xref: /linux/net/wireless/nl80211.c (revision 0d456bad36d42d16022be045c8a53ddbb59ee478)
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25 #include "rdev-ops.h"
26 
27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
28 				   struct genl_info *info,
29 				   struct cfg80211_crypto_settings *settings,
30 				   int cipher_limit);
31 
32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
33 			    struct genl_info *info);
34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
35 			      struct genl_info *info);
36 
37 /* the netlink family */
38 static struct genl_family nl80211_fam = {
39 	.id = GENL_ID_GENERATE,	/* don't bother with a hardcoded ID */
40 	.name = "nl80211",	/* have users key off the name instead */
41 	.hdrsize = 0,		/* no private header */
42 	.version = 1,		/* no particular meaning now */
43 	.maxattr = NL80211_ATTR_MAX,
44 	.netnsok = true,
45 	.pre_doit = nl80211_pre_doit,
46 	.post_doit = nl80211_post_doit,
47 };
48 
49 /* returns ERR_PTR values */
50 static struct wireless_dev *
51 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
52 {
53 	struct cfg80211_registered_device *rdev;
54 	struct wireless_dev *result = NULL;
55 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
56 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
57 	u64 wdev_id;
58 	int wiphy_idx = -1;
59 	int ifidx = -1;
60 
61 	assert_cfg80211_lock();
62 
63 	if (!have_ifidx && !have_wdev_id)
64 		return ERR_PTR(-EINVAL);
65 
66 	if (have_ifidx)
67 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
68 	if (have_wdev_id) {
69 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
70 		wiphy_idx = wdev_id >> 32;
71 	}
72 
73 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
74 		struct wireless_dev *wdev;
75 
76 		if (wiphy_net(&rdev->wiphy) != netns)
77 			continue;
78 
79 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
80 			continue;
81 
82 		mutex_lock(&rdev->devlist_mtx);
83 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
84 			if (have_ifidx && wdev->netdev &&
85 			    wdev->netdev->ifindex == ifidx) {
86 				result = wdev;
87 				break;
88 			}
89 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
90 				result = wdev;
91 				break;
92 			}
93 		}
94 		mutex_unlock(&rdev->devlist_mtx);
95 
96 		if (result)
97 			break;
98 	}
99 
100 	if (result)
101 		return result;
102 	return ERR_PTR(-ENODEV);
103 }
104 
105 static struct cfg80211_registered_device *
106 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
107 {
108 	struct cfg80211_registered_device *rdev = NULL, *tmp;
109 	struct net_device *netdev;
110 
111 	assert_cfg80211_lock();
112 
113 	if (!attrs[NL80211_ATTR_WIPHY] &&
114 	    !attrs[NL80211_ATTR_IFINDEX] &&
115 	    !attrs[NL80211_ATTR_WDEV])
116 		return ERR_PTR(-EINVAL);
117 
118 	if (attrs[NL80211_ATTR_WIPHY])
119 		rdev = cfg80211_rdev_by_wiphy_idx(
120 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
121 
122 	if (attrs[NL80211_ATTR_WDEV]) {
123 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
124 		struct wireless_dev *wdev;
125 		bool found = false;
126 
127 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
128 		if (tmp) {
129 			/* make sure wdev exists */
130 			mutex_lock(&tmp->devlist_mtx);
131 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
132 				if (wdev->identifier != (u32)wdev_id)
133 					continue;
134 				found = true;
135 				break;
136 			}
137 			mutex_unlock(&tmp->devlist_mtx);
138 
139 			if (!found)
140 				tmp = NULL;
141 
142 			if (rdev && tmp != rdev)
143 				return ERR_PTR(-EINVAL);
144 			rdev = tmp;
145 		}
146 	}
147 
148 	if (attrs[NL80211_ATTR_IFINDEX]) {
149 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
150 		netdev = dev_get_by_index(netns, ifindex);
151 		if (netdev) {
152 			if (netdev->ieee80211_ptr)
153 				tmp = wiphy_to_dev(
154 						netdev->ieee80211_ptr->wiphy);
155 			else
156 				tmp = NULL;
157 
158 			dev_put(netdev);
159 
160 			/* not wireless device -- return error */
161 			if (!tmp)
162 				return ERR_PTR(-EINVAL);
163 
164 			/* mismatch -- return error */
165 			if (rdev && tmp != rdev)
166 				return ERR_PTR(-EINVAL);
167 
168 			rdev = tmp;
169 		}
170 	}
171 
172 	if (!rdev)
173 		return ERR_PTR(-ENODEV);
174 
175 	if (netns != wiphy_net(&rdev->wiphy))
176 		return ERR_PTR(-ENODEV);
177 
178 	return rdev;
179 }
180 
181 /*
182  * This function returns a pointer to the driver
183  * that the genl_info item that is passed refers to.
184  * If successful, it returns non-NULL and also locks
185  * the driver's mutex!
186  *
187  * This means that you need to call cfg80211_unlock_rdev()
188  * before being allowed to acquire &cfg80211_mutex!
189  *
190  * This is necessary because we need to lock the global
191  * mutex to get an item off the list safely, and then
192  * we lock the rdev mutex so it doesn't go away under us.
193  *
194  * We don't want to keep cfg80211_mutex locked
195  * for all the time in order to allow requests on
196  * other interfaces to go through at the same time.
197  *
198  * The result of this can be a PTR_ERR and hence must
199  * be checked with IS_ERR() for errors.
200  */
201 static struct cfg80211_registered_device *
202 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
203 {
204 	struct cfg80211_registered_device *rdev;
205 
206 	mutex_lock(&cfg80211_mutex);
207 	rdev = __cfg80211_rdev_from_attrs(netns, info->attrs);
208 
209 	/* if it is not an error we grab the lock on
210 	 * it to assure it won't be going away while
211 	 * we operate on it */
212 	if (!IS_ERR(rdev))
213 		mutex_lock(&rdev->mtx);
214 
215 	mutex_unlock(&cfg80211_mutex);
216 
217 	return rdev;
218 }
219 
220 /* policy for the attributes */
221 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
222 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
223 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
224 				      .len = 20-1 },
225 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
226 
227 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
228 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
229 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
230 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
231 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
232 
233 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
234 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
235 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
236 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
237 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
238 
239 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
240 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
241 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
242 
243 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
244 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
245 
246 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
247 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
248 				    .len = WLAN_MAX_KEY_LEN },
249 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
250 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
251 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
252 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
253 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
254 
255 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
256 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
257 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
258 				       .len = IEEE80211_MAX_DATA_LEN },
259 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
260 				       .len = IEEE80211_MAX_DATA_LEN },
261 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
262 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
263 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
264 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
265 					       .len = NL80211_MAX_SUPP_RATES },
266 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
267 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
268 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
269 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
270 				   .len = IEEE80211_MAX_MESH_ID_LEN },
271 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
272 
273 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
274 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
275 
276 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
277 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
278 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
279 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
280 					   .len = NL80211_MAX_SUPP_RATES },
281 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
282 
283 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
284 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
285 
286 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
287 
288 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
289 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
290 			      .len = IEEE80211_MAX_DATA_LEN },
291 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
292 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
293 
294 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
295 				.len = IEEE80211_MAX_SSID_LEN },
296 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
297 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
298 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
299 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
300 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
301 	[NL80211_ATTR_STA_FLAGS2] = {
302 		.len = sizeof(struct nl80211_sta_flag_update),
303 	},
304 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
305 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
306 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
307 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
308 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
309 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
310 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
311 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
312 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
313 				 .len = WLAN_PMKID_LEN },
314 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
315 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
316 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
317 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
318 				 .len = IEEE80211_MAX_DATA_LEN },
319 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
320 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
321 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
322 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
323 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
324 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
325 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
326 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
327 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
328 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
329 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
330 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
331 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
332 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
333 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
334 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
335 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
336 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
337 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
338 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
339 					 .len = IEEE80211_MAX_DATA_LEN },
340 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
341 					 .len = IEEE80211_MAX_DATA_LEN },
342 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
343 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
344 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
345 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
346 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
347 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
348 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
349 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
350 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
351 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
352 				      .len = IEEE80211_MAX_DATA_LEN },
353 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
354 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
355 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
356 		.len = NL80211_HT_CAPABILITY_LEN
357 	},
358 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
359 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
360 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
361 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
362 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
363 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
364 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
365 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
366 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
367 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
368 };
369 
370 /* policy for the key attributes */
371 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
372 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
373 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
374 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
375 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
376 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
377 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
378 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
379 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
380 };
381 
382 /* policy for the key default flags */
383 static const struct nla_policy
384 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
385 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
386 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
387 };
388 
389 /* policy for WoWLAN attributes */
390 static const struct nla_policy
391 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
392 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
393 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
394 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
395 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
396 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
397 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
398 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
399 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
400 };
401 
402 /* policy for GTK rekey offload attributes */
403 static const struct nla_policy
404 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
405 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
406 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
407 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
408 };
409 
410 static const struct nla_policy
411 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
412 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
413 						 .len = IEEE80211_MAX_SSID_LEN },
414 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
415 };
416 
417 /* ifidx get helper */
418 static int nl80211_get_ifidx(struct netlink_callback *cb)
419 {
420 	int res;
421 
422 	res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
423 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
424 			  nl80211_policy);
425 	if (res)
426 		return res;
427 
428 	if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
429 		return -EINVAL;
430 
431 	res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
432 	if (!res)
433 		return -EINVAL;
434 	return res;
435 }
436 
437 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
438 				       struct netlink_callback *cb,
439 				       struct cfg80211_registered_device **rdev,
440 				       struct net_device **dev)
441 {
442 	int ifidx = cb->args[0];
443 	int err;
444 
445 	if (!ifidx)
446 		ifidx = nl80211_get_ifidx(cb);
447 	if (ifidx < 0)
448 		return ifidx;
449 
450 	cb->args[0] = ifidx;
451 
452 	rtnl_lock();
453 
454 	*dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
455 	if (!*dev) {
456 		err = -ENODEV;
457 		goto out_rtnl;
458 	}
459 
460 	*rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
461 	if (IS_ERR(*rdev)) {
462 		err = PTR_ERR(*rdev);
463 		goto out_rtnl;
464 	}
465 
466 	return 0;
467  out_rtnl:
468 	rtnl_unlock();
469 	return err;
470 }
471 
472 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
473 {
474 	cfg80211_unlock_rdev(rdev);
475 	rtnl_unlock();
476 }
477 
478 /* IE validation */
479 static bool is_valid_ie_attr(const struct nlattr *attr)
480 {
481 	const u8 *pos;
482 	int len;
483 
484 	if (!attr)
485 		return true;
486 
487 	pos = nla_data(attr);
488 	len = nla_len(attr);
489 
490 	while (len) {
491 		u8 elemlen;
492 
493 		if (len < 2)
494 			return false;
495 		len -= 2;
496 
497 		elemlen = pos[1];
498 		if (elemlen > len)
499 			return false;
500 
501 		len -= elemlen;
502 		pos += 2 + elemlen;
503 	}
504 
505 	return true;
506 }
507 
508 /* message building helper */
509 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
510 				   int flags, u8 cmd)
511 {
512 	/* since there is no private header just add the generic one */
513 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
514 }
515 
516 static int nl80211_msg_put_channel(struct sk_buff *msg,
517 				   struct ieee80211_channel *chan)
518 {
519 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
520 			chan->center_freq))
521 		goto nla_put_failure;
522 
523 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
524 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
525 		goto nla_put_failure;
526 	if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
527 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
528 		goto nla_put_failure;
529 	if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
530 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
531 		goto nla_put_failure;
532 	if ((chan->flags & IEEE80211_CHAN_RADAR) &&
533 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
534 		goto nla_put_failure;
535 
536 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
537 			DBM_TO_MBM(chan->max_power)))
538 		goto nla_put_failure;
539 
540 	return 0;
541 
542  nla_put_failure:
543 	return -ENOBUFS;
544 }
545 
546 /* netlink command implementations */
547 
548 struct key_parse {
549 	struct key_params p;
550 	int idx;
551 	int type;
552 	bool def, defmgmt;
553 	bool def_uni, def_multi;
554 };
555 
556 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
557 {
558 	struct nlattr *tb[NL80211_KEY_MAX + 1];
559 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
560 				   nl80211_key_policy);
561 	if (err)
562 		return err;
563 
564 	k->def = !!tb[NL80211_KEY_DEFAULT];
565 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
566 
567 	if (k->def) {
568 		k->def_uni = true;
569 		k->def_multi = true;
570 	}
571 	if (k->defmgmt)
572 		k->def_multi = true;
573 
574 	if (tb[NL80211_KEY_IDX])
575 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
576 
577 	if (tb[NL80211_KEY_DATA]) {
578 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
579 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
580 	}
581 
582 	if (tb[NL80211_KEY_SEQ]) {
583 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
584 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
585 	}
586 
587 	if (tb[NL80211_KEY_CIPHER])
588 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
589 
590 	if (tb[NL80211_KEY_TYPE]) {
591 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
592 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
593 			return -EINVAL;
594 	}
595 
596 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
597 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
598 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
599 				       tb[NL80211_KEY_DEFAULT_TYPES],
600 				       nl80211_key_default_policy);
601 		if (err)
602 			return err;
603 
604 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
605 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
606 	}
607 
608 	return 0;
609 }
610 
611 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
612 {
613 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
614 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
615 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
616 	}
617 
618 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
619 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
620 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
621 	}
622 
623 	if (info->attrs[NL80211_ATTR_KEY_IDX])
624 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
625 
626 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
627 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
628 
629 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
630 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
631 
632 	if (k->def) {
633 		k->def_uni = true;
634 		k->def_multi = true;
635 	}
636 	if (k->defmgmt)
637 		k->def_multi = true;
638 
639 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
640 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
641 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
642 			return -EINVAL;
643 	}
644 
645 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
646 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
647 		int err = nla_parse_nested(
648 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
649 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
650 				nl80211_key_default_policy);
651 		if (err)
652 			return err;
653 
654 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
655 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
656 	}
657 
658 	return 0;
659 }
660 
661 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
662 {
663 	int err;
664 
665 	memset(k, 0, sizeof(*k));
666 	k->idx = -1;
667 	k->type = -1;
668 
669 	if (info->attrs[NL80211_ATTR_KEY])
670 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
671 	else
672 		err = nl80211_parse_key_old(info, k);
673 
674 	if (err)
675 		return err;
676 
677 	if (k->def && k->defmgmt)
678 		return -EINVAL;
679 
680 	if (k->defmgmt) {
681 		if (k->def_uni || !k->def_multi)
682 			return -EINVAL;
683 	}
684 
685 	if (k->idx != -1) {
686 		if (k->defmgmt) {
687 			if (k->idx < 4 || k->idx > 5)
688 				return -EINVAL;
689 		} else if (k->def) {
690 			if (k->idx < 0 || k->idx > 3)
691 				return -EINVAL;
692 		} else {
693 			if (k->idx < 0 || k->idx > 5)
694 				return -EINVAL;
695 		}
696 	}
697 
698 	return 0;
699 }
700 
701 static struct cfg80211_cached_keys *
702 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
703 		       struct nlattr *keys, bool *no_ht)
704 {
705 	struct key_parse parse;
706 	struct nlattr *key;
707 	struct cfg80211_cached_keys *result;
708 	int rem, err, def = 0;
709 
710 	result = kzalloc(sizeof(*result), GFP_KERNEL);
711 	if (!result)
712 		return ERR_PTR(-ENOMEM);
713 
714 	result->def = -1;
715 	result->defmgmt = -1;
716 
717 	nla_for_each_nested(key, keys, rem) {
718 		memset(&parse, 0, sizeof(parse));
719 		parse.idx = -1;
720 
721 		err = nl80211_parse_key_new(key, &parse);
722 		if (err)
723 			goto error;
724 		err = -EINVAL;
725 		if (!parse.p.key)
726 			goto error;
727 		if (parse.idx < 0 || parse.idx > 4)
728 			goto error;
729 		if (parse.def) {
730 			if (def)
731 				goto error;
732 			def = 1;
733 			result->def = parse.idx;
734 			if (!parse.def_uni || !parse.def_multi)
735 				goto error;
736 		} else if (parse.defmgmt)
737 			goto error;
738 		err = cfg80211_validate_key_settings(rdev, &parse.p,
739 						     parse.idx, false, NULL);
740 		if (err)
741 			goto error;
742 		result->params[parse.idx].cipher = parse.p.cipher;
743 		result->params[parse.idx].key_len = parse.p.key_len;
744 		result->params[parse.idx].key = result->data[parse.idx];
745 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
746 
747 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
748 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
749 			if (no_ht)
750 				*no_ht = true;
751 		}
752 	}
753 
754 	return result;
755  error:
756 	kfree(result);
757 	return ERR_PTR(err);
758 }
759 
760 static int nl80211_key_allowed(struct wireless_dev *wdev)
761 {
762 	ASSERT_WDEV_LOCK(wdev);
763 
764 	switch (wdev->iftype) {
765 	case NL80211_IFTYPE_AP:
766 	case NL80211_IFTYPE_AP_VLAN:
767 	case NL80211_IFTYPE_P2P_GO:
768 	case NL80211_IFTYPE_MESH_POINT:
769 		break;
770 	case NL80211_IFTYPE_ADHOC:
771 		if (!wdev->current_bss)
772 			return -ENOLINK;
773 		break;
774 	case NL80211_IFTYPE_STATION:
775 	case NL80211_IFTYPE_P2P_CLIENT:
776 		if (wdev->sme_state != CFG80211_SME_CONNECTED)
777 			return -ENOLINK;
778 		break;
779 	default:
780 		return -EINVAL;
781 	}
782 
783 	return 0;
784 }
785 
786 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
787 {
788 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
789 	int i;
790 
791 	if (!nl_modes)
792 		goto nla_put_failure;
793 
794 	i = 0;
795 	while (ifmodes) {
796 		if ((ifmodes & 1) && nla_put_flag(msg, i))
797 			goto nla_put_failure;
798 		ifmodes >>= 1;
799 		i++;
800 	}
801 
802 	nla_nest_end(msg, nl_modes);
803 	return 0;
804 
805 nla_put_failure:
806 	return -ENOBUFS;
807 }
808 
809 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
810 					  struct sk_buff *msg)
811 {
812 	struct nlattr *nl_combis;
813 	int i, j;
814 
815 	nl_combis = nla_nest_start(msg,
816 				NL80211_ATTR_INTERFACE_COMBINATIONS);
817 	if (!nl_combis)
818 		goto nla_put_failure;
819 
820 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
821 		const struct ieee80211_iface_combination *c;
822 		struct nlattr *nl_combi, *nl_limits;
823 
824 		c = &wiphy->iface_combinations[i];
825 
826 		nl_combi = nla_nest_start(msg, i + 1);
827 		if (!nl_combi)
828 			goto nla_put_failure;
829 
830 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
831 		if (!nl_limits)
832 			goto nla_put_failure;
833 
834 		for (j = 0; j < c->n_limits; j++) {
835 			struct nlattr *nl_limit;
836 
837 			nl_limit = nla_nest_start(msg, j + 1);
838 			if (!nl_limit)
839 				goto nla_put_failure;
840 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
841 					c->limits[j].max))
842 				goto nla_put_failure;
843 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
844 						c->limits[j].types))
845 				goto nla_put_failure;
846 			nla_nest_end(msg, nl_limit);
847 		}
848 
849 		nla_nest_end(msg, nl_limits);
850 
851 		if (c->beacon_int_infra_match &&
852 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
853 			goto nla_put_failure;
854 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
855 				c->num_different_channels) ||
856 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
857 				c->max_interfaces))
858 			goto nla_put_failure;
859 
860 		nla_nest_end(msg, nl_combi);
861 	}
862 
863 	nla_nest_end(msg, nl_combis);
864 
865 	return 0;
866 nla_put_failure:
867 	return -ENOBUFS;
868 }
869 
870 static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags,
871 			      struct cfg80211_registered_device *dev)
872 {
873 	void *hdr;
874 	struct nlattr *nl_bands, *nl_band;
875 	struct nlattr *nl_freqs, *nl_freq;
876 	struct nlattr *nl_rates, *nl_rate;
877 	struct nlattr *nl_cmds;
878 	enum ieee80211_band band;
879 	struct ieee80211_channel *chan;
880 	struct ieee80211_rate *rate;
881 	int i;
882 	const struct ieee80211_txrx_stypes *mgmt_stypes =
883 				dev->wiphy.mgmt_stypes;
884 
885 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
886 	if (!hdr)
887 		return -1;
888 
889 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
890 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) ||
891 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
892 			cfg80211_rdev_list_generation) ||
893 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
894 		       dev->wiphy.retry_short) ||
895 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
896 		       dev->wiphy.retry_long) ||
897 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
898 			dev->wiphy.frag_threshold) ||
899 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
900 			dev->wiphy.rts_threshold) ||
901 	    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
902 		       dev->wiphy.coverage_class) ||
903 	    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
904 		       dev->wiphy.max_scan_ssids) ||
905 	    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
906 		       dev->wiphy.max_sched_scan_ssids) ||
907 	    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
908 			dev->wiphy.max_scan_ie_len) ||
909 	    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
910 			dev->wiphy.max_sched_scan_ie_len) ||
911 	    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
912 		       dev->wiphy.max_match_sets))
913 		goto nla_put_failure;
914 
915 	if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
916 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
917 		goto nla_put_failure;
918 	if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
919 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
920 		goto nla_put_failure;
921 	if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
922 	    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
923 		goto nla_put_failure;
924 	if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
925 	    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
926 		goto nla_put_failure;
927 	if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
928 	    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
929 		goto nla_put_failure;
930 	if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
931 	    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
932 		goto nla_put_failure;
933 
934 	if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
935 		    sizeof(u32) * dev->wiphy.n_cipher_suites,
936 		    dev->wiphy.cipher_suites))
937 		goto nla_put_failure;
938 
939 	if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
940 		       dev->wiphy.max_num_pmkids))
941 		goto nla_put_failure;
942 
943 	if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
944 	    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
945 		goto nla_put_failure;
946 
947 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
948 			dev->wiphy.available_antennas_tx) ||
949 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
950 			dev->wiphy.available_antennas_rx))
951 		goto nla_put_failure;
952 
953 	if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
954 	    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
955 			dev->wiphy.probe_resp_offload))
956 		goto nla_put_failure;
957 
958 	if ((dev->wiphy.available_antennas_tx ||
959 	     dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
960 		u32 tx_ant = 0, rx_ant = 0;
961 		int res;
962 		res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
963 		if (!res) {
964 			if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX,
965 					tx_ant) ||
966 			    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX,
967 					rx_ant))
968 				goto nla_put_failure;
969 		}
970 	}
971 
972 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
973 				dev->wiphy.interface_modes))
974 		goto nla_put_failure;
975 
976 	nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
977 	if (!nl_bands)
978 		goto nla_put_failure;
979 
980 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
981 		if (!dev->wiphy.bands[band])
982 			continue;
983 
984 		nl_band = nla_nest_start(msg, band);
985 		if (!nl_band)
986 			goto nla_put_failure;
987 
988 		/* add HT info */
989 		if (dev->wiphy.bands[band]->ht_cap.ht_supported &&
990 		    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
991 			     sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
992 			     &dev->wiphy.bands[band]->ht_cap.mcs) ||
993 		     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
994 				 dev->wiphy.bands[band]->ht_cap.cap) ||
995 		     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
996 				dev->wiphy.bands[band]->ht_cap.ampdu_factor) ||
997 		     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
998 				dev->wiphy.bands[band]->ht_cap.ampdu_density)))
999 			goto nla_put_failure;
1000 
1001 		/* add VHT info */
1002 		if (dev->wiphy.bands[band]->vht_cap.vht_supported &&
1003 		    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1004 			     sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs),
1005 			     &dev->wiphy.bands[band]->vht_cap.vht_mcs) ||
1006 		     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1007 				 dev->wiphy.bands[band]->vht_cap.cap)))
1008 			goto nla_put_failure;
1009 
1010 		/* add frequencies */
1011 		nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
1012 		if (!nl_freqs)
1013 			goto nla_put_failure;
1014 
1015 		for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
1016 			nl_freq = nla_nest_start(msg, i);
1017 			if (!nl_freq)
1018 				goto nla_put_failure;
1019 
1020 			chan = &dev->wiphy.bands[band]->channels[i];
1021 
1022 			if (nl80211_msg_put_channel(msg, chan))
1023 				goto nla_put_failure;
1024 
1025 			nla_nest_end(msg, nl_freq);
1026 		}
1027 
1028 		nla_nest_end(msg, nl_freqs);
1029 
1030 		/* add bitrates */
1031 		nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1032 		if (!nl_rates)
1033 			goto nla_put_failure;
1034 
1035 		for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
1036 			nl_rate = nla_nest_start(msg, i);
1037 			if (!nl_rate)
1038 				goto nla_put_failure;
1039 
1040 			rate = &dev->wiphy.bands[band]->bitrates[i];
1041 			if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1042 					rate->bitrate))
1043 				goto nla_put_failure;
1044 			if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1045 			    nla_put_flag(msg,
1046 					 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1047 				goto nla_put_failure;
1048 
1049 			nla_nest_end(msg, nl_rate);
1050 		}
1051 
1052 		nla_nest_end(msg, nl_rates);
1053 
1054 		nla_nest_end(msg, nl_band);
1055 	}
1056 	nla_nest_end(msg, nl_bands);
1057 
1058 	nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1059 	if (!nl_cmds)
1060 		goto nla_put_failure;
1061 
1062 	i = 0;
1063 #define CMD(op, n)						\
1064 	 do {							\
1065 		if (dev->ops->op) {				\
1066 			i++;					\
1067 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1068 				goto nla_put_failure;		\
1069 		}						\
1070 	} while (0)
1071 
1072 	CMD(add_virtual_intf, NEW_INTERFACE);
1073 	CMD(change_virtual_intf, SET_INTERFACE);
1074 	CMD(add_key, NEW_KEY);
1075 	CMD(start_ap, START_AP);
1076 	CMD(add_station, NEW_STATION);
1077 	CMD(add_mpath, NEW_MPATH);
1078 	CMD(update_mesh_config, SET_MESH_CONFIG);
1079 	CMD(change_bss, SET_BSS);
1080 	CMD(auth, AUTHENTICATE);
1081 	CMD(assoc, ASSOCIATE);
1082 	CMD(deauth, DEAUTHENTICATE);
1083 	CMD(disassoc, DISASSOCIATE);
1084 	CMD(join_ibss, JOIN_IBSS);
1085 	CMD(join_mesh, JOIN_MESH);
1086 	CMD(set_pmksa, SET_PMKSA);
1087 	CMD(del_pmksa, DEL_PMKSA);
1088 	CMD(flush_pmksa, FLUSH_PMKSA);
1089 	if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1090 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1091 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1092 	CMD(mgmt_tx, FRAME);
1093 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1094 	if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1095 		i++;
1096 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1097 			goto nla_put_failure;
1098 	}
1099 	if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1100 	    dev->ops->join_mesh) {
1101 		i++;
1102 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1103 			goto nla_put_failure;
1104 	}
1105 	CMD(set_wds_peer, SET_WDS_PEER);
1106 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1107 		CMD(tdls_mgmt, TDLS_MGMT);
1108 		CMD(tdls_oper, TDLS_OPER);
1109 	}
1110 	if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1111 		CMD(sched_scan_start, START_SCHED_SCAN);
1112 	CMD(probe_client, PROBE_CLIENT);
1113 	CMD(set_noack_map, SET_NOACK_MAP);
1114 	if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1115 		i++;
1116 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1117 			goto nla_put_failure;
1118 	}
1119 	CMD(start_p2p_device, START_P2P_DEVICE);
1120 	CMD(set_mcast_rate, SET_MCAST_RATE);
1121 
1122 #ifdef CONFIG_NL80211_TESTMODE
1123 	CMD(testmode_cmd, TESTMODE);
1124 #endif
1125 
1126 #undef CMD
1127 
1128 	if (dev->ops->connect || dev->ops->auth) {
1129 		i++;
1130 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1131 			goto nla_put_failure;
1132 	}
1133 
1134 	if (dev->ops->disconnect || dev->ops->deauth) {
1135 		i++;
1136 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1137 			goto nla_put_failure;
1138 	}
1139 
1140 	nla_nest_end(msg, nl_cmds);
1141 
1142 	if (dev->ops->remain_on_channel &&
1143 	    (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1144 	    nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1145 			dev->wiphy.max_remain_on_channel_duration))
1146 		goto nla_put_failure;
1147 
1148 	if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1149 	    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1150 		goto nla_put_failure;
1151 
1152 	if (mgmt_stypes) {
1153 		u16 stypes;
1154 		struct nlattr *nl_ftypes, *nl_ifs;
1155 		enum nl80211_iftype ift;
1156 
1157 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1158 		if (!nl_ifs)
1159 			goto nla_put_failure;
1160 
1161 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1162 			nl_ftypes = nla_nest_start(msg, ift);
1163 			if (!nl_ftypes)
1164 				goto nla_put_failure;
1165 			i = 0;
1166 			stypes = mgmt_stypes[ift].tx;
1167 			while (stypes) {
1168 				if ((stypes & 1) &&
1169 				    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1170 						(i << 4) | IEEE80211_FTYPE_MGMT))
1171 					goto nla_put_failure;
1172 				stypes >>= 1;
1173 				i++;
1174 			}
1175 			nla_nest_end(msg, nl_ftypes);
1176 		}
1177 
1178 		nla_nest_end(msg, nl_ifs);
1179 
1180 		nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1181 		if (!nl_ifs)
1182 			goto nla_put_failure;
1183 
1184 		for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1185 			nl_ftypes = nla_nest_start(msg, ift);
1186 			if (!nl_ftypes)
1187 				goto nla_put_failure;
1188 			i = 0;
1189 			stypes = mgmt_stypes[ift].rx;
1190 			while (stypes) {
1191 				if ((stypes & 1) &&
1192 				    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1193 						(i << 4) | IEEE80211_FTYPE_MGMT))
1194 					goto nla_put_failure;
1195 				stypes >>= 1;
1196 				i++;
1197 			}
1198 			nla_nest_end(msg, nl_ftypes);
1199 		}
1200 		nla_nest_end(msg, nl_ifs);
1201 	}
1202 
1203 #ifdef CONFIG_PM
1204 	if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
1205 		struct nlattr *nl_wowlan;
1206 
1207 		nl_wowlan = nla_nest_start(msg,
1208 				NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1209 		if (!nl_wowlan)
1210 			goto nla_put_failure;
1211 
1212 		if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
1213 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1214 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
1215 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1216 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1217 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1218 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1219 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1220 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1221 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1222 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1223 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1224 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1225 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1226 		    ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1227 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1228 		    goto nla_put_failure;
1229 		if (dev->wiphy.wowlan.n_patterns) {
1230 			struct nl80211_wowlan_pattern_support pat = {
1231 				.max_patterns = dev->wiphy.wowlan.n_patterns,
1232 				.min_pattern_len =
1233 					dev->wiphy.wowlan.pattern_min_len,
1234 				.max_pattern_len =
1235 					dev->wiphy.wowlan.pattern_max_len,
1236 			};
1237 			if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1238 				    sizeof(pat), &pat))
1239 				goto nla_put_failure;
1240 		}
1241 
1242 		nla_nest_end(msg, nl_wowlan);
1243 	}
1244 #endif
1245 
1246 	if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1247 				dev->wiphy.software_iftypes))
1248 		goto nla_put_failure;
1249 
1250 	if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1251 		goto nla_put_failure;
1252 
1253 	if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1254 	    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1255 			dev->wiphy.ap_sme_capa))
1256 		goto nla_put_failure;
1257 
1258 	if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS,
1259 			dev->wiphy.features))
1260 		goto nla_put_failure;
1261 
1262 	if (dev->wiphy.ht_capa_mod_mask &&
1263 	    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1264 		    sizeof(*dev->wiphy.ht_capa_mod_mask),
1265 		    dev->wiphy.ht_capa_mod_mask))
1266 		goto nla_put_failure;
1267 
1268 	return genlmsg_end(msg, hdr);
1269 
1270  nla_put_failure:
1271 	genlmsg_cancel(msg, hdr);
1272 	return -EMSGSIZE;
1273 }
1274 
1275 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1276 {
1277 	int idx = 0;
1278 	int start = cb->args[0];
1279 	struct cfg80211_registered_device *dev;
1280 
1281 	mutex_lock(&cfg80211_mutex);
1282 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1283 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1284 			continue;
1285 		if (++idx <= start)
1286 			continue;
1287 		if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid,
1288 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1289 				       dev) < 0) {
1290 			idx--;
1291 			break;
1292 		}
1293 	}
1294 	mutex_unlock(&cfg80211_mutex);
1295 
1296 	cb->args[0] = idx;
1297 
1298 	return skb->len;
1299 }
1300 
1301 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1302 {
1303 	struct sk_buff *msg;
1304 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1305 
1306 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1307 	if (!msg)
1308 		return -ENOMEM;
1309 
1310 	if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) {
1311 		nlmsg_free(msg);
1312 		return -ENOBUFS;
1313 	}
1314 
1315 	return genlmsg_reply(msg, info);
1316 }
1317 
1318 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1319 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1320 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1321 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1322 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1323 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1324 };
1325 
1326 static int parse_txq_params(struct nlattr *tb[],
1327 			    struct ieee80211_txq_params *txq_params)
1328 {
1329 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1330 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1331 	    !tb[NL80211_TXQ_ATTR_AIFS])
1332 		return -EINVAL;
1333 
1334 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1335 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1336 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1337 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1338 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1339 
1340 	if (txq_params->ac >= NL80211_NUM_ACS)
1341 		return -EINVAL;
1342 
1343 	return 0;
1344 }
1345 
1346 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1347 {
1348 	/*
1349 	 * You can only set the channel explicitly for WDS interfaces,
1350 	 * all others have their channel managed via their respective
1351 	 * "establish a connection" command (connect, join, ...)
