 0;
13192 
13193 		err = cfg80211_mlme_assoc(rdev, dev, &req,
13194 					  info->extack);
13195 
13196 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
13197 			dev->ieee80211_ptr->conn_owner_nlportid =
13198 				info->snd_portid;
13199 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
13200 			       ap_addr, ETH_ALEN);
13201 		}
13202 
13203 		/* Report error from first problematic link */
13204 		if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
13205 			nla_for_each_nested(link,
13206 					    info->attrs[NL80211_ATTR_MLO_LINKS],
13207 					    rem) {
13208 				struct nlattr *link_id_attr =
13209 					nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
13210 
13211 				if (!link_id_attr)
13212 					continue;
13213 
13214 				link_id = nla_get_u8(link_id_attr);
13215 
13216 				if (link_id == req.link_id)
13217 					continue;
13218 
13219 				if (!req.links[link_id].error ||
13220 				    WARN_ON(req.links[link_id].error > 0))
13221 					continue;
13222 
13223 				WARN_ON(err >= 0);
13224 
13225 				NL_SET_BAD_ATTR(info->extack, link);
13226 				err = req.links[link_id].error;
13227 				break;
13228 			}
13229 		}
13230 	}
13231 
13232 free:
13233 	for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
13234 		cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
13235 	cfg80211_put_bss(&rdev->wiphy, req.bss);
13236 
13237 	return err;
13238 }
13239 
13240 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
13241 {
13242 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13243 	struct net_device *dev = info->user_ptr[1];
13244 	const u8 *ie = NULL, *bssid;
13245 	int ie_len = 0;
13246 	u16 reason_code;
13247 	bool local_state_change;
13248 
13249 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
13250 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
13251 		return -EPERM;
13252 
13253 	if (!info->attrs[NL80211_ATTR_MAC])
13254 		return -EINVAL;
13255 
13256 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
13257 		return -EINVAL;
13258 
13259 	if (!rdev->ops->deauth)
13260 		return -EOPNOTSUPP;
13261 
13262 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13263 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13264 		return -EOPNOTSUPP;
13265 
13266 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13267 
13268 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
13269 	if (reason_code == 0) {
13270 		/* Reason Code 0 is reserved */
13271 		return -EINVAL;
13272 	}
13273 
13274 	if (info->attrs[NL80211_ATTR_IE]) {
13275 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13276 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13277 	}
13278 
13279 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
13280 
13281 	return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
13282 				    local_state_change);
13283 }
13284 
13285 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
13286 {
13287 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13288 	struct net_device *dev = info->user_ptr[1];
13289 	const u8 *ie = NULL, *bssid;
13290 	int ie_len = 0;
13291 	u16 reason_code;
13292 	bool local_state_change;
13293 
13294 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
13295 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
13296 		return -EPERM;
13297 
13298 	if (!info->attrs[NL80211_ATTR_MAC])
13299 		return -EINVAL;
13300 
13301 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
13302 		return -EINVAL;
13303 
13304 	if (!rdev->ops->disassoc)
13305 		return -EOPNOTSUPP;
13306 
13307 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13308 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13309 		return -EOPNOTSUPP;
13310 
13311 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13312 
13313 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
13314 	if (reason_code == 0) {
13315 		/* Reason Code 0 is reserved */
13316 		return -EINVAL;
13317 	}
13318 
13319 	if (info->attrs[NL80211_ATTR_IE]) {
13320 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13321 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13322 	}
13323 
13324 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
13325 
13326 	return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
13327 				      local_state_change);
13328 }
13329 
13330 static bool
13331 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
13332 			 int mcast_rate[NUM_NL80211_BANDS],
13333 			 int rateval)
13334 {
13335 	struct wiphy *wiphy = &rdev->wiphy;
13336 	bool found = false;
13337 	int band, i;
13338 
13339 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
13340 		struct ieee80211_supported_band *sband;
13341 
13342 		sband = wiphy->bands[band];
13343 		if (!sband)
13344 			continue;
13345 
13346 		for (i = 0; i < sband->n_bitrates; i++) {
13347 			if (sband->bitrates[i].bitrate == rateval) {
13348 				mcast_rate[band] = i + 1;
13349 				found = true;
13350 				break;
13351 			}
13352 		}
13353 	}
13354 
13355 	return found;
13356 }
13357 
13358 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
13359 {
13360 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13361 	struct net_device *dev = info->user_ptr[1];
13362 	struct cfg80211_ibss_params ibss;
13363 	struct wiphy *wiphy;
13364 	struct cfg80211_cached_keys *connkeys = NULL;
13365 	int err;
13366 
13367 	memset(&ibss, 0, sizeof(ibss));
13368 
13369 	if (!info->attrs[NL80211_ATTR_SSID] ||
13370 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
13371 		return -EINVAL;
13372 
13373 	ibss.beacon_interval = 100;
13374 
13375 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
13376 		ibss.beacon_interval =
13377 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
13378 
13379 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
13380 					   ibss.beacon_interval);
13381 	if (err)
13382 		return err;
13383 
13384 	if (!rdev->ops->join_ibss)
13385 		return -EOPNOTSUPP;
13386 
13387 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
13388 		return -EOPNOTSUPP;
13389 
13390 	wiphy = &rdev->wiphy;
13391 
13392 	if (info->attrs[NL80211_ATTR_MAC]) {
13393 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13394 
13395 		if (!is_valid_ether_addr(ibss.bssid))
13396 			return -EINVAL;
13397 	}
13398 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13399 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13400 
13401 	if (info->attrs[NL80211_ATTR_IE]) {
13402 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13403 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13404 	}
13405 
13406 	err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
13407 				    &ibss.chandef, false);
13408 	if (err)
13409 		return err;
13410 
13411 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
13412 				     NL80211_IFTYPE_ADHOC))
13413 		return -EINVAL;
13414 
13415 	switch (ibss.chandef.width) {
13416 	case NL80211_CHAN_WIDTH_20_NOHT:
13417 		break;
13418 	case NL80211_CHAN_WIDTH_20:
13419 	case NL80211_CHAN_WIDTH_40:
13420 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
13421 			return -EINVAL;
13422 		break;
13423 	case NL80211_CHAN_WIDTH_80:
13424 	case NL80211_CHAN_WIDTH_80P80:
13425 	case NL80211_CHAN_WIDTH_160:
13426 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
13427 			return -EINVAL;
13428 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
13429 					     NL80211_EXT_FEATURE_VHT_IBSS))
13430 			return -EINVAL;
13431 		break;
13432 	case NL80211_CHAN_WIDTH_320:
13433 		return -EINVAL;
13434 	default:
13435 		return -EINVAL;
13436 	}
13437 
13438 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
13439 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
13440 
13441 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
13442 		u8 *rates =
13443 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13444 		int n_rates =
13445 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13446 		struct ieee80211_supported_band *sband =
13447 			wiphy->bands[ibss.chandef.chan->band];
13448 
13449 		err = ieee80211_get_ratemask(sband, rates, n_rates,
13450 					     &ibss.basic_rates);
13451 		if (err)
13452 			return err;
13453 	}
13454 
13455 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13456 		memcpy(&ibss.ht_capa_mask,
13457 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
13458 		       sizeof(ibss.ht_capa_mask));
13459 
13460 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
13461 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13462 			return -EINVAL;
13463 		memcpy(&ibss.ht_capa,
13464 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
13465 		       sizeof(ibss.ht_capa));
13466 	}
13467 
13468 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
13469 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
13470 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
13471 		return -EINVAL;
13472 
13473 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
13474 		bool no_ht = false;
13475 
13476 		connkeys = nl80211_parse_connkeys(rdev, dev->ieee80211_ptr,
13477 						  info, &no_ht);
13478 		if (IS_ERR(connkeys))
13479 			return PTR_ERR(connkeys);
13480 
13481 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
13482 		    no_ht) {
13483 			kfree_sensitive(connkeys);
13484 			return -EINVAL;
13485 		}
13486 	}
13487 
13488 	ibss.control_port =
13489 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
13490 
13491 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
13492 		int r = validate_pae_over_nl80211(rdev, info);
13493 
13494 		if (r < 0) {
13495 			kfree_sensitive(connkeys);
13496 			return r;
13497 		}
13498 
13499 		ibss.control_port_over_nl80211 = true;
13500 	}
13501 
13502 	ibss.userspace_handles_dfs =
13503 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
13504 
13505 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
13506 	if (err)
13507 		kfree_sensitive(connkeys);
13508 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
13509 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13510 
13511 	return err;
13512 }
13513 
13514 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
13515 {
13516 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13517 	struct net_device *dev = info->user_ptr[1];
13518 
13519 	if (!rdev->ops->leave_ibss)
13520 		return -EOPNOTSUPP;
13521 
13522 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
13523 		return -EOPNOTSUPP;
13524 
13525 	return cfg80211_leave_ibss(rdev, dev, false);
13526 }
13527 
13528 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
13529 {
13530 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13531 	struct net_device *dev = info->user_ptr[1];
13532 	int mcast_rate[NUM_NL80211_BANDS];
13533 	u32 nla_rate;
13534 
13535 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
13536 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
13537 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
13538 		return -EOPNOTSUPP;
13539 
13540 	if (!rdev->ops->set_mcast_rate)
13541 		return -EOPNOTSUPP;
13542 
13543 	memset(mcast_rate, 0, sizeof(mcast_rate));
13544 
13545 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
13546 		return -EINVAL;
13547 
13548 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
13549 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
13550 		return -EINVAL;
13551 
13552 	return rdev_set_mcast_rate(rdev, dev, mcast_rate);
13553 }
13554 
13555 static struct sk_buff *
13556 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
13557 			    struct wireless_dev *wdev, int approxlen,
13558 			    u32 portid, u32 seq, enum nl80211_commands cmd,
13559 			    enum nl80211_attrs attr,
13560 			    const struct nl80211_vendor_cmd_info *info,
13561 			    gfp_t gfp)
13562 {
13563 	struct sk_buff *skb;
13564 	void *hdr;
13565 	struct nlattr *data;
13566 
13567 	skb = nlmsg_new(approxlen + 100, gfp);
13568 	if (!skb)
13569 		return NULL;
13570 
13571 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
13572 	if (!hdr) {
13573 		kfree_skb(skb);
13574 		return NULL;
13575 	}
13576 
13577 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
13578 		goto nla_put_failure;
13579 
13580 	if (info) {
13581 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
13582 				info->vendor_id))
13583 			goto nla_put_failure;
13584 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
13585 				info->subcmd))
13586 			goto nla_put_failure;
13587 	}
13588 
13589 	if (wdev) {
13590 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13591 				      wdev_id(wdev), NL80211_ATTR_PAD))
13592 			goto nla_put_failure;
13593 		if (wdev->netdev &&
13594 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
13595 				wdev->netdev->ifindex))
13596 			goto nla_put_failure;
13597 	}
13598 
13599 	data = nla_nest_start_noflag(skb, attr);
13600 	if (!data)
13601 		goto nla_put_failure;
13602 
13603 	((void **)skb->cb)[0] = rdev;
13604 	((void **)skb->cb)[1] = hdr;
13605 	((void **)skb->cb)[2] = data;
13606 
13607 	return skb;
13608 
13609  nla_put_failure:
13610 	kfree_skb(skb);
13611 	return NULL;
13612 }
13613 
13614 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
13615 					   struct wireless_dev *wdev,
13616 					   enum nl80211_commands cmd,
13617 					   enum nl80211_attrs attr,
13618 					   unsigned int portid,
13619 					   int vendor_event_idx,
13620 					   int approxlen, gfp_t gfp)
13621 {
13622 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13623 	const struct nl80211_vendor_cmd_info *info;
13624 
13625 	switch (cmd) {
13626 	case NL80211_CMD_TESTMODE:
13627 		if (WARN_ON(vendor_event_idx != -1))
13628 			return NULL;
13629 		info = NULL;
13630 		break;
13631 	case NL80211_CMD_VENDOR:
13632 		if (WARN_ON(vendor_event_idx < 0 ||
13633 			    vendor_event_idx >= wiphy->n_vendor_events))
13634 			return NULL;
13635 		info = &wiphy->vendor_events[vendor_event_idx];
13636 		break;
13637 	default:
13638 		WARN_ON(1);
13639 		return NULL;
13640 	}
13641 
13642 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
13643 					   cmd, attr, info, gfp);
13644 }
13645 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
13646 
13647 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
13648 {
13649 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13650 	void *hdr = ((void **)skb->cb)[1];
13651 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
13652 	struct nlattr *data = ((void **)skb->cb)[2];
13653 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
13654 
13655 	/* clear CB data for netlink core to own from now on */
13656 	memset(skb->cb, 0, sizeof(skb->cb));
13657 
13658 	nla_nest_end(skb, data);
13659 	genlmsg_end(skb, hdr);
13660 
13661 	if (nlhdr->nlmsg_pid) {
13662 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
13663 				nlhdr->nlmsg_pid);
13664 	} else {
13665 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
13666 			mcgrp = NL80211_MCGRP_VENDOR;
13667 
13668 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13669 					skb, 0, mcgrp, gfp);
13670 	}
13671 }
13672 EXPORT_SYMBOL(__cfg80211_send_event_skb);
13673 
13674 #ifdef CONFIG_NL80211_TESTMODE
13675 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
13676 {
13677 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13678 	struct wireless_dev *wdev;
13679 	int err;
13680 
13681 	lockdep_assert_held(&rdev->wiphy.mtx);
13682 
13683 	wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
13684 					  info->attrs);
13685 
13686 	if (!rdev->ops->testmode_cmd)
13687 		return -EOPNOTSUPP;
13688 
13689 	if (IS_ERR(wdev)) {
13690 		err = PTR_ERR(wdev);
13691 		if (err != -EINVAL)
13692 			return err;
13693 		wdev = NULL;
13694 	} else if (wdev->wiphy != &rdev->wiphy) {
13695 		return -EINVAL;
13696 	}
13697 
13698 	if (!info->attrs[NL80211_ATTR_TESTDATA])
13699 		return -EINVAL;
13700 
13701 	rdev->cur_cmd_info = info;
13702 	err = rdev_testmode_cmd(rdev, wdev,
13703 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
13704 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
13705 	rdev->cur_cmd_info = NULL;
13706 
13707 	return err;
13708 }
13709 
13710 static int nl80211_testmode_dump(struct sk_buff *skb,
13711 				 struct netlink_callback *cb)
13712 {
13713 	struct cfg80211_registered_device *rdev;
13714 	struct nlattr **attrbuf = NULL;
13715 	int err;
13716 	long phy_idx;
13717 	void *data = NULL;
13718 	int data_len = 0;
13719 
13720 	rtnl_lock();
13721 
13722 	if (cb->args[0]) {
13723 		/*
13724 		 * 0 is a valid index, but not valid for args[0],
13725 		 * so we need to offset by 1.
13726 		 */
13727 		phy_idx = cb->args[0] - 1;
13728 
13729 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
13730 		if (!rdev) {
13731 			err = -ENOENT;
13732 			goto out_err;
13733 		}
13734 
13735 		/*
13736 		 * The wiphy may have moved netns between dumpit
13737 		 * invocations (via NL80211_CMD_SET_WIPHY_NETNS), so
13738 		 * re-check that it still matches the caller's netns.
13739 		 */
13740 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) {
13741 			err = -ENODEV;
13742 			goto out_err;
13743 		}
13744 	} else {
13745 		attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
13746 		if (!attrbuf) {
13747 			err = -ENOMEM;
13748 			goto out_err;
13749 		}
13750 
13751 		err = nlmsg_parse_deprecated(cb->nlh,
13752 					     GENL_HDRLEN + nl80211_fam.hdrsize,
13753 					     attrbuf, nl80211_fam.maxattr,
13754 					     nl80211_policy, NULL);
13755 		if (err)
13756 			goto out_err;
13757 
13758 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13759 		if (IS_ERR(rdev)) {
13760 			err = PTR_ERR(rdev);
13761 			goto out_err;
13762 		}
13763 		phy_idx = rdev->wiphy_idx;
13764 
13765 		if (attrbuf[NL80211_ATTR_TESTDATA])
13766 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
13767 	}
13768 
13769 	if (cb->args[1]) {
13770 		data = nla_data((void *)cb->args[1]);
13771 		data_len = nla_len((void *)cb->args[1]);
13772 	}
13773 
13774 	if (!rdev->ops->testmode_dump) {
13775 		err = -EOPNOTSUPP;
13776 		goto out_err;
13777 	}
13778 
13779 	while (1) {
13780 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13781 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
13782 					   NL80211_CMD_TESTMODE);
13783 		struct nlattr *tmdata;
13784 
13785 		if (!hdr)
13786 			break;
13787 
13788 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
13789 			genlmsg_cancel(skb, hdr);
13790 			break;
13791 		}
13792 
13793 		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
13794 		if (!tmdata) {
13795 			genlmsg_cancel(skb, hdr);
13796 			break;
13797 		}
13798 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
13799 		nla_nest_end(skb, tmdata);
13800 
13801 		if (err == -ENOBUFS || err == -ENOENT) {
13802 			genlmsg_cancel(skb, hdr);
13803 			break;
13804 		} else if (err) {
13805 			genlmsg_cancel(skb, hdr);
13806 			goto out_err;
13807 		}
13808 
13809 		genlmsg_end(skb, hdr);
13810 	}
13811 
13812 	err = skb->len;
13813 	/* see above */
13814 	cb->args[0] = phy_idx + 1;
13815  out_err:
13816 	kfree(attrbuf);
13817 	rtnl_unlock();
13818 	return err;
13819 }
13820 #endif
13821 
13822 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
13823 {
13824 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13825 	struct net_device *dev = info->user_ptr[1];
13826 	struct cfg80211_connect_params connect;
13827 	struct wiphy *wiphy;
13828 	struct cfg80211_cached_keys *connkeys = NULL;
13829 	u32 freq = 0;
13830 	int err;
13831 
13832 	memset(&connect, 0, sizeof(connect));
13833 
13834 	if (!info->attrs[NL80211_ATTR_SSID] ||
13835 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
13836 		return -EINVAL;
13837 
13838 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
13839 		connect.auth_type =
13840 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
13841 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
13842 					     NL80211_CMD_CONNECT))
13843 			return -EINVAL;
13844 	} else
13845 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
13846 
13847 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
13848 
13849 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
13850 	    !wiphy_ext_feature_isset(&rdev->wiphy,
13851 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13852 		return -EINVAL;
13853 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
13854 
13855 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
13856 				      NL80211_MAX_NR_CIPHER_SUITES);
13857 	if (err)
13858 		return err;
13859 
13860 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13861 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13862 		return -EOPNOTSUPP;
13863 
13864 	wiphy = &rdev->wiphy;
13865 
13866 	connect.bg_scan_period = -1;
13867 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
13868 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
13869 		connect.bg_scan_period =
13870 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
13871 	}
13872 
13873 	if (info->attrs[NL80211_ATTR_MAC])
13874 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13875 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
13876 		connect.bssid_hint =
13877 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
13878 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13879 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13880 
13881 	if (info->attrs[NL80211_ATTR_IE]) {
13882 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13883 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13884 	}
13885 
13886 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
13887 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
13888 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
13889 		    !wiphy_ext_feature_isset(&rdev->wiphy,
13890 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
13891 			return -EOPNOTSUPP;
13892 	} else {
13893 		connect.mfp = NL80211_MFP_NO;
13894 	}
13895 
13896 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
13897 		connect.prev_bssid =
13898 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
13899 
13900 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
13901 		freq = MHZ_TO_KHZ(nla_get_u32(
13902 					info->attrs[NL80211_ATTR_WIPHY_FREQ]));
13903 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
13904 		freq +=
13905 		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
13906 
13907 	if (freq) {
13908 		connect.channel = nl80211_get_valid_chan(wiphy, freq);
13909 		if (!connect.channel)
13910 			return -EINVAL;
13911 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
13912 		freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
13913 		freq = MHZ_TO_KHZ(freq);
13914 		connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
13915 		if (!connect.channel_hint)
13916 			return -EINVAL;
13917 	}
13918 
13919 	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
13920 		connect.edmg.channels =
13921 		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
13922 
13923 		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
13924 			connect.edmg.bw_config =
13925 				nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
13926 	}
13927 
13928 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
13929 		connkeys = nl80211_parse_connkeys(rdev, dev->ieee80211_ptr,
13930 						  info, NULL);
13931 		if (IS_ERR(connkeys))
13932 			return PTR_ERR(connkeys);
13933 	}
13934 
13935 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
13936 		connect.flags |= ASSOC_REQ_DISABLE_HT;
13937 
13938 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13939 		memcpy(&connect.ht_capa_mask,
13940 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
13941 		       sizeof(connect.ht_capa_mask));
13942 
13943 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
13944 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
13945 			kfree_sensitive(connkeys);
13946 			return -EINVAL;
13947 		}
13948 		memcpy(&connect.ht_capa,
13949 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
13950 		       sizeof(connect.ht_capa));
13951 	}
13952 
13953 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
13954 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
13955 
13956 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
13957 		connect.flags |= ASSOC_REQ_DISABLE_HE;
13958 
13959 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
13960 		connect.flags |= ASSOC_REQ_DISABLE_EHT;
13961 
13962 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_UHR]))
13963 		connect.flags |= ASSOC_REQ_DISABLE_UHR;
13964 
13965 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
13966 		memcpy(&connect.vht_capa_mask,
13967 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
13968 		       sizeof(connect.vht_capa_mask));
13969 
13970 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
13971 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
13972 			kfree_sensitive(connkeys);
13973 			return -EINVAL;
13974 		}
13975 		memcpy(&connect.vht_capa,
13976 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
13977 		       sizeof(connect.vht_capa));
13978 	}
13979 
13980 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
13981 		if (!((rdev->wiphy.features &
13982 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
13983 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
13984 		    !wiphy_ext_feature_isset(&rdev->wiphy,
13985 					     NL80211_EXT_FEATURE_RRM)) {
13986 			kfree_sensitive(connkeys);
13987 			return -EINVAL;
13988 		}
13989 		connect.flags |= ASSOC_REQ_USE_RRM;
13990 	}
13991 
13992 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
13993 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
13994 		kfree_sensitive(connkeys);
13995 		return -EOPNOTSUPP;
13996 	}
13997 
13998 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
13999 		/* bss selection makes no sense if bssid is set */
14000 		if (connect.bssid) {
14001 			kfree_sensitive(connkeys);
14002 			return -EINVAL;
14003 		}
14004 
14005 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
14006 				       wiphy, &connect.bss_select);
14007 		if (err) {
14008 			kfree_sensitive(connkeys);
14009 			return err;
14010 		}
14011 	}
14012 
14013 	if (wiphy_ext_feature_isset(&rdev->wiphy,
14014 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
14015 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
14016 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
14017 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
14018 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
14019 		connect.fils_erp_username =
14020 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
14021 		connect.fils_erp_username_len =
14022 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
14023 		connect.fils_erp_realm =
14024 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
14025 		connect.fils_erp_realm_len =
14026 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
14027 		connect.fils_erp_next_seq_num =
14028 			nla_get_u16(
14029 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
14030 		connect.fils_erp_rrk =
14031 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
14032 		connect.fils_erp_rrk_len =
14033 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
14034 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
14035 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
14036 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
14037 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
14038 		kfree_sensitive(connkeys);
14039 		return -EINVAL;
14040 	}
14041 
14042 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
14043 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
14044 			kfree_sensitive(connkeys);
14045 			GENL_SET_ERR_MSG(info,
14046 					 "external auth requires connection ownership");
14047 			return -EINVAL;
14048 		}
14049 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
14050 	}
14051 
14052 	if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
14053 		connect.flags |= CONNECT_REQ_MLO_SUPPORT;
14054 
14055 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
14056 			       connect.prev_bssid);
14057 	if (err)
14058 		kfree_sensitive(connkeys);
14059 
14060 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
14061 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
14062 		if (connect.bssid)
14063 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
14064 			       connect.bssid, ETH_ALEN);
14065 		else
14066 			eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
14067 	}
14068 
14069 	return err;
14070 }
14071 
14072 static int nl80211_update_connect_params(struct sk_buff *skb,
14073 					 struct genl_info *info)
14074 {
14075 	struct cfg80211_connect_params connect = {};
14076 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14077 	struct net_device *dev = info->user_ptr[1];
14078 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14079 	bool fils_sk_offload;
14080 	u32 auth_type;
14081 	u32 changed = 0;
14082 
14083 	if (!rdev->ops->update_connect_params)
14084 		return -EOPNOTSUPP;
14085 
14086 	if (info->attrs[NL80211_ATTR_IE]) {
14087 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14088 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14089 		changed |= UPDATE_ASSOC_IES;
14090 	}
14091 
14092 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
14093 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
14094 
14095 	/*
14096 	 * when driver supports fils-sk offload all attributes must be
14097 	 * provided. So the else covers "fils-sk-not-all" and
14098 	 * "no-fils-sk-any".
14099 	 */
14100 	if (fils_sk_offload &&
14101 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
14102 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
14103 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
14104 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
14105 		connect.fils_erp_username =
14106 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
14107 		connect.fils_erp_username_len =
14108 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
14109 		connect.fils_erp_realm =
14110 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
14111 		connect.fils_erp_realm_len =
14112 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
14113 		connect.fils_erp_next_seq_num =
14114 			nla_get_u16(
14115 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
14116 		connect.fils_erp_rrk =
14117 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
14118 		connect.fils_erp_rrk_len =
14119 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
14120 		changed |= UPDATE_FILS_ERP_INFO;
14121 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
14122 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
14123 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
14124 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
14125 		return -EINVAL;
14126 	}
14127 
14128 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
14129 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
14130 		if (!nl80211_valid_auth_type(rdev, auth_type,
14131 					     NL80211_CMD_CONNECT))
14132 			return -EINVAL;
14133 
14134 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
14135 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
14136 			return -EINVAL;
14137 
14138 		connect.auth_type = auth_type;
14139 		changed |= UPDATE_AUTH_TYPE;
14140 	}
14141 
14142 	if (!wdev->connected)
14143 		return -ENOLINK;
14144 
14145 	return rdev_update_connect_params(rdev, dev, &connect, changed);
14146 }
14147 
14148 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
14149 {
14150 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14151 	struct net_device *dev = info->user_ptr[1];
14152 	u16 reason;
14153 
14154 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
14155 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
14156 		return -EPERM;
14157 
14158 	reason = nla_get_u16_default(info->attrs[NL80211_ATTR_REASON_CODE],
14159 				     WLAN_REASON_DEAUTH_LEAVING);
14160 
14161 	if (reason == 0)
14162 		return -EINVAL;
14163 
14164 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
14165 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
14166 		return -EOPNOTSUPP;
14167 
14168 	return cfg80211_disconnect(rdev, dev, reason, true);
14169 }
14170 
14171 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
14172 {
14173 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14174 	struct net *net;
14175 	int err;
14176 
14177 	if (info->attrs[NL80211_ATTR_PID]) {
14178 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
14179 
14180 		net = get_net_ns_by_pid(pid);
14181 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
14182 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
14183 
14184 		net = get_net_ns_by_fd(fd);
14185 	} else {
14186 		return -EINVAL;
14187 	}
14188 
14189 	if (IS_ERR(net))
14190 		return PTR_ERR(net);
14191 
14192 	/*
14193 	 * The caller already has CAP_NET_ADMIN over the source netns
14194 	 * (enforced by GENL_UNS_ADMIN_PERM on the genl op). Mirror the
14195 	 * convention used by net/core/rtnetlink.c::rtnl_get_net_ns_capable()
14196 	 * and require CAP_NET_ADMIN over the target netns as well, so that
14197 	 * a caller that is privileged in their own user namespace cannot
14198 	 * push a wiphy into a netns where they have no privilege.
14199 	 */
14200 	if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
14201 		put_net(net);
14202 		return -EPERM;
14203 	}
14204 
14205 	err = 0;
14206 
14207 	/* check if anything to do */
14208 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
14209 		err = cfg80211_switch_netns(rdev, net);
14210 
14211 	put_net(net);
14212 	return err;
14213 }
14214 
14215 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
14216 {
14217 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14218 	struct net_device *dev = info->user_ptr[1];
14219 	struct cfg80211_pmksa pmksa;
14220 	bool ap_pmksa_caching_support = false;
14221 
14222 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
14223 
14224 	ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
14225 		NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
14226 
14227 	if (!info->attrs[NL80211_ATTR_PMKID])
14228 		return -EINVAL;
14229 
14230 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
14231 
14232 	if (info->attrs[NL80211_ATTR_MAC]) {
14233 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
14234 	} else if (info->attrs[NL80211_ATTR_SSID] &&
14235 	           info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
14236 	           info->attrs[NL80211_ATTR_PMK]) {
14237 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
14238 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
14239 		pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
14240 	} else {
14241 		return -EINVAL;
14242 	}
14243 
14244 	if (info->attrs[NL80211_ATTR_PMK]) {
14245 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
14246 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
14247 	}
14248 
14249 	if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
14250 		pmksa.pmk_lifetime =
14251 			nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
14252 
14253 	if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
14254 		pmksa.pmk_reauth_threshold =
14255 			nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
14256 
14257 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
14258 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
14259 	    !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
14260 	       dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
14261 	       ap_pmksa_caching_support))
14262 		return -EOPNOTSUPP;
14263 
14264 	if (!rdev->ops->set_pmksa)
14265 		return -EOPNOTSUPP;
14266 
14267 	return rdev_set_pmksa(rdev, dev, &pmksa);
14268 }
14269 
14270 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
14271 {
14272 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14273 	struct net_device *dev = info->user_ptr[1];
14274 	struct cfg80211_pmksa pmksa;
14275 	bool sae_offload_support = false;
14276 	bool owe_offload_support = false;
14277 	bool ap_pmksa_caching_support = false;
14278 
14279 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
14280 
14281 	sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
14282 		NL80211_EXT_FEATURE_SAE_OFFLOAD);
14283 	owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
14284 		NL80211_EXT_FEATURE_OWE_OFFLOAD);
14285 	ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
14286 		NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
14287 
14288 	if (info->attrs[NL80211_ATTR_PMKID])
14289 		pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
14290 
14291 	if (info->attrs[NL80211_ATTR_MAC]) {
14292 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
14293 	} else if (info->attrs[NL80211_ATTR_SSID]) {
14294 		/* SSID based pmksa flush supported only for FILS,
14295 		 * OWE/SAE OFFLOAD cases
14296 		 */
14297 		if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
14298 		    info->attrs[NL80211_ATTR_PMK]) {
14299 			pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
14300 		} else if (!sae_offload_support && !owe_offload_support) {
14301 			return -EINVAL;
14302 		}
14303 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
14304 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
14305 	} else {
14306 		return -EINVAL;
14307 	}
14308 
14309 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
14310 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
14311 	    !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
14312 	       dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
14313 	       ap_pmksa_caching_support))
14314 		return -EOPNOTSUPP;
14315 
14316 	if (!rdev->ops->del_pmksa)
14317 		return -EOPNOTSUPP;
14318 
14319 	return rdev_del_pmksa(rdev, dev, &pmksa);
14320 }
14321 
14322 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
14323 {
14324 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14325 	struct net_device *dev = info->user_ptr[1];
14326 
14327 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
14328 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
14329 		return -EOPNOTSUPP;
14330 
14331 	if (!rdev->ops->flush_pmksa)
14332 		return -EOPNOTSUPP;
14333 
14334 	return rdev_flush_pmksa(rdev, dev);
14335 }
14336 
14337 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
14338 {
14339 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14340 	struct net_device *dev = info->user_ptr[1];
14341 	u8 action_code, dialog_token;
14342 	u32 peer_capability = 0;
14343 	u16 status_code;
14344 	u8 *peer;
14345 	int link_id;
14346 	bool initiator;
14347 
14348 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
14349 	    !rdev->ops->tdls_mgmt)
14350 		return -EOPNOTSUPP;
14351 
14352 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
14353 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
14354 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
14355 	    !info->attrs[NL80211_ATTR_IE] ||
14356 	    !info->attrs[NL80211_ATTR_MAC])
14357 		return -EINVAL;
14358 
14359 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14360 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
14361 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14362 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
14363 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
14364 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
14365 		peer_capability =
14366 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
14367 	link_id = nl80211_link_id_or_invalid(info->attrs);
14368 
14369 	return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
14370 			      dialog_token, status_code, peer_capability,
14371 			      initiator,
14372 			      nla_data(info->attrs[NL80211_ATTR_IE]),
14373 			      nla_len(info->attrs[NL80211_ATTR_IE]));
14374 }
14375 
14376 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
14377 {
14378 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14379 	struct net_device *dev = info->user_ptr[1];
14380 	enum nl80211_tdls_operation operation;
14381 	u8 *peer;
14382 
14383 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
14384 	    !rdev->ops->tdls_oper)
14385 		return -EOPNOTSUPP;
14386 
14387 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
14388 	    !info->attrs[NL80211_ATTR_MAC])
14389 		return -EINVAL;
14390 
14391 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
14392 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14393 
14394 	return rdev_tdls_oper(rdev, dev, peer, operation);
14395 }
14396 
14397 static int nl80211_remain_on_channel(struct sk_buff *skb,
14398 				     struct genl_info *info)
14399 {
14400 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14401 	unsigned int link_id = nl80211_link_id(info->attrs);
14402 	struct wireless_dev *wdev = info->user_ptr[1];
14403 	struct cfg80211_chan_def chandef;
14404 	const u8 *rx_addr = NULL;
14405 	struct sk_buff *msg;
14406 	void *hdr;
14407 	u64 cookie;
14408 	u32 duration;
14409 	int err;
14410 
14411 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
14412 	    !info->attrs[NL80211_ATTR_DURATION])
14413 		return -EINVAL;
14414 
14415 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
14416 
14417 	if (info->attrs[NL80211_ATTR_MAC])
14418 		rx_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14419 
14420 	if (rx_addr &&
14421 	    !wiphy_ext_feature_isset(wdev->wiphy,
14422 				     NL80211_EXT_FEATURE_ROC_ADDR_FILTER))
14423 		return -EOPNOTSUPP;
14424 
14425 	if (!rdev->ops->remain_on_channel ||
14426 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
14427 		return -EOPNOTSUPP;
14428 
14429 	/*
14430 	 * We should be on that channel for at least a minimum amount of
14431 	 * time (10ms) but no longer than the driver supports.
14432 	 */
14433 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
14434 	    duration > rdev->wiphy.max_remain_on_channel_duration)
14435 		return -EINVAL;
14436 
14437 	err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef,
14438 				    false);
14439 	if (err)
14440 		return err;
14441 
14442 	if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
14443 		const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
14444 
14445 		oper_chandef = wdev_chandef(wdev, link_id);
14446 
14447 		if (WARN_ON(!oper_chandef)) {
14448 			/* cannot happen since we must beacon to get here */
14449 			WARN_ON(1);
14450 			return -EBUSY;
14451 		}
14452 
14453 		/* note: returns first one if identical chandefs */
14454 		compat_chandef = cfg80211_chandef_compatible(&chandef,
14455 							     oper_chandef);
14456 
14457 		if (compat_chandef != &chandef)
14458 			return -EBUSY;
14459 	}
14460 
14461 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14462 	if (!msg)
14463 		return -ENOMEM;
14464 
14465 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14466 			     NL80211_CMD_REMAIN_ON_CHANNEL);
14467 	if (!hdr) {
14468 		err = -ENOBUFS;
14469 		goto free_msg;
14470 	}
14471 
14472 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
14473 				     duration, &cookie, rx_addr);
14474 
14475 	if (err)
14476 		goto free_msg;
14477 
14478 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14479 			      NL80211_ATTR_PAD))
14480 		goto nla_put_failure;
14481 
14482 	genlmsg_end(msg, hdr);
14483 
14484 	return genlmsg_reply(msg, info);
14485 
14486  nla_put_failure:
14487 	err = -ENOBUFS;
14488  free_msg:
14489 	nlmsg_free(msg);
14490 	return err;
14491 }
14492 
14493 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
14494 					    struct genl_info *info)
14495 {
14496 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14497 	struct wireless_dev *wdev = info->user_ptr[1];
14498 	u64 cookie;
14499 
14500 	if (!info->attrs[NL80211_ATTR_COOKIE])
14501 		return -EINVAL;
14502 
14503 	if (!rdev->ops->cancel_remain_on_channel)
14504 		return -EOPNOTSUPP;
14505 
14506 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14507 
14508 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
14509 }
14510 
14511 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
14512 				       struct genl_info *info)
14513 {
14514 	struct cfg80211_bitrate_mask mask;
14515 	unsigned int link_id = nl80211_link_id(info->attrs);
14516 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14517 	struct net_device *dev = info->user_ptr[1];
14518 	int err;
14519 
14520 	if (!rdev->ops->set_bitrate_mask)
14521 		return -EOPNOTSUPP;
14522 
14523 	err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
14524 					    NL80211_ATTR_TX_RATES, &mask,
14525 					    dev, true, link_id);
14526 	if (err)
14527 		return err;
14528 
14529 	return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
14530 }
14531 
14532 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
14533 {
14534 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14535 	struct wireless_dev *wdev = info->user_ptr[1];
14536 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
14537 
14538 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
14539 		return -EINVAL;
14540 
14541 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
14542 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
14543 
14544 	switch (wdev->iftype) {
14545 	case NL80211_IFTYPE_STATION:
14546 	case NL80211_IFTYPE_ADHOC:
14547 	case NL80211_IFTYPE_P2P_CLIENT:
14548 	case NL80211_IFTYPE_AP:
14549 	case NL80211_IFTYPE_AP_VLAN:
14550 	case NL80211_IFTYPE_MESH_POINT:
14551 	case NL80211_IFTYPE_P2P_GO:
14552 	case NL80211_IFTYPE_P2P_DEVICE:
14553 		break;
14554 	case NL80211_IFTYPE_NAN:
14555 	case NL80211_IFTYPE_NAN_DATA:
14556 		if (!wiphy_ext_feature_isset(wdev->wiphy,
14557 					     NL80211_EXT_FEATURE_SECURE_NAN) &&
14558 		    !(wdev->wiphy->nan_capa.flags &
14559 		      WIPHY_NAN_FLAGS_USERSPACE_DE))
14560 			return -EOPNOTSUPP;
14561 		break;
14562 	case NL80211_IFTYPE_PD:
14563 		if (!wiphy_ext_feature_isset(wdev->wiphy,
14564 					     NL80211_EXT_FEATURE_SECURE_RTT))
14565 			return -EOPNOTSUPP;
14566 		break;
14567 	default:
14568 		return -EOPNOTSUPP;
14569 	}
14570 
14571 	/* not much point in registering if we can't reply */
14572 	if (!rdev->ops->mgmt_tx)
14573 		return -EOPNOTSUPP;
14574 
14575 	if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
14576 	    !wiphy_ext_feature_isset(&rdev->wiphy,
14577 				     NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
14578 		GENL_SET_ERR_MSG(info,
14579 				 "multicast RX registrations are not supported");
14580 		return -EOPNOTSUPP;
14581 	}
14582 
14583 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
14584 					   nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
14585 					   nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
14586 					   info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
14587 					   info->extack);
14588 }
14589 
14590 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
14591 {
14592 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14593 	struct wireless_dev *wdev = info->user_ptr[1];
14594 	struct cfg80211_chan_def chandef;
14595 	int err;
14596 	void *hdr = NULL;
14597 	u64 cookie;
14598 	struct sk_buff *msg = NULL;
14599 	struct cfg80211_mgmt_tx_params params = {
14600 		.dont_wait_for_ack =
14601 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
14602 	};
14603 
14604 	if (!info->attrs[NL80211_ATTR_FRAME])
14605 		return -EINVAL;
14606 
14607 	if (!rdev->ops->mgmt_tx)
14608 		return -EOPNOTSUPP;
14609 
14610 	switch (wdev->iftype) {
14611 	case NL80211_IFTYPE_P2P_DEVICE:
14612 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
14613 			return -EINVAL;
14614 		break;
14615 	case NL80211_IFTYPE_STATION:
14616 	case NL80211_IFTYPE_ADHOC:
14617 	case NL80211_IFTYPE_P2P_CLIENT:
14618 	case NL80211_IFTYPE_AP:
14619 	case NL80211_IFTYPE_AP_VLAN:
14620 	case NL80211_IFTYPE_MESH_POINT:
14621 	case NL80211_IFTYPE_P2P_GO:
14622 		break;
14623 	case NL80211_IFTYPE_NAN:
14624 	case NL80211_IFTYPE_NAN_DATA:
14625 		if (!wiphy_ext_feature_isset(wdev->wiphy,
14626 					     NL80211_EXT_FEATURE_SECURE_NAN) &&
14627 		    !(wdev->wiphy->nan_capa.flags &
14628 		      WIPHY_NAN_FLAGS_USERSPACE_DE))
14629 			return -EOPNOTSUPP;
14630 		break;
14631 	case NL80211_IFTYPE_PD:
14632 		if (!wiphy_ext_feature_isset(wdev->wiphy,
14633 					     NL80211_EXT_FEATURE_SECURE_RTT))
14634 			return -EOPNOTSUPP;
14635 		break;
14636 	default:
14637 		return -EOPNOTSUPP;
14638 	}
14639 
14640 	if (info->attrs[NL80211_ATTR_DURATION]) {
14641 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
14642 			return -EINVAL;
14643 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
14644 
14645 		/*
14646 		 * We should wait on the channel for at least a minimum amount
14647 		 * of time (10ms) but no longer than the driver supports.