1352 	 *
1353 	 * For AP/GO and mesh mode, the channel can be set with the
1354 	 * channel userspace API, but is only stored and passed to the
1355 	 * low-level driver when the AP starts or the mesh is joined.
1356 	 * This is for backward compatibility, userspace can also give
1357 	 * the channel in the start-ap or join-mesh commands instead.
1358 	 *
1359 	 * Monitors are special as they are normally slaved to
1360 	 * whatever else is going on, so they have their own special
1361 	 * operation to set the monitor channel if possible.
1362 	 */
1363 	return !wdev ||
1364 		wdev->iftype == NL80211_IFTYPE_AP ||
1365 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1366 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1367 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1368 }
1369 
1370 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1371 				 struct genl_info *info,
1372 				 struct cfg80211_chan_def *chandef)
1373 {
1374 	u32 control_freq;
1375 
1376 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1377 		return -EINVAL;
1378 
1379 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1380 
1381 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1382 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1383 	chandef->center_freq1 = control_freq;
1384 	chandef->center_freq2 = 0;
1385 
1386 	/* Primary channel not allowed */
1387 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1388 		return -EINVAL;
1389 
1390 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1391 		enum nl80211_channel_type chantype;
1392 
1393 		chantype = nla_get_u32(
1394 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1395 
1396 		switch (chantype) {
1397 		case NL80211_CHAN_NO_HT:
1398 		case NL80211_CHAN_HT20:
1399 		case NL80211_CHAN_HT40PLUS:
1400 		case NL80211_CHAN_HT40MINUS:
1401 			cfg80211_chandef_create(chandef, chandef->chan,
1402 						chantype);
1403 			break;
1404 		default:
1405 			return -EINVAL;
1406 		}
1407 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1408 		chandef->width =
1409 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1410 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1411 			chandef->center_freq1 =
1412 				nla_get_u32(
1413 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1414 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1415 			chandef->center_freq2 =
1416 				nla_get_u32(
1417 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1418 	}
1419 
1420 	if (!cfg80211_chandef_valid(chandef))
1421 		return -EINVAL;
1422 
1423 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1424 				     IEEE80211_CHAN_DISABLED))
1425 		return -EINVAL;
1426 
1427 	return 0;
1428 }
1429 
1430 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1431 				 struct wireless_dev *wdev,
1432 				 struct genl_info *info)
1433 {
1434 	struct cfg80211_chan_def chandef;
1435 	int result;
1436 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1437 
1438 	if (wdev)
1439 		iftype = wdev->iftype;
1440 
1441 	if (!nl80211_can_set_dev_channel(wdev))
1442 		return -EOPNOTSUPP;
1443 
1444 	result = nl80211_parse_chandef(rdev, info, &chandef);
1445 	if (result)
1446 		return result;
1447 
1448 	mutex_lock(&rdev->devlist_mtx);
1449 	switch (iftype) {
1450 	case NL80211_IFTYPE_AP:
1451 	case NL80211_IFTYPE_P2P_GO:
1452 		if (wdev->beacon_interval) {
1453 			result = -EBUSY;
1454 			break;
1455 		}
1456 		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1457 			result = -EINVAL;
1458 			break;
1459 		}
1460 		wdev->preset_chandef = chandef;
1461 		result = 0;
1462 		break;
1463 	case NL80211_IFTYPE_MESH_POINT:
1464 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1465 		break;
1466 	case NL80211_IFTYPE_MONITOR:
1467 		result = cfg80211_set_monitor_channel(rdev, &chandef);
1468 		break;
1469 	default:
1470 		result = -EINVAL;
1471 	}
1472 	mutex_unlock(&rdev->devlist_mtx);
1473 
1474 	return result;
1475 }
1476 
1477 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1478 {
1479 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1480 	struct net_device *netdev = info->user_ptr[1];
1481 
1482 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1483 }
1484 
1485 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1486 {
1487 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1488 	struct net_device *dev = info->user_ptr[1];
1489 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1490 	const u8 *bssid;
1491 
1492 	if (!info->attrs[NL80211_ATTR_MAC])
1493 		return -EINVAL;
1494 
1495 	if (netif_running(dev))
1496 		return -EBUSY;
1497 
1498 	if (!rdev->ops->set_wds_peer)
1499 		return -EOPNOTSUPP;
1500 
1501 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1502 		return -EOPNOTSUPP;
1503 
1504 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1505 	return rdev_set_wds_peer(rdev, dev, bssid);
1506 }
1507 
1508 
1509 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1510 {
1511 	struct cfg80211_registered_device *rdev;
1512 	struct net_device *netdev = NULL;
1513 	struct wireless_dev *wdev;
1514 	int result = 0, rem_txq_params = 0;
1515 	struct nlattr *nl_txq_params;
1516 	u32 changed;
1517 	u8 retry_short = 0, retry_long = 0;
1518 	u32 frag_threshold = 0, rts_threshold = 0;
1519 	u8 coverage_class = 0;
1520 
1521 	/*
1522 	 * Try to find the wiphy and netdev. Normally this
1523 	 * function shouldn't need the netdev, but this is
1524 	 * done for backward compatibility -- previously
1525 	 * setting the channel was done per wiphy, but now
1526 	 * it is per netdev. Previous userland like hostapd
1527 	 * also passed a netdev to set_wiphy, so that it is
1528 	 * possible to let that go to the right netdev!
1529 	 */
1530 	mutex_lock(&cfg80211_mutex);
1531 
1532 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
1533 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1534 
1535 		netdev = dev_get_by_index(genl_info_net(info), ifindex);
1536 		if (netdev && netdev->ieee80211_ptr) {
1537 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1538 			mutex_lock(&rdev->mtx);
1539 		} else
1540 			netdev = NULL;
1541 	}
1542 
1543 	if (!netdev) {
1544 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
1545 						  info->attrs);
1546 		if (IS_ERR(rdev)) {
1547 			mutex_unlock(&cfg80211_mutex);
1548 			return PTR_ERR(rdev);
1549 		}
1550 		wdev = NULL;
1551 		netdev = NULL;
1552 		result = 0;
1553 
1554 		mutex_lock(&rdev->mtx);
1555 	} else
1556 		wdev = netdev->ieee80211_ptr;
1557 
1558 	/*
1559 	 * end workaround code, by now the rdev is available
1560 	 * and locked, and wdev may or may not be NULL.
1561 	 */
1562 
1563 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1564 		result = cfg80211_dev_rename(
1565 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1566 
1567 	mutex_unlock(&cfg80211_mutex);
1568 
1569 	if (result)
1570 		goto bad_res;
1571 
1572 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1573 		struct ieee80211_txq_params txq_params;
1574 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1575 
1576 		if (!rdev->ops->set_txq_params) {
1577 			result = -EOPNOTSUPP;
1578 			goto bad_res;
1579 		}
1580 
1581 		if (!netdev) {
1582 			result = -EINVAL;
1583 			goto bad_res;
1584 		}
1585 
1586 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1587 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1588 			result = -EINVAL;
1589 			goto bad_res;
1590 		}
1591 
1592 		if (!netif_running(netdev)) {
1593 			result = -ENETDOWN;
1594 			goto bad_res;
1595 		}
1596 
1597 		nla_for_each_nested(nl_txq_params,
1598 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1599 				    rem_txq_params) {
1600 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1601 				  nla_data(nl_txq_params),
1602 				  nla_len(nl_txq_params),
1603 				  txq_params_policy);
1604 			result = parse_txq_params(tb, &txq_params);
1605 			if (result)
1606 				goto bad_res;
1607 
1608 			result = rdev_set_txq_params(rdev, netdev,
1609 						     &txq_params);
1610 			if (result)
1611 				goto bad_res;
1612 		}
1613 	}
1614 
1615 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1616 		result = __nl80211_set_channel(rdev,
1617 				nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
1618 				info);
1619 		if (result)
1620 			goto bad_res;
1621 	}
1622 
1623 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1624 		struct wireless_dev *txp_wdev = wdev;
1625 		enum nl80211_tx_power_setting type;
1626 		int idx, mbm = 0;
1627 
1628 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
1629 			txp_wdev = NULL;
1630 
1631 		if (!rdev->ops->set_tx_power) {
1632 			result = -EOPNOTSUPP;
1633 			goto bad_res;
1634 		}
1635 
1636 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1637 		type = nla_get_u32(info->attrs[idx]);
1638 
1639 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1640 		    (type != NL80211_TX_POWER_AUTOMATIC)) {
1641 			result = -EINVAL;
1642 			goto bad_res;
1643 		}
1644 
1645 		if (type != NL80211_TX_POWER_AUTOMATIC) {
1646 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1647 			mbm = nla_get_u32(info->attrs[idx]);
1648 		}
1649 
1650 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
1651 		if (result)
1652 			goto bad_res;
1653 	}
1654 
1655 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1656 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1657 		u32 tx_ant, rx_ant;
1658 		if ((!rdev->wiphy.available_antennas_tx &&
1659 		     !rdev->wiphy.available_antennas_rx) ||
1660 		    !rdev->ops->set_antenna) {
1661 			result = -EOPNOTSUPP;
1662 			goto bad_res;
1663 		}
1664 
1665 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1666 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1667 
1668 		/* reject antenna configurations which don't match the
1669 		 * available antenna masks, except for the "all" mask */
1670 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1671 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1672 			result = -EINVAL;
1673 			goto bad_res;
1674 		}
1675 
1676 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1677 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1678 
1679 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
1680 		if (result)
1681 			goto bad_res;
1682 	}
1683 
1684 	changed = 0;
1685 
1686 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1687 		retry_short = nla_get_u8(
1688 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1689 		if (retry_short == 0) {
1690 			result = -EINVAL;
1691 			goto bad_res;
1692 		}
1693 		changed |= WIPHY_PARAM_RETRY_SHORT;
1694 	}
1695 
1696 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1697 		retry_long = nla_get_u8(
1698 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1699 		if (retry_long == 0) {
1700 			result = -EINVAL;
1701 			goto bad_res;
1702 		}
1703 		changed |= WIPHY_PARAM_RETRY_LONG;
1704 	}
1705 
1706 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1707 		frag_threshold = nla_get_u32(
1708 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1709 		if (frag_threshold < 256) {
1710 			result = -EINVAL;
1711 			goto bad_res;
1712 		}
1713 		if (frag_threshold != (u32) -1) {
1714 			/*
1715 			 * Fragments (apart from the last one) are required to
1716 			 * have even length. Make the fragmentation code
1717 			 * simpler by stripping LSB should someone try to use
1718 			 * odd threshold value.
1719 			 */
1720 			frag_threshold &= ~0x1;
1721 		}
1722 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1723 	}
1724 
1725 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1726 		rts_threshold = nla_get_u32(
1727 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1728 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
1729 	}
1730 
1731 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1732 		coverage_class = nla_get_u8(
1733 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1734 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
1735 	}
1736 
1737 	if (changed) {
1738 		u8 old_retry_short, old_retry_long;
1739 		u32 old_frag_threshold, old_rts_threshold;
1740 		u8 old_coverage_class;
1741 
1742 		if (!rdev->ops->set_wiphy_params) {
1743 			result = -EOPNOTSUPP;
1744 			goto bad_res;
1745 		}
1746 
1747 		old_retry_short = rdev->wiphy.retry_short;
1748 		old_retry_long = rdev->wiphy.retry_long;
1749 		old_frag_threshold = rdev->wiphy.frag_threshold;
1750 		old_rts_threshold = rdev->wiphy.rts_threshold;
1751 		old_coverage_class = rdev->wiphy.coverage_class;
1752 
1753 		if (changed & WIPHY_PARAM_RETRY_SHORT)
1754 			rdev->wiphy.retry_short = retry_short;
1755 		if (changed & WIPHY_PARAM_RETRY_LONG)
1756 			rdev->wiphy.retry_long = retry_long;
1757 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1758 			rdev->wiphy.frag_threshold = frag_threshold;
1759 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1760 			rdev->wiphy.rts_threshold = rts_threshold;
1761 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1762 			rdev->wiphy.coverage_class = coverage_class;
1763 
1764 		result = rdev_set_wiphy_params(rdev, changed);
1765 		if (result) {
1766 			rdev->wiphy.retry_short = old_retry_short;
1767 			rdev->wiphy.retry_long = old_retry_long;
1768 			rdev->wiphy.frag_threshold = old_frag_threshold;
1769 			rdev->wiphy.rts_threshold = old_rts_threshold;
1770 			rdev->wiphy.coverage_class = old_coverage_class;
1771 		}
1772 	}
1773 
1774  bad_res:
1775 	mutex_unlock(&rdev->mtx);
1776 	if (netdev)
1777 		dev_put(netdev);
1778 	return result;
1779 }
1780 
1781 static inline u64 wdev_id(struct wireless_dev *wdev)
1782 {
1783 	return (u64)wdev->identifier |
1784 	       ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
1785 }
1786 
1787 static int nl80211_send_chandef(struct sk_buff *msg,
1788 				 struct cfg80211_chan_def *chandef)
1789 {
1790 	WARN_ON(!cfg80211_chandef_valid(chandef));
1791 
1792 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
1793 			chandef->chan->center_freq))
1794 		return -ENOBUFS;
1795 	switch (chandef->width) {
1796 	case NL80211_CHAN_WIDTH_20_NOHT:
1797 	case NL80211_CHAN_WIDTH_20:
1798 	case NL80211_CHAN_WIDTH_40:
1799 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
1800 				cfg80211_get_chandef_type(chandef)))
1801 			return -ENOBUFS;
1802 		break;
1803 	default:
1804 		break;
1805 	}
1806 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
1807 		return -ENOBUFS;
1808 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
1809 		return -ENOBUFS;
1810 	if (chandef->center_freq2 &&
1811 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
1812 		return -ENOBUFS;
1813 	return 0;
1814 }
1815 
1816 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
1817 			      struct cfg80211_registered_device *rdev,
1818 			      struct wireless_dev *wdev)
1819 {
1820 	struct net_device *dev = wdev->netdev;
1821 	void *hdr;
1822 
1823 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1824 	if (!hdr)
1825 		return -1;
1826 
1827 	if (dev &&
1828 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
1829 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
1830 		goto nla_put_failure;
1831 
1832 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1833 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
1834 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
1835 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
1836 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1837 			rdev->devlist_generation ^
1838 			(cfg80211_rdev_list_generation << 2)))
1839 		goto nla_put_failure;
1840 
1841 	if (rdev->ops->get_channel) {
1842 		int ret;
1843 		struct cfg80211_chan_def chandef;
1844 
1845 		ret = rdev_get_channel(rdev, wdev, &chandef);
1846 		if (ret == 0) {
1847 			if (nl80211_send_chandef(msg, &chandef))
1848 				goto nla_put_failure;
1849 		}
1850 	}
1851 
1852 	if (wdev->ssid_len) {
1853 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
1854 			goto nla_put_failure;
1855 	}
1856 
1857 	return genlmsg_end(msg, hdr);
1858 
1859  nla_put_failure:
1860 	genlmsg_cancel(msg, hdr);
1861 	return -EMSGSIZE;
1862 }
1863 
1864 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1865 {
1866 	int wp_idx = 0;
1867 	int if_idx = 0;
1868 	int wp_start = cb->args[0];
1869 	int if_start = cb->args[1];
1870 	struct cfg80211_registered_device *rdev;
1871 	struct wireless_dev *wdev;
1872 
1873 	mutex_lock(&cfg80211_mutex);
1874 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1875 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1876 			continue;
1877 		if (wp_idx < wp_start) {
1878 			wp_idx++;
1879 			continue;
1880 		}
1881 		if_idx = 0;
1882 
1883 		mutex_lock(&rdev->devlist_mtx);
1884 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
1885 			if (if_idx < if_start) {
1886 				if_idx++;
1887 				continue;
1888 			}
1889 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
1890 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1891 					       rdev, wdev) < 0) {
1892 				mutex_unlock(&rdev->devlist_mtx);
1893 				goto out;
1894 			}
1895 			if_idx++;
1896 		}
1897 		mutex_unlock(&rdev->devlist_mtx);
1898 
1899 		wp_idx++;
1900 	}
1901  out:
1902 	mutex_unlock(&cfg80211_mutex);
1903 
1904 	cb->args[0] = wp_idx;
1905 	cb->args[1] = if_idx;
1906 
1907 	return skb->len;
1908 }
1909 
1910 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1911 {
1912 	struct sk_buff *msg;
1913 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1914 	struct wireless_dev *wdev = info->user_ptr[1];
1915 
1916 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1917 	if (!msg)
1918 		return -ENOMEM;
1919 
1920 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
1921 			       dev, wdev) < 0) {
1922 		nlmsg_free(msg);
1923 		return -ENOBUFS;
1924 	}
1925 
1926 	return genlmsg_reply(msg, info);
1927 }
1928 
1929 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1930 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1931 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1932 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1933 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1934 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1935 };
1936 
1937 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1938 {
1939 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1940 	int flag;
1941 
1942 	*mntrflags = 0;
1943 
1944 	if (!nla)
1945 		return -EINVAL;
1946 
1947 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1948 			     nla, mntr_flags_policy))
1949 		return -EINVAL;
1950 
1951 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1952 		if (flags[flag])
1953 			*mntrflags |= (1<<flag);
1954 
1955 	return 0;
1956 }
1957 
1958 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1959 			       struct net_device *netdev, u8 use_4addr,
1960 			       enum nl80211_iftype iftype)
1961 {
1962 	if (!use_4addr) {
1963 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1964 			return -EBUSY;
1965 		return 0;
1966 	}
1967 
1968 	switch (iftype) {
1969 	case NL80211_IFTYPE_AP_VLAN:
1970 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1971 			return 0;
1972 		break;
1973 	case NL80211_IFTYPE_STATION:
1974 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1975 			return 0;
1976 		break;
1977 	default:
1978 		break;
1979 	}
1980 
1981 	return -EOPNOTSUPP;
1982 }
1983 
1984 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1985 {
1986 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1987 	struct vif_params params;
1988 	int err;
1989 	enum nl80211_iftype otype, ntype;
1990 	struct net_device *dev = info->user_ptr[1];
1991 	u32 _flags, *flags = NULL;
1992 	bool change = false;
1993 
1994 	memset(&params, 0, sizeof(params));
1995 
1996 	otype = ntype = dev->ieee80211_ptr->iftype;
1997 
1998 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1999 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2000 		if (otype != ntype)
2001 			change = true;
2002 		if (ntype > NL80211_IFTYPE_MAX)
2003 			return -EINVAL;
2004 	}
2005 
2006 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2007 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2008 
2009 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2010 			return -EINVAL;
2011 		if (netif_running(dev))
2012 			return -EBUSY;
2013 
2014 		wdev_lock(wdev);
2015 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2016 			     IEEE80211_MAX_MESH_ID_LEN);
2017 		wdev->mesh_id_up_len =
2018 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2019 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2020 		       wdev->mesh_id_up_len);
2021 		wdev_unlock(wdev);
2022 	}
2023 
2024 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2025 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2026 		change = true;
2027 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2028 		if (err)
2029 			return err;
2030 	} else {
2031 		params.use_4addr = -1;
2032 	}
2033 
2034 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2035 		if (ntype != NL80211_IFTYPE_MONITOR)
2036 			return -EINVAL;
2037 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2038 					  &_flags);
2039 		if (err)
2040 			return err;
2041 
2042 		flags = &_flags;
2043 		change = true;
2044 	}
2045 
2046 	if (change)
2047 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2048 	else
2049 		err = 0;
2050 
2051 	if (!err && params.use_4addr != -1)
2052 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2053 
2054 	return err;
2055 }
2056 
2057 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2058 {
2059 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2060 	struct vif_params params;
2061 	struct wireless_dev *wdev;
2062 	struct sk_buff *msg;
2063 	int err;
2064 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2065 	u32 flags;
2066 
2067 	memset(&params, 0, sizeof(params));
2068 
2069 	if (!info->attrs[NL80211_ATTR_IFNAME])
2070 		return -EINVAL;
2071 
2072 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2073 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2074 		if (type > NL80211_IFTYPE_MAX)
2075 			return -EINVAL;
2076 	}
2077 
2078 	if (!rdev->ops->add_virtual_intf ||
2079 	    !(rdev->wiphy.interface_modes & (1 << type)))
2080 		return -EOPNOTSUPP;
2081 
2082 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2083 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2084 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2085 		if (err)
2086 			return err;
2087 	}
2088 
2089 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2090 	if (!msg)
2091 		return -ENOMEM;
2092 
2093 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2094 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2095 				  &flags);
2096 	wdev = rdev_add_virtual_intf(rdev,
2097 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2098 				type, err ? NULL : &flags, &params);
2099 	if (IS_ERR(wdev)) {
2100 		nlmsg_free(msg);
2101 		return PTR_ERR(wdev);
2102 	}
2103 
2104 	switch (type) {
2105 	case NL80211_IFTYPE_MESH_POINT:
2106 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2107 			break;
2108 		wdev_lock(wdev);
2109 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2110 			     IEEE80211_MAX_MESH_ID_LEN);
2111 		wdev->mesh_id_up_len =
2112 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2113 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2114 		       wdev->mesh_id_up_len);
2115 		wdev_unlock(wdev);
2116 		break;
2117 	case NL80211_IFTYPE_P2P_DEVICE:
2118 		/*
2119 		 * P2P Device doesn't have a netdev, so doesn't go
2120 		 * through the netdev notifier and must be added here
2121 		 */
2122 		mutex_init(&wdev->mtx);
2123 		INIT_LIST_HEAD(&wdev->event_list);
2124 		spin_lock_init(&wdev->event_lock);
2125 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2126 		spin_lock_init(&wdev->mgmt_registrations_lock);
2127 
2128 		mutex_lock(&rdev->devlist_mtx);
2129 		wdev->identifier = ++rdev->wdev_id;
2130 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2131 		rdev->devlist_generation++;
2132 		mutex_unlock(&rdev->devlist_mtx);
2133 		break;
2134 	default:
2135 		break;
2136 	}
2137 
2138 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2139 			       rdev, wdev) < 0) {
2140 		nlmsg_free(msg);
2141 		return -ENOBUFS;
2142 	}
2143 
2144 	return genlmsg_reply(msg, info);
2145 }
2146 
2147 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2148 {
2149 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2150 	struct wireless_dev *wdev = info->user_ptr[1];
2151 
2152 	if (!rdev->ops->del_virtual_intf)
2153 		return -EOPNOTSUPP;
2154 
2155 	/*
2156 	 * If we remove a wireless device without a netdev then clear
2157 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2158 	 * to check if it needs to do dev_put(). Otherwise it crashes
2159 	 * since the wdev has been freed, unlike with a netdev where
2160 	 * we need the dev_put() for the netdev to really be freed.
2161 	 */
2162 	if (!wdev->netdev)
2163 		info->user_ptr[1] = NULL;
2164 
2165 	return rdev_del_virtual_intf(rdev, wdev);
2166 }
2167 
2168 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2169 {
2170 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2171 	struct net_device *dev = info->user_ptr[1];
2172 	u16 noack_map;
2173 
2174 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2175 		return -EINVAL;
2176 
2177 	if (!rdev->ops->set_noack_map)
2178 		return -EOPNOTSUPP;
2179 
2180 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2181 
2182 	return rdev_set_noack_map(rdev, dev, noack_map);
2183 }
2184 
2185 struct get_key_cookie {
2186 	struct sk_buff *msg;
2187 	int error;
2188 	int idx;
2189 };
2190 
2191 static void get_key_callback(void *c, struct key_params *params)
2192 {
2193 	struct nlattr *key;
2194 	struct get_key_cookie *cookie = c;
2195 
2196 	if ((params->key &&
2197 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2198 		     params->key_len, params->key)) ||
2199 	    (params->seq &&
2200 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2201 		     params->seq_len, params->seq)) ||
2202 	    (params->cipher &&
2203 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2204 			 params->cipher)))
2205 		goto nla_put_failure;
2206 
2207 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2208 	if (!key)
2209 		goto nla_put_failure;
2210 
2211 	if ((params->key &&
2212 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2213 		     params->key_len, params->key)) ||
2214 	    (params->seq &&
2215 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2216 		     params->seq_len, params->seq)) ||
2217 	    (params->cipher &&
2218 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2219 			 params->cipher)))
2220 		goto nla_put_failure;
2221 
2222 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2223 		goto nla_put_failure;
2224 
2225 	nla_nest_end(cookie->msg, key);
2226 
2227 	return;
2228  nla_put_failure:
2229 	cookie->error = 1;
2230 }
2231 
2232 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2233 {
2234 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2235 	int err;
2236 	struct net_device *dev = info->user_ptr[1];
2237 	u8 key_idx = 0;
2238 	const u8 *mac_addr = NULL;
2239 	bool pairwise;
2240 	struct get_key_cookie cookie = {
2241 		.error = 0,
2242 	};
2243 	void *hdr;
2244 	struct sk_buff *msg;
2245 
2246 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2247 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2248 
2249 	if (key_idx > 5)
2250 		return -EINVAL;
2251 
2252 	if (info->attrs[NL80211_ATTR_MAC])
2253 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2254 
2255 	pairwise = !!mac_addr;
2256 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2257 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2258 		if (kt >= NUM_NL80211_KEYTYPES)
2259 			return -EINVAL;
2260 		if (kt != NL80211_KEYTYPE_GROUP &&
2261 		    kt != NL80211_KEYTYPE_PAIRWISE)
2262 			return -EINVAL;
2263 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2264 	}
2265 
2266 	if (!rdev->ops->get_key)
2267 		return -EOPNOTSUPP;
2268 
2269 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2270 	if (!msg)
2271 		return -ENOMEM;
2272 
2273 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2274 			     NL80211_CMD_NEW_KEY);
2275 	if (IS_ERR(hdr))
2276 		return PTR_ERR(hdr);
2277 
2278 	cookie.msg = msg;
2279 	cookie.idx = key_idx;
2280 
2281 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2282 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2283 		goto nla_put_failure;
2284 	if (mac_addr &&
2285 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2286 		goto nla_put_failure;
2287 
2288 	if (pairwise && mac_addr &&
2289 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2290 		return -ENOENT;
2291 
2292 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2293 			   get_key_callback);
2294 
2295 	if (err)
2296 		goto free_msg;
2297 
2298 	if (cookie.error)
2299 		goto nla_put_failure;
2300 
2301 	genlmsg_end(msg, hdr);
2302 	return genlmsg_reply(msg, info);
2303 
2304  nla_put_failure:
2305 	err = -ENOBUFS;
2306  free_msg:
2307 	nlmsg_free(msg);
2308 	return err;
2309 }
2310 
2311 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2312 {
2313 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2314 	struct key_parse key;
2315 	int err;
2316 	struct net_device *dev = info->user_ptr[1];
2317 
2318 	err = nl80211_parse_key(info, &key);
2319 	if (err)
2320 		return err;
2321 
2322 	if (key.idx < 0)
2323 		return -EINVAL;
2324 
2325 	/* only support setting default key */
2326 	if (!key.def && !key.defmgmt)
2327 		return -EINVAL;
2328 
2329 	wdev_lock(dev->ieee80211_ptr);
2330 
2331 	if (key.def) {
2332 		if (!rdev->ops->set_default_key) {
2333 			err = -EOPNOTSUPP;
2334 			goto out;
2335 		}
2336 
2337 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2338 		if (err)
2339 			goto out;
2340 
2341 		err = rdev_set_default_key(rdev, dev, key.idx,
2342 						 key.def_uni, key.def_multi);
2343 
2344 		if (err)
2345 			goto out;
2346 
2347 #ifdef CONFIG_CFG80211_WEXT
2348 		dev->ieee80211_ptr->wext.default_key = key.idx;
2349 #endif
2350 	} else {
2351 		if (key.def_uni || !key.def_multi) {
2352 			err = -EINVAL;
2353 			goto out;
2354 		}
2355 
2356 		if (!rdev->ops->set_default_mgmt_key) {
2357 			err = -EOPNOTSUPP;
2358 			goto out;
2359 		}
2360 
2361 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2362 		if (err)
2363 			goto out;
2364 
2365 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2366 		if (err)
2367 			goto out;
2368 
2369 #ifdef CONFIG_CFG80211_WEXT
2370 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2371 #endif
2372 	}
2373 
2374  out:
2375 	wdev_unlock(dev->ieee80211_ptr);
2376 
2377 	return err;
2378 }
2379 
2380 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2381 {
2382 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2383 	int err;
2384 	struct net_device *dev = info->user_ptr[1];
2385 	struct key_parse key;
2386 	const u8 *mac_addr = NULL;
2387 
2388 	err = nl80211_parse_key(info, &key);
2389 	if (err)
2390 		return err;
2391 
2392 	if (!key.p.key)
2393 		return -EINVAL;
2394 
2395 	if (info->attrs[NL80211_ATTR_MAC])
2396 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2397 
2398 	if (key.type == -1) {
2399 		if (mac_addr)
2400 			key.type = NL80211_KEYTYPE_PAIRWISE;
2401 		else
2402 			key.type = NL80211_KEYTYPE_GROUP;
2403 	}
2404 
2405 	/* for now */
2406 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2407 	    key.type != NL80211_KEYTYPE_GROUP)
2408 		return -EINVAL;
2409 
2410 	if (!rdev->ops->add_key)
2411 		return -EOPNOTSUPP;
2412 
2413 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2414 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2415 					   mac_addr))
2416 		return -EINVAL;
2417 
2418 	wdev_lock(dev->ieee80211_ptr);
2419 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2420 	if (!err)
2421 		err = rdev_add_key(rdev, dev, key.idx,
2422 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2423 				    mac_addr, &key.p);
2424 	wdev_unlock(dev->ieee80211_ptr);
2425 
2426 	return err;
2427 }
2428 
2429 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2430 {
2431 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2432 	int err;
2433 	struct net_device *dev = info->user_ptr[1];
2434 	u8 *mac_addr = NULL;
2435 	struct key_parse key;
2436 
2437 	err = nl80211_parse_key(info, &key);
2438 	if (err)
2439 		return err;
2440 
2441 	if (info->attrs[NL80211_ATTR_MAC])
2442 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2443 
2444 	if (key.type == -1) {
2445 		if (mac_addr)
2446 			key.type = NL80211_KEYTYPE_PAIRWISE;
2447 		else
2448 			key.type = NL80211_KEYTYPE_GROUP;
2449 	}
2450 
2451 	/* for now */
2452 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2453 	    key.type != NL80211_KEYTYPE_GROUP)
2454 		return -EINVAL;
2455 
2456 	if (!rdev->ops->del_key)
2457 		return -EOPNOTSUPP;
2458 
2459 	wdev_lock(dev->ieee80211_ptr);
2460 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2461 
2462 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2463 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2464 		err = -ENOENT;
2465 
2466 	if (!err)
2467 		err = rdev_del_key(rdev, dev, key.idx,
2468 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2469 				   mac_addr);
2470 
2471 #ifdef CONFIG_CFG80211_WEXT
2472 	if (!err) {
2473 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2474 			dev->ieee80211_ptr->wext.default_key = -1;
2475 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2476 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2477 	}
2478 #endif
2479 	wdev_unlock(dev->ieee80211_ptr);
2480 
2481 	return err;
2482 }
2483 
2484 static int nl80211_parse_beacon(struct genl_info *info,
2485 				struct cfg80211_beacon_data *bcn)
2486 {
2487 	bool haveinfo = false;
2488 
2489 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2490 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2491 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2492 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2493 		return -EINVAL;
2494 
2495 	memset(bcn, 0, sizeof(*bcn));
2496 
2497 	if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2498 		bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2499 		bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2500 		if (!bcn->head_len)
2501 			return -EINVAL;
2502 		haveinfo = true;
2503 	}
2504 
2505 	if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2506 		bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2507 		bcn->tail_len =
2508 		    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2509 		haveinfo = true;
2510 	}
2511 
2512 	if (!haveinfo)
2513 		return -EINVAL;
2514 
2515 	if (info->attrs[NL80211_ATTR_IE]) {
2516 		bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2517 		bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2518 	}
2519 
2520 	if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2521 		bcn->proberesp_ies =
2522 			nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2523 		bcn->proberesp_ies_len =
2524 			nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2525 	}
2526 
2527 	if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2528 		bcn->assocresp_ies =
2529 			nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2530 		bcn->assocresp_ies_len =
2531 			nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2532 	}
2533 
2534 	if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2535 		bcn->probe_resp =
2536 			nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2537 		bcn->probe_resp_len =
2538 			nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2539 	}
2540 
2541 	return 0;
2542 }
2543 
2544 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
2545 				   struct cfg80211_ap_settings *params)
2546 {
2547 	struct wireless_dev *wdev;
2548 	bool ret = false;
2549 
2550 	mutex_lock(&rdev->devlist_mtx);
2551 
2552 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
2553 		if (wdev->iftype != NL80211_IFTYPE_AP &&
2554 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
2555 			continue;
2556 
2557 		if (!wdev->preset_chandef.chan)
2558 			continue;
2559 
2560 		params->chandef = wdev->preset_chandef;
2561 		ret = true;
2562 		break;
2563 	}
2564 
2565 	mutex_unlock(&rdev->devlist_mtx);
2566 
2567 	return ret;
2568 }
2569 
2570 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
2571 				    enum nl80211_auth_type auth_type,
2572 				    enum nl80211_commands cmd)
2573 {
2574 	if (auth_type > NL80211_AUTHTYPE_MAX)
2575 		return false;
2576 
2577 	switch (cmd) {
2578 	case NL80211_CMD_AUTHENTICATE:
2579 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
2580 		    auth_type == NL80211_AUTHTYPE_SAE)
2581 			return false;
2582 		return true;
2583 	case NL80211_CMD_CONNECT:
2584 	case NL80211_CMD_START_AP:
2585 		/* SAE not supported yet */
2586 		if (auth_type == NL80211_AUTHTYPE_SAE)
2587 			return false;
2588 		return true;
2589 	default:
2590 		return false;
2591 	}
2592 }
2593 
2594 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2595 {
2596 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2597 	struct net_device *dev = info->user_ptr[1];
2598 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2599 	struct cfg80211_ap_settings params;
2600 	int err;
2601 
2602 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2603 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2604 		return -EOPNOTSUPP;
2605 
2606 	if (!rdev->ops->start_ap)
2607 		return -EOPNOTSUPP;
2608 
2609 	if (wdev->beacon_interval)
2610 		return -EALREADY;
2611 
2612 	memset(&params, 0, sizeof(params));
2613 
2614 	/* these are required for START_AP */
2615 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2616 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2617 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
2618 		return -EINVAL;
2619 
2620 	err = nl80211_parse_beacon(info, &params.beacon);
2621 	if (err)
2622 		return err;
2623 
2624 	params.beacon_interval =
2625 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2626 	params.dtim_period =
2627 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2628 
2629 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2630 	if (err)
2631 		return err;
2632 
2633 	/*
2634 	 * In theory, some of these attributes should be required here
2635 	 * but since they were not used when the command was originally
2636 	 * added, keep them optional for old user space programs to let
2637 	 * them continue to work with drivers that do not need the
2638 	 * additional information -- drivers must check!
2639 	 */
2640 	if (info->attrs[NL80211_ATTR_SSID]) {
2641 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2642 		params.ssid_len =
2643 			nla_len(info->attrs[NL80211_ATTR_SSID]);
2644 		if (params.ssid_len == 0 ||
2645 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
2646 			return -EINVAL;
2647 	}
2648 
2649 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2650 		params.hidden_ssid = nla_get_u32(
2651 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2652 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2653 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2654 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2655 			return -EINVAL;
2656 	}
2657 
2658 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2659 
2660 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2661 		params.auth_type = nla_get_u32(
2662 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
2663 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
2664 					     NL80211_CMD_START_AP))
2665 			return -EINVAL;
2666 	} else
2667 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2668 
2669 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
2670 				      NL80211_MAX_NR_CIPHER_SUITES);
2671 	if (err)
2672 		return err;
2673 
2674 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
2675 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
2676 			return -EOPNOTSUPP;
2677 		params.inactivity_timeout = nla_get_u16(
2678 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
2679 	}
2680 
2681 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
2682 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2683 			return -EINVAL;
2684 		params.p2p_ctwindow =
2685 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
2686 		if (params.p2p_ctwindow > 127)
2687 			return -EINVAL;
2688 		if (params.p2p_ctwindow != 0 &&
2689 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
2690 			return -EINVAL;
2691 	}
2692 
2693 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
2694 		u8 tmp;
2695 
2696 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2697 			return -EINVAL;
2698 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
2699 		if (tmp > 1)
2700 			return -EINVAL;
2701 		params.p2p_opp_ps = tmp;
2702 		if (params.p2p_opp_ps != 0 &&
2703 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
2704 			return -EINVAL;
2705 	}
2706 
2707 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2708 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
2709 		if (err)
2710 			return err;
2711 	} else if (wdev->preset_chandef.chan) {
2712 		params.chandef = wdev->preset_chandef;
2713 	} else if (!nl80211_get_ap_channel(rdev, &params))
2714 		return -EINVAL;
2715 
2716 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
2717 		return -EINVAL;
2718 
2719 	mutex_lock(&rdev->devlist_mtx);
2720 	err = cfg80211_can_use_chan(rdev, wdev, params.chandef.chan,
2721 				    CHAN_MODE_SHARED);
2722 	mutex_unlock(&rdev->devlist_mtx);
2723 
2724 	if (err)
2725 		return err;
2726 
2727 	err = rdev_start_ap(rdev, dev, &params);
2728 	if (!err) {
2729 		wdev->preset_chandef = params.chandef;
2730 		wdev->beacon_interval = params.beacon_interval;
2731 		wdev->channel = params.chandef.chan;
2732 		wdev->ssid_len = params.ssid_len;
2733 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
2734 	}
2735 	return err;
2736 }
2737 
2738 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2739 {
2740 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2741 	struct net_device *dev = info->user_ptr[1];
2742 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2743 	struct cfg80211_beacon_data params;
2744 	int err;
2745 
2746 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2747 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2748 		return -EOPNOTSUPP;
2749 
2750 	if (!rdev->ops->change_beacon)
2751 		return -EOPNOTSUPP;
2752 
2753 	if (!wdev->beacon_interval)
2754 		return -EINVAL;
2755 
2756 	err = nl80211_parse_beacon(info, &params);
2757 	if (err)
2758 		return err;
2759 
2760 	return rdev_change_beacon(rdev, dev, &params);
2761 }
2762 
2763 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2764 {
2765 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2766 	struct net_device *dev = info->user_ptr[1];
2767 
2768 	return cfg80211_stop_ap(rdev, dev);
2769 }
2770 
2771 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2772 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2773 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2774 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2775 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2776 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2777 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2778 };
2779 
2780 static int parse_station_flags(struct genl_info *info,
2781 			       enum nl80211_iftype iftype,
2782 			       struct station_parameters *params)
2783 {
2784 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2785 	struct nlattr *nla;
2786 	int flag;
2787 
2788 	/*
2789 	 * Try parsing the new attribute first so userspace
2790 	 * can specify both for older kernels.
2791 	 */
2792 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2793 	if (nla) {
2794 		struct nl80211_sta_flag_update *sta_flags;
2795 
2796 		sta_flags = nla_data(nla);
2797 		params->sta_flags_mask = sta_flags->mask;
2798 		params->sta_flags_set = sta_flags->set;
2799 		if ((params->sta_flags_mask |
2800 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2801 			return -EINVAL;
2802 		return 0;
2803 	}
2804 
2805 	/* if present, parse the old attribute */
2806 
2807 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2808 	if (!nla)
2809 		return 0;
2810 
2811 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2812 			     nla, sta_flags_policy))
2813 		return -EINVAL;
2814 
2815 	/*
2816 	 * Only allow certain flags for interface types so that
2817 	 * other attributes are silently ignored. Remember that
2818 	 * this is backward compatibility code with old userspace
2819 	 * and shouldn't be hit in other cases anyway.
2820 	 */
2821 	switch (iftype) {
2822 	case NL80211_IFTYPE_AP:
2823 	case NL80211_IFTYPE_AP_VLAN:
2824 	case NL80211_IFTYPE_P2P_GO:
2825 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2826 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2827 					 BIT(NL80211_STA_FLAG_WME) |
2828 					 BIT(NL80211_STA_FLAG_MFP);
2829 		break;
2830 	case NL80211_IFTYPE_P2P_CLIENT:
2831 	case NL80211_IFTYPE_STATION:
2832 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2833 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
2834 		break;
2835 	case NL80211_IFTYPE_MESH_POINT:
2836 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2837 					 BIT(NL80211_STA_FLAG_MFP) |
2838 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
2839 	default:
2840 		return -EINVAL;
2841 	}
2842 
2843 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
2844 		if (flags[flag]) {
2845 			params->sta_flags_set |= (1<<flag);
2846 
2847 			/* no longer support new API additions in old API */
2848 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
2849 				return -EINVAL;
2850 		}
2851 	}
2852 
2853 	return 0;
2854 }
2855 
2856 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2857 				 int attr)
2858 {
2859 	struct nlattr *rate;
2860 	u32 bitrate;
2861 	u16 bitrate_compat;
2862 
2863 	rate = nla_nest_start(msg, attr);
2864 	if (!rate)
2865 		return false;
2866 
2867 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2868 	bitrate = cfg80211_calculate_bitrate(info);
2869 	/* report 16-bit bitrate only if we can */
2870 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
2871 	if (bitrate > 0 &&
2872 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
2873 		return false;
2874 	if (bitrate_compat > 0 &&
2875 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
2876 		return false;
2877 
2878 	if (info->flags & RATE_INFO_FLAGS_MCS) {
2879 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
2880 			return false;
2881 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
2882 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
2883 			return false;
2884 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
2885 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
2886 			return false;
2887 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
2888 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
2889 			return false;
2890 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
2891 			return false;
2892 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
2893 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
2894 			return false;
2895 		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
2896 		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
2897 			return false;
2898 		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
2899 		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
2900 			return false;
2901 		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
2902 		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
2903 			return false;
2904 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
2905 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
2906 			return false;
2907 	}
2908 
2909 	nla_nest_end(msg, rate);
2910 	return true;
2911 }
2912 
2913 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
2914 				int flags,
2915 				struct cfg80211_registered_device *rdev,
2916 				struct net_device *dev,
2917 				const u8 *mac_addr, struct station_info *sinfo)
2918 {
2919 	void *hdr;
2920 	struct nlattr *sinfoattr, *bss_param;
2921 
2922 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
2923 	if (!hdr)
2924 		return -1;
2925 
2926 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2927 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
2928 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
2929 		goto nla_put_failure;
2930 
2931 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2932 	if (!sinfoattr)
2933 		goto nla_put_failure;
2934 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
2935 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2936 			sinfo->connected_time))
2937 		goto nla_put_failure;
2938 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
2939 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2940 			sinfo->inactive_time))
2941 		goto nla_put_failure;
2942 	if ((sinfo->filled & STATION_INFO_RX_BYTES) &&
2943 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
2944 			sinfo->rx_bytes))
2945 		goto nla_put_failure;
2946 	if ((sinfo->filled & STATION_INFO_TX_BYTES) &&
2947 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
2948 			sinfo->tx_bytes))
2949 		goto nla_put_failure;
2950 	if ((sinfo->filled & STATION_INFO_LLID) &&
2951 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
2952 		goto nla_put_failure;
2953 	if ((sinfo->filled & STATION_INFO_PLID) &&
2954 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
2955 		goto nla_put_failure;
2956 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
2957 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
2958 		       sinfo->plink_state))
2959 		goto nla_put_failure;
2960 	switch (rdev->wiphy.signal_type) {
2961 	case CFG80211_SIGNAL_TYPE_MBM:
2962 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
2963 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
2964 			       sinfo->signal))
2965 			goto nla_put_failure;
2966 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
2967 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2968 			       sinfo->signal_avg))
2969 			goto nla_put_failure;
2970 		break;
2971 	default:
2972 		break;
2973 	}
2974 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2975 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2976 					  NL80211_STA_INFO_TX_BITRATE))
2977 			goto nla_put_failure;
2978 	}
2979 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2980 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2981 					  NL80211_STA_INFO_RX_BITRATE))
2982 			goto nla_put_failure;
2983 	}
2984 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
2985 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
2986 			sinfo->rx_packets))
2987 		goto nla_put_failure;
2988 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
2989 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
2990 			sinfo->tx_packets))
2991 		goto nla_put_failure;
2992 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
2993 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
2994 			sinfo->tx_retries))
2995 		goto nla_put_failure;
2996 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
2997 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
2998 			sinfo->tx_failed))
2999 		goto nla_put_failure;
3000 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3001 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3002 			sinfo->beacon_loss_count))
3003 		goto nla_put_failure;
3004 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3005 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3006 		if (!bss_param)
3007 			goto nla_put_failure;
3008 
3009 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3010 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3011 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3012 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3013 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3014 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3015 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3016 			       sinfo->bss_param.dtim_period) ||
3017 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3018 				sinfo->bss_param.beacon_interval))
3019 			goto nla_put_failure;
3020 
3021 		nla_nest_end(msg, bss_param);
3022 	}
3023 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3024 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3025 		    sizeof(struct nl80211_sta_flag_update),
3026 		    &sinfo->sta_flags))
3027 		goto nla_put_failure;
3028 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3029 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3030 			    sinfo->t_offset))
3031 		goto nla_put_failure;
3032 	nla_nest_end(msg, sinfoattr);
3033 
3034 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3035 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3036 		    sinfo->assoc_req_ies))
3037 		goto nla_put_failure;
3038 
3039 	return genlmsg_end(msg, hdr);
3040 
3041  nla_put_failure:
3042 	genlmsg_cancel(msg, hdr);
3043 	return -EMSGSIZE;
3044 }
3045 
3046 static int nl80211_dump_station(struct sk_buff *skb,
3047 				struct netlink_callback *cb)
3048 {
3049 	struct station_info sinfo;
3050 	struct cfg80211_registered_device *dev;
3051 	struct net_device *netdev;
3052 	u8 mac_addr[ETH_ALEN];
3053 	int sta_idx = cb->args[1];
3054 	int err;
3055 
3056 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3057 	if (err)
3058 		return err;
3059 
3060 	if (!dev->ops->dump_station) {
3061 		err = -EOPNOTSUPP;
3062 		goto out_err;
3063 	}
3064 
3065 	while (1) {
3066 		memset(&sinfo, 0, sizeof(sinfo));
3067 		err = rdev_dump_station(dev, netdev, sta_idx,
3068 					mac_addr, &sinfo);
3069 		if (err == -ENOENT)
3070 			break;
3071 		if (err)
3072 			goto out_err;
3073 
3074 		if (nl80211_send_station(skb,
3075 				NETLINK_CB(cb->skb).portid,
3076 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3077 				dev, netdev, mac_addr,
3078 				&sinfo) < 0)
3079 			goto out;
3080 
3081 		sta_idx++;
3082 	}
3083 
3084 
3085  out:
3086 	cb->args[1] = sta_idx;
3087 	err = skb->len;
3088  out_err:
3089 	nl80211_finish_netdev_dump(dev);
3090 
3091 	return err;
3092 }
3093 
3094 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3095 {
3096 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3097 	struct net_device *dev = info->user_ptr[1];
3098 	struct station_info sinfo;
3099 	struct sk_buff *msg;
3100 	u8 *mac_addr = NULL;
3101 	int err;
3102 
3103 	memset(&sinfo, 0, sizeof(sinfo));
3104 
3105 	if (!info->attrs[NL80211_ATTR_MAC])
3106 		return -EINVAL;
3107 
3108 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3109 
3110 	if (!rdev->ops->get_station)
3111 		return -EOPNOTSUPP;
3112 
3113 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3114 	if (err)
3115 		return err;
3116 
3117 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3118 	if (!msg)
3119 		return -ENOMEM;
3120 
3121 	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3122 				 rdev, dev, mac_addr, &sinfo) < 0) {
3123 		nlmsg_free(msg);
3124 		return -ENOBUFS;
3125 	}
3126 
3127 	return genlmsg_reply(msg, info);
3128 }
3129 
3130 /*
3131  * Get vlan interface making sure it is running and on the right wiphy.
3132  */
3133 static struct net_device *get_vlan(struct genl_info *info,
3134 				   struct cfg80211_registered_device *rdev)
3135 {
3136 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3137 	struct net_device *v;
3138 	int ret;
3139 
3140 	if (!vlanattr)
3141 		return NULL;
3142 
3143 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3144 	if (!v)
3145 		return ERR_PTR(-ENODEV);
3146 
3147 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3148 		ret = -EINVAL;
3149 		goto error;
3150 	}
3151 
3152 	if (!netif_running(v)) {
3153 		ret = -ENETDOWN;
3154 		goto error;
3155 	}
3156 
3157 	return v;
3158  error:
3159 	dev_put(v);
3160 	return ERR_PTR(ret);
3161 }
3162 
3163 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
3164 {
3165 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3166 	int err;
3167 	struct net_device *dev = info->user_ptr[1];
3168 	struct station_parameters params;
3169 	u8 *mac_addr = NULL;
3170 
3171 	memset(&params, 0, sizeof(params));
3172 
3173 	params.listen_interval = -1;
3174 	params.plink_state = -1;
3175 
3176 	if (info->attrs[NL80211_ATTR_STA_AID])
3177 		return -EINVAL;
3178 
3179 	if (!info->attrs[NL80211_ATTR_MAC])
3180 		return -EINVAL;
3181 
3182 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3183 
3184 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
3185 		params.supported_rates =
3186 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3187 		params.supported_rates_len =
3188 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3189 	}
3190 
3191 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3192 		params.listen_interval =
3193 		    nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
3194 
3195 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3196 		params.ht_capa =
3197 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3198 
3199 	if (!rdev->ops->change_station)
3200 		return -EOPNOTSUPP;
3201 
3202 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
3203 		return -EINVAL;
3204 
3205 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3206 		params.plink_action =
3207 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3208 
3209 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
3210 		params.plink_state =
3211 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
3212 
3213 	switch (dev->ieee80211_ptr->iftype) {
3214 	case NL80211_IFTYPE_AP:
3215 	case NL80211_IFTYPE_AP_VLAN:
3216 	case NL80211_IFTYPE_P2P_GO:
3217 		/* disallow mesh-specific things */
3218 		if (params.plink_action)
3219 			return -EINVAL;
3220 
3221 		/* TDLS can't be set, ... */
3222 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3223 			return -EINVAL;
3224 		/*
3225 		 * ... but don't bother the driver with it. This works around
3226 		 * a hostapd/wpa_supplicant issue -- it always includes the
3227 		 * TLDS_PEER flag in the mask even for AP mode.
3228 		 */
3229 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3230 
3231 		/* accept only the listed bits */
3232 		if (params.sta_flags_mask &
3233 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3234 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3235 				  BIT(NL80211_STA_FLAG_WME) |
3236 				  BIT(NL80211_STA_FLAG_MFP)))
3237 			return -EINVAL;
3238 
3239 		/* must be last in here for error handling */
3240 		params.vlan = get_vlan(info, rdev);
3241 		if (IS_ERR(params.vlan))
3242 			return PTR_ERR(params.vlan);
3243 		break;
3244 	case NL80211_IFTYPE_P2P_CLIENT:
3245 	case NL80211_IFTYPE_STATION:
3246 		/*
3247 		 * Don't allow userspace to change the TDLS_PEER flag,
3248 		 * but silently ignore attempts to change it since we
3249 		 * don't have state here to verify that it doesn't try
3250 		 * to change the flag.
3251 		 */
3252 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3253 		/* fall through */
3254 	case NL80211_IFTYPE_ADHOC:
3255 		/* disallow things sta doesn't support */
3256 		if (params.plink_action)
3257 			return -EINVAL;
3258 		if (params.ht_capa)
3259 			return -EINVAL;
3260 		if (params.listen_interval >= 0)
3261 			return -EINVAL;
3262 		/* reject any changes other than AUTHORIZED */
3263 		if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3264 			return -EINVAL;
3265 		break;
3266 	case NL80211_IFTYPE_MESH_POINT:
3267 		/* disallow things mesh doesn't support */
3268 		if (params.vlan)
3269 			return -EINVAL;
3270 		if (params.ht_capa)
3271 			return -EINVAL;
3272 		if (params.listen_interval >= 0)
3273 			return -EINVAL;
3274 		/*
3275 		 * No special handling for TDLS here -- the userspace
3276 		 * mesh code doesn't have this bug.
3277 		 */
3278 		if (params.sta_flags_mask &
3279 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3280 				  BIT(NL80211_STA_FLAG_MFP) |
3281 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3282 			return -EINVAL;
3283 		break;
3284 	default:
3285 		return -EOPNOTSUPP;
3286 	}
3287 
3288 	/* be aware of params.vlan when changing code here */
3289 
3290 	err = rdev_change_station(rdev, dev, mac_addr, &params);
3291 
3292 	if (params.vlan)
3293 		dev_put(params.vlan);
3294 
3295 	return err;
3296 }
3297 
3298 static struct nla_policy
3299 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
3300 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3301 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3302 };
3303 
3304 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
3305 {
3306 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3307 	int err;
3308 	struct net_device *dev = info->user_ptr[1];
3309 	struct station_parameters params;
3310 	u8 *mac_addr = NULL;
3311 
3312 	memset(&params, 0, sizeof(params));
3313 
3314 	if (!info->attrs[NL80211_ATTR_MAC])
3315 		return -EINVAL;
3316 
3317 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
3318 		return -EINVAL;
3319 
3320 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
3321 		return -EINVAL;
3322 
3323 	if (!info->attrs[NL80211_ATTR_STA_AID])
3324 		return -EINVAL;
3325 
3326 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3327 	params.supported_rates =
3328 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3329 	params.supported_rates_len =
3330 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
3331 	params.listen_interval =
3332 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
3333 
3334 	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
3335 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
3336 		return -EINVAL;
3337 
3338 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
3339 		params.ht_capa =
3340 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
3341 
3342 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
3343 		params.vht_capa =
3344 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
3345 
3346 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
3347 		params.plink_action =
3348 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
3349 
3350 	if (!rdev->ops->add_station)
3351 		return -EOPNOTSUPP;
3352 
3353 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
3354 		return -EINVAL;
3355 
3356 	switch (dev->ieee80211_ptr->iftype) {
3357 	case NL80211_IFTYPE_AP:
3358 	case NL80211_IFTYPE_AP_VLAN:
3359 	case NL80211_IFTYPE_P2P_GO:
3360 		/* parse WME attributes if sta is WME capable */
3361 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
3362 		    (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
3363 		    info->attrs[NL80211_ATTR_STA_WME]) {
3364 			struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3365 			struct nlattr *nla;
3366 
3367 			nla = info->attrs[NL80211_ATTR_STA_WME];
3368 			err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3369 					       nl80211_sta_wme_policy);
3370 			if (err)
3371 				return err;
3372 
3373 			if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3374 				params.uapsd_queues =
3375 				     nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
3376 			if (params.uapsd_queues &
3377 					~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3378 				return -EINVAL;
3379 
3380 			if (tb[NL80211_STA_WME_MAX_SP])
3381 				params.max_sp =
3382 				     nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3383 
3384 			if (params.max_sp &
3385 					~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3386 				return -EINVAL;
3387 
3388 			params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3389 		}
3390 		/* TDLS peers cannot be added */
3391 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3392 			return -EINVAL;
3393 		/* but don't bother the driver with it */
3394 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3395 
3396 		/* must be last in here for error handling */
3397 		params.vlan = get_vlan(info, rdev);
3398 		if (IS_ERR(params.vlan))
3399 			return PTR_ERR(params.vlan);
3400 		break;
3401 	case NL80211_IFTYPE_MESH_POINT:
3402 		/* TDLS peers cannot be added */
3403 		if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3404 			return -EINVAL;
3405 		break;
3406 	case NL80211_IFTYPE_STATION:
3407 		/* Only TDLS peers can be added */
3408 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3409 			return -EINVAL;
3410 		/* Can only add if TDLS ... */
3411 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
3412 			return -EOPNOTSUPP;
3413 		/* ... with external setup is supported */
3414 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
3415 			return -EOPNOTSUPP;
3416 		break;
3417 	default:
3418 		return -EOPNOTSUPP;
3419 	}
3420 
3421 	/* be aware of params.vlan when changing code here */
3422 
3423 	err = rdev_add_station(rdev, dev, mac_addr, &params);
3424 
3425 	if (params.vlan)
3426 		dev_put(params.vlan);
3427 	return err;
3428 }
3429 
3430 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
3431 {
3432 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3433 	struct net_device *dev = info->user_ptr[1];
3434 	u8 *mac_addr = NULL;
3435 
3436 	if (info->attrs[NL80211_ATTR_MAC])
3437 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3438 
3439 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3440 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3441 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
3442 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3443 		return -EINVAL;
3444 
3445 	if (!rdev->ops->del_station)
3446 		return -EOPNOTSUPP;
3447 
3448 	return rdev_del_station(rdev, dev, mac_addr);
3449 }
3450 
3451 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
3452 				int flags, struct net_device *dev,
3453 				u8 *dst, u8 *next_hop,
3454 				struct mpath_info *pinfo)
3455 {
3456 	void *hdr;
3457 	struct nlattr *pinfoattr;
3458 
3459 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3460 	if (!hdr)
3461 		return -1;
3462 
3463 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3464 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
3465 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
3466 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
3467 		goto nla_put_failure;
3468 
3469 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
3470 	if (!pinfoattr)
3471 		goto nla_put_failure;
3472 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
3473 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
3474 			pinfo->frame_qlen))
3475 		goto nla_put_failure;
3476 	if (((pinfo->filled & MPATH_INFO_SN) &&
3477 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
3478 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
3479 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
3480 			 pinfo->metric)) ||
3481 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
3482 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
3483 			 pinfo->exptime)) ||
3484 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
3485 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
3486 			pinfo->flags)) ||
3487 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
3488 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
3489 			 pinfo->discovery_timeout)) ||
3490 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
3491 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
3492 			pinfo->discovery_retries)))
3493 		goto nla_put_failure;
3494 
3495 	nla_nest_end(msg, pinfoattr);
3496 
3497 	return genlmsg_end(msg, hdr);
3498 
3499  nla_put_failure:
3500 	genlmsg_cancel(msg, hdr);
3501 	return -EMSGSIZE;
3502 }
3503 
3504 static int nl80211_dump_mpath(struct sk_buff *skb,
3505 			      struct netlink_callback *cb)
3506 {
3507 	struct mpath_info pinfo;
3508 	struct cfg80211_registered_device *dev;
3509 	struct net_device *netdev;
3510 	u8 dst[ETH_ALEN];
3511 	u8 next_hop[ETH_ALEN];
3512 	int path_idx = cb->args[1];
3513 	int err;
3514 
3515 	err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3516 	if (err)
3517 		return err;
3518 
3519 	if (!dev->ops->dump_mpath) {
3520 		err = -EOPNOTSUPP;
3521 		goto out_err;
3522 	}
3523 
3524 	if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
3525 		err = -EOPNOTSUPP;
3526 		goto out_err;
3527 	}
3528 
3529 	while (1) {
3530 		err = rdev_dump_mpath(dev, netdev, path_idx, dst, next_hop,
3531 				      &pinfo);
3532 		if (err == -ENOENT)
3533 			break;
3534 		if (err)
3535 			goto out_err;
3536 
3537 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
3538 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3539 				       netdev, dst, next_hop,
3540 				       &pinfo) < 0)
3541 			goto out;
3542 
3543 		path_idx++;
3544 	}
3545 
3546 
3547  out:
3548 	cb->args[1] = path_idx;
3549 	err = skb->len;
3550  out_err:
3551 	nl80211_finish_netdev_dump(dev);
3552 	return err;
3553 }
3554 
3555 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
3556 {
3557 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3558 	int err;
3559 	struct net_device *dev = info->user_ptr[1];
3560 	struct mpath_info pinfo;
3561 	struct sk_buff *msg;
3562 	u8 *dst = NULL;
3563 	u8 next_hop[ETH_ALEN];
3564 
3565 	memset(&pinfo, 0, sizeof(pinfo));
3566 
3567 	if (!info->attrs[NL80211_ATTR_MAC])
3568 		return -EINVAL;
3569 
3570 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3571 
3572 	if (!rdev->ops->get_mpath)
3573 		return -EOPNOTSUPP;
3574 
3575 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3576 		return -EOPNOTSUPP;
3577 
3578 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
3579 	if (err)
3580 		return err;
3581 
3582 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3583 	if (!msg)
3584 		return -ENOMEM;
3585 
3586 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
3587 				 dev, dst, next_hop, &pinfo) < 0) {
3588 		nlmsg_free(msg);
3589 		return -ENOBUFS;
3590 	}
3591 
3592 	return genlmsg_reply(msg, info);
3593 }
3594 
3595 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3596 {
3597 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3598 	struct net_device *dev = info->user_ptr[1];
3599 	u8 *dst = NULL;
3600 	u8 *next_hop = NULL;
3601 
3602 	if (!info->attrs[NL80211_ATTR_MAC])
3603 		return -EINVAL;
3604 
3605 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3606 		return -EINVAL;
3607 
3608 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3609 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3610 
3611 	if (!rdev->ops->change_mpath)
3612 		return -EOPNOTSUPP;
3613 
3614 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3615 		return -EOPNOTSUPP;
3616 
3617 	return rdev_change_mpath(rdev, dev, dst, next_hop);
3618 }
3619 
3620 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3621 {
3622 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3623 	struct net_device *dev = info->user_ptr[1];
3624 	u8 *dst = NULL;
3625 	u8 *next_hop = NULL;
3626 
3627 	if (!info->attrs[NL80211_ATTR_MAC])
3628 		return -EINVAL;
3629 
3630 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3631 		return -EINVAL;
3632 
3633 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3634 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3635 
3636 	if (!rdev->ops->add_mpath)
3637 		return -EOPNOTSUPP;
3638 
3639 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3640 		return -EOPNOTSUPP;
3641 
3642 	return rdev_add_mpath(rdev, dev, dst, next_hop);
3643 }
3644 
3645 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3646 {
3647 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3648 	struct net_device *dev = info->user_ptr[1];
3649 	u8 *dst = NULL;
3650 
3651 	if (info->attrs[NL80211_ATTR_MAC])
3652 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3653 
3654 	if (!rdev->ops->del_mpath)
3655 		return -EOPNOTSUPP;
3656 
3657 	return rdev_del_mpath(rdev, dev, dst);
3658 }
3659 
3660 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3661 {
3662 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3663 	struct net_device *dev = info->user_ptr[1];
3664 	struct bss_parameters params;
3665 
3666 	memset(&params, 0, sizeof(params));
3667 	/* default to not changing parameters */
3668 	params.use_cts_prot = -1;
3669 	params.use_short_preamble = -1;
3670 	params.use_short_slot_time = -1;
3671 	params.ap_isolate = -1;
3672 	params.ht_opmode = -1;
3673 	params.p2p_ctwindow = -1;
3674 	params.p2p_opp_ps = -1;
3675 
3676 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3677 		params.use_cts_prot =
3678 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3679 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3680 		params.use_short_preamble =
3681 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3682 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3683 		params.use_short_slot_time =
3684 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3685 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3686 		params.basic_rates =
3687 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3688 		params.basic_rates_len =
3689 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3690 	}
3691 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3692 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3693 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3694 		params.ht_opmode =
3695 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3696 
3697 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3698 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3699 			return -EINVAL;
3700 		params.p2p_ctwindow =
3701 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3702 		if (params.p2p_ctwindow < 0)
3703 			return -EINVAL;
3704 		if (params.p2p_ctwindow != 0 &&
3705 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3706 			return -EINVAL;
3707 	}
3708 
3709 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3710 		u8 tmp;
3711 
3712 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3713 			return -EINVAL;
3714 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3715 		if (tmp > 1)
3716 			return -EINVAL;
3717 		params.p2p_opp_ps = tmp;
3718 		if (params.p2p_opp_ps &&
3719 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3720 			return -EINVAL;
3721 	}
3722 
3723 	if (!rdev->ops->change_bss)
3724 		return -EOPNOTSUPP;
3725 
3726 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3727 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3728 		return -EOPNOTSUPP;
3729 
3730 	return rdev_change_bss(rdev, dev, &params);
3731 }
3732 
3733 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3734 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
3735 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
3736 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
3737 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
3738 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
3739 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
3740 };
3741 
3742 static int parse_reg_rule(struct nlattr *tb[],
3743 	struct ieee80211_reg_rule *reg_rule)
3744 {
3745 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
3746 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
3747 
3748 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3749 		return -EINVAL;
3750 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3751 		return -EINVAL;
3752 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3753 		return -EINVAL;
3754 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3755 		return -EINVAL;
3756 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3757 		return -EINVAL;
3758 
3759 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3760 
3761 	freq_range->start_freq_khz =
3762 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3763 	freq_range->end_freq_khz =
3764 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3765 	freq_range->max_bandwidth_khz =
3766 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3767 
3768 	power_rule->max_eirp =
3769 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3770 
3771 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3772 		power_rule->max_antenna_gain =
3773 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3774 
3775 	return 0;
3776 }
3777 
3778 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3779 {
3780 	int r;
3781 	char *data = NULL;
3782 	enum nl80211_user_reg_hint_type user_reg_hint_type;
3783 
3784 	/*
3785 	 * You should only get this when cfg80211 hasn't yet initialized
3786 	 * completely when built-in to the kernel right between the time
3787 	 * window between nl80211_init() and regulatory_init(), if that is
3788 	 * even possible.