14648 		 */
14649 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
14650 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
14651 			return -EINVAL;
14652 	}
14653 
14654 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
14655 
14656 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
14657 		return -EINVAL;
14658 
14659 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
14660 
14661 	/* get the channel if any has been specified, otherwise pass NULL to
14662 	 * the driver. The latter will use the current one
14663 	 */
14664 	chandef.chan = NULL;
14665 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
14666 		err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
14667 					    &chandef, false);
14668 		if (err)
14669 			return err;
14670 	}
14671 
14672 	if (!chandef.chan && params.offchan)
14673 		return -EINVAL;
14674 
14675 	if (params.offchan &&
14676 	    !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
14677 		return -EBUSY;
14678 
14679 	params.link_id = nl80211_link_id_or_invalid(info->attrs);
14680 	/*
14681 	 * This now races due to the unlock, but we cannot check
14682 	 * the valid links for the _station_ anyway, so that's up
14683 	 * to the driver.
14684 	 */
14685 	if (params.link_id >= 0 &&
14686 	    !(wdev->valid_links & BIT(params.link_id)))
14687 		return -EINVAL;
14688 
14689 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14690 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14691 
14692 	err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
14693 					    info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
14694 					    &params.csa_offsets,
14695 					    &params.n_csa_offsets);
14696 	if (err)
14697 		return err;
14698 
14699 	if (!params.dont_wait_for_ack) {
14700 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14701 		if (!msg)
14702 			return -ENOMEM;
14703 
14704 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14705 				     NL80211_CMD_FRAME);
14706 		if (!hdr) {
14707 			err = -ENOBUFS;
14708 			goto free_msg;
14709 		}
14710 	}
14711 
14712 	params.chan = chandef.chan;
14713 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
14714 	if (err)
14715 		goto free_msg;
14716 
14717 	if (msg) {
14718 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14719 				      NL80211_ATTR_PAD))
14720 			goto nla_put_failure;
14721 
14722 		genlmsg_end(msg, hdr);
14723 		return genlmsg_reply(msg, info);
14724 	}
14725 
14726 	return 0;
14727 
14728  nla_put_failure:
14729 	err = -ENOBUFS;
14730  free_msg:
14731 	nlmsg_free(msg);
14732 	return err;
14733 }
14734 
14735 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
14736 {
14737 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14738 	struct wireless_dev *wdev = info->user_ptr[1];
14739 	u64 cookie;
14740 
14741 	if (!info->attrs[NL80211_ATTR_COOKIE])
14742 		return -EINVAL;
14743 
14744 	if (!rdev->ops->mgmt_tx_cancel_wait)
14745 		return -EOPNOTSUPP;
14746 
14747 	switch (wdev->iftype) {
14748 	case NL80211_IFTYPE_STATION:
14749 	case NL80211_IFTYPE_ADHOC:
14750 	case NL80211_IFTYPE_P2P_CLIENT:
14751 	case NL80211_IFTYPE_AP:
14752 	case NL80211_IFTYPE_AP_VLAN:
14753 	case NL80211_IFTYPE_P2P_GO:
14754 	case NL80211_IFTYPE_P2P_DEVICE:
14755 		break;
14756 	case NL80211_IFTYPE_NAN:
14757 		if (!wiphy_ext_feature_isset(wdev->wiphy,
14758 					     NL80211_EXT_FEATURE_SECURE_NAN))
14759 			return -EOPNOTSUPP;
14760 		break;
14761 	case NL80211_IFTYPE_PD:
14762 		if (!wiphy_ext_feature_isset(wdev->wiphy,
14763 					     NL80211_EXT_FEATURE_SECURE_RTT))
14764 			return -EOPNOTSUPP;
14765 		break;
14766 	default:
14767 		return -EOPNOTSUPP;
14768 	}
14769 
14770 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14771 
14772 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
14773 }
14774 
14775 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
14776 {
14777 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14778 	struct wireless_dev *wdev;
14779 	struct net_device *dev = info->user_ptr[1];
14780 	u8 ps_state;
14781 	bool state;
14782 	int err;
14783 
14784 	if (!info->attrs[NL80211_ATTR_PS_STATE])
14785 		return -EINVAL;
14786 
14787 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
14788 
14789 	wdev = dev->ieee80211_ptr;
14790 
14791 	if (!rdev->ops->set_power_mgmt)
14792 		return -EOPNOTSUPP;
14793 
14794 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
14795 
14796 	if (state == wdev->ps)
14797 		return 0;
14798 
14799 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
14800 	if (!err)
14801 		wdev->ps = state;
14802 	return err;
14803 }
14804 
14805 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
14806 {
14807 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14808 	enum nl80211_ps_state ps_state;
14809 	struct wireless_dev *wdev;
14810 	struct net_device *dev = info->user_ptr[1];
14811 	struct sk_buff *msg;
14812 	void *hdr;
14813 	int err;
14814 
14815 	wdev = dev->ieee80211_ptr;
14816 
14817 	if (!rdev->ops->set_power_mgmt)
14818 		return -EOPNOTSUPP;
14819 
14820 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14821 	if (!msg)
14822 		return -ENOMEM;
14823 
14824 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14825 			     NL80211_CMD_GET_POWER_SAVE);
14826 	if (!hdr) {
14827 		err = -ENOBUFS;
14828 		goto free_msg;
14829 	}
14830 
14831 	if (wdev->ps)
14832 		ps_state = NL80211_PS_ENABLED;
14833 	else
14834 		ps_state = NL80211_PS_DISABLED;
14835 
14836 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
14837 		goto nla_put_failure;
14838 
14839 	genlmsg_end(msg, hdr);
14840 	return genlmsg_reply(msg, info);
14841 
14842  nla_put_failure:
14843 	err = -ENOBUFS;
14844  free_msg:
14845 	nlmsg_free(msg);
14846 	return err;
14847 }
14848 
14849 static const struct nla_policy
14850 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
14851 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
14852 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
14853 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
14854 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
14855 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
14856 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
14857 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
14858 };
14859 
14860 static int nl80211_set_cqm_txe(struct genl_info *info,
14861 			       u32 rate, u32 pkts, u32 intvl)
14862 {
14863 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14864 	struct net_device *dev = info->user_ptr[1];
14865 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14866 
14867 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
14868 		return -EINVAL;
14869 
14870 	if (!rdev->ops->set_cqm_txe_config)
14871 		return -EOPNOTSUPP;
14872 
14873 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
14874 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14875 		return -EOPNOTSUPP;
14876 
14877 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
14878 }
14879 
14880 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
14881 				    struct net_device *dev,
14882 				    struct cfg80211_cqm_config *cqm_config)
14883 {
14884 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14885 	s32 last, low, high;
14886 	u32 hyst;
14887 	int i, n, low_index;
14888 	int err;
14889 
14890 	/*
14891 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
14892 	 * event has been received yet, we should receive an event after a
14893 	 * connection is established and enough beacons received to calculate
14894 	 * the average.
14895 	 */
14896 	if (!cqm_config->last_rssi_event_value &&
14897 	    wdev->links[0].client.current_bss &&
14898 	    rdev->ops->get_station) {
14899 		struct station_info sinfo = {};
14900 		u8 *mac_addr;
14901 
14902 		mac_addr = wdev->links[0].client.current_bss->pub.bssid;
14903 
14904 		err = rdev_get_station(rdev, wdev, mac_addr, &sinfo);
14905 		if (err)
14906 			return err;
14907 
14908 		cfg80211_sinfo_release_content(&sinfo);
14909 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
14910 			cqm_config->last_rssi_event_value =
14911 				(s8) sinfo.rx_beacon_signal_avg;
14912 	}
14913 
14914 	last = cqm_config->last_rssi_event_value;
14915 	hyst = cqm_config->rssi_hyst;
14916 	n = cqm_config->n_rssi_thresholds;
14917 
14918 	for (i = 0; i < n; i++) {
14919 		i = array_index_nospec(i, n);
14920 		if (last < cqm_config->rssi_thresholds[i])
14921 			break;
14922 	}
14923 
14924 	low_index = i - 1;
14925 	if (low_index >= 0) {
14926 		low_index = array_index_nospec(low_index, n);
14927 		low = cqm_config->rssi_thresholds[low_index] - hyst;
14928 	} else {
14929 		low = S32_MIN;
14930 	}
14931 	if (i < n) {
14932 		i = array_index_nospec(i, n);
14933 		high = cqm_config->rssi_thresholds[i] + hyst - 1;
14934 	} else {
14935 		high = S32_MAX;
14936 	}
14937 
14938 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
14939 }
14940 
14941 static int nl80211_set_cqm_rssi(struct genl_info *info,
14942 				const s32 *thresholds, int n_thresholds,
14943 				u32 hysteresis)
14944 {
14945 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14946 	struct cfg80211_cqm_config *cqm_config = NULL, *old;
14947 	struct net_device *dev = info->user_ptr[1];
14948 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14949 	s32 prev = S32_MIN;
14950 	int i, err;
14951 
14952 	/* Check all values negative and sorted */
14953 	for (i = 0; i < n_thresholds; i++) {
14954 		if (thresholds[i] > 0 || thresholds[i] <= prev)
14955 			return -EINVAL;
14956 
14957 		prev = thresholds[i];
14958 	}
14959 
14960 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
14961 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14962 		return -EOPNOTSUPP;
14963 
14964 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
14965 		n_thresholds = 0;
14966 
14967 	old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
14968 
14969 	/* if already disabled just succeed */
14970 	if (!n_thresholds && !old)
14971 		return 0;
14972 
14973 	if (n_thresholds > 1) {
14974 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
14975 					     NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
14976 		    !rdev->ops->set_cqm_rssi_range_config)
14977 			return -EOPNOTSUPP;
14978 	} else {
14979 		if (!rdev->ops->set_cqm_rssi_config)
14980 			return -EOPNOTSUPP;
14981 	}
14982 
14983 	if (n_thresholds) {
14984 		cqm_config = kzalloc_flex(*cqm_config, rssi_thresholds,
14985 					  n_thresholds);
14986 		if (!cqm_config)
14987 			return -ENOMEM;
14988 
14989 		cqm_config->rssi_hyst = hysteresis;
14990 		cqm_config->n_rssi_thresholds = n_thresholds;
14991 		memcpy(cqm_config->rssi_thresholds, thresholds,
14992 		       flex_array_size(cqm_config, rssi_thresholds,
14993 				       n_thresholds));
14994 		cqm_config->use_range_api = n_thresholds > 1 ||
14995 					    !rdev->ops->set_cqm_rssi_config;
14996 
14997 		rcu_assign_pointer(wdev->cqm_config, cqm_config);
14998 
14999 		if (cqm_config->use_range_api)
15000 			err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
15001 		else
15002 			err = rdev_set_cqm_rssi_config(rdev, dev,
15003 						       thresholds[0],
15004 						       hysteresis);
15005 	} else {
15006 		RCU_INIT_POINTER(wdev->cqm_config, NULL);
15007 		/* if enabled as range also disable via range */
15008 		if (old->use_range_api)
15009 			err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
15010 		else
15011 			err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
15012 	}
15013 
15014 	if (err) {
15015 		rcu_assign_pointer(wdev->cqm_config, old);
15016 		kfree_rcu(cqm_config, rcu_head);
15017 	} else {
15018 		kfree_rcu(old, rcu_head);
15019 	}
15020 
15021 	return err;
15022 }
15023 
15024 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
15025 {
15026 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
15027 	struct nlattr *cqm;
15028 	int err;
15029 
15030 	cqm = info->attrs[NL80211_ATTR_CQM];
15031 	if (!cqm)
15032 		return -EINVAL;
15033 
15034 	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
15035 					  nl80211_attr_cqm_policy,
15036 					  info->extack);
15037 	if (err)
15038 		return err;
15039 
15040 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
15041 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
15042 		const s32 *thresholds =
15043 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
15044 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
15045 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
15046 
15047 		if (len % 4)
15048 			return -EINVAL;
15049 
15050 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
15051 					    hysteresis);
15052 	}
15053 
15054 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
15055 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
15056 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
15057 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
15058 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
15059 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
15060 
15061 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
15062 	}
15063 
15064 	return -EINVAL;
15065 }
15066 
15067 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
15068 {
15069 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15070 	struct net_device *dev = info->user_ptr[1];
15071 	struct ocb_setup setup = {};
15072 	int err;
15073 
15074 	err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
15075 				    &setup.chandef, false);
15076 	if (err)
15077 		return err;
15078 
15079 	return cfg80211_join_ocb(rdev, dev, &setup);
15080 }
15081 
15082 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
15083 {
15084 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15085 	struct net_device *dev = info->user_ptr[1];
15086 
15087 	return cfg80211_leave_ocb(rdev, dev);
15088 }
15089 
15090 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
15091 {
15092 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15093 	struct net_device *dev = info->user_ptr[1];
15094 	struct mesh_config cfg;
15095 	struct mesh_setup setup;
15096 	int err;
15097 
15098 	/* start with default */
15099 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
15100 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
15101 
15102 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
15103 		/* and parse parameters if given */
15104 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
15105 		if (err)
15106 			return err;
15107 	}
15108 
15109 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
15110 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
15111 		return -EINVAL;
15112 
15113 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
15114 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
15115 
15116 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
15117 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
15118 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
15119 			return -EINVAL;
15120 
15121 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
15122 		setup.beacon_interval =
15123 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
15124 
15125 		err = cfg80211_validate_beacon_int(rdev,
15126 						   NL80211_IFTYPE_MESH_POINT,
15127 						   setup.beacon_interval);
15128 		if (err)
15129 			return err;
15130 	}
15131 
15132 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
15133 		setup.dtim_period =
15134 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
15135 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
15136 			return -EINVAL;
15137 	}
15138 
15139 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
15140 		/* parse additional setup parameters if given */
15141 		err = nl80211_parse_mesh_setup(info, &setup);
15142 		if (err)
15143 			return err;
15144 	}
15145 
15146 	if (setup.user_mpm)
15147 		cfg.auto_open_plinks = false;
15148 
15149 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
15150 		err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
15151 					    &setup.chandef, false);
15152 		if (err)
15153 			return err;
15154 	} else {
15155 		/* __cfg80211_join_mesh() will sort it out */
15156 		setup.chandef.chan = NULL;
15157 	}
15158 
15159 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
15160 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
15161 		int n_rates =
15162 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
15163 		struct ieee80211_supported_band *sband;
15164 
15165 		if (!setup.chandef.chan)
15166 			return -EINVAL;
15167 
15168 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
15169 
15170 		err = ieee80211_get_ratemask(sband, rates, n_rates,
15171 					     &setup.basic_rates);
15172 		if (err)
15173 			return err;
15174 	}
15175 
15176 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
15177 		err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
15178 						    NL80211_ATTR_TX_RATES,
15179 						    &setup.beacon_rate,
15180 						    dev, false, 0);
15181 		if (err)
15182 			return err;
15183 
15184 		if (!setup.chandef.chan)
15185 			return -EINVAL;
15186 
15187 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
15188 					      &setup.beacon_rate);
15189 		if (err)
15190 			return err;
15191 	}
15192 
15193 	setup.userspace_handles_dfs =
15194 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
15195 
15196 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
15197 		int r = validate_pae_over_nl80211(rdev, info);
15198 
15199 		if (r < 0)
15200 			return r;
15201 
15202 		setup.control_port_over_nl80211 = true;
15203 	}
15204 
15205 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
15206 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
15207 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
15208 
15209 	return err;
15210 }
15211 
15212 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
15213 {
15214 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15215 	struct net_device *dev = info->user_ptr[1];
15216 
15217 	return cfg80211_leave_mesh(rdev, dev);
15218 }
15219 
15220 #ifdef CONFIG_PM
15221 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
15222 					struct cfg80211_registered_device *rdev)
15223 {
15224 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
15225 	struct nlattr *nl_pats, *nl_pat;
15226 	int i, pat_len;
15227 
15228 	if (!wowlan->n_patterns)
15229 		return 0;
15230 
15231 	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
15232 	if (!nl_pats)
15233 		return -ENOBUFS;
15234 
15235 	for (i = 0; i < wowlan->n_patterns; i++) {
15236 		nl_pat = nla_nest_start_noflag(msg, i + 1);
15237 		if (!nl_pat)
15238 			return -ENOBUFS;
15239 		pat_len = wowlan->patterns[i].pattern_len;
15240 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
15241 			    wowlan->patterns[i].mask) ||
15242 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
15243 			    wowlan->patterns[i].pattern) ||
15244 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
15245 				wowlan->patterns[i].pkt_offset))
15246 			return -ENOBUFS;
15247 		nla_nest_end(msg, nl_pat);
15248 	}
15249 	nla_nest_end(msg, nl_pats);
15250 
15251 	return 0;
15252 }
15253 
15254 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
15255 				   struct cfg80211_wowlan_tcp *tcp)
15256 {
15257 	struct nlattr *nl_tcp;
15258 
15259 	if (!tcp)
15260 		return 0;
15261 
15262 	nl_tcp = nla_nest_start_noflag(msg,
15263 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
15264 	if (!nl_tcp)
15265 		return -ENOBUFS;
15266 
15267 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
15268 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
15269 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
15270 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
15271 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
15272 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
15273 		    tcp->payload_len, tcp->payload) ||
15274 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
15275 			tcp->data_interval) ||
15276 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
15277 		    tcp->wake_len, tcp->wake_data) ||
15278 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
15279 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
15280 		return -ENOBUFS;
15281 
15282 	if (tcp->payload_seq.len &&
15283 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
15284 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
15285 		return -ENOBUFS;
15286 
15287 	if (tcp->payload_tok.len &&
15288 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
15289 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
15290 		    &tcp->payload_tok))
15291 		return -ENOBUFS;
15292 
15293 	nla_nest_end(msg, nl_tcp);
15294 
15295 	return 0;
15296 }
15297 
15298 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
15299 				  struct cfg80211_sched_scan_request *req)
15300 {
15301 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
15302 	int i;
15303 
15304 	if (!req)
15305 		return 0;
15306 
15307 	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
15308 	if (!nd)
15309 		return -ENOBUFS;
15310 
15311 	if (req->n_scan_plans == 1 &&
15312 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
15313 			req->scan_plans[0].interval * 1000))
15314 		return -ENOBUFS;
15315 
15316 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
15317 		return -ENOBUFS;
15318 
15319 	if (req->relative_rssi_set) {
15320 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
15321 
15322 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
15323 			       req->relative_rssi))
15324 			return -ENOBUFS;
15325 
15326 		rssi_adjust.band = req->rssi_adjust.band;
15327 		rssi_adjust.delta = req->rssi_adjust.delta;
15328 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
15329 			    sizeof(rssi_adjust), &rssi_adjust))
15330 			return -ENOBUFS;
15331 	}
15332 
15333 	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
15334 	if (!freqs)
15335 		return -ENOBUFS;
15336 
15337 	for (i = 0; i < req->n_channels; i++) {
15338 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15339 			return -ENOBUFS;
15340 	}
15341 
15342 	nla_nest_end(msg, freqs);
15343 
15344 	if (req->n_match_sets) {
15345 		matches = nla_nest_start_noflag(msg,
15346 						NL80211_ATTR_SCHED_SCAN_MATCH);
15347 		if (!matches)
15348 			return -ENOBUFS;
15349 
15350 		for (i = 0; i < req->n_match_sets; i++) {
15351 			match = nla_nest_start_noflag(msg, i);
15352 			if (!match)
15353 				return -ENOBUFS;
15354 
15355 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
15356 				    req->match_sets[i].ssid.ssid_len,
15357 				    req->match_sets[i].ssid.ssid))
15358 				return -ENOBUFS;
15359 			nla_nest_end(msg, match);
15360 		}
15361 		nla_nest_end(msg, matches);
15362 	}
15363 
15364 	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
15365 	if (!scan_plans)
15366 		return -ENOBUFS;
15367 
15368 	for (i = 0; i < req->n_scan_plans; i++) {
15369 		scan_plan = nla_nest_start_noflag(msg, i + 1);
15370 		if (!scan_plan)
15371 			return -ENOBUFS;
15372 
15373 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
15374 				req->scan_plans[i].interval) ||
15375 		    (req->scan_plans[i].iterations &&
15376 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
15377 				 req->scan_plans[i].iterations)))
15378 			return -ENOBUFS;
15379 		nla_nest_end(msg, scan_plan);
15380 	}
15381 	nla_nest_end(msg, scan_plans);
15382 
15383 	nla_nest_end(msg, nd);
15384 
15385 	return 0;
15386 }
15387 
15388 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
15389 {
15390 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15391 	struct sk_buff *msg;
15392 	void *hdr;
15393 	u32 size = NLMSG_DEFAULT_SIZE;
15394 
15395 	if (!rdev->wiphy.wowlan)
15396 		return -EOPNOTSUPP;
15397 
15398 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
15399 		/* adjust size to have room for all the data */
15400 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
15401 			rdev->wiphy.wowlan_config->tcp->payload_len +
15402 			rdev->wiphy.wowlan_config->tcp->wake_len +
15403 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
15404 	}
15405 
15406 	msg = nlmsg_new(size, GFP_KERNEL);
15407 	if (!msg)
15408 		return -ENOMEM;
15409 
15410 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15411 			     NL80211_CMD_GET_WOWLAN);
15412 	if (!hdr)
15413 		goto nla_put_failure;
15414 
15415 	if (rdev->wiphy.wowlan_config) {
15416 		struct nlattr *nl_wowlan;
15417 
15418 		nl_wowlan = nla_nest_start_noflag(msg,
15419 						  NL80211_ATTR_WOWLAN_TRIGGERS);
15420 		if (!nl_wowlan)
15421 			goto nla_put_failure;
15422 
15423 		if ((rdev->wiphy.wowlan_config->any &&
15424 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
15425 		    (rdev->wiphy.wowlan_config->disconnect &&
15426 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
15427 		    (rdev->wiphy.wowlan_config->magic_pkt &&
15428 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
15429 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
15430 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
15431 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
15432 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
15433 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
15434 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
15435 		    (rdev->wiphy.wowlan_config->rfkill_release &&
15436 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
15437 			goto nla_put_failure;
15438 
15439 		if (nl80211_send_wowlan_patterns(msg, rdev))
15440 			goto nla_put_failure;
15441 
15442 		if (nl80211_send_wowlan_tcp(msg,
15443 					    rdev->wiphy.wowlan_config->tcp))
15444 			goto nla_put_failure;
15445 
15446 		if (nl80211_send_wowlan_nd(
15447 			    msg,
15448 			    rdev->wiphy.wowlan_config->nd_config))
15449 			goto nla_put_failure;
15450 
15451 		nla_nest_end(msg, nl_wowlan);
15452 	}
15453 
15454 	genlmsg_end(msg, hdr);
15455 	return genlmsg_reply(msg, info);
15456 
15457 nla_put_failure:
15458 	nlmsg_free(msg);
15459 	return -ENOBUFS;
15460 }
15461 
15462 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
15463 				    struct nlattr *attr,
15464 				    struct cfg80211_wowlan *trig)
15465 {
15466 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
15467 	struct cfg80211_wowlan_tcp *cfg;
15468 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
15469 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
15470 	u32 size;
15471 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
15472 	int err, port;
15473 
15474 	if (!rdev->wiphy.wowlan->tcp)
15475 		return -EINVAL;
15476 
15477 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
15478 					  nl80211_wowlan_tcp_policy, NULL);
15479 	if (err)
15480 		return err;
15481 
15482 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
15483 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
15484 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
15485 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
15486 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
15487 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
15488 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
15489 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
15490 		return -EINVAL;
15491 
15492 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
15493 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
15494 		return -EINVAL;
15495 
15496 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
15497 			rdev->wiphy.wowlan->tcp->data_interval_max ||
15498 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
15499 		return -EINVAL;
15500 
15501 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
15502 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
15503 		return -EINVAL;
15504 
15505 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
15506 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
15507 		return -EINVAL;
15508 
15509 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
15510 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
15511 
15512 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
15513 		tokens_size = tokln - sizeof(*tok);
15514 
15515 		if (!tok->len || tokens_size % tok->len)
15516 			return -EINVAL;
15517 		if (!rdev->wiphy.wowlan->tcp->tok)
15518 			return -EINVAL;
15519 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
15520 			return -EINVAL;
15521 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
15522 			return -EINVAL;
15523 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
15524 			return -EINVAL;
15525 		if (tok->offset + tok->len > data_size)
15526 			return -EINVAL;
15527 	}
15528 
15529 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
15530 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
15531 		if (!rdev->wiphy.wowlan->tcp->seq)
15532 			return -EINVAL;
15533 		if (seq->len == 0 || seq->len > 4)
15534 			return -EINVAL;
15535 		if (seq->len + seq->offset > data_size)
15536 			return -EINVAL;
15537 	}
15538 
15539 	size = sizeof(*cfg);
15540 	size += data_size;
15541 	size += wake_size + wake_mask_size;
15542 	size += tokens_size;
15543 
15544 	cfg = kzalloc(size, GFP_KERNEL);
15545 	if (!cfg)
15546 		return -ENOMEM;
15547 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
15548 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
15549 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
15550 	       ETH_ALEN);
15551 	port = nla_get_u16_default(tb[NL80211_WOWLAN_TCP_SRC_PORT], 0);
15552 #ifdef CONFIG_INET
15553 	/* allocate a socket and port for it and use it */
15554 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
15555 			    IPPROTO_TCP, &cfg->sock, 1);
15556 	if (err) {
15557 		kfree(cfg);
15558 		return err;
15559 	}
15560 	if (inet_csk_get_port(cfg->sock->sk, port)) {
15561 		sock_release(cfg->sock);
15562 		kfree(cfg);
15563 		return -EADDRINUSE;
15564 	}
15565 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
15566 #else
15567 	if (!port) {
15568 		kfree(cfg);
15569 		return -EINVAL;
15570 	}
15571 	cfg->src_port = port;
15572 #endif
15573 
15574 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
15575 	cfg->payload_len = data_size;
15576 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
15577 	memcpy((void *)cfg->payload,
15578 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
15579 	       data_size);
15580 	if (seq)
15581 		cfg->payload_seq = *seq;
15582 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
15583 	cfg->wake_len = wake_size;
15584 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
15585 	memcpy((void *)cfg->wake_data,
15586 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
15587 	       wake_size);
15588 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
15589 			 data_size + wake_size;
15590 	memcpy((void *)cfg->wake_mask,
15591 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
15592 	       wake_mask_size);
15593 	if (tok) {
15594 		cfg->tokens_size = tokens_size;
15595 		cfg->payload_tok = *tok;
15596 		memcpy(cfg->payload_tok.token_stream, tok->token_stream,
15597 		       tokens_size);
15598 	}
15599 
15600 	trig->tcp = cfg;
15601 
15602 	return 0;
15603 }
15604 
15605 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
15606 				   const struct wiphy_wowlan_support *wowlan,
15607 				   struct nlattr *attr,
15608 				   struct cfg80211_wowlan *trig)
15609 {
15610 	struct nlattr **tb;
15611 	int err;
15612 
15613 	tb = kzalloc_objs(*tb, NUM_NL80211_ATTR);
15614 	if (!tb)
15615 		return -ENOMEM;
15616 
15617 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
15618 		err = -EOPNOTSUPP;
15619 		goto out;
15620 	}
15621 
15622 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
15623 					  nl80211_policy, NULL);
15624 	if (err)
15625 		goto out;
15626 
15627 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
15628 						   wowlan->max_nd_match_sets);
15629 	err = PTR_ERR_OR_ZERO(trig->nd_config);
15630 	if (err)
15631 		trig->nd_config = NULL;
15632 
15633 out:
15634 	kfree(tb);
15635 	return err;
15636 }
15637 
15638 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
15639 {
15640 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15641 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
15642 	struct cfg80211_wowlan new_triggers = {};
15643 	struct cfg80211_wowlan *ntrig;
15644 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
15645 	int err, i;
15646 	bool prev_enabled = rdev->wiphy.wowlan_config;
15647 	bool regular = false;
15648 
15649 	if (!wowlan)
15650 		return -EOPNOTSUPP;
15651 
15652 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
15653 		cfg80211_rdev_free_wowlan(rdev);
15654 		rdev->wiphy.wowlan_config = NULL;
15655 		goto set_wakeup;
15656 	}
15657 
15658 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
15659 					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
15660 					  nl80211_wowlan_policy, info->extack);
15661 	if (err)
15662 		return err;
15663 
15664 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
15665 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
15666 			return -EINVAL;
15667 		new_triggers.any = true;
15668 	}
15669 
15670 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
15671 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
15672 			return -EINVAL;
15673 		new_triggers.disconnect = true;
15674 		regular = true;
15675 	}
15676 
15677 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
15678 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
15679 			return -EINVAL;
15680 		new_triggers.magic_pkt = true;
15681 		regular = true;
15682 	}
15683 
15684 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
15685 		return -EINVAL;
15686 
15687 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
15688 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
15689 			return -EINVAL;
15690 		new_triggers.gtk_rekey_failure = true;
15691 		regular = true;
15692 	}
15693 
15694 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
15695 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
15696 			return -EINVAL;
15697 		new_triggers.eap_identity_req = true;
15698 		regular = true;
15699 	}
15700 
15701 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
15702 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
15703 			return -EINVAL;
15704 		new_triggers.four_way_handshake = true;
15705 		regular = true;
15706 	}
15707 
15708 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
15709 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
15710 			return -EINVAL;
15711 		new_triggers.rfkill_release = true;
15712 		regular = true;
15713 	}
15714 
15715 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
15716 		struct nlattr *pat;
15717 		int n_patterns = 0;
15718 		int rem, pat_len, mask_len, pkt_offset;
15719 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
15720 
15721 		regular = true;
15722 
15723 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
15724 				    rem)
15725 			n_patterns++;
15726 		if (n_patterns > wowlan->n_patterns)
15727 			return -EINVAL;
15728 
15729 		new_triggers.patterns = kzalloc_objs(new_triggers.patterns[0],
15730 						     n_patterns);
15731 		if (!new_triggers.patterns)
15732 			return -ENOMEM;
15733 
15734 		new_triggers.n_patterns = n_patterns;
15735 		i = 0;
15736 
15737 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
15738 				    rem) {
15739 			u8 *mask_pat;
15740 
15741 			err = nla_parse_nested_deprecated(pat_tb,
15742 							  MAX_NL80211_PKTPAT,
15743 							  pat,
15744 							  nl80211_packet_pattern_policy,
15745 							  info->extack);
15746 			if (err)
15747 				goto error;
15748 
15749 			err = -EINVAL;
15750 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
15751 			    !pat_tb[NL80211_PKTPAT_PATTERN])
15752 				goto error;
15753 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
15754 			mask_len = DIV_ROUND_UP(pat_len, 8);
15755 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
15756 				goto error;
15757 			if (pat_len > wowlan->pattern_max_len ||
15758 			    pat_len < wowlan->pattern_min_len)
15759 				goto error;
15760 
15761 			pkt_offset =
15762 				nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
15763 						    0);
15764 			if (pkt_offset > wowlan->max_pkt_offset)
15765 				goto error;
15766 			new_triggers.patterns[i].pkt_offset = pkt_offset;
15767 
15768 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
15769 			if (!mask_pat) {
15770 				err = -ENOMEM;
15771 				goto error;
15772 			}
15773 			new_triggers.patterns[i].mask = mask_pat;
15774 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
15775 			       mask_len);
15776 			mask_pat += mask_len;
15777 			new_triggers.patterns[i].pattern = mask_pat;
15778 			new_triggers.patterns[i].pattern_len = pat_len;
15779 			memcpy(mask_pat,
15780 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
15781 			       pat_len);
15782 			i++;
15783 		}
15784 	}
15785 
15786 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
15787 		regular = true;
15788 		err = nl80211_parse_wowlan_tcp(
15789 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
15790 			&new_triggers);
15791 		if (err)
15792 			goto error;
15793 	}
15794 
15795 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
15796 		regular = true;
15797 		err = nl80211_parse_wowlan_nd(
15798 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
15799 			&new_triggers);
15800 		if (err)
15801 			goto error;
15802 	}
15803 
15804 	/* The 'any' trigger means the device continues operating more or less
15805 	 * as in its normal operation mode and wakes up the host on most of the
15806 	 * normal interrupts (like packet RX, ...)
15807 	 * It therefore makes little sense to combine with the more constrained
15808 	 * wakeup trigger modes.