3789 	 */
3790 	mutex_lock(&cfg80211_mutex);
3791 	if (unlikely(!cfg80211_regdomain)) {
3792 		mutex_unlock(&cfg80211_mutex);
3793 		return -EINPROGRESS;
3794 	}
3795 	mutex_unlock(&cfg80211_mutex);
3796 
3797 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3798 		return -EINVAL;
3799 
3800 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3801 
3802 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
3803 		user_reg_hint_type =
3804 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
3805 	else
3806 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
3807 
3808 	switch (user_reg_hint_type) {
3809 	case NL80211_USER_REG_HINT_USER:
3810 	case NL80211_USER_REG_HINT_CELL_BASE:
3811 		break;
3812 	default:
3813 		return -EINVAL;
3814 	}
3815 
3816 	r = regulatory_hint_user(data, user_reg_hint_type);
3817 
3818 	return r;
3819 }
3820 
3821 static int nl80211_get_mesh_config(struct sk_buff *skb,
3822 				   struct genl_info *info)
3823 {
3824 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3825 	struct net_device *dev = info->user_ptr[1];
3826 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3827 	struct mesh_config cur_params;
3828 	int err = 0;
3829 	void *hdr;
3830 	struct nlattr *pinfoattr;
3831 	struct sk_buff *msg;
3832 
3833 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3834 		return -EOPNOTSUPP;
3835 
3836 	if (!rdev->ops->get_mesh_config)
3837 		return -EOPNOTSUPP;
3838 
3839 	wdev_lock(wdev);
3840 	/* If not connected, get default parameters */
3841 	if (!wdev->mesh_id_len)
3842 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3843 	else
3844 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
3845 	wdev_unlock(wdev);
3846 
3847 	if (err)
3848 		return err;
3849 
3850 	/* Draw up a netlink message to send back */
3851 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3852 	if (!msg)
3853 		return -ENOMEM;
3854 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3855 			     NL80211_CMD_GET_MESH_CONFIG);
3856 	if (!hdr)
3857 		goto out;
3858 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3859 	if (!pinfoattr)
3860 		goto nla_put_failure;
3861 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3862 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3863 			cur_params.dot11MeshRetryTimeout) ||
3864 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3865 			cur_params.dot11MeshConfirmTimeout) ||
3866 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3867 			cur_params.dot11MeshHoldingTimeout) ||
3868 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3869 			cur_params.dot11MeshMaxPeerLinks) ||
3870 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
3871 		       cur_params.dot11MeshMaxRetries) ||
3872 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
3873 		       cur_params.dot11MeshTTL) ||
3874 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3875 		       cur_params.element_ttl) ||
3876 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3877 		       cur_params.auto_open_plinks) ||
3878 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3879 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
3880 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3881 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
3882 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3883 			cur_params.path_refresh_time) ||
3884 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3885 			cur_params.min_discovery_timeout) ||
3886 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3887 			cur_params.dot11MeshHWMPactivePathTimeout) ||
3888 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3889 			cur_params.dot11MeshHWMPpreqMinInterval) ||
3890 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3891 			cur_params.dot11MeshHWMPperrMinInterval) ||
3892 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3893 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
3894 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3895 		       cur_params.dot11MeshHWMPRootMode) ||
3896 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3897 			cur_params.dot11MeshHWMPRannInterval) ||
3898 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3899 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
3900 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
3901 		       cur_params.dot11MeshForwarding) ||
3902 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
3903 			cur_params.rssi_threshold) ||
3904 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
3905 			cur_params.ht_opmode) ||
3906 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
3907 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
3908 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
3909 			cur_params.dot11MeshHWMProotInterval) ||
3910 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
3911 			cur_params.dot11MeshHWMPconfirmationInterval))
3912 		goto nla_put_failure;
3913 	nla_nest_end(msg, pinfoattr);
3914 	genlmsg_end(msg, hdr);
3915 	return genlmsg_reply(msg, info);
3916 
3917  nla_put_failure:
3918 	genlmsg_cancel(msg, hdr);
3919  out:
3920 	nlmsg_free(msg);
3921 	return -ENOBUFS;
3922 }
3923 
3924 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3925 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3926 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3927 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3928 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3929 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3930 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3931 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3932 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3933 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
3934 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3935 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3936 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3937 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3938 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3939 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3940 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3941 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3942 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3943 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3944 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
3945 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
3946 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
3947 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
3948 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
3949 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
3950 };
3951 
3952 static const struct nla_policy
3953 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3954 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
3955 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3956 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3957 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3958 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3959 				    .len = IEEE80211_MAX_DATA_LEN },
3960 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3961 };
3962 
3963 static int nl80211_parse_mesh_config(struct genl_info *info,
3964 				     struct mesh_config *cfg,
3965 				     u32 *mask_out)
3966 {
3967 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3968 	u32 mask = 0;
3969 
3970 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3971 do {\
3972 	if (table[attr_num]) {\
3973 		cfg->param = nla_fn(table[attr_num]); \
3974 		mask |= (1 << (attr_num - 1)); \
3975 	} \
3976 } while (0);\
3977 
3978 
3979 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3980 		return -EINVAL;
3981 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3982 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
3983 			     nl80211_meshconf_params_policy))
3984 		return -EINVAL;
3985 
3986 	/* This makes sure that there aren't more than 32 mesh config
3987 	 * parameters (otherwise our bitfield scheme would not work.) */
3988 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3989 
3990 	/* Fill in the params struct */
3991 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3992 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
3993 				  nla_get_u16);
3994 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3995 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3996 				  nla_get_u16);
3997 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3998 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
3999 				  nla_get_u16);
4000 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
4001 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4002 				  nla_get_u16);
4003 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
4004 				  mask, NL80211_MESHCONF_MAX_RETRIES,
4005 				  nla_get_u8);
4006 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
4007 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
4008 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
4009 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
4010 				  nla_get_u8);
4011 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
4012 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4013 				  nla_get_u8);
4014 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, mask,
4015 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4016 				  nla_get_u32);
4017 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
4018 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4019 				  nla_get_u8);
4020 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
4021 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4022 				  nla_get_u32);
4023 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
4024 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4025 				  nla_get_u16);
4026 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, mask,
4027 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4028 				  nla_get_u32);
4029 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4030 				  mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4031 				  nla_get_u16);
4032 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4033 				  mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4034 				  nla_get_u16);
4035 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4036 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
4037 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4038 				  nla_get_u16);
4039 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
4040 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
4041 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
4042 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4043 				  nla_get_u16);
4044 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4045 				  dot11MeshGateAnnouncementProtocol, mask,
4046 				  NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4047 				  nla_get_u8);
4048 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
4049 				  mask, NL80211_MESHCONF_FORWARDING,
4050 				  nla_get_u8);
4051 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold,
4052 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4053 				  nla_get_u32);
4054 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode,
4055 				  mask, NL80211_MESHCONF_HT_OPMODE,
4056 				  nla_get_u16);
4057 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4058 				  mask,
4059 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4060 				  nla_get_u32);
4061 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval,
4062 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4063 				  nla_get_u16);
4064 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4065 				  dot11MeshHWMPconfirmationInterval, mask,
4066 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4067 				  nla_get_u16);
4068 	if (mask_out)
4069 		*mask_out = mask;
4070 
4071 	return 0;
4072 
4073 #undef FILL_IN_MESH_PARAM_IF_SET
4074 }
4075 
4076 static int nl80211_parse_mesh_setup(struct genl_info *info,
4077 				     struct mesh_setup *setup)
4078 {
4079 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4080 
4081 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4082 		return -EINVAL;
4083 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4084 			     info->attrs[NL80211_ATTR_MESH_SETUP],
4085 			     nl80211_mesh_setup_params_policy))
4086 		return -EINVAL;
4087 
4088 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
4089 		setup->sync_method =
4090 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
4091 		 IEEE80211_SYNC_METHOD_VENDOR :
4092 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
4093 
4094 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
4095 		setup->path_sel_proto =
4096 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
4097 		 IEEE80211_PATH_PROTOCOL_VENDOR :
4098 		 IEEE80211_PATH_PROTOCOL_HWMP;
4099 
4100 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
4101 		setup->path_metric =
4102 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
4103 		 IEEE80211_PATH_METRIC_VENDOR :
4104 		 IEEE80211_PATH_METRIC_AIRTIME;
4105 
4106 
4107 	if (tb[NL80211_MESH_SETUP_IE]) {
4108 		struct nlattr *ieattr =
4109 			tb[NL80211_MESH_SETUP_IE];
4110 		if (!is_valid_ie_attr(ieattr))
4111 			return -EINVAL;
4112 		setup->ie = nla_data(ieattr);
4113 		setup->ie_len = nla_len(ieattr);
4114 	}
4115 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
4116 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
4117 
4118 	return 0;
4119 }
4120 
4121 static int nl80211_update_mesh_config(struct sk_buff *skb,
4122 				      struct genl_info *info)
4123 {
4124 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4125 	struct net_device *dev = info->user_ptr[1];
4126 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4127 	struct mesh_config cfg;
4128 	u32 mask;
4129 	int err;
4130 
4131 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4132 		return -EOPNOTSUPP;
4133 
4134 	if (!rdev->ops->update_mesh_config)
4135 		return -EOPNOTSUPP;
4136 
4137 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
4138 	if (err)
4139 		return err;
4140 
4141 	wdev_lock(wdev);
4142 	if (!wdev->mesh_id_len)
4143 		err = -ENOLINK;
4144 
4145 	if (!err)
4146 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
4147 
4148 	wdev_unlock(wdev);
4149 
4150 	return err;
4151 }
4152 
4153 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
4154 {
4155 	struct sk_buff *msg;
4156 	void *hdr = NULL;
4157 	struct nlattr *nl_reg_rules;
4158 	unsigned int i;
4159 	int err = -EINVAL;
4160 
4161 	mutex_lock(&cfg80211_mutex);
4162 
4163 	if (!cfg80211_regdomain)
4164 		goto out;
4165 
4166 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4167 	if (!msg) {
4168 		err = -ENOBUFS;
4169 		goto out;
4170 	}
4171 
4172 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4173 			     NL80211_CMD_GET_REG);
4174 	if (!hdr)
4175 		goto put_failure;
4176 
4177 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
4178 			   cfg80211_regdomain->alpha2) ||
4179 	    (cfg80211_regdomain->dfs_region &&
4180 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION,
4181 			cfg80211_regdomain->dfs_region)))
4182 		goto nla_put_failure;
4183 
4184 	if (reg_last_request_cell_base() &&
4185 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
4186 			NL80211_USER_REG_HINT_CELL_BASE))
4187 		goto nla_put_failure;
4188 
4189 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
4190 	if (!nl_reg_rules)
4191 		goto nla_put_failure;
4192 
4193 	for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
4194 		struct nlattr *nl_reg_rule;
4195 		const struct ieee80211_reg_rule *reg_rule;
4196 		const struct ieee80211_freq_range *freq_range;
4197 		const struct ieee80211_power_rule *power_rule;
4198 
4199 		reg_rule = &cfg80211_regdomain->reg_rules[i];
4200 		freq_range = &reg_rule->freq_range;
4201 		power_rule = &reg_rule->power_rule;
4202 
4203 		nl_reg_rule = nla_nest_start(msg, i);
4204 		if (!nl_reg_rule)
4205 			goto nla_put_failure;
4206 
4207 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
4208 				reg_rule->flags) ||
4209 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
4210 				freq_range->start_freq_khz) ||
4211 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
4212 				freq_range->end_freq_khz) ||
4213 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
4214 				freq_range->max_bandwidth_khz) ||
4215 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
4216 				power_rule->max_antenna_gain) ||
4217 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
4218 				power_rule->max_eirp))
4219 			goto nla_put_failure;
4220 
4221 		nla_nest_end(msg, nl_reg_rule);
4222 	}
4223 
4224 	nla_nest_end(msg, nl_reg_rules);
4225 
4226 	genlmsg_end(msg, hdr);
4227 	err = genlmsg_reply(msg, info);
4228 	goto out;
4229 
4230 nla_put_failure:
4231 	genlmsg_cancel(msg, hdr);
4232 put_failure:
4233 	nlmsg_free(msg);
4234 	err = -EMSGSIZE;
4235 out:
4236 	mutex_unlock(&cfg80211_mutex);
4237 	return err;
4238 }
4239 
4240 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
4241 {
4242 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
4243 	struct nlattr *nl_reg_rule;
4244 	char *alpha2 = NULL;
4245 	int rem_reg_rules = 0, r = 0;
4246 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
4247 	u8 dfs_region = 0;
4248 	struct ieee80211_regdomain *rd = NULL;
4249 
4250 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4251 		return -EINVAL;
4252 
4253 	if (!info->attrs[NL80211_ATTR_REG_RULES])
4254 		return -EINVAL;
4255 
4256 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4257 
4258 	if (info->attrs[NL80211_ATTR_DFS_REGION])
4259 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
4260 
4261 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4262 			rem_reg_rules) {
4263 		num_rules++;
4264 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
4265 			return -EINVAL;
4266 	}
4267 
4268 	mutex_lock(&cfg80211_mutex);
4269 
4270 	if (!reg_is_valid_request(alpha2)) {
4271 		r = -EINVAL;
4272 		goto bad_reg;
4273 	}
4274 
4275 	size_of_regd = sizeof(struct ieee80211_regdomain) +
4276 		(num_rules * sizeof(struct ieee80211_reg_rule));
4277 
4278 	rd = kzalloc(size_of_regd, GFP_KERNEL);
4279 	if (!rd) {
4280 		r = -ENOMEM;
4281 		goto bad_reg;
4282 	}
4283 
4284 	rd->n_reg_rules = num_rules;
4285 	rd->alpha2[0] = alpha2[0];
4286 	rd->alpha2[1] = alpha2[1];
4287 
4288 	/*
4289 	 * Disable DFS master mode if the DFS region was
4290 	 * not supported or known on this kernel.
4291 	 */
4292 	if (reg_supported_dfs_region(dfs_region))
4293 		rd->dfs_region = dfs_region;
4294 
4295 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
4296 			rem_reg_rules) {
4297 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
4298 			nla_data(nl_reg_rule), nla_len(nl_reg_rule),
4299 			reg_rule_policy);
4300 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
4301 		if (r)
4302 			goto bad_reg;
4303 
4304 		rule_idx++;
4305 
4306 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
4307 			r = -EINVAL;
4308 			goto bad_reg;
4309 		}
4310 	}
4311 
4312 	BUG_ON(rule_idx != num_rules);
4313 
4314 	r = set_regdom(rd);
4315 
4316 	mutex_unlock(&cfg80211_mutex);
4317 
4318 	return r;
4319 
4320  bad_reg:
4321 	mutex_unlock(&cfg80211_mutex);
4322 	kfree(rd);
4323 	return r;
4324 }
4325 
4326 static int validate_scan_freqs(struct nlattr *freqs)
4327 {
4328 	struct nlattr *attr1, *attr2;
4329 	int n_channels = 0, tmp1, tmp2;
4330 
4331 	nla_for_each_nested(attr1, freqs, tmp1) {
4332 		n_channels++;
4333 		/*
4334 		 * Some hardware has a limited channel list for
4335 		 * scanning, and it is pretty much nonsensical
4336 		 * to scan for a channel twice, so disallow that
4337 		 * and don't require drivers to check that the
4338 		 * channel list they get isn't longer than what
4339 		 * they can scan, as long as they can scan all
4340 		 * the channels they registered at once.
4341 		 */
4342 		nla_for_each_nested(attr2, freqs, tmp2)
4343 			if (attr1 != attr2 &&
4344 			    nla_get_u32(attr1) == nla_get_u32(attr2))
4345 				return 0;
4346 	}
4347 
4348 	return n_channels;
4349 }
4350 
4351 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
4352 {
4353 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4354 	struct wireless_dev *wdev = info->user_ptr[1];
4355 	struct cfg80211_scan_request *request;
4356 	struct nlattr *attr;
4357 	struct wiphy *wiphy;
4358 	int err, tmp, n_ssids = 0, n_channels, i;
4359 	size_t ie_len;
4360 
4361 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4362 		return -EINVAL;
4363 
4364 	wiphy = &rdev->wiphy;
4365 
4366 	if (!rdev->ops->scan)
4367 		return -EOPNOTSUPP;
4368 
4369 	if (rdev->scan_req)
4370 		return -EBUSY;
4371 
4372 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4373 		n_channels = validate_scan_freqs(
4374 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4375 		if (!n_channels)
4376 			return -EINVAL;
4377 	} else {
4378 		enum ieee80211_band band;
4379 		n_channels = 0;
4380 
4381 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4382 			if (wiphy->bands[band])
4383 				n_channels += wiphy->bands[band]->n_channels;
4384 	}
4385 
4386 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4387 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
4388 			n_ssids++;
4389 
4390 	if (n_ssids > wiphy->max_scan_ssids)
4391 		return -EINVAL;
4392 
4393 	if (info->attrs[NL80211_ATTR_IE])
4394 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4395 	else
4396 		ie_len = 0;
4397 
4398 	if (ie_len > wiphy->max_scan_ie_len)
4399 		return -EINVAL;
4400 
4401 	request = kzalloc(sizeof(*request)
4402 			+ sizeof(*request->ssids) * n_ssids
4403 			+ sizeof(*request->channels) * n_channels
4404 			+ ie_len, GFP_KERNEL);
4405 	if (!request)
4406 		return -ENOMEM;
4407 
4408 	if (n_ssids)
4409 		request->ssids = (void *)&request->channels[n_channels];
4410 	request->n_ssids = n_ssids;
4411 	if (ie_len) {
4412 		if (request->ssids)
4413 			request->ie = (void *)(request->ssids + n_ssids);
4414 		else
4415 			request->ie = (void *)(request->channels + n_channels);
4416 	}
4417 
4418 	i = 0;
4419 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4420 		/* user specified, bail out if channel not found */
4421 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
4422 			struct ieee80211_channel *chan;
4423 
4424 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4425 
4426 			if (!chan) {
4427 				err = -EINVAL;
4428 				goto out_free;
4429 			}
4430 
4431 			/* ignore disabled channels */
4432 			if (chan->flags & IEEE80211_CHAN_DISABLED)
4433 				continue;
4434 
4435 			request->channels[i] = chan;
4436 			i++;
4437 		}
4438 	} else {
4439 		enum ieee80211_band band;
4440 
4441 		/* all channels */
4442 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4443 			int j;
4444 			if (!wiphy->bands[band])
4445 				continue;
4446 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4447 				struct ieee80211_channel *chan;
4448 
4449 				chan = &wiphy->bands[band]->channels[j];
4450 
4451 				if (chan->flags & IEEE80211_CHAN_DISABLED)
4452 					continue;
4453 
4454 				request->channels[i] = chan;
4455 				i++;
4456 			}
4457 		}
4458 	}
4459 
4460 	if (!i) {
4461 		err = -EINVAL;
4462 		goto out_free;
4463 	}
4464 
4465 	request->n_channels = i;
4466 
4467 	i = 0;
4468 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4469 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
4470 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4471 				err = -EINVAL;
4472 				goto out_free;
4473 			}
4474 			request->ssids[i].ssid_len = nla_len(attr);
4475 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
4476 			i++;
4477 		}
4478 	}
4479 
4480 	if (info->attrs[NL80211_ATTR_IE]) {
4481 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4482 		memcpy((void *)request->ie,
4483 		       nla_data(info->attrs[NL80211_ATTR_IE]),
4484 		       request->ie_len);
4485 	}
4486 
4487 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
4488 		if (wiphy->bands[i])
4489 			request->rates[i] =
4490 				(1 << wiphy->bands[i]->n_bitrates) - 1;
4491 
4492 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
4493 		nla_for_each_nested(attr,
4494 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
4495 				    tmp) {
4496 			enum ieee80211_band band = nla_type(attr);
4497 
4498 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4499 				err = -EINVAL;
4500 				goto out_free;
4501 			}
4502 			err = ieee80211_get_ratemask(wiphy->bands[band],
4503 						     nla_data(attr),
4504 						     nla_len(attr),
4505 						     &request->rates[band]);
4506 			if (err)
4507 				goto out_free;
4508 		}
4509 	}
4510 
4511 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
4512 		request->flags = nla_get_u32(
4513 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
4514 		if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
4515 		     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
4516 		    ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
4517 		     !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
4518 			err = -EOPNOTSUPP;
4519 			goto out_free;
4520 		}
4521 	}
4522 
4523 	request->no_cck =
4524 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
4525 
4526 	request->wdev = wdev;
4527 	request->wiphy = &rdev->wiphy;
4528 	request->scan_start = jiffies;
4529 
4530 	rdev->scan_req = request;
4531 	err = rdev_scan(rdev, request);
4532 
4533 	if (!err) {
4534 		nl80211_send_scan_start(rdev, wdev);
4535 		if (wdev->netdev)
4536 			dev_hold(wdev->netdev);
4537 	} else {
4538  out_free:
4539 		rdev->scan_req = NULL;
4540 		kfree(request);
4541 	}
4542 
4543 	return err;
4544 }
4545 
4546 static int nl80211_start_sched_scan(struct sk_buff *skb,
4547 				    struct genl_info *info)
4548 {
4549 	struct cfg80211_sched_scan_request *request;
4550 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4551 	struct net_device *dev = info->user_ptr[1];
4552 	struct nlattr *attr;
4553 	struct wiphy *wiphy;
4554 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
4555 	u32 interval;
4556 	enum ieee80211_band band;
4557 	size_t ie_len;
4558 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
4559 
4560 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4561 	    !rdev->ops->sched_scan_start)
4562 		return -EOPNOTSUPP;
4563 
4564 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4565 		return -EINVAL;
4566 
4567 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
4568 		return -EINVAL;
4569 
4570 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
4571 	if (interval == 0)
4572 		return -EINVAL;
4573 
4574 	wiphy = &rdev->wiphy;
4575 
4576 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4577 		n_channels = validate_scan_freqs(
4578 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
4579 		if (!n_channels)
4580 			return -EINVAL;
4581 	} else {
4582 		n_channels = 0;
4583 
4584 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
4585 			if (wiphy->bands[band])
4586 				n_channels += wiphy->bands[band]->n_channels;
4587 	}
4588 
4589 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
4590 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4591 				    tmp)
4592 			n_ssids++;
4593 
4594 	if (n_ssids > wiphy->max_sched_scan_ssids)
4595 		return -EINVAL;
4596 
4597 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
4598 		nla_for_each_nested(attr,
4599 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4600 				    tmp)
4601 			n_match_sets++;
4602 
4603 	if (n_match_sets > wiphy->max_match_sets)
4604 		return -EINVAL;
4605 
4606 	if (info->attrs[NL80211_ATTR_IE])
4607 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4608 	else
4609 		ie_len = 0;
4610 
4611 	if (ie_len > wiphy->max_sched_scan_ie_len)
4612 		return -EINVAL;
4613 
4614 	mutex_lock(&rdev->sched_scan_mtx);
4615 
4616 	if (rdev->sched_scan_req) {
4617 		err = -EINPROGRESS;
4618 		goto out;
4619 	}
4620 
4621 	request = kzalloc(sizeof(*request)
4622 			+ sizeof(*request->ssids) * n_ssids
4623 			+ sizeof(*request->match_sets) * n_match_sets
4624 			+ sizeof(*request->channels) * n_channels
4625 			+ ie_len, GFP_KERNEL);
4626 	if (!request) {
4627 		err = -ENOMEM;
4628 		goto out;
4629 	}
4630 
4631 	if (n_ssids)
4632 		request->ssids = (void *)&request->channels[n_channels];
4633 	request->n_ssids = n_ssids;
4634 	if (ie_len) {
4635 		if (request->ssids)
4636 			request->ie = (void *)(request->ssids + n_ssids);
4637 		else
4638 			request->ie = (void *)(request->channels + n_channels);
4639 	}
4640 
4641 	if (n_match_sets) {
4642 		if (request->ie)
4643 			request->match_sets = (void *)(request->ie + ie_len);
4644 		else if (request->ssids)
4645 			request->match_sets =
4646 				(void *)(request->ssids + n_ssids);
4647 		else
4648 			request->match_sets =
4649 				(void *)(request->channels + n_channels);
4650 	}
4651 	request->n_match_sets = n_match_sets;
4652 
4653 	i = 0;
4654 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4655 		/* user specified, bail out if channel not found */
4656 		nla_for_each_nested(attr,
4657 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
4658 				    tmp) {
4659 			struct ieee80211_channel *chan;
4660 
4661 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4662 
4663 			if (!chan) {
4664 				err = -EINVAL;
4665 				goto out_free;
4666 			}
4667 
4668 			/* ignore disabled channels */
4669 			if (chan->flags & IEEE80211_CHAN_DISABLED)
4670 				continue;
4671 
4672 			request->channels[i] = chan;
4673 			i++;
4674 		}
4675 	} else {
4676 		/* all channels */
4677 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4678 			int j;
4679 			if (!wiphy->bands[band])
4680 				continue;
4681 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4682 				struct ieee80211_channel *chan;
4683 
4684 				chan = &wiphy->bands[band]->channels[j];
4685 
4686 				if (chan->flags & IEEE80211_CHAN_DISABLED)
4687 					continue;
4688 
4689 				request->channels[i] = chan;
4690 				i++;
4691 			}
4692 		}
4693 	}
4694 
4695 	if (!i) {
4696 		err = -EINVAL;
4697 		goto out_free;
4698 	}
4699 
4700 	request->n_channels = i;
4701 
4702 	i = 0;
4703 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4704 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4705 				    tmp) {
4706 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4707 				err = -EINVAL;
4708 				goto out_free;
4709 			}
4710 			request->ssids[i].ssid_len = nla_len(attr);
4711 			memcpy(request->ssids[i].ssid, nla_data(attr),
4712 			       nla_len(attr));
4713 			i++;
4714 		}
4715 	}
4716 
4717 	i = 0;
4718 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4719 		nla_for_each_nested(attr,
4720 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4721 				    tmp) {
4722 			struct nlattr *ssid, *rssi;
4723 
4724 			nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4725 				  nla_data(attr), nla_len(attr),
4726 				  nl80211_match_policy);
4727 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
4728 			if (ssid) {
4729 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4730 					err = -EINVAL;
4731 					goto out_free;
4732 				}
4733 				memcpy(request->match_sets[i].ssid.ssid,
4734 				       nla_data(ssid), nla_len(ssid));
4735 				request->match_sets[i].ssid.ssid_len =
4736 					nla_len(ssid);
4737 			}
4738 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
4739 			if (rssi)
4740 				request->rssi_thold = nla_get_u32(rssi);
4741 			else
4742 				request->rssi_thold =
4743 						   NL80211_SCAN_RSSI_THOLD_OFF;
4744 			i++;
4745 		}
4746 	}
4747 
4748 	if (info->attrs[NL80211_ATTR_IE]) {
4749 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4750 		memcpy((void *)request->ie,
4751 		       nla_data(info->attrs[NL80211_ATTR_IE]),
4752 		       request->ie_len);
4753 	}
4754 
4755 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
4756 		request->flags = nla_get_u32(
4757 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
4758 		if (((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
4759 		     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
4760 		    ((request->flags & NL80211_SCAN_FLAG_FLUSH) &&
4761 		     !(wiphy->features & NL80211_FEATURE_SCAN_FLUSH))) {
4762 			err = -EOPNOTSUPP;
4763 			goto out_free;
4764 		}
4765 	}
4766 
4767 	request->dev = dev;
4768 	request->wiphy = &rdev->wiphy;
4769 	request->interval = interval;
4770 	request->scan_start = jiffies;
4771 
4772 	err = rdev_sched_scan_start(rdev, dev, request);
4773 	if (!err) {
4774 		rdev->sched_scan_req = request;
4775 		nl80211_send_sched_scan(rdev, dev,
4776 					NL80211_CMD_START_SCHED_SCAN);
4777 		goto out;
4778 	}
4779 
4780 out_free:
4781 	kfree(request);
4782 out:
4783 	mutex_unlock(&rdev->sched_scan_mtx);
4784 	return err;
4785 }
4786 
4787 static int nl80211_stop_sched_scan(struct sk_buff *skb,
4788 				   struct genl_info *info)
4789 {
4790 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4791 	int err;
4792 
4793 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4794 	    !rdev->ops->sched_scan_stop)
4795 		return -EOPNOTSUPP;
4796 
4797 	mutex_lock(&rdev->sched_scan_mtx);
4798 	err = __cfg80211_stop_sched_scan(rdev, false);
4799 	mutex_unlock(&rdev->sched_scan_mtx);
4800 
4801 	return err;
4802 }
4803 
4804 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4805 			    u32 seq, int flags,
4806 			    struct cfg80211_registered_device *rdev,
4807 			    struct wireless_dev *wdev,
4808 			    struct cfg80211_internal_bss *intbss)
4809 {
4810 	struct cfg80211_bss *res = &intbss->pub;
4811 	const struct cfg80211_bss_ies *ies;
4812 	void *hdr;
4813 	struct nlattr *bss;
4814 
4815 	ASSERT_WDEV_LOCK(wdev);
4816 
4817 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
4818 			     NL80211_CMD_NEW_SCAN_RESULTS);
4819 	if (!hdr)
4820 		return -1;
4821 
4822 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4823 
4824 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) ||
4825 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
4826 		goto nla_put_failure;
4827 
4828 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4829 	if (!bss)
4830 		goto nla_put_failure;
4831 	if ((!is_zero_ether_addr(res->bssid) &&
4832 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
4833 		goto nla_put_failure;
4834 
4835 	rcu_read_lock();
4836 	ies = rcu_dereference(res->ies);
4837 	if (ies && ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4838 				       ies->len, ies->data)) {
4839 		rcu_read_unlock();
4840 		goto nla_put_failure;
4841 	}
4842 	ies = rcu_dereference(res->beacon_ies);
4843 	if (ies && ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
4844 				       ies->len, ies->data)) {
4845 		rcu_read_unlock();
4846 		goto nla_put_failure;
4847 	}
4848 	rcu_read_unlock();
4849 
4850 	if (res->tsf &&
4851 	    nla_put_u64(msg, NL80211_BSS_TSF, res->tsf))
4852 		goto nla_put_failure;
4853 	if (res->beacon_interval &&
4854 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
4855 		goto nla_put_failure;
4856 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
4857 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
4858 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
4859 			jiffies_to_msecs(jiffies - intbss->ts)))
4860 		goto nla_put_failure;
4861 
4862 	switch (rdev->wiphy.signal_type) {
4863 	case CFG80211_SIGNAL_TYPE_MBM:
4864 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
4865 			goto nla_put_failure;
4866 		break;
4867 	case CFG80211_SIGNAL_TYPE_UNSPEC:
4868 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
4869 			goto nla_put_failure;
4870 		break;
4871 	default:
4872 		break;
4873 	}
4874 
4875 	switch (wdev->iftype) {
4876 	case NL80211_IFTYPE_P2P_CLIENT:
4877 	case NL80211_IFTYPE_STATION:
4878 		if (intbss == wdev->current_bss &&
4879 		    nla_put_u32(msg, NL80211_BSS_STATUS,
4880 				NL80211_BSS_STATUS_ASSOCIATED))
4881 			goto nla_put_failure;
4882 		break;
4883 	case NL80211_IFTYPE_ADHOC:
4884 		if (intbss == wdev->current_bss &&
4885 		    nla_put_u32(msg, NL80211_BSS_STATUS,
4886 				NL80211_BSS_STATUS_IBSS_JOINED))
4887 			goto nla_put_failure;
4888 		break;
4889 	default:
4890 		break;
4891 	}
4892 
4893 	nla_nest_end(msg, bss);
4894 
4895 	return genlmsg_end(msg, hdr);
4896 
4897  nla_put_failure:
4898 	genlmsg_cancel(msg, hdr);
4899 	return -EMSGSIZE;
4900 }
4901 
4902 static int nl80211_dump_scan(struct sk_buff *skb,
4903 			     struct netlink_callback *cb)
4904 {
4905 	struct cfg80211_registered_device *rdev;
4906 	struct net_device *dev;
4907 	struct cfg80211_internal_bss *scan;
4908 	struct wireless_dev *wdev;
4909 	int start = cb->args[1], idx = 0;
4910 	int err;
4911 
4912 	err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4913 	if (err)
4914 		return err;
4915 
4916 	wdev = dev->ieee80211_ptr;
4917 
4918 	wdev_lock(wdev);
4919 	spin_lock_bh(&rdev->bss_lock);
4920 	cfg80211_bss_expire(rdev);
4921 
4922 	cb->seq = rdev->bss_generation;
4923 
4924 	list_for_each_entry(scan, &rdev->bss_list, list) {
4925 		if (++idx <= start)
4926 			continue;
4927 		if (nl80211_send_bss(skb, cb,
4928 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
4929 				rdev, wdev, scan) < 0) {
4930 			idx--;
4931 			break;
4932 		}
4933 	}
4934 
4935 	spin_unlock_bh(&rdev->bss_lock);
4936 	wdev_unlock(wdev);
4937 
4938 	cb->args[1] = idx;
4939 	nl80211_finish_netdev_dump(rdev);
4940 
4941 	return skb->len;
4942 }
4943 
4944 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
4945 				int flags, struct net_device *dev,
4946 				struct survey_info *survey)
4947 {
4948 	void *hdr;
4949 	struct nlattr *infoattr;
4950 
4951 	hdr = nl80211hdr_put(msg, portid, seq, flags,
4952 			     NL80211_CMD_NEW_SURVEY_RESULTS);
4953 	if (!hdr)
4954 		return -ENOMEM;
4955 
4956 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
4957 		goto nla_put_failure;
4958 
4959 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4960 	if (!infoattr)
4961 		goto nla_put_failure;
4962 
4963 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4964 			survey->channel->center_freq))
4965 		goto nla_put_failure;
4966 
4967 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
4968 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
4969 		goto nla_put_failure;
4970 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
4971 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
4972 		goto nla_put_failure;
4973 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
4974 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4975 			survey->channel_time))
4976 		goto nla_put_failure;
4977 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
4978 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4979 			survey->channel_time_busy))
4980 		goto nla_put_failure;
4981 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
4982 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4983 			survey->channel_time_ext_busy))
4984 		goto nla_put_failure;
4985 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
4986 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4987 			survey->channel_time_rx))
4988 		goto nla_put_failure;
4989 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
4990 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4991 			survey->channel_time_tx))
4992 		goto nla_put_failure;
4993 
4994 	nla_nest_end(msg, infoattr);
4995 
4996 	return genlmsg_end(msg, hdr);
4997 
4998  nla_put_failure:
4999 	genlmsg_cancel(msg, hdr);
5000 	return -EMSGSIZE;
5001 }
5002 
5003 static int nl80211_dump_survey(struct sk_buff *skb,
5004 			struct netlink_callback *cb)
5005 {
5006 	struct survey_info survey;
5007 	struct cfg80211_registered_device *dev;
5008 	struct net_device *netdev;
5009 	int survey_idx = cb->args[1];
5010 	int res;
5011 
5012 	res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
5013 	if (res)
5014 		return res;
5015 
5016 	if (!dev->ops->dump_survey) {
5017 		res = -EOPNOTSUPP;
5018 		goto out_err;
5019 	}
5020 
5021 	while (1) {
5022 		struct ieee80211_channel *chan;
5023 
5024 		res = rdev_dump_survey(dev, netdev, survey_idx, &survey);
5025 		if (res == -ENOENT)
5026 			break;
5027 		if (res)
5028 			goto out_err;
5029 
5030 		/* Survey without a channel doesn't make sense */
5031 		if (!survey.channel) {
5032 			res = -EINVAL;
5033 			goto out;
5034 		}
5035 
5036 		chan = ieee80211_get_channel(&dev->wiphy,
5037 					     survey.channel->center_freq);
5038 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
5039 			survey_idx++;
5040 			continue;
5041 		}
5042 
5043 		if (nl80211_send_survey(skb,
5044 				NETLINK_CB(cb->skb).portid,
5045 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5046 				netdev,
5047 				&survey) < 0)
5048 			goto out;
5049 		survey_idx++;
5050 	}
5051 
5052  out:
5053 	cb->args[1] = survey_idx;
5054 	res = skb->len;
5055  out_err:
5056 	nl80211_finish_netdev_dump(dev);
5057 	return res;
5058 }
5059 
5060 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
5061 {
5062 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
5063 				  NL80211_WPA_VERSION_2));
5064 }
5065 
5066 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
5067 {
5068 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5069 	struct net_device *dev = info->user_ptr[1];
5070 	struct ieee80211_channel *chan;
5071 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
5072 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
5073 	enum nl80211_auth_type auth_type;
5074 	struct key_parse key;
5075 	bool local_state_change;
5076 
5077 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5078 		return -EINVAL;
5079 
5080 	if (!info->attrs[NL80211_ATTR_MAC])
5081 		return -EINVAL;
5082 
5083 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
5084 		return -EINVAL;
5085 
5086 	if (!info->attrs[NL80211_ATTR_SSID])
5087 		return -EINVAL;
5088 
5089 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
5090 		return -EINVAL;
5091 
5092 	err = nl80211_parse_key(info, &key);
5093 	if (err)
5094 		return err;
5095 
5096 	if (key.idx >= 0) {
5097 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
5098 			return -EINVAL;
5099 		if (!key.p.key || !key.p.key_len)
5100 			return -EINVAL;
5101 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
5102 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
5103 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
5104 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
5105 			return -EINVAL;
5106 		if (key.idx > 4)
5107 			return -EINVAL;
5108 	} else {
5109 		key.p.key_len = 0;
5110 		key.p.key = NULL;
5111 	}
5112 
5113 	if (key.idx >= 0) {
5114 		int i;
5115 		bool ok = false;
5116 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
5117 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
5118 				ok = true;
5119 				break;
5120 			}
5121 		}
5122 		if (!ok)
5123 			return -EINVAL;
5124 	}
5125 
5126 	if (!rdev->ops->auth)
5127 		return -EOPNOTSUPP;
5128 
5129 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5130 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5131 		return -EOPNOTSUPP;
5132 
5133 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5134 	chan = ieee80211_get_channel(&rdev->wiphy,
5135 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5136 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
5137 		return -EINVAL;
5138 
5139 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5140 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5141 
5142 	if (info->attrs[NL80211_ATTR_IE]) {
5143 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5144 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5145 	}
5146 
5147 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5148 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
5149 		return -EINVAL;
5150 
5151 	if (auth_type == NL80211_AUTHTYPE_SAE &&
5152 	    !info->attrs[NL80211_ATTR_SAE_DATA])
5153 		return -EINVAL;
5154 
5155 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
5156 		if (auth_type != NL80211_AUTHTYPE_SAE)
5157 			return -EINVAL;
5158 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
5159 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
5160 		/* need to include at least Auth Transaction and Status Code */
5161 		if (sae_data_len < 4)
5162 			return -EINVAL;
5163 	}
5164 
5165 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
5166 
5167 	/*
5168 	 * Since we no longer track auth state, ignore
5169 	 * requests to only change local state.
5170 	 */
5171 	if (local_state_change)
5172 		return 0;
5173 
5174 	return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
5175 				  ssid, ssid_len, ie, ie_len,
5176 				  key.p.key, key.p.key_len, key.idx,
5177 				  sae_data, sae_data_len);
5178 }
5179 
5180 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
5181 				   struct genl_info *info,
5182 				   struct cfg80211_crypto_settings *settings,
5183 				   int cipher_limit)
5184 {
5185 	memset(settings, 0, sizeof(*settings));
5186 
5187 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
5188 
5189 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
5190 		u16 proto;
5191 		proto = nla_get_u16(
5192 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
5193 		settings->control_port_ethertype = cpu_to_be16(proto);
5194 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
5195 		    proto != ETH_P_PAE)
5196 			return -EINVAL;
5197 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
5198 			settings->control_port_no_encrypt = true;
5199 	} else
5200 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
5201 
5202 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
5203 		void *data;
5204 		int len, i;
5205 
5206 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
5207 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
5208 		settings->n_ciphers_pairwise = len / sizeof(u32);
5209 
5210 		if (len % sizeof(u32))
5211 			return -EINVAL;
5212 
5213 		if (settings->n_ciphers_pairwise > cipher_limit)
5214 			return -EINVAL;
5215 
5216 		memcpy(settings->ciphers_pairwise, data, len);
5217 
5218 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
5219 			if (!cfg80211_supported_cipher_suite(
5220 					&rdev->wiphy,
5221 					settings->ciphers_pairwise[i]))
5222 				return -EINVAL;
5223 	}
5224 
5225 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
5226 		settings->cipher_group =
5227 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
5228 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
5229 						     settings->cipher_group))
5230 			return -EINVAL;
5231 	}
5232 
5233 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
5234 		settings->wpa_versions =
5235 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
5236 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
5237 			return -EINVAL;
5238 	}
5239 
5240 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
5241 		void *data;
5242 		int len;
5243 
5244 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
5245 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
5246 		settings->n_akm_suites = len / sizeof(u32);
5247 
5248 		if (len % sizeof(u32))
5249 			return -EINVAL;
5250 
5251 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
5252 			return -EINVAL;
5253 
5254 		memcpy(settings->akm_suites, data, len);
5255 	}
5256 
5257 	return 0;
5258 }
5259 
5260 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
5261 {
5262 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5263 	struct net_device *dev = info->user_ptr[1];
5264 	struct cfg80211_crypto_settings crypto;
5265 	struct ieee80211_channel *chan;
5266 	const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
5267 	int err, ssid_len, ie_len = 0;
5268 	bool use_mfp = false;
5269 	u32 flags = 0;
5270 	struct ieee80211_ht_cap *ht_capa = NULL;
5271 	struct ieee80211_ht_cap *ht_capa_mask = NULL;
5272 
5273 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5274 		return -EINVAL;
5275 
5276 	if (!info->attrs[NL80211_ATTR_MAC] ||
5277 	    !info->attrs[NL80211_ATTR_SSID] ||
5278 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5279 		return -EINVAL;
5280 
5281 	if (!rdev->ops->assoc)
5282 		return -EOPNOTSUPP;
5283 
5284 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5285 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5286 		return -EOPNOTSUPP;
5287 
5288 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5289 
5290 	chan = ieee80211_get_channel(&rdev->wiphy,
5291 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5292 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
5293 		return -EINVAL;
5294 
5295 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5296 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5297 
5298 	if (info->attrs[NL80211_ATTR_IE]) {
5299 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5300 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5301 	}
5302 
5303 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
5304 		enum nl80211_mfp mfp =
5305 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
5306 		if (mfp == NL80211_MFP_REQUIRED)
5307 			use_mfp = true;
5308 		else if (mfp != NL80211_MFP_NO)
5309 			return -EINVAL;
5310 	}
5311 
5312 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
5313 		prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
5314 
5315 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5316 		flags |= ASSOC_REQ_DISABLE_HT;
5317 
5318 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5319 		ht_capa_mask =
5320 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]);
5321 
5322 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5323 		if (!ht_capa_mask)
5324 			return -EINVAL;
5325 		ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5326 	}
5327 
5328 	err = nl80211_crypto_settings(rdev, info, &crypto, 1);
5329 	if (!err)
5330 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
5331 					  ssid, ssid_len, ie, ie_len, use_mfp,
5332 					  &crypto, flags, ht_capa,
5333 					  ht_capa_mask);
5334 
5335 	return err;
5336 }
5337 
5338 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
5339 {
5340 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5341 	struct net_device *dev = info->user_ptr[1];
5342 	const u8 *ie = NULL, *bssid;
5343 	int ie_len = 0;
5344 	u16 reason_code;
5345 	bool local_state_change;
5346 
5347 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5348 		return -EINVAL;
5349 
5350 	if (!info->attrs[NL80211_ATTR_MAC])
5351 		return -EINVAL;
5352 
5353 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5354 		return -EINVAL;
5355 
5356 	if (!rdev->ops->deauth)
5357 		return -EOPNOTSUPP;
5358 
5359 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5360 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5361 		return -EOPNOTSUPP;
5362 
5363 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5364 
5365 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5366 	if (reason_code == 0) {
5367 		/* Reason Code 0 is reserved */
5368 		return -EINVAL;
5369 	}
5370 
5371 	if (info->attrs[NL80211_ATTR_IE]) {
5372 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5373 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5374 	}
5375 
5376 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
5377 
5378 	return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
5379 				    local_state_change);
5380 }
5381 
5382 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
5383 {
5384 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5385 	struct net_device *dev = info->user_ptr[1];
5386 	const u8 *ie = NULL, *bssid;
5387 	int ie_len = 0;
5388 	u16 reason_code;
5389 	bool local_state_change;
5390 
5391 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5392 		return -EINVAL;
5393 
5394 	if (!info->attrs[NL80211_ATTR_MAC])
5395 		return -EINVAL;
5396 
5397 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5398 		return -EINVAL;
5399 
5400 	if (!rdev->ops->disassoc)
5401 		return -EOPNOTSUPP;
5402 
5403 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5404 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5405 		return -EOPNOTSUPP;
5406 
5407 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5408 
5409 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5410 	if (reason_code == 0) {
5411 		/* Reason Code 0 is reserved */
5412 		return -EINVAL;
5413 	}
5414 
5415 	if (info->attrs[NL80211_ATTR_IE]) {
5416 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5417 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5418 	}
5419 
5420 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
5421 
5422 	return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
5423 				      local_state_change);
5424 }
5425 
5426 static bool
5427 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
5428 			 int mcast_rate[IEEE80211_NUM_BANDS],
5429 			 int rateval)
5430 {
5431 	struct wiphy *wiphy = &rdev->wiphy;
5432 	bool found = false;
5433 	int band, i;
5434 
5435 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5436 		struct ieee80211_supported_band *sband;
5437 
5438 		sband = wiphy->bands[band];
5439 		if (!sband)
5440 			continue;
5441 
5442 		for (i = 0; i < sband->n_bitrates; i++) {
5443 			if (sband->bitrates[i].bitrate == rateval) {
5444 				mcast_rate[band] = i + 1;
5445 				found = true;
5446 				break;
5447 			}
5448 		}
5449 	}
5450 
5451 	return found;
5452 }
5453 
5454 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
5455 {
5456 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5457 	struct net_device *dev = info->user_ptr[1];
5458 	struct cfg80211_ibss_params ibss;
5459 	struct wiphy *wiphy;
5460 	struct cfg80211_cached_keys *connkeys = NULL;
5461 	int err;
5462 
5463 	memset(&ibss, 0, sizeof(ibss));
5464 
5465 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5466 		return -EINVAL;
5467 
5468 	if (!info->attrs[NL80211_ATTR_SSID] ||
5469 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
5470 		return -EINVAL;
5471 
5472 	ibss.beacon_interval = 100;
5473 
5474 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
5475 		ibss.beacon_interval =
5476 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5477 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
5478 			return -EINVAL;
5479 	}
5480 
5481 	if (!rdev->ops->join_ibss)
5482 		return -EOPNOTSUPP;
5483 
5484 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
5485 		return -EOPNOTSUPP;
5486 
5487 	wiphy = &rdev->wiphy;
5488 
5489 	if (info->attrs[NL80211_ATTR_MAC]) {
5490 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5491 
5492 		if (!is_valid_ether_addr(ibss.bssid))
5493 			return -EINVAL;
5494 	}
5495 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5496 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5497 
5498 	if (info->attrs[NL80211_ATTR_IE]) {
5499 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5500 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5501 	}
5502 
5503 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
5504 	if (err)
5505 		return err;
5506 
5507 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
5508 		return -EINVAL;
5509 
5510 	if (ibss.chandef.width > NL80211_CHAN_WIDTH_40)
5511 		return -EINVAL;
5512 	if (ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
5513 	    !(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
5514 		return -EINVAL;
5515 
5516 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
5517 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
5518 
5519 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
5520 		u8 *rates =
5521 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5522 		int n_rates =
5523 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
5524 		struct ieee80211_supported_band *sband =
5525 			wiphy->bands[ibss.chandef.chan->band];
5526 
5527 		err = ieee80211_get_ratemask(sband, rates, n_rates,
5528 					     &ibss.basic_rates);
5529 		if (err)
5530 			return err;
5531 	}
5532 
5533 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
5534 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
5535 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
5536 		return -EINVAL;
5537 
5538 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5539 		bool no_ht = false;
5540 
5541 		connkeys = nl80211_parse_connkeys(rdev,
5542 					  info->attrs[NL80211_ATTR_KEYS],
5543 					  &no_ht);
5544 		if (IS_ERR(connkeys))
5545 			return PTR_ERR(connkeys);
5546 
5547 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
5548 		    no_ht) {
5549 			kfree(connkeys);
5550 			return -EINVAL;
5551 		}
5552 	}
5553 
5554 	ibss.control_port =
5555 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
5556 
5557 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
5558 	if (err)
5559 		kfree(connkeys);
5560 	return err;
5561 }
5562 
5563 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
5564 {
5565 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5566 	struct net_device *dev = info->user_ptr[1];
5567 
5568 	if (!rdev->ops->leave_ibss)
5569 		return -EOPNOTSUPP;
5570 
5571 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
5572 		return -EOPNOTSUPP;
5573 
5574 	return cfg80211_leave_ibss(rdev, dev, false);
5575 }
5576 
5577 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
5578 {
5579 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5580 	struct net_device *dev = info->user_ptr[1];
5581 	int mcast_rate[IEEE80211_NUM_BANDS];
5582 	u32 nla_rate;
5583 	int err;
5584 
5585 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5586 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5587 		return -EOPNOTSUPP;
5588 
5589 	if (!rdev->ops->set_mcast_rate)
5590 		return -EOPNOTSUPP;
5591 
5592 	memset(mcast_rate, 0, sizeof(mcast_rate));
5593 
5594 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
5595 		return -EINVAL;
5596 
5597 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
5598 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
5599 		return -EINVAL;
5600 
5601 	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
5602 
5603 	return err;
5604 }
5605 
5606 
5607 #ifdef CONFIG_NL80211_TESTMODE
5608 static struct genl_multicast_group nl80211_testmode_mcgrp = {
5609 	.name = "testmode",
5610 };
5611 
5612 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
5613 {
5614 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5615 	int err;
5616 
5617 	if (!info->attrs[NL80211_ATTR_TESTDATA])
5618 		return -EINVAL;
5619 
5620 	err = -EOPNOTSUPP;
5621 	if (rdev->ops->testmode_cmd) {
5622 		rdev->testmode_info = info;
5623 		err = rdev_testmode_cmd(rdev,
5624 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
5625 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
5626 		rdev->testmode_info = NULL;
5627 	}
5628 
5629 	return err;
5630 }
5631 
5632 static int nl80211_testmode_dump(struct sk_buff *skb,
5633 				 struct netlink_callback *cb)
5634 {
5635 	struct cfg80211_registered_device *rdev;
5636 	int err;
5637 	long phy_idx;
5638 	void *data = NULL;
5639 	int data_len = 0;
5640 
5641 	if (cb->args[0]) {
5642 		/*
5643 		 * 0 is a valid index, but not valid for args[0],
5644 		 * so we need to offset by 1.
5645 		 */
5646 		phy_idx = cb->args[0] - 1;
5647 	} else {
5648 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
5649 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
5650 				  nl80211_policy);
5651 		if (err)
5652 			return err;
5653 
5654 		mutex_lock(&cfg80211_mutex);
5655 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
5656 						  nl80211_fam.attrbuf);
5657 		if (IS_ERR(rdev)) {
5658 			mutex_unlock(&cfg80211_mutex);
5659 			return PTR_ERR(rdev);
5660 		}
5661 		phy_idx = rdev->wiphy_idx;
5662 		rdev = NULL;
5663 		mutex_unlock(&cfg80211_mutex);
5664 
5665 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
5666 			cb->args[1] =
5667 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
5668 	}
5669 
5670 	if (cb->args[1]) {
5671 		data = nla_data((void *)cb->args[1]);
5672 		data_len = nla_len((void *)cb->args[1]);
5673 	}
5674 
5675 	mutex_lock(&cfg80211_mutex);
5676 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
5677 	if (!rdev) {
5678 		mutex_unlock(&cfg80211_mutex);
5679 		return -ENOENT;
5680 	}
5681 	cfg80211_lock_rdev(rdev);
5682 	mutex_unlock(&cfg80211_mutex);
5683 
5684 	if (!rdev->ops->testmode_dump) {
5685 		err = -EOPNOTSUPP;
5686 		goto out_err;
5687 	}
5688 
5689 	while (1) {
5690 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
5691 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
5692 					   NL80211_CMD_TESTMODE);
5693 		struct nlattr *tmdata;
5694 
5695 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
5696 			genlmsg_cancel(skb, hdr);
5697 			break;
5698 		}
5699 
5700 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5701 		if (!tmdata) {
5702 			genlmsg_cancel(skb, hdr);
5703 			break;
5704 		}
5705 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
5706 		nla_nest_end(skb, tmdata);
5707 
5708 		if (err == -ENOBUFS || err == -ENOENT) {
5709 			genlmsg_cancel(skb, hdr);
5710 			break;
5711 		} else if (err) {
5712 			genlmsg_cancel(skb, hdr);
5713 			goto out_err;
5714 		}
5715 
5716 		genlmsg_end(skb, hdr);
5717 	}
5718 
5719 	err = skb->len;
5720 	/* see above */
5721 	cb->args[0] = phy_idx + 1;
5722  out_err:
5723 	cfg80211_unlock_rdev(rdev);
5724 	return err;
5725 }
5726 
5727 static struct sk_buff *
5728 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
5729 			      int approxlen, u32 portid, u32 seq, gfp_t gfp)
5730 {
5731 	struct sk_buff *skb;
5732 	void *hdr;
5733 	struct nlattr *data;
5734 
5735 	skb = nlmsg_new(approxlen + 100, gfp);
5736 	if (!skb)
5737 		return NULL;
5738 
5739 	hdr = nl80211hdr_put(skb, portid, seq, 0, NL80211_CMD_TESTMODE);
5740 	if (!hdr) {
5741 		kfree_skb(skb);
5742 		return NULL;
5743 	}
5744 
5745 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
5746 		goto nla_put_failure;
5747 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5748 
5749 	((void **)skb->cb)[0] = rdev;
5750 	((void **)skb->cb)[1] = hdr;
5751 	((void **)skb->cb)[2] = data;
5752 
5753 	return skb;
5754 
5755  nla_put_failure:
5756 	kfree_skb(skb);
5757 	return NULL;
5758 }
5759 
5760 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
5761 						  int approxlen)
5762 {
5763 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5764 
5765 	if (WARN_ON(!rdev->testmode_info))
5766 		return NULL;
5767 
5768 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
5769 				rdev->testmode_info->snd_portid,
5770 				rdev->testmode_info->snd_seq,
5771 				GFP_KERNEL);
5772 }
5773 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
5774 
5775 int cfg80211_testmode_reply(struct sk_buff *skb)
5776 {
5777 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
5778 	void *hdr = ((void **)skb->cb)[1];
5779 	struct nlattr *data = ((void **)skb->cb)[2];
5780 
5781 	if (WARN_ON(!rdev->testmode_info)) {
5782 		kfree_skb(skb);
5783 		return -EINVAL;
5784 	}
5785 
5786 	nla_nest_end(skb, data);
5787 	genlmsg_end(skb, hdr);
5788 	return genlmsg_reply(skb, rdev->testmode_info);
5789 }
5790 EXPORT_SYMBOL(cfg80211_testmode_reply);
5791 
5792 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
5793 						  int approxlen, gfp_t gfp)
5794 {
5795 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5796 
5797 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
5798 }
5799 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
5800 
5801 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
5802 {
5803 	void *hdr = ((void **)skb->cb)[1];
5804 	struct nlattr *data = ((void **)skb->cb)[2];
5805 
5806 	nla_nest_end(skb, data);
5807 	genlmsg_end(skb, hdr);
5808 	genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
5809 }
5810 EXPORT_SYMBOL(cfg80211_testmode_event);
5811 #endif
5812 
5813 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
5814 {
5815 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5816 	struct net_device *dev = info->user_ptr[1];
5817 	struct cfg80211_connect_params connect;
5818 	struct wiphy *wiphy;
5819 	struct cfg80211_cached_keys *connkeys = NULL;
5820 	int err;
5821 
5822 	memset(&connect, 0, sizeof(connect));
5823 
5824 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5825 		return -EINVAL;
5826 
5827 	if (!info->attrs[NL80211_ATTR_SSID] ||
5828 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
5829 		return -EINVAL;
5830 
5831 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5832 		connect.auth_type =
5833 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5834 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
5835 					     NL80211_CMD_CONNECT))
5836 			return -EINVAL;
5837 	} else
5838 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5839 
5840 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
5841 
5842 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
5843 				      NL80211_MAX_NR_CIPHER_SUITES);
5844 	if (err)
5845 		return err;
5846 
5847 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5848 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5849 		return -EOPNOTSUPP;
5850 
5851 	wiphy = &rdev->wiphy;
5852 
5853 	connect.bg_scan_period = -1;
5854 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
5855 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
5856 		connect.bg_scan_period =
5857 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
5858 	}
5859 
5860 	if (info->attrs[NL80211_ATTR_MAC])
5861 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5862 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5863 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5864 
5865 	if (info->attrs[NL80211_ATTR_IE]) {
5866 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5867 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5868 	}
5869 
5870 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5871 		connect.channel =
5872 			ieee80211_get_channel(wiphy,
5873 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5874 		if (!connect.channel ||
5875 		    connect.channel->flags & IEEE80211_CHAN_DISABLED)
5876 			return -EINVAL;
5877 	}
5878 
5879 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5880 		connkeys = nl80211_parse_connkeys(rdev,
5881 					  info->attrs[NL80211_ATTR_KEYS], NULL);
5882 		if (IS_ERR(connkeys))
5883 			return PTR_ERR(connkeys);
5884 	}
5885 
5886 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5887 		connect.flags |= ASSOC_REQ_DISABLE_HT;
5888 
5889 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5890 		memcpy(&connect.ht_capa_mask,
5891 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
5892 		       sizeof(connect.ht_capa_mask));
5893 
5894 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5895 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
5896 			kfree(connkeys);
5897 			return -EINVAL;
5898 		}
5899 		memcpy(&connect.ht_capa,
5900 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
5901 		       sizeof(connect.ht_capa));
5902 	}
5903 
5904 	err = cfg80211_connect(rdev, dev, &connect, connkeys);
5905 	if (err)
5906 		kfree(connkeys);
5907 	return err;
5908 }
5909 
5910 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
5911 {
5912 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5913 	struct net_device *dev = info->user_ptr[1];
5914 	u16 reason;
5915 
5916 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
5917 		reason = WLAN_REASON_DEAUTH_LEAVING;
5918 	else
5919 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5920 
5921 	if (reason == 0)
5922 		return -EINVAL;
5923 
5924 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5925 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5926 		return -EOPNOTSUPP;
5927 
5928 	return cfg80211_disconnect(rdev, dev, reason, true);
5929 }
5930 
5931 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
5932 {
5933 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5934 	struct net *net;
5935 	int err;
5936 	u32 pid;
5937 
5938 	if (!info->attrs[NL80211_ATTR_PID])
5939 		return -EINVAL;
5940 
5941 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
5942 
5943 	net = get_net_ns_by_pid(pid);
5944 	if (IS_ERR(net))
5945 		return PTR_ERR(net);
5946 
5947 	err = 0;
5948 
5949 	/* check if anything to do */
5950 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
5951 		err = cfg80211_switch_netns(rdev, net);
5952 
5953 	put_net(net);
5954 	return err;
5955 }
5956 
5957 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
5958 {
5959 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5960 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
5961 			struct cfg80211_pmksa *pmksa) = NULL;
5962 	struct net_device *dev = info->user_ptr[1];
5963 	struct cfg80211_pmksa pmksa;
5964 
5965 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
5966 
5967 	if (!info->attrs[NL80211_ATTR_MAC])
5968 		return -EINVAL;
5969 
5970 	if (!info->attrs[NL80211_ATTR_PMKID])
5971 		return -EINVAL;
5972 
5973 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
5974 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5975 
5976 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5977 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5978 		return -EOPNOTSUPP;
5979 
5980 	switch (info->genlhdr->cmd) {
5981 	case NL80211_CMD_SET_PMKSA:
5982 		rdev_ops = rdev->ops->set_pmksa;
5983 		break;
5984 	case NL80211_CMD_DEL_PMKSA:
5985 		rdev_ops = rdev->ops->del_pmksa;
5986 		break;
5987 	default:
5988 		WARN_ON(1);
5989 		break;
5990 	}
5991 
5992 	if (!rdev_ops)
5993 		return -EOPNOTSUPP;
5994 
5995 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
5996 }
5997 
5998 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
5999 {
6000 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6001 	struct net_device *dev = info->user_ptr[1];
6002 
6003 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6004 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6005 		return -EOPNOTSUPP;
6006 
6007 	if (!rdev->ops->flush_pmksa)
6008 		return -EOPNOTSUPP;
6009 
6010 	return rdev_flush_pmksa(rdev, dev);
6011 }
6012 
6013 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
6014 {
6015 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6016 	struct net_device *dev = info->user_ptr[1];
6017 	u8 action_code, dialog_token;
6018 	u16 status_code;
6019 	u8 *peer;
6020 
6021 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6022 	    !rdev->ops->tdls_mgmt)
6023 		return -EOPNOTSUPP;
6024 
6025 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
6026 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
6027 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
6028 	    !info->attrs[NL80211_ATTR_IE] ||
6029 	    !info->attrs[NL80211_ATTR_MAC])
6030 		return -EINVAL;
6031 
6032 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
6033 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
6034 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
6035 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
6036 
6037 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
6038 			      dialog_token, status_code,
6039 			      nla_data(info->attrs[NL80211_ATTR_IE]),
6040 			      nla_len(info->attrs[NL80211_ATTR_IE]));
6041 }
6042 
6043 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
6044 {
6045 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6046 	struct net_device *dev = info->user_ptr[1];
6047 	enum nl80211_tdls_operation operation;
6048 	u8 *peer;
6049 
6050 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
6051 	    !rdev->ops->tdls_oper)
6052 		return -EOPNOTSUPP;
6053 
6054 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
6055 	    !info->attrs[NL80211_ATTR_MAC])
6056 		return -EINVAL;
6057 
6058 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
6059 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
6060 
6061 	return rdev_tdls_oper(rdev, dev, peer, operation);
6062 }
6063 
6064 static int nl80211_remain_on_channel(struct sk_buff *skb,
6065 				     struct genl_info *info)
6066 {
6067 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6068 	struct wireless_dev *wdev = info->user_ptr[1];
6069 	struct cfg80211_chan_def chandef;
6070 	struct sk_buff *msg;
6071 	void *hdr;
6072 	u64 cookie;
6073 	u32 duration;
6074 	int err;
6075 
6076 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6077 	    !info->attrs[NL80211_ATTR_DURATION])
6078 		return -EINVAL;
6079 
6080 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
6081 
6082 	if (!rdev->ops->remain_on_channel ||
6083 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
6084 		return -EOPNOTSUPP;
6085 
6086 	/*
6087 	 * We should be on that channel for at least a minimum amount of
6088 	 * time (10ms) but no longer than the driver supports.
6089 	 */
6090 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
6091 	    duration > rdev->wiphy.max_remain_on_channel_duration)
6092 		return -EINVAL;
6093 
6094 	err = nl80211_parse_chandef(rdev, info, &chandef);
6095 	if (err)
6096 		return err;
6097 
6098 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6099 	if (!msg)
6100 		return -ENOMEM;
6101 
6102 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6103 			     NL80211_CMD_REMAIN_ON_CHANNEL);
6104 
6105 	if (IS_ERR(hdr)) {
6106 		err = PTR_ERR(hdr);
6107 		goto free_msg;
6108 	}
6109 
6110 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
6111 				     duration, &cookie);
6112 
6113 	if (err)
6114 		goto free_msg;
6115 
6116 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
6117 		goto nla_put_failure;
6118 
6119 	genlmsg_end(msg, hdr);
6120 
6121 	return genlmsg_reply(msg, info);
6122 
6123  nla_put_failure:
6124 	err = -ENOBUFS;
6125  free_msg:
6126 	nlmsg_free(msg);
6127 	return err;
6128 }
6129 
6130 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
6131 					    struct genl_info *info)
6132 {
6133 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6134 	struct wireless_dev *wdev = info->user_ptr[1];
6135 	u64 cookie;
6136 
6137 	if (!info->attrs[NL80211_ATTR_COOKIE])
6138 		return -EINVAL;
6139 
6140 	if (!rdev->ops->cancel_remain_on_channel)
6141 		return -EOPNOTSUPP;
6142 
6143 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
6144 
6145 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
6146 }
6147 
6148 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
6149 			   u8 *rates, u8 rates_len)
6150 {
6151 	u8 i;
6152 	u32 mask = 0;
6153 
6154 	for (i = 0; i < rates_len; i++) {
6155 		int rate = (rates[i] & 0x7f) * 5;
6156 		int ridx;
6157 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
6158 			struct ieee80211_rate *srate =
6159 				&sband->bitrates[ridx];
6160 			if (rate == srate->bitrate) {
6161 				mask |= 1 << ridx;
6162 				break;
6163 			}
6164 		}
6165 		if (ridx == sband->n_bitrates)
6166 			return 0; /* rate not found */
6167 	}
6168 
6169 	return mask;
6170 }
6171 
6172 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
6173 			       u8 *rates, u8 rates_len,
6174 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
6175 {
6176 	u8 i;
6177 
6178 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
6179 
6180 	for (i = 0; i < rates_len; i++) {
6181 		int ridx, rbit;
6182 
6183 		ridx = rates[i] / 8;
6184 		rbit = BIT(rates[i] % 8);
6185 
6186 		/* check validity */
6187 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
6188 			return false;
6189 
6190 		/* check availability */
6191 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
6192 			mcs[ridx] |= rbit;
6193 		else
6194 			return false;
6195 	}
6196 
6197 	return true;
6198 }
6199 
6200 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
6201 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
6202 				    .len = NL80211_MAX_SUPP_RATES },
6203 	[NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
6204 				 .len = NL80211_MAX_SUPP_HT_RATES },
6205 };
6206 
6207 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
6208 				       struct genl_info *info)
6209 {
6210 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
6211 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6212 	struct cfg80211_bitrate_mask mask;
6213 	int rem, i;
6214 	struct net_device *dev = info->user_ptr[1];
6215 	struct nlattr *tx_rates;
6216 	struct ieee80211_supported_band *sband;
6217 
6218 	if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
6219 		return -EINVAL;
6220 
6221 	if (!rdev->ops->set_bitrate_mask)
6222 		return -EOPNOTSUPP;
6223 
6224 	memset(&mask, 0, sizeof(mask));
6225 	/* Default to all rates enabled */
6226 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
6227 		sband = rdev->wiphy.bands[i];
6228 		mask.control[i].legacy =
6229 			sband ? (1 << sband->n_bitrates) - 1 : 0;
6230 		if (sband)
6231 			memcpy(mask.control[i].mcs,
6232 			       sband->ht_cap.mcs.rx_mask,
6233 			       sizeof(mask.control[i].mcs));
6234 		else
6235 			memset(mask.control[i].mcs, 0,
6236 			       sizeof(mask.control[i].mcs));
6237 	}
6238 
6239 	/*
6240 	 * The nested attribute uses enum nl80211_band as the index. This maps
6241 	 * directly to the enum ieee80211_band values used in cfg80211.
6242 	 */
6243 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
6244 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
6245 	{
6246 		enum ieee80211_band band = nla_type(tx_rates);
6247 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
6248 			return -EINVAL;
6249 		sband = rdev->wiphy.bands[band];
6250 		if (sband == NULL)
6251 			return -EINVAL;
6252 		nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
6253 			  nla_len(tx_rates), nl80211_txattr_policy);
6254 		if (tb[NL80211_TXRATE_LEGACY]) {
6255 			mask.control[band].legacy = rateset_to_mask(
6256 				sband,
6257 				nla_data(tb[NL80211_TXRATE_LEGACY]),
6258 				nla_len(tb[NL80211_TXRATE_LEGACY]));
6259 			if ((mask.control[band].legacy == 0) &&
6260 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
6261 				return -EINVAL;
6262 		}
6263 		if (tb[NL80211_TXRATE_MCS]) {
6264 			if (!ht_rateset_to_mask(
6265 					sband,
6266 					nla_data(tb[NL80211_TXRATE_MCS]),
6267 					nla_len(tb[NL80211_TXRATE_MCS]),
6268 					mask.control[band].mcs))
6269 				return -EINVAL;
6270 		}
6271 
6272 		if (mask.control[band].legacy == 0) {
6273 			/* don't allow empty legacy rates if HT
6274 			 * is not even supported. */
6275 			if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
6276 				return -EINVAL;
6277 
6278 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
6279 				if (mask.control[band].mcs[i])
6280 					break;
6281 
6282 			/* legacy and mcs rates may not be both empty */
6283 			if (i == IEEE80211_HT_MCS_MASK_LEN)
6284 				return -EINVAL;
6285 		}
6286 	}
6287 
6288 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
6289 }
6290 
6291 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
6292 {
6293 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6294 	struct wireless_dev *wdev = info->user_ptr[1];
6295 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
6296 
6297 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
6298 		return -EINVAL;
6299 
6300 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
6301 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
6302 
6303 	switch (wdev->iftype) {
6304 	case NL80211_IFTYPE_STATION:
6305 	case NL80211_IFTYPE_ADHOC:
6306 	case NL80211_IFTYPE_P2P_CLIENT:
6307 	case NL80211_IFTYPE_AP:
6308 	case NL80211_IFTYPE_AP_VLAN:
6309 	case NL80211_IFTYPE_MESH_POINT:
6310 	case NL80211_IFTYPE_P2P_GO:
6311 	case NL80211_IFTYPE_P2P_DEVICE:
6312 		break;
6313 	default:
6314 		return -EOPNOTSUPP;
6315 	}
6316 
6317 	/* not much point in registering if we can't reply */
6318 	if (!rdev->ops->mgmt_tx)
6319 		return -EOPNOTSUPP;
6320 
6321 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
6322 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
6323 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
6324 }
6325 
6326 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
6327 {
6328 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6329 	struct wireless_dev *wdev = info->user_ptr[1];
6330 	struct cfg80211_chan_def chandef;
6331 	int err;
6332 	void *hdr = NULL;
6333 	u64 cookie;
6334 	struct sk_buff *msg = NULL;
6335 	unsigned int wait = 0;
6336 	bool offchan, no_cck, dont_wait_for_ack;
6337 
6338 	dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
6339 
6340 	if (!info->attrs[NL80211_ATTR_FRAME])
6341 		return -EINVAL;
6342 
6343 	if (!rdev->ops->mgmt_tx)
6344 		return -EOPNOTSUPP;
6345 
6346 	switch (wdev->iftype) {
6347 	case NL80211_IFTYPE_STATION:
6348 	case NL80211_IFTYPE_ADHOC:
6349 	case NL80211_IFTYPE_P2P_CLIENT:
6350 	case NL80211_IFTYPE_AP:
6351 	case NL80211_IFTYPE_AP_VLAN:
6352 	case NL80211_IFTYPE_MESH_POINT:
6353 	case NL80211_IFTYPE_P2P_GO:
6354 	case NL80211_IFTYPE_P2P_DEVICE:
6355 		break;
6356 	default:
6357 		return -EOPNOTSUPP;
6358 	}
6359 
6360 	if (info->attrs[NL80211_ATTR_DURATION]) {
6361 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
6362 			return -EINVAL;
6363 		wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
6364 
6365 		/*
6366 		 * We should wait on the channel for at least a minimum amount
6367 		 * of time (10ms) but no longer than the driver supports.
6368 		 */
6369 		if (wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
6370 		    wait > rdev->wiphy.max_remain_on_channel_duration)
6371 			return -EINVAL;
6372 
6373 	}
6374 
6375 	offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
6376 
6377 	if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
6378 		return -EINVAL;
6379 
6380 	no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
6381 
6382 	err = nl80211_parse_chandef(rdev, info, &chandef);
6383 	if (err)
6384 		return err;
6385 
6386 	if (!dont_wait_for_ack) {
6387 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6388 		if (!msg)
6389 			return -ENOMEM;
6390 
6391 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6392 				     NL80211_CMD_FRAME);
6393 
6394 		if (IS_ERR(hdr)) {
6395 			err = PTR_ERR(hdr);
6396 			goto free_msg;
6397 		}
6398 	}
6399 
6400 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, chandef.chan, offchan, wait,
6401 				    nla_data(info->attrs[NL80211_ATTR_FRAME]),
6402 				    nla_len(info->attrs[NL80211_ATTR_FRAME]),
6403 				    no_cck, dont_wait_for_ack, &cookie);
6404 	if (err)
6405 		goto free_msg;
6406 
6407 	if (msg) {
6408 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
6409 			goto nla_put_failure;
6410 
6411 		genlmsg_end(msg, hdr);
6412 		return genlmsg_reply(msg, info);
6413 	}
6414 
6415 	return 0;
6416 
6417  nla_put_failure:
6418 	err = -ENOBUFS;
6419  free_msg:
6420 	nlmsg_free(msg);
6421 	return err;
6422 }
6423 
6424 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
6425 {
6426 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6427 	struct wireless_dev *wdev = info->user_ptr[1];
6428 	u64 cookie;
6429 
6430 	if (!info->attrs[NL80211_ATTR_COOKIE])
6431 		return -EINVAL;
6432 
6433 	if (!rdev->ops->mgmt_tx_cancel_wait)
6434 		return -EOPNOTSUPP;
6435 
6436 	switch (wdev->iftype) {
6437 	case NL80211_IFTYPE_STATION:
6438 	case NL80211_IFTYPE_ADHOC:
6439 	case NL80211_IFTYPE_P2P_CLIENT:
6440 	case NL80211_IFTYPE_AP:
6441 	case NL80211_IFTYPE_AP_VLAN:
6442 	case NL80211_IFTYPE_P2P_GO:
6443 	case NL80211_IFTYPE_P2P_DEVICE:
6444 		break;
6445 	default:
6446 		return -EOPNOTSUPP;
6447 	}
6448 
6449 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
6450 
6451 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
6452 }
6453 
6454 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
6455 {
6456 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6457 	struct wireless_dev *wdev;
6458 	struct net_device *dev = info->user_ptr[1];
6459 	u8 ps_state;
6460 	bool state;
6461 	int err;
6462 
6463 	if (!info->attrs[NL80211_ATTR_PS_STATE])
6464 		return -EINVAL;
6465 
6466 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
6467 
6468 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
6469 		return -EINVAL;
6470 
6471 	wdev = dev->ieee80211_ptr;
6472 
6473 	if (!rdev->ops->set_power_mgmt)
6474 		return -EOPNOTSUPP;
6475 
6476 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
6477 
6478 	if (state == wdev->ps)
6479 		return 0;
6480 
6481 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
6482 	if (!err)
6483 		wdev->ps = state;
6484 	return err;
6485 }
6486 
6487 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
6488 {
6489 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6490 	enum nl80211_ps_state ps_state;
6491 	struct wireless_dev *wdev;
6492 	struct net_device *dev = info->user_ptr[1];
6493 	struct sk_buff *msg;
6494 	void *hdr;
6495 	int err;
6496 
6497 	wdev = dev->ieee80211_ptr;
6498 
6499 	if (!rdev->ops->set_power_mgmt)
6500 		return -EOPNOTSUPP;
6501 
6502 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6503 	if (!msg)
6504 		return -ENOMEM;
6505 
6506 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6507 			     NL80211_CMD_GET_POWER_SAVE);
6508 	if (!hdr) {
6509 		err = -ENOBUFS;
6510 		goto free_msg;
6511 	}
6512 
6513 	if (wdev->ps)
6514 		ps_state = NL80211_PS_ENABLED;
6515 	else
6516 		ps_state = NL80211_PS_DISABLED;
6517 
6518 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
6519 		goto nla_put_failure;
6520 
6521 	genlmsg_end(msg, hdr);
6522 	return genlmsg_reply(msg, info);
6523 
6524  nla_put_failure:
6525 	err = -ENOBUFS;
6526  free_msg:
6527 	nlmsg_free(msg);
6528 	return err;
6529 }
6530 
6531 static struct nla_policy
6532 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
6533 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
6534 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
6535 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
6536 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
6537 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
6538 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
6539 };
6540 
6541 static int nl80211_set_cqm_txe(struct genl_info *info,
6542 			       u32 rate, u32 pkts, u32 intvl)
6543 {
6544 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6545 	struct wireless_dev *wdev;
6546 	struct net_device *dev = info->user_ptr[1];
6547 
6548 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
6549 		return -EINVAL;
6550 
6551 	wdev = dev->ieee80211_ptr;
6552 
6553 	if (!rdev->ops->set_cqm_txe_config)
6554 		return -EOPNOTSUPP;
6555 
6556 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
6557 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
6558 		return -EOPNOTSUPP;
6559 
6560 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
6561 }
6562 
6563 static int nl80211_set_cqm_rssi(struct genl_info *info,
6564 				s32 threshold, u32 hysteresis)
6565 {
6566 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6567 	struct wireless_dev *wdev;
6568 	struct net_device *dev = info->user_ptr[1];
6569 
6570 	if (threshold > 0)
6571 		return -EINVAL;
6572 
6573 	wdev = dev->ieee80211_ptr;
6574 
6575 	if (!rdev->ops->set_cqm_rssi_config)
6576 		return -EOPNOTSUPP;
6577 
6578 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
6579 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
6580 		return -EOPNOTSUPP;
6581 
6582 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
6583 }
6584 
6585 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
6586 {
6587 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
6588 	struct nlattr *cqm;
6589 	int err;
6590 
6591 	cqm = info->attrs[NL80211_ATTR_CQM];
6592 	if (!cqm) {
6593 		err = -EINVAL;
6594 		goto out;
6595 	}
6596 
6597 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
6598 			       nl80211_attr_cqm_policy);
6599 	if (err)
6600 		goto out;
6601 
6602 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
6603 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
6604 		s32 threshold;
6605 		u32 hysteresis;
6606 		threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
6607 		hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
6608 		err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
6609 	} else if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
6610 		   attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
6611 		   attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
6612 		u32 rate, pkts, intvl;
6613 		rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
6614 		pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
6615 		intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
6616 		err = nl80211_set_cqm_txe(info, rate, pkts, intvl);
6617 	} else
6618 		err = -EINVAL;
6619 
6620 out:
6621 	return err;
6622 }
6623 
6624 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
6625 {
6626 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6627 	struct net_device *dev = info->user_ptr[1];
6628 	struct mesh_config cfg;
6629 	struct mesh_setup setup;
6630 	int err;
6631 
6632 	/* start with default */
6633 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
6634 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
6635 
6636 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
6637 		/* and parse parameters if given */
6638 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
6639 		if (err)
6640 			return err;
6641 	}
6642 
6643 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
6644 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
6645 		return -EINVAL;
6646 
6647 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
6648 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
6649 
6650 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6651 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
6652 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6653 			return -EINVAL;
6654 
6655 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
6656 		/* parse additional setup parameters if given */
6657 		err = nl80211_parse_mesh_setup(info, &setup);
6658 		if (err)
6659 			return err;
6660 	}
6661 
6662 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
6663 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
6664 		if (err)
6665 			return err;
6666 	} else {
6667 		/* cfg80211_join_mesh() will sort it out */
6668 		setup.chandef.chan = NULL;
6669 	}
6670 
6671 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
6672 }
6673 
6674 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
6675 {
6676 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6677 	struct net_device *dev = info->user_ptr[1];
6678 
6679 	return cfg80211_leave_mesh(rdev, dev);
6680 }
6681 
6682 #ifdef CONFIG_PM
6683 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
6684 {
6685 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6686 	struct sk_buff *msg;
6687 	void *hdr;
6688 
6689 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
6690 		return -EOPNOTSUPP;
6691 
6692 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6693 	if (!msg)
6694 		return -ENOMEM;
6695 
6696 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6697 			     NL80211_CMD_GET_WOWLAN);
6698 	if (!hdr)
6699 		goto nla_put_failure;
6700 
6701 	if (rdev->wowlan) {
6702 		struct nlattr *nl_wowlan;
6703 
6704 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
6705 		if (!nl_wowlan)
6706 			goto nla_put_failure;
6707 
6708 		if ((rdev->wowlan->any &&
6709 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
6710 		    (rdev->wowlan->disconnect &&
6711 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
6712 		    (rdev->wowlan->magic_pkt &&
6713 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
6714 		    (rdev->wowlan->gtk_rekey_failure &&
6715 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
6716 		    (rdev->wowlan->eap_identity_req &&
6717 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
6718 		    (rdev->wowlan->four_way_handshake &&
6719 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
6720 		    (rdev->wowlan->rfkill_release &&
6721 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
6722 			goto nla_put_failure;
6723 		if (rdev->wowlan->n_patterns) {
6724 			struct nlattr *nl_pats, *nl_pat;
6725 			int i, pat_len;
6726 
6727 			nl_pats = nla_nest_start(msg,
6728 					NL80211_WOWLAN_TRIG_PKT_PATTERN);
6729 			if (!nl_pats)
6730 				goto nla_put_failure;
6731 
6732 			for (i = 0; i < rdev->wowlan->n_patterns; i++) {
6733 				nl_pat = nla_nest_start(msg, i + 1);
6734 				if (!nl_pat)
6735 					goto nla_put_failure;
6736 				pat_len = rdev->wowlan->patterns[i].pattern_len;
6737 				if (nla_put(msg, NL80211_WOWLAN_PKTPAT_MASK,
6738 					    DIV_ROUND_UP(pat_len, 8),
6739 					    rdev->wowlan->patterns[i].mask) ||
6740 				    nla_put(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
6741 					    pat_len,
6742 					    rdev->wowlan->patterns[i].pattern))
6743 					goto nla_put_failure;
6744 				nla_nest_end(msg, nl_pat);
6745 			}
6746 			nla_nest_end(msg, nl_pats);
6747 		}
6748 
6749 		nla_nest_end(msg, nl_wowlan);
6750 	}
6751 
6752 	genlmsg_end(msg, hdr);
6753 	return genlmsg_reply(msg, info);
6754 
6755 nla_put_failure:
6756 	nlmsg_free(msg);
6757 	return -ENOBUFS;
6758 }
6759 
6760 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
6761 {
6762 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6763 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
6764 	struct cfg80211_wowlan new_triggers = {};
6765 	struct cfg80211_wowlan *ntrig;
6766 	struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
6767 	int err, i;
6768 	bool prev_enabled = rdev->wowlan;
6769 
6770 	if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
6771 		return -EOPNOTSUPP;
6772 
6773 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
6774 		cfg80211_rdev_free_wowlan(rdev);
6775 		rdev->wowlan = NULL;
6776 		goto set_wakeup;
6777 	}
6778 
6779 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
6780 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
6781 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
6782 			nl80211_wowlan_policy);
6783 	if (err)
6784 		return err;
6785 
6786 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
6787 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
6788 			return -EINVAL;
6789 		new_triggers.any = true;
6790 	}
6791 
6792 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
6793 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
6794 			return -EINVAL;
6795 		new_triggers.disconnect = true;
6796 	}
6797 
6798 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
6799 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
6800 			return -EINVAL;
6801 		new_triggers.magic_pkt = true;
6802 	}
6803 
6804 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
6805 		return -EINVAL;
6806 
6807 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
6808 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
6809 			return -EINVAL;
6810 		new_triggers.gtk_rekey_failure = true;
6811 	}
6812 
6813 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
6814 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
6815 			return -EINVAL;
6816 		new_triggers.eap_identity_req = true;
6817 	}
6818 
6819 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
6820 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
6821 			return -EINVAL;
6822 		new_triggers.four_way_handshake = true;
6823 	}
6824 
6825 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
6826 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
6827 			return -EINVAL;
6828 		new_triggers.rfkill_release = true;
6829 	}
6830 
6831 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
6832 		struct nlattr *pat;
6833 		int n_patterns = 0;
6834 		int rem, pat_len, mask_len;
6835 		struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
6836 
6837 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
6838 				    rem)
6839 			n_patterns++;
6840 		if (n_patterns > wowlan->n_patterns)
6841 			return -EINVAL;
6842 
6843 		new_triggers.patterns = kcalloc(n_patterns,
6844 						sizeof(new_triggers.patterns[0]),
6845 						GFP_KERNEL);
6846 		if (!new_triggers.patterns)
6847 			return -ENOMEM;
6848 
6849 		new_triggers.n_patterns = n_patterns;
6850 		i = 0;
6851 
6852 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
6853 				    rem) {
6854 			nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
6855 				  nla_data(pat), nla_len(pat), NULL);
6856 			err = -EINVAL;
6857 			if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
6858 			    !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
6859 				goto error;
6860 			pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
6861 			mask_len = DIV_ROUND_UP(pat_len, 8);
6862 			if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
6863 			    mask_len)
6864 				goto error;
6865 			if (pat_len > wowlan->pattern_max_len ||
6866 			    pat_len < wowlan->pattern_min_len)
6867 				goto error;
6868 
6869 			new_triggers.patterns[i].mask =
6870 				kmalloc(mask_len + pat_len, GFP_KERNEL);
6871 			if (!new_triggers.patterns[i].mask) {
6872 				err = -ENOMEM;
6873 				goto error;
6874 			}
6875 			new_triggers.patterns[i].pattern =
6876 				new_triggers.patterns[i].mask + mask_len;
6877 			memcpy(new_triggers.patterns[i].mask,
6878 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
6879 			       mask_len);
6880 			new_triggers.patterns[i].pattern_len = pat_len;
6881 			memcpy(new_triggers.patterns[i].pattern,
6882 			       nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
6883 			       pat_len);
6884 			i++;
6885 		}
6886 	}
6887 
6888 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
6889 	if (!ntrig) {
6890 		err = -ENOMEM;
6891 		goto error;
6892 	}
6893 	cfg80211_rdev_free_wowlan(rdev);
6894 	rdev->wowlan = ntrig;
6895 
6896  set_wakeup:
6897 	if (rdev->ops->set_wakeup && prev_enabled != !!rdev->wowlan)
6898 		rdev_set_wakeup(rdev, rdev->wowlan);
6899 
6900 	return 0;
6901  error:
6902 	for (i = 0; i < new_triggers.n_patterns; i++)
6903 		kfree(new_triggers.patterns[i].mask);
6904 	kfree(new_triggers.patterns);
6905 	return err;
6906 }
6907 #endif
6908 
6909 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
6910 {
6911 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6912 	struct net_device *dev = info->user_ptr[1];
6913 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6914 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
6915 	struct cfg80211_gtk_rekey_data rekey_data;
6916 	int err;
6917 
6918 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
6919 		return -EINVAL;
6920 
6921 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
6922 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
6923 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
6924 			nl80211_rekey_policy);
6925 	if (err)
6926 		return err;
6927 
6928 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
6929 		return -ERANGE;
6930 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
6931 		return -ERANGE;
6932 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
6933 		return -ERANGE;
6934 
6935 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
6936 	       NL80211_KEK_LEN);
6937 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
6938 	       NL80211_KCK_LEN);
6939 	memcpy(rekey_data.replay_ctr,
6940 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
6941 	       NL80211_REPLAY_CTR_LEN);
6942 
6943 	wdev_lock(wdev);
6944 	if (!wdev->current_bss) {
6945 		err = -ENOTCONN;
6946 		goto out;
6947 	}
6948 
6949 	if (!rdev->ops->set_rekey_data) {
6950 		err = -EOPNOTSUPP;
6951 		goto out;
6952 	}
6953 
6954 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
6955  out:
6956 	wdev_unlock(wdev);
6957 	return err;
6958 }
6959 
6960 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
6961 					     struct genl_info *info)
6962 {
6963 	struct net_device *dev = info->user_ptr[1];
6964 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6965 
6966 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6967 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6968 		return -EINVAL;
6969 
6970 	if (wdev->ap_unexpected_nlportid)
6971 		return -EBUSY;
6972 
6973 	wdev->ap_unexpected_nlportid = info->snd_portid;
6974 	return 0;
6975 }
6976 
6977 static int nl80211_probe_client(struct sk_buff *skb,
6978 				struct genl_info *info)
6979 {
6980 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6981 	struct net_device *dev = info->user_ptr[1];
6982 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6983 	struct sk_buff *msg;
6984 	void *hdr;
6985 	const u8 *addr;
6986 	u64 cookie;
6987 	int err;
6988 
6989 	if (wdev->iftype != NL80211_IFTYPE_AP &&
6990 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
6991 		return -EOPNOTSUPP;
6992 
6993 	if (!info->attrs[NL80211_ATTR_MAC])
6994 		return -EINVAL;
6995 
6996 	if (!rdev->ops->probe_client)
6997 		return -EOPNOTSUPP;
6998 
6999 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7000 	if (!msg)
7001 		return -ENOMEM;
7002 
7003 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7004 			     NL80211_CMD_PROBE_CLIENT);
7005 
7006 	if (IS_ERR(hdr)) {
7007 		err = PTR_ERR(hdr);
7008 		goto free_msg;
7009 	}
7010 
7011 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
7012 
7013 	err = rdev_probe_client(rdev, dev, addr, &cookie);
7014 	if (err)
7015 		goto free_msg;
7016 
7017 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7018 		goto nla_put_failure;
7019 
7020 	genlmsg_end(msg, hdr);
7021 
7022 	return genlmsg_reply(msg, info);
7023 
7024  nla_put_failure:
7025 	err = -ENOBUFS;
7026  free_msg:
7027 	nlmsg_free(msg);
7028 	return err;
7029 }
7030 
7031 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
7032 {
7033 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7034 	struct cfg80211_beacon_registration *reg, *nreg;
7035 	int rv;
7036 
7037 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
7038 		return -EOPNOTSUPP;
7039 
7040 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
7041 	if (!nreg)