15809 	 */
15810 	if (new_triggers.any && regular) {
15811 		err = -EINVAL;
15812 		goto error;
15813 	}
15814 
15815 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
15816 	if (!ntrig) {
15817 		err = -ENOMEM;
15818 		goto error;
15819 	}
15820 	cfg80211_rdev_free_wowlan(rdev);
15821 	rdev->wiphy.wowlan_config = ntrig;
15822 
15823  set_wakeup:
15824 	if (rdev->ops->set_wakeup &&
15825 	    prev_enabled != !!rdev->wiphy.wowlan_config)
15826 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
15827 
15828 	return 0;
15829  error:
15830 	for (i = 0; i < new_triggers.n_patterns; i++)
15831 		kfree(new_triggers.patterns[i].mask);
15832 	kfree(new_triggers.patterns);
15833 	if (new_triggers.tcp && new_triggers.tcp->sock)
15834 		sock_release(new_triggers.tcp->sock);
15835 	kfree(new_triggers.tcp);
15836 	kfree(new_triggers.nd_config);
15837 	return err;
15838 }
15839 #endif
15840 
15841 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
15842 				       struct cfg80211_registered_device *rdev)
15843 {
15844 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
15845 	int i, j, pat_len;
15846 	struct cfg80211_coalesce_rules *rule;
15847 
15848 	if (!rdev->coalesce->n_rules)
15849 		return 0;
15850 
15851 	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
15852 	if (!nl_rules)
15853 		return -ENOBUFS;
15854 
15855 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
15856 		nl_rule = nla_nest_start_noflag(msg, i + 1);
15857 		if (!nl_rule)
15858 			return -ENOBUFS;
15859 
15860 		rule = &rdev->coalesce->rules[i];
15861 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
15862 				rule->delay))
15863 			return -ENOBUFS;
15864 
15865 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
15866 				rule->condition))
15867 			return -ENOBUFS;
15868 
15869 		nl_pats = nla_nest_start_noflag(msg,
15870 						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
15871 		if (!nl_pats)
15872 			return -ENOBUFS;
15873 
15874 		for (j = 0; j < rule->n_patterns; j++) {
15875 			nl_pat = nla_nest_start_noflag(msg, j + 1);
15876 			if (!nl_pat)
15877 				return -ENOBUFS;
15878 			pat_len = rule->patterns[j].pattern_len;
15879 			if (nla_put(msg, NL80211_PKTPAT_MASK,
15880 				    DIV_ROUND_UP(pat_len, 8),
15881 				    rule->patterns[j].mask) ||
15882 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
15883 				    rule->patterns[j].pattern) ||
15884 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
15885 					rule->patterns[j].pkt_offset))
15886 				return -ENOBUFS;
15887 			nla_nest_end(msg, nl_pat);
15888 		}
15889 		nla_nest_end(msg, nl_pats);
15890 		nla_nest_end(msg, nl_rule);
15891 	}
15892 	nla_nest_end(msg, nl_rules);
15893 
15894 	return 0;
15895 }
15896 
15897 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
15898 {
15899 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
15900 	struct sk_buff *msg;
15901 	void *hdr;
15902 
15903 	if (!rdev->wiphy.coalesce)
15904 		return -EOPNOTSUPP;
15905 
15906 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15907 	if (!msg)
15908 		return -ENOMEM;
15909 
15910 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15911 			     NL80211_CMD_GET_COALESCE);
15912 	if (!hdr)
15913 		goto nla_put_failure;
15914 
15915 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
15916 		goto nla_put_failure;
15917 
15918 	genlmsg_end(msg, hdr);
15919 	return genlmsg_reply(msg, info);
15920 
15921 nla_put_failure:
15922 	nlmsg_free(msg);
15923 	return -ENOBUFS;
15924 }
15925 
15926 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce)
15927 {
15928 	int i, j;
15929 	struct cfg80211_coalesce_rules *rule;
15930 
15931 	if (!coalesce)
15932 		return;
15933 
15934 	for (i = 0; i < coalesce->n_rules; i++) {
15935 		rule = &coalesce->rules[i];
15936 		for (j = 0; j < rule->n_patterns; j++)
15937 			kfree(rule->patterns[j].mask);
15938 		kfree(rule->patterns);
15939 	}
15940 	kfree(coalesce);
15941 }
15942 
15943 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
15944 				       struct nlattr *rule,
15945 				       struct cfg80211_coalesce_rules *new_rule)
15946 {
15947 	int err, i;
15948 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
15949 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
15950 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
15951 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
15952 
15953 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
15954 					  rule, nl80211_coalesce_policy, NULL);
15955 	if (err)
15956 		return err;
15957 
15958 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
15959 		new_rule->delay =
15960 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
15961 	if (new_rule->delay > coalesce->max_delay)
15962 		return -EINVAL;
15963 
15964 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
15965 		new_rule->condition =
15966 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
15967 
15968 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
15969 		return -EINVAL;
15970 
15971 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
15972 			    rem)
15973 		n_patterns++;
15974 	if (n_patterns > coalesce->n_patterns)
15975 		return -EINVAL;
15976 
15977 	new_rule->patterns = kzalloc_objs(new_rule->patterns[0], n_patterns);
15978 	if (!new_rule->patterns)
15979 		return -ENOMEM;
15980 
15981 	new_rule->n_patterns = n_patterns;
15982 	i = 0;
15983 
15984 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
15985 			    rem) {
15986 		u8 *mask_pat;
15987 
15988 		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
15989 						  pat,
15990 						  nl80211_packet_pattern_policy,
15991 						  NULL);
15992 		if (err)
15993 			return err;
15994 
15995 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
15996 		    !pat_tb[NL80211_PKTPAT_PATTERN])
15997 			return -EINVAL;
15998 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
15999 		mask_len = DIV_ROUND_UP(pat_len, 8);
16000 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
16001 			return -EINVAL;
16002 		if (pat_len > coalesce->pattern_max_len ||
16003 		    pat_len < coalesce->pattern_min_len)
16004 			return -EINVAL;
16005 
16006 		pkt_offset = nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
16007 						 0);
16008 		if (pkt_offset > coalesce->max_pkt_offset)
16009 			return -EINVAL;
16010 		new_rule->patterns[i].pkt_offset = pkt_offset;
16011 
16012 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
16013 		if (!mask_pat)
16014 			return -ENOMEM;
16015 
16016 		new_rule->patterns[i].mask = mask_pat;
16017 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
16018 		       mask_len);
16019 
16020 		mask_pat += mask_len;
16021 		new_rule->patterns[i].pattern = mask_pat;
16022 		new_rule->patterns[i].pattern_len = pat_len;
16023 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
16024 		       pat_len);
16025 		i++;
16026 	}
16027 
16028 	return 0;
16029 }
16030 
16031 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
16032 {
16033 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16034 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
16035 	struct cfg80211_coalesce *new_coalesce;
16036 	int err, rem_rule, n_rules = 0, i;
16037 	struct nlattr *rule;
16038 
16039 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
16040 		return -EOPNOTSUPP;
16041 
16042 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
16043 		cfg80211_free_coalesce(rdev->coalesce);
16044 		rdev->coalesce = NULL;
16045 		rdev_set_coalesce(rdev, NULL);
16046 		return 0;
16047 	}
16048 
16049 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
16050 			    rem_rule)
16051 		n_rules++;
16052 	if (n_rules > coalesce->n_rules)
16053 		return -EINVAL;
16054 
16055 	new_coalesce = kzalloc_flex(*new_coalesce, rules, n_rules);
16056 	if (!new_coalesce)
16057 		return -ENOMEM;
16058 
16059 	new_coalesce->n_rules = n_rules;
16060 	i = 0;
16061 
16062 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
16063 			    rem_rule) {
16064 		err = nl80211_parse_coalesce_rule(rdev, rule,
16065 						  &new_coalesce->rules[i]);
16066 		if (err)
16067 			goto error;
16068 
16069 		i++;
16070 	}
16071 
16072 	err = rdev_set_coalesce(rdev, new_coalesce);
16073 	if (err)
16074 		goto error;
16075 
16076 	cfg80211_free_coalesce(rdev->coalesce);
16077 	rdev->coalesce = new_coalesce;
16078 
16079 	return 0;
16080 error:
16081 	cfg80211_free_coalesce(new_coalesce);
16082 
16083 	return err;
16084 }
16085 
16086 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
16087 {
16088 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16089 	struct net_device *dev = info->user_ptr[1];
16090 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16091 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
16092 	struct cfg80211_gtk_rekey_data rekey_data = {};
16093 	int err;
16094 
16095 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
16096 		return -EINVAL;
16097 
16098 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
16099 					  info->attrs[NL80211_ATTR_REKEY_DATA],
16100 					  nl80211_rekey_policy, info->extack);
16101 	if (err)
16102 		return err;
16103 
16104 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
16105 	    !tb[NL80211_REKEY_DATA_KCK])
16106 		return -EINVAL;
16107 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
16108 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
16109 	      nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
16110 		return -ERANGE;
16111 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
16112 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
16113 	      nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
16114 	     !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
16115 	       nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
16116 		return -ERANGE;
16117 
16118 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
16119 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
16120 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
16121 	rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
16122 	rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
16123 	if (tb[NL80211_REKEY_DATA_AKM])
16124 		rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
16125 
16126 	if (!wdev->connected)
16127 		return -ENOTCONN;
16128 
16129 	if (!rdev->ops->set_rekey_data)
16130 		return -EOPNOTSUPP;
16131 
16132 	return rdev_set_rekey_data(rdev, dev, &rekey_data);
16133 }
16134 
16135 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
16136 					     struct genl_info *info)
16137 {
16138 	struct net_device *dev = info->user_ptr[1];
16139 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16140 
16141 	if (wdev->iftype != NL80211_IFTYPE_AP &&
16142 	    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16143 	    wdev->iftype != NL80211_IFTYPE_NAN_DATA)
16144 		return -EINVAL;
16145 
16146 	if (wdev->unexpected_nlportid)
16147 		return -EBUSY;
16148 
16149 	wdev->unexpected_nlportid = info->snd_portid;
16150 	return 0;
16151 }
16152 
16153 static int nl80211_probe_client(struct sk_buff *skb,
16154 				struct genl_info *info)
16155 {
16156 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16157 	struct net_device *dev = info->user_ptr[1];
16158 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16159 	struct sk_buff *msg;
16160 	void *hdr;
16161 	const u8 *addr;
16162 	u64 cookie;
16163 	int err;
16164 
16165 	if (wdev->iftype != NL80211_IFTYPE_AP &&
16166 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
16167 		return -EOPNOTSUPP;
16168 
16169 	if (!info->attrs[NL80211_ATTR_MAC])
16170 		return -EINVAL;
16171 
16172 	if (!rdev->ops->probe_client)
16173 		return -EOPNOTSUPP;
16174 
16175 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16176 	if (!msg)
16177 		return -ENOMEM;
16178 
16179 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
16180 			     NL80211_CMD_PROBE_CLIENT);
16181 	if (!hdr) {
16182 		err = -ENOBUFS;
16183 		goto free_msg;
16184 	}
16185 
16186 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
16187 
16188 	err = rdev_probe_client(rdev, dev, addr, &cookie);
16189 	if (err)
16190 		goto free_msg;
16191 
16192 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16193 			      NL80211_ATTR_PAD))
16194 		goto nla_put_failure;
16195 
16196 	genlmsg_end(msg, hdr);
16197 
16198 	return genlmsg_reply(msg, info);
16199 
16200  nla_put_failure:
16201 	err = -ENOBUFS;
16202  free_msg:
16203 	nlmsg_free(msg);
16204 	return err;
16205 }
16206 
16207 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
16208 {
16209 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16210 	struct cfg80211_beacon_registration *reg, *nreg;
16211 	int rv;
16212 
16213 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
16214 		return -EOPNOTSUPP;
16215 
16216 	nreg = kzalloc_obj(*nreg);
16217 	if (!nreg)
16218 		return -ENOMEM;
16219 
16220 	/* First, check if already registered. */
16221 	spin_lock_bh(&rdev->beacon_registrations_lock);
16222 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16223 		if (reg->nlportid == info->snd_portid) {
16224 			rv = -EALREADY;
16225 			goto out_err;
16226 		}
16227 	}
16228 	/* Add it to the list */
16229 	nreg->nlportid = info->snd_portid;
16230 	list_add(&nreg->list, &rdev->beacon_registrations);
16231 
16232 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16233 
16234 	return 0;
16235 out_err:
16236 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16237 	kfree(nreg);
16238 	return rv;
16239 }
16240 
16241 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
16242 {
16243 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16244 	struct wireless_dev *wdev = info->user_ptr[1];
16245 	int err;
16246 
16247 	if (!rdev->ops->start_p2p_device)
16248 		return -EOPNOTSUPP;
16249 
16250 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
16251 		return -EOPNOTSUPP;
16252 
16253 	if (wdev_running(wdev))
16254 		return 0;
16255 
16256 	if (rfkill_blocked(rdev->wiphy.rfkill))
16257 		return -ERFKILL;
16258 
16259 	err = rdev_start_p2p_device(rdev, wdev);
16260 	if (err)
16261 		return err;
16262 
16263 	wdev->is_running = true;
16264 	rdev->opencount++;
16265 
16266 	return 0;
16267 }
16268 
16269 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
16270 {
16271 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16272 	struct wireless_dev *wdev = info->user_ptr[1];
16273 
16274 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
16275 		return -EOPNOTSUPP;
16276 
16277 	if (!rdev->ops->stop_p2p_device)
16278 		return -EOPNOTSUPP;
16279 
16280 	cfg80211_stop_p2p_device(rdev, wdev);
16281 
16282 	return 0;
16283 }
16284 
16285 static struct ieee80211_channel *nl80211_get_nan_channel(struct wiphy *wiphy,
16286 							 int freq)
16287 {
16288 	struct ieee80211_channel *chan;
16289 	struct cfg80211_chan_def def;
16290 
16291 	/* Check if the frequency is valid for NAN */
16292 	if (freq != 5220 && freq != 5745 && freq != 2437)
16293 		return NULL;
16294 
16295 	chan = ieee80211_get_channel(wiphy, freq);
16296 	if (!chan)
16297 		return NULL;
16298 
16299 	cfg80211_chandef_create(&def, chan, NL80211_CHAN_NO_HT);
16300 
16301 	/* Check if the channel is allowed */
16302 	if (cfg80211_reg_can_beacon(wiphy, &def, NL80211_IFTYPE_NAN))
16303 		return chan;
16304 
16305 	return NULL;
16306 }
16307 
16308 static int nl80211_parse_nan_band_config(struct wiphy *wiphy,
16309 					 struct nlattr **tb,
16310 					 struct cfg80211_nan_band_config *cfg,
16311 					 enum nl80211_band band)
16312 {
16313 	if (BIT(band) & ~(u32)wiphy->nan_supported_bands)
16314 		return -EINVAL;
16315 
16316 	if (tb[NL80211_NAN_BAND_CONF_FREQ]) {
16317 		u16 freq = nla_get_u16(tb[NL80211_NAN_BAND_CONF_FREQ]);
16318 
16319 		if (band != NL80211_BAND_5GHZ)
16320 			return -EINVAL;
16321 
16322 		cfg->chan = nl80211_get_nan_channel(wiphy, freq);
16323 		if (!cfg->chan)
16324 			return -EINVAL;
16325 	}
16326 
16327 	if (tb[NL80211_NAN_BAND_CONF_RSSI_CLOSE]) {
16328 		cfg->rssi_close =
16329 			nla_get_s8(tb[NL80211_NAN_BAND_CONF_RSSI_CLOSE]);
16330 		if (!tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE])
16331 			return -EINVAL;
16332 	}
16333 
16334 	if (tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE]) {
16335 		cfg->rssi_middle =
16336 			nla_get_s8(tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE]);
16337 		if (!cfg->rssi_close || cfg->rssi_middle >= cfg->rssi_close)
16338 			return -EINVAL;
16339 	}
16340 
16341 	if (tb[NL80211_NAN_BAND_CONF_WAKE_DW]) {
16342 		cfg->awake_dw_interval =
16343 			nla_get_u8(tb[NL80211_NAN_BAND_CONF_WAKE_DW]);
16344 
16345 		if (band == NL80211_BAND_2GHZ && cfg->awake_dw_interval == 0)
16346 			return -EINVAL;
16347 	}
16348 
16349 	cfg->disable_scan =
16350 		nla_get_flag(tb[NL80211_NAN_BAND_CONF_DISABLE_SCAN]);
16351 	return 0;
16352 }
16353 
16354 static int nl80211_parse_nan_conf(struct wiphy *wiphy,
16355 				  struct genl_info *info,
16356 				  struct cfg80211_nan_conf *conf,
16357 				  u32 *changed_flags,
16358 				  bool start)
16359 {
16360 	struct nlattr *attrs[NL80211_NAN_CONF_ATTR_MAX + 1];
16361 	int err, rem;
16362 	u32 changed = 0;
16363 	struct nlattr *band_config;
16364 
16365 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
16366 		conf->master_pref =
16367 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
16368 
16369 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
16370 	}
16371 
16372 	if (info->attrs[NL80211_ATTR_BANDS]) {
16373 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
16374 
16375 		if (bands & ~(u32)wiphy->nan_supported_bands)
16376 			return -EOPNOTSUPP;
16377 
16378 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
16379 			return -EINVAL;
16380 
16381 		conf->bands = bands;
16382 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
16383 	}
16384 
16385 	conf->band_cfgs[NL80211_BAND_2GHZ].awake_dw_interval = 1;
16386 	if (conf->bands & BIT(NL80211_BAND_5GHZ) || !conf->bands)
16387 		conf->band_cfgs[NL80211_BAND_5GHZ].awake_dw_interval = 1;
16388 
16389 	/* On 2.4 GHz band use channel 6 */
16390 	conf->band_cfgs[NL80211_BAND_2GHZ].chan =
16391 		nl80211_get_nan_channel(wiphy, 2437);
16392 	if (!conf->band_cfgs[NL80211_BAND_2GHZ].chan)
16393 		return -EINVAL;
16394 
16395 	if (!info->attrs[NL80211_ATTR_NAN_CONFIG])
16396 		goto out;
16397 
16398 	err = nla_parse_nested(attrs, NL80211_NAN_CONF_ATTR_MAX,
16399 			       info->attrs[NL80211_ATTR_NAN_CONFIG], NULL,
16400 			       info->extack);
16401 	if (err)
16402 		return err;
16403 
16404 	changed |= CFG80211_NAN_CONF_CHANGED_CONFIG;
16405 	if (attrs[NL80211_NAN_CONF_CLUSTER_ID] && start) {
16406 		ether_addr_copy(conf->cluster_id,
16407 				nla_data(attrs[NL80211_NAN_CONF_CLUSTER_ID]));
16408 	} else if (start) {
16409 		conf->cluster_id[0] = 0x50;
16410 		conf->cluster_id[1] = 0x6f;
16411 		conf->cluster_id[2] = 0x9a;
16412 		conf->cluster_id[3] = 0x01;
16413 		get_random_bytes(&conf->cluster_id[4], 2);
16414 	}
16415 
16416 	if (attrs[NL80211_NAN_CONF_EXTRA_ATTRS]) {
16417 		conf->extra_nan_attrs =
16418 			nla_data(attrs[NL80211_NAN_CONF_EXTRA_ATTRS]);
16419 		conf->extra_nan_attrs_len =
16420 			nla_len(attrs[NL80211_NAN_CONF_EXTRA_ATTRS]);
16421 	}
16422 
16423 	if (attrs[NL80211_NAN_CONF_VENDOR_ELEMS]) {
16424 		conf->vendor_elems =
16425 			nla_data(attrs[NL80211_NAN_CONF_VENDOR_ELEMS]);
16426 		conf->vendor_elems_len =
16427 			nla_len(attrs[NL80211_NAN_CONF_VENDOR_ELEMS]);
16428 	}
16429 
16430 	if (attrs[NL80211_NAN_CONF_BAND_CONFIGS]) {
16431 		nla_for_each_nested(band_config,
16432 				    attrs[NL80211_NAN_CONF_BAND_CONFIGS],
16433 				    rem) {
16434 			enum nl80211_band band;
16435 			struct cfg80211_nan_band_config *cfg;
16436 			struct nlattr *tb[NL80211_NAN_BAND_CONF_ATTR_MAX + 1];
16437 
16438 			err = nla_parse_nested(tb,
16439 					       NL80211_NAN_BAND_CONF_ATTR_MAX,
16440 					       band_config, NULL,
16441 					       info->extack);
16442 			if (err)
16443 				return err;
16444 
16445 			if (!tb[NL80211_NAN_BAND_CONF_BAND])
16446 				return -EINVAL;
16447 
16448 			band = nla_get_u8(tb[NL80211_NAN_BAND_CONF_BAND]);
16449 			if (conf->bands && !(conf->bands & BIT(band)))
16450 				return -EINVAL;
16451 
16452 			cfg = &conf->band_cfgs[band];
16453 
16454 			err = nl80211_parse_nan_band_config(wiphy, tb, cfg,
16455 							    band);
16456 			if (err)
16457 				return err;
16458 		}
16459 	}
16460 
16461 	if (attrs[NL80211_NAN_CONF_SCAN_PERIOD])
16462 		conf->scan_period =
16463 			nla_get_u16(attrs[NL80211_NAN_CONF_SCAN_PERIOD]);
16464 
16465 	if (attrs[NL80211_NAN_CONF_SCAN_DWELL_TIME])
16466 		conf->scan_dwell_time =
16467 			nla_get_u16(attrs[NL80211_NAN_CONF_SCAN_DWELL_TIME]);
16468 
16469 	if (attrs[NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL])
16470 		conf->discovery_beacon_interval =
16471 			nla_get_u8(attrs[NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL]);
16472 
16473 	if (attrs[NL80211_NAN_CONF_NOTIFY_DW])
16474 		conf->enable_dw_notification =
16475 			nla_get_flag(attrs[NL80211_NAN_CONF_NOTIFY_DW]);
16476 
16477 out:
16478 	if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan &&
16479 	    (!conf->bands || conf->bands & BIT(NL80211_BAND_5GHZ))) {
16480 		/* If no 5GHz channel is specified use default, if possible */
16481 		conf->band_cfgs[NL80211_BAND_5GHZ].chan =
16482 				nl80211_get_nan_channel(wiphy, 5745);
16483 		if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan)
16484 			conf->band_cfgs[NL80211_BAND_5GHZ].chan =
16485 					nl80211_get_nan_channel(wiphy, 5220);
16486 
16487 		/* Return error if user space asked explicitly for 5 GHz */
16488 		if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan &&
16489 		    conf->bands & BIT(NL80211_BAND_5GHZ)) {
16490 			NL_SET_ERR_MSG_ATTR(info->extack,
16491 					    info->attrs[NL80211_ATTR_BANDS],
16492 					    "5 GHz band operation is not allowed");
16493 			return -EINVAL;
16494 		}
16495 	}
16496 
16497 	if (changed_flags)
16498 		*changed_flags = changed;
16499 
16500 	return 0;
16501 }
16502 
16503 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
16504 {
16505 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16506 	struct wireless_dev *wdev = info->user_ptr[1];
16507 	struct cfg80211_nan_conf conf = {};
16508 	int err;
16509 
16510 	if (wdev->iftype != NL80211_IFTYPE_NAN)
16511 		return -EOPNOTSUPP;
16512 
16513 	if (wdev_running(wdev))
16514 		return -EEXIST;
16515 
16516 	if (rfkill_blocked(rdev->wiphy.rfkill))
16517 		return -ERFKILL;
16518 
16519 	/* Master preference is mandatory for START_NAN */
16520 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
16521 		return -EINVAL;
16522 
16523 	err = nl80211_parse_nan_conf(&rdev->wiphy, info, &conf, NULL, true);
16524 	if (err)
16525 		return err;
16526 
16527 	err = rdev_start_nan(rdev, wdev, &conf);
16528 	if (err)
16529 		return err;
16530 
16531 	wdev->is_running = true;
16532 	rdev->opencount++;
16533 
16534 	return 0;
16535 }
16536 
16537 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
16538 {
16539 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16540 	struct wireless_dev *wdev = info->user_ptr[1];
16541 
16542 	if (wdev->iftype != NL80211_IFTYPE_NAN)
16543 		return -EOPNOTSUPP;
16544 
16545 	cfg80211_close_dependents(rdev, wdev);
16546 
16547 	guard(wiphy)(&rdev->wiphy);
16548 
16549 	cfg80211_stop_nan(rdev, wdev);
16550 
16551 	return 0;
16552 }
16553 
16554 static int validate_nan_filter(struct nlattr *filter_attr)
16555 {
16556 	struct nlattr *attr;
16557 	int len = 0, n_entries = 0, rem;
16558 
16559 	nla_for_each_nested(attr, filter_attr, rem) {
16560 		len += nla_len(attr);
16561 		n_entries++;
16562 	}
16563 
16564 	if (len >= U8_MAX)
16565 		return -EINVAL;
16566 
16567 	return n_entries;
16568 }
16569 
16570 static int handle_nan_filter(struct nlattr *attr_filter,
16571 			     struct cfg80211_nan_func *func,
16572 			     bool tx)
16573 {
16574 	struct nlattr *attr;
16575 	int n_entries, rem, i;
16576 	struct cfg80211_nan_func_filter *filter;
16577 
16578 	n_entries = validate_nan_filter(attr_filter);
16579 	if (n_entries < 0)
16580 		return n_entries;
16581 
16582 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
16583 
16584 	filter = kzalloc_objs(*func->rx_filters, n_entries);
16585 	if (!filter)
16586 		return -ENOMEM;
16587 
16588 	i = 0;
16589 	nla_for_each_nested(attr, attr_filter, rem) {
16590 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
16591 		if (!filter[i].filter)
16592 			goto err;
16593 
16594 		filter[i].len = nla_len(attr);
16595 		i++;
16596 	}
16597 	if (tx) {
16598 		func->num_tx_filters = n_entries;
16599 		func->tx_filters = filter;
16600 	} else {
16601 		func->num_rx_filters = n_entries;
16602 		func->rx_filters = filter;
16603 	}
16604 
16605 	return 0;
16606 
16607 err:
16608 	i = 0;
16609 	nla_for_each_nested(attr, attr_filter, rem) {
16610 		kfree(filter[i].filter);
16611 		i++;
16612 	}
16613 	kfree(filter);
16614 	return -ENOMEM;
16615 }
16616 
16617 static int nl80211_nan_add_func(struct sk_buff *skb,
16618 				struct genl_info *info)
16619 {
16620 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16621 	struct wireless_dev *wdev = info->user_ptr[1];
16622 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
16623 	struct cfg80211_nan_func *func;
16624 	struct sk_buff *msg = NULL;
16625 	void *hdr = NULL;
16626 	int err = 0;
16627 
16628 	if (wdev->iftype != NL80211_IFTYPE_NAN)
16629 		return -EOPNOTSUPP;
16630 
16631 	if (!wdev_running(wdev))
16632 		return -ENOTCONN;
16633 
16634 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
16635 		return -EINVAL;
16636 
16637 	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
16638 					  info->attrs[NL80211_ATTR_NAN_FUNC],
16639 					  nl80211_nan_func_policy,
16640 					  info->extack);
16641 	if (err)
16642 		return err;
16643 
16644 	func = kzalloc_obj(*func);
16645 	if (!func)
16646 		return -ENOMEM;
16647 
16648 	func->cookie = cfg80211_assign_cookie(rdev);
16649 
16650 	if (!tb[NL80211_NAN_FUNC_TYPE]) {
16651 		err = -EINVAL;
16652 		goto out;
16653 	}
16654 
16655 
16656 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
16657 
16658 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
16659 		err = -EINVAL;
16660 		goto out;
16661 	}
16662 
16663 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
16664 	       sizeof(func->service_id));
16665 
16666 	func->close_range =
16667 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
16668 
16669 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
16670 		func->serv_spec_info_len =
16671 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
16672 		func->serv_spec_info =
16673 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
16674 				func->serv_spec_info_len,
16675 				GFP_KERNEL);
16676 		if (!func->serv_spec_info) {
16677 			err = -ENOMEM;
16678 			goto out;
16679 		}
16680 	}
16681 
16682 	if (tb[NL80211_NAN_FUNC_TTL])
16683 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
16684 
16685 	switch (func->type) {
16686 	case NL80211_NAN_FUNC_PUBLISH:
16687 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
16688 			err = -EINVAL;
16689 			goto out;
16690 		}
16691 
16692 		func->publish_type =
16693 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
16694 		func->publish_bcast =
16695 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
16696 
16697 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
16698 			func->publish_bcast) {
16699 			err = -EINVAL;
16700 			goto out;
16701 		}
16702 		break;
16703 	case NL80211_NAN_FUNC_SUBSCRIBE:
16704 		func->subscribe_active =
16705 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
16706 		break;
16707 	case NL80211_NAN_FUNC_FOLLOW_UP:
16708 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
16709 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
16710 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
16711 			err = -EINVAL;
16712 			goto out;
16713 		}
16714 
16715 		func->followup_id =
16716 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
16717 		func->followup_reqid =
16718 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
16719 		memcpy(func->followup_dest.addr,
16720 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
16721 		       sizeof(func->followup_dest.addr));
16722 		if (func->ttl) {
16723 			err = -EINVAL;
16724 			goto out;
16725 		}
16726 		break;
16727 	default:
16728 		err = -EINVAL;
16729 		goto out;
16730 	}
16731 
16732 	if (tb[NL80211_NAN_FUNC_SRF]) {
16733 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
16734 
16735 		err = nla_parse_nested_deprecated(srf_tb,
16736 						  NL80211_NAN_SRF_ATTR_MAX,
16737 						  tb[NL80211_NAN_FUNC_SRF],
16738 						  nl80211_nan_srf_policy,
16739 						  info->extack);
16740 		if (err)
16741 			goto out;
16742 
16743 		func->srf_include =
16744 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
16745 
16746 		if (srf_tb[NL80211_NAN_SRF_BF]) {
16747 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
16748 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
16749 				err = -EINVAL;
16750 				goto out;
16751 			}
16752 
16753 			func->srf_bf_len =
16754 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
16755 			func->srf_bf =
16756 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
16757 					func->srf_bf_len, GFP_KERNEL);
16758 			if (!func->srf_bf) {
16759 				err = -ENOMEM;
16760 				goto out;
16761 			}
16762 
16763 			func->srf_bf_idx =
16764 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
16765 		} else {
16766 			struct nlattr *attr, *mac_attr =
16767 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
16768 			int n_entries, rem, i = 0;
16769 
16770 			if (!mac_attr) {
16771 				err = -EINVAL;
16772 				goto out;
16773 			}
16774 
16775 			n_entries = validate_acl_mac_addrs(mac_attr);
16776 			if (n_entries <= 0) {
16777 				err = -EINVAL;
16778 				goto out;
16779 			}
16780 
16781 			func->srf_num_macs = n_entries;
16782 			func->srf_macs =
16783 				kzalloc_objs(*func->srf_macs, n_entries);
16784 			if (!func->srf_macs) {
16785 				err = -ENOMEM;
16786 				goto out;
16787 			}
16788 
16789 			nla_for_each_nested(attr, mac_attr, rem)
16790 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
16791 				       sizeof(*func->srf_macs));
16792 		}
16793 	}
16794 
16795 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
16796 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
16797 					func, true);
16798 		if (err)
16799 			goto out;
16800 	}
16801 
16802 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
16803 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
16804 					func, false);
16805 		if (err)
16806 			goto out;
16807 	}
16808 
16809 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16810 	if (!msg) {
16811 		err = -ENOMEM;
16812 		goto out;
16813 	}
16814 
16815 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
16816 			     NL80211_CMD_ADD_NAN_FUNCTION);
16817 	/* This can't really happen - we just allocated 4KB */
16818 	if (WARN_ON(!hdr)) {
16819 		err = -ENOMEM;
16820 		goto out;
16821 	}
16822 
16823 	err = rdev_add_nan_func(rdev, wdev, func);
16824 out:
16825 	if (err < 0) {
16826 		cfg80211_free_nan_func(func);
16827 		nlmsg_free(msg);
16828 		return err;
16829 	}
16830 
16831 	/* propagate the instance id and cookie to userspace  */
16832 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
16833 			      NL80211_ATTR_PAD))
16834 		goto nla_put_failure;
16835 
16836 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
16837 	if (!func_attr)
16838 		goto nla_put_failure;
16839 
16840 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
16841 		       func->instance_id))
16842 		goto nla_put_failure;
16843 
16844 	nla_nest_end(msg, func_attr);
16845 
16846 	genlmsg_end(msg, hdr);
16847 	return genlmsg_reply(msg, info);
16848 
16849 nla_put_failure:
16850 	nlmsg_free(msg);
16851 	return -ENOBUFS;
16852 }
16853 
16854 static int nl80211_nan_del_func(struct sk_buff *skb,
16855 			       struct genl_info *info)
16856 {
16857 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16858 	struct wireless_dev *wdev = info->user_ptr[1];
16859 	u64 cookie;
16860 
16861 	if (wdev->iftype != NL80211_IFTYPE_NAN)
16862 		return -EOPNOTSUPP;
16863 
16864 	if (!wdev_running(wdev))
16865 		return -ENOTCONN;
16866 
16867 	if (!info->attrs[NL80211_ATTR_COOKIE])
16868 		return -EINVAL;
16869 
16870 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
16871 
16872 	rdev_del_nan_func(rdev, wdev, cookie);
16873 
16874 	return 0;
16875 }
16876 
16877 static int nl80211_nan_change_config(struct sk_buff *skb,
16878 				     struct genl_info *info)
16879 {
16880 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16881 	struct wireless_dev *wdev = info->user_ptr[1];
16882 	struct cfg80211_nan_conf conf = {};
16883 	u32 changed = 0;
16884 	int err;
16885 
16886 	if (wdev->iftype != NL80211_IFTYPE_NAN)
16887 		return -EOPNOTSUPP;
16888 
16889 	if (!wdev_running(wdev))
16890 		return -ENOTCONN;
16891 
16892 	err = nl80211_parse_nan_conf(&rdev->wiphy, info, &conf, &changed, false);
16893 	if (err)
16894 		return err;
16895 
16896 	if (!changed)
16897 		return -EINVAL;
16898 
16899 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
16900 }
16901 
16902 static int nl80211_start_pd(struct sk_buff *skb, struct genl_info *info)
16903 {
16904 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16905 	struct wireless_dev *wdev = info->user_ptr[1];
16906 	int err;
16907 
16908 	if (wdev->iftype != NL80211_IFTYPE_PD)
16909 		return -EOPNOTSUPP;
16910 
16911 	if (wdev_running(wdev))
16912 		return -EEXIST;
16913 
16914 	if (rfkill_blocked(rdev->wiphy.rfkill))
16915 		return -ERFKILL;
16916 
16917 	if (!rdev->ops->start_pd)
16918 		return -EOPNOTSUPP;
16919 
16920 	err = rdev_start_pd(rdev, wdev);
16921 	if (err)
16922 		return err;
16923 	wdev->is_running = true;
16924 	rdev->opencount++;
16925 
16926 	return 0;
16927 }
16928 
16929 static int nl80211_stop_pd(struct sk_buff *skb, struct genl_info *info)
16930 {
16931 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
16932 	struct wireless_dev *wdev = info->user_ptr[1];
16933 
16934 	if (wdev->iftype != NL80211_IFTYPE_PD)
16935 		return -EOPNOTSUPP;
16936 
16937 	cfg80211_stop_pd(rdev, wdev);
16938 
16939 	return 0;
16940 }
16941 
16942 void cfg80211_nan_match(struct wireless_dev *wdev,
16943 			struct cfg80211_nan_match_params *match, gfp_t gfp)
16944 {
16945 	struct wiphy *wiphy = wdev->wiphy;
16946 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16947 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
16948 	struct sk_buff *msg;
16949 	void *hdr;
16950 
16951 	if (WARN_ON(wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE))
16952 		return;
16953 
16954 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
16955 		return;
16956 
16957 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16958 	if (!msg)
16959 		return;
16960 
16961 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
16962 	if (!hdr) {
16963 		nlmsg_free(msg);
16964 		return;
16965 	}
16966 
16967 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16968 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16969 					 wdev->netdev->ifindex)) ||
16970 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16971 			      NL80211_ATTR_PAD))
16972 		goto nla_put_failure;
16973 
16974 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
16975 			      NL80211_ATTR_PAD) ||
16976 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
16977 		goto nla_put_failure;
16978 
16979 	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
16980 	if (!match_attr)
16981 		goto nla_put_failure;
16982 
16983 	local_func_attr = nla_nest_start_noflag(msg,
16984 						NL80211_NAN_MATCH_FUNC_LOCAL);
16985 	if (!local_func_attr)
16986 		goto nla_put_failure;
16987 
16988 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
16989 		goto nla_put_failure;
16990 
16991 	nla_nest_end(msg, local_func_attr);
16992 
16993 	peer_func_attr = nla_nest_start_noflag(msg,
16994 					       NL80211_NAN_MATCH_FUNC_PEER);
16995 	if (!peer_func_attr)
16996 		goto nla_put_failure;
16997 
16998 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
16999 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
17000 		goto nla_put_failure;
17001 
17002 	if (match->info && match->info_len &&
17003 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
17004 		    match->info))
17005 		goto nla_put_failure;
17006 
17007 	nla_nest_end(msg, peer_func_attr);
17008 	nla_nest_end(msg, match_attr);
17009 	genlmsg_end(msg, hdr);
17010 
17011 	if (!wdev->owner_nlportid)
17012 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
17013 					msg, 0, NL80211_MCGRP_NAN, gfp);
17014 	else
17015 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
17016 				wdev->owner_nlportid);
17017 
17018 	return;
17019 
17020 nla_put_failure:
17021 	nlmsg_free(msg);
17022 }
17023 EXPORT_SYMBOL(cfg80211_nan_match);
17024 
17025 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
17026 				  u8 inst_id,
17027 				  enum nl80211_nan_func_term_reason reason,
17028 				  u64 cookie, gfp_t gfp)
17029 {
17030 	struct wiphy *wiphy = wdev->wiphy;
17031 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17032 	struct sk_buff *msg;
17033 	struct nlattr *func_attr;
17034 	void *hdr;
17035 
17036 	if (WARN_ON(wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE))
17037 		return;
17038 
17039 	if (WARN_ON(!inst_id))
17040 		return;
17041 
17042 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17043 	if (!msg)
17044 		return;
17045 
17046 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
17047 	if (!hdr) {
17048 		nlmsg_free(msg);
17049 		return;
17050 	}
17051 
17052 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17053 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17054 					 wdev->netdev->ifindex)) ||
17055 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17056 			      NL80211_ATTR_PAD))
17057 		goto nla_put_failure;
17058 
17059 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
17060 			      NL80211_ATTR_PAD))
17061 		goto nla_put_failure;
17062 
17063 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
17064 	if (!func_attr)
17065 		goto nla_put_failure;
17066 
17067 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
17068 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
17069 		goto nla_put_failure;
17070 
17071 	nla_nest_end(msg, func_attr);
17072 	genlmsg_end(msg, hdr);
17073 
17074 	if (!wdev->owner_nlportid)
17075 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
17076 					msg, 0, NL80211_MCGRP_NAN, gfp);
17077 	else
17078 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
17079 				wdev->owner_nlportid);
17080 
17081 	return;
17082 
17083 nla_put_failure:
17084 	nlmsg_free(msg);
17085 }
17086 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
17087 
17088 void cfg80211_nan_sched_update_done(struct wireless_dev *wdev, bool success,
17089 				    gfp_t gfp)
17090 {
17091 	struct wiphy *wiphy = wdev->wiphy;
17092 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17093 	struct sk_buff *msg;
17094 	void *hdr;
17095 
17096 	trace_cfg80211_nan_sched_update_done(wiphy, wdev, success);
17097 
17098 	/* Can happen if we stopped NAN */
17099 	if (!wdev->u.nan.sched_update_pending)
17100 		return;
17101 
17102 	wdev->u.nan.sched_update_pending = false;
17103 
17104 	if (!wdev->owner_nlportid)
17105 		return;
17106 
17107 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17108 	if (!msg)
17109 		return;
17110 
17111 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_SCHED_UPDATE_DONE);
17112 	if (!hdr)
17113 		goto nla_put_failure;
17114 
17115 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17116 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17117 			      NL80211_ATTR_PAD) ||
17118 	    (success &&
17119 	     nla_put_flag(msg, NL80211_ATTR_NAN_SCHED_UPDATE_SUCCESS)))
17120 		goto nla_put_failure;
17121 
17122 	genlmsg_end(msg, hdr);
17123 
17124 	genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
17125 
17126 	return;
17127 
17128 nla_put_failure:
17129 	nlmsg_free(msg);
17130 }
17131 EXPORT_SYMBOL(cfg80211_nan_sched_update_done);
17132 
17133 static int nl80211_parse_nan_channel(struct cfg80211_registered_device *rdev,
17134 				     struct nlattr *channel,
17135 				     struct genl_info *info,
17136 				     struct cfg80211_nan_channel *nan_channels,
17137 				     u8 index, bool local)
17138 {
17139 	struct nlattr **channel_parsed __free(kfree) = NULL;
17140 	struct cfg80211_chan_def chandef;
17141 	u8 n_rx_nss;
17142 	int ret;
17143 
17144 	channel_parsed = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*channel_parsed),
17145 				 GFP_KERNEL);
17146 	if (!channel_parsed)
17147 		return -ENOMEM;
17148 
17149 	ret = nla_parse_nested(channel_parsed, NL80211_ATTR_MAX, channel, NULL,
17150 			       info->extack);
17151 	if (ret)
17152 		return ret;
17153 
17154 	ret = nl80211_parse_chandef(rdev, info->extack, channel_parsed,
17155 				    &chandef, false);
17156 	if (ret)
17157 		return ret;
17158 
17159 	if (chandef.chan->band == NL80211_BAND_6GHZ) {
17160 		NL_SET_ERR_MSG(info->extack,
17161 			       "6 GHz band is not supported");
17162 		return -EOPNOTSUPP;
17163 	}
17164 
17165 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef,
17166 				     NL80211_IFTYPE_NAN)) {
17167 		NL_SET_ERR_MSG_ATTR(info->extack, channel,
17168 				    "Channel in NAN schedule is not allowed for NAN operation");
17169 		return -EINVAL;
17170 	}
17171 
17172 	if (local) {
17173 		for (int i = 0; i < index; i++) {
17174 			if (cfg80211_chandef_compatible(&nan_channels[i].chandef,
17175 							&chandef)) {
17176 				NL_SET_ERR_MSG_ATTR(info->extack, channel,
17177 						    "Channels in NAN schedule must be mutually incompatible");
17178 				return -EINVAL;
17179 			}
17180 		}
17181 	}
17182 
17183 	if (!channel_parsed[NL80211_ATTR_NAN_CHANNEL_ENTRY]) {
17184 		NL_SET_ERR_MSG(info->extack,
17185 			       "Missing NAN channel entry attribute");
17186 		return -EINVAL;
17187 	}
17188 
17189 	nan_channels[index].channel_entry =
17190 		nla_data(channel_parsed[NL80211_ATTR_NAN_CHANNEL_ENTRY]);
17191 
17192 	if (!channel_parsed[NL80211_ATTR_NAN_RX_NSS]) {
17193 		NL_SET_ERR_MSG(info->extack,
17194 			       "Missing NAN RX NSS attribute");
17195 		return -EINVAL;
17196 	}
17197 
17198 	nan_channels[index].rx_nss =
17199 		nla_get_u8(channel_parsed[NL80211_ATTR_NAN_RX_NSS]);
17200 
17201 	n_rx_nss = u8_get_bits(rdev->wiphy.nan_capa.n_antennas, 0x03);
17202 	if ((local && nan_channels[index].rx_nss > n_rx_nss) ||
17203 	    !nan_channels[index].rx_nss) {
17204 		NL_SET_ERR_MSG_ATTR(info->extack, channel,
17205 				    "Invalid RX NSS in NAN channel definition");
17206 		return -EINVAL;
17207 	}
17208 
17209 	nan_channels[index].chandef = chandef;
17210 
17211 	return 0;
17212 }
17213 
17214 static int
17215 nl80211_parse_nan_schedule(struct genl_info *info, struct nlattr *slots_attr,
17216 			   u8 schedule[CFG80211_NAN_SCHED_NUM_TIME_SLOTS],
17217 			   u8 n_channels)
17218 {
17219 	if (WARN_ON(nla_len(slots_attr) != CFG80211_NAN_SCHED_NUM_TIME_SLOTS))
17220 		return -EINVAL;
17221 
17222 	memcpy(schedule, nla_data(slots_attr), nla_len(slots_attr));
17223 
17224 	for (int slot = 0; slot < CFG80211_NAN_SCHED_NUM_TIME_SLOTS; slot++) {
17225 		if (schedule[slot] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT &&
17226 		    schedule[slot] >= n_channels) {
17227 			NL_SET_ERR_MSG_FMT(info->extack,
17228 					   "Invalid time slot: slot %d refers to channel index %d, n_channels=%d",
17229 					   slot, schedule[slot], n_channels);
17230 			return -EINVAL;
17231 		}
17232 	}
17233 
17234 	return 0;
17235 }
17236 
17237 static int
17238 nl80211_parse_nan_peer_map(struct genl_info *info, struct nlattr *map_attr,
17239 			   struct cfg80211_nan_peer_map *map, u8 n_channels)
17240 {
17241 	struct nlattr *tb[NL80211_NAN_PEER_MAP_ATTR_MAX + 1];
17242 	int ret;
17243 
17244 	ret = nla_parse_nested(tb, NL80211_NAN_PEER_MAP_ATTR_MAX, map_attr,
17245 			       nl80211_nan_peer_map_policy, info->extack);
17246 	if (ret)
17247 		return ret;
17248 
17249 	if (!tb[NL80211_NAN_PEER_MAP_ATTR_MAP_ID] ||
17250 	    !tb[NL80211_NAN_PEER_MAP_ATTR_TIME_SLOTS]) {
17251 		NL_SET_ERR_MSG(info->extack,
17252 			       "Missing required peer map attributes");
17253 		return -EINVAL;
17254 	}
17255 
17256 	map->map_id = nla_get_u8(tb[NL80211_NAN_PEER_MAP_ATTR_MAP_ID]);
17257 
17258 	/* Parse schedule */
17259 	return nl80211_parse_nan_schedule(info,
17260 					  tb[NL80211_NAN_PEER_MAP_ATTR_TIME_SLOTS],
17261 					  map->schedule, n_channels);
17262 }
17263 
17264 static int nl80211_nan_validate_map_pair(struct wiphy *wiphy,
17265 					 struct genl_info *info,
17266 					 const struct cfg80211_nan_peer_map *map1,
17267 					 const struct cfg80211_nan_peer_map *map2,
17268 					 struct cfg80211_nan_channel *nan_channels)
17269 {
17270 	/* Check for duplicate map_id */
17271 	if (map1->map_id == map2->map_id) {
17272 		NL_SET_ERR_MSG_FMT(info->extack, "Duplicate map_id %u",
17273 				   map1->map_id);
17274 		return -EINVAL;
17275 	}
17276 
17277 	/* Check for compatible channels between maps */
17278 	for (int i = 0; i < ARRAY_SIZE(map1->schedule); i++) {
17279 		if (map1->schedule[i] == NL80211_NAN_SCHED_NOT_AVAIL_SLOT)
17280 			continue;
17281 
17282 		for (int j = 0; j < ARRAY_SIZE(map2->schedule); j++) {
17283 			u8 ch1 = map1->schedule[i];
17284 			u8 ch2 = map2->schedule[j];
17285 
17286 			if (ch2 == NL80211_NAN_SCHED_NOT_AVAIL_SLOT)
17287 				continue;
17288 
17289 			if (cfg80211_chandef_compatible(&nan_channels[ch1].chandef,
17290 							&nan_channels[ch2].chandef)) {
17291 				NL_SET_ERR_MSG_FMT(info->extack,
17292 						   "Maps %u and %u have compatible channels %d and %d",
17293 						   map1->map_id, map2->map_id,
17294 						   ch1, ch2);
17295 				return -EINVAL;
17296 			}
17297 		}
17298 	}
17299 
17300 	/*
17301 	 * Check for conflicting time slots between maps.