7042 		return -ENOMEM;
7043 
7044 	/* First, check if already registered. */
7045 	spin_lock_bh(&rdev->beacon_registrations_lock);
7046 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
7047 		if (reg->nlportid == info->snd_portid) {
7048 			rv = -EALREADY;
7049 			goto out_err;
7050 		}
7051 	}
7052 	/* Add it to the list */
7053 	nreg->nlportid = info->snd_portid;
7054 	list_add(&nreg->list, &rdev->beacon_registrations);
7055 
7056 	spin_unlock_bh(&rdev->beacon_registrations_lock);
7057 
7058 	return 0;
7059 out_err:
7060 	spin_unlock_bh(&rdev->beacon_registrations_lock);
7061 	kfree(nreg);
7062 	return rv;
7063 }
7064 
7065 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
7066 {
7067 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7068 	struct wireless_dev *wdev = info->user_ptr[1];
7069 	int err;
7070 
7071 	if (!rdev->ops->start_p2p_device)
7072 		return -EOPNOTSUPP;
7073 
7074 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
7075 		return -EOPNOTSUPP;
7076 
7077 	if (wdev->p2p_started)
7078 		return 0;
7079 
7080 	mutex_lock(&rdev->devlist_mtx);
7081 	err = cfg80211_can_add_interface(rdev, wdev->iftype);
7082 	mutex_unlock(&rdev->devlist_mtx);
7083 	if (err)
7084 		return err;
7085 
7086 	err = rdev_start_p2p_device(rdev, wdev);
7087 	if (err)
7088 		return err;
7089 
7090 	wdev->p2p_started = true;
7091 	mutex_lock(&rdev->devlist_mtx);
7092 	rdev->opencount++;
7093 	mutex_unlock(&rdev->devlist_mtx);
7094 
7095 	return 0;
7096 }
7097 
7098 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
7099 {
7100 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7101 	struct wireless_dev *wdev = info->user_ptr[1];
7102 
7103 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
7104 		return -EOPNOTSUPP;
7105 
7106 	if (!rdev->ops->stop_p2p_device)
7107 		return -EOPNOTSUPP;
7108 
7109 	if (!wdev->p2p_started)
7110 		return 0;
7111 
7112 	rdev_stop_p2p_device(rdev, wdev);
7113 	wdev->p2p_started = false;
7114 
7115 	mutex_lock(&rdev->devlist_mtx);
7116 	rdev->opencount--;
7117 	mutex_unlock(&rdev->devlist_mtx);
7118 
7119 	if (WARN_ON(rdev->scan_req && rdev->scan_req->wdev == wdev)) {
7120 		rdev->scan_req->aborted = true;
7121 		___cfg80211_scan_done(rdev, true);
7122 	}
7123 
7124 	return 0;
7125 }
7126 
7127 #define NL80211_FLAG_NEED_WIPHY		0x01
7128 #define NL80211_FLAG_NEED_NETDEV	0x02
7129 #define NL80211_FLAG_NEED_RTNL		0x04
7130 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
7131 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
7132 					 NL80211_FLAG_CHECK_NETDEV_UP)
7133 #define NL80211_FLAG_NEED_WDEV		0x10
7134 /* If a netdev is associated, it must be UP, P2P must be started */
7135 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
7136 					 NL80211_FLAG_CHECK_NETDEV_UP)
7137 
7138 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
7139 			    struct genl_info *info)
7140 {
7141 	struct cfg80211_registered_device *rdev;
7142 	struct wireless_dev *wdev;
7143 	struct net_device *dev;
7144 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
7145 
7146 	if (rtnl)
7147 		rtnl_lock();
7148 
7149 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
7150 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7151 		if (IS_ERR(rdev)) {
7152 			if (rtnl)
7153 				rtnl_unlock();
7154 			return PTR_ERR(rdev);
7155 		}
7156 		info->user_ptr[0] = rdev;
7157 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
7158 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
7159 		mutex_lock(&cfg80211_mutex);
7160 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
7161 						  info->attrs);
7162 		if (IS_ERR(wdev)) {
7163 			mutex_unlock(&cfg80211_mutex);
7164 			if (rtnl)
7165 				rtnl_unlock();
7166 			return PTR_ERR(wdev);
7167 		}
7168 
7169 		dev = wdev->netdev;
7170 		rdev = wiphy_to_dev(wdev->wiphy);
7171 
7172 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
7173 			if (!dev) {
7174 				mutex_unlock(&cfg80211_mutex);
7175 				if (rtnl)
7176 					rtnl_unlock();
7177 				return -EINVAL;
7178 			}
7179 
7180 			info->user_ptr[1] = dev;
7181 		} else {
7182 			info->user_ptr[1] = wdev;
7183 		}
7184 
7185 		if (dev) {
7186 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
7187 			    !netif_running(dev)) {
7188 				mutex_unlock(&cfg80211_mutex);
7189 				if (rtnl)
7190 					rtnl_unlock();
7191 				return -ENETDOWN;
7192 			}
7193 
7194 			dev_hold(dev);
7195 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
7196 			if (!wdev->p2p_started) {
7197 				mutex_unlock(&cfg80211_mutex);
7198 				if (rtnl)
7199 					rtnl_unlock();
7200 				return -ENETDOWN;
7201 			}
7202 		}
7203 
7204 		cfg80211_lock_rdev(rdev);
7205 
7206 		mutex_unlock(&cfg80211_mutex);
7207 
7208 		info->user_ptr[0] = rdev;
7209 	}
7210 
7211 	return 0;
7212 }
7213 
7214 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
7215 			      struct genl_info *info)
7216 {
7217 	if (info->user_ptr[0])
7218 		cfg80211_unlock_rdev(info->user_ptr[0]);
7219 	if (info->user_ptr[1]) {
7220 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
7221 			struct wireless_dev *wdev = info->user_ptr[1];
7222 
7223 			if (wdev->netdev)
7224 				dev_put(wdev->netdev);
7225 		} else {
7226 			dev_put(info->user_ptr[1]);
7227 		}
7228 	}
7229 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
7230 		rtnl_unlock();
7231 }
7232 
7233 static struct genl_ops nl80211_ops[] = {
7234 	{
7235 		.cmd = NL80211_CMD_GET_WIPHY,
7236 		.doit = nl80211_get_wiphy,
7237 		.dumpit = nl80211_dump_wiphy,
7238 		.policy = nl80211_policy,
7239 		/* can be retrieved by unprivileged users */
7240 		.internal_flags = NL80211_FLAG_NEED_WIPHY,
7241 	},
7242 	{
7243 		.cmd = NL80211_CMD_SET_WIPHY,
7244 		.doit = nl80211_set_wiphy,
7245 		.policy = nl80211_policy,
7246 		.flags = GENL_ADMIN_PERM,
7247 		.internal_flags = NL80211_FLAG_NEED_RTNL,
7248 	},
7249 	{
7250 		.cmd = NL80211_CMD_GET_INTERFACE,
7251 		.doit = nl80211_get_interface,
7252 		.dumpit = nl80211_dump_interface,
7253 		.policy = nl80211_policy,
7254 		/* can be retrieved by unprivileged users */
7255 		.internal_flags = NL80211_FLAG_NEED_WDEV,
7256 	},
7257 	{
7258 		.cmd = NL80211_CMD_SET_INTERFACE,
7259 		.doit = nl80211_set_interface,
7260 		.policy = nl80211_policy,
7261 		.flags = GENL_ADMIN_PERM,
7262 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7263 				  NL80211_FLAG_NEED_RTNL,
7264 	},
7265 	{
7266 		.cmd = NL80211_CMD_NEW_INTERFACE,
7267 		.doit = nl80211_new_interface,
7268 		.policy = nl80211_policy,
7269 		.flags = GENL_ADMIN_PERM,
7270 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
7271 				  NL80211_FLAG_NEED_RTNL,
7272 	},
7273 	{
7274 		.cmd = NL80211_CMD_DEL_INTERFACE,
7275 		.doit = nl80211_del_interface,
7276 		.policy = nl80211_policy,
7277 		.flags = GENL_ADMIN_PERM,
7278 		.internal_flags = NL80211_FLAG_NEED_WDEV |
7279 				  NL80211_FLAG_NEED_RTNL,
7280 	},
7281 	{
7282 		.cmd = NL80211_CMD_GET_KEY,
7283 		.doit = nl80211_get_key,
7284 		.policy = nl80211_policy,
7285 		.flags = GENL_ADMIN_PERM,
7286 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7287 				  NL80211_FLAG_NEED_RTNL,
7288 	},
7289 	{
7290 		.cmd = NL80211_CMD_SET_KEY,
7291 		.doit = nl80211_set_key,
7292 		.policy = nl80211_policy,
7293 		.flags = GENL_ADMIN_PERM,
7294 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7295 				  NL80211_FLAG_NEED_RTNL,
7296 	},
7297 	{
7298 		.cmd = NL80211_CMD_NEW_KEY,
7299 		.doit = nl80211_new_key,
7300 		.policy = nl80211_policy,
7301 		.flags = GENL_ADMIN_PERM,
7302 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7303 				  NL80211_FLAG_NEED_RTNL,
7304 	},
7305 	{
7306 		.cmd = NL80211_CMD_DEL_KEY,
7307 		.doit = nl80211_del_key,
7308 		.policy = nl80211_policy,
7309 		.flags = GENL_ADMIN_PERM,
7310 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7311 				  NL80211_FLAG_NEED_RTNL,
7312 	},
7313 	{
7314 		.cmd = NL80211_CMD_SET_BEACON,
7315 		.policy = nl80211_policy,
7316 		.flags = GENL_ADMIN_PERM,
7317 		.doit = nl80211_set_beacon,
7318 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7319 				  NL80211_FLAG_NEED_RTNL,
7320 	},
7321 	{
7322 		.cmd = NL80211_CMD_START_AP,
7323 		.policy = nl80211_policy,
7324 		.flags = GENL_ADMIN_PERM,
7325 		.doit = nl80211_start_ap,
7326 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7327 				  NL80211_FLAG_NEED_RTNL,
7328 	},
7329 	{
7330 		.cmd = NL80211_CMD_STOP_AP,
7331 		.policy = nl80211_policy,
7332 		.flags = GENL_ADMIN_PERM,
7333 		.doit = nl80211_stop_ap,
7334 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7335 				  NL80211_FLAG_NEED_RTNL,
7336 	},
7337 	{
7338 		.cmd = NL80211_CMD_GET_STATION,
7339 		.doit = nl80211_get_station,
7340 		.dumpit = nl80211_dump_station,
7341 		.policy = nl80211_policy,
7342 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7343 				  NL80211_FLAG_NEED_RTNL,
7344 	},
7345 	{
7346 		.cmd = NL80211_CMD_SET_STATION,
7347 		.doit = nl80211_set_station,
7348 		.policy = nl80211_policy,
7349 		.flags = GENL_ADMIN_PERM,
7350 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7351 				  NL80211_FLAG_NEED_RTNL,
7352 	},
7353 	{
7354 		.cmd = NL80211_CMD_NEW_STATION,
7355 		.doit = nl80211_new_station,
7356 		.policy = nl80211_policy,
7357 		.flags = GENL_ADMIN_PERM,
7358 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7359 				  NL80211_FLAG_NEED_RTNL,
7360 	},
7361 	{
7362 		.cmd = NL80211_CMD_DEL_STATION,
7363 		.doit = nl80211_del_station,
7364 		.policy = nl80211_policy,
7365 		.flags = GENL_ADMIN_PERM,
7366 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7367 				  NL80211_FLAG_NEED_RTNL,
7368 	},
7369 	{
7370 		.cmd = NL80211_CMD_GET_MPATH,
7371 		.doit = nl80211_get_mpath,
7372 		.dumpit = nl80211_dump_mpath,
7373 		.policy = nl80211_policy,
7374 		.flags = GENL_ADMIN_PERM,
7375 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7376 				  NL80211_FLAG_NEED_RTNL,
7377 	},
7378 	{
7379 		.cmd = NL80211_CMD_SET_MPATH,
7380 		.doit = nl80211_set_mpath,
7381 		.policy = nl80211_policy,
7382 		.flags = GENL_ADMIN_PERM,
7383 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7384 				  NL80211_FLAG_NEED_RTNL,
7385 	},
7386 	{
7387 		.cmd = NL80211_CMD_NEW_MPATH,
7388 		.doit = nl80211_new_mpath,
7389 		.policy = nl80211_policy,
7390 		.flags = GENL_ADMIN_PERM,
7391 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7392 				  NL80211_FLAG_NEED_RTNL,
7393 	},
7394 	{
7395 		.cmd = NL80211_CMD_DEL_MPATH,
7396 		.doit = nl80211_del_mpath,
7397 		.policy = nl80211_policy,
7398 		.flags = GENL_ADMIN_PERM,
7399 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7400 				  NL80211_FLAG_NEED_RTNL,
7401 	},
7402 	{
7403 		.cmd = NL80211_CMD_SET_BSS,
7404 		.doit = nl80211_set_bss,
7405 		.policy = nl80211_policy,
7406 		.flags = GENL_ADMIN_PERM,
7407 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7408 				  NL80211_FLAG_NEED_RTNL,
7409 	},
7410 	{
7411 		.cmd = NL80211_CMD_GET_REG,
7412 		.doit = nl80211_get_reg,
7413 		.policy = nl80211_policy,
7414 		/* can be retrieved by unprivileged users */
7415 	},
7416 	{
7417 		.cmd = NL80211_CMD_SET_REG,
7418 		.doit = nl80211_set_reg,
7419 		.policy = nl80211_policy,
7420 		.flags = GENL_ADMIN_PERM,
7421 	},
7422 	{
7423 		.cmd = NL80211_CMD_REQ_SET_REG,
7424 		.doit = nl80211_req_set_reg,
7425 		.policy = nl80211_policy,
7426 		.flags = GENL_ADMIN_PERM,
7427 	},
7428 	{
7429 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
7430 		.doit = nl80211_get_mesh_config,
7431 		.policy = nl80211_policy,
7432 		/* can be retrieved by unprivileged users */
7433 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7434 				  NL80211_FLAG_NEED_RTNL,
7435 	},
7436 	{
7437 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
7438 		.doit = nl80211_update_mesh_config,
7439 		.policy = nl80211_policy,
7440 		.flags = GENL_ADMIN_PERM,
7441 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7442 				  NL80211_FLAG_NEED_RTNL,
7443 	},
7444 	{
7445 		.cmd = NL80211_CMD_TRIGGER_SCAN,
7446 		.doit = nl80211_trigger_scan,
7447 		.policy = nl80211_policy,
7448 		.flags = GENL_ADMIN_PERM,
7449 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7450 				  NL80211_FLAG_NEED_RTNL,
7451 	},
7452 	{
7453 		.cmd = NL80211_CMD_GET_SCAN,
7454 		.policy = nl80211_policy,
7455 		.dumpit = nl80211_dump_scan,
7456 	},
7457 	{
7458 		.cmd = NL80211_CMD_START_SCHED_SCAN,
7459 		.doit = nl80211_start_sched_scan,
7460 		.policy = nl80211_policy,
7461 		.flags = GENL_ADMIN_PERM,
7462 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7463 				  NL80211_FLAG_NEED_RTNL,
7464 	},
7465 	{
7466 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
7467 		.doit = nl80211_stop_sched_scan,
7468 		.policy = nl80211_policy,
7469 		.flags = GENL_ADMIN_PERM,
7470 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7471 				  NL80211_FLAG_NEED_RTNL,
7472 	},
7473 	{
7474 		.cmd = NL80211_CMD_AUTHENTICATE,
7475 		.doit = nl80211_authenticate,
7476 		.policy = nl80211_policy,
7477 		.flags = GENL_ADMIN_PERM,
7478 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7479 				  NL80211_FLAG_NEED_RTNL,
7480 	},
7481 	{
7482 		.cmd = NL80211_CMD_ASSOCIATE,
7483 		.doit = nl80211_associate,
7484 		.policy = nl80211_policy,
7485 		.flags = GENL_ADMIN_PERM,
7486 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7487 				  NL80211_FLAG_NEED_RTNL,
7488 	},
7489 	{
7490 		.cmd = NL80211_CMD_DEAUTHENTICATE,
7491 		.doit = nl80211_deauthenticate,
7492 		.policy = nl80211_policy,
7493 		.flags = GENL_ADMIN_PERM,
7494 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7495 				  NL80211_FLAG_NEED_RTNL,
7496 	},
7497 	{
7498 		.cmd = NL80211_CMD_DISASSOCIATE,
7499 		.doit = nl80211_disassociate,
7500 		.policy = nl80211_policy,
7501 		.flags = GENL_ADMIN_PERM,
7502 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7503 				  NL80211_FLAG_NEED_RTNL,
7504 	},
7505 	{
7506 		.cmd = NL80211_CMD_JOIN_IBSS,
7507 		.doit = nl80211_join_ibss,
7508 		.policy = nl80211_policy,
7509 		.flags = GENL_ADMIN_PERM,
7510 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7511 				  NL80211_FLAG_NEED_RTNL,
7512 	},
7513 	{
7514 		.cmd = NL80211_CMD_LEAVE_IBSS,
7515 		.doit = nl80211_leave_ibss,
7516 		.policy = nl80211_policy,
7517 		.flags = GENL_ADMIN_PERM,
7518 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7519 				  NL80211_FLAG_NEED_RTNL,
7520 	},
7521 #ifdef CONFIG_NL80211_TESTMODE
7522 	{
7523 		.cmd = NL80211_CMD_TESTMODE,
7524 		.doit = nl80211_testmode_do,
7525 		.dumpit = nl80211_testmode_dump,
7526 		.policy = nl80211_policy,
7527 		.flags = GENL_ADMIN_PERM,
7528 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
7529 				  NL80211_FLAG_NEED_RTNL,
7530 	},
7531 #endif
7532 	{
7533 		.cmd = NL80211_CMD_CONNECT,
7534 		.doit = nl80211_connect,
7535 		.policy = nl80211_policy,
7536 		.flags = GENL_ADMIN_PERM,
7537 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7538 				  NL80211_FLAG_NEED_RTNL,
7539 	},
7540 	{
7541 		.cmd = NL80211_CMD_DISCONNECT,
7542 		.doit = nl80211_disconnect,
7543 		.policy = nl80211_policy,
7544 		.flags = GENL_ADMIN_PERM,
7545 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7546 				  NL80211_FLAG_NEED_RTNL,
7547 	},
7548 	{
7549 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
7550 		.doit = nl80211_wiphy_netns,
7551 		.policy = nl80211_policy,
7552 		.flags = GENL_ADMIN_PERM,
7553 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
7554 				  NL80211_FLAG_NEED_RTNL,
7555 	},
7556 	{
7557 		.cmd = NL80211_CMD_GET_SURVEY,
7558 		.policy = nl80211_policy,
7559 		.dumpit = nl80211_dump_survey,
7560 	},
7561 	{
7562 		.cmd = NL80211_CMD_SET_PMKSA,
7563 		.doit = nl80211_setdel_pmksa,
7564 		.policy = nl80211_policy,
7565 		.flags = GENL_ADMIN_PERM,
7566 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7567 				  NL80211_FLAG_NEED_RTNL,
7568 	},
7569 	{
7570 		.cmd = NL80211_CMD_DEL_PMKSA,
7571 		.doit = nl80211_setdel_pmksa,
7572 		.policy = nl80211_policy,
7573 		.flags = GENL_ADMIN_PERM,
7574 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7575 				  NL80211_FLAG_NEED_RTNL,
7576 	},
7577 	{
7578 		.cmd = NL80211_CMD_FLUSH_PMKSA,
7579 		.doit = nl80211_flush_pmksa,
7580 		.policy = nl80211_policy,
7581 		.flags = GENL_ADMIN_PERM,
7582 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7583 				  NL80211_FLAG_NEED_RTNL,
7584 	},
7585 	{
7586 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
7587 		.doit = nl80211_remain_on_channel,
7588 		.policy = nl80211_policy,
7589 		.flags = GENL_ADMIN_PERM,
7590 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7591 				  NL80211_FLAG_NEED_RTNL,
7592 	},
7593 	{
7594 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
7595 		.doit = nl80211_cancel_remain_on_channel,
7596 		.policy = nl80211_policy,
7597 		.flags = GENL_ADMIN_PERM,
7598 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7599 				  NL80211_FLAG_NEED_RTNL,
7600 	},
7601 	{
7602 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
7603 		.doit = nl80211_set_tx_bitrate_mask,
7604 		.policy = nl80211_policy,
7605 		.flags = GENL_ADMIN_PERM,
7606 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7607 				  NL80211_FLAG_NEED_RTNL,
7608 	},
7609 	{
7610 		.cmd = NL80211_CMD_REGISTER_FRAME,
7611 		.doit = nl80211_register_mgmt,
7612 		.policy = nl80211_policy,
7613 		.flags = GENL_ADMIN_PERM,
7614 		.internal_flags = NL80211_FLAG_NEED_WDEV |
7615 				  NL80211_FLAG_NEED_RTNL,
7616 	},
7617 	{
7618 		.cmd = NL80211_CMD_FRAME,
7619 		.doit = nl80211_tx_mgmt,
7620 		.policy = nl80211_policy,
7621 		.flags = GENL_ADMIN_PERM,
7622 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7623 				  NL80211_FLAG_NEED_RTNL,
7624 	},
7625 	{
7626 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
7627 		.doit = nl80211_tx_mgmt_cancel_wait,
7628 		.policy = nl80211_policy,
7629 		.flags = GENL_ADMIN_PERM,
7630 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7631 				  NL80211_FLAG_NEED_RTNL,
7632 	},
7633 	{
7634 		.cmd = NL80211_CMD_SET_POWER_SAVE,
7635 		.doit = nl80211_set_power_save,
7636 		.policy = nl80211_policy,
7637 		.flags = GENL_ADMIN_PERM,
7638 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7639 				  NL80211_FLAG_NEED_RTNL,
7640 	},
7641 	{
7642 		.cmd = NL80211_CMD_GET_POWER_SAVE,
7643 		.doit = nl80211_get_power_save,
7644 		.policy = nl80211_policy,
7645 		/* can be retrieved by unprivileged users */
7646 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7647 				  NL80211_FLAG_NEED_RTNL,
7648 	},
7649 	{
7650 		.cmd = NL80211_CMD_SET_CQM,
7651 		.doit = nl80211_set_cqm,
7652 		.policy = nl80211_policy,
7653 		.flags = GENL_ADMIN_PERM,
7654 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7655 				  NL80211_FLAG_NEED_RTNL,
7656 	},
7657 	{
7658 		.cmd = NL80211_CMD_SET_CHANNEL,
7659 		.doit = nl80211_set_channel,
7660 		.policy = nl80211_policy,
7661 		.flags = GENL_ADMIN_PERM,
7662 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7663 				  NL80211_FLAG_NEED_RTNL,
7664 	},
7665 	{
7666 		.cmd = NL80211_CMD_SET_WDS_PEER,
7667 		.doit = nl80211_set_wds_peer,
7668 		.policy = nl80211_policy,
7669 		.flags = GENL_ADMIN_PERM,
7670 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7671 				  NL80211_FLAG_NEED_RTNL,
7672 	},
7673 	{
7674 		.cmd = NL80211_CMD_JOIN_MESH,
7675 		.doit = nl80211_join_mesh,
7676 		.policy = nl80211_policy,
7677 		.flags = GENL_ADMIN_PERM,
7678 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7679 				  NL80211_FLAG_NEED_RTNL,
7680 	},
7681 	{
7682 		.cmd = NL80211_CMD_LEAVE_MESH,
7683 		.doit = nl80211_leave_mesh,
7684 		.policy = nl80211_policy,
7685 		.flags = GENL_ADMIN_PERM,
7686 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7687 				  NL80211_FLAG_NEED_RTNL,
7688 	},
7689 #ifdef CONFIG_PM
7690 	{
7691 		.cmd = NL80211_CMD_GET_WOWLAN,
7692 		.doit = nl80211_get_wowlan,
7693 		.policy = nl80211_policy,
7694 		/* can be retrieved by unprivileged users */
7695 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
7696 				  NL80211_FLAG_NEED_RTNL,
7697 	},
7698 	{
7699 		.cmd = NL80211_CMD_SET_WOWLAN,
7700 		.doit = nl80211_set_wowlan,
7701 		.policy = nl80211_policy,
7702 		.flags = GENL_ADMIN_PERM,
7703 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
7704 				  NL80211_FLAG_NEED_RTNL,
7705 	},
7706 #endif
7707 	{
7708 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
7709 		.doit = nl80211_set_rekey_data,
7710 		.policy = nl80211_policy,
7711 		.flags = GENL_ADMIN_PERM,
7712 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7713 				  NL80211_FLAG_NEED_RTNL,
7714 	},
7715 	{
7716 		.cmd = NL80211_CMD_TDLS_MGMT,
7717 		.doit = nl80211_tdls_mgmt,
7718 		.policy = nl80211_policy,
7719 		.flags = GENL_ADMIN_PERM,
7720 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7721 				  NL80211_FLAG_NEED_RTNL,
7722 	},
7723 	{
7724 		.cmd = NL80211_CMD_TDLS_OPER,
7725 		.doit = nl80211_tdls_oper,
7726 		.policy = nl80211_policy,
7727 		.flags = GENL_ADMIN_PERM,
7728 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7729 				  NL80211_FLAG_NEED_RTNL,
7730 	},
7731 	{
7732 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
7733 		.doit = nl80211_register_unexpected_frame,
7734 		.policy = nl80211_policy,
7735 		.flags = GENL_ADMIN_PERM,
7736 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7737 				  NL80211_FLAG_NEED_RTNL,
7738 	},
7739 	{
7740 		.cmd = NL80211_CMD_PROBE_CLIENT,
7741 		.doit = nl80211_probe_client,
7742 		.policy = nl80211_policy,
7743 		.flags = GENL_ADMIN_PERM,
7744 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
7745 				  NL80211_FLAG_NEED_RTNL,
7746 	},
7747 	{
7748 		.cmd = NL80211_CMD_REGISTER_BEACONS,
7749 		.doit = nl80211_register_beacons,
7750 		.policy = nl80211_policy,
7751 		.flags = GENL_ADMIN_PERM,
7752 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
7753 				  NL80211_FLAG_NEED_RTNL,
7754 	},
7755 	{
7756 		.cmd = NL80211_CMD_SET_NOACK_MAP,
7757 		.doit = nl80211_set_noack_map,
7758 		.policy = nl80211_policy,
7759 		.flags = GENL_ADMIN_PERM,
7760 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7761 				  NL80211_FLAG_NEED_RTNL,
7762 	},
7763 	{
7764 		.cmd = NL80211_CMD_START_P2P_DEVICE,
7765 		.doit = nl80211_start_p2p_device,
7766 		.policy = nl80211_policy,
7767 		.flags = GENL_ADMIN_PERM,
7768 		.internal_flags = NL80211_FLAG_NEED_WDEV |
7769 				  NL80211_FLAG_NEED_RTNL,
7770 	},
7771 	{
7772 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
7773 		.doit = nl80211_stop_p2p_device,
7774 		.policy = nl80211_policy,
7775 		.flags = GENL_ADMIN_PERM,
7776 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
7777 				  NL80211_FLAG_NEED_RTNL,
7778 	},
7779 	{
7780 		.cmd = NL80211_CMD_SET_MCAST_RATE,
7781 		.doit = nl80211_set_mcast_rate,
7782 		.policy = nl80211_policy,
7783 		.flags = GENL_ADMIN_PERM,
7784 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
7785 				  NL80211_FLAG_NEED_RTNL,
7786 	},
7787 };
7788 
7789 static struct genl_multicast_group nl80211_mlme_mcgrp = {
7790 	.name = "mlme",
7791 };
7792 
7793 /* multicast groups */
7794 static struct genl_multicast_group nl80211_config_mcgrp = {
7795 	.name = "config",
7796 };
7797 static struct genl_multicast_group nl80211_scan_mcgrp = {
7798 	.name = "scan",
7799 };
7800 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
7801 	.name = "regulatory",
7802 };
7803 
7804 /* notification functions */
7805 
7806 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
7807 {
7808 	struct sk_buff *msg;
7809 
7810 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7811 	if (!msg)
7812 		return;
7813 
7814 	if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
7815 		nlmsg_free(msg);
7816 		return;
7817 	}
7818 
7819 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7820 				nl80211_config_mcgrp.id, GFP_KERNEL);
7821 }
7822 
7823 static int nl80211_add_scan_req(struct sk_buff *msg,
7824 				struct cfg80211_registered_device *rdev)
7825 {
7826 	struct cfg80211_scan_request *req = rdev->scan_req;
7827 	struct nlattr *nest;
7828 	int i;
7829 
7830 	ASSERT_RDEV_LOCK(rdev);
7831 
7832 	if (WARN_ON(!req))
7833 		return 0;
7834 
7835 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
7836 	if (!nest)
7837 		goto nla_put_failure;
7838 	for (i = 0; i < req->n_ssids; i++) {
7839 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
7840 			goto nla_put_failure;
7841 	}
7842 	nla_nest_end(msg, nest);
7843 
7844 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
7845 	if (!nest)
7846 		goto nla_put_failure;
7847 	for (i = 0; i < req->n_channels; i++) {
7848 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
7849 			goto nla_put_failure;
7850 	}
7851 	nla_nest_end(msg, nest);
7852 
7853 	if (req->ie &&
7854 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
7855 		goto nla_put_failure;
7856 
7857 	if (req->flags)
7858 		nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags);
7859 
7860 	return 0;
7861  nla_put_failure:
7862 	return -ENOBUFS;
7863 }
7864 
7865 static int nl80211_send_scan_msg(struct sk_buff *msg,
7866 				 struct cfg80211_registered_device *rdev,
7867 				 struct wireless_dev *wdev,
7868 				 u32 portid, u32 seq, int flags,
7869 				 u32 cmd)
7870 {
7871 	void *hdr;
7872 
7873 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
7874 	if (!hdr)
7875 		return -1;
7876 
7877 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7878 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
7879 					 wdev->netdev->ifindex)) ||
7880 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
7881 		goto nla_put_failure;
7882 
7883 	/* ignore errors and send incomplete event anyway */
7884 	nl80211_add_scan_req(msg, rdev);
7885 
7886 	return genlmsg_end(msg, hdr);
7887 
7888  nla_put_failure:
7889 	genlmsg_cancel(msg, hdr);
7890 	return -EMSGSIZE;
7891 }
7892 
7893 static int
7894 nl80211_send_sched_scan_msg(struct sk_buff *msg,
7895 			    struct cfg80211_registered_device *rdev,
7896 			    struct net_device *netdev,
7897 			    u32 portid, u32 seq, int flags, u32 cmd)
7898 {
7899 	void *hdr;
7900 
7901 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
7902 	if (!hdr)
7903 		return -1;
7904 
7905 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
7906 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
7907 		goto nla_put_failure;
7908 
7909 	return genlmsg_end(msg, hdr);
7910 
7911  nla_put_failure:
7912 	genlmsg_cancel(msg, hdr);
7913 	return -EMSGSIZE;
7914 }
7915 
7916 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
7917 			     struct wireless_dev *wdev)
7918 {
7919 	struct sk_buff *msg;
7920 
7921 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7922 	if (!msg)
7923 		return;
7924 
7925 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
7926 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
7927 		nlmsg_free(msg);
7928 		return;
7929 	}
7930 
7931 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7932 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7933 }
7934 
7935 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
7936 			    struct wireless_dev *wdev)
7937 {
7938 	struct sk_buff *msg;
7939 
7940 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7941 	if (!msg)
7942 		return;
7943 
7944 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
7945 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
7946 		nlmsg_free(msg);
7947 		return;
7948 	}
7949 
7950 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7951 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7952 }
7953 
7954 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
7955 			       struct wireless_dev *wdev)
7956 {
7957 	struct sk_buff *msg;
7958 
7959 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7960 	if (!msg)
7961 		return;
7962 
7963 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
7964 				  NL80211_CMD_SCAN_ABORTED) < 0) {
7965 		nlmsg_free(msg);
7966 		return;
7967 	}
7968 
7969 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7970 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7971 }
7972 
7973 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
7974 				     struct net_device *netdev)
7975 {
7976 	struct sk_buff *msg;
7977 
7978 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7979 	if (!msg)
7980 		return;
7981 
7982 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
7983 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
7984 		nlmsg_free(msg);
7985 		return;
7986 	}
7987 
7988 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
7989 				nl80211_scan_mcgrp.id, GFP_KERNEL);
7990 }
7991 
7992 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
7993 			     struct net_device *netdev, u32 cmd)
7994 {
7995 	struct sk_buff *msg;
7996 
7997 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7998 	if (!msg)
7999 		return;
8000 
8001 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
8002 		nlmsg_free(msg);
8003 		return;
8004 	}
8005 
8006 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8007 				nl80211_scan_mcgrp.id, GFP_KERNEL);
8008 }
8009 
8010 /*
8011  * This can happen on global regulatory changes or device specific settings
8012  * based on custom world regulatory domains.
8013  */
8014 void nl80211_send_reg_change_event(struct regulatory_request *request)
8015 {
8016 	struct sk_buff *msg;
8017 	void *hdr;
8018 
8019 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8020 	if (!msg)
8021 		return;
8022 
8023 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
8024 	if (!hdr) {
8025 		nlmsg_free(msg);
8026 		return;
8027 	}
8028 
8029 	/* Userspace can always count this one always being set */
8030 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
8031 		goto nla_put_failure;
8032 
8033 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
8034 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8035 			       NL80211_REGDOM_TYPE_WORLD))
8036 			goto nla_put_failure;
8037 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
8038 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8039 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
8040 			goto nla_put_failure;
8041 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
8042 		   request->intersect) {
8043 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8044 			       NL80211_REGDOM_TYPE_INTERSECTION))
8045 			goto nla_put_failure;
8046 	} else {
8047 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
8048 			       NL80211_REGDOM_TYPE_COUNTRY) ||
8049 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
8050 				   request->alpha2))
8051 			goto nla_put_failure;
8052 	}
8053 
8054 	if (wiphy_idx_valid(request->wiphy_idx) &&
8055 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
8056 		goto nla_put_failure;
8057 
8058 	genlmsg_end(msg, hdr);
8059 
8060 	rcu_read_lock();
8061 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
8062 				GFP_ATOMIC);
8063 	rcu_read_unlock();
8064 
8065 	return;
8066 
8067 nla_put_failure:
8068 	genlmsg_cancel(msg, hdr);
8069 	nlmsg_free(msg);
8070 }
8071 
8072 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
8073 				    struct net_device *netdev,
8074 				    const u8 *buf, size_t len,
8075 				    enum nl80211_commands cmd, gfp_t gfp)
8076 {
8077 	struct sk_buff *msg;
8078 	void *hdr;
8079 
8080 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8081 	if (!msg)
8082 		return;
8083 
8084 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
8085 	if (!hdr) {
8086 		nlmsg_free(msg);
8087 		return;
8088 	}
8089 
8090 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8091 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8092 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
8093 		goto nla_put_failure;
8094 
8095 	genlmsg_end(msg, hdr);
8096 
8097 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8098 				nl80211_mlme_mcgrp.id, gfp);
8099 	return;
8100 
8101  nla_put_failure:
8102 	genlmsg_cancel(msg, hdr);
8103 	nlmsg_free(msg);
8104 }
8105 
8106 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
8107 			  struct net_device *netdev, const u8 *buf,
8108 			  size_t len, gfp_t gfp)
8109 {
8110 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8111 				NL80211_CMD_AUTHENTICATE, gfp);
8112 }
8113 
8114 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
8115 			   struct net_device *netdev, const u8 *buf,
8116 			   size_t len, gfp_t gfp)
8117 {
8118 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8119 				NL80211_CMD_ASSOCIATE, gfp);
8120 }
8121 
8122 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
8123 			 struct net_device *netdev, const u8 *buf,
8124 			 size_t len, gfp_t gfp)
8125 {
8126 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8127 				NL80211_CMD_DEAUTHENTICATE, gfp);
8128 }
8129 
8130 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
8131 			   struct net_device *netdev, const u8 *buf,
8132 			   size_t len, gfp_t gfp)
8133 {
8134 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8135 				NL80211_CMD_DISASSOCIATE, gfp);
8136 }
8137 
8138 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev,
8139 				struct net_device *netdev, const u8 *buf,
8140 				size_t len, gfp_t gfp)
8141 {
8142 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8143 				NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp);
8144 }
8145 
8146 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev,
8147 				  struct net_device *netdev, const u8 *buf,
8148 				  size_t len, gfp_t gfp)
8149 {
8150 	nl80211_send_mlme_event(rdev, netdev, buf, len,
8151 				NL80211_CMD_UNPROT_DISASSOCIATE, gfp);
8152 }
8153 
8154 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
8155 				      struct net_device *netdev, int cmd,
8156 				      const u8 *addr, gfp_t gfp)
8157 {
8158 	struct sk_buff *msg;
8159 	void *hdr;
8160 
8161 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8162 	if (!msg)
8163 		return;
8164 
8165 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
8166 	if (!hdr) {
8167 		nlmsg_free(msg);
8168 		return;
8169 	}
8170 
8171 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8172 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8173 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
8174 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
8175 		goto nla_put_failure;
8176 
8177 	genlmsg_end(msg, hdr);
8178 
8179 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8180 				nl80211_mlme_mcgrp.id, gfp);
8181 	return;
8182 
8183  nla_put_failure:
8184 	genlmsg_cancel(msg, hdr);
8185 	nlmsg_free(msg);
8186 }
8187 
8188 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
8189 			       struct net_device *netdev, const u8 *addr,
8190 			       gfp_t gfp)
8191 {
8192 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
8193 				  addr, gfp);
8194 }
8195 
8196 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
8197 				struct net_device *netdev, const u8 *addr,
8198 				gfp_t gfp)
8199 {
8200 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
8201 				  addr, gfp);
8202 }
8203 
8204 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
8205 				 struct net_device *netdev, const u8 *bssid,
8206 				 const u8 *req_ie, size_t req_ie_len,
8207 				 const u8 *resp_ie, size_t resp_ie_len,
8208 				 u16 status, gfp_t gfp)
8209 {
8210 	struct sk_buff *msg;
8211 	void *hdr;
8212 
8213 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8214 	if (!msg)
8215 		return;
8216 
8217 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
8218 	if (!hdr) {
8219 		nlmsg_free(msg);
8220 		return;
8221 	}
8222 
8223 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8224 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8225 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
8226 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
8227 	    (req_ie &&
8228 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
8229 	    (resp_ie &&
8230 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
8231 		goto nla_put_failure;
8232 
8233 	genlmsg_end(msg, hdr);
8234 
8235 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8236 				nl80211_mlme_mcgrp.id, gfp);
8237 	return;
8238 
8239  nla_put_failure:
8240 	genlmsg_cancel(msg, hdr);
8241 	nlmsg_free(msg);
8242 
8243 }
8244 
8245 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
8246 			 struct net_device *netdev, const u8 *bssid,
8247 			 const u8 *req_ie, size_t req_ie_len,
8248 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
8249 {
8250 	struct sk_buff *msg;
8251 	void *hdr;
8252 
8253 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8254 	if (!msg)
8255 		return;
8256 
8257 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
8258 	if (!hdr) {
8259 		nlmsg_free(msg);
8260 		return;
8261 	}
8262 
8263 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8264 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8265 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
8266 	    (req_ie &&
8267 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
8268 	    (resp_ie &&
8269 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
8270 		goto nla_put_failure;
8271 
8272 	genlmsg_end(msg, hdr);
8273 
8274 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8275 				nl80211_mlme_mcgrp.id, gfp);
8276 	return;
8277 
8278  nla_put_failure:
8279 	genlmsg_cancel(msg, hdr);
8280 	nlmsg_free(msg);
8281 
8282 }
8283 
8284 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
8285 			       struct net_device *netdev, u16 reason,
8286 			       const u8 *ie, size_t ie_len, bool from_ap)
8287 {
8288 	struct sk_buff *msg;
8289 	void *hdr;
8290 
8291 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8292 	if (!msg)
8293 		return;
8294 
8295 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
8296 	if (!hdr) {
8297 		nlmsg_free(msg);
8298 		return;
8299 	}
8300 
8301 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8302 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8303 	    (from_ap && reason &&
8304 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
8305 	    (from_ap &&
8306 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
8307 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
8308 		goto nla_put_failure;
8309 
8310 	genlmsg_end(msg, hdr);
8311 
8312 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8313 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
8314 	return;
8315 
8316  nla_put_failure:
8317 	genlmsg_cancel(msg, hdr);
8318 	nlmsg_free(msg);
8319 
8320 }
8321 
8322 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
8323 			     struct net_device *netdev, const u8 *bssid,
8324 			     gfp_t gfp)
8325 {
8326 	struct sk_buff *msg;
8327 	void *hdr;
8328 
8329 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8330 	if (!msg)
8331 		return;
8332 
8333 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
8334 	if (!hdr) {
8335 		nlmsg_free(msg);
8336 		return;
8337 	}
8338 
8339 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8340 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8341 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
8342 		goto nla_put_failure;
8343 
8344 	genlmsg_end(msg, hdr);
8345 
8346 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8347 				nl80211_mlme_mcgrp.id, gfp);
8348 	return;
8349 
8350  nla_put_failure:
8351 	genlmsg_cancel(msg, hdr);
8352 	nlmsg_free(msg);
8353 }
8354 
8355 void nl80211_send_new_peer_candidate(struct cfg80211_registered_device *rdev,
8356 		struct net_device *netdev,
8357 		const u8 *macaddr, const u8* ie, u8 ie_len,
8358 		gfp_t gfp)
8359 {
8360 	struct sk_buff *msg;
8361 	void *hdr;
8362 
8363 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8364 	if (!msg)
8365 		return;
8366 
8367 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
8368 	if (!hdr) {
8369 		nlmsg_free(msg);
8370 		return;
8371 	}
8372 
8373 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8374 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8375 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, macaddr) ||
8376 	    (ie_len && ie &&
8377 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
8378 		goto nla_put_failure;
8379 
8380 	genlmsg_end(msg, hdr);
8381 
8382 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8383 				nl80211_mlme_mcgrp.id, gfp);
8384 	return;
8385 
8386  nla_put_failure:
8387 	genlmsg_cancel(msg, hdr);
8388 	nlmsg_free(msg);
8389 }
8390 
8391 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
8392 				 struct net_device *netdev, const u8 *addr,
8393 				 enum nl80211_key_type key_type, int key_id,
8394 				 const u8 *tsc, gfp_t gfp)
8395 {
8396 	struct sk_buff *msg;
8397 	void *hdr;
8398 
8399 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8400 	if (!msg)
8401 		return;
8402 
8403 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
8404 	if (!hdr) {
8405 		nlmsg_free(msg);
8406 		return;
8407 	}
8408 
8409 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8410 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8411 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
8412 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
8413 	    (key_id != -1 &&
8414 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
8415 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
8416 		goto nla_put_failure;
8417 
8418 	genlmsg_end(msg, hdr);
8419 
8420 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8421 				nl80211_mlme_mcgrp.id, gfp);
8422 	return;
8423 
8424  nla_put_failure:
8425 	genlmsg_cancel(msg, hdr);
8426 	nlmsg_free(msg);
8427 }
8428 
8429 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
8430 				    struct ieee80211_channel *channel_before,
8431 				    struct ieee80211_channel *channel_after)
8432 {
8433 	struct sk_buff *msg;
8434 	void *hdr;
8435 	struct nlattr *nl_freq;
8436 
8437 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
8438 	if (!msg)
8439 		return;
8440 
8441 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
8442 	if (!hdr) {
8443 		nlmsg_free(msg);
8444 		return;
8445 	}
8446 
8447 	/*
8448 	 * Since we are applying the beacon hint to a wiphy we know its
8449 	 * wiphy_idx is valid
8450 	 */
8451 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
8452 		goto nla_put_failure;
8453 
8454 	/* Before */
8455 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
8456 	if (!nl_freq)
8457 		goto nla_put_failure;
8458 	if (nl80211_msg_put_channel(msg, channel_before))
8459 		goto nla_put_failure;
8460 	nla_nest_end(msg, nl_freq);
8461 
8462 	/* After */
8463 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
8464 	if (!nl_freq)
8465 		goto nla_put_failure;
8466 	if (nl80211_msg_put_channel(msg, channel_after))
8467 		goto nla_put_failure;
8468 	nla_nest_end(msg, nl_freq);
8469 
8470 	genlmsg_end(msg, hdr);
8471 
8472 	rcu_read_lock();
8473 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
8474 				GFP_ATOMIC);
8475 	rcu_read_unlock();
8476 
8477 	return;
8478 
8479 nla_put_failure:
8480 	genlmsg_cancel(msg, hdr);
8481 	nlmsg_free(msg);
8482 }
8483 
8484 static void nl80211_send_remain_on_chan_event(
8485 	int cmd, struct cfg80211_registered_device *rdev,
8486 	struct wireless_dev *wdev, u64 cookie,
8487 	struct ieee80211_channel *chan,
8488 	unsigned int duration, gfp_t gfp)
8489 {
8490 	struct sk_buff *msg;
8491 	void *hdr;
8492 
8493 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8494 	if (!msg)
8495 		return;
8496 
8497 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
8498 	if (!hdr) {
8499 		nlmsg_free(msg);
8500 		return;
8501 	}
8502 
8503 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8504 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
8505 					 wdev->netdev->ifindex)) ||
8506 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
8507 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
8508 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
8509 			NL80211_CHAN_NO_HT) ||
8510 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8511 		goto nla_put_failure;
8512 
8513 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
8514 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
8515 		goto nla_put_failure;
8516 
8517 	genlmsg_end(msg, hdr);
8518 
8519 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8520 				nl80211_mlme_mcgrp.id, gfp);
8521 	return;
8522 
8523  nla_put_failure:
8524 	genlmsg_cancel(msg, hdr);
8525 	nlmsg_free(msg);
8526 }
8527 
8528 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
8529 				    struct wireless_dev *wdev, u64 cookie,
8530 				    struct ieee80211_channel *chan,
8531 				    unsigned int duration, gfp_t gfp)
8532 {
8533 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
8534 					  rdev, wdev, cookie, chan,
8535 					  duration, gfp);
8536 }
8537 
8538 void nl80211_send_remain_on_channel_cancel(
8539 	struct cfg80211_registered_device *rdev,
8540 	struct wireless_dev *wdev,
8541 	u64 cookie, struct ieee80211_channel *chan, gfp_t gfp)
8542 {
8543 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
8544 					  rdev, wdev, cookie, chan, 0, gfp);
8545 }
8546 
8547 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
8548 			    struct net_device *dev, const u8 *mac_addr,
8549 			    struct station_info *sinfo, gfp_t gfp)
8550 {
8551 	struct sk_buff *msg;
8552 
8553 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8554 	if (!msg)
8555 		return;
8556 
8557 	if (nl80211_send_station(msg, 0, 0, 0,
8558 				 rdev, dev, mac_addr, sinfo) < 0) {
8559 		nlmsg_free(msg);
8560 		return;
8561 	}
8562 
8563 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8564 				nl80211_mlme_mcgrp.id, gfp);
8565 }
8566 
8567 void nl80211_send_sta_del_event(struct cfg80211_registered_device *rdev,
8568 				struct net_device *dev, const u8 *mac_addr,
8569 				gfp_t gfp)
8570 {
8571 	struct sk_buff *msg;
8572 	void *hdr;
8573 
8574 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8575 	if (!msg)
8576 		return;
8577 
8578 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
8579 	if (!hdr) {
8580 		nlmsg_free(msg);
8581 		return;
8582 	}
8583 
8584 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8585 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
8586 		goto nla_put_failure;
8587 
8588 	genlmsg_end(msg, hdr);
8589 
8590 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8591 				nl80211_mlme_mcgrp.id, gfp);
8592 	return;
8593 
8594  nla_put_failure:
8595 	genlmsg_cancel(msg, hdr);
8596 	nlmsg_free(msg);
8597 }
8598 
8599 void nl80211_send_conn_failed_event(struct cfg80211_registered_device *rdev,
8600 				    struct net_device *dev, const u8 *mac_addr,
8601 				    enum nl80211_connect_failed_reason reason,
8602 				    gfp_t gfp)
8603 {
8604 	struct sk_buff *msg;
8605 	void *hdr;
8606 
8607 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
8608 	if (!msg)
8609 		return;
8610 
8611 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
8612 	if (!hdr) {
8613 		nlmsg_free(msg);
8614 		return;
8615 	}
8616 
8617 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8618 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
8619 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
8620 		goto nla_put_failure;
8621 
8622 	genlmsg_end(msg, hdr);
8623 
8624 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8625 				nl80211_mlme_mcgrp.id, gfp);
8626 	return;
8627 
8628  nla_put_failure:
8629 	genlmsg_cancel(msg, hdr);
8630 	nlmsg_free(msg);
8631 }
8632 
8633 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
8634 				       const u8 *addr, gfp_t gfp)
8635 {
8636 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8637 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
8638 	struct sk_buff *msg;
8639 	void *hdr;
8640 	int err;
8641 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
8642 
8643 	if (!nlportid)
8644 		return false;
8645 
8646 	msg = nlmsg_new(100, gfp);
8647 	if (!msg)
8648 		return true;
8649 
8650 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
8651 	if (!hdr) {
8652 		nlmsg_free(msg);
8653 		return true;
8654 	}
8655 
8656 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8657 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
8658 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
8659 		goto nla_put_failure;
8660 
8661 	err = genlmsg_end(msg, hdr);
8662 	if (err < 0) {
8663 		nlmsg_free(msg);
8664 		return true;
8665 	}
8666 
8667 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
8668 	return true;
8669 
8670  nla_put_failure:
8671 	genlmsg_cancel(msg, hdr);
8672 	nlmsg_free(msg);
8673 	return true;
8674 }
8675 
8676 bool nl80211_unexpected_frame(struct net_device *dev, const u8 *addr, gfp_t gfp)
8677 {
8678 	return __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
8679 					  addr, gfp);
8680 }
8681 
8682 bool nl80211_unexpected_4addr_frame(struct net_device *dev,
8683 				    const u8 *addr, gfp_t gfp)
8684 {
8685 	return __nl80211_unexpected_frame(dev,
8686 					  NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
8687 					  addr, gfp);
8688 }
8689 
8690 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
8691 		      struct wireless_dev *wdev, u32 nlportid,
8692 		      int freq, int sig_dbm,
8693 		      const u8 *buf, size_t len, gfp_t gfp)
8694 {
8695 	struct net_device *netdev = wdev->netdev;
8696 	struct sk_buff *msg;
8697 	void *hdr;
8698 
8699 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8700 	if (!msg)
8701 		return -ENOMEM;
8702 
8703 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
8704 	if (!hdr) {
8705 		nlmsg_free(msg);
8706 		return -ENOMEM;
8707 	}
8708 
8709 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8710 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
8711 					netdev->ifindex)) ||
8712 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
8713 	    (sig_dbm &&
8714 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
8715 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
8716 		goto nla_put_failure;
8717 
8718 	genlmsg_end(msg, hdr);
8719 
8720 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
8721 
8722  nla_put_failure:
8723 	genlmsg_cancel(msg, hdr);
8724 	nlmsg_free(msg);
8725 	return -ENOBUFS;
8726 }
8727 
8728 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
8729 				 struct wireless_dev *wdev, u64 cookie,
8730 				 const u8 *buf, size_t len, bool ack,
8731 				 gfp_t gfp)
8732 {
8733 	struct net_device *netdev = wdev->netdev;
8734 	struct sk_buff *msg;
8735 	void *hdr;
8736 
8737 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8738 	if (!msg)
8739 		return;
8740 
8741 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
8742 	if (!hdr) {
8743 		nlmsg_free(msg);
8744 		return;
8745 	}
8746 
8747 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8748 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
8749 				   netdev->ifindex)) ||
8750 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
8751 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
8752 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
8753 		goto nla_put_failure;
8754 
8755 	genlmsg_end(msg, hdr);
8756 
8757 	genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
8758 	return;
8759 
8760  nla_put_failure:
8761 	genlmsg_cancel(msg, hdr);
8762 	nlmsg_free(msg);
8763 }
8764 
8765 void
8766 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
8767 			     struct net_device *netdev,
8768 			     enum nl80211_cqm_rssi_threshold_event rssi_event,
8769 			     gfp_t gfp)
8770 {
8771 	struct sk_buff *msg;
8772 	struct nlattr *pinfoattr;
8773 	void *hdr;
8774 
8775 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8776 	if (!msg)
8777 		return;
8778 
8779 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
8780 	if (!hdr) {
8781 		nlmsg_free(msg);
8782 		return;
8783 	}
8784 
8785 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8786 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
8787 		goto nla_put_failure;
8788 
8789 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
8790 	if (!pinfoattr)
8791 		goto nla_put_failure;
8792 
8793 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
8794 			rssi_event))
8795 		goto nla_put_failure;
8796 
8797 	nla_nest_end(msg, pinfoattr);
8798 
8799 	genlmsg_end(msg, hdr);
8800 
8801 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8802 				nl80211_mlme_mcgrp.id, gfp);
8803 	return;
8804 
8805  nla_put_failure:
8806 	genlmsg_cancel(msg, hdr);
8807 	nlmsg_free(msg);
8808 }
8809 
8810 void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
8811 			      struct net_device *netdev, const u8 *bssid,
8812 			      const u8 *replay_ctr, gfp_t gfp)
8813 {
8814 	struct sk_buff *msg;
8815 	struct nlattr *rekey_attr;
8816 	void *hdr;
8817 
8818 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8819 	if (!msg)
8820 		return;
8821 
8822 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
8823 	if (!hdr) {
8824 		nlmsg_free(msg);
8825 		return;
8826 	}
8827 
8828 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8829 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8830 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
8831 		goto nla_put_failure;
8832 
8833 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
8834 	if (!rekey_attr)
8835 		goto nla_put_failure;
8836 
8837 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
8838 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
8839 		goto nla_put_failure;
8840 
8841 	nla_nest_end(msg, rekey_attr);
8842 
8843 	genlmsg_end(msg, hdr);
8844 
8845 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8846 				nl80211_mlme_mcgrp.id, gfp);
8847 	return;
8848 
8849  nla_put_failure:
8850 	genlmsg_cancel(msg, hdr);
8851 	nlmsg_free(msg);
8852 }
8853 
8854 void nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
8855 				    struct net_device *netdev, int index,
8856 				    const u8 *bssid, bool preauth, gfp_t gfp)
8857 {
8858 	struct sk_buff *msg;
8859 	struct nlattr *attr;
8860 	void *hdr;
8861 
8862 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8863 	if (!msg)
8864 		return;
8865 
8866 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
8867 	if (!hdr) {
8868 		nlmsg_free(msg);
8869 		return;
8870 	}
8871 
8872 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8873 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
8874 		goto nla_put_failure;
8875 
8876 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
8877 	if (!attr)
8878 		goto nla_put_failure;
8879 
8880 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
8881 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
8882 	    (preauth &&
8883 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
8884 		goto nla_put_failure;
8885 
8886 	nla_nest_end(msg, attr);
8887 
8888 	genlmsg_end(msg, hdr);
8889 
8890 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8891 				nl80211_mlme_mcgrp.id, gfp);
8892 	return;
8893 
8894  nla_put_failure:
8895 	genlmsg_cancel(msg, hdr);
8896 	nlmsg_free(msg);
8897 }
8898 
8899 void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
8900 			      struct net_device *netdev,
8901 			      struct cfg80211_chan_def *chandef, gfp_t gfp)
8902 {
8903 	struct sk_buff *msg;
8904 	void *hdr;
8905 
8906 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8907 	if (!msg)
8908 		return;
8909 
8910 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
8911 	if (!hdr) {
8912 		nlmsg_free(msg);
8913 		return;
8914 	}
8915 
8916 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
8917 		goto nla_put_failure;
8918 
8919 	if (nl80211_send_chandef(msg, chandef))
8920 		goto nla_put_failure;
8921 
8922 	genlmsg_end(msg, hdr);
8923 
8924 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8925 				nl80211_mlme_mcgrp.id, gfp);
8926 	return;
8927 
8928  nla_put_failure:
8929 	genlmsg_cancel(msg, hdr);
8930 	nlmsg_free(msg);
8931 }
8932 
8933 void
8934 nl80211_send_cqm_txe_notify(struct cfg80211_registered_device *rdev,
8935 			    struct net_device *netdev, const u8 *peer,
8936 			    u32 num_packets, u32 rate, u32 intvl, gfp_t gfp)
8937 {
8938 	struct sk_buff *msg;
8939 	struct nlattr *pinfoattr;
8940 	void *hdr;
8941 
8942 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
8943 	if (!msg)
8944 		return;
8945 
8946 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
8947 	if (!hdr) {
8948 		nlmsg_free(msg);
8949 		return;
8950 	}
8951 
8952 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
8953 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
8954 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
8955 		goto nla_put_failure;
8956 
8957 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
8958 	if (!pinfoattr)
8959 		goto nla_put_failure;
8960 
8961 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
8962 		goto nla_put_failure;
8963 
8964 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
8965 		goto nla_put_failure;
8966 
8967 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
8968 		goto nla_put_failure;
8969 
8970 	nla_nest_end(msg, pinfoattr);
8971 
8972 	genlmsg_end(msg, hdr);
8973 
8974 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
8975 				nl80211_mlme_mcgrp.id, gfp);
8976 	return;
8977 
8978  nla_put_failure:
8979 	genlmsg_cancel(msg, hdr);
8980 	nlmsg_free(msg);
8981 }
8982 
8983 void
8984 nl80211_send_cqm_pktloss_notify(struct cfg80211_registered_device *rdev,
8985 				struct net_device *netdev, const u8 *peer,
8986 				u32 num_packets, gfp_t gfp)
8987 {
8988 	struct sk_buff *msg;
8989 	struct nlattr *pinfoattr;
8990 	void *hdr;
8991 
8992 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
8993 	if (!msg)
8994 		return;
8995 
8996 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
8997 	if (!hdr) {
8998 		nlmsg_free(msg);
8999 		return;
9000 	}
9001 
9002 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9003 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
9004 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
9005 		goto nla_put_failure;
9006 
9007 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
9008 	if (!pinfoattr)
9009 		goto nla_put_failure;
9010 
9011 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
9012 		goto nla_put_failure;
9013 
9014 	nla_nest_end(msg, pinfoattr);
9015 
9016 	genlmsg_end(msg, hdr);
9017 
9018 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9019 				nl80211_mlme_mcgrp.id, gfp);
9020 	return;
9021 
9022  nla_put_failure:
9023 	genlmsg_cancel(msg, hdr);
9024 	nlmsg_free(msg);
9025 }
9026 
9027 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
9028 			   u64 cookie, bool acked, gfp_t gfp)
9029 {
9030 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9031 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9032 	struct sk_buff *msg;
9033 	void *hdr;
9034 	int err;
9035 
9036 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
9037 
9038 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9039 
9040 	if (!msg)
9041 		return;
9042 
9043 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
9044 	if (!hdr) {
9045 		nlmsg_free(msg);
9046 		return;
9047 	}
9048 
9049 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9050 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9051 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9052 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
9053 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
9054 		goto nla_put_failure;
9055 
9056 	err = genlmsg_end(msg, hdr);
9057 	if (err < 0) {
9058 		nlmsg_free(msg);
9059 		return;
9060 	}
9061 
9062 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9063 				nl80211_mlme_mcgrp.id, gfp);
9064 	return;
9065 
9066  nla_put_failure:
9067 	genlmsg_cancel(msg, hdr);
9068 	nlmsg_free(msg);
9069 }
9070 EXPORT_SYMBOL(cfg80211_probe_status);
9071 
9072 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
9073 				 const u8 *frame, size_t len,
9074 				 int freq, int sig_dbm)
9075 {
9076 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9077 	struct sk_buff *msg;
9078 	void *hdr;
9079 	struct cfg80211_beacon_registration *reg;
9080 
9081 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
9082 
9083 	spin_lock_bh(&rdev->beacon_registrations_lock);
9084 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9085 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
9086 		if (!msg) {
9087 			spin_unlock_bh(&rdev->beacon_registrations_lock);
9088 			return;
9089 		}
9090 
9091 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
9092 		if (!hdr)
9093 			goto nla_put_failure;
9094 
9095 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9096 		    (freq &&
9097 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
9098 		    (sig_dbm &&
9099 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
9100 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
9101 			goto nla_put_failure;
9102 
9103 		genlmsg_end(msg, hdr);
9104 
9105 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
9106 	}
9107 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9108 	return;
9109 
9110  nla_put_failure:
9111 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9112 	if (hdr)
9113 		genlmsg_cancel(msg, hdr);
9114 	nlmsg_free(msg);
9115 }
9116 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
9117 
9118 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
9119 				enum nl80211_tdls_operation oper,
9120 				u16 reason_code, gfp_t gfp)
9121 {
9122 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9123 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
9124 	struct sk_buff *msg;
9125 	void *hdr;
9126 	int err;
9127 
9128 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
9129 					 reason_code);
9130 
9131 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
9132 	if (!msg)
9133 		return;
9134 
9135 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
9136 	if (!hdr) {
9137 		nlmsg_free(msg);
9138 		return;
9139 	}
9140 
9141 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
9142 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9143 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
9144 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
9145 	    (reason_code > 0 &&
9146 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
9147 		goto nla_put_failure;
9148 
9149 	err = genlmsg_end(msg, hdr);
9150 	if (err < 0) {
9151 		nlmsg_free(msg);
9152 		return;
9153 	}
9154 
9155 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
9156 				nl80211_mlme_mcgrp.id, gfp);
9157 	return;
9158 
9159  nla_put_failure:
9160 	genlmsg_cancel(msg, hdr);
9161 	nlmsg_free(msg);
9162 }
9163 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
9164 
9165 static int nl80211_netlink_notify(struct notifier_block * nb,
9166 				  unsigned long state,
9167 				  void *_notify)
9168 {
9169 	struct netlink_notify *notify = _notify;
9170 	struct cfg80211_registered_device *rdev;
9171 	struct wireless_dev *wdev;
9172 	struct cfg80211_beacon_registration *reg, *tmp;
9173 
9174 	if (state != NETLINK_URELEASE)
9175 		return NOTIFY_DONE;
9176 
9177 	rcu_read_lock();
9178 
9179 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
9180 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
9181 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
9182 
9183 		spin_lock_bh(&rdev->beacon_registrations_lock);
9184 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
9185 					 list) {
9186 			if (reg->nlportid == notify->portid) {
9187 				list_del(&reg->list);
9188 				kfree(reg);
9189 				break;
9190 			}
9191 		}
9192 		spin_unlock_bh(&rdev->beacon_registrations_lock);
9193 	}
9194 
9195 	rcu_read_unlock();
9196 
9197 	return NOTIFY_DONE;
9198 }
9199 
9200 static struct notifier_block nl80211_netlink_notifier = {
9201 	.notifier_call = nl80211_netlink_notify,
9202 };
9203 
9204 /* initialisation/exit functions */
9205 
9206 int nl80211_init(void)
9207 {
9208 	int err;
9209 
9210 	err = genl_register_family_with_ops(&nl80211_fam,
9211 		nl80211_ops, ARRAY_SIZE(nl80211_ops));
9212 	if (err)
9213 		return err;
9214 
9215 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
9216 	if (err)
9217 		goto err_out;
9218 
9219 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
9220 	if (err)
9221 		goto err_out;
9222 
9223 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
9224 	if (err)
9225 		goto err_out;
9226 
9227 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
9228 	if (err)
9229 		goto err_out;
9230 
9231 #ifdef CONFIG_NL80211_TESTMODE
9232 	err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
9233 	if (err)
9234 		goto err_out;
9235 #endif
9236 
9237 	err = netlink_register_notifier(&nl80211_netlink_notifier);
9238 	if (err)
9239 		goto err_out;
9240 
9241 	return 0;
9242  err_out:
9243 	genl_unregister_family(&nl80211_fam);
9244 	return err;
9245 }
9246 
9247 void nl80211_exit(void)
9248 {
9249 	netlink_unregister_notifier(&nl80211_netlink_notifier);
9250 	genl_unregister_family(&nl80211_fam);
9251 }
9252