17302 	 * Only check for single-radio devices (n_radio <= 1) which cannot
17303 	 * operate on multiple channels simultaneously.
17304 	 */
17305 	if (wiphy->n_radio > 1)
17306 		return 0;
17307 
17308 	for (int i = 0; i < ARRAY_SIZE(map1->schedule); i++) {
17309 		if (map1->schedule[i] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT &&
17310 		    map2->schedule[i] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT) {
17311 			NL_SET_ERR_MSG_FMT(info->extack,
17312 					   "Maps %u and %u both schedule slot %d",
17313 					   map1->map_id, map2->map_id, i);
17314 			return -EINVAL;
17315 		}
17316 	}
17317 
17318 	return 0;
17319 }
17320 
17321 static int nl80211_nan_set_peer_sched(struct sk_buff *skb,
17322 				      struct genl_info *info)
17323 {
17324 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
17325 	struct cfg80211_nan_channel *nan_channels __free(kfree) = NULL;
17326 	struct cfg80211_nan_peer_sched sched = {};
17327 	struct wireless_dev *wdev = info->user_ptr[1];
17328 	struct nlattr *map_attr, *channel;
17329 	int ret, n_maps = 0, n_channels = 0, i = 0, rem;
17330 
17331 	if (wdev->iftype != NL80211_IFTYPE_NAN)
17332 		return -EOPNOTSUPP;
17333 
17334 	if (!info->attrs[NL80211_ATTR_MAC] ||
17335 	    !info->attrs[NL80211_ATTR_NAN_COMMITTED_DW]) {
17336 		NL_SET_ERR_MSG(info->extack,
17337 			       "Required NAN peer schedule attributes are missing");
17338 		return -EINVAL;
17339 	}
17340 
17341 	/* First count how many channel attributes we got */
17342 	nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
17343 				 info->nlhdr, GENL_HDRLEN, rem)
17344 		n_channels++;
17345 
17346 	if (!((info->attrs[NL80211_ATTR_NAN_SEQ_ID] &&
17347 	       info->attrs[NL80211_ATTR_NAN_PEER_MAPS] && n_channels) ||
17348 	      ((!info->attrs[NL80211_ATTR_NAN_SEQ_ID] &&
17349 		!info->attrs[NL80211_ATTR_NAN_PEER_MAPS] && !n_channels)))) {
17350 		NL_SET_ERR_MSG(info->extack,
17351 			       "Either provide all of: seq id, channels and maps, or none");
17352 		return -EINVAL;
17353 	}
17354 
17355 	/*
17356 	 * Limit the number of peer channels to:
17357 	 * local_channels * 4 (possible BWs) * 2 (possible NSS values)
17358 	 */
17359 	if (n_channels && n_channels > wdev->u.nan.n_channels * 4 * 2) {
17360 		NL_SET_ERR_MSG_FMT(info->extack,
17361 				   "Too many peer channels: %d (max %d)",
17362 				   n_channels,
17363 				   wdev->u.nan.n_channels * 4 * 2);
17364 		return -EINVAL;
17365 	}
17366 
17367 	if (n_channels) {
17368 		nan_channels = kcalloc(n_channels, sizeof(*nan_channels),
17369 				       GFP_KERNEL);
17370 		if (!nan_channels)
17371 			return -ENOMEM;
17372 	}
17373 
17374 	/* Parse peer channels */
17375 	nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
17376 				 info->nlhdr, GENL_HDRLEN, rem) {
17377 		bool compatible = false;
17378 
17379 		ret = nl80211_parse_nan_channel(rdev, channel, info,
17380 						nan_channels, i, false);
17381 		if (ret)
17382 			return ret;
17383 
17384 		/* Verify channel is compatible with at least one local channel */
17385 		for (int j = 0; j < wdev->u.nan.n_channels; j++) {
17386 			if (cfg80211_chandef_compatible(&nan_channels[i].chandef,
17387 							&wdev->u.nan.chandefs[j])) {
17388 				compatible = true;
17389 				break;
17390 			}
17391 		}
17392 		if (!compatible) {
17393 			NL_SET_ERR_MSG_FMT(info->extack,
17394 					   "Channel %d not compatible with any local channel",
17395 					   i);
17396 			return -EINVAL;
17397 		}
17398 		i++;
17399 	}
17400 
17401 	sched.n_channels = n_channels;
17402 	sched.nan_channels = nan_channels;
17403 	sched.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17404 	sched.seq_id = nla_get_u8_default(info->attrs[NL80211_ATTR_NAN_SEQ_ID], 0);
17405 	sched.committed_dw = nla_get_u16(info->attrs[NL80211_ATTR_NAN_COMMITTED_DW]);
17406 	sched.max_chan_switch =
17407 		nla_get_u16_default(info->attrs[NL80211_ATTR_NAN_MAX_CHAN_SWITCH_TIME], 0);
17408 
17409 	if (info->attrs[NL80211_ATTR_NAN_ULW]) {
17410 		sched.ulw_size = nla_len(info->attrs[NL80211_ATTR_NAN_ULW]);
17411 		sched.init_ulw = nla_data(info->attrs[NL80211_ATTR_NAN_ULW]);
17412 	}
17413 
17414 	/* Initialize all maps as invalid */
17415 	for (int j = 0; j < ARRAY_SIZE(sched.maps); j++)
17416 		sched.maps[j].map_id = CFG80211_NAN_INVALID_MAP_ID;
17417 
17418 	if (info->attrs[NL80211_ATTR_NAN_PEER_MAPS]) {
17419 		/* Parse each map */
17420 		nla_for_each_nested(map_attr, info->attrs[NL80211_ATTR_NAN_PEER_MAPS],
17421 				    rem) {
17422 			if (n_maps >= ARRAY_SIZE(sched.maps)) {
17423 				NL_SET_ERR_MSG(info->extack, "Too many peer maps");
17424 				return -EINVAL;
17425 			}
17426 
17427 			ret = nl80211_parse_nan_peer_map(info, map_attr,
17428 							 &sched.maps[n_maps],
17429 							 n_channels);
17430 			if (ret)
17431 				return ret;
17432 
17433 			/* Validate against previous maps */
17434 			for (int j = 0; j < n_maps; j++) {
17435 				ret = nl80211_nan_validate_map_pair(&rdev->wiphy, info,
17436 								    &sched.maps[j],
17437 								    &sched.maps[n_maps],
17438 								    nan_channels);
17439 				if (ret)
17440 					return ret;
17441 			}
17442 
17443 			n_maps++;
17444 		}
17445 	}
17446 
17447 	/* Verify each channel is scheduled at least once */
17448 	for (int ch = 0; ch < n_channels; ch++) {
17449 		bool scheduled = false;
17450 
17451 		for (int m = 0; m < n_maps && !scheduled; m++) {
17452 			for (int s = 0; s < ARRAY_SIZE(sched.maps[m].schedule); s++) {
17453 				if (sched.maps[m].schedule[s] == ch) {
17454 					scheduled = true;
17455 					break;
17456 				}
17457 			}
17458 		}
17459 		if (!scheduled) {
17460 			NL_SET_ERR_MSG_FMT(info->extack,
17461 					   "Channel %d is not scheduled in any map",
17462 					   ch);
17463 			return -EINVAL;
17464 		}
17465 	}
17466 
17467 	return rdev_nan_set_peer_sched(rdev, wdev, &sched);
17468 }
17469 
17470 static bool nl80211_nan_is_sched_empty(struct cfg80211_nan_local_sched *sched)
17471 {
17472 	if (!sched->n_channels)
17473 		return true;
17474 
17475 	for (int i = 0; i < ARRAY_SIZE(sched->schedule); i++) {
17476 		if (sched->schedule[i] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT)
17477 			return false;
17478 	}
17479 
17480 	return true;
17481 }
17482 
17483 static int nl80211_nan_set_local_sched(struct sk_buff *skb,
17484 				       struct genl_info *info)
17485 {
17486 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
17487 	struct cfg80211_nan_local_sched *sched __free(kfree) = NULL;
17488 	struct wireless_dev *wdev = info->user_ptr[1];
17489 	int rem, i = 0, n_channels = 0, ret;
17490 	struct nlattr *channel;
17491 	bool sched_empty;
17492 
17493 	if (wdev->iftype != NL80211_IFTYPE_NAN)
17494 		return -EOPNOTSUPP;
17495 
17496 	if (!wdev_running(wdev))
17497 		return -ENOTCONN;
17498 
17499 	if (!info->attrs[NL80211_ATTR_NAN_TIME_SLOTS])
17500 		return -EINVAL;
17501 
17502 	/* First count how many channel attributes we got */
17503 	nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
17504 				 info->nlhdr, GENL_HDRLEN, rem)
17505 		n_channels++;
17506 
17507 	sched = kzalloc(struct_size(sched, nan_channels, n_channels),
17508 			GFP_KERNEL);
17509 	if (!sched)
17510 		return -ENOMEM;
17511 
17512 	sched->n_channels = n_channels;
17513 
17514 	nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
17515 				 info->nlhdr, GENL_HDRLEN, rem) {
17516 		ret = nl80211_parse_nan_channel(rdev, channel, info,
17517 						sched->nan_channels, i, true);
17518 
17519 		if (ret)
17520 			return ret;
17521 		i++;
17522 	}
17523 
17524 	/* Parse and validate schedule */
17525 	ret = nl80211_parse_nan_schedule(info,
17526 					 info->attrs[NL80211_ATTR_NAN_TIME_SLOTS],
17527 					 sched->schedule, sched->n_channels);
17528 	if (ret)
17529 		return ret;
17530 
17531 	sched_empty = nl80211_nan_is_sched_empty(sched);
17532 
17533 	sched->deferred =
17534 		nla_get_flag(info->attrs[NL80211_ATTR_NAN_SCHED_DEFERRED]);
17535 
17536 	if (sched_empty) {
17537 		if (sched->deferred) {
17538 			NL_SET_ERR_MSG(info->extack,
17539 				       "Schedule cannot be deferred if all time slots are unavailable");
17540 			return -EINVAL;
17541 		}
17542 
17543 		if (info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]) {
17544 			NL_SET_ERR_MSG(info->extack,
17545 				       "NAN Availability blob must be empty if all time slots are unavailable");
17546 			return -EINVAL;
17547 		}
17548 	} else {
17549 		if (!info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]) {
17550 			NL_SET_ERR_MSG(info->extack,
17551 				       "NAN Availability blob attribute is required");
17552 			return -EINVAL;
17553 		}
17554 
17555 		sched->nan_avail_blob =
17556 			nla_data(info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]);
17557 		sched->nan_avail_blob_len =
17558 			nla_len(info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]);
17559 	}
17560 
17561 	return cfg80211_nan_set_local_schedule(rdev, wdev, sched);
17562 }
17563 
17564 static int nl80211_get_protocol_features(struct sk_buff *skb,
17565 					 struct genl_info *info)
17566 {
17567 	void *hdr;
17568 	struct sk_buff *msg;
17569 
17570 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17571 	if (!msg)
17572 		return -ENOMEM;
17573 
17574 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
17575 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
17576 	if (!hdr)
17577 		goto nla_put_failure;
17578 
17579 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
17580 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
17581 		goto nla_put_failure;
17582 
17583 	genlmsg_end(msg, hdr);
17584 	return genlmsg_reply(msg, info);
17585 
17586  nla_put_failure:
17587 	kfree_skb(msg);
17588 	return -ENOBUFS;
17589 }
17590 
17591 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
17592 {
17593 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
17594 	struct cfg80211_update_ft_ies_params ft_params;
17595 	struct net_device *dev = info->user_ptr[1];
17596 
17597 	if (!rdev->ops->update_ft_ies)
17598 		return -EOPNOTSUPP;
17599 
17600 	if (!info->attrs[NL80211_ATTR_MDID] ||
17601 	    !info->attrs[NL80211_ATTR_IE])
17602 		return -EINVAL;
17603 
17604 	memset(&ft_params, 0, sizeof(ft_params));
17605 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
17606 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
17607 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
17608 
17609 	return rdev_update_ft_ies(rdev, dev, &ft_params);
17610 }
17611 
17612 static int nl80211_crit_protocol_start(struct sk_buff *skb,
17613 				       struct genl_info *info)
17614 {
17615 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
17616 	struct wireless_dev *wdev = info->user_ptr[1];
17617 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
17618 	u16 duration;
17619 	int ret;
17620 
17621 	if (!rdev->ops->crit_proto_start)
17622 		return -EOPNOTSUPP;
17623 
17624 	if (WARN_ON(!rdev->ops->crit_proto_stop))
17625 		return -EINVAL;
17626 
17627 	if (rdev->crit_proto_nlportid)
17628 		return -EBUSY;
17629 
17630 	/* determine protocol if provided */
17631 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
17632 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
17633 
17634 	if (proto >= NUM_NL80211_CRIT_PROTO)
17635 		return -EINVAL;
17636 
17637 	/* timeout must be provided */
17638 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
17639 		return -EINVAL;
17640 
17641 	duration =
17642 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
17643 
17644 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
17645 	if (!ret)
17646 		rdev->crit_proto_nlportid = info->snd_portid;
17647 
17648 	return ret;
17649 }
17650 
17651 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
17652 				      struct genl_info *info)
17653 {
17654 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
17655 	struct wireless_dev *wdev = info->user_ptr[1];
17656 
17657 	if (!rdev->ops->crit_proto_stop)
17658 		return -EOPNOTSUPP;
17659 
17660 	if (rdev->crit_proto_nlportid) {
17661 		rdev->crit_proto_nlportid = 0;
17662 		rdev_crit_proto_stop(rdev, wdev);
17663 	}
17664 	return 0;
17665 }
17666 
17667 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
17668 				       struct nlattr *attr,
17669 				       struct netlink_ext_ack *extack)
17670 {
17671 	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
17672 		if (attr->nla_type & NLA_F_NESTED) {
17673 			NL_SET_ERR_MSG_ATTR(extack, attr,
17674 					    "unexpected nested data");
17675 			return -EINVAL;
17676 		}
17677 
17678 		return 0;
17679 	}
17680 
17681 	if (!(attr->nla_type & NLA_F_NESTED)) {
17682 		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
17683 		return -EINVAL;
17684 	}
17685 
17686 	return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
17687 }
17688 
17689 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
17690 {
17691 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
17692 	struct wireless_dev *wdev =
17693 		__cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
17694 					   info->attrs);
17695 	int i, err;
17696 	u32 vid, subcmd;
17697 
17698 	if (!rdev->wiphy.vendor_commands)
17699 		return -EOPNOTSUPP;
17700 
17701 	if (IS_ERR(wdev)) {
17702 		err = PTR_ERR(wdev);
17703 		if (err != -EINVAL)
17704 			return err;
17705 		wdev = NULL;
17706 	} else if (wdev->wiphy != &rdev->wiphy) {
17707 		return -EINVAL;
17708 	}
17709 
17710 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
17711 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
17712 		return -EINVAL;
17713 
17714 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
17715 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
17716 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
17717 		const struct wiphy_vendor_command *vcmd;
17718 		void *data = NULL;
17719 		int len = 0;
17720 
17721 		vcmd = &rdev->wiphy.vendor_commands[i];
17722 
17723 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
17724 			continue;
17725 
17726 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
17727 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
17728 			if (!wdev)
17729 				return -EINVAL;
17730 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
17731 			    !wdev->netdev)
17732 				return -EINVAL;
17733 
17734 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
17735 				if (!wdev_running(wdev))
17736 					return -ENETDOWN;
17737 			}
17738 		} else {
17739 			wdev = NULL;
17740 		}
17741 
17742 		if (!vcmd->doit)
17743 			return -EOPNOTSUPP;
17744 
17745 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
17746 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
17747 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
17748 
17749 			err = nl80211_vendor_check_policy(vcmd,
17750 					info->attrs[NL80211_ATTR_VENDOR_DATA],
17751 					info->extack);
17752 			if (err)
17753 				return err;
17754 		}
17755 
17756 		rdev->cur_cmd_info = info;
17757 		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
17758 		rdev->cur_cmd_info = NULL;
17759 		return err;
17760 	}
17761 
17762 	return -EOPNOTSUPP;
17763 }
17764 
17765 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
17766 				       struct netlink_callback *cb,
17767 				       struct cfg80211_registered_device **rdev,
17768 				       struct wireless_dev **wdev)
17769 {
17770 	struct nlattr **attrbuf;
17771 	u32 vid, subcmd;
17772 	unsigned int i;
17773 	int vcmd_idx = -1;
17774 	int err;
17775 	void *data = NULL;
17776 	unsigned int data_len = 0;
17777 
17778 	if (cb->args[0]) {
17779 		/* subtract the 1 again here */
17780 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
17781 		struct wireless_dev *tmp;
17782 
17783 		if (!wiphy)
17784 			return -ENODEV;
17785 
17786 		/*
17787 		 * The wiphy may have moved netns between dumpit
17788 		 * invocations (via NL80211_CMD_SET_WIPHY_NETNS), so
17789 		 * re-check that it still matches the caller's netns.
17790 		 */
17791 		if (!net_eq(wiphy_net(wiphy), sock_net(skb->sk)))
17792 			return -ENODEV;
17793 
17794 		*rdev = wiphy_to_rdev(wiphy);
17795 		*wdev = NULL;
17796 
17797 		if (cb->args[1]) {
17798 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
17799 				if (tmp->identifier == cb->args[1] - 1) {
17800 					*wdev = tmp;
17801 					break;
17802 				}
17803 			}
17804 		}
17805 
17806 		/* keep rtnl locked in successful case */
17807 		return 0;
17808 	}
17809 
17810 	attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
17811 	if (!attrbuf)
17812 		return -ENOMEM;
17813 
17814 	err = nlmsg_parse_deprecated(cb->nlh,
17815 				     GENL_HDRLEN + nl80211_fam.hdrsize,
17816 				     attrbuf, nl80211_fam.maxattr,
17817 				     nl80211_policy, NULL);
17818 	if (err)
17819 		goto out;
17820 
17821 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
17822 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
17823 		err = -EINVAL;
17824 		goto out;
17825 	}
17826 
17827 	*wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
17828 	if (IS_ERR(*wdev))
17829 		*wdev = NULL;
17830 
17831 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
17832 	if (IS_ERR(*rdev)) {
17833 		err = PTR_ERR(*rdev);
17834 		goto out;
17835 	}
17836 
17837 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
17838 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
17839 
17840 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
17841 		const struct wiphy_vendor_command *vcmd;
17842 
17843 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
17844 
17845 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
17846 			continue;
17847 
17848 		if (!vcmd->dumpit) {
17849 			err = -EOPNOTSUPP;
17850 			goto out;
17851 		}
17852 
17853 		vcmd_idx = i;
17854 		break;
17855 	}
17856 
17857 	if (vcmd_idx < 0) {
17858 		err = -EOPNOTSUPP;
17859 		goto out;
17860 	}
17861 
17862 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
17863 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
17864 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
17865 
17866 		err = nl80211_vendor_check_policy(
17867 				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
17868 				attrbuf[NL80211_ATTR_VENDOR_DATA],
17869 				cb->extack);
17870 		if (err)
17871 			goto out;
17872 	}
17873 
17874 	/* 0 is the first index - add 1 to parse only once */
17875 	cb->args[0] = (*rdev)->wiphy_idx + 1;
17876 	/* add 1 to know if it was NULL */
17877 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
17878 	cb->args[2] = vcmd_idx;
17879 	cb->args[3] = (unsigned long)data;
17880 	cb->args[4] = data_len;
17881 
17882 	/* keep rtnl locked in successful case */
17883 	err = 0;
17884 out:
17885 	kfree(attrbuf);
17886 	return err;
17887 }
17888 
17889 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
17890 				   struct netlink_callback *cb)
17891 {
17892 	struct cfg80211_registered_device *rdev;
17893 	struct wireless_dev *wdev;
17894 	unsigned int vcmd_idx;
17895 	const struct wiphy_vendor_command *vcmd;
17896 	void *data;
17897 	int data_len;
17898 	int err;
17899 	struct nlattr *vendor_data;
17900 
17901 	rtnl_lock();
17902 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
17903 	if (err)
17904 		goto out;
17905 
17906 	vcmd_idx = cb->args[2];
17907 	data = (void *)cb->args[3];
17908 	data_len = cb->args[4];
17909 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
17910 
17911 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
17912 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
17913 		if (!wdev) {
17914 			err = -EINVAL;
17915 			goto out;
17916 		}
17917 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
17918 		    !wdev->netdev) {
17919 			err = -EINVAL;
17920 			goto out;
17921 		}
17922 
17923 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
17924 			if (!wdev_running(wdev)) {
17925 				err = -ENETDOWN;
17926 				goto out;
17927 			}
17928 		}
17929 	}
17930 
17931 	while (1) {
17932 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
17933 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
17934 					   NL80211_CMD_VENDOR);
17935 		if (!hdr)
17936 			break;
17937 
17938 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17939 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
17940 					       wdev_id(wdev),
17941 					       NL80211_ATTR_PAD))) {
17942 			genlmsg_cancel(skb, hdr);
17943 			break;
17944 		}
17945 
17946 		vendor_data = nla_nest_start_noflag(skb,
17947 						    NL80211_ATTR_VENDOR_DATA);
17948 		if (!vendor_data) {
17949 			genlmsg_cancel(skb, hdr);
17950 			break;
17951 		}
17952 
17953 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
17954 				   (unsigned long *)&cb->args[5]);
17955 		nla_nest_end(skb, vendor_data);
17956 
17957 		if (err == -ENOBUFS || err == -ENOENT) {
17958 			genlmsg_cancel(skb, hdr);
17959 			break;
17960 		} else if (err <= 0) {
17961 			genlmsg_cancel(skb, hdr);
17962 			goto out;
17963 		}
17964 
17965 		genlmsg_end(skb, hdr);
17966 	}
17967 
17968 	err = skb->len;
17969  out:
17970 	rtnl_unlock();
17971 	return err;
17972 }
17973 
17974 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
17975 					   enum nl80211_commands cmd,
17976 					   enum nl80211_attrs attr,
17977 					   int approxlen)
17978 {
17979 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17980 
17981 	if (WARN_ON(!rdev->cur_cmd_info))
17982 		return NULL;
17983 
17984 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
17985 					   rdev->cur_cmd_info->snd_portid,
17986 					   rdev->cur_cmd_info->snd_seq,
17987 					   cmd, attr, NULL, GFP_KERNEL);
17988 }
17989 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
17990 
17991 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
17992 {
17993 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
17994 	void *hdr = ((void **)skb->cb)[1];
17995 	struct nlattr *data = ((void **)skb->cb)[2];
17996 
17997 	/* clear CB data for netlink core to own from now on */
17998 	memset(skb->cb, 0, sizeof(skb->cb));
17999 
18000 	if (WARN_ON(!rdev->cur_cmd_info)) {
18001 		kfree_skb(skb);
18002 		return -EINVAL;
18003 	}
18004 
18005 	nla_nest_end(skb, data);
18006 	genlmsg_end(skb, hdr);
18007 	return genlmsg_reply(skb, rdev->cur_cmd_info);
18008 }
18009 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
18010 
18011 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
18012 {
18013 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18014 
18015 	if (WARN_ON(!rdev->cur_cmd_info))
18016 		return 0;
18017 
18018 	return rdev->cur_cmd_info->snd_portid;
18019 }
18020 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
18021 
18022 static int nl80211_set_qos_map(struct sk_buff *skb,
18023 			       struct genl_info *info)
18024 {
18025 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18026 	struct cfg80211_qos_map *qos_map = NULL;
18027 	struct net_device *dev = info->user_ptr[1];
18028 	u8 *pos, len, num_des, des_len, des;
18029 	int ret;
18030 
18031 	if (!rdev->ops->set_qos_map)
18032 		return -EOPNOTSUPP;
18033 
18034 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
18035 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
18036 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
18037 
18038 		if (len % 2)
18039 			return -EINVAL;
18040 
18041 		qos_map = kzalloc_obj(struct cfg80211_qos_map);
18042 		if (!qos_map)
18043 			return -ENOMEM;
18044 
18045 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
18046 		if (num_des) {
18047 			des_len = num_des *
18048 				sizeof(struct cfg80211_dscp_exception);
18049 			memcpy(qos_map->dscp_exception, pos, des_len);
18050 			qos_map->num_des = num_des;
18051 			for (des = 0; des < num_des; des++) {
18052 				if (qos_map->dscp_exception[des].up > 7) {
18053 					kfree(qos_map);
18054 					return -EINVAL;
18055 				}
18056 			}
18057 			pos += des_len;
18058 		}
18059 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
18060 	}
18061 
18062 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
18063 	if (!ret)
18064 		ret = rdev_set_qos_map(rdev, dev, qos_map);
18065 
18066 	kfree(qos_map);
18067 	return ret;
18068 }
18069 
18070 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
18071 {
18072 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18073 	struct net_device *dev = info->user_ptr[1];
18074 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18075 	const u8 *peer;
18076 	u8 tsid, up;
18077 	u16 admitted_time = 0;
18078 
18079 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
18080 		return -EOPNOTSUPP;
18081 
18082 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
18083 	    !info->attrs[NL80211_ATTR_USER_PRIO])
18084 		return -EINVAL;
18085 
18086 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
18087 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
18088 
18089 	/* WMM uses TIDs 0-7 even for TSPEC */
18090 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
18091 		/* TODO: handle 802.11 TSPEC/admission control
18092 		 * need more attributes for that (e.g. BA session requirement);
18093 		 * change the WMM admission test above to allow both then
18094 		 */
18095 		return -EINVAL;
18096 	}
18097 
18098 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
18099 
18100 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
18101 		admitted_time =
18102 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
18103 		if (!admitted_time)
18104 			return -EINVAL;
18105 	}
18106 
18107 	switch (wdev->iftype) {
18108 	case NL80211_IFTYPE_STATION:
18109 	case NL80211_IFTYPE_P2P_CLIENT:
18110 		if (wdev->connected)
18111 			break;
18112 		return -ENOTCONN;
18113 	default:
18114 		return -EOPNOTSUPP;
18115 	}
18116 
18117 	return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
18118 }
18119 
18120 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
18121 {
18122 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18123 	struct net_device *dev = info->user_ptr[1];
18124 	const u8 *peer;
18125 	u8 tsid;
18126 
18127 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
18128 		return -EINVAL;
18129 
18130 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
18131 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
18132 
18133 	return rdev_del_tx_ts(rdev, dev, tsid, peer);
18134 }
18135 
18136 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
18137 				       struct genl_info *info)
18138 {
18139 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18140 	struct net_device *dev = info->user_ptr[1];
18141 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18142 	struct cfg80211_chan_def chandef = {};
18143 	const u8 *addr;
18144 	u8 oper_class;
18145 	int err;
18146 
18147 	if (!rdev->ops->tdls_channel_switch ||
18148 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
18149 		return -EOPNOTSUPP;
18150 
18151 	switch (dev->ieee80211_ptr->iftype) {
18152 	case NL80211_IFTYPE_STATION:
18153 	case NL80211_IFTYPE_P2P_CLIENT:
18154 		break;
18155 	default:
18156 		return -EOPNOTSUPP;
18157 	}
18158 
18159 	if (!info->attrs[NL80211_ATTR_MAC] ||
18160 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
18161 		return -EINVAL;
18162 
18163 	err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef,
18164 				    false);
18165 	if (err)
18166 		return err;
18167 
18168 	/*
18169 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
18170 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
18171 	 * specification is not defined for them.
18172 	 */
18173 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
18174 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
18175 	    chandef.width != NL80211_CHAN_WIDTH_20)
18176 		return -EINVAL;
18177 
18178 	/* we will be active on the TDLS link */
18179 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
18180 					   wdev->iftype))
18181 		return -EINVAL;
18182 
18183 	/* don't allow switching to DFS channels */
18184 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
18185 		return -EINVAL;
18186 
18187 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
18188 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
18189 
18190 	return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
18191 }
18192 
18193 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
18194 					      struct genl_info *info)
18195 {
18196 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18197 	struct net_device *dev = info->user_ptr[1];
18198 	const u8 *addr;
18199 
18200 	if (!rdev->ops->tdls_channel_switch ||
18201 	    !rdev->ops->tdls_cancel_channel_switch ||
18202 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
18203 		return -EOPNOTSUPP;
18204 
18205 	switch (dev->ieee80211_ptr->iftype) {
18206 	case NL80211_IFTYPE_STATION:
18207 	case NL80211_IFTYPE_P2P_CLIENT:
18208 		break;
18209 	default:
18210 		return -EOPNOTSUPP;
18211 	}
18212 
18213 	if (!info->attrs[NL80211_ATTR_MAC])
18214 		return -EINVAL;
18215 
18216 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
18217 
18218 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
18219 
18220 	return 0;
18221 }
18222 
18223 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
18224 					    struct genl_info *info)
18225 {
18226 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18227 	struct net_device *dev = info->user_ptr[1];
18228 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18229 	const struct nlattr *nla;
18230 	bool enabled;
18231 
18232 	if (!rdev->ops->set_multicast_to_unicast)
18233 		return -EOPNOTSUPP;
18234 
18235 	if (wdev->iftype != NL80211_IFTYPE_AP &&
18236 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
18237 		return -EOPNOTSUPP;
18238 
18239 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
18240 	enabled = nla_get_flag(nla);
18241 
18242 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
18243 }
18244 
18245 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
18246 {
18247 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18248 	struct net_device *dev = info->user_ptr[1];
18249 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18250 	struct cfg80211_pmk_conf pmk_conf = {};
18251 
18252 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
18253 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
18254 		return -EOPNOTSUPP;
18255 
18256 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
18257 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
18258 		return -EOPNOTSUPP;
18259 
18260 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
18261 		return -EINVAL;
18262 
18263 	if (!wdev->connected)
18264 		return -ENOTCONN;
18265 
18266 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
18267 	if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
18268 		return -EINVAL;
18269 
18270 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
18271 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
18272 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
18273 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
18274 		return -EINVAL;
18275 
18276 	if (info->attrs[NL80211_ATTR_PMKR0_NAME])
18277 		pmk_conf.pmk_r0_name =
18278 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
18279 
18280 	return rdev_set_pmk(rdev, dev, &pmk_conf);
18281 }
18282 
18283 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
18284 {
18285 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18286 	struct net_device *dev = info->user_ptr[1];
18287 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18288 	const u8 *aa;
18289 
18290 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
18291 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
18292 		return -EOPNOTSUPP;
18293 
18294 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
18295 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
18296 		return -EOPNOTSUPP;
18297 
18298 	if (!info->attrs[NL80211_ATTR_MAC])
18299 		return -EINVAL;
18300 
18301 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
18302 	return rdev_del_pmk(rdev, dev, aa);
18303 }
18304 
18305 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
18306 {
18307 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18308 	struct net_device *dev = info->user_ptr[1];
18309 	struct cfg80211_external_auth_params params;
18310 
18311 	if (!rdev->ops->external_auth)
18312 		return -EOPNOTSUPP;
18313 
18314 	if (!info->attrs[NL80211_ATTR_SSID] &&
18315 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
18316 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
18317 		return -EINVAL;
18318 
18319 	if (!info->attrs[NL80211_ATTR_BSSID])
18320 		return -EINVAL;
18321 
18322 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
18323 		return -EINVAL;
18324 
18325 	memset(&params, 0, sizeof(params));
18326 
18327 	if (info->attrs[NL80211_ATTR_SSID]) {
18328 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
18329 		if (params.ssid.ssid_len == 0)
18330 			return -EINVAL;
18331 		memcpy(params.ssid.ssid,
18332 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
18333 		       params.ssid.ssid_len);
18334 	}
18335 
18336 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
18337 	       ETH_ALEN);
18338 
18339 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
18340 
18341 	if (info->attrs[NL80211_ATTR_PMKID])
18342 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
18343 
18344 	return rdev_external_auth(rdev, dev, &params);
18345 }
18346 
18347 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
18348 {
18349 	bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
18350 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18351 	struct net_device *dev = info->user_ptr[1];
18352 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18353 	const u8 *buf;
18354 	size_t len;
18355 	u8 *dest;
18356 	u16 proto;
18357 	bool noencrypt;
18358 	u64 cookie = 0;
18359 	int link_id;
18360 	int err;
18361 
18362 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
18363 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
18364 		return -EOPNOTSUPP;
18365 
18366 	if (!rdev->ops->tx_control_port)
18367 		return -EOPNOTSUPP;
18368 
18369 	if (!info->attrs[NL80211_ATTR_FRAME] ||
18370 	    !info->attrs[NL80211_ATTR_MAC] ||
18371 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
18372 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
18373 		return -EINVAL;
18374 	}
18375 
18376 	switch (wdev->iftype) {
18377 	case NL80211_IFTYPE_AP:
18378 	case NL80211_IFTYPE_P2P_GO:
18379 	case NL80211_IFTYPE_MESH_POINT:
18380 		break;
18381 	case NL80211_IFTYPE_ADHOC:
18382 		if (wdev->u.ibss.current_bss)
18383 			break;
18384 		return -ENOTCONN;
18385 	case NL80211_IFTYPE_STATION:
18386 	case NL80211_IFTYPE_P2P_CLIENT:
18387 		if (wdev->connected)
18388 			break;
18389 		return -ENOTCONN;
18390 	default:
18391 		return -EOPNOTSUPP;
18392 	}
18393 
18394 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
18395 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
18396 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
18397 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
18398 	noencrypt =
18399 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
18400 
18401 	link_id = nl80211_link_id_or_invalid(info->attrs);
18402 
18403 	err = rdev_tx_control_port(rdev, dev, buf, len,
18404 				   dest, cpu_to_be16(proto), noencrypt, link_id,
18405 				   dont_wait_for_ack ? NULL : &cookie);
18406 	if (!err && !dont_wait_for_ack)
18407 		nl_set_extack_cookie_u64(info->extack, cookie);
18408 	return err;
18409 }
18410 
18411 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
18412 					   struct genl_info *info)
18413 {
18414 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18415 	struct net_device *dev = info->user_ptr[1];
18416 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18417 	struct cfg80211_ftm_responder_stats ftm_stats = {};
18418 	unsigned int link_id = nl80211_link_id(info->attrs);
18419 	struct sk_buff *msg;
18420 	void *hdr;
18421 	struct nlattr *ftm_stats_attr;
18422 	int err;
18423 
18424 	if (wdev->iftype != NL80211_IFTYPE_AP ||
18425 	    !wdev->links[link_id].ap.beacon_interval)
18426 		return -EOPNOTSUPP;
18427 
18428 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
18429 	if (err)
18430 		return err;
18431 
18432 	if (!ftm_stats.filled)
18433 		return -ENODATA;
18434 
18435 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18436 	if (!msg)
18437 		return -ENOMEM;
18438 
18439 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
18440 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
18441 	if (!hdr)
18442 		goto nla_put_failure;
18443 
18444 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
18445 		goto nla_put_failure;
18446 
18447 	ftm_stats_attr = nla_nest_start_noflag(msg,
18448 					       NL80211_ATTR_FTM_RESPONDER_STATS);
18449 	if (!ftm_stats_attr)
18450 		goto nla_put_failure;
18451 
18452 #define SET_FTM(field, name, type)					 \
18453 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
18454 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
18455 			     ftm_stats.field))				 \
18456 		goto nla_put_failure; } while (0)
18457 #define SET_FTM_U64(field, name)					 \
18458 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
18459 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
18460 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
18461 		goto nla_put_failure; } while (0)
18462 
18463 	SET_FTM(success_num, SUCCESS_NUM, u32);
18464 	SET_FTM(partial_num, PARTIAL_NUM, u32);
18465 	SET_FTM(failed_num, FAILED_NUM, u32);
18466 	SET_FTM(asap_num, ASAP_NUM, u32);
18467 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
18468 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
18469 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
18470 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
18471 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
18472 #undef SET_FTM
18473 
18474 	nla_nest_end(msg, ftm_stats_attr);
18475 
18476 	genlmsg_end(msg, hdr);
18477 	return genlmsg_reply(msg, info);
18478 
18479 nla_put_failure:
18480 	nlmsg_free(msg);
18481 	return -ENOBUFS;
18482 }
18483 
18484 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
18485 {
18486 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18487 	struct cfg80211_update_owe_info owe_info;
18488 	struct net_device *dev = info->user_ptr[1];
18489 
18490 	if (!rdev->ops->update_owe_info)
18491 		return -EOPNOTSUPP;
18492 
18493 	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
18494 	    !info->attrs[NL80211_ATTR_MAC])
18495 		return -EINVAL;
18496 
18497 	memset(&owe_info, 0, sizeof(owe_info));
18498 	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
18499 	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
18500 
18501 	if (info->attrs[NL80211_ATTR_IE]) {
18502 		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
18503 		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
18504 	}
18505 
18506 	return rdev_update_owe_info(rdev, dev, &owe_info);
18507 }
18508 
18509 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
18510 {
18511 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18512 	struct net_device *dev = info->user_ptr[1];
18513 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18514 	struct station_info sinfo = {};
18515 	const u8 *buf;
18516 	size_t len;
18517 	u8 *dest;
18518 	int err;
18519 
18520 	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
18521 		return -EOPNOTSUPP;
18522 
18523 	if (!info->attrs[NL80211_ATTR_MAC] ||
18524 	    !info->attrs[NL80211_ATTR_FRAME]) {
18525 		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
18526 		return -EINVAL;
18527 	}
18528 
18529 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
18530 		return -EOPNOTSUPP;
18531 
18532 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
18533 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
18534 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
18535 
18536 	if (len < sizeof(struct ethhdr))
18537 		return -EINVAL;
18538 
18539 	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
18540 	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
18541 		return -EINVAL;
18542 
18543 	err = rdev_get_station(rdev, wdev, dest, &sinfo);
18544 	if (err)
18545 		return err;
18546 
18547 	cfg80211_sinfo_release_content(&sinfo);
18548 
18549 	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
18550 }
18551 
18552 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
18553 			  struct nlattr *attrs[], struct net_device *dev,
18554 			  struct cfg80211_tid_cfg *tid_conf,
18555 			  struct genl_info *info, const u8 *peer,
18556 			  unsigned int link_id)
18557 {
18558 	struct netlink_ext_ack *extack = info->extack;
18559 	u64 mask;
18560 	int err;
18561 
18562 	if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
18563 		return -EINVAL;
18564 
18565 	tid_conf->config_override =
18566 			nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
18567 	tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
18568 
18569 	if (tid_conf->config_override) {
18570 		if (rdev->ops->reset_tid_config) {
18571 			err = rdev_reset_tid_config(rdev, dev, peer,
18572 						    tid_conf->tids);
18573 			if (err)
18574 				return err;
18575 		} else {
18576 			return -EINVAL;
18577 		}
18578 	}
18579 
18580 	if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
18581 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
18582 		tid_conf->noack =
18583 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
18584 	}
18585 
18586 	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
18587 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
18588 		tid_conf->retry_short =
18589 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
18590 
18591 		if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
18592 			return -EINVAL;
18593 	}
18594 
18595 	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
18596 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
18597 		tid_conf->retry_long =
18598 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
18599 
18600 		if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
18601 			return -EINVAL;
18602 	}
18603 
18604 	if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
18605 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
18606 		tid_conf->ampdu =
18607 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
18608 	}
18609 
18610 	if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
18611 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
18612 		tid_conf->rtscts =
18613 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
18614 	}
18615 
18616 	if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
18617 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
18618 		tid_conf->amsdu =
18619 			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
18620 	}
18621 
18622 	if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
18623 		u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
18624 
18625 		tid_conf->txrate_type = nla_get_u8(attrs[idx]);
18626 
18627 		if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
18628 			attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
18629 			err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
18630 						    &tid_conf->txrate_mask, dev,
18631 						    true, link_id);
18632 			if (err)
18633 				return err;
18634 
18635 			tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
18636 		}
18637 		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
18638 	}
18639 
18640 	if (peer)
18641 		mask = rdev->wiphy.tid_config_support.peer;
18642 	else
18643 		mask = rdev->wiphy.tid_config_support.vif;
18644 
18645 	if (tid_conf->mask & ~mask) {
18646 		NL_SET_ERR_MSG(extack, "unsupported TID configuration");
18647 		return -EOPNOTSUPP;
18648 	}
18649 
18650 	return 0;
18651 }
18652 
18653 static int nl80211_set_tid_config(struct sk_buff *skb,
18654 				  struct genl_info *info)
18655 {
18656 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18657 	struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
18658 	unsigned int link_id = nl80211_link_id(info->attrs);
18659 	struct net_device *dev = info->user_ptr[1];
18660 	struct cfg80211_tid_config *tid_config;
18661 	struct nlattr *tid;
18662 	int conf_idx = 0, rem_conf;
18663 	int ret = -EINVAL;
18664 	u32 num_conf = 0;
18665 
18666 	if (!info->attrs[NL80211_ATTR_TID_CONFIG])
18667 		return -EINVAL;
18668 
18669 	if (!rdev->ops->set_tid_config)
18670 		return -EOPNOTSUPP;
18671 
18672 	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
18673 			    rem_conf)
18674 		num_conf++;
18675 
18676 	tid_config = kzalloc_flex(*tid_config, tid_conf, num_conf);
18677 	if (!tid_config)
18678 		return -ENOMEM;
18679 
18680 	tid_config->n_tid_conf = num_conf;
18681 
18682 	if (info->attrs[NL80211_ATTR_MAC])
18683 		tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
18684 
18685 	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
18686 			    rem_conf) {
18687 		ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
18688 				       tid, NULL, NULL);
18689 
18690 		if (ret)
18691 			goto bad_tid_conf;
18692 
18693 		ret = parse_tid_conf(rdev, attrs, dev,
18694 				     &tid_config->tid_conf[conf_idx],
18695 				     info, tid_config->peer, link_id);
18696 		if (ret)
18697 			goto bad_tid_conf;
18698 
18699 		conf_idx++;
18700 	}
18701 
18702 	ret = rdev_set_tid_config(rdev, dev, tid_config);
18703 
18704 bad_tid_conf:
18705 	kfree(tid_config);
18706 	return ret;
18707 }
18708 
18709 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
18710 {
18711 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18712 	struct cfg80211_color_change_settings params = {};
18713 	struct net_device *dev = info->user_ptr[1];
18714 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18715 	struct nlattr **tb;
18716 	u16 offset;
18717 	int err;
18718 
18719 	if (!rdev->ops->color_change)
18720 		return -EOPNOTSUPP;
18721 
18722 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
18723 				     NL80211_EXT_FEATURE_BSS_COLOR))
18724 		return -EOPNOTSUPP;
18725 
18726 	if (wdev->iftype != NL80211_IFTYPE_AP)
18727 		return -EOPNOTSUPP;
18728 
18729 	if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
18730 	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
18731 	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
18732 		return -EINVAL;
18733 
18734 	params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
18735 	params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
18736 
18737 	params.link_id = nl80211_link_id(info->attrs);
18738 	if (!wdev->links[params.link_id].ap.beacon_interval)
18739 		return -EINVAL;
18740 
18741 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_next,
18742 				   wdev->links[params.link_id].ap.chandef.chan,
18743 				   info->extack);
18744 	if (err)
18745 		return err;
18746 
18747 	tb = kzalloc_objs(*tb, NL80211_ATTR_MAX + 1);
18748 	if (!tb)
18749 		return -ENOMEM;
18750 
18751 	err = nla_parse_nested(tb, NL80211_ATTR_MAX,
18752 			       info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
18753 			       nl80211_policy, info->extack);
18754 	if (err)
18755 		goto out;
18756 
18757 	err = nl80211_parse_beacon(rdev, tb, &params.beacon_color_change,
18758 				   wdev->links[params.link_id].ap.chandef.chan,
18759 				   info->extack);
18760 	if (err)
18761 		goto out;
18762 
18763 	if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
18764 		err = -EINVAL;
18765 		goto out;
18766 	}
18767 
18768 	if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
18769 		err = -EINVAL;
18770 		goto out;
18771 	}
18772 
18773 	offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
18774 	if (offset >= params.beacon_color_change.tail_len) {
18775 		err = -EINVAL;
18776 		goto out;
18777 	}
18778 
18779 	if (params.beacon_color_change.tail[offset] != params.count) {
18780 		err = -EINVAL;
18781 		goto out;
18782 	}
18783 
18784 	params.counter_offset_beacon = offset;
18785 
18786 	if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
18787 		if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
18788 		    sizeof(u16)) {
18789 			err = -EINVAL;
18790 			goto out;
18791 		}
18792 
18793 		offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
18794 		if (offset >= params.beacon_color_change.probe_resp_len) {
18795 			err = -EINVAL;
18796 			goto out;
18797 		}
18798 
18799 		if (params.beacon_color_change.probe_resp[offset] !=
18800 		    params.count) {
18801 			err = -EINVAL;
18802 			goto out;
18803 		}
18804 
18805 		params.counter_offset_presp = offset;
18806 	}
18807 
18808 	if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
18809 		err = nl80211_parse_unsol_bcast_probe_resp(
18810 			rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
18811 			&params.unsol_bcast_probe_resp);
18812 		if (err)
18813 			goto out;
18814 	}
18815 
18816 	err = rdev_color_change(rdev, dev, &params);
18817 
18818 out:
18819 	kfree(params.beacon_next.mbssid_ies);
18820 	kfree(params.beacon_color_change.mbssid_ies);
18821 	kfree(params.beacon_next.rnr_ies);
18822 	kfree(params.beacon_color_change.rnr_ies);
18823 	kfree(tb);
18824 	return err;
18825 }
18826 
18827 static int nl80211_set_fils_aad(struct sk_buff *skb,
18828 				struct genl_info *info)
18829 {
18830 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18831 	struct net_device *dev = info->user_ptr[1];
18832 	struct cfg80211_fils_aad fils_aad = {};
18833 	u8 *nonces;
18834 
18835 	if (!info->attrs[NL80211_ATTR_MAC] ||
18836 	    !info->attrs[NL80211_ATTR_FILS_KEK] ||
18837 	    !info->attrs[NL80211_ATTR_FILS_NONCES])
18838 		return -EINVAL;
18839 
18840 	fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
18841 	fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
18842 	fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
18843 	nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
18844 	fils_aad.snonce = nonces;
18845 	fils_aad.anonce = nonces + FILS_NONCE_LEN;
18846 
18847 	return rdev_set_fils_aad(rdev, dev, &fils_aad);
18848 }
18849 
18850 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
18851 {
18852 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18853 	unsigned int link_id = nl80211_link_id(info->attrs);
18854 	struct net_device *dev = info->user_ptr[1];
18855 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18856 	int ret;
18857 
18858 	if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
18859 		return -EINVAL;
18860 
18861 	switch (wdev->iftype) {
18862 	case NL80211_IFTYPE_AP:
18863 		break;
18864 	default:
18865 		return -EINVAL;
18866 	}
18867 
18868 	if (!info->attrs[NL80211_ATTR_MAC] ||
18869 	    !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
18870 		return -EINVAL;
18871 
18872 	wdev->valid_links |= BIT(link_id);
18873 	ether_addr_copy(wdev->links[link_id].addr,
18874 			nla_data(info->attrs[NL80211_ATTR_MAC]));
18875 
18876 	ret = rdev_add_intf_link(rdev, wdev, link_id);
18877 	if (ret) {
18878 		wdev->valid_links &= ~BIT(link_id);
18879 		eth_zero_addr(wdev->links[link_id].addr);
18880 	}
18881 
18882 	return ret;
18883 }
18884 
18885 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
18886 {
18887 	unsigned int link_id = nl80211_link_id(info->attrs);
18888 	struct net_device *dev = info->user_ptr[1];
18889 	struct wireless_dev *wdev = dev->ieee80211_ptr;
18890 
18891 	/* cannot remove if there's no link */
18892 	if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
18893 		return -EINVAL;
18894 
18895 	switch (wdev->iftype) {
18896 	case NL80211_IFTYPE_AP:
18897 		break;
18898 	default:
18899 		return -EINVAL;
18900 	}
18901 
18902 	cfg80211_remove_link(wdev, link_id);
18903 
18904 	return 0;
18905 }
18906 
18907 static int
18908 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
18909 			     bool add)
18910 {
18911 	struct link_station_parameters params = {};
18912 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
18913 	struct net_device *dev = info->user_ptr[1];
18914 	int err;
18915 
18916 	if ((add && !rdev->ops->add_link_station) ||
18917 	    (!add && !rdev->ops->mod_link_station))
18918 		return -EOPNOTSUPP;
18919 
18920 	if (add && !info->attrs[NL80211_ATTR_MAC])
18921 		return -EINVAL;
18922 
18923 	if (!info->attrs[NL80211_ATTR_MLD_ADDR])
18924 		return -EINVAL;
18925 
18926 	if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
18927 		return -EINVAL;
18928 
18929 	params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
18930 
18931 	if (info->attrs[NL80211_ATTR_MAC]) {
18932 		params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
18933 		if (!is_valid_ether_addr(params.link_mac))
18934 			return -EINVAL;
18935 	}
18936 
18937 	if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
18938 		return -EINVAL;
18939 
18940 	params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
18941 
18942 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
18943 		params.supported_rates =
18944 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
18945 		params.supported_rates_len =
18946 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
18947 	}
18948 
18949 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
18950 		params.ht_capa =
18951 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
18952 
18953 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
18954 		params.vht_capa =
18955 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
18956 
18957 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
18958 		params.he_capa =
18959 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
18960 		params.he_capa_len =
18961 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
18962 
18963 		if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
18964 			params.eht_capa =
18965 				nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
18966 			params.eht_capa_len =
18967 				nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
18968 
18969 			if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
18970 							(const u8 *)params.eht_capa,
18971 							params.eht_capa_len,
18972 							false))
18973 				return -EINVAL;
18974 		}
18975 	}
18976 
18977 	if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
18978 		if (!params.eht_capa)
18979 			return -EINVAL;
18980 
18981 		params.uhr_capa =
18982 			nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
18983 		params.uhr_capa_len =
18984 			nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
18985 	}
18986 
18987 	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
18988 		params.he_6ghz_capa =
18989 			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
18990 
18991 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
18992 		params.opmode_notif_used = true;
18993 		params.opmode_notif =
18994 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
18995 	}
18996 
18997 	err = nl80211_parse_sta_txpower_setting(info, &params.txpwr,
18998 						&params.txpwr_set);
18999 	if (err)
19000 		return err;
19001 
19002 	if (add)
19003 		return rdev_add_link_station(rdev, dev, &params);
19004 
19005 	return rdev_mod_link_station(rdev, dev, &params);
19006 }
19007 
19008 static int
19009 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
19010 {
19011 	return nl80211_add_mod_link_station(skb, info, true);
19012 }
19013 
19014 static int
19015 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
19016 {
19017 	return nl80211_add_mod_link_station(skb, info, false);
19018 }
19019 
19020 static int
19021 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
19022 {
19023 	struct link_station_del_parameters params = {};
19024 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
19025 	struct net_device *dev = info->user_ptr[1];
19026 
19027 	if (!rdev->ops->del_link_station)
19028 		return -EOPNOTSUPP;
19029 
19030 	if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
19031 	    !info->attrs[NL80211_ATTR_MLO_LINK_ID])
19032 		return -EINVAL;
19033 
19034 	params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
19035 	params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
19036 
19037 	return rdev_del_link_station(rdev, dev, &params);
19038 }
19039 
19040 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
19041 				    struct genl_info *info)
19042 {
19043 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
19044 	struct net_device *dev = info->user_ptr[1];
19045 	struct cfg80211_set_hw_timestamp hwts = {};
19046 
19047 	if (!rdev->wiphy.hw_timestamp_max_peers)
19048 		return -EOPNOTSUPP;
19049 
19050 	if (!info->attrs[NL80211_ATTR_MAC] &&
19051 	    rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
19052 		return -EOPNOTSUPP;
19053 
19054 	if (info->attrs[NL80211_ATTR_MAC])
19055 		hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
19056 
19057 	hwts.enable =
19058 		nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
19059 
19060 	return rdev_set_hw_timestamp(rdev, dev, &hwts);
19061 }
19062 
19063 static int
19064 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
19065 {
19066 	struct cfg80211_ttlm_params params = {};
19067 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
19068 	struct net_device *dev = info->user_ptr[1];
19069 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19070 
19071 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
19072 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
19073 		return -EOPNOTSUPP;
19074 
19075 	if (!wdev->connected)
19076 		return -ENOLINK;
19077 
19078 	if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
19079 	    !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
19080 		return -EINVAL;
19081 
19082 	nla_memcpy(params.dlink,
19083 		   info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
19084 		   sizeof(params.dlink));
19085 	nla_memcpy(params.ulink,
19086 		   info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
19087 		   sizeof(params.ulink));
19088 
19089 	return rdev_set_ttlm(rdev, dev, &params);
19090 }
19091 
19092 static int nl80211_assoc_ml_reconf(struct sk_buff *skb, struct genl_info *info)
19093 {
19094 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
19095 	struct net_device *dev = info->user_ptr[1];
19096 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19097 	struct cfg80211_ml_reconf_req req = {};
19098 	unsigned int link_id;
19099 	u16 add_links;
19100 	int err;
19101 
19102 	if (!wdev->valid_links)
19103 		return -EINVAL;
19104 
19105 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
19106 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
19107 		return -EPERM;
19108 
19109 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
19110 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
19111 		return -EOPNOTSUPP;
19112 
19113 	add_links = 0;
19114 	if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
19115 		err = nl80211_process_links(rdev, req.add_links,
19116 					    /* mark as MLO, but not assoc */
19117 					    IEEE80211_MLD_MAX_NUM_LINKS,
19118 					    NULL, 0, info);
19119 		if (err)
19120 			return err;
19121 
19122 		for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
19123 		     link_id++) {
19124 			if (!req.add_links[link_id].bss)
19125 				continue;
19126 			add_links |= BIT(link_id);
19127 		}
19128 	}
19129 
19130 	if (info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS])
19131 		req.rem_links =
19132 			nla_get_u16(info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS]);
19133 
19134 	/* Validate that existing links are not added, removed links are valid
19135 	 * and don't allow adding and removing the same links
19136 	 */
19137 	if ((add_links & req.rem_links) || !(add_links | req.rem_links) ||
19138 	    (wdev->valid_links & add_links) ||
19139 	    ((wdev->valid_links & req.rem_links) != req.rem_links)) {
19140 		err = -EINVAL;
19141 		goto out;
19142 	}
19143 
19144 	if (info->attrs[NL80211_ATTR_EXT_MLD_CAPA_AND_OPS])
19145 		req.ext_mld_capa_ops =
19146 			nla_get_u16(info->attrs[NL80211_ATTR_EXT_MLD_CAPA_AND_OPS]);
19147 
19148 	err = cfg80211_assoc_ml_reconf(rdev, dev, &req);
19149 
19150 out:
19151 	for (link_id = 0; link_id < ARRAY_SIZE(req.add_links); link_id++)
19152 		cfg80211_put_bss(&rdev->wiphy, req.add_links[link_id].bss);
19153 
19154 	return err;
19155 }
19156 
19157 static int
19158 nl80211_epcs_cfg(struct sk_buff *skb, struct genl_info *info)
19159 {
19160 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
19161 	struct net_device *dev = info->user_ptr[1];
19162 	struct wireless_dev *wdev = dev->ieee80211_ptr;
19163 	bool val;
19164 
19165 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
19166 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
19167 		return -EOPNOTSUPP;
19168 
19169 	if (!wdev->connected)
19170 		return -ENOLINK;
19171 
19172 	val = nla_get_flag(info->attrs[NL80211_ATTR_EPCS]);
19173 
19174 	return rdev_set_epcs(rdev, dev, val);
19175 }
19176 
19177 #define NL80211_FLAG_NEED_WIPHY		0x01
19178 #define NL80211_FLAG_NEED_NETDEV	0x02
19179 #define NL80211_FLAG_NEED_RTNL		0x04
19180 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
19181 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
19182 					 NL80211_FLAG_CHECK_NETDEV_UP)
19183 #define NL80211_FLAG_NEED_WDEV		0x10
19184 /* If a netdev is associated, it must be UP, P2P must be started */
19185 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
19186 					 NL80211_FLAG_CHECK_NETDEV_UP)
19187 #define NL80211_FLAG_CLEAR_SKB		0x20
19188 #define NL80211_FLAG_NO_WIPHY_MTX	0x40
19189 #define NL80211_FLAG_MLO_VALID_LINK_ID	0x80
19190 #define NL80211_FLAG_MLO_UNSUPPORTED	0x100
19191 
19192 #define INTERNAL_FLAG_SELECTORS(__sel)			\
19193 	SELECTOR(__sel, NONE, 0) /* must be first */	\
19194 	SELECTOR(__sel, WIPHY,				\
19195 		 NL80211_FLAG_NEED_WIPHY)		\
19196 	SELECTOR(__sel, WDEV,				\
19197 		 NL80211_FLAG_NEED_WDEV)		\
19198 	SELECTOR(__sel, NETDEV,				\
19199 		 NL80211_FLAG_NEED_NETDEV)		\
19200 	SELECTOR(__sel, NETDEV_LINK,			\
19201 		 NL80211_FLAG_NEED_NETDEV |		\
19202 		 NL80211_FLAG_MLO_VALID_LINK_ID)	\
19203 	SELECTOR(__sel, NETDEV_NO_MLO,			\
19204 		 NL80211_FLAG_NEED_NETDEV |		\
19205 		 NL80211_FLAG_MLO_UNSUPPORTED)	\
19206 	SELECTOR(__sel, WIPHY_RTNL,			\
19207 		 NL80211_FLAG_NEED_WIPHY |		\
19208 		 NL80211_FLAG_NEED_RTNL)		\
19209 	SELECTOR(__sel, WIPHY_RTNL_NOMTX,		\
19210 		 NL80211_FLAG_NEED_WIPHY |		\
19211 		 NL80211_FLAG_NEED_RTNL |		\
19212 		 NL80211_FLAG_NO_WIPHY_MTX)		\
19213 	SELECTOR(__sel, WDEV_RTNL,			\
19214 		 NL80211_FLAG_NEED_WDEV |		\
19215 		 NL80211_FLAG_NEED_RTNL)		\
19216 	SELECTOR(__sel, NETDEV_RTNL,			\
19217 		 NL80211_FLAG_NEED_NETDEV |		\
19218 		 NL80211_FLAG_NEED_RTNL)		\
19219 	SELECTOR(__sel, NETDEV_UP,			\
19220 		 NL80211_FLAG_NEED_NETDEV_UP)		\
19221 	SELECTOR(__sel, NETDEV_UP_LINK,			\
19222 		 NL80211_FLAG_NEED_NETDEV_UP |		\
19223 		 NL80211_FLAG_MLO_VALID_LINK_ID)	\
19224 	SELECTOR(__sel, NETDEV_UP_NO_MLO,		\
19225 		 NL80211_FLAG_NEED_NETDEV_UP |		\
19226 		 NL80211_FLAG_MLO_UNSUPPORTED)		\
19227 	SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR,		\
19228 		 NL80211_FLAG_NEED_NETDEV_UP |		\
19229 		 NL80211_FLAG_CLEAR_SKB |		\
19230 		 NL80211_FLAG_MLO_UNSUPPORTED)		\
19231 	SELECTOR(__sel, NETDEV_UP_NOTMX,		\
19232 		 NL80211_FLAG_NEED_NETDEV_UP |		\
19233 		 NL80211_FLAG_NO_WIPHY_MTX)		\
19234 	SELECTOR(__sel, NETDEV_UP_NOTMX_MLO,		\
19235 		 NL80211_FLAG_NEED_NETDEV_UP |		\
19236 		 NL80211_FLAG_NO_WIPHY_MTX |		\
19237 		 NL80211_FLAG_MLO_VALID_LINK_ID)	\
19238 	SELECTOR(__sel, NETDEV_UP_CLEAR,		\
19239 		 NL80211_FLAG_NEED_NETDEV_UP |		\
19240 		 NL80211_FLAG_CLEAR_SKB)		\
19241 	SELECTOR(__sel, WDEV_UP,			\
19242 		 NL80211_FLAG_NEED_WDEV_UP)		\
19243 	SELECTOR(__sel, WDEV_UP_CLEAR,			\
19244 		 NL80211_FLAG_NEED_WDEV_UP |		\
19245 		 NL80211_FLAG_CLEAR_SKB)		\
19246 	SELECTOR(__sel, WDEV_UP_LINK,			\
19247 		 NL80211_FLAG_NEED_WDEV_UP |		\
19248 		 NL80211_FLAG_MLO_VALID_LINK_ID)	\
19249 	SELECTOR(__sel, WDEV_UP_RTNL,			\
19250 		 NL80211_FLAG_NEED_WDEV_UP |		\
19251 		 NL80211_FLAG_NEED_RTNL)		\
19252 	SELECTOR(__sel, WIPHY_CLEAR,			\
19253 		 NL80211_FLAG_NEED_WIPHY |		\
19254 		 NL80211_FLAG_CLEAR_SKB)		\
19255 	SELECTOR(__sel, WDEV_UP_RTNL_NOMTX,		\
19256 		 NL80211_FLAG_NEED_WDEV_UP |		\
19257 		 NL80211_FLAG_NO_WIPHY_MTX |		\
19258 		 NL80211_FLAG_NEED_RTNL)
19259 
19260 enum nl80211_internal_flags_selector {
19261 #define SELECTOR(_, name, value)	NL80211_IFL_SEL_##name,
19262 	INTERNAL_FLAG_SELECTORS(_)
19263 #undef SELECTOR
19264 };
19265 
19266 static u32 nl80211_internal_flags[] = {
19267 #define SELECTOR(_, name, value)	[NL80211_IFL_SEL_##name] = value,
19268 	INTERNAL_FLAG_SELECTORS(_)
19269 #undef SELECTOR
19270 };
19271 
19272 static int nl80211_pre_doit(const struct genl_split_ops *ops,
19273 			    struct sk_buff *skb,
19274 			    struct genl_info *info)
19275 {
19276 	struct cfg80211_registered_device *rdev = NULL;
19277 	struct wireless_dev *wdev = NULL;
19278 	struct net_device *dev = NULL;
19279 	u32 internal_flags;
19280 	int err;
19281 
19282 	if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
19283 		return -EINVAL;
19284 
19285 	internal_flags = nl80211_internal_flags[ops->internal_flags];
19286 
19287 	rtnl_lock();
19288 	if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
19289 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
19290 		if (IS_ERR(rdev)) {
19291 			err = PTR_ERR(rdev);
19292 			goto out_unlock;
19293 		}
19294 		info->user_ptr[0] = rdev;
19295 	} else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
19296 		   internal_flags & NL80211_FLAG_NEED_WDEV) {
19297 		wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
19298 						  info->attrs);
19299 		if (IS_ERR(wdev)) {
19300 			err = PTR_ERR(wdev);
19301 			goto out_unlock;
19302 		}
19303 
19304 		dev = wdev->netdev;
19305 		dev_hold(dev);
19306 		rdev = wiphy_to_rdev(wdev->wiphy);
19307 
19308 		if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
19309 			if (!dev) {
19310 				err = -EINVAL;
19311 				goto out_unlock;
19312 			}
19313 
19314 			info->user_ptr[1] = dev;
19315 		} else {
19316 			info->user_ptr[1] = wdev;
19317 		}
19318 
19319 		if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
19320 		    !wdev_running(wdev)) {
19321 			err = -ENETDOWN;
19322 			goto out_unlock;
19323 		}
19324 
19325 		info->user_ptr[0] = rdev;
19326 	}
19327 
19328 	if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
19329 		struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
19330 
19331 		if (!wdev) {
19332 			err = -EINVAL;
19333 			goto out_unlock;
19334 		}
19335 
19336 		/* MLO -> require valid link ID */
19337 		if (wdev->valid_links &&
19338 		    (!link_id ||
19339 		     !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
19340 			err = -EINVAL;
19341 			goto out_unlock;
19342 		}
19343 
19344 		/* non-MLO -> no link ID attribute accepted */
19345 		if (!wdev->valid_links && link_id) {
19346 			err = -EINVAL;
19347 			goto out_unlock;
19348 		}
19349 	}
19350 
19351 	if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
19352 		if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
19353 		    (wdev && wdev->valid_links)) {
19354 			err = -EINVAL;
19355 			goto out_unlock;
19356 		}
19357 	}
19358 
19359 	if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
19360 		wiphy_lock(&rdev->wiphy);
19361 		/* we keep the mutex locked until post_doit */
19362 		__release(&rdev->wiphy.mtx);
19363 	}
19364 	if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
19365 		rtnl_unlock();
19366 
19367 	return 0;
19368 out_unlock:
19369 	rtnl_unlock();
19370 	dev_put(dev);
19371 	return err;
19372 }
19373 
19374 static void nl80211_post_doit(const struct genl_split_ops *ops,
19375 			      struct sk_buff *skb,
19376 			      struct genl_info *info)
19377 {
19378 	u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
19379 
19380 	if (info->user_ptr[1]) {
19381 		if (internal_flags & NL80211_FLAG_NEED_WDEV) {
19382 			struct wireless_dev *wdev = info->user_ptr[1];
19383 
19384 			dev_put(wdev->netdev);
19385 		} else {
19386 			dev_put(info->user_ptr[1]);
19387 		}
19388 	}
19389 
19390 	if (info->user_ptr[0] &&
19391 	    !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
19392 		struct cfg80211_registered_device *rdev = info->user_ptr[0];
19393 
19394 		/* we kept the mutex locked since pre_doit */
19395 		__acquire(&rdev->wiphy.mtx);
19396 		wiphy_unlock(&rdev->wiphy);
19397 	}
19398 
19399 	if (internal_flags & NL80211_FLAG_NEED_RTNL)
19400 		rtnl_unlock();
19401 
19402 	/* If needed, clear the netlink message payload from the SKB
19403 	 * as it might contain key data that shouldn't stick around on
19404 	 * the heap after the SKB is freed. The netlink message header
19405 	 * is still needed for further processing, so leave it intact.
19406 	 */
19407 	if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
19408 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
19409 
19410 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
19411 	}
19412 }
19413 
19414 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
19415 				     struct cfg80211_sar_specs *sar_specs,
19416 				     struct nlattr *spec[], int index)
19417 {
19418 	u32 range_index, i;
19419 
19420 	if (!sar_specs || !spec)
19421 		return -EINVAL;
19422 
19423 	if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
19424 	    !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
19425 		return -EINVAL;
19426 
19427 	range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
19428 
19429 	/* check if range_index exceeds num_freq_ranges */
19430 	if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
19431 		return -EINVAL;
19432 
19433 	/* check if range_index duplicates */
19434 	for (i = 0; i < index; i++) {
19435 		if (sar_specs->sub_specs[i].freq_range_index == range_index)
19436 			return -EINVAL;
19437 	}
19438 
19439 	sar_specs->sub_specs[index].power =
19440 		nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
19441 
19442 	sar_specs->sub_specs[index].freq_range_index = range_index;
19443 
19444 	return 0;
19445 }
19446 
19447 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
19448 {
19449 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
19450 	struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
19451 	struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
19452 	struct cfg80211_sar_specs *sar_spec;
19453 	enum nl80211_sar_type type;
19454 	struct nlattr *spec_list;
19455 	u32 specs;
19456 	int rem, err;
19457 
19458 	if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
19459 		return -EOPNOTSUPP;
19460 
19461 	if (!info->attrs[NL80211_ATTR_SAR_SPEC])
19462 		return -EINVAL;
19463 
19464 	nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
19465 			 info->attrs[NL80211_ATTR_SAR_SPEC],
19466 			 NULL, NULL);
19467 
19468 	if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
19469 		return -EINVAL;
19470 
19471 	type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
19472 	if (type != rdev->wiphy.sar_capa->type)
19473 		return -EINVAL;
19474 
19475 	specs = 0;
19476 	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
19477 		specs++;
19478 
19479 	if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
19480 		return -EINVAL;
19481 
19482 	sar_spec = kzalloc_flex(*sar_spec, sub_specs, specs);
19483 	if (!sar_spec)
19484 		return -ENOMEM;
19485 
19486 	sar_spec->num_sub_specs = specs;
19487 	sar_spec->type = type;
19488 	specs = 0;
19489 	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
19490 		nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
19491 				 spec_list, NULL, NULL);
19492 
19493 		switch (type) {
19494 		case NL80211_SAR_TYPE_POWER:
19495 			if (nl80211_set_sar_sub_specs(rdev, sar_spec,
19496 						      spec, specs)) {
19497 				err = -EINVAL;
19498 				goto error;
19499 			}
19500 			break;
19501 		default:
19502 			err = -EINVAL;
19503 			goto error;
19504 		}
19505 		specs++;
19506 	}
19507 
19508 	sar_spec->num_sub_specs = specs;
19509 
19510 	rdev->cur_cmd_info = info;
19511 	err = rdev_set_sar_specs(rdev, sar_spec);
19512 	rdev->cur_cmd_info = NULL;
19513 error:
19514 	kfree(sar_spec);
19515 	return err;
19516 }
19517 
19518 #define SELECTOR(__sel, name, value) \
19519 	((__sel) == (value)) ? NL80211_IFL_SEL_##name :
19520 int __missing_selector(void);
19521 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
19522 
19523 static const struct genl_ops nl80211_ops[] = {
19524 	{
19525 		.cmd = NL80211_CMD_GET_WIPHY,
19526 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19527 		.doit = nl80211_get_wiphy,
19528 		.dumpit = nl80211_dump_wiphy,
19529 		.done = nl80211_dump_wiphy_done,
19530 		/* can be retrieved by unprivileged users */
19531 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19532 	},
19533 };
19534 
19535 static const struct genl_small_ops nl80211_small_ops[] = {
19536 	{
19537 		.cmd = NL80211_CMD_SET_WIPHY,
19538 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19539 		.doit = nl80211_set_wiphy,
19540 		.flags = GENL_UNS_ADMIN_PERM,
19541 	},
19542 	{
19543 		.cmd = NL80211_CMD_GET_INTERFACE,
19544 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19545 		.doit = nl80211_get_interface,
19546 		.dumpit = nl80211_dump_interface,
19547 		/* can be retrieved by unprivileged users */
19548 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
19549 	},
19550 	{
19551 		.cmd = NL80211_CMD_SET_INTERFACE,
19552 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19553 		.doit = nl80211_set_interface,
19554 		.flags = GENL_UNS_ADMIN_PERM,
19555 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19556 					 NL80211_FLAG_NEED_RTNL),
19557 	},
19558 	{
19559 		.cmd = NL80211_CMD_NEW_INTERFACE,
19560 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19561 		.doit = nl80211_new_interface,
19562 		.flags = GENL_UNS_ADMIN_PERM,
19563 		.internal_flags =
19564 			IFLAGS(NL80211_FLAG_NEED_WIPHY |
19565 			       NL80211_FLAG_NEED_RTNL |
19566 			       /* we take the wiphy mutex later ourselves */
19567 			       NL80211_FLAG_NO_WIPHY_MTX),
19568 	},
19569 	{
19570 		.cmd = NL80211_CMD_DEL_INTERFACE,
19571 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19572 		.doit = nl80211_del_interface,
19573 		.flags = GENL_UNS_ADMIN_PERM,
19574 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
19575 					 NL80211_FLAG_NEED_RTNL),
19576 	},
19577 	{
19578 		.cmd = NL80211_CMD_GET_KEY,
19579 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19580 		.doit = nl80211_get_key,
19581 		.flags = GENL_UNS_ADMIN_PERM,
19582 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19583 	},
19584 	{
19585 		.cmd = NL80211_CMD_SET_KEY,
19586 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19587 		.doit = nl80211_set_key,
19588 		.flags = GENL_UNS_ADMIN_PERM,
19589 		/* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
19590 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19591 					 NL80211_FLAG_CLEAR_SKB),
19592 	},
19593 	{
19594 		.cmd = NL80211_CMD_NEW_KEY,
19595 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19596 		.doit = nl80211_new_key,
19597 		.flags = GENL_UNS_ADMIN_PERM,
19598 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19599 					 NL80211_FLAG_CLEAR_SKB),
19600 	},
19601 	{
19602 		.cmd = NL80211_CMD_DEL_KEY,
19603 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19604 		.doit = nl80211_del_key,
19605 		.flags = GENL_UNS_ADMIN_PERM,
19606 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19607 	},
19608 	{
19609 		.cmd = NL80211_CMD_SET_BEACON,
19610 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19611 		.flags = GENL_UNS_ADMIN_PERM,
19612 		.doit = nl80211_set_beacon,
19613 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19614 					 NL80211_FLAG_MLO_VALID_LINK_ID),
19615 	},
19616 	{
19617 		.cmd = NL80211_CMD_START_AP,
19618 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19619 		.flags = GENL_UNS_ADMIN_PERM,
19620 		.doit = nl80211_start_ap,
19621 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19622 					 NL80211_FLAG_MLO_VALID_LINK_ID),
19623 	},
19624 	{
19625 		.cmd = NL80211_CMD_STOP_AP,
19626 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19627 		.flags = GENL_UNS_ADMIN_PERM,
19628 		.doit = nl80211_stop_ap,
19629 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19630 					 NL80211_FLAG_MLO_VALID_LINK_ID),
19631 	},
19632 	{
19633 		.cmd = NL80211_CMD_GET_STATION,
19634 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19635 		.doit = nl80211_get_station,
19636 		.dumpit = nl80211_dump_station,
19637 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
19638 	},
19639 	{
19640 		.cmd = NL80211_CMD_SET_STATION,
19641 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19642 		.doit = nl80211_set_station,
19643 		.flags = GENL_UNS_ADMIN_PERM,
19644 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19645 	},
19646 	{
19647 		.cmd = NL80211_CMD_NEW_STATION,
19648 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19649 		.doit = nl80211_new_station,
19650 		.flags = GENL_UNS_ADMIN_PERM,
19651 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19652 	},
19653 	{
19654 		.cmd = NL80211_CMD_DEL_STATION,
19655 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19656 		.doit = nl80211_del_station,
19657 		.flags = GENL_UNS_ADMIN_PERM,
19658 		/* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
19659 		 * whether MAC address is passed or not. If MAC address is
19660 		 * passed, then even during MLO, link ID is not required.
19661 		 */
19662 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19663 	},
19664 	{
19665 		.cmd = NL80211_CMD_GET_MPATH,
19666 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19667 		.doit = nl80211_get_mpath,
19668 		.dumpit = nl80211_dump_mpath,
19669 		.flags = GENL_UNS_ADMIN_PERM,
19670 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19671 	},
19672 	{
19673 		.cmd = NL80211_CMD_GET_MPP,
19674 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19675 		.doit = nl80211_get_mpp,
19676 		.dumpit = nl80211_dump_mpp,
19677 		.flags = GENL_UNS_ADMIN_PERM,
19678 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19679 	},
19680 	{
19681 		.cmd = NL80211_CMD_SET_MPATH,
19682 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19683 		.doit = nl80211_set_mpath,
19684 		.flags = GENL_UNS_ADMIN_PERM,
19685 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19686 	},
19687 	{
19688 		.cmd = NL80211_CMD_NEW_MPATH,
19689 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19690 		.doit = nl80211_new_mpath,
19691 		.flags = GENL_UNS_ADMIN_PERM,
19692 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19693 	},
19694 	{
19695 		.cmd = NL80211_CMD_DEL_MPATH,
19696 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19697 		.doit = nl80211_del_mpath,
19698 		.flags = GENL_UNS_ADMIN_PERM,
19699 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19700 	},
19701 	{
19702 		.cmd = NL80211_CMD_SET_BSS,
19703 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19704 		.doit = nl80211_set_bss,
19705 		.flags = GENL_UNS_ADMIN_PERM,
19706 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19707 					 NL80211_FLAG_MLO_VALID_LINK_ID),
19708 	},
19709 	{
19710 		.cmd = NL80211_CMD_GET_REG,
19711 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19712 		.doit = nl80211_get_reg_do,
19713 		.dumpit = nl80211_get_reg_dump,
19714 		/* can be retrieved by unprivileged users */
19715 	},
19716 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
19717 	{
19718 		.cmd = NL80211_CMD_SET_REG,
19719 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19720 		.doit = nl80211_set_reg,
19721 		.flags = GENL_ADMIN_PERM,
19722 	},
19723 #endif
19724 	{
19725 		.cmd = NL80211_CMD_REQ_SET_REG,
19726 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19727 		.doit = nl80211_req_set_reg,
19728 		.flags = GENL_ADMIN_PERM,
19729 	},
19730 	{
19731 		.cmd = NL80211_CMD_RELOAD_REGDB,
19732 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19733 		.doit = nl80211_reload_regdb,
19734 		.flags = GENL_ADMIN_PERM,
19735 	},
19736 	{
19737 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
19738 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19739 		.doit = nl80211_get_mesh_config,
19740 		/* can be retrieved by unprivileged users */
19741 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19742 	},
19743 	{
19744 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
19745 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19746 		.doit = nl80211_update_mesh_config,
19747 		.flags = GENL_UNS_ADMIN_PERM,
19748 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19749 	},
19750 	{
19751 		.cmd = NL80211_CMD_TRIGGER_SCAN,
19752 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19753 		.doit = nl80211_trigger_scan,
19754 		.flags = GENL_UNS_ADMIN_PERM,
19755 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19756 	},
19757 	{
19758 		.cmd = NL80211_CMD_ABORT_SCAN,
19759 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19760 		.doit = nl80211_abort_scan,
19761 		.flags = GENL_UNS_ADMIN_PERM,
19762 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19763 	},
19764 	{
19765 		.cmd = NL80211_CMD_GET_SCAN,
19766 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19767 		.dumpit = nl80211_dump_scan,
19768 	},
19769 	{
19770 		.cmd = NL80211_CMD_START_SCHED_SCAN,
19771 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19772 		.doit = nl80211_start_sched_scan,
19773 		.flags = GENL_UNS_ADMIN_PERM,
19774 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19775 	},
19776 	{
19777 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
19778 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19779 		.doit = nl80211_stop_sched_scan,
19780 		.flags = GENL_UNS_ADMIN_PERM,
19781 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19782 	},
19783 	{
19784 		.cmd = NL80211_CMD_AUTHENTICATE,
19785 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19786 		.doit = nl80211_authenticate,
19787 		.flags = GENL_UNS_ADMIN_PERM,
19788 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19789 					 NL80211_FLAG_CLEAR_SKB),
19790 	},
19791 	{
19792 		.cmd = NL80211_CMD_ASSOCIATE,
19793 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19794 		.doit = nl80211_associate,
19795 		.flags = GENL_UNS_ADMIN_PERM,
19796 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19797 					 NL80211_FLAG_CLEAR_SKB),
19798 	},
19799 	{
19800 		.cmd = NL80211_CMD_DEAUTHENTICATE,
19801 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19802 		.doit = nl80211_deauthenticate,
19803 		.flags = GENL_UNS_ADMIN_PERM,
19804 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19805 	},
19806 	{
19807 		.cmd = NL80211_CMD_DISASSOCIATE,
19808 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19809 		.doit = nl80211_disassociate,
19810 		.flags = GENL_UNS_ADMIN_PERM,
19811 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19812 	},
19813 	{
19814 		.cmd = NL80211_CMD_JOIN_IBSS,
19815 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19816 		.doit = nl80211_join_ibss,
19817 		.flags = GENL_UNS_ADMIN_PERM,
19818 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19819 	},
19820 	{
19821 		.cmd = NL80211_CMD_LEAVE_IBSS,
19822 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19823 		.doit = nl80211_leave_ibss,
19824 		.flags = GENL_UNS_ADMIN_PERM,
19825 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19826 	},
19827 #ifdef CONFIG_NL80211_TESTMODE
19828 	{
19829 		.cmd = NL80211_CMD_TESTMODE,
19830 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19831 		.doit = nl80211_testmode_do,
19832 		.dumpit = nl80211_testmode_dump,
19833 		.flags = GENL_UNS_ADMIN_PERM,
19834 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19835 	},
19836 #endif
19837 	{
19838 		.cmd = NL80211_CMD_CONNECT,
19839 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19840 		.doit = nl80211_connect,
19841 		.flags = GENL_UNS_ADMIN_PERM,
19842 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19843 					 NL80211_FLAG_CLEAR_SKB),
19844 	},
19845 	{
19846 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
19847 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19848 		.doit = nl80211_update_connect_params,
19849 		.flags = GENL_ADMIN_PERM,
19850 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19851 					 NL80211_FLAG_CLEAR_SKB),
19852 	},
19853 	{
19854 		.cmd = NL80211_CMD_DISCONNECT,
19855 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19856 		.doit = nl80211_disconnect,
19857 		.flags = GENL_UNS_ADMIN_PERM,
19858 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19859 	},
19860 	{
19861 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
19862 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19863 		.doit = nl80211_wiphy_netns,
19864 		.flags = GENL_UNS_ADMIN_PERM,
19865 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
19866 					 NL80211_FLAG_NEED_RTNL |
19867 					 NL80211_FLAG_NO_WIPHY_MTX),
19868 	},
19869 	{
19870 		.cmd = NL80211_CMD_GET_SURVEY,
19871 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19872 		.dumpit = nl80211_dump_survey,
19873 	},
19874 	{
19875 		.cmd = NL80211_CMD_SET_PMKSA,
19876 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19877 		.doit = nl80211_set_pmksa,
19878 		.flags = GENL_UNS_ADMIN_PERM,
19879 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19880 					 NL80211_FLAG_CLEAR_SKB),
19881 	},
19882 	{
19883 		.cmd = NL80211_CMD_DEL_PMKSA,
19884 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19885 		.doit = nl80211_del_pmksa,
19886 		.flags = GENL_UNS_ADMIN_PERM,
19887 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19888 	},
19889 	{
19890 		.cmd = NL80211_CMD_FLUSH_PMKSA,
19891 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19892 		.doit = nl80211_flush_pmksa,
19893 		.flags = GENL_UNS_ADMIN_PERM,
19894 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19895 	},
19896 	{
19897 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
19898 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19899 		.doit = nl80211_remain_on_channel,
19900 		.flags = GENL_UNS_ADMIN_PERM,
19901 		/* FIXME: requiring a link ID here is probably not good */
19902 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19903 					 NL80211_FLAG_MLO_VALID_LINK_ID),
19904 	},
19905 	{
19906 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
19907 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19908 		.doit = nl80211_cancel_remain_on_channel,
19909 		.flags = GENL_UNS_ADMIN_PERM,
19910 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19911 	},
19912 	{
19913 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
19914 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19915 		.doit = nl80211_set_tx_bitrate_mask,
19916 		.flags = GENL_UNS_ADMIN_PERM,
19917 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19918 					 NL80211_FLAG_MLO_VALID_LINK_ID),
19919 	},
19920 	{
19921 		.cmd = NL80211_CMD_REGISTER_FRAME,
19922 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19923 		.doit = nl80211_register_mgmt,
19924 		.flags = GENL_UNS_ADMIN_PERM,
19925 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
19926 	},
19927 	{
19928 		.cmd = NL80211_CMD_FRAME,
19929 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19930 		.doit = nl80211_tx_mgmt,
19931 		.flags = GENL_UNS_ADMIN_PERM,
19932 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19933 	},
19934 	{
19935 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
19936 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19937 		.doit = nl80211_tx_mgmt_cancel_wait,
19938 		.flags = GENL_UNS_ADMIN_PERM,
19939 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19940 	},
19941 	{
19942 		.cmd = NL80211_CMD_SET_POWER_SAVE,
19943 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19944 		.doit = nl80211_set_power_save,
19945 		.flags = GENL_UNS_ADMIN_PERM,
19946 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19947 	},
19948 	{
19949 		.cmd = NL80211_CMD_GET_POWER_SAVE,
19950 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19951 		.doit = nl80211_get_power_save,
19952 		/* can be retrieved by unprivileged users */
19953 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19954 	},
19955 	{
19956 		.cmd = NL80211_CMD_SET_CQM,
19957 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19958 		.doit = nl80211_set_cqm,
19959 		.flags = GENL_UNS_ADMIN_PERM,
19960 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19961 	},
19962 	{
19963 		.cmd = NL80211_CMD_SET_CHANNEL,
19964 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19965 		.doit = nl80211_set_channel,
19966 		.flags = GENL_UNS_ADMIN_PERM,
19967 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19968 					 NL80211_FLAG_MLO_VALID_LINK_ID),
19969 	},
19970 	{
19971 		.cmd = NL80211_CMD_JOIN_MESH,
19972 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19973 		.doit = nl80211_join_mesh,
19974 		.flags = GENL_UNS_ADMIN_PERM,
19975 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19976 	},
19977 	{
19978 		.cmd = NL80211_CMD_LEAVE_MESH,
19979 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19980 		.doit = nl80211_leave_mesh,
19981 		.flags = GENL_UNS_ADMIN_PERM,
19982 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19983 	},
19984 	{
19985 		.cmd = NL80211_CMD_JOIN_OCB,
19986 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19987 		.doit = nl80211_join_ocb,
19988 		.flags = GENL_UNS_ADMIN_PERM,
19989 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19990 	},
19991 	{
19992 		.cmd = NL80211_CMD_LEAVE_OCB,
19993 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19994 		.doit = nl80211_leave_ocb,
19995 		.flags = GENL_UNS_ADMIN_PERM,
19996 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19997 	},
19998 #ifdef CONFIG_PM
19999 	{
20000 		.cmd = NL80211_CMD_GET_WOWLAN,
20001 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20002 		.doit = nl80211_get_wowlan,
20003 		/* can be retrieved by unprivileged users */
20004 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
20005 	},
20006 	{
20007 		.cmd = NL80211_CMD_SET_WOWLAN,
20008 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20009 		.doit = nl80211_set_wowlan,
20010 		.flags = GENL_UNS_ADMIN_PERM,
20011 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
20012 	},
20013 #endif
20014 	{
20015 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
20016 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20017 		.doit = nl80211_set_rekey_data,
20018 		.flags = GENL_UNS_ADMIN_PERM,
20019 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20020 					 NL80211_FLAG_CLEAR_SKB),
20021 	},
20022 	{
20023 		.cmd = NL80211_CMD_TDLS_MGMT,
20024 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20025 		.doit = nl80211_tdls_mgmt,
20026 		.flags = GENL_UNS_ADMIN_PERM,
20027 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20028 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20029 	},
20030 	{
20031 		.cmd = NL80211_CMD_TDLS_OPER,
20032 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20033 		.doit = nl80211_tdls_oper,
20034 		.flags = GENL_UNS_ADMIN_PERM,
20035 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20036 	},
20037 	{
20038 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
20039 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20040 		.doit = nl80211_register_unexpected_frame,
20041 		.flags = GENL_UNS_ADMIN_PERM,
20042 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
20043 	},
20044 	{
20045 		.cmd = NL80211_CMD_PROBE_CLIENT,
20046 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20047 		.doit = nl80211_probe_client,
20048 		.flags = GENL_UNS_ADMIN_PERM,
20049 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20050 	},
20051 	{
20052 		.cmd = NL80211_CMD_REGISTER_BEACONS,
20053 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20054 		.doit = nl80211_register_beacons,
20055 		.flags = GENL_UNS_ADMIN_PERM,
20056 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
20057 	},
20058 	{
20059 		.cmd = NL80211_CMD_SET_NOACK_MAP,
20060 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20061 		.doit = nl80211_set_noack_map,
20062 		.flags = GENL_UNS_ADMIN_PERM,
20063 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
20064 	},
20065 	{
20066 		.cmd = NL80211_CMD_START_P2P_DEVICE,
20067 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20068 		.doit = nl80211_start_p2p_device,
20069 		.flags = GENL_UNS_ADMIN_PERM,
20070 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
20071 					 NL80211_FLAG_NEED_RTNL),
20072 	},
20073 	{
20074 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
20075 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20076 		.doit = nl80211_stop_p2p_device,
20077 		.flags = GENL_UNS_ADMIN_PERM,
20078 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
20079 					 NL80211_FLAG_NEED_RTNL),
20080 	},
20081 	{
20082 		.cmd = NL80211_CMD_START_NAN,
20083 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20084 		.doit = nl80211_start_nan,
20085 		.flags = GENL_ADMIN_PERM,
20086 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
20087 					 NL80211_FLAG_NEED_RTNL),
20088 	},
20089 	{
20090 		.cmd = NL80211_CMD_STOP_NAN,
20091 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20092 		.doit = nl80211_stop_nan,
20093 		.flags = GENL_ADMIN_PERM,
20094 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
20095 					 NL80211_FLAG_NO_WIPHY_MTX |
20096 					 NL80211_FLAG_NEED_RTNL),
20097 	},
20098 	{
20099 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
20100 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20101 		.doit = nl80211_nan_add_func,
20102 		.flags = GENL_ADMIN_PERM,
20103 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20104 	},
20105 	{
20106 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
20107 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20108 		.doit = nl80211_nan_del_func,
20109 		.flags = GENL_ADMIN_PERM,
20110 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20111 	},
20112 	{
20113 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
20114 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20115 		.doit = nl80211_nan_change_config,
20116 		.flags = GENL_ADMIN_PERM,
20117 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20118 	},
20119 	{
20120 		.cmd = NL80211_CMD_START_PD,
20121 		.doit = nl80211_start_pd,
20122 		.flags = GENL_ADMIN_PERM,
20123 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
20124 					 NL80211_FLAG_NEED_RTNL),
20125 	},
20126 	{
20127 		.cmd = NL80211_CMD_STOP_PD,
20128 		.doit = nl80211_stop_pd,
20129 		.flags = GENL_ADMIN_PERM,
20130 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
20131 					 NL80211_FLAG_NEED_RTNL),
20132 	},
20133 	{
20134 		.cmd = NL80211_CMD_SET_MCAST_RATE,
20135 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20136 		.doit = nl80211_set_mcast_rate,
20137 		.flags = GENL_UNS_ADMIN_PERM,
20138 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
20139 	},
20140 	{
20141 		.cmd = NL80211_CMD_SET_MAC_ACL,
20142 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20143 		.doit = nl80211_set_mac_acl,
20144 		.flags = GENL_UNS_ADMIN_PERM,
20145 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
20146 					 NL80211_FLAG_MLO_UNSUPPORTED),
20147 	},
20148 	{
20149 		.cmd = NL80211_CMD_RADAR_DETECT,
20150 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20151 		.doit = nl80211_start_radar_detection,
20152 		.flags = GENL_UNS_ADMIN_PERM,
20153 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20154 					 NL80211_FLAG_NO_WIPHY_MTX |
20155 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20156 	},
20157 	{
20158 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
20159 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20160 		.doit = nl80211_get_protocol_features,
20161 	},
20162 	{
20163 		.cmd = NL80211_CMD_UPDATE_FT_IES,
20164 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20165 		.doit = nl80211_update_ft_ies,
20166 		.flags = GENL_UNS_ADMIN_PERM,
20167 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20168 	},
20169 	{
20170 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
20171 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20172 		.doit = nl80211_crit_protocol_start,
20173 		.flags = GENL_UNS_ADMIN_PERM,
20174 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20175 	},
20176 	{
20177 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
20178 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20179 		.doit = nl80211_crit_protocol_stop,
20180 		.flags = GENL_UNS_ADMIN_PERM,
20181 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20182 	},
20183 	{
20184 		.cmd = NL80211_CMD_GET_COALESCE,
20185 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20186 		.doit = nl80211_get_coalesce,
20187 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
20188 	},
20189 	{
20190 		.cmd = NL80211_CMD_SET_COALESCE,
20191 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20192 		.doit = nl80211_set_coalesce,
20193 		.flags = GENL_UNS_ADMIN_PERM,
20194 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
20195 	},
20196 	{
20197 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
20198 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20199 		.doit = nl80211_channel_switch,
20200 		.flags = GENL_UNS_ADMIN_PERM,
20201 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20202 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20203 	},
20204 	{
20205 		.cmd = NL80211_CMD_VENDOR,
20206 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20207 		.doit = nl80211_vendor_cmd,
20208 		.dumpit = nl80211_vendor_cmd_dump,
20209 		.flags = GENL_UNS_ADMIN_PERM,
20210 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
20211 					 NL80211_FLAG_CLEAR_SKB),
20212 	},
20213 	{
20214 		.cmd = NL80211_CMD_SET_QOS_MAP,
20215 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20216 		.doit = nl80211_set_qos_map,
20217 		.flags = GENL_UNS_ADMIN_PERM,
20218 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20219 	},
20220 	{
20221 		.cmd = NL80211_CMD_ADD_TX_TS,
20222 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20223 		.doit = nl80211_add_tx_ts,
20224 		.flags = GENL_UNS_ADMIN_PERM,
20225 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20226 					 NL80211_FLAG_MLO_UNSUPPORTED),
20227 	},
20228 	{
20229 		.cmd = NL80211_CMD_DEL_TX_TS,
20230 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20231 		.doit = nl80211_del_tx_ts,
20232 		.flags = GENL_UNS_ADMIN_PERM,
20233 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20234 	},
20235 	{
20236 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
20237 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20238 		.doit = nl80211_tdls_channel_switch,
20239 		.flags = GENL_UNS_ADMIN_PERM,
20240 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20241 	},
20242 	{
20243 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
20244 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20245 		.doit = nl80211_tdls_cancel_channel_switch,
20246 		.flags = GENL_UNS_ADMIN_PERM,
20247 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20248 	},
20249 	{
20250 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
20251 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20252 		.doit = nl80211_set_multicast_to_unicast,
20253 		.flags = GENL_UNS_ADMIN_PERM,
20254 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
20255 	},
20256 	{
20257 		.cmd = NL80211_CMD_SET_PMK,
20258 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20259 		.doit = nl80211_set_pmk,
20260 		.flags = GENL_UNS_ADMIN_PERM,
20261 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20262 					 NL80211_FLAG_CLEAR_SKB),
20263 	},
20264 	{
20265 		.cmd = NL80211_CMD_DEL_PMK,
20266 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20267 		.doit = nl80211_del_pmk,
20268 		.flags = GENL_UNS_ADMIN_PERM,
20269 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20270 	},
20271 	{
20272 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
20273 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20274 		.doit = nl80211_external_auth,
20275 		.flags = GENL_ADMIN_PERM,
20276 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20277 	},
20278 	{
20279 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
20280 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20281 		.doit = nl80211_tx_control_port,
20282 		.flags = GENL_UNS_ADMIN_PERM,
20283 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20284 	},
20285 	{
20286 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
20287 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20288 		.doit = nl80211_get_ftm_responder_stats,
20289 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
20290 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20291 	},
20292 	{
20293 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
20294 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20295 		.doit = nl80211_pmsr_start,
20296 		.flags = GENL_UNS_ADMIN_PERM,
20297 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20298 	},
20299 	{
20300 		.cmd = NL80211_CMD_NOTIFY_RADAR,
20301 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20302 		.doit = nl80211_notify_radar_detection,
20303 		.flags = GENL_UNS_ADMIN_PERM,
20304 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20305 	},
20306 	{
20307 		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
20308 		.doit = nl80211_update_owe_info,
20309 		.flags = GENL_ADMIN_PERM,
20310 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20311 	},
20312 	{
20313 		.cmd = NL80211_CMD_PROBE_MESH_LINK,
20314 		.doit = nl80211_probe_mesh_link,
20315 		.flags = GENL_UNS_ADMIN_PERM,
20316 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20317 	},
20318 	{
20319 		.cmd = NL80211_CMD_SET_TID_CONFIG,
20320 		.doit = nl80211_set_tid_config,
20321 		.flags = GENL_UNS_ADMIN_PERM,
20322 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
20323 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20324 	},
20325 	{
20326 		.cmd = NL80211_CMD_SET_SAR_SPECS,
20327 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20328 		.doit = nl80211_set_sar_specs,
20329 		.flags = GENL_UNS_ADMIN_PERM,
20330 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
20331 					 NL80211_FLAG_NEED_RTNL),
20332 	},
20333 	{
20334 		.cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
20335 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20336 		.doit = nl80211_color_change,
20337 		.flags = GENL_UNS_ADMIN_PERM,
20338 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20339 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20340 	},
20341 	{
20342 		.cmd = NL80211_CMD_SET_FILS_AAD,
20343 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
20344 		.doit = nl80211_set_fils_aad,
20345 		.flags = GENL_UNS_ADMIN_PERM,
20346 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20347 	},
20348 	{
20349 		.cmd = NL80211_CMD_ADD_LINK,
20350 		.doit = nl80211_add_link,
20351 		.flags = GENL_UNS_ADMIN_PERM,
20352 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20353 	},
20354 	{
20355 		.cmd = NL80211_CMD_REMOVE_LINK,
20356 		.doit = nl80211_remove_link,
20357 		.flags = GENL_UNS_ADMIN_PERM,
20358 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20359 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20360 	},
20361 	{
20362 		.cmd = NL80211_CMD_ADD_LINK_STA,
20363 		.doit = nl80211_add_link_station,
20364 		.flags = GENL_UNS_ADMIN_PERM,
20365 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20366 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20367 	},
20368 	{
20369 		.cmd = NL80211_CMD_MODIFY_LINK_STA,
20370 		.doit = nl80211_modify_link_station,
20371 		.flags = GENL_UNS_ADMIN_PERM,
20372 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20373 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20374 	},
20375 	{
20376 		.cmd = NL80211_CMD_REMOVE_LINK_STA,
20377 		.doit = nl80211_remove_link_station,
20378 		.flags = GENL_UNS_ADMIN_PERM,
20379 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
20380 					 NL80211_FLAG_MLO_VALID_LINK_ID),
20381 	},
20382 	{
20383 		.cmd = NL80211_CMD_SET_HW_TIMESTAMP,
20384 		.doit = nl80211_set_hw_timestamp,
20385 		.flags = GENL_UNS_ADMIN_PERM,
20386 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20387 	},
20388 	{
20389 		.cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
20390 		.doit = nl80211_set_ttlm,
20391 		.flags = GENL_UNS_ADMIN_PERM,
20392 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20393 	},
20394 	{
20395 		.cmd = NL80211_CMD_ASSOC_MLO_RECONF,
20396 		.doit = nl80211_assoc_ml_reconf,
20397 		.flags = GENL_UNS_ADMIN_PERM,
20398 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20399 	},
20400 	{
20401 		.cmd = NL80211_CMD_EPCS_CFG,
20402 		.doit = nl80211_epcs_cfg,
20403 		.flags = GENL_UNS_ADMIN_PERM,
20404 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20405 	},
20406 	{
20407 		.cmd = NL80211_CMD_NAN_SET_LOCAL_SCHED,
20408 		.doit = nl80211_nan_set_local_sched,
20409 		.flags = GENL_ADMIN_PERM,
20410 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20411 	},
20412 	{
20413 		.cmd = NL80211_CMD_NAN_SET_PEER_SCHED,
20414 		.doit = nl80211_nan_set_peer_sched,
20415 		.flags = GENL_ADMIN_PERM,
20416 		.internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20417 	},
20418 };
20419 
20420 static struct genl_family nl80211_fam __ro_after_init = {
20421 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
20422 	.hdrsize = 0,			/* no private header */
20423 	.version = 1,			/* no particular meaning now */
20424 	.maxattr = NL80211_ATTR_MAX,
20425 	.policy = nl80211_policy,
20426 	.netnsok = true,
20427 	.pre_doit = nl80211_pre_doit,
20428 	.post_doit = nl80211_post_doit,
20429 	.module = THIS_MODULE,
20430 	.ops = nl80211_ops,
20431 	.n_ops = ARRAY_SIZE(nl80211_ops),
20432 	.small_ops = nl80211_small_ops,
20433 	.n_small_ops = ARRAY_SIZE(nl80211_small_ops),
20434 	.resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
20435 	.mcgrps = nl80211_mcgrps,
20436 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
20437 	.parallel_ops = true,
20438 };
20439 
20440 /* notification functions */
20441 
20442 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
20443 			  enum nl80211_commands cmd)
20444 {
20445 	struct sk_buff *msg;
20446 	struct nl80211_dump_wiphy_state state = {};
20447 
20448 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
20449 		cmd != NL80211_CMD_DEL_WIPHY);
20450 
20451 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20452 	if (!msg)
20453 		return;
20454 
20455 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
20456 		nlmsg_free(msg);
20457 		return;
20458 	}
20459 
20460 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20461 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
20462 }
20463 
20464 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
20465 				struct wireless_dev *wdev,
20466 				enum nl80211_commands cmd)
20467 {
20468 	struct sk_buff *msg;
20469 
20470 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20471 	if (!msg)
20472 		return;
20473 
20474 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
20475 		nlmsg_free(msg);
20476 		return;
20477 	}
20478 
20479 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20480 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
20481 }
20482 
20483 static int nl80211_add_scan_req(struct sk_buff *msg,
20484 				struct cfg80211_registered_device *rdev)
20485 {
20486 	struct cfg80211_scan_request_int *req = rdev->scan_req;
20487 	struct nlattr *nest;
20488 	int i;
20489 	struct cfg80211_scan_info *info;
20490 
20491 	if (WARN_ON(!req))
20492 		return 0;
20493 
20494 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
20495 	if (!nest)
20496 		goto nla_put_failure;
20497 	for (i = 0; i < req->req.n_ssids; i++) {
20498 		if (nla_put(msg, i, req->req.ssids[i].ssid_len,
20499 			    req->req.ssids[i].ssid))
20500 			goto nla_put_failure;
20501 	}
20502 	nla_nest_end(msg, nest);
20503 
20504 	if (req->req.flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
20505 		nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
20506 		if (!nest)
20507 			goto nla_put_failure;
20508 		for (i = 0; i < req->req.n_channels; i++) {
20509 			if (nla_put_u32(msg, i,
20510 					ieee80211_channel_to_khz(req->req.channels[i])))
20511 				goto nla_put_failure;
20512 		}
20513 		nla_nest_end(msg, nest);
20514 	} else {
20515 		nest = nla_nest_start_noflag(msg,
20516 					     NL80211_ATTR_SCAN_FREQUENCIES);
20517 		if (!nest)
20518 			goto nla_put_failure;
20519 		for (i = 0; i < req->req.n_channels; i++) {
20520 			if (nla_put_u32(msg, i,
20521 					req->req.channels[i]->center_freq))
20522 				goto nla_put_failure;
20523 		}
20524 		nla_nest_end(msg, nest);
20525 	}
20526 
20527 	if (req->req.ie &&
20528 	    nla_put(msg, NL80211_ATTR_IE, req->req.ie_len, req->req.ie))
20529 		goto nla_put_failure;
20530 
20531 	if (req->req.flags &&
20532 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->req.flags))
20533 		goto nla_put_failure;
20534 
20535 	info = rdev->int_scan_req ? &rdev->int_scan_req->info :
20536 		&rdev->scan_req->info;
20537 	if (info->scan_start_tsf &&
20538 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
20539 			       info->scan_start_tsf, NL80211_BSS_PAD) ||
20540 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
20541 		     info->tsf_bssid)))
20542 		goto nla_put_failure;
20543 
20544 	return 0;
20545  nla_put_failure:
20546 	return -ENOBUFS;
20547 }
20548 
20549 static int nl80211_prep_scan_msg(struct sk_buff *msg,
20550 				 struct cfg80211_registered_device *rdev,
20551 				 struct wireless_dev *wdev,
20552 				 u32 portid, u32 seq, int flags,
20553 				 u32 cmd)
20554 {
20555 	void *hdr;
20556 
20557 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
20558 	if (!hdr)
20559 		return -1;
20560 
20561 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20562 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
20563 					 wdev->netdev->ifindex)) ||
20564 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20565 			      NL80211_ATTR_PAD))
20566 		goto nla_put_failure;
20567 
20568 	/* ignore errors and send incomplete event anyway */
20569 	nl80211_add_scan_req(msg, rdev);
20570 
20571 	genlmsg_end(msg, hdr);
20572 	return 0;
20573 
20574  nla_put_failure:
20575 	genlmsg_cancel(msg, hdr);
20576 	return -EMSGSIZE;
20577 }
20578 
20579 static int
20580 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
20581 			    struct cfg80211_sched_scan_request *req, u32 cmd)
20582 {
20583 	void *hdr;
20584 
20585 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
20586 	if (!hdr)
20587 		return -1;
20588 
20589 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
20590 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
20591 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
20592 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
20593 			      NL80211_ATTR_PAD))
20594 		goto nla_put_failure;
20595 
20596 	genlmsg_end(msg, hdr);
20597 	return 0;
20598 
20599  nla_put_failure:
20600 	genlmsg_cancel(msg, hdr);
20601 	return -EMSGSIZE;
20602 }
20603 
20604 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
20605 			     struct wireless_dev *wdev)
20606 {
20607 	struct sk_buff *msg;
20608 
20609 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20610 	if (!msg)
20611 		return;
20612 
20613 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
20614 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
20615 		nlmsg_free(msg);
20616 		return;
20617 	}
20618 
20619 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20620 				NL80211_MCGRP_SCAN, GFP_KERNEL);
20621 }
20622 
20623 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
20624 				       struct wireless_dev *wdev, bool aborted)
20625 {
20626 	struct sk_buff *msg;
20627 
20628 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20629 	if (!msg)
20630 		return NULL;
20631 
20632 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
20633 				  aborted ? NL80211_CMD_SCAN_ABORTED :
20634 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
20635 		nlmsg_free(msg);
20636 		return NULL;
20637 	}
20638 
20639 	return msg;
20640 }
20641 
20642 /* send message created by nl80211_build_scan_msg() */
20643 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
20644 			   struct sk_buff *msg)
20645 {
20646 	if (!msg)
20647 		return;
20648 
20649 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20650 				NL80211_MCGRP_SCAN, GFP_KERNEL);
20651 }
20652 
20653 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
20654 {
20655 	struct sk_buff *msg;
20656 
20657 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20658 	if (!msg)
20659 		return;
20660 
20661 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
20662 		nlmsg_free(msg);
20663 		return;
20664 	}
20665 
20666 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
20667 				NL80211_MCGRP_SCAN, GFP_KERNEL);
20668 }
20669 
20670 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
20671 					  struct regulatory_request *request)
20672 {
20673 	/* Userspace can always count this one always being set */
20674 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
20675 		goto nla_put_failure;
20676 
20677 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
20678 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20679 			       NL80211_REGDOM_TYPE_WORLD))
20680 			goto nla_put_failure;
20681 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
20682 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20683 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
20684 			goto nla_put_failure;
20685 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
20686 		   request->intersect) {
20687 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20688 			       NL80211_REGDOM_TYPE_INTERSECTION))
20689 			goto nla_put_failure;
20690 	} else {
20691 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20692 			       NL80211_REGDOM_TYPE_COUNTRY) ||
20693 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
20694 				   request->alpha2))
20695 			goto nla_put_failure;
20696 	}
20697 
20698 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
20699 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
20700 
20701 		if (wiphy &&
20702 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
20703 			goto nla_put_failure;
20704 
20705 		if (wiphy &&
20706 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
20707 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
20708 			goto nla_put_failure;
20709 	}
20710 
20711 	return true;
20712 
20713 nla_put_failure:
20714 	return false;
20715 }
20716 
20717 /*
20718  * This can happen on global regulatory changes or device specific settings
20719  * based on custom regulatory domains.
20720  */
20721 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
20722 				     struct regulatory_request *request)
20723 {
20724 	struct sk_buff *msg;
20725 	void *hdr;
20726 
20727 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20728 	if (!msg)
20729 		return;
20730 
20731 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
20732 	if (!hdr)
20733 		goto nla_put_failure;
20734 
20735 	if (!nl80211_reg_change_event_fill(msg, request))
20736 		goto nla_put_failure;
20737 
20738 	genlmsg_end(msg, hdr);
20739 
20740 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
20741 				NL80211_MCGRP_REGULATORY);
20742 
20743 	return;
20744 
20745 nla_put_failure:
20746 	nlmsg_free(msg);
20747 }
20748 
20749 struct nl80211_mlme_event {
20750 	enum nl80211_commands cmd;
20751 	const u8 *buf;
20752 	size_t buf_len;
20753 	int uapsd_queues;
20754 	const u8 *req_ies;
20755 	size_t req_ies_len;
20756 	bool reconnect;
20757 };
20758 
20759 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
20760 				    struct net_device *netdev,
20761 				    const struct nl80211_mlme_event *event,
20762 				    gfp_t gfp)
20763 {
20764 	struct sk_buff *msg;
20765 	void *hdr;
20766 
20767 	msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
20768 	if (!msg)
20769 		return;
20770 
20771 	hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
20772 	if (!hdr) {
20773 		nlmsg_free(msg);
20774 		return;
20775 	}
20776 
20777 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20778 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20779 	    nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
20780 	    (event->req_ies &&
20781 	     nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
20782 		     event->req_ies)))
20783 		goto nla_put_failure;
20784 
20785 	if (event->reconnect &&
20786 	    nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
20787 		goto nla_put_failure;
20788 
20789 	if (event->uapsd_queues >= 0) {
20790 		struct nlattr *nla_wmm =
20791 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
20792 		if (!nla_wmm)
20793 			goto nla_put_failure;
20794 
20795 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
20796 			       event->uapsd_queues))
20797 			goto nla_put_failure;
20798 
20799 		nla_nest_end(msg, nla_wmm);
20800 	}
20801 
20802 	genlmsg_end(msg, hdr);
20803 
20804 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20805 				NL80211_MCGRP_MLME, gfp);
20806 	return;
20807 
20808  nla_put_failure:
20809 	nlmsg_free(msg);
20810 }
20811 
20812 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
20813 			  struct net_device *netdev, const u8 *buf,
20814 			  size_t len, gfp_t gfp)
20815 {
20816 	struct nl80211_mlme_event event = {
20817 		.cmd = NL80211_CMD_AUTHENTICATE,
20818 		.buf = buf,
20819 		.buf_len = len,
20820 		.uapsd_queues = -1,
20821 	};
20822 
20823 	nl80211_send_mlme_event(rdev, netdev, &event, gfp);
20824 }
20825 
20826 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
20827 			   struct net_device *netdev,
20828 			   const struct cfg80211_rx_assoc_resp_data *data)
20829 {
20830 	struct nl80211_mlme_event event = {
20831 		.cmd = NL80211_CMD_ASSOCIATE,
20832 		.buf = data->buf,
20833 		.buf_len = data->len,
20834 		.uapsd_queues = data->uapsd_queues,
20835 		.req_ies = data->req_ies,
20836 		.req_ies_len = data->req_ies_len,
20837 	};
20838 
20839 	nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
20840 }
20841 
20842 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
20843 			 struct net_device *netdev, const u8 *buf,
20844 			 size_t len, bool reconnect, gfp_t gfp)
20845 {
20846 	struct nl80211_mlme_event event = {
20847 		.cmd = NL80211_CMD_DEAUTHENTICATE,
20848 		.buf = buf,
20849 		.buf_len = len,
20850 		.reconnect = reconnect,
20851 		.uapsd_queues = -1,
20852 	};
20853 
20854 	nl80211_send_mlme_event(rdev, netdev, &event, gfp);
20855 }
20856 
20857 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
20858 			   struct net_device *netdev, const u8 *buf,
20859 			   size_t len, bool reconnect, gfp_t gfp)
20860 {
20861 	struct nl80211_mlme_event event = {
20862 		.cmd = NL80211_CMD_DISASSOCIATE,
20863 		.buf = buf,
20864 		.buf_len = len,
20865 		.reconnect = reconnect,
20866 		.uapsd_queues = -1,
20867 	};
20868 
20869 	nl80211_send_mlme_event(rdev, netdev, &event, gfp);
20870 }
20871 
20872 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
20873 				  size_t len)
20874 {
20875 	struct wireless_dev *wdev = dev->ieee80211_ptr;
20876 	struct wiphy *wiphy = wdev->wiphy;
20877 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20878 	const struct ieee80211_mgmt *mgmt = (void *)buf;
20879 	struct nl80211_mlme_event event = {
20880 		.buf = buf,
20881 		.buf_len = len,
20882 		.uapsd_queues = -1,
20883 	};
20884 
20885 	if (WARN_ON(len < 2))
20886 		return;
20887 
20888 	if (ieee80211_is_deauth(mgmt->frame_control)) {
20889 		event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
20890 	} else if (ieee80211_is_disassoc(mgmt->frame_control)) {
20891 		event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
20892 	} else if (ieee80211_is_beacon(mgmt->frame_control)) {
20893 		if (wdev->unprot_beacon_reported &&
20894 		    elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
20895 			return;
20896 		event.cmd = NL80211_CMD_UNPROT_BEACON;
20897 		wdev->unprot_beacon_reported = jiffies;
20898 	} else {
20899 		return;
20900 	}
20901 
20902 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
20903 	nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
20904 }
20905 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
20906 
20907 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
20908 				      struct net_device *netdev, int cmd,
20909 				      const u8 *addr, gfp_t gfp)
20910 {
20911 	struct sk_buff *msg;
20912 	void *hdr;
20913 
20914 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20915 	if (!msg)
20916 		return;
20917 
20918 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
20919 	if (!hdr) {
20920 		nlmsg_free(msg);
20921 		return;
20922 	}
20923 
20924 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20925 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20926 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
20927 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
20928 		goto nla_put_failure;
20929 
20930 	genlmsg_end(msg, hdr);
20931 
20932 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20933 				NL80211_MCGRP_MLME, gfp);
20934 	return;
20935 
20936  nla_put_failure:
20937 	nlmsg_free(msg);
20938 }
20939 
20940 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
20941 			       struct net_device *netdev, const u8 *addr,
20942 			       gfp_t gfp)
20943 {
20944 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
20945 				  addr, gfp);
20946 }
20947 
20948 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
20949 				struct net_device *netdev, const u8 *addr,
20950 				gfp_t gfp)
20951 {
20952 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
20953 				  addr, gfp);
20954 }
20955 
20956 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
20957 				 struct net_device *netdev,
20958 				 struct cfg80211_connect_resp_params *cr,
20959 				 gfp_t gfp)
20960 {
20961 	struct sk_buff *msg;
20962 	void *hdr;
20963 	unsigned int link;
20964 	size_t link_info_size = 0;
20965 	const u8 *connected_addr = cr->valid_links ?
20966 				   cr->ap_mld_addr : cr->links[0].bssid;
20967 
20968 	if (cr->valid_links) {
20969 		for_each_valid_link(cr, link) {
20970 			/* Nested attribute header */
20971 			link_info_size += NLA_HDRLEN;
20972 			/* Link ID */
20973 			link_info_size += nla_total_size(sizeof(u8));
20974 			link_info_size += cr->links[link].addr ?
20975 					  nla_total_size(ETH_ALEN) : 0;
20976 			link_info_size += (cr->links[link].bssid ||
20977 					   cr->links[link].bss) ?
20978 					  nla_total_size(ETH_ALEN) : 0;
20979 			link_info_size += nla_total_size(sizeof(u16));
20980 		}
20981 	}
20982 
20983 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
20984 			cr->fils.kek_len + cr->fils.pmk_len +
20985 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
20986 			gfp);
20987 	if (!msg)
20988 		return;
20989 
20990 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
20991 	if (!hdr) {
20992 		nlmsg_free(msg);
20993 		return;
20994 	}
20995 
20996 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20997 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20998 	    (connected_addr &&
20999 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
21000 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
21001 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
21002 			cr->status) ||
21003 	    (cr->status < 0 &&
21004 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
21005 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
21006 			  cr->timeout_reason))) ||
21007 	    (cr->req_ie &&
21008 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
21009 	    (cr->resp_ie &&
21010 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
21011 		     cr->resp_ie)) ||
21012 	    (cr->fils.update_erp_next_seq_num &&
21013 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
21014 			 cr->fils.erp_next_seq_num)) ||
21015 	    (cr->status == WLAN_STATUS_SUCCESS &&
21016 	     ((cr->fils.kek &&
21017 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
21018 		       cr->fils.kek)) ||
21019 	      (cr->fils.pmk &&
21020 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
21021 	      (cr->fils.pmkid &&
21022 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))) ||
21023 	    (cr->assoc_encrypted &&
21024 	     nla_put_flag(msg, NL80211_ATTR_ASSOC_ENCRYPTED)))
21025 		goto nla_put_failure;
21026 
21027 	if (cr->valid_links) {
21028 		int i = 1;
21029 		struct nlattr *nested;
21030 
21031 		nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
21032 		if (!nested)
21033 			goto nla_put_failure;
21034 
21035 		for_each_valid_link(cr, link) {
21036 			struct nlattr *nested_mlo_links;
21037 			const u8 *bssid = cr->links[link].bss ?
21038 					  cr->links[link].bss->bssid :
21039 					  cr->links[link].bssid;
21040 
21041 			nested_mlo_links = nla_nest_start(msg, i);
21042 			if (!nested_mlo_links)
21043 				goto nla_put_failure;
21044 
21045 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
21046 			    (bssid &&
21047 			     nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
21048 			    (cr->links[link].addr &&
21049 			     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
21050 				     cr->links[link].addr)) ||
21051 			    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
21052 					cr->links[link].status))
21053 				goto nla_put_failure;
21054 
21055 			nla_nest_end(msg, nested_mlo_links);
21056 			i++;
21057 		}
21058 		nla_nest_end(msg, nested);
21059 	}
21060 
21061 	genlmsg_end(msg, hdr);
21062 
21063 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21064 				NL80211_MCGRP_MLME, gfp);
21065 	return;
21066 
21067  nla_put_failure:
21068 	nlmsg_free(msg);
21069 }
21070 
21071 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
21072 			 struct net_device *netdev,
21073 			 struct cfg80211_roam_info *info, gfp_t gfp)
21074 {
21075 	struct sk_buff *msg;
21076 	void *hdr;
21077 	size_t link_info_size = 0;
21078 	unsigned int link;
21079 	const u8 *connected_addr = info->ap_mld_addr ?
21080 				   info->ap_mld_addr :
21081 				   (info->links[0].bss ?
21082 				    info->links[0].bss->bssid :
21083 				    info->links[0].bssid);
21084 
21085 	if (info->valid_links) {
21086 		for_each_valid_link(info, link) {
21087 			/* Nested attribute header */
21088 			link_info_size += NLA_HDRLEN;
21089 			/* Link ID */
21090 			link_info_size += nla_total_size(sizeof(u8));
21091 			link_info_size += info->links[link].addr ?
21092 					  nla_total_size(ETH_ALEN) : 0;
21093 			link_info_size += (info->links[link].bssid ||
21094 					   info->links[link].bss) ?
21095 					  nla_total_size(ETH_ALEN) : 0;
21096 		}
21097 	}
21098 
21099 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
21100 			info->fils.kek_len + info->fils.pmk_len +
21101 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
21102 			link_info_size, gfp);
21103 	if (!msg)
21104 		return;
21105 
21106 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
21107 	if (!hdr) {
21108 		nlmsg_free(msg);
21109 		return;
21110 	}
21111 
21112 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21113 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21114 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
21115 	    (info->req_ie &&
21116 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
21117 		     info->req_ie)) ||
21118 	    (info->resp_ie &&
21119 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
21120 		     info->resp_ie)) ||
21121 	    (info->fils.update_erp_next_seq_num &&
21122 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
21123 			 info->fils.erp_next_seq_num)) ||
21124 	    (info->fils.kek &&
21125 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
21126 		     info->fils.kek)) ||
21127 	    (info->fils.pmk &&
21128 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
21129 	    (info->fils.pmkid &&
21130 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
21131 		goto nla_put_failure;
21132 
21133 	if (info->valid_links) {
21134 		int i = 1;
21135 		struct nlattr *nested;
21136 
21137 		nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
21138 		if (!nested)
21139 			goto nla_put_failure;
21140 
21141 		for_each_valid_link(info, link) {
21142 			struct nlattr *nested_mlo_links;
21143 			const u8 *bssid = info->links[link].bss ?
21144 					  info->links[link].bss->bssid :
21145 					  info->links[link].bssid;
21146 
21147 			nested_mlo_links = nla_nest_start(msg, i);
21148 			if (!nested_mlo_links)
21149 				goto nla_put_failure;
21150 
21151 			if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
21152 			    (bssid &&
21153 			     nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
21154 			    (info->links[link].addr &&
21155 			     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
21156 				     info->links[link].addr)))
21157 				goto nla_put_failure;
21158 
21159 			nla_nest_end(msg, nested_mlo_links);
21160 			i++;
21161 		}
21162 		nla_nest_end(msg, nested);
21163 	}
21164 
21165 	genlmsg_end(msg, hdr);
21166 
21167 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21168 				NL80211_MCGRP_MLME, gfp);
21169 	return;
21170 
21171  nla_put_failure:
21172 	nlmsg_free(msg);
21173 }
21174 
21175 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
21176 				  struct net_device *netdev, const u8 *peer_addr,
21177 				  const u8 *td_bitmap, u8 td_bitmap_len)
21178 {
21179 	struct sk_buff *msg;
21180 	void *hdr;
21181 
21182 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21183 	if (!msg)
21184 		return;
21185 
21186 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
21187 	if (!hdr) {
21188 		nlmsg_free(msg);
21189 		return;
21190 	}
21191 
21192 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21193 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21194 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
21195 		goto nla_put_failure;
21196 
21197 	if (td_bitmap_len > 0 && td_bitmap &&
21198 	    nla_put(msg, NL80211_ATTR_TD_BITMAP, td_bitmap_len, td_bitmap))
21199 		goto nla_put_failure;
21200 
21201 	genlmsg_end(msg, hdr);
21202 
21203 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21204 				NL80211_MCGRP_MLME, GFP_KERNEL);
21205 	return;
21206 
21207  nla_put_failure:
21208 	nlmsg_free(msg);
21209 }
21210 
21211 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
21212 			       struct net_device *netdev, u16 reason,
21213 			       const u8 *ie, size_t ie_len, bool from_ap)
21214 {
21215 	struct sk_buff *msg;
21216 	void *hdr;
21217 
21218 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
21219 	if (!msg)
21220 		return;
21221 
21222 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
21223 	if (!hdr) {
21224 		nlmsg_free(msg);
21225 		return;
21226 	}
21227 
21228 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21229 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21230 	    (reason &&
21231 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
21232 	    (from_ap &&
21233 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
21234 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
21235 		goto nla_put_failure;
21236 
21237 	genlmsg_end(msg, hdr);
21238 
21239 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21240 				NL80211_MCGRP_MLME, GFP_KERNEL);
21241 	return;
21242 
21243  nla_put_failure:
21244 	nlmsg_free(msg);
21245 }
21246 
21247 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
21248 {
21249 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21250 	struct wiphy *wiphy = wdev->wiphy;
21251 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21252 	struct sk_buff *msg;
21253 	struct nlattr *links;
21254 	void *hdr;
21255 
21256 	lockdep_assert_wiphy(wdev->wiphy);
21257 	trace_cfg80211_links_removed(dev, link_mask);
21258 
21259 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
21260 		    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
21261 		return;
21262 
21263 	if (WARN_ON(!wdev->valid_links || !link_mask ||
21264 		    (wdev->valid_links & link_mask) != link_mask ||
21265 		    wdev->valid_links == link_mask))
21266 		return;
21267 
21268 	cfg80211_wdev_release_link_bsses(wdev, link_mask);
21269 	wdev->valid_links &= ~link_mask;
21270 
21271 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21272 	if (!msg)
21273 		return;
21274 
21275 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
21276 	if (!hdr) {
21277 		nlmsg_free(msg);
21278 		return;
21279 	}
21280 
21281 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21282 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
21283 		goto nla_put_failure;
21284 
21285 	links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
21286 	if (!links)
21287 		goto nla_put_failure;
21288 
21289 	while (link_mask) {
21290 		struct nlattr *link;
21291 		int link_id = __ffs(link_mask);
21292 
21293 		link = nla_nest_start(msg, link_id + 1);
21294 		if (!link)
21295 			goto nla_put_failure;
21296 
21297 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
21298 			goto nla_put_failure;
21299 
21300 		nla_nest_end(msg, link);
21301 		link_mask &= ~(1 << link_id);
21302 	}
21303 
21304 	nla_nest_end(msg, links);
21305 
21306 	genlmsg_end(msg, hdr);
21307 
21308 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21309 				NL80211_MCGRP_MLME, GFP_KERNEL);
21310 	return;
21311 
21312  nla_put_failure:
21313 	nlmsg_free(msg);
21314 }
21315 EXPORT_SYMBOL(cfg80211_links_removed);
21316 
21317 void nl80211_mlo_reconf_add_done(struct net_device *dev,
21318 				 struct cfg80211_mlo_reconf_done_data *data)
21319 {
21320 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21321 	struct wiphy *wiphy = wdev->wiphy;
21322 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21323 	struct nl80211_mlme_event event = {
21324 		.cmd = NL80211_CMD_ASSOC_MLO_RECONF,
21325 		.buf = data->buf,
21326 		.buf_len = data->len,
21327 		.uapsd_queues = -1,
21328 	};
21329 
21330 	nl80211_send_mlme_event(rdev, dev, &event, GFP_KERNEL);
21331 }
21332 EXPORT_SYMBOL(nl80211_mlo_reconf_add_done);
21333 
21334 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
21335 			     struct net_device *netdev, const u8 *bssid,
21336 			     gfp_t gfp)
21337 {
21338 	struct sk_buff *msg;
21339 	void *hdr;
21340 
21341 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21342 	if (!msg)
21343 		return;
21344 
21345 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
21346 	if (!hdr) {
21347 		nlmsg_free(msg);
21348 		return;
21349 	}
21350 
21351 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21352 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21353 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
21354 		goto nla_put_failure;
21355 
21356 	genlmsg_end(msg, hdr);
21357 
21358 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21359 				NL80211_MCGRP_MLME, gfp);
21360 	return;
21361 
21362  nla_put_failure:
21363 	nlmsg_free(msg);
21364 }
21365 
21366 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
21367 					const u8 *ie, size_t ie_len,
21368 					int sig_dbm, gfp_t gfp)
21369 {
21370 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21371 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21372 	struct sk_buff *msg;
21373 	void *hdr;
21374 
21375 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
21376 		return;
21377 
21378 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
21379 
21380 	msg = nlmsg_new(100 + ie_len, gfp);
21381 	if (!msg)
21382 		return;
21383 
21384 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
21385 	if (!hdr) {
21386 		nlmsg_free(msg);
21387 		return;
21388 	}
21389 
21390 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21391 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21392 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
21393 	    (ie_len && ie &&
21394 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
21395 	    (sig_dbm &&
21396 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
21397 		goto nla_put_failure;
21398 
21399 	genlmsg_end(msg, hdr);
21400 
21401 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21402 				NL80211_MCGRP_MLME, gfp);
21403 	return;
21404 
21405  nla_put_failure:
21406 	nlmsg_free(msg);
21407 }
21408 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
21409 
21410 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
21411 				 struct net_device *netdev, const u8 *addr,
21412 				 enum nl80211_key_type key_type, int key_id,
21413 				 const u8 *tsc, gfp_t gfp)
21414 {
21415 	struct sk_buff *msg;
21416 	void *hdr;
21417 
21418 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21419 	if (!msg)
21420 		return;
21421 
21422 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
21423 	if (!hdr) {
21424 		nlmsg_free(msg);
21425 		return;
21426 	}
21427 
21428 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21429 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21430 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
21431 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
21432 	    (key_id != -1 &&
21433 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
21434 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
21435 		goto nla_put_failure;
21436 
21437 	genlmsg_end(msg, hdr);
21438 
21439 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21440 				NL80211_MCGRP_MLME, gfp);
21441 	return;
21442 
21443  nla_put_failure:
21444 	nlmsg_free(msg);
21445 }
21446 
21447 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
21448 				    struct ieee80211_channel *channel_before,
21449 				    struct ieee80211_channel *channel_after)
21450 {
21451 	struct sk_buff *msg;
21452 	void *hdr;
21453 	struct nlattr *nl_freq;
21454 
21455 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
21456 	if (!msg)
21457 		return;
21458 
21459 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
21460 	if (!hdr) {
21461 		nlmsg_free(msg);
21462 		return;
21463 	}
21464 
21465 	/*
21466 	 * Since we are applying the beacon hint to a wiphy we know its
21467 	 * wiphy_idx is valid
21468 	 */
21469 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
21470 		goto nla_put_failure;
21471 
21472 	/* Before */
21473 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
21474 	if (!nl_freq)
21475 		goto nla_put_failure;
21476 
21477 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
21478 		goto nla_put_failure;
21479 	nla_nest_end(msg, nl_freq);
21480 
21481 	/* After */
21482 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
21483 	if (!nl_freq)
21484 		goto nla_put_failure;
21485 
21486 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
21487 		goto nla_put_failure;
21488 	nla_nest_end(msg, nl_freq);
21489 
21490 	genlmsg_end(msg, hdr);
21491 
21492 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
21493 				NL80211_MCGRP_REGULATORY);
21494 
21495 	return;
21496 
21497 nla_put_failure:
21498 	nlmsg_free(msg);
21499 }
21500 
21501 static void nl80211_send_remain_on_chan_event(
21502 	int cmd, struct cfg80211_registered_device *rdev,
21503 	struct wireless_dev *wdev, u64 cookie,
21504 	struct ieee80211_channel *chan,
21505 	unsigned int duration, gfp_t gfp)
21506 {
21507 	struct sk_buff *msg;
21508 	void *hdr;
21509 
21510 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21511 	if (!msg)
21512 		return;
21513 
21514 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
21515 	if (!hdr) {
21516 		nlmsg_free(msg);
21517 		return;
21518 	}
21519 
21520 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21521 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
21522 					 wdev->netdev->ifindex)) ||
21523 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21524 			      NL80211_ATTR_PAD) ||
21525 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
21526 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
21527 			NL80211_CHAN_NO_HT) ||
21528 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
21529 			      NL80211_ATTR_PAD))
21530 		goto nla_put_failure;
21531 
21532 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
21533 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
21534 		goto nla_put_failure;
21535 
21536 	genlmsg_end(msg, hdr);
21537 
21538 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21539 				NL80211_MCGRP_MLME, gfp);
21540 	return;
21541 
21542  nla_put_failure:
21543 	nlmsg_free(msg);
21544 }
21545 
21546 void cfg80211_assoc_comeback(struct net_device *netdev,
21547 			     const u8 *ap_addr, u32 timeout)
21548 {
21549 	struct wireless_dev *wdev = netdev->ieee80211_ptr;
21550 	struct wiphy *wiphy = wdev->wiphy;
21551 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21552 	struct sk_buff *msg;
21553 	void *hdr;
21554 
21555 	trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
21556 
21557 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21558 	if (!msg)
21559 		return;
21560 
21561 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
21562 	if (!hdr) {
21563 		nlmsg_free(msg);
21564 		return;
21565 	}
21566 
21567 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21568 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21569 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
21570 	    nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
21571 		goto nla_put_failure;
21572 
21573 	genlmsg_end(msg, hdr);
21574 
21575 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21576 				NL80211_MCGRP_MLME, GFP_KERNEL);
21577 	return;
21578 
21579  nla_put_failure:
21580 	nlmsg_free(msg);
21581 }
21582 EXPORT_SYMBOL(cfg80211_assoc_comeback);
21583 
21584 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
21585 			       struct ieee80211_channel *chan,
21586 			       unsigned int duration, gfp_t gfp)
21587 {
21588 	struct wiphy *wiphy = wdev->wiphy;
21589 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21590 
21591 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
21592 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
21593 					  rdev, wdev, cookie, chan,
21594 					  duration, gfp);
21595 }
21596 EXPORT_SYMBOL(cfg80211_ready_on_channel);
21597 
21598 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
21599 					struct ieee80211_channel *chan,
21600 					gfp_t gfp)
21601 {
21602 	struct wiphy *wiphy = wdev->wiphy;
21603 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21604 
21605 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
21606 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
21607 					  rdev, wdev, cookie, chan, 0, gfp);
21608 }
21609 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
21610 
21611 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
21612 					struct ieee80211_channel *chan,
21613 					gfp_t gfp)
21614 {
21615 	struct wiphy *wiphy = wdev->wiphy;
21616 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21617 
21618 	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
21619 	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
21620 					  rdev, wdev, cookie, chan, 0, gfp);
21621 }
21622 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
21623 
21624 void cfg80211_new_sta(struct wireless_dev *wdev, const u8 *mac_addr,
21625 		      struct station_info *sinfo, gfp_t gfp)
21626 {
21627 	struct wiphy *wiphy = wdev->wiphy;
21628 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21629 	struct sk_buff *msg;
21630 
21631 	trace_cfg80211_new_sta(wdev, mac_addr, sinfo);
21632 
21633 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21634 	if (!msg)
21635 		return;
21636 
21637 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
21638 				 rdev, wdev, mac_addr, sinfo, false) < 0) {
21639 		nlmsg_free(msg);
21640 		return;
21641 	}
21642 
21643 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21644 				NL80211_MCGRP_MLME, gfp);
21645 }
21646 EXPORT_SYMBOL(cfg80211_new_sta);
21647 
21648 void cfg80211_del_sta_sinfo(struct wireless_dev *wdev, const u8 *mac_addr,
21649 			    struct station_info *sinfo, gfp_t gfp)
21650 {
21651 	struct wiphy *wiphy = wdev->wiphy;
21652 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21653 	struct sk_buff *msg;
21654 	struct station_info empty_sinfo = {};
21655 
21656 	if (!sinfo)
21657 		sinfo = &empty_sinfo;
21658 
21659 	trace_cfg80211_del_sta(wdev, mac_addr);
21660 
21661 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21662 	if (!msg) {
21663 		cfg80211_sinfo_release_content(sinfo);
21664 		return;
21665 	}
21666 
21667 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
21668 				 rdev, wdev, mac_addr, sinfo, false) < 0) {
21669 		nlmsg_free(msg);
21670 		return;
21671 	}
21672 
21673 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21674 				NL80211_MCGRP_MLME, gfp);
21675 }
21676 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
21677 
21678 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
21679 			  enum nl80211_connect_failed_reason reason,
21680 			  gfp_t gfp)
21681 {
21682 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
21683 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21684 	struct sk_buff *msg;
21685 	void *hdr;
21686 
21687 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
21688 	if (!msg)
21689 		return;
21690 
21691 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
21692 	if (!hdr) {
21693 		nlmsg_free(msg);
21694 		return;
21695 	}
21696 
21697 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21698 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
21699 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
21700 		goto nla_put_failure;
21701 
21702 	genlmsg_end(msg, hdr);
21703 
21704 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21705 				NL80211_MCGRP_MLME, gfp);
21706 	return;
21707 
21708  nla_put_failure:
21709 	nlmsg_free(msg);
21710 }
21711 EXPORT_SYMBOL(cfg80211_conn_failed);
21712 
21713 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
21714 				       const u8 *addr, int link_id, gfp_t gfp)
21715 {
21716 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21717 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21718 	struct sk_buff *msg;
21719 	void *hdr;
21720 	u32 nlportid = READ_ONCE(wdev->unexpected_nlportid);
21721 
21722 	if (!nlportid)
21723 		return false;
21724 
21725 	msg = nlmsg_new(100, gfp);
21726 	if (!msg)
21727 		return true;
21728 
21729 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
21730 	if (!hdr) {
21731 		nlmsg_free(msg);
21732 		return true;
21733 	}
21734 
21735 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21736 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21737 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
21738 	    (link_id >= 0 &&
21739 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
21740 		goto nla_put_failure;
21741 
21742 	genlmsg_end(msg, hdr);
21743 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21744 	return true;
21745 
21746  nla_put_failure:
21747 	nlmsg_free(msg);
21748 	return true;
21749 }
21750 
21751 bool cfg80211_rx_spurious_frame(struct net_device *dev, const u8 *addr,
21752 				int link_id, gfp_t gfp)
21753 {
21754 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21755 	bool ret;
21756 
21757 	trace_cfg80211_rx_spurious_frame(dev, addr, link_id);
21758 
21759 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
21760 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
21761 		    wdev->iftype != NL80211_IFTYPE_NAN_DATA)) {
21762 		trace_cfg80211_return_bool(false);
21763 		return false;
21764 	}
21765 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
21766 					 addr, link_id, gfp);
21767 	trace_cfg80211_return_bool(ret);
21768 	return ret;
21769 }
21770 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
21771 
21772 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, const u8 *addr,
21773 					int link_id, gfp_t gfp)
21774 {
21775 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21776 	bool ret;
21777 
21778 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr, link_id);
21779 
21780 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
21781 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
21782 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
21783 		trace_cfg80211_return_bool(false);
21784 		return false;
21785 	}
21786 	ret = __nl80211_unexpected_frame(dev,
21787 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
21788 					 addr, link_id, gfp);
21789 	trace_cfg80211_return_bool(ret);
21790 	return ret;
21791 }
21792 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
21793 
21794 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
21795 		      struct wireless_dev *wdev, u32 nlportid,
21796 		      struct cfg80211_rx_info *info, gfp_t gfp)
21797 {
21798 	struct net_device *netdev = wdev->netdev;
21799 	struct sk_buff *msg;
21800 	void *hdr;
21801 
21802 	msg = nlmsg_new(100 + info->len, gfp);
21803 	if (!msg)
21804 		return -ENOMEM;
21805 
21806 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
21807 	if (!hdr) {
21808 		nlmsg_free(msg);
21809 		return -ENOMEM;
21810 	}
21811 
21812 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21813 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
21814 					netdev->ifindex)) ||
21815 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21816 			      NL80211_ATTR_PAD) ||
21817 	    (info->have_link_id &&
21818 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
21819 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
21820 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
21821 	    (info->sig_dbm &&
21822 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
21823 	    nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
21824 	    (info->flags &&
21825 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
21826 	    (info->rx_tstamp && nla_put_u64_64bit(msg,
21827 						  NL80211_ATTR_RX_HW_TIMESTAMP,
21828 						  info->rx_tstamp,
21829 						  NL80211_ATTR_PAD)) ||
21830 	    (info->ack_tstamp && nla_put_u64_64bit(msg,
21831 						   NL80211_ATTR_TX_HW_TIMESTAMP,
21832 						   info->ack_tstamp,
21833 						   NL80211_ATTR_PAD)))
21834 		goto nla_put_failure;
21835 
21836 	genlmsg_end(msg, hdr);
21837 
21838 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21839 
21840  nla_put_failure:
21841 	nlmsg_free(msg);
21842 	return -ENOBUFS;
21843 }
21844 
21845 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
21846 				    struct cfg80211_tx_status *status,
21847 				    gfp_t gfp, enum nl80211_commands command)
21848 {
21849 	struct wiphy *wiphy = wdev->wiphy;
21850 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21851 	struct net_device *netdev = wdev->netdev;
21852 	struct sk_buff *msg;
21853 	void *hdr;
21854 
21855 	if (command == NL80211_CMD_FRAME_TX_STATUS)
21856 		trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
21857 					      status->ack);
21858 	else
21859 		trace_cfg80211_control_port_tx_status(wdev, status->cookie,
21860 						      status->ack);
21861 
21862 	msg = nlmsg_new(100 + status->len, gfp);
21863 	if (!msg)
21864 		return;
21865 
21866 	hdr = nl80211hdr_put(msg, 0, 0, 0, command);
21867 	if (!hdr) {
21868 		nlmsg_free(msg);
21869 		return;
21870 	}
21871 
21872 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21873 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
21874 				   netdev->ifindex)) ||
21875 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21876 			      NL80211_ATTR_PAD) ||
21877 	    nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
21878 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
21879 			      NL80211_ATTR_PAD) ||
21880 	    (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
21881 	    (status->tx_tstamp &&
21882 	     nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
21883 			       status->tx_tstamp, NL80211_ATTR_PAD)) ||
21884 	    (status->ack_tstamp &&
21885 	     nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
21886 			       status->ack_tstamp, NL80211_ATTR_PAD)))
21887 		goto nla_put_failure;
21888 
21889 	genlmsg_end(msg, hdr);
21890 
21891 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21892 				NL80211_MCGRP_MLME, gfp);
21893 	return;
21894 
21895 nla_put_failure:
21896 	nlmsg_free(msg);
21897 }
21898 
21899 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
21900 				     const u8 *buf, size_t len, bool ack,
21901 				     gfp_t gfp)
21902 {
21903 	struct cfg80211_tx_status status = {
21904 		.cookie = cookie,
21905 		.buf = buf,
21906 		.len = len,
21907 		.ack = ack
21908 	};
21909 
21910 	nl80211_frame_tx_status(wdev, &status, gfp,
21911 				NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
21912 }
21913 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
21914 
21915 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
21916 				 struct cfg80211_tx_status *status, gfp_t gfp)
21917 {
21918 	nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
21919 }
21920 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
21921 
21922 static int __nl80211_rx_control_port(struct net_device *dev,
21923 				     struct sk_buff *skb,
21924 				     bool unencrypted,
21925 				     int link_id,
21926 				     gfp_t gfp)
21927 {
21928 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21929 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21930 	struct ethhdr *ehdr = eth_hdr(skb);
21931 	const u8 *addr = ehdr->h_source;
21932 	u16 proto = be16_to_cpu(skb->protocol);
21933 	struct sk_buff *msg;
21934 	void *hdr;
21935 	struct nlattr *frame;
21936 
21937 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
21938 
21939 	if (!nlportid)
21940 		return -ENOENT;
21941 
21942 	msg = nlmsg_new(100 + skb->len, gfp);
21943 	if (!msg)
21944 		return -ENOMEM;
21945 
21946 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
21947 	if (!hdr) {
21948 		nlmsg_free(msg);
21949 		return -ENOBUFS;
21950 	}
21951 
21952 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21953 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21954 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21955 			      NL80211_ATTR_PAD) ||
21956 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
21957 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
21958 	    (link_id >= 0 &&
21959 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
21960 	    (unencrypted && nla_put_flag(msg,
21961 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
21962 		goto nla_put_failure;
21963 
21964 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
21965 	if (!frame)
21966 		goto nla_put_failure;
21967 
21968 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
21969 	genlmsg_end(msg, hdr);
21970 
21971 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21972 
21973  nla_put_failure:
21974 	nlmsg_free(msg);
21975 	return -ENOBUFS;
21976 }
21977 
21978 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
21979 			      bool unencrypted, int link_id)
21980 {
21981 	int ret;
21982 
21983 	trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
21984 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
21985 					GFP_ATOMIC);
21986 	trace_cfg80211_return_bool(ret == 0);
21987 	return ret == 0;
21988 }
21989 EXPORT_SYMBOL(cfg80211_rx_control_port);
21990 
21991 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
21992 					    const char *mac, gfp_t gfp)
21993 {
21994 	struct wireless_dev *wdev = dev->ieee80211_ptr;
21995 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21996 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21997 	void **cb;
21998 
21999 	if (!msg)
22000 		return NULL;
22001 
22002 	cb = (void **)msg->cb;
22003 
22004 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
22005 	if (!cb[0]) {
22006 		nlmsg_free(msg);
22007 		return NULL;
22008 	}
22009 
22010 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22011 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
22012 		goto nla_put_failure;
22013 
22014 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
22015 		goto nla_put_failure;
22016 
22017 	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
22018 	if (!cb[1])
22019 		goto nla_put_failure;
22020 
22021 	cb[2] = rdev;
22022 
22023 	return msg;
22024  nla_put_failure:
22025 	nlmsg_free(msg);
22026 	return NULL;
22027 }
22028 
22029 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
22030 {
22031 	void **cb = (void **)msg->cb;
22032 	struct cfg80211_registered_device *rdev = cb[2];
22033 
22034 	nla_nest_end(msg, cb[1]);
22035 	genlmsg_end(msg, cb[0]);
22036 
22037 	memset(msg->cb, 0, sizeof(msg->cb));
22038 
22039 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22040 				NL80211_MCGRP_MLME, gfp);
22041 }
22042 
22043 void cfg80211_cqm_rssi_notify(struct net_device *dev,
22044 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
22045 			      s32 rssi_level, gfp_t gfp)
22046 {
22047 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22048 	struct cfg80211_cqm_config *cqm_config;
22049 
22050 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
22051 
22052 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
22053 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
22054 		return;
22055 
22056 	rcu_read_lock();
22057 	cqm_config = rcu_dereference(wdev->cqm_config);
22058 	if (cqm_config) {
22059 		cqm_config->last_rssi_event_value = rssi_level;
22060 		cqm_config->last_rssi_event_type = rssi_event;
22061 		wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
22062 	}
22063 	rcu_read_unlock();
22064 }
22065 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
22066 
22067 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
22068 {
22069 	struct wireless_dev *wdev = container_of(work, struct wireless_dev,
22070 						 cqm_rssi_work);
22071 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22072 	enum nl80211_cqm_rssi_threshold_event rssi_event;
22073 	struct cfg80211_cqm_config *cqm_config;
22074 	struct sk_buff *msg;
22075 	s32 rssi_level;
22076 
22077 	cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
22078 	if (!cqm_config)
22079 		return;
22080 
22081 	if (cqm_config->use_range_api)
22082 		cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
22083 
22084 	rssi_level = cqm_config->last_rssi_event_value;
22085 	rssi_event = cqm_config->last_rssi_event_type;
22086 
22087 	msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
22088 	if (!msg)
22089 		return;
22090 
22091 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
22092 			rssi_event))
22093 		goto nla_put_failure;
22094 
22095 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
22096 				      rssi_level))
22097 		goto nla_put_failure;
22098 
22099 	cfg80211_send_cqm(msg, GFP_KERNEL);
22100 
22101 	return;
22102 
22103  nla_put_failure:
22104 	nlmsg_free(msg);
22105 }
22106 
22107 void cfg80211_cqm_txe_notify(struct net_device *dev,
22108 			     const u8 *peer, u32 num_packets,
22109 			     u32 rate, u32 intvl, gfp_t gfp)
22110 {
22111 	struct sk_buff *msg;
22112 
22113 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
22114 	if (!msg)
22115 		return;
22116 
22117 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
22118 		goto nla_put_failure;
22119 
22120 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
22121 		goto nla_put_failure;
22122 
22123 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
22124 		goto nla_put_failure;
22125 
22126 	cfg80211_send_cqm(msg, gfp);
22127 	return;
22128 
22129  nla_put_failure:
22130 	nlmsg_free(msg);
22131 }
22132 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
22133 
22134 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
22135 				 const u8 *peer, u32 num_packets, gfp_t gfp)
22136 {
22137 	struct sk_buff *msg;
22138 
22139 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
22140 
22141 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
22142 	if (!msg)
22143 		return;
22144 
22145 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
22146 		goto nla_put_failure;
22147 
22148 	cfg80211_send_cqm(msg, gfp);
22149 	return;
22150 
22151  nla_put_failure:
22152 	nlmsg_free(msg);
22153 }
22154 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
22155 
22156 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
22157 {
22158 	struct sk_buff *msg;
22159 
22160 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
22161 	if (!msg)
22162 		return;
22163 
22164 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
22165 		goto nla_put_failure;
22166 
22167 	cfg80211_send_cqm(msg, gfp);
22168 	return;
22169 
22170  nla_put_failure:
22171 	nlmsg_free(msg);
22172 }
22173 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
22174 
22175 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
22176 				     struct net_device *netdev, const u8 *bssid,
22177 				     const u8 *replay_ctr, gfp_t gfp)
22178 {
22179 	struct sk_buff *msg;
22180 	struct nlattr *rekey_attr;
22181 	void *hdr;
22182 
22183 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22184 	if (!msg)
22185 		return;
22186 
22187 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
22188 	if (!hdr) {
22189 		nlmsg_free(msg);
22190 		return;
22191 	}
22192 
22193 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22194 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
22195 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
22196 		goto nla_put_failure;
22197 
22198 	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
22199 	if (!rekey_attr)
22200 		goto nla_put_failure;
22201 
22202 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
22203 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
22204 		goto nla_put_failure;
22205 
22206 	nla_nest_end(msg, rekey_attr);
22207 
22208 	genlmsg_end(msg, hdr);
22209 
22210 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22211 				NL80211_MCGRP_MLME, gfp);
22212 	return;
22213 
22214  nla_put_failure:
22215 	nlmsg_free(msg);
22216 }
22217 
22218 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
22219 			       const u8 *replay_ctr, gfp_t gfp)
22220 {
22221 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22222 	struct wiphy *wiphy = wdev->wiphy;
22223 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22224 
22225 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
22226 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
22227 }
22228 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
22229 
22230 static void
22231 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
22232 			       struct net_device *netdev, int index,
22233 			       const u8 *bssid, bool preauth, gfp_t gfp)
22234 {
22235 	struct sk_buff *msg;
22236 	struct nlattr *attr;
22237 	void *hdr;
22238 
22239 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22240 	if (!msg)
22241 		return;
22242 
22243 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
22244 	if (!hdr) {
22245 		nlmsg_free(msg);
22246 		return;
22247 	}
22248 
22249 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22250 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
22251 		goto nla_put_failure;
22252 
22253 	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
22254 	if (!attr)
22255 		goto nla_put_failure;
22256 
22257 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
22258 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
22259 	    (preauth &&
22260 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
22261 		goto nla_put_failure;
22262 
22263 	nla_nest_end(msg, attr);
22264 
22265 	genlmsg_end(msg, hdr);
22266 
22267 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22268 				NL80211_MCGRP_MLME, gfp);
22269 	return;
22270 
22271  nla_put_failure:
22272 	nlmsg_free(msg);
22273 }
22274 
22275 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
22276 				     const u8 *bssid, bool preauth, gfp_t gfp)
22277 {
22278 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22279 	struct wiphy *wiphy = wdev->wiphy;
22280 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22281 
22282 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
22283 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
22284 }
22285 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
22286 
22287 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
22288 				     struct net_device *netdev,
22289 				     unsigned int link_id,
22290 				     struct cfg80211_chan_def *chandef,
22291 				     gfp_t gfp,
22292 				     enum nl80211_commands notif,
22293 				     u8 count, bool quiet)
22294 {
22295 	struct wireless_dev *wdev = netdev->ieee80211_ptr;
22296 	struct sk_buff *msg;
22297 	void *hdr;
22298 
22299 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22300 	if (!msg)
22301 		return;
22302 
22303 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
22304 	if (!hdr) {
22305 		nlmsg_free(msg);
22306 		return;
22307 	}
22308 
22309 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
22310 		goto nla_put_failure;
22311 
22312 	if (wdev->valid_links &&
22313 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
22314 		goto nla_put_failure;
22315 
22316 	if (nl80211_send_chandef(msg, chandef))
22317 		goto nla_put_failure;
22318 
22319 	if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
22320 		if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
22321 			goto nla_put_failure;
22322 		if (quiet &&
22323 		    nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
22324 			goto nla_put_failure;
22325 	}
22326 
22327 	genlmsg_end(msg, hdr);
22328 
22329 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22330 				NL80211_MCGRP_MLME, gfp);
22331 	return;
22332 
22333  nla_put_failure:
22334 	nlmsg_free(msg);
22335 }
22336 
22337 void cfg80211_ch_switch_notify(struct net_device *dev,
22338 			       struct cfg80211_chan_def *chandef,
22339 			       unsigned int link_id)
22340 {
22341 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22342 	struct wiphy *wiphy = wdev->wiphy;
22343 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22344 
22345 	lockdep_assert_wiphy(wdev->wiphy);
22346 	WARN_INVALID_LINK_ID(wdev, link_id);
22347 
22348 	trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
22349 
22350 	switch (wdev->iftype) {
22351 	case NL80211_IFTYPE_STATION:
22352 	case NL80211_IFTYPE_P2P_CLIENT:
22353 		if (!WARN_ON(!wdev->links[link_id].client.current_bss))
22354 			cfg80211_update_assoc_bss_entry(wdev, link_id,
22355 							chandef->chan);
22356 		break;
22357 	case NL80211_IFTYPE_MESH_POINT:
22358 		wdev->u.mesh.chandef = *chandef;
22359 		wdev->u.mesh.preset_chandef = *chandef;
22360 		break;
22361 	case NL80211_IFTYPE_AP:
22362 	case NL80211_IFTYPE_P2P_GO:
22363 		wdev->links[link_id].ap.chandef = *chandef;
22364 		break;
22365 	case NL80211_IFTYPE_ADHOC:
22366 		wdev->u.ibss.chandef = *chandef;
22367 		break;
22368 	default:
22369 		WARN_ON(1);
22370 		break;
22371 	}
22372 
22373 	cfg80211_schedule_channels_check(wdev);
22374 	cfg80211_sched_dfs_chan_update(rdev);
22375 
22376 	nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
22377 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
22378 }
22379 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
22380 
22381 void cfg80211_incumbent_signal_notify(struct wiphy *wiphy,
22382 				      const struct cfg80211_chan_def *chandef,
22383 				      u32 signal_interference_bitmap,
22384 				      gfp_t gfp)
22385 {
22386 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22387 	struct sk_buff *msg;
22388 	void *hdr;
22389 
22390 	trace_cfg80211_incumbent_signal_notify(wiphy, chandef, signal_interference_bitmap);
22391 
22392 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22393 	if (!msg)
22394 		return;
22395 
22396 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_INCUMBENT_SIGNAL_DETECT);
22397 	if (!hdr)
22398 		goto nla_put_failure;
22399 
22400 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
22401 		goto nla_put_failure;
22402 
22403 	if (nl80211_send_chandef(msg, chandef))
22404 		goto nla_put_failure;
22405 
22406 	if (nla_put_u32(msg, NL80211_ATTR_INCUMBENT_SIGNAL_INTERFERENCE_BITMAP,
22407 			signal_interference_bitmap))
22408 		goto nla_put_failure;
22409 
22410 	genlmsg_end(msg, hdr);
22411 
22412 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22413 				NL80211_MCGRP_MLME, gfp);
22414 	return;
22415 
22416 nla_put_failure:
22417 	nlmsg_free(msg);
22418 }
22419 EXPORT_SYMBOL(cfg80211_incumbent_signal_notify);
22420 
22421 void cfg80211_ch_switch_started_notify(struct net_device *dev,
22422 				       struct cfg80211_chan_def *chandef,
22423 				       unsigned int link_id, u8 count,
22424 				       bool quiet)
22425 {
22426 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22427 	struct wiphy *wiphy = wdev->wiphy;
22428 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22429 
22430 	lockdep_assert_wiphy(wdev->wiphy);
22431 	WARN_INVALID_LINK_ID(wdev, link_id);
22432 
22433 	trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
22434 
22435 
22436 	nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
22437 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
22438 				 count, quiet);
22439 }
22440 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
22441 
22442 int cfg80211_bss_color_notify(struct net_device *dev,
22443 			      enum nl80211_commands cmd, u8 count,
22444 			      u64 color_bitmap, u8 link_id)
22445 {
22446 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22447 	struct wiphy *wiphy = wdev->wiphy;
22448 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22449 	struct sk_buff *msg;
22450 	void *hdr;
22451 
22452 	lockdep_assert_wiphy(wdev->wiphy);
22453 
22454 	trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
22455 
22456 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
22457 	if (!msg)
22458 		return -ENOMEM;
22459 
22460 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
22461 	if (!hdr)
22462 		goto nla_put_failure;
22463 
22464 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
22465 		goto nla_put_failure;
22466 
22467 	if (wdev->valid_links &&
22468 	    nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
22469 		goto nla_put_failure;
22470 
22471 	if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
22472 	    nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
22473 		goto nla_put_failure;
22474 
22475 	if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
22476 	    nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
22477 			      color_bitmap, NL80211_ATTR_PAD))
22478 		goto nla_put_failure;
22479 
22480 	genlmsg_end(msg, hdr);
22481 
22482 	return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
22483 				       msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
22484 
22485 nla_put_failure:
22486 	nlmsg_free(msg);
22487 	return -EINVAL;
22488 }
22489 EXPORT_SYMBOL(cfg80211_bss_color_notify);
22490 
22491 void
22492 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
22493 		     const struct cfg80211_chan_def *chandef,
22494 		     enum nl80211_radar_event event,
22495 		     struct net_device *netdev, gfp_t gfp)
22496 {
22497 	struct sk_buff *msg;
22498 	void *hdr;
22499 
22500 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22501 	if (!msg)
22502 		return;
22503 
22504 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
22505 	if (!hdr) {
22506 		nlmsg_free(msg);
22507 		return;
22508 	}
22509 
22510 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
22511 		goto nla_put_failure;
22512 
22513 	/* NOP and radar events don't need a netdev parameter */
22514 	if (netdev) {
22515 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
22516 
22517 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
22518 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22519 				      NL80211_ATTR_PAD))
22520 			goto nla_put_failure;
22521 	}
22522 
22523 	if (rdev->background_radar_wdev &&
22524 	    cfg80211_chandef_identical(&rdev->background_radar_chandef,
22525 				       chandef)) {
22526 		if (nla_put_flag(msg, NL80211_ATTR_RADAR_BACKGROUND))
22527 			goto nla_put_failure;
22528 	}
22529 
22530 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
22531 		goto nla_put_failure;
22532 
22533 	if (nl80211_send_chandef(msg, chandef))
22534 		goto nla_put_failure;
22535 
22536 	genlmsg_end(msg, hdr);
22537 
22538 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22539 				NL80211_MCGRP_MLME, gfp);
22540 	return;
22541 
22542  nla_put_failure:
22543 	nlmsg_free(msg);
22544 }
22545 
22546 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
22547 				       struct sta_opmode_info *sta_opmode,
22548 				       gfp_t gfp)
22549 {
22550 	struct sk_buff *msg;
22551 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22552 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22553 	void *hdr;
22554 
22555 	if (WARN_ON(!mac))
22556 		return;
22557 
22558 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22559 	if (!msg)
22560 		return;
22561 
22562 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
22563 	if (!hdr) {
22564 		nlmsg_free(msg);
22565 		return;
22566 	}
22567 
22568 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
22569 		goto nla_put_failure;
22570 
22571 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
22572 		goto nla_put_failure;
22573 
22574 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
22575 		goto nla_put_failure;
22576 
22577 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
22578 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
22579 		goto nla_put_failure;
22580 
22581 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
22582 	    nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
22583 		goto nla_put_failure;
22584 
22585 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
22586 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
22587 		goto nla_put_failure;
22588 
22589 	genlmsg_end(msg, hdr);
22590 
22591 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22592 				NL80211_MCGRP_MLME, gfp);
22593 
22594 	return;
22595 
22596 nla_put_failure:
22597 	nlmsg_free(msg);
22598 }
22599 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
22600 
22601 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
22602 			   u64 cookie, bool acked, s32 ack_signal,
22603 			   bool is_valid_ack_signal, gfp_t gfp)
22604 {
22605 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22606 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22607 	struct sk_buff *msg;
22608 	void *hdr;
22609 
22610 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
22611 
22612 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22613 
22614 	if (!msg)
22615 		return;
22616 
22617 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
22618 	if (!hdr) {
22619 		nlmsg_free(msg);
22620 		return;
22621 	}
22622 
22623 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22624 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
22625 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
22626 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
22627 			      NL80211_ATTR_PAD) ||
22628 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
22629 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
22630 						ack_signal)))
22631 		goto nla_put_failure;
22632 
22633 	genlmsg_end(msg, hdr);
22634 
22635 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22636 				NL80211_MCGRP_MLME, gfp);
22637 	return;
22638 
22639  nla_put_failure:
22640 	nlmsg_free(msg);
22641 }
22642 EXPORT_SYMBOL(cfg80211_probe_status);
22643 
22644 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
22645 				     size_t len, int freq, int sig_dbm)
22646 {
22647 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22648 	struct sk_buff *msg;
22649 	void *hdr;
22650 	struct cfg80211_beacon_registration *reg;
22651 
22652 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
22653 
22654 	spin_lock_bh(&rdev->beacon_registrations_lock);
22655 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
22656 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
22657 		if (!msg) {
22658 			spin_unlock_bh(&rdev->beacon_registrations_lock);
22659 			return;
22660 		}
22661 
22662 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
22663 		if (!hdr)
22664 			goto nla_put_failure;
22665 
22666 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22667 		    (freq &&
22668 		     (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
22669 				  KHZ_TO_MHZ(freq)) ||
22670 		      nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
22671 				  freq % 1000))) ||
22672 		    (sig_dbm &&
22673 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
22674 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
22675 			goto nla_put_failure;
22676 
22677 		genlmsg_end(msg, hdr);
22678 
22679 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
22680 	}
22681 	spin_unlock_bh(&rdev->beacon_registrations_lock);
22682 	return;
22683 
22684  nla_put_failure:
22685 	spin_unlock_bh(&rdev->beacon_registrations_lock);
22686 	nlmsg_free(msg);
22687 }
22688 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
22689 
22690 #ifdef CONFIG_PM
22691 static int cfg80211_net_detect_results(struct sk_buff *msg,
22692 				       struct cfg80211_wowlan_wakeup *wakeup)
22693 {
22694 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
22695 	struct nlattr *nl_results, *nl_match, *nl_freqs;
22696 	int i, j;
22697 
22698 	nl_results = nla_nest_start_noflag(msg,
22699 					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
22700 	if (!nl_results)
22701 		return -EMSGSIZE;
22702 
22703 	for (i = 0; i < nd->n_matches; i++) {
22704 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
22705 
22706 		nl_match = nla_nest_start_noflag(msg, i);
22707 		if (!nl_match)
22708 			break;
22709 
22710 		/* The SSID attribute is optional in nl80211, but for
22711 		 * simplicity reasons it's always present in the
22712 		 * cfg80211 structure.  If a driver can't pass the
22713 		 * SSID, that needs to be changed.  A zero length SSID
22714 		 * is still a valid SSID (wildcard), so it cannot be
22715 		 * used for this purpose.
22716 		 */
22717 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
22718 			    match->ssid.ssid)) {
22719 			nla_nest_cancel(msg, nl_match);
22720 			goto out;
22721 		}
22722 
22723 		if (match->n_channels) {
22724 			nl_freqs = nla_nest_start_noflag(msg,
22725 							 NL80211_ATTR_SCAN_FREQUENCIES);
22726 			if (!nl_freqs) {
22727 				nla_nest_cancel(msg, nl_match);
22728 				goto out;
22729 			}
22730 
22731 			for (j = 0; j < match->n_channels; j++) {
22732 				if (nla_put_u32(msg, j, match->channels[j])) {
22733 					nla_nest_cancel(msg, nl_freqs);
22734 					nla_nest_cancel(msg, nl_match);
22735 					goto out;
22736 				}
22737 			}
22738 
22739 			nla_nest_end(msg, nl_freqs);
22740 		}
22741 
22742 		nla_nest_end(msg, nl_match);
22743 	}
22744 
22745 out:
22746 	nla_nest_end(msg, nl_results);
22747 	return 0;
22748 }
22749 
22750 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
22751 				   struct cfg80211_wowlan_wakeup *wakeup,
22752 				   gfp_t gfp)
22753 {
22754 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22755 	struct sk_buff *msg;
22756 	void *hdr;
22757 	int size = 200;
22758 
22759 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
22760 
22761 	if (wakeup)
22762 		size += wakeup->packet_present_len;
22763 
22764 	msg = nlmsg_new(size, gfp);
22765 	if (!msg)
22766 		return;
22767 
22768 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
22769 	if (!hdr)
22770 		goto free_msg;
22771 
22772 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22773 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22774 			      NL80211_ATTR_PAD))
22775 		goto free_msg;
22776 
22777 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
22778 					wdev->netdev->ifindex))
22779 		goto free_msg;
22780 
22781 	if (wakeup) {
22782 		struct nlattr *reasons;
22783 
22784 		reasons = nla_nest_start_noflag(msg,
22785 						NL80211_ATTR_WOWLAN_TRIGGERS);
22786 		if (!reasons)
22787 			goto free_msg;
22788 
22789 		if (wakeup->disconnect &&
22790 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
22791 			goto free_msg;
22792 		if (wakeup->magic_pkt &&
22793 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
22794 			goto free_msg;
22795 		if (wakeup->gtk_rekey_failure &&
22796 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
22797 			goto free_msg;
22798 		if (wakeup->eap_identity_req &&
22799 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
22800 			goto free_msg;
22801 		if (wakeup->four_way_handshake &&
22802 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
22803 			goto free_msg;
22804 		if (wakeup->rfkill_release &&
22805 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
22806 			goto free_msg;
22807 
22808 		if (wakeup->pattern_idx >= 0 &&
22809 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
22810 				wakeup->pattern_idx))
22811 			goto free_msg;
22812 
22813 		if (wakeup->tcp_match &&
22814 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
22815 			goto free_msg;
22816 
22817 		if (wakeup->tcp_connlost &&
22818 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
22819 			goto free_msg;
22820 
22821 		if (wakeup->tcp_nomoretokens &&
22822 		    nla_put_flag(msg,
22823 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
22824 			goto free_msg;
22825 
22826 		if (wakeup->unprot_deauth_disassoc &&
22827 		    nla_put_flag(msg,
22828 				 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
22829 			goto free_msg;
22830 
22831 		if (wakeup->packet) {
22832 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
22833 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
22834 
22835 			if (!wakeup->packet_80211) {
22836 				pkt_attr =
22837 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
22838 				len_attr =
22839 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
22840 			}
22841 
22842 			if (wakeup->packet_len &&
22843 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
22844 				goto free_msg;
22845 
22846 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
22847 				    wakeup->packet))
22848 				goto free_msg;
22849 		}
22850 
22851 		if (wakeup->net_detect &&
22852 		    cfg80211_net_detect_results(msg, wakeup))
22853 				goto free_msg;
22854 
22855 		nla_nest_end(msg, reasons);
22856 	}
22857 
22858 	genlmsg_end(msg, hdr);
22859 
22860 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22861 				NL80211_MCGRP_MLME, gfp);
22862 	return;
22863 
22864  free_msg:
22865 	nlmsg_free(msg);
22866 }
22867 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
22868 #endif
22869 
22870 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
22871 				enum nl80211_tdls_operation oper,
22872 				u16 reason_code, gfp_t gfp)
22873 {
22874 	struct wireless_dev *wdev = dev->ieee80211_ptr;
22875 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22876 	struct sk_buff *msg;
22877 	void *hdr;
22878 
22879 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
22880 					 reason_code);
22881 
22882 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22883 	if (!msg)
22884 		return;
22885 
22886 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
22887 	if (!hdr) {
22888 		nlmsg_free(msg);
22889 		return;
22890 	}
22891 
22892 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22893 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
22894 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
22895 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
22896 	    (reason_code > 0 &&
22897 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
22898 		goto nla_put_failure;
22899 
22900 	genlmsg_end(msg, hdr);
22901 
22902 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22903 				NL80211_MCGRP_MLME, gfp);
22904 	return;
22905 
22906  nla_put_failure:
22907 	nlmsg_free(msg);
22908 }
22909 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
22910 
22911 static int nl80211_netlink_notify(struct notifier_block * nb,
22912 				  unsigned long state,
22913 				  void *_notify)
22914 {
22915 	struct netlink_notify *notify = _notify;
22916 	struct cfg80211_registered_device *rdev;
22917 	struct wireless_dev *wdev;
22918 	struct cfg80211_beacon_registration *reg, *tmp;
22919 
22920 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
22921 		return NOTIFY_DONE;
22922 
22923 	rcu_read_lock();
22924 
22925 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
22926 		struct cfg80211_sched_scan_request *sched_scan_req;
22927 
22928 		list_for_each_entry_rcu(sched_scan_req,
22929 					&rdev->sched_scan_req_list,
22930 					list) {
22931 			if (sched_scan_req->owner_nlportid == notify->portid) {
22932 				sched_scan_req->nl_owner_dead = true;
22933 				wiphy_work_queue(&rdev->wiphy,
22934 						 &rdev->sched_scan_stop_wk);
22935 			}
22936 		}
22937 
22938 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
22939 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
22940 
22941 			if (wdev->owner_nlportid == notify->portid) {
22942 				wdev->nl_owner_dead = true;
22943 				schedule_work(&rdev->destroy_work);
22944 			} else if (wdev->conn_owner_nlportid == notify->portid) {
22945 				schedule_work(&wdev->disconnect_wk);
22946 			}
22947 
22948 			cfg80211_release_pmsr(wdev, notify->portid);
22949 		}
22950 
22951 		spin_lock_bh(&rdev->beacon_registrations_lock);
22952 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
22953 					 list) {
22954 			if (reg->nlportid == notify->portid) {
22955 				list_del(&reg->list);
22956 				kfree(reg);
22957 				break;
22958 			}
22959 		}
22960 		spin_unlock_bh(&rdev->beacon_registrations_lock);
22961 	}
22962 
22963 	rcu_read_unlock();
22964 
22965 	/*
22966 	 * It is possible that the user space process that is controlling the
22967 	 * indoor setting disappeared, so notify the regulatory core.
22968 	 */
22969 	regulatory_netlink_notify(notify->portid);
22970 	return NOTIFY_OK;
22971 }
22972 
22973 static struct notifier_block nl80211_netlink_notifier = {
22974 	.notifier_call = nl80211_netlink_notify,
22975 };
22976 
22977 void cfg80211_ft_event(struct net_device *netdev,
22978 		       struct cfg80211_ft_event_params *ft_event)
22979 {
22980 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
22981 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22982 	struct sk_buff *msg;
22983 	void *hdr;
22984 
22985 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
22986 
22987 	if (!ft_event->target_ap)
22988 		return;
22989 
22990 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
22991 			GFP_KERNEL);
22992 	if (!msg)
22993 		return;
22994 
22995 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
22996 	if (!hdr)
22997 		goto out;
22998 
22999 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23000 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
23001 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
23002 		goto out;
23003 
23004 	if (ft_event->ies &&
23005 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
23006 		goto out;
23007 	if (ft_event->ric_ies &&
23008 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
23009 		    ft_event->ric_ies))
23010 		goto out;
23011 
23012 	genlmsg_end(msg, hdr);
23013 
23014 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
23015 				NL80211_MCGRP_MLME, GFP_KERNEL);
23016 	return;
23017  out:
23018 	nlmsg_free(msg);
23019 }
23020 EXPORT_SYMBOL(cfg80211_ft_event);
23021 
23022 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
23023 {
23024 	struct cfg80211_registered_device *rdev;
23025 	struct sk_buff *msg;
23026 	void *hdr;
23027 	u32 nlportid;
23028 
23029 	rdev = wiphy_to_rdev(wdev->wiphy);
23030 	if (!rdev->crit_proto_nlportid)
23031 		return;
23032 
23033 	nlportid = rdev->crit_proto_nlportid;
23034 	rdev->crit_proto_nlportid = 0;
23035 
23036 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
23037 	if (!msg)
23038 		return;
23039 
23040 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
23041 	if (!hdr)
23042 		goto nla_put_failure;
23043 
23044 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23045 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
23046 			      NL80211_ATTR_PAD))
23047 		goto nla_put_failure;
23048 
23049 	genlmsg_end(msg, hdr);
23050 
23051 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
23052 	return;
23053 
23054  nla_put_failure:
23055 	nlmsg_free(msg);
23056 }
23057 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
23058 
23059 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
23060 {
23061 	struct wiphy *wiphy = wdev->wiphy;
23062 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
23063 	struct sk_buff *msg;
23064 	void *hdr;
23065 
23066 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
23067 	if (!msg)
23068 		return;
23069 
23070 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
23071 	if (!hdr)
23072 		goto out;
23073 
23074 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23075 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
23076 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
23077 			      NL80211_ATTR_PAD) ||
23078 	    (wdev->valid_links &&
23079 	     nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
23080 		goto out;
23081 
23082 	genlmsg_end(msg, hdr);
23083 
23084 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
23085 				NL80211_MCGRP_MLME, GFP_KERNEL);
23086 	return;
23087  out:
23088 	nlmsg_free(msg);
23089 }
23090 
23091 int cfg80211_external_auth_request(struct net_device *dev,
23092 				   struct cfg80211_external_auth_params *params,
23093 				   gfp_t gfp)
23094 {
23095 	struct wireless_dev *wdev = dev->ieee80211_ptr;
23096 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
23097 	struct sk_buff *msg;
23098 	void *hdr;
23099 
23100 	if (!wdev->conn_owner_nlportid)
23101 		return -EINVAL;
23102 
23103 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
23104 	if (!msg)
23105 		return -ENOMEM;
23106 
23107 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
23108 	if (!hdr)
23109 		goto nla_put_failure;
23110 
23111 	/* Some historical mistakes in drivers <-> userspace interface (notably
23112 	 * between drivers and wpa_supplicant) led to a big-endian conversion
23113 	 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
23114 	 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
23115 	 * benefit of older wpa_supplicant versions, send this particular value
23116 	 * in big-endian. Note that newer wpa_supplicant will also detect this
23117 	 * particular value in big endian still, so it all continues to work.
23118 	 */
23119 	if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
23120 		if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
23121 				 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
23122 			goto nla_put_failure;
23123 	} else {
23124 		if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
23125 				params->key_mgmt_suite))
23126 			goto nla_put_failure;
23127 	}
23128 
23129 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23130 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
23131 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
23132 			params->action) ||
23133 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
23134 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
23135 		    params->ssid.ssid) ||
23136 	    (!is_zero_ether_addr(params->mld_addr) &&
23137 	     nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
23138 		goto nla_put_failure;
23139 
23140 	genlmsg_end(msg, hdr);
23141 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
23142 			wdev->conn_owner_nlportid);
23143 	return 0;
23144 
23145  nla_put_failure:
23146 	nlmsg_free(msg);
23147 	return -ENOBUFS;
23148 }
23149 EXPORT_SYMBOL(cfg80211_external_auth_request);
23150 
23151 void cfg80211_update_owe_info_event(struct net_device *netdev,
23152 				    struct cfg80211_update_owe_info *owe_info,
23153 				    gfp_t gfp)
23154 {
23155 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
23156 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
23157 	struct sk_buff *msg;
23158 	void *hdr;
23159 
23160 	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
23161 
23162 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
23163 	if (!msg)
23164 		return;
23165 
23166 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
23167 	if (!hdr)
23168 		goto nla_put_failure;
23169 
23170 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23171 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
23172 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
23173 		goto nla_put_failure;
23174 
23175 	if (!owe_info->ie_len ||
23176 	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
23177 		goto nla_put_failure;
23178 
23179 	if (owe_info->assoc_link_id != -1) {
23180 		if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
23181 			       owe_info->assoc_link_id))
23182 			goto nla_put_failure;
23183 
23184 		if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
23185 		    nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
23186 			    owe_info->peer_mld_addr))
23187 			goto nla_put_failure;
23188 	}
23189 
23190 	genlmsg_end(msg, hdr);
23191 
23192 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
23193 				NL80211_MCGRP_MLME, gfp);
23194 	return;
23195 
23196 nla_put_failure:
23197 	genlmsg_cancel(msg, hdr);
23198 	nlmsg_free(msg);
23199 }
23200 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
23201 
23202 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
23203 {
23204 	struct wiphy *wiphy = wdev->wiphy;
23205 
23206 	/* Schedule channels check if NO_IR or DFS relaxations are supported */
23207 	if (wdev->iftype == NL80211_IFTYPE_STATION &&
23208 	    (wiphy_ext_feature_isset(wiphy,
23209 				     NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
23210 	    (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
23211 	     wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
23212 		reg_check_channels();
23213 }
23214 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
23215 
23216 void cfg80211_epcs_changed(struct net_device *netdev, bool enabled)
23217 {
23218 	struct wireless_dev *wdev = netdev->ieee80211_ptr;
23219 	struct wiphy *wiphy = wdev->wiphy;
23220 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
23221 	struct sk_buff *msg;
23222 	void *hdr;
23223 
23224 	trace_cfg80211_epcs_changed(wdev, enabled);
23225 
23226 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
23227 	if (!msg)
23228 		return;
23229 
23230 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EPCS_CFG);
23231 	if (!hdr) {
23232 		nlmsg_free(msg);
23233 		return;
23234 	}
23235 
23236 	if (enabled && nla_put_flag(msg, NL80211_ATTR_EPCS))
23237 		goto nla_put_failure;
23238 
23239 	genlmsg_end(msg, hdr);
23240 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
23241 				NL80211_MCGRP_MLME, GFP_KERNEL);
23242 	return;
23243 
23244  nla_put_failure:
23245 	nlmsg_free(msg);
23246 }
23247 EXPORT_SYMBOL(cfg80211_epcs_changed);
23248 
23249 void cfg80211_next_nan_dw_notif(struct wireless_dev *wdev,
23250 				struct ieee80211_channel *chan, gfp_t gfp)
23251 {
23252 	struct wiphy *wiphy = wdev->wiphy;
23253 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
23254 	struct sk_buff *msg;
23255 	void *hdr;
23256 
23257 	trace_cfg80211_next_nan_dw_notif(wdev, chan);
23258 
23259 	if (!wdev->owner_nlportid)
23260 		return;
23261 
23262 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
23263 	if (!msg)
23264 		return;
23265 
23266 	hdr = nl80211hdr_put(msg, 0, 0, 0,
23267 			     NL80211_CMD_NAN_NEXT_DW_NOTIFICATION);
23268 	if (!hdr)
23269 		goto nla_put_failure;
23270 
23271 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23272 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
23273 			      NL80211_ATTR_PAD) ||
23274 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq))
23275 		goto nla_put_failure;
23276 
23277 	genlmsg_end(msg, hdr);
23278 
23279 	genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
23280 
23281 	return;
23282 
23283  nla_put_failure:
23284 	nlmsg_free(msg);
23285 }
23286 EXPORT_SYMBOL(cfg80211_next_nan_dw_notif);
23287 
23288 void cfg80211_nan_cluster_joined(struct wireless_dev *wdev,
23289 				 const u8 *cluster_id, bool new_cluster,
23290 				 gfp_t gfp)
23291 {
23292 	struct wiphy *wiphy = wdev->wiphy;
23293 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
23294 	struct sk_buff *msg;
23295 	void *hdr;
23296 
23297 	trace_cfg80211_nan_cluster_joined(wdev, cluster_id, new_cluster);
23298 
23299 	memcpy(wdev->u.nan.cluster_id, cluster_id, ETH_ALEN);
23300 
23301 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
23302 	if (!msg)
23303 		return;
23304 
23305 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_CLUSTER_JOINED);
23306 	if (!hdr)
23307 		goto nla_put_failure;
23308 
23309 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23310 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
23311 			      NL80211_ATTR_PAD) ||
23312 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cluster_id) ||
23313 	    (new_cluster && nla_put_flag(msg, NL80211_ATTR_NAN_NEW_CLUSTER)))
23314 		goto nla_put_failure;
23315 
23316 	genlmsg_end(msg, hdr);
23317 
23318 	if (!wdev->owner_nlportid)
23319 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy),
23320 					msg, 0, NL80211_MCGRP_NAN, gfp);
23321 	else
23322 		genlmsg_unicast(wiphy_net(wiphy), msg,
23323 				wdev->owner_nlportid);
23324 	return;
23325 
23326  nla_put_failure:
23327 	nlmsg_free(msg);
23328 }
23329 EXPORT_SYMBOL(cfg80211_nan_cluster_joined);
23330 
23331 void cfg80211_nan_ulw_update(struct wireless_dev *wdev,
23332 			     const u8 *ulw, size_t ulw_len, gfp_t gfp)
23333 {
23334 	struct wiphy *wiphy = wdev->wiphy;
23335 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
23336 	struct sk_buff *msg;
23337 	void *hdr;
23338 
23339 	trace_cfg80211_nan_ulw_update(wiphy, wdev, ulw, ulw_len);
23340 
23341 	if (!wdev->owner_nlportid)
23342 		return;
23343 
23344 	/* 32 for the wiphy idx, 64 for the wdev id, 100 for padding */
23345 	msg = nlmsg_new(nla_total_size(sizeof(u32)) +
23346 			nla_total_size(ulw_len) +
23347 			nla_total_size(sizeof(u64)) + 100,
23348 			gfp);
23349 	if (!msg)
23350 		return;
23351 
23352 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_ULW_UPDATE);
23353 	if (!hdr)
23354 		goto nla_put_failure;
23355 
23356 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23357 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
23358 			      NL80211_ATTR_PAD) ||
23359 	    (ulw && ulw_len &&
23360 	     nla_put(msg, NL80211_ATTR_NAN_ULW, ulw_len, ulw)))
23361 		goto nla_put_failure;
23362 
23363 	genlmsg_end(msg, hdr);
23364 
23365 	genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
23366 
23367 	return;
23368 
23369  nla_put_failure:
23370 	nlmsg_free(msg);
23371 }
23372 EXPORT_SYMBOL(cfg80211_nan_ulw_update);
23373 
23374 void cfg80211_nan_channel_evac(struct wireless_dev *wdev,
23375 			       const struct cfg80211_chan_def *chandef,
23376 			       gfp_t gfp)
23377 {
23378 	struct wiphy *wiphy = wdev->wiphy;
23379 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
23380 	struct sk_buff *msg;
23381 	struct nlattr *chan_attr;
23382 	void *hdr;
23383 
23384 	trace_cfg80211_nan_channel_evac(wiphy, wdev, chandef);
23385 
23386 	if (!wdev->owner_nlportid)
23387 		return;
23388 
23389 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
23390 	if (!msg)
23391 		return;
23392 
23393 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_CHANNEL_EVAC);
23394 	if (!hdr)
23395 		goto nla_put_failure;
23396 
23397 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
23398 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
23399 			      NL80211_ATTR_PAD))
23400 		goto nla_put_failure;
23401 
23402 	chan_attr = nla_nest_start(msg, NL80211_ATTR_NAN_CHANNEL);
23403 	if (!chan_attr)
23404 		goto nla_put_failure;
23405 
23406 	if (nl80211_send_chandef(msg, chandef))
23407 		goto nla_put_failure;
23408 
23409 	nla_nest_end(msg, chan_attr);
23410 
23411 	genlmsg_end(msg, hdr);
23412 
23413 	genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
23414 
23415 	return;
23416 
23417  nla_put_failure:
23418 	nlmsg_free(msg);
23419 }
23420 EXPORT_SYMBOL(cfg80211_nan_channel_evac);
23421 
23422 /* initialisation/exit functions */
23423 
23424 int __init nl80211_init(void)
23425 {
23426 	int err;
23427 
23428 	err = genl_register_family(&nl80211_fam);
23429 	if (err)
23430 		return err;
23431 
23432 	err = netlink_register_notifier(&nl80211_netlink_notifier);
23433 	if (err)
23434 		goto err_out;
23435 
23436 	return 0;
23437  err_out:
23438 	genl_unregister_family(&nl80211_fam);
23439 	return err;
23440 }
23441 
23442 void nl80211_exit(void)
23443 {
23444 	netlink_unregister_notifier(&nl80211_netlink_notifier);
23445 	genl_unregister_family(&nl80211_fam);
23446 }
23